Tag Archives: United States
Posted by peter on June 23, 2009 – 1:46 pm
The next time you have to take off your shoes and belt at an airport, keep in mind that things could be much worse. You might get detained and questioned for four hours, for example, which is something hacker-turned-security-consultant Kevin Mitnick recently experienced on a return trip from Colombia.
People and companies needn’t worry too much that Mitnick’s fallen back to the proverbial dark side; accusations weren’t really made, and charges were never brought. As told by Elinor Mills, his detainment instead seems like a cautionary tale about wrongful accusations and the defensive measures traveling computer owners should take.
Mills writes, “Agents from the Immigrations Customs Enforcement arrived to question him. They asked why he was in Atlanta and he told them; he was there to moderate a panel at a security conference sponsored by the American Society for Industrial Security. Asked for proof, he fired up a laptop to show them the itinerary in his e-mail. But when he clicked ‘yes’ to have Firefox clear his private data–an automatic response to a default setting–the agents snatched the laptop away from him, thinking he was deleting evidence.”
So be careful about every click and keystroke, for one thing. Otherwise, “To protect his privacy and that of his clients, Mitnick encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a ‘clone’ of his MacBook at home so he will have an exact duplicate of it if it is ever seized.”
Depending on what sort of stuff you keep on your computers – and whether or not laws about laptop searches are changed – these steps may be worth imitating. The average business traveler isn’t as likely to get stopped as Kevin Mitnick, of course, but the story seemed worth relating.
Posted by peter on June 18, 2009 – 9:40 pm
Filed under Security News
Tagged as attorney, autism, British government, Gary McKinnon, hacker, mental illness, NASA, U.S. military, UK High Court, United Kingdom, United States
Justices for the UK High Court have agreed to hear on July 14th an application for a judicial review of the extradition of British national Gary McKinnon, who has confessed to hacking the networks of the U.S. military and NASA, according to ZDNet UK.
Attorneys for McKinnon have been fighting his extradition to the U.S., saying that sending McKinnon to the U.S. to face trial could result in him committing suicide because of his mental illness.
McKinnon, the 42-year-old man who U.S. authorities say compromised the network security of the Army, Air Force, Navy and NASA and caused close to $1 million in damages, was diagnosed last August with Asperger's syndrome, a type of autism.
His attorney, family and supporters say he should be tried in the UK and contend his diagnosis was not properly considered by the former UK home secretary who ordered his extradition in October.
The National Autistic Society, a UK advocacy group, has petitioned the British government to keep McKinnon in the UK, based on his condition.
He could face up to 70 years in prison in the U.S. if found guilty. McKinnon reportedly said he was searching high-security networks for evidence of extraterrestrial life.
Posted by peter on June 16, 2009 – 7:53 pm
In spite of high profile examples of terminated employees using their IT access to steal from or sabotage their former employers, a new survey finds that more than one-third of companies take a week or longer to be "completely certain" that ex-workers no longer can access company systems.
Courion Corporation said its survey results revealed that 93 percent of organizations are confident that terminated employees pose no risk to their network security, even though many have limited or no knowledge of the systems to which their active and terminated employees have access.
Courion said companies show "unwarranted confidence" that their systems are secure from former employees gaining access through "zombie accounts."
The survey of 243 business managers from large enterprises with at least 10,000 employees also found that 30 percent of companies still manually provision user accounts, which Courion said increases the likelihood of human error or delays when de-provisioning departing workers.
This survey dovetails with another recent survey regarding the insider threat that shows an apparent lack of awareness on the part of companies about the severity of the threat from current and former employees.
A survey by Cyber-Ark found that 74 percent of IT administrators and staff in the U.S. and UK said they could get around security controls intended to prevent access to sensitive internal information.
Posted by peter on June 11, 2009 – 9:29 pm
A recent survey of IT security staff has found that 35 percent admit to having snooped on sensitive insider information such as HR records, customer databases and merger and acquisition plans, according to security vendor Cyber-Ark.
The survey of 400 IT administrators and staff in the U.S. and UK also found 74 percent who said they could get around security controls to prevent access to internal information and data theft. Asked what they would take if they were fired by their company, 47 percent said they would take M&A plans, as opposed to 7 percent who said so in the 2008 survey.
One in five companies in the survey admitted to cases of insider sabotage or IT security fraud, 36 percent of which said they suspect their competitors received sensitive information or intellectual property as a result.
According to a report from the Carnegie Mellon Computer Emergency Readiness Team (CERT), insider threats extend beyond the organization itself - half of insiders who stole or modified information for financial gain were recruited by outsiders, including by business partners or organizations looking to acquire the insider's company.
The 2007 E-Crime Watch Survey conducted by the U.S. Secret Service and the CERT Coordination Center found that, in cases where respondents could identify the perpetrator of an electronic crime, 31 percent were committed by insiders.
Posted by peter on June 10, 2009 – 9:34 pm
Filed under Security News
Tagged as 3FN, botnet, Federal Trade Commission, ISP, Matt Sergeant, MessageLabs, Pricewert, Pushdo, Rustock, SearchSecurity, United States
Security vendors are reporting a drop in spam since a federal court ordered the shutdown of alleged rogue ISP Pricewert, also known as 3FN. The Federal Trade Commission said the company hosted command-and-control servers for a number of spam-producing botnets.
One security vendor said the shutdown of 3FN has coincided with a 15 percent drop in all spam, mainly from the Pushdo botnet. Another botnet, Mega-D, has fallen off since the shutdown was ordered on June 4th, although the biggest botnet - Rustock - was unaffected.
Botnets, collections of compromised computers, can be controlled remotely by hackers known as bot herders to send out spam, including phishing attacks and viruses in email attachments.
"Today, spam from Pushdo is still coming in to our spam traps, but at a much reduced rate," anti spam vendor Marshall8e6 said on its blog Monday.
Pushdo, also known as Cutwail, was responsible for about 35 percent of global spam in May, according to an intelligence report from MessageLabs.
Although it represents the biggest blow to spammers since the shutdown of the McColo server in November, security experts said the spammers would soon recover by moving to servers outside the U.S.
"What happens is you take out one of the big boys and somebody will take over those customers and start spamming for them," said Matt Sergeant of MessageLabs, according to SearchSecurity.com.
Posted by peter on June 10, 2009 – 8:49 pm
Filed under Security News
Tagged as .mil, Air Force, Army, Asperger's syndrome, attorney, autism, British government, Gary McKinnon, home secretary, National Aeronautics and Space Administration, National Autistic Society, prison, U.S. military, UK High Court, United Kingdom, United States, USD, Washington D.C.
An attorney for a British man indicted for hacking into the U.S. military's computer networks in 2002 told the UK High Court that extradition to the U.S. could result in psychosis and suicide because of his mental illness.
Gary McKinnon, the 42-year-old man U.S. authorities say broke into the networks of the Army, Air Force, Navy, NASA and other sensitive computers, was diagnosed last August with Asperger's syndrome, a type of autism. His attorney, family and supporters say he should be tried in the UK.
The National Autistic Society, a UK advocacy group, has petitioned the British government to keep McKinnon in the UK, based on his condition.
The group says his late diagnosis meant his mental condition - which can cause obsessive behaviors - was not considered in legal proceedings prior to last August. His extradition was ordered in October by the British home secretary.
The indictment alleges that McKinnon scanned a large number of computers in the .mil network to access computers and obtain administrative privileges.
The indictment said McKinnon caused a network in the Washington D.C. area to shut down for three days and caused close to $1 million in damages. He could face up to 70 years in prison in the U.S.
Posted by peter on June 8, 2009 – 9:24 pm
Filed under Security News
Tagged as Aleksey Volynskiy, Alexander Bobnev, Alexey Mineev, bank, Charles Schwab, co-conspirator, horse software, IDG News Service, law enforcement, remittance services, Russia, United States, USD
Alexey Mineev, 23, has pleaded guilty to charges of money laundering in connection with a scheme to steal funds from hacked brokerage accounts.
Prosecutors said Mineev would receive fund transfers from hacked accounts in bank "drop accounts" he had set up. He would then wire the funds to co-conspirators in Russia using remittance services.
The scheme involved infecting brokers' PCs with Trojan horse software that would steal account numbers and passwords from the brokers when they logged in over the internet.
Alexander Bobnev, a co-conspirator in the identity theft fraud, allegedly used the stolen passwords to access accounts to sell securities and then transfer funds to drop accounts set up by Mineev. Mineev would then wire the stolen funds to Russia.
Bobnev is believed to be in Russia and out of reach of U.S. law enforcement, according to IDG News Service.
Investigators used an unnamed informant to catch Bobnev and another man charged in the scheme, Aleksey Volynskiy, in the act. The informant set up an account under investigators' control to which Bobnev wired funds stolen from two Charles Schwab brokerage accounts in July 2007.
Mineev agreed in his plea arrangement to return $112,000 he made as part of the fraud, IDG News reported.
Posted by peter on June 1, 2009 – 10:37 pm
As spam volumes reached new highs in the first quarter of the year, web security researchers identified spam messages "branded" so as to appear to be coming from legitimate websites, image spam and headline spam as major trends to watch out for.
The June spam report released today by web security vendor McAfee traces the rise and fall of spam levels and trends through the first 100 days of the Obama presidency.
But the report identifies spam related to current events as having a bigger impact due to users' curiosity about the news. Spammers hopped on major stories like the swine flu outbreak to get more successful hits on their websites selling the usual pharmaceutical products.
Image spam is likely to drop off because images increase file size and slow down spambots from sending out large quantities.
However, branding spam messages to spoof legitimate websites is a successful spam strategy, the report said, because it can be very cheap and the hits per email delivered rises.
"President Obama’s administration is the first one in U.S. history that will have to seriously tackle the issues created by an interconnected world," the report said. "It will be interesting to follow his proposed policies to see if they have any more impact than those of previous governments."
Posted by peter on May 30, 2009 – 3:32 am
Filed under Security News
Tagged as Google, McAlister Ammunition Plant, McAlister plant, Microsoft, Oklahoma, SQL, SQL Server, U.S. Army Corps of Engineers' Transatlantic Center, U.S. Department of Defense, United Nations, United States, United States Army, Virginia, www.m0sted.net, Yahoo
Turkish hackers calling themselves m0sted were able to break into a U.S. Army server in January and previously hacked a server for the Army Corps of Engineers, according to InformationWeek.
Hackers used an SQL injection attack to exploit a security vulnerability in Microsoft's SQL Server database, according to officials cited in the report.
The hacked servers were at the McAlister Ammunition Plant in Oklahoma and the U.S. Army Corps of Engineers' Transatlantic Center in Virginia.
Visitors to the McAlister plant's website on January 26th were redirected to a website containing messages protesting climate change. In September 2007, a similar attack on the Army Corps of Engineers redirected visitors to www.m0sted.net, which contained anti-American and anti-Israeli messages and images, InformationWeek reported.
The U.S. Department of Defense, which has reportedly been considering implementing a cybercommand to coordinate IT security and cyberwarfare, subpoenaed records from Google, Microsoft and Yahoo to track the identities of the hackers.
In August 2007, m0sted hacked a United Nations website to post a message that said "Hacked By Kerem125 m0sted and Gsy," according to reports. "That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war."
Posted by peter on May 27, 2009 – 9:22 pm
Spammers have learned some creative new techniques for cracking spam filters and spam levels rose to more than 90 percent in May, according to a new report from IT security firm Symantec.
The report cites a rise in spam coming from social networking accounts that seem to have been created using random names and automated CAPTCHA-cracking programs.
These accounts are sending spam emails from major webmail hosting providers such as Google's Gmail, which allows the spam to sneak through spam filters that are set up to detect spoofed email headers.
Spam also follows a daily pattern that appears to be tailored to the time of day when recipients in different locations would be most likely to view it, although spammers are most active during the U.S. working day.
In the U.S., most spam activity occurs between 9 a.m. and 10 a.m., when U.S. workers are likely to be logging on to start the day. This makes sense because data show that the most active spammers are based in the U.S., the report said.
The majority (around 58 percent) of spam was sent from known botnets. Donbot is currently the most active botnet, responsible for around 18.2 percent of all spam, followed by Rustock (16.1 percent). Xarvester was responsible for 1.9 percent of spam.