What good may come out of the recent reorganization of the Department of Homeland Security is that cyber crime will be given a more prominent role in the department, in light with the importance and the vulnerability of the electronic infrastructure. It is good to see that finally a critical piece of modern society’s infrastructure is given due attention.

Additionally, the DHS’ National Cyber Security Division will be responsible for providing "timely, actionable, and valuable" threat information and leading the national response to cyber and telecommunications attack. Not sure how (if at all) this is different by US-CERT but more attention to the problems of cyber space probably would not hurt.

The nation’s critical infrastructures, including water, chemicals, transportation, energy, financial services, health care and others, rely significantly on computer networks to deliver the services that maintain our safety and national economy.

This seems to give another chance for foreign hackers to visit Gitmo - hack a NASA server and you will visit a warm Caribbean country with free airfare, lodging, and food.

[Via InternetNews.com -]

ISPs vs. Zombie PCs. Round X.

In the next few months, ISPs in the United States will begin receiving
reports on the zombies, or PCs open to control by hackers, that lurk on
their networks. The data will be sent out by the Federal Trade
Commission, which said in May that zombies have become such a serious problem that more industry action is required.

The Federal Trade Commission has called on ISPs to identify and take action against "zombie" computers on their networks. There are many proposals on how to deal with innocent users’ PCs that become zombies - from cutting their Internet access altogether, to distributing "good" worms to fix the problems, but the number of zombies does not seem to decrease.

[Via CNET News.com -]

Next time you order your annual free credit report online, check twice whom are you ordering from.

However, the online service has quickly fallen prey to [AnnualCreditReport.com] imposter sites,
which are designed to lure traffic from a legitimate Web site by
adopting a similar domain name. Imposters targeting the
AnnualCreditReport.com site now number 112, according World Privacy Forum.

While most of the "imposter" sites are only ad-link farms, some of them actually capture personal information.

[Via CNET News.com -]

A survey by the Computer Security Institute shows that although the losses by cyber crime are down, the frequency of the attacks has increased over the past year. The average dollar loss per incident in 2004 was $204,000 (a 61% drop from 2003.)

The breakdown of the losses, according to the survey is:

• viruses, $42.8M
• unauthorized access, $31.2M
• proprietary info theft, $30.9M
• denial of service, $7.3M
• insider ‘Net’ abuse, $6.9M
• laptop theft, $4.1M
• financial fraud, $2.6M
• misuse of public web application, $2.2M
• system penetration, $0.8M

[Via InternetNews.com -]

270,000 records of past applicants - breached at the University of Southern California.

The breach of the university’s online application database exposed
"dozens" of records, which included names and Social Security numbers,
to unauthorized individuals, said Katharine Harrington, USC dean of
admissions and financial aid.

So what is the true number? 20 or 270K? The difference is worth investigating what happened and exactly how many of these people had their information exposed. It is interesting also to note that if this was a university in another state, the breach may not have been announced at all. It is no surprise that most of the data breach announcements come from California, the only state with a strict requirement for institutions to report those affected when personal information has been stolen or accidentally released.

[Via ZDNet -]

Infected PC? Spyware slowing your PC to a halt? Just dump it then!

Tucker, an Internet industry executive who holds a doctoral degree in
computer science, decided that rather than take the time to remove the
offending software, he would spend $400 on a new machine.

How often do you find such disposable PC people around is not clear. Even with $400 in replacement hardware costs, I submit that the software/settings/documents replacement costs are much higher and should be factored in. According to the News.com article, the average amount people spent on commercial spyware-removal was $129.

[Via CNET News.com -]

Microsoft giveth, Microsoft taketh.

Microsoft may be looking to expand its AntiSpyware tool to detect the remote system monitoring tools known as "rootkits".

It is interesting how while Microsoft is trying to expand its anti-spyware software [arguably] in order to capture larget anti-spyware software market share, it is trying to acquire an [arguably] spyware-making company, Claria. So what will happen? People will trust Microsoft Anti-Spyware for all their protection needs, and Microsoft will open the door wide to Claria-written bugs and pop-up generators. Hopefully I am wrong.

[Via Techworld.com, UK -]

Words from a sorry hacker,

I was not doing anything - I wasn’t damaging anything, I
was just looking. I did not think about the legal side of things and
now I am facing the prospect of extreme violence in some US jail.

–Gary McKinnon, the British hacker facing an extradition hearing and possible 72 years in US jail has warned other hacking wannabees not to follow his
example of entering over 53 US military
computer systems. Full story by theregister.co.uk.

Do you want to be paid $24 a package just for receiving it and re-shipping it abroad? Many people, apparently, do, and some of them get into trouble. USA Today reports on how an international scheme uses Americans’ help to deliver goods to cyber criminals abroad.

The story describes how Karl, a 38-year old Californian, agreed to receive and re-ship packages to Russia and be paid $24 per package. Not long after he started receiving large sums of money into his bank account which he was to forward to Russis after taking "commission," or bank statements for other people started arriving at his home address. What Karl had become, in fact, was a "mule."

Karl and other ordinary citizens are being widely recruited by
international crime groups to serve as unwitting collaborators —
referred to as mules — in Internet scams to convert stolen personal and
financial data into tangible goods and cash. Cybercriminals order
merchandise online with stolen credit cards and ship the goods overseas
— before either the credit card owner or the online merchant catches
on. The goods then are typically sold on the black market.

[Via USA Today -]

The SenderID and SPF (Sender Permitted From) protocols have been used
by ISPs and e-mail gateways for almost a year in an effort to recognise
spam sent using a spoofed address. However, spammers have found ways to use this anti-spam tool in order to provide legitimacy to their batches of spam.

However, e-mail security specialist MX Logic reported on Tuesday that
it filtered a sample of nearly 18 million unique e-mail messages from
June 19 to June 25, and found that 9 percent were from domains with an
SPF record and only 0.14 percent contained a SenderID record. Of these
supposedly ‘legitimate’ messages, around 84 percent were spam.

[Via ZDNet.com.au, Australia -]

« Previous entries