 |
Monday, November 25, 2002 |
Federal prosecutors have arrested and charged a credit bureau helpdesk worker and two accomplices who allegedly stole more than 15,000 credit reports and sold them to other crooks for $60 a pop. Michelle Delio reports from New York. [Wired News]
21:40
#
G!
| |
|
by Fox-IT
What are the trends in forensic IT reseach?
Which tools are used?
What are the objectives of a forensic IT investigation?
These questions are answered in this small survey. The goal was to find out if other forensic IT investigators worldwide saw the same increase in the number of forensic IT researches and used the same tools.
A total of 102 people took part in this survey about forensic IT investigation.
Download the paper in PDF format here.
[Help Net Security]
Interesting findings: Most full-time forensic investigators are found in government. Favorite sources of information is sniffing network traffic and examining PDAs.
Reasons for doing an investigation: hacked system, p0rn, fraud investigation, information theft, virus, harassment.
The commonly accepted trouth that most cybercrime gets unreported seems to be proofen once more:
"On most of the investigations no follow-up
action is taken. More than half of the
investigations do not lead to a trial or law suit.
Just 24 percent of the investigations leads to
civil law suit and just 23 percent to a criminal
law suit."
20:02
#
G!
| |
|
Im Internet nannte sich der Mann aus Münster "Principal". In der virtuellen Welt war er Gründer und Chef des "Round Table". Dessen 31 Mitglieder kamen regelmäßig zusammen, um Foto- und Videodateien auszutauschen, Dateien, auf denen sexuelle Gewalthandlungen an Kindern und Jugendlichen gezeigt werden. Rund 1.000 Fotos und 190 Videosequenzen hatte alleine der "Principal" in seiner Wohnung, als die Polizei ihn im November 2001 festnahm. Seit zwei Wochen muss sich der 41 Jahre alte Mann vor dem Landgericht Münster wegen der Verbreitung pornografischer Schriften verantworten.
In Deutschland hat es laut Staatsanwaltschaft Münster bisher kaum vergleichbare Fälle von Kinderpornografie im Internet gegeben. Ein Computer-Spezialist des Bundeskriminalamts (BKA) trat am Montag in dem Prozess als Zeuge auf. Er bezeichnete die bei dem Angeklagten gefundene Stückzahl kinderpornografischen Materials als "unglaublich hoch". Die Dateien zeigten gravierende Fälle sexuellen Missbrauchs.
Auf die Spur des international agierenden Kinderporno-Ringes war das BKA durch den Tipp eines österreichischen Journalisten gekommen, der seit Jahren auf diesem Gebiet recherchiert hatte. Die wahre Identität von "Principal" habe erst im Verlauf der Ermittlungen festgestellt werden können, sagte der BKA-Experte am zweiten Verhandlungstag vor der 1. Großen Strafkammer. "Der Angeklagte hat sein hohes technisches Wissen genutzt, um seine Spuren zu verwischen."
Als die Beamten des BKA und der Polizei Münster im November 2001 mit einem Durchsuchungsbefehl vor der Wohnungstür des Verdächtigen standen, lud dieser gerade eine Videodatei von einem Mitglied des "Round Table" aus Spanien auf seinen Computer. Anhand des sichergestellten Beweismaterials konnten in den folgenden Wochen die Aufenthaltsorte der übrigen Mitglieder des Kinderporno-Ringes ermittelt werden. Im März dieses Jahres wurden ihre Wohnungen in elf Staaten in einer vom BKA koordinierten Aktion durchsucht.
Gegen alle Verdächtigen wurden nach Aussage des BKA-Beamten Strafverfahren eingeleitet. Drei von ihnen, darunter ein Deutscher aus Hamburg, hätten sich daraufhin das Leben genommen. Ein Amerikaner sei in den USA zu 130 Jahren Haft verurteilt worden. Er soll für die Herstellung von Videos seine Tochter missbraucht haben.
Der Angeklagte in dem Prozess vor dem Landgericht ist weitgehend geständig. Er war bereits 1999 wegen der Verbreitung pornografischer Schriften zu sechs Monaten Haft verurteilt worden, verstärkte aber nach Verbüßung der Strafe seine kriminellen Aktivitäten. Das Urteil wird für den 4. Dezember erwartet. [heise]
19:44
#
G!
| |
|
By John Leyden
A spate of emails inviting eBay customers to divulge usernames and passwords to a scam site reached epidemic proportions last week.
The emails invited the foolhardy to hand over confidential details to a site called change-eBay.com, Needless to say, this has no affiliation with the online auction site. change-eBay.com was acquired using a stolen credit card and has since been closed CNET reports.
In the scam, users are told that their file has been tampered with and are directed to the fraudulent site to "update your eBay billing file". It's unclear how many people were taken in.
change-eBay.com is the latest in a long line of similar (relatively unsophisticated) scams, which have also targeted PayPal (now part of eBay) and Hotmail users. It's unlikely to be the last although judging from our own emails and those sent in by readers it is one of the most prolific.
So, for the avoidance of any doubt: NEVER respond to emails requests for your credit card information or password. [The Register]
19:00
#
G!
| |
|
A genuine cyber murder may never happen outside the pages of tabloid newspapers and Tom Clancy novels, but defense attorneys say that won't keep federal prosecutors from getting some mileage out of a provision in the newly-passed Homeland Security bill that dictates a maximum sentence of life imprisonment without parole for computer hackers with homicide in their hearts.
One of many information security and cybercrime measures in the 484-page bill - which won final approval in the Senate Tuesday - the life sentence is reserved for those who deliberately transmit a program, information, code, or command that impairs the performance of a computer or modifies its data without authorization, "if the offender knowingly or recklessly causes or attempts to cause death".
If the attacker only causes or attempts to cause bodily injury through hacking, the crime carries a 20-year sentence.
While it sounds straightforward enough, defense attorneys who've worked on significant hacking cases worry that many aspects of computer crime law remain too unclear to provide a sound anchor for as weighty a sentence as life imprisonment, and they say the new provisions add more confusion to a still-evolving area of law.
"You can drive a truck through the ambiguities in that language," says Donald Randolph, the Los Angeles criminal defense attorney who represented hacker Kevin Mitnick. "It's a daunting prospect to address this when you have words like 'attempts to cause' and 'recklessly.' I could see prosecutors arguing that the term 'reckless' defines every instance of hacking."
"While it's completely understandable that society would want to impose a life sentence for any kind of murder... what we've done is attached that idea to the underlying vagueness of the anti-hacking law, and there are a lot of things that are not clear in the law and not clear in the statute," says Jennifer Granick, director of Stanford Law School's Center for Internet and Society, and defense attorney in several federal hacker cases. "Technology is progressing so rapidly... to attach a life sentence to an area of the law that is still in the earliest stages of the development is dangerous."
Plea Bargains
Notwithstanding apocryphal reports of hackers changing blood types at a New York hospital, or a twelve-year-old boy coming within keystrokes of opening the floodgates at an Arizona dam, no cases of attempted cyber murder or cyber terrorism have been reliably reported. But the defense lawyers believe that the new law -- or the threat of it -- will play a significant role in conventional, non-lethal, hacker cases.
"I'll be used to get guilty pleas," says Granick. "People will be afraid that they're going to get the life sentence so they'll take a deal for less than life, and give up their right to appeal and to test the law."
Other legal experts disagree. "I doubt it," says Orin Kerr, a cyber law professor at George Washington University Law School, and a former attorney with the Justice Department's computer crime section. Kerr believes prosecutors won't use the attempted murder language to squeeze guilty pleas out of hackers, and says the new provision will most likely gather dust -- an unused and overlooked curiosity in the law books.
"The practical effect of this is almost none," says Kerr. "It's probably mostly symbolic -- perhaps useful in a case of a terrorist act of computer hacking designed to cause a lot of deaths, in which case it would give the federal government jurisdiction."
"Forgive me for being pessimistic after 28 years as a criminal defense attorney... but I would say it will absolutely, positively be used to compel plea bargains," counters Randolph. "That's the name of the game in 90% of the prosecutions I'm involved in."
[The Register - Security]
18:32
#
G!
| |
In dunklen Zeiten wie diesen lohnt sich vielleicht ein Blick auf radikalere Formen der Einflußnahme auf öffentliche Meinungsbildung: Urban Hacking wird von den einen als Netz-Guerilla idealisiert, von anderen als Hacktivismus belächelt. [c4 Headlines]
16:07
#
G!
Translate
| |
|
The Cabinet Office has suffered almost 6,000 cyber attacks this year with more than 1,000 incidents occurring in October alone.
Cabinet Office minister Douglas Alexander revealed the scale of the attacks in a parliamentary written answer.
With the government stepping up preparations for a war with Iraq, Brian White, MP for Milton Keynes and a former IT professional, asked a series of parliamentary questions to ascertain government department's response to the threat of cyber terrorism.
While the Cabinet Office fought off 5,857 cyber attacks this year, the Foreign Office told White it had not been subject to a single attack.
"I was surprised that they were not on a par with some other departments," said White. "There is a possibility that they are not necessarily the most open department."
IT security consultants Mi2G said: "It is highly unlikely that attacks were not even attempted on the Foreign Office. At the very least the Foreign Office's Internet facing computers would have been probed or scanned for potential attack as this is a commonplace occurrence."
Peter Sommer, senior research fellow at the Computer Security Research Centre at the London School of Economics, said: "Most attacks people talk about are from the Internet and much will depend on the extent departments are connected.
"If you put up Web sites, people will throw probes at them but there is a difference between leaning against a front door and stamping all over the inside of a computer."
A Foreign Office spokesman insisted that the department was not trying to hide the number of attacks it had faced. "The reason why we have no record of digital attacks is probably because the term digital attacks can be defined in many ways. It is not secrecy," he said.
The Foreign Office is now upgrading its systems and intends to carry out a full penetration test in 2003.
White said that overall he was "reassured" that government departments are reviewing the security of their communication and information systems, but believes more can be done.
"Policies on security need to be constantly reviewed and monitored. Re-looking at security can't be done too often. What each department could do is collate statistics about attacks and publish them on a quarterly or bi-annual basis."
CW360.com Nov 25 2002 8:34AM ET [moreover Computersecurity]
16:07
#
G!
| |
|
Your home computer is a pretty dumb device that usually does what it is told. But with the right help this mute machine can become disturbingly "talkative".
So-called "parasite programs" are logging what you do online and, like a nest of busy gossips, sharing the information with anyone who will pay to listen.
Not all spies are so obvious
As concern mounts over these sneaky tactics, privacy experts, cyber watchdogs and many concerned net users have started to compile lists of these programs.
Most parasite programs divide into two categories:
&149; "adware" - programs on your computer that fling pop-up ads at you, install toolbars full of adverts or hijack searches and web use; and
&149; "spyware" - more underhand, these devices surreptitiously watch what you do, steal personal information and despatch it across the web.
What they have in common, is that they quietly download onto your computer while you are online.
Sometimes they come attached to software you download from the web - the details are often included in the license agreement small print that most users click through without reading.
And sometimes they don't even need your permission to download, but just hop on your hard drive, totally unannounced, because you are browsing the wrong webpage.
[BBC News Online]
15:48
#
G!
| |
|
More information on the US DoJ's rush to use its new wiretapping powers, as granted by last week's FISA review court decision .
Justice Department officials, emboldened by last week's decision, say they are moving quickly to allow prosecutors and intelligence agents to share information routinely to avoid missteps.
"We're working very quickly, and we want to get as much help out to the field as possible," said a senior Justice Department official who spoke... [zem]
12:20
#
G!
| |
|
The growth of the spam problem in 2002 has been exponential, writes Kevin Murphy. Companies that sell spam filtering software say currently the percentage of email that is spam could be 20%, 33%, or even up to 50%, compared to less than 10% a year ago.
While the rise in spam is easy to notice, it is hard to quantify. Spam is by definition "unsolicited commercial email", and often spamees cannot remember signing up to have their email addresses added to lists, or were not aware they were doing so.
BrightMail Inc, the market leader in anti-spam services, says emails sent to its honey-pot email addresses are by definition unsolicited, and that it has seen spam on its customers' networks increase from 8% of mail to 41% of mail in the last 14 months.
Wasting time deleting UCE can be a productivity concern for enterprises. A survey by SurfControl Plc said 25% of enterprise email is spam and that each message costs up to a dollar. CloudMark Inc said 10 spams per day could cost a company $86 per employee per year.
Even if getting spam was free, there's a general consensus it's still annoying enough to want to filter. But why has it become so much of a problem this year? We asked executives from companies that provide anti-spam software and services to explain.
"Now anyone can do it," said Pavni Divanji, CEO of MailFrontier Inc. "The process is so streamlined. You can buy a CD of email addresses, buy mailing software, find an open relay and start doing it. People think it's easy and that they can make a few dollars off it."
The economics of spam are attractive for both the spammers and the companies that pay them to spam, particularly given the macro economy in the US. Email marketing has low response rates, typically less than half a percent, but is very, very cheap.
Growing numbers of e-businesses can't blow $50m of IPO money on TV and direct mail campaigns any more, and all the people they laid off into a depressed job market are looking for new sources of income.
Enrique Salem, CEO of BrightMail, said he talked to a spammer last week who was paid $1,500 to send one million spams. Even with a response rate of just one tenth of a percent, that's 1,000 likely customers reached for $1.50 a head. For the spammer, the cost was negligible.
"A lot of the Chinese, Korean and Latin American spam originates in the US ... People are looking at alternate ways to make money. It's a way to augment their income," said Salem. "Companies are looking at alternative ways to market and reach customers."
It's also exceptionally easy to get started as a spammer. CDs of 150 million email addresses can be bought for as little as $100 online. Web sites maintain lists of open email relays, many in Asia, which can be used to push mail through.
"The social stigma has gone," said MailFrontier's Divanji. "People don't think twice about doing it."
This point is debatable. While spammers think as long as no laws are broken they are not doing anything wrong, recent published interviews with spammers tell stories of harassment from irate spamees, both online and off.
But, just as finding people who respond to spam is a numbers game, finding people who have no ethical qualms with eating the bandwidth of millions of people and giving them headaches every morning should be easy.
"If this trend continues unchecked, it's going to make email unusable," said Salem.
[The Register]
11:43
#
G!
| |
|
Berlin police ("men in black berets and heavy boots") have been raiding internet cafes, confiscating computers and revoking licenses for failing to prevent customers from accessing banned content like pornography, violent games , and Nazi imagery. Presumably the armbands on the jackbooted thugs conducting the raids are exempt.
"Hands off the keyboards," an officer shouts. And then his men fan out to check what websites the customers have been surfing.
The scene is... [zem]
... seufz ...
11:38
#
G!
| |
|
The Australian Justice Minister and Federal Police Commissioner are attempting to claim "public interest immunity" in order to avoid answering questions about the alleged use of tracking and listening devices on boats used by illegal immigrants. Via sievx.com , which has more detail but no permalinks.
The Labor Party claims to have information about tracking and possibly listening devices, installed on boats either preparing to leave Indonesia or after they had been... [zem]
10:58
#
G!
| |
This news article summarizes the current situation for the entertainment industry and peer-to-peer file swapping services. On Monday a US federal court judge is going to determine whether on not the off-shore company Shaman Networks, the owner of Kazaa, can be sued. The author notes that Congressmen Hollings' and Berman's recent proposals to address the issue have not been popular in Washington and the how the long-running and unresolved nature of the debate ensures controversy. Here is another story covering Kazaa's legal obstacles. Meanwhile as Vivendi releases a stack of music online, for one US $ per download, other file sharing networks such as Freenet, grow to the point where developers encourage the general public to download and try their software and the Open Directory Project lists links for at least 200 clients for anyone with internet to download and use. Peer-to-peer supercomputing projects and network storage breakthroughs and convergence developments such as Colligo or Mobilefile which easily allow for file transfers between different types of mobile and wireless hardware continue to innovate the peer-to-peer arena. [infoAnarchy]
4:18
#
G!
| |
The next CodeCon conference will be held on February 22-24 in San Francisco. The organizers have issued a call for papers -- interested hackers should email their proposals, especially in the following areas: development tools - languages, debuggers, version control file sharing systems - swarming distribution, distributed search community-based web sites - forums, weblogs, personals security products - mail encryption, intrusion detection, firewalls The deadline for submissions is December 15. See also our previous CodeCon coverage. [infoAnarchy]
4:18
#
G!
| |
|
Academy seizes computers from nearly 100 mids
By JESSICA R. TOWHEY, Staff Writer
Officials at the Naval Academy have seized nearly 100 midshipmen's
computers that allegedly contained illegally downloaded music and
movies, sources said.
The raid occurred Thursday while students were in class, and a source
familiar with the investigation said the computers were being held by
the administration.
Cmdr. Bill Spann, academy spokesman, confirmed that an investigation
into what material is on the computers is under way, but declined
further comment.
He did say punishment for illegally possessing copyrighted material
ranges from a court-martial to loss of leave and other restrictions.
Computers are given to each midshipman upon entering the academy. During
their four years at the school, mids pay back the value of the computers
through deductions from their monthly paychecks.
Amanda Collins, a spokesman for the Recording Industry Association of
America, said yesterday that the Naval Academy was among the colleges
and universities around the country that were sent two letters from
entertainment industry and educational associations asking them to
address Internet piracy and establish policies against it.
[Politech]
3:17
#
G!
| |
It's official: using browsing the web while blocking pop-up ads and other such exciting website enhancements is theft. Anti-leech.com are offering to protect your site from browsers blocking pop-ups (or 'theft tools' as they call them). [Slashdot: Your Rights Online]
2:16
#
G!
| |
|
Studie - Wie der Focus in einer Vorabmeldung berichtet, verbessern Notebooks und Laptops die Schülerleistungen... [newsBYTE.ch]
jaja, ... vermutlich verbessert auch ein Zweitwagen der Eltern die Schulleistungen.
2:16
#
G!
| |
(BBC)
A man who made thousands of child porn images and movies of children as young as six-months-old has been jailed for a year. Philip Fernandez, 29, from Harrow in north-west London, was arrested after police officers raided his home, seizing computer equipment, videos and children's underwear from his bedroom. [Quick Links Computercrime/Cybercrime]
2:13
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
