For the second time in four months, Monster.com’s website has been victimized by hackers. The latest attack, believed caused by an IFRAME injection vulnerability, forced the jobs website to take part of its web presence offline Monday. The outage impacted much of the Monster Company Boulevard, where job hunters search for positions by company. Businesses involved in the attack include Eddie Bauer, GMAC Mortgage, Best Buy, Toyota Financial Services, and Tri Counties Bank, said Roger Thompson, chief technology officer at Exploit Prevention Labs, one of the early detectors of the attack.
Monster was hit by an IFRAME that linked out to a site that was throwing exploits at users, Thompson told SCMagazineUS.com. The attack, which likely took advantage of a cross-site scripting vulnerability, likely was created using Neosploit, a hacking toolkit similar to Mpack.
“It’s not clear exactly what exploits these are yet, because they infect the user’s PC wrapped inside a new form of encryption that we haven’t been able to see inside yet,” Thompson said.
Windows users whose PCs are patched as of April 2007 are safe from the exploit, he said.
“[It] probably caught corporate users more than anyone,” he added. “Corporate users tend not to patch as readily, while consumers tend to turn on auto patching.”
It is unclear who perpetrated the attack, but the Russian Business Network – an internet service provider said to offer “bulletproof” web hosting, often allegedly to criminal groups – is a prime suspect.
Monster, in a statement, said it did not believe the malicious code attack affected many users.
“The malware was designed to make computers running it part of a spamming network,” the statement said. “The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned.”
Monster also made news in August, when it said that hackers had penetrated its database and stolen personal information of job hunters. They then used that information to send targeted emails with fraudulent job postings, or attempted to deceive recipients into downloading malicious software.
Friday, January 4, 2008
Hacker created 250,000-strong botnet army
A hacker faces 60 years in prison and a $1.75m fine after pleading guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. John Schiefer, 26, admitted that he and some associates developed malware that allowed them to create botnet armies of as many as 250,000 computers. Schiefer was able to collect information sent from the infected computers, including usernames and passwords for Paypal accounts. He and his associates were then able to make purchases using the Paypal accounts. They also shared the password information with others.
This is the first prosecution of a hacker for this type of activity, according to the US Attorney’s Office for the Central District of California. The Federal Bureau of Investigation pursued the case.
Schiefer says he also found Paypal usernames and passwords using malware that could access usernames filed in a secure storage area on the computers. The malware would send that information to Schiefer, who used it to access the accounts.
Schiefer also acknowledged fraudulently earning more than $19,000 from a Dutch internet advertising agency that hired him as a consultant. He was supposed to install the company’s programs on computers after receiving consent from computer owners. Instead, he and his associates installed it on 150,000 computers that were infected with his malware.
Schiefer is scheduled to appear in the US District Court in Los Angeles on November 28 and be arraigned on December 3.
This is the first prosecution of a hacker for this type of activity, according to the US Attorney’s Office for the Central District of California. The Federal Bureau of Investigation pursued the case.
Schiefer says he also found Paypal usernames and passwords using malware that could access usernames filed in a secure storage area on the computers. The malware would send that information to Schiefer, who used it to access the accounts.
Schiefer also acknowledged fraudulently earning more than $19,000 from a Dutch internet advertising agency that hired him as a consultant. He was supposed to install the company’s programs on computers after receiving consent from computer owners. Instead, he and his associates installed it on 150,000 computers that were infected with his malware.
Schiefer is scheduled to appear in the US District Court in Los Angeles on November 28 and be arraigned on December 3.
US Security: NSA Hacks. DHS Spams!
Recent reports point out that the United States National Security Agency will get back at any hacker trying to mess up their systems. Also, it is a known fact that they hack their way into different communication networks to wiretap – they’re just monitoring any possible terrorist conversation. Now, these are just security measures, and though the second is violating privacy, they can’t be called something bad.
However, things are different when it comes to the Department of Homeland Security. The people in their IT department seem to be lacking some skill. As the Register informs, a botched up attempt for one subscriber to change the e-mail address that he was using to receive messages caused a storm in the DHS mailing list, yesterday.
What happened is that instead of sending the message just to the administrators, he clicked on the wrong button. Unfortunately, that button was labeled “reply to all”, and as you’ve probably figured out by now, all the people subscribed to that particular report got his request. A lot of messages continued afterwards, all being sent to the full list of subscribers via what was supposed to be a DHS report service.
Is it normal for people in charge of a country’s security to be this sloppy? A moderated mailing system would have made such a mess virtually impossible, but it seems that they never cared about this. Users that don’t care about security are something we’ve all gotten used to, but to see that even such a great organization doesn’t give a damn about their mailing system is somewhat disturbing.
This also led to the disclosure of the e-mail addresses of the members in the list, as the Register pointed out. I doubt that anyone with malicious intentions was amongst those people, but one could have exploited this in a malicious way. Some problems pop up, just because small matters are not taken into consideration!
However, things are different when it comes to the Department of Homeland Security. The people in their IT department seem to be lacking some skill. As the Register informs, a botched up attempt for one subscriber to change the e-mail address that he was using to receive messages caused a storm in the DHS mailing list, yesterday.
What happened is that instead of sending the message just to the administrators, he clicked on the wrong button. Unfortunately, that button was labeled “reply to all”, and as you’ve probably figured out by now, all the people subscribed to that particular report got his request. A lot of messages continued afterwards, all being sent to the full list of subscribers via what was supposed to be a DHS report service.
Is it normal for people in charge of a country’s security to be this sloppy? A moderated mailing system would have made such a mess virtually impossible, but it seems that they never cared about this. Users that don’t care about security are something we’ve all gotten used to, but to see that even such a great organization doesn’t give a damn about their mailing system is somewhat disturbing.
This also led to the disclosure of the e-mail addresses of the members in the list, as the Register pointed out. I doubt that anyone with malicious intentions was amongst those people, but one could have exploited this in a malicious way. Some problems pop up, just because small matters are not taken into consideration!
Chilean presidency Web page hacked.......!
SANTIAGO, Chile (AP) A hacker broke into the Web page of Chile’s presidency and planted the flag of neighboring Peru, leaving the site inoperable for about 18 hours until it was restored Monday. The intruder left a message - “Long live Peru,” followed by an expletive - as well as the flag around midday Sunday. Officials took the site down a few minutes later, leaving a notice: “Because we want to give a better service, we are working for you.”
The site was restored Monday morning.
Carlos Portales, political director of the Chilean foreign ministry, said the incident is being investigated.
“It has happened with other Web pages, including some from the United States government, the Vatican,” Portales told reporters.
The Santiago daily El Mercurio on Monday reported that officials believe the hacker was a Peruvian.
While Chile and Peru have generally friendly relations, tension sporadically breaks out over the aftermath of two 19th century wars between the countries and a dispute over maritime boundaries has been developing.
The Web page carried information about activities of President Michelle Bachelet and about the upcoming Ibero American Summit for leaders from throughout Latin America, Spain and Portugal. Portales said the incident does not appear related to the summit.
The site was restored Monday morning.
Carlos Portales, political director of the Chilean foreign ministry, said the incident is being investigated.
“It has happened with other Web pages, including some from the United States government, the Vatican,” Portales told reporters.
The Santiago daily El Mercurio on Monday reported that officials believe the hacker was a Peruvian.
While Chile and Peru have generally friendly relations, tension sporadically breaks out over the aftermath of two 19th century wars between the countries and a dispute over maritime boundaries has been developing.
The Web page carried information about activities of President Michelle Bachelet and about the upcoming Ibero American Summit for leaders from throughout Latin America, Spain and Portugal. Portales said the incident does not appear related to the summit.
Hacker uses public APIs to breach eBay
eBay has begun an audit of its IT systems after a hacker managed to access and disable user accounts. The company said last week that the hacker exploited public application programming interfaces (APIs) that enable merchants to build e-commerce sites on top of eBay. “This fraudster found very old administrative interfaces into the eBay system that had not been deactivated when we changed the security of our internal systems several years ago,” a member of the company’s trust and safety division said in a posting on an eBay blog.
Hackers crawling over the web
The web is getting bigger, but also more dangerous. In the early days, it was like the Wild West – there were dangers out there, but if companies kept their wits about them and knew the basics of self-defence, they could get by.
Not anymore. Security experts are already looking back on 2006 as the year that web threats matured and became increasingly sophisticated. It was a year in which organised cyber criminals increasingly turned their attention away from email towards web traffic as their target of choice.
Last year saw an aggressive rise in web attacks. According to ScanSafe’s Annual Global Threat Report, spyware increased by 254 per cent in 2006, eclipsing email threats for the first time. The boundaries between spyware, adware and viruses have become blurred and criminals are now targeting multiple internet platforms with more focused, financially-oriented attacks.
For many malware authors, their motives have shifted from a desire to show off their technical prowess or create anarchy, to a greed-driven search for money. In 2006, over 65 per cent of web virus payloads were intended to achieve some direct financial benefit.
Last year also saw web 2.0 increasingly under siege, with hackers targeting social networking sites, chat rooms, popular search engine results and instant messaging.
The sheer scale of these threats has taken many corporate IT departments by surprise, as they grapple with balancing security and liability concerns with the realisation that the web is a mission-critical business communications tool.
The clear message is that businesses can no longer rely solely on traditional IT security solutions on the desktop or corporate network. Anti-virus software, firewalls and intrusion protection systems are valuable shields, but they are not impervious to today’s socially engineered, pernicious web threats.
IT departments are already taking action. Many companies have had help in scanning and filtering email traffic for some years. Now they are looking for help with their web traffic.
According to a recent survey of companies that already buy in managed IT services, 2007 will see a focus on security. The study from the Computing Technology Industry Association found that 33 per cent planned to increase their spending on managed security services. The reasons they gave are the traditional ones – the lack of in-house skills, more cost-effective and it enables them to concentrate on their core competencies.
These findings are backed by another recent report from industry analyst group Frost & Sullivan. It sees the managed security services market in EMEA soaring from $81.7m in 2005 to $603.7m in 2012.
If this suggests that the next five years will be a challenging, but rewarding period for web security-as-a-service providers, it also means plenty of opportunities for channel partners.
IT departments are finding that managed web security services are scaleable, flexible, have a lower total cost of ownership compared to hardware and software solutions and free up valuable network bandwidth. In fact, most customers report a 30-40 per cent saving over on-premise solutions.
For the channel, web security-as-a-service offers quick entry into the lucrative managed services security market. Because it doesn’t require investment – in development, infrastructure or hardware – it also provides a painless way for resellers to add web security to their portfolio of solutions.
Managed services also offer recurring revenue for channel partners, which is especially appealing given the declining margins of premise-based solutions. Hardware and software web security solutions have attained a certain maturity in their lifecycle and saturation in the marketplace. As a result, the margins on hardware and software solutions have steadily declined. This is not the case with web security-as-a-service, a relatively new offering with wide appeal across industry verticals and among SME businesses as well as larger enterprise accounts.
The net result for channel partners is that managed security services help boost gross margins and offer an easier, more cost effective way for customers to conquer web-based threats.
Not anymore. Security experts are already looking back on 2006 as the year that web threats matured and became increasingly sophisticated. It was a year in which organised cyber criminals increasingly turned their attention away from email towards web traffic as their target of choice.
Last year saw an aggressive rise in web attacks. According to ScanSafe’s Annual Global Threat Report, spyware increased by 254 per cent in 2006, eclipsing email threats for the first time. The boundaries between spyware, adware and viruses have become blurred and criminals are now targeting multiple internet platforms with more focused, financially-oriented attacks.
For many malware authors, their motives have shifted from a desire to show off their technical prowess or create anarchy, to a greed-driven search for money. In 2006, over 65 per cent of web virus payloads were intended to achieve some direct financial benefit.
Last year also saw web 2.0 increasingly under siege, with hackers targeting social networking sites, chat rooms, popular search engine results and instant messaging.
The sheer scale of these threats has taken many corporate IT departments by surprise, as they grapple with balancing security and liability concerns with the realisation that the web is a mission-critical business communications tool.
The clear message is that businesses can no longer rely solely on traditional IT security solutions on the desktop or corporate network. Anti-virus software, firewalls and intrusion protection systems are valuable shields, but they are not impervious to today’s socially engineered, pernicious web threats.
IT departments are already taking action. Many companies have had help in scanning and filtering email traffic for some years. Now they are looking for help with their web traffic.
According to a recent survey of companies that already buy in managed IT services, 2007 will see a focus on security. The study from the Computing Technology Industry Association found that 33 per cent planned to increase their spending on managed security services. The reasons they gave are the traditional ones – the lack of in-house skills, more cost-effective and it enables them to concentrate on their core competencies.
These findings are backed by another recent report from industry analyst group Frost & Sullivan. It sees the managed security services market in EMEA soaring from $81.7m in 2005 to $603.7m in 2012.
If this suggests that the next five years will be a challenging, but rewarding period for web security-as-a-service providers, it also means plenty of opportunities for channel partners.
IT departments are finding that managed web security services are scaleable, flexible, have a lower total cost of ownership compared to hardware and software solutions and free up valuable network bandwidth. In fact, most customers report a 30-40 per cent saving over on-premise solutions.
For the channel, web security-as-a-service offers quick entry into the lucrative managed services security market. Because it doesn’t require investment – in development, infrastructure or hardware – it also provides a painless way for resellers to add web security to their portfolio of solutions.
Managed services also offer recurring revenue for channel partners, which is especially appealing given the declining margins of premise-based solutions. Hardware and software web security solutions have attained a certain maturity in their lifecycle and saturation in the marketplace. As a result, the margins on hardware and software solutions have steadily declined. This is not the case with web security-as-a-service, a relatively new offering with wide appeal across industry verticals and among SME businesses as well as larger enterprise accounts.
The net result for channel partners is that managed security services help boost gross margins and offer an easier, more cost effective way for customers to conquer web-based threats.
VoIP gets hacked
Have you jumped on the VoIP bandwagon? Secure? Think again as US hacker is jailed for 2 years after breaching security at 15 separate telcos with ‘incredible ease’
‘Evil’ Techie genius Robert Moore has recently been jailed in the US after exposing tremendous flaws in tens of telcos IT infrastructures stating it was ‘incredibly easy’ because of basic IT security mistakes.
His global hacking spree was targeted at telcos and corporations aiming to allegedly steal voice over IP services and sell them through a company he was working for.
“It’s so easy. It’s so easy a caveman can do it,” he laughed.
“When you’ve got that many computers at your fingertips, you’d be surprised how many are insecure.”
It has been reported that he stole 10 million minutes of service and re-sold them at discounted rates, netting more than $1 million from the scheme although only receiving $20,000 personally for his efforts.
AT&T reported at the trial that Moore ran 6 million scans on its network alone, aliases have been used for the other companies that were successfully targeted in an attempt to sure up confidence in their services.
One small telco went out of business because of expenses the company incurred due to the amount of traffic Moore was responsible for diverting through their network.
Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure.
The biggest insecurity? Default passwords.
“I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had [Removed] or [Removed] as passwords on them.
We found the default password for it, and basically we could get in almost every time. Then we’d have all sorts of information, basically the whole database, right at our fingertips.”
Time to do a free security check on all your clients servers?
‘Evil’ Techie genius Robert Moore has recently been jailed in the US after exposing tremendous flaws in tens of telcos IT infrastructures stating it was ‘incredibly easy’ because of basic IT security mistakes.
His global hacking spree was targeted at telcos and corporations aiming to allegedly steal voice over IP services and sell them through a company he was working for.
“It’s so easy. It’s so easy a caveman can do it,” he laughed.
“When you’ve got that many computers at your fingertips, you’d be surprised how many are insecure.”
It has been reported that he stole 10 million minutes of service and re-sold them at discounted rates, netting more than $1 million from the scheme although only receiving $20,000 personally for his efforts.
AT&T reported at the trial that Moore ran 6 million scans on its network alone, aliases have been used for the other companies that were successfully targeted in an attempt to sure up confidence in their services.
One small telco went out of business because of expenses the company incurred due to the amount of traffic Moore was responsible for diverting through their network.
Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure.
The biggest insecurity? Default passwords.
“I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had [Removed] or [Removed] as passwords on them.
We found the default password for it, and basically we could get in almost every time. Then we’d have all sorts of information, basically the whole database, right at our fingertips.”
Time to do a free security check on all your clients servers?
Hackers use ‘construction kit’ to unleash Trojan variants
Multiple hacker groups are using a “construction kit” supplied by the author of a Trojan horse program discovered last October to develop and unleash more dangerous variants of the original malware. Already such variants have stolen sensitive information belonging to at least 10,000 individuals and sent the data to rogue servers in China, Russia and the United States, according to Don Jackson, a security researcher at SecureWorks Inc. of Atlanta. The stolen data includes Social Security numbers, online account information, bank account and credit card numbers, user names and passwords and other data that users would usually input during an SSL session.
The Prg Trojan, as it has been dubbed by SecureWorks, is a variant of another Trojan called wnspoem that was unearthed in October. Like its predecessor, the Prg Trojan and its variants, are designed to sniff sensitive data from Windows internal memory buffers before the data is encrypted and sent to SSL-protected Web sites. The Trojans are programmed to send the stolen data to multiple servers around the world where it is stored in encrypted fashion and sold to others looking for such information. An analysis of log files on the servers storing the stolen data shows that a lot of the information is coming from corporate PCs, Jackson said.
The variants include a new function that allows them to listen on TCP port 6081 and wait for a remote attacker to connect and issue commands for forwarding data or for rummaging through files on the compromised system, Jackson said. The newer variants are also more configurable and can be programmed to send stolen data to their final destination via a chain of proxy servers. The new Prg variants encrypt stolen data differently than the original version, making older analysis tools obsolete, Jackson said.
What makes the threat from the Prg Trojan especially potent is the availability of a construction tool kit that allows hackers to develop and release new versions of the code faster than antivirus vendors can devise solutions, Jackson said. The toolkit allows hackers to recompile and pack the malicious code in countless subtly different ways so as to evade detection by antivirus engines typically looking for specific signatures to identify and block threats, Jackson said.
The toolkit appears to have been developed by the Russian authors of the original wnspoem Trojan and comes complete with a three-page instruction manual in Russian instructing buyers how to use it. Originally, the kit appears to have been sold to other hacker groups for around $1,000. But more recently it appears to have been posted on an underground site, where others have been downloading and using it, Jackson said.
“The hackers are literally infecting thousands of users with one particular variant and once that version of the Trojan is blocked by antivirus, the hackers simply launch a new one in its place,” Jackson said. One of the groups using the construction kit has been naming their attacks after makes of cars, including Ford, Bugatti and Mercedes, according to a SecureWorks description of the Trojan. The group has been spreading versions of the Trojan by taking advantage of vulnerabilities in the ADODB database wrapper library and other components of Windows and Internet Explorer, according to SecureWorks. That group alone may have snared data from more than 8,000 victims. Data stolen by this group’s Trojan’s are sent to servers based in the U.S and China, according to SecureWorks.
Another group using the toolkit has been naming its attacks using the letter “H” and has sent its variants via spam e-mails to various individuals, SecureWorks said. One recent attack involved an e-mail with a subject line reading “HAPPY FATHER’S DAY.” Data stolen by this group’s Trojans is being sent back to servers in Russia. According to Jackson, many of those servers have separate staging areas on them with multiple versions of Prg Trojan programs that can be released as older versions get detected by antivirus software.
The Prg Trojan, as it has been dubbed by SecureWorks, is a variant of another Trojan called wnspoem that was unearthed in October. Like its predecessor, the Prg Trojan and its variants, are designed to sniff sensitive data from Windows internal memory buffers before the data is encrypted and sent to SSL-protected Web sites. The Trojans are programmed to send the stolen data to multiple servers around the world where it is stored in encrypted fashion and sold to others looking for such information. An analysis of log files on the servers storing the stolen data shows that a lot of the information is coming from corporate PCs, Jackson said.
The variants include a new function that allows them to listen on TCP port 6081 and wait for a remote attacker to connect and issue commands for forwarding data or for rummaging through files on the compromised system, Jackson said. The newer variants are also more configurable and can be programmed to send stolen data to their final destination via a chain of proxy servers. The new Prg variants encrypt stolen data differently than the original version, making older analysis tools obsolete, Jackson said.
What makes the threat from the Prg Trojan especially potent is the availability of a construction tool kit that allows hackers to develop and release new versions of the code faster than antivirus vendors can devise solutions, Jackson said. The toolkit allows hackers to recompile and pack the malicious code in countless subtly different ways so as to evade detection by antivirus engines typically looking for specific signatures to identify and block threats, Jackson said.
The toolkit appears to have been developed by the Russian authors of the original wnspoem Trojan and comes complete with a three-page instruction manual in Russian instructing buyers how to use it. Originally, the kit appears to have been sold to other hacker groups for around $1,000. But more recently it appears to have been posted on an underground site, where others have been downloading and using it, Jackson said.
“The hackers are literally infecting thousands of users with one particular variant and once that version of the Trojan is blocked by antivirus, the hackers simply launch a new one in its place,” Jackson said. One of the groups using the construction kit has been naming their attacks after makes of cars, including Ford, Bugatti and Mercedes, according to a SecureWorks description of the Trojan. The group has been spreading versions of the Trojan by taking advantage of vulnerabilities in the ADODB database wrapper library and other components of Windows and Internet Explorer, according to SecureWorks. That group alone may have snared data from more than 8,000 victims. Data stolen by this group’s Trojan’s are sent to servers based in the U.S and China, according to SecureWorks.
Another group using the toolkit has been naming its attacks using the letter “H” and has sent its variants via spam e-mails to various individuals, SecureWorks said. One recent attack involved an e-mail with a subject line reading “HAPPY FATHER’S DAY.” Data stolen by this group’s Trojans is being sent back to servers in Russia. According to Jackson, many of those servers have separate staging areas on them with multiple versions of Prg Trojan programs that can be released as older versions get detected by antivirus software.
Safari for Windows gets more patches
The recently-launched Apple browser, Safari for Windows, has received its second lot of patches since its debut earlier this month. Apple has posted the latest version of the beta software, 3.0.2, on its website, containing security fixes as well as other tweaks. The browser was first released by chief executive Steve Jobs at the company’s Worldwide Developers Conference earlier this month. Within days, security vulnerabilities had been unearthed by researchers, prompting the Mac maker to issue its first patch batch. Just over a week later, and Apple has released a second security upgrade.
The quickly-forthcoming nature of Apple’s patches has divided opinion among industry watchers, with some praising the company’s quick response to flaws and others criticising the fact they have appeared at all.
According to James Turner, industry analyst at IBRS, the question of security updates is not likely to be one bothering businesses.
“The majority of Safari users are the people who will readily chop and change their browser. They are the technically advanced, the home users, the curious, and the Apple fanatics. So, the bugginess of Safari is more of an inconvenience to the early adopters, rather than a serious issue. Yes, it’s sloppy, but it’s not that important. The stakes will increase dramatically if the iPhone starts getting similar market share to the iPod,” he said.
The second security update fixes a flaw that could allow malware writers to spoof the contents of the browser’s address bar, potentially fooling users into divulging sensitive information such as online bank details and passwords. The issue does not affect Macs running the browser.
The latest version of the Safari beta for Windows includes improved stability and fixes for text display, non-English systems and start-up times. Its Mac equivalent also contains security plugs and boosted stability, as well as better WebKit support for Apple’s Mail, iChat and Dashboard software.
The security element of the Mac Safari patch plugs a hole that could allow cross-scripting attacks to be launched if a user visits a malicious website.
The quickly-forthcoming nature of Apple’s patches has divided opinion among industry watchers, with some praising the company’s quick response to flaws and others criticising the fact they have appeared at all.
According to James Turner, industry analyst at IBRS, the question of security updates is not likely to be one bothering businesses.
“The majority of Safari users are the people who will readily chop and change their browser. They are the technically advanced, the home users, the curious, and the Apple fanatics. So, the bugginess of Safari is more of an inconvenience to the early adopters, rather than a serious issue. Yes, it’s sloppy, but it’s not that important. The stakes will increase dramatically if the iPhone starts getting similar market share to the iPod,” he said.
The second security update fixes a flaw that could allow malware writers to spoof the contents of the browser’s address bar, potentially fooling users into divulging sensitive information such as online bank details and passwords. The issue does not affect Macs running the browser.
The latest version of the Safari beta for Windows includes improved stability and fixes for text display, non-English systems and start-up times. Its Mac equivalent also contains security plugs and boosted stability, as well as better WebKit support for Apple’s Mail, iChat and Dashboard software.
The security element of the Mac Safari patch plugs a hole that could allow cross-scripting attacks to be launched if a user visits a malicious website.
Al Gore Website Hacked!
Do you want to buy some medicines? Maybe a pill of Viagra at the lowest price on the market? Or maybe some Valium? All you need to do is to visit Al Gore’s “An Inconvenient Truth” film blog and you might find some unexpected goodies (not!). Robert McMillan of IDG News Service reported that the blog was hacked a few days ago, the attackers publishing tons of links to other websites selling Viagra, Xanax, Valium and some other drugs. Just like a spam method, the attackers tried to drive traffic to their website but what’s more important and dangerous in the same time – they may have managed to get a higher position in the search engine results. This would obviously bring more users searching for certain keywords, as it’s well known the fact that top search engines such as Google and Yahoo drive a huge traffic to webpages.
Since high-rated websites such as Al Gore’s film blog includes links to other pages, their PageRank is automatically increased due to search engine’s algorithms which analyze the number of backlinks for every single site.
Getting back to the hack, it seems that the entire exploit was conducted through a WordPress vulnerability, the blog publishing technology implemented on “An Inconvenient Truth”.
What’s interesting about this hack is that the weblinks to the Viagra websites were not visible to the visitors because they were implemented only to affect the search engine rankings. According to the same source, the hidden links could have been analyzed by the crawlers but the visitors couldn’t have accessed them unless they opened the page source.
But there’s also a good thing about this hack: there’s no virus, worm, Trojan horse or any other infection published on the website, although the hackers could have inserted a dangerous code pretty easy since they got access to the content.
Since high-rated websites such as Al Gore’s film blog includes links to other pages, their PageRank is automatically increased due to search engine’s algorithms which analyze the number of backlinks for every single site.
Getting back to the hack, it seems that the entire exploit was conducted through a WordPress vulnerability, the blog publishing technology implemented on “An Inconvenient Truth”.
What’s interesting about this hack is that the weblinks to the Viagra websites were not visible to the visitors because they were implemented only to affect the search engine rankings. According to the same source, the hidden links could have been analyzed by the crawlers but the visitors couldn’t have accessed them unless they opened the page source.
But there’s also a good thing about this hack: there’s no virus, worm, Trojan horse or any other infection published on the website, although the hackers could have inserted a dangerous code pretty easy since they got access to the content.
Did You Try Hacking Your Ex-Company?
Many companies are afraid of ex-employees who got access to the internal security technologies, passwords or computers, a survey conducted by Citrix revealed. No less than 49 percent of the respondents considered that IT engineers or employees who worked in the security departments are a real threat for the Irish companies. In addition, 51 percent of them considered that hackers and malware represent a bigger threat than the angry employees while 52 percent voted for phishing attacks. 57 percent of the respondents said the DoS attacks are also a serious threat for the companies’ computers.
“Organisations must ensure that their corporate data is centrally managed and delivered to users just as needed. This is the most effective way to help prevent security threats such as those revealed in the survey. By implementing technology such as virtualization from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security, and can securely manage and deliver applications to the end user,” said Chris Mayers, security architect for Citrix, according to The Register.
There’s not much to say about this report because the companies have every reason to fear that ex-employees who worked with the internal passwords and other technologies could infiltrate and access the private data. However, this is where the security products are recommended because any company that chooses to block or restrict somebody’s access can easily install such a tool and filter the persons accessing the computers.
In addition, it would be a great idea to change the passwords and other private credentials but I believe this would be a difficult job in a large company with numerous servers and passwords. Sure, hacking your ex-company’s computer is an illegal activity but imagine that such an expert who worked as an engineer for a famous brand knows every little aspect of the security system and could easily get into the computers without leaving traces of breaking the protection.
“Organisations must ensure that their corporate data is centrally managed and delivered to users just as needed. This is the most effective way to help prevent security threats such as those revealed in the survey. By implementing technology such as virtualization from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security, and can securely manage and deliver applications to the end user,” said Chris Mayers, security architect for Citrix, according to The Register.
There’s not much to say about this report because the companies have every reason to fear that ex-employees who worked with the internal passwords and other technologies could infiltrate and access the private data. However, this is where the security products are recommended because any company that chooses to block or restrict somebody’s access can easily install such a tool and filter the persons accessing the computers.
In addition, it would be a great idea to change the passwords and other private credentials but I believe this would be a difficult job in a large company with numerous servers and passwords. Sure, hacking your ex-company’s computer is an illegal activity but imagine that such an expert who worked as an engineer for a famous brand knows every little aspect of the security system and could easily get into the computers without leaving traces of breaking the protection.
Al Gore Website Hacked!
Do you want to buy some medicines? Maybe a pill of Viagra at the lowest price on the market? Or maybe some Valium? All you need to do is to visit Al Gore’s “An Inconvenient Truth” film blog and you might find some unexpected goodies (not!). Robert McMillan of IDG News Service reported that the blog was hacked a few days ago, the attackers publishing tons of links to other websites selling Viagra, Xanax, Valium and some other drugs. Just like a spam method, the attackers tried to drive traffic to their website but what’s more important and dangerous in the same time – they may have managed to get a higher position in the search engine results. This would obviously bring more users searching for certain keywords, as it’s well known the fact that top search engines such as Google and Yahoo drive a huge traffic to webpages.
Since high-rated websites such as Al Gore’s film blog includes links to other pages, their PageRank is automatically increased due to search engine’s algorithms which analyze the number of backlinks for every single site.
Getting back to the hack, it seems that the entire exploit was conducted through a WordPress vulnerability, the blog publishing technology implemented on “An Inconvenient Truth”.
What’s interesting about this hack is that the weblinks to the Viagra websites were not visible to the visitors because they were implemented only to affect the search engine rankings. According to the same source, the hidden links could have been analyzed by the crawlers but the visitors couldn’t have accessed them unless they opened the page source.But there’s also a good thing about this hack: there’s no virus, worm, Trojan horse or any other infection published on the website, although the hackers could have inserted a dangerous code pretty easy since they got access to the content.
Since high-rated websites such as Al Gore’s film blog includes links to other pages, their PageRank is automatically increased due to search engine’s algorithms which analyze the number of backlinks for every single site.
Getting back to the hack, it seems that the entire exploit was conducted through a WordPress vulnerability, the blog publishing technology implemented on “An Inconvenient Truth”.
What’s interesting about this hack is that the weblinks to the Viagra websites were not visible to the visitors because they were implemented only to affect the search engine rankings. According to the same source, the hidden links could have been analyzed by the crawlers but the visitors couldn’t have accessed them unless they opened the page source.But there’s also a good thing about this hack: there’s no virus, worm, Trojan horse or any other infection published on the website, although the hackers could have inserted a dangerous code pretty easy since they got access to the content.
Did You Try Hacking Your Ex-Company?
Many companies are afraid of ex-employees who got access to the internal security technologies, passwords or computers, a survey conducted by Citrix revealed. No less than 49 percent of the respondents considered that IT engineers or employees who worked in the security departments are a real threat for the Irish companies. In addition, 51 percent of them considered that hackers and malware represent a bigger threat than the angry employees while 52 percent voted for phishing attacks. 57 percent of the respondents said the DoS attacks are also a serious threat for the companies’ computers.
“Organisations must ensure that their corporate data is centrally managed and delivered to users just as needed. This is the most effective way to help prevent security threats such as those revealed in the survey. By implementing technology such as virtualization from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security, and can securely manage and deliver applications to the end user,” said Chris Mayers, security architect for Citrix, according to The Register.
There’s not much to say about this report because the companies have every reason to fear that ex-employees who worked with the internal passwords and other technologies could infiltrate and access the private data. However, this is where the security products are recommended because any company that chooses to block or restrict somebody’s access can easily install such a tool and filter the persons accessing the computers.
In addition, it would be a great idea to change the passwords and other private credentials but I believe this would be a difficult job in a large company with numerous servers and passwords. Sure, hacking your ex-company’s computer is an illegal activity but imagine that such an expert whoworked as an engineer for a famous brand knows every little aspect of the security system and could easily get into the computers without leaving traces of breaking the protection.
“Organisations must ensure that their corporate data is centrally managed and delivered to users just as needed. This is the most effective way to help prevent security threats such as those revealed in the survey. By implementing technology such as virtualization from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security, and can securely manage and deliver applications to the end user,” said Chris Mayers, security architect for Citrix, according to The Register.
There’s not much to say about this report because the companies have every reason to fear that ex-employees who worked with the internal passwords and other technologies could infiltrate and access the private data. However, this is where the security products are recommended because any company that chooses to block or restrict somebody’s access can easily install such a tool and filter the persons accessing the computers.
In addition, it would be a great idea to change the passwords and other private credentials but I believe this would be a difficult job in a large company with numerous servers and passwords. Sure, hacking your ex-company’s computer is an illegal activity but imagine that such an expert whoworked as an engineer for a famous brand knows every little aspect of the security system and could easily get into the computers without leaving traces of breaking the protection.
Report finds worms in decline
Computer worms, responsible for some of the worst virus outbreaks in recent years, are declining as hackers look to make money instead of inflicting damage, a new report claims. According to latest malware audit from security firm PandaLabs, worms are now heavily outnumbered by malicious codes such as adware or Trojans, which currently make up 49 percent of all detected infections.
During October 2007, worms made up only 8.31 percent of detected threats, down from 18.14 percent in November 2006. Adware and Trojans, on the other hand, accounted for 25.97 percent and 23.37 percent respectively of all threats detected last month.
“Crashing computer networks might seem like an achievement, but it proves less profitable to an individual than obtaining sensitive confidential information,” said Dominic Hoskins, a representative of Panda Security UK.
“Malware sophistication still remains key to overcoming anti-viruses and firewalls, but it is the new strategic approach to malware attacks that matters. This new approach is both financially motivated and involves building malware from scratch for a specific target.”
Trojans have become particularly popular because of their ability to generate more profit from the theft of information, which is then used for online fraud and spam.
During October 2007, worms made up only 8.31 percent of detected threats, down from 18.14 percent in November 2006. Adware and Trojans, on the other hand, accounted for 25.97 percent and 23.37 percent respectively of all threats detected last month.
“Crashing computer networks might seem like an achievement, but it proves less profitable to an individual than obtaining sensitive confidential information,” said Dominic Hoskins, a representative of Panda Security UK.
“Malware sophistication still remains key to overcoming anti-viruses and firewalls, but it is the new strategic approach to malware attacks that matters. This new approach is both financially motivated and involves building malware from scratch for a specific target.”
Trojans have become particularly popular because of their ability to generate more profit from the theft of information, which is then used for online fraud and spam.
Man, This Is Smart! A Windows Infection That Gives Remote Control to The Hacker!
We’ve seen similar infections in the past, but since this is pretty new, it might manage to bypass the antivirus protection and install on your computer. Security company Trend Micro discovered BKDR_DARKMOON.AH, a new backdoor affecting the Windows operating systems which attempts to open a port in order to allow the hacker to connect to your computer. Basically, it can open any port it wants and, since there are so many remote control technologies available out there, it can easily allow its creator to control your system.
The backdoor affects most Windows versions including Windows 98, ME, NT, 2000, XP, Server 2003. But what’s more important is that it has a high damage potential bundled with a medium distribution potential. Sure, it has a low overall risk rating, but it’s still dangerous for our computers since it provides remote access to the attackers.
“This backdoor may be dropped by other malware. It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system”, Trend Micro wrote in the advisory.
“Upon execution, this backdoor injects itself into the Internet Explorer process and sets up an obfuscated connection to [website], which currently resolves to [IP], to notify a remote user of the system it has compromised.”
Since the backdoor is pretty new, there are no infections reported. However, you’re still advised to keep your antivirus up-to-date with the latest virus definitions and avoid visiting malicious websites coming from unknown sources.
Most of the antivirus developers quickly update their solutions to provide support and disinfection for the reported threats so that you are protected as soon as possible. In case you don’t have an antivirus solution installed on your computer, you can get one straight from Softpedia by visiting our Antivirus category.
The backdoor affects most Windows versions including Windows 98, ME, NT, 2000, XP, Server 2003. But what’s more important is that it has a high damage potential bundled with a medium distribution potential. Sure, it has a low overall risk rating, but it’s still dangerous for our computers since it provides remote access to the attackers.
“This backdoor may be dropped by other malware. It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system”, Trend Micro wrote in the advisory.
“Upon execution, this backdoor injects itself into the Internet Explorer process and sets up an obfuscated connection to [website], which currently resolves to [IP], to notify a remote user of the system it has compromised.”
Since the backdoor is pretty new, there are no infections reported. However, you’re still advised to keep your antivirus up-to-date with the latest virus definitions and avoid visiting malicious websites coming from unknown sources.
Most of the antivirus developers quickly update their solutions to provide support and disinfection for the reported threats so that you are protected as soon as possible. In case you don’t have an antivirus solution installed on your computer, you can get one straight from Softpedia by visiting our Antivirus category.
Wednesday, January 2, 2008
How to Detect a Hacker Attack
Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.
Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
Windows machines:
- Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
- Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
- Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
- Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.
Unix machines:
- Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
- Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
- Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
- Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.
Credit card fraudsters jailed in UK
The
Gang leader Roman Zykin, an illegal immigrant from
The authorities believe the group, which was highly organized and skilled, had access to tens of thousands of stolen credit card numbers, which were held on their state-of-the-art computer systems. According to the police, these numbers were mainly sourced from the
Estonia arrests first hacker over cyberattacks
A teenage resident of
Following days of disturbances a tense calm has now descended over
Despite the fact that many attacks may have have come from abroad, Estonia intends to use all means at its disposal to bring those responsible for blocking the country's key Internet portals to justice. This means that this first arrest may certainly not be the last in the Estonian investigation - the authorities are still trying to find the perpetrators, and according to official sources many leads can be traced to
Russian news sites suffer DoS attacks
The websites of Kommersant, a leading Russian newspaper and the Echo of Moscow radio station suffered massive Denial of Service attacks between 1st and 2nd of May, leading to significant disruption. The two sites were unavailable for most of the day on Wednesday in what some have already termed as revenge attacks for the political views of the editors in these news outlets.
According to reports in Russian media, the first signs of trouble on the Echo of Moscow site appeared late on May 1st, which is a public holiday in
Pavel Chernikov, editor in chief of the Kommersant website, said the attack had not yet been traced, and that the perpetrators remained anonymous. However, in statements to the news site Lenta.ru, he mentioned his belief that the attacks might be linked to the publication of a police interview with the exiled oligarch Boris Berezovsky. The interview was carried out in
Hackers target official Estonian portals in conflict over Soviet-era monument
Websites in Estonian cyberspace have been placed on high alert since the past weekend following recent street clashes in the capital
According to reports in Russian and Estonian media the situation was so bad that access to the official government portal of the
On Saturday the Internet portal of the ruling Estonian Reform Party was also infiltrated by hackers, who published a supposed apology and promise to return the soldier's statue to its original place from Estonia's Prime Minister Andrus Ansip. Mr Ansip is widely seen in
"Bumbling" hacker speaks out at Infosec
Gary McKinnon, the "bumbling nerd" who is due to be extradited to the US where he should face criminal charges over his illegal access to secret government computer networks, has appeared on a hacker's panel at the Infosec show in London. McKinnon lost his penultimate appeal at the
The Scot, who admitted breaking into military and NASA networks on many occasions between 2001 and 2002, spoke about the extradition process in what some American officials have called "the biggest military hack ever". At the Infosec show Mr McKinnon, who has always claimed that he was never out to cause any harm and had been merely looking for evidence of an official US government cover-up regarding UFOs, spoke of his belief that the US authorities have hiked the alleged damages caused by his hacking. According to McKinnon, the estimated $700,000 of damage is too large a sum, particularly as the cost of each machine he broke into has been set at $5,000, much higher than the actual market value of computers at the moment. There have been suggestions that this figure has been provided by the American side to meet standards which dictate that a jail sentence of a year or more has to be faced in order to ask for extradition.
Interestingly, attendees at the Infosec show have given their backing to Mr McKinnon via a survey, according to which nearly 75% of respondents think that evidence against him should be first heard at a British court and he should not be extradited. However, an earlier survey indicated that the IT security community was divided over the fate of the hacker, with 48% saying that he should be sent to jail, 42% suggesting community service and 10% believing a fine should be the punishment handed our
Changes to UK cybercrime legislation are in the air
The
Lord Broers made his comments at the 2007 InfoSec show in
In his address Lord Broers also criticised the current set-up in which he feels too much responsibility for cybersecurity is laid on the end-user. Speaking to members of the technology industry he suggested that new laws could be introduced to redress that balance, while he also criticised some companies such as Microsoft for being too confusing when warning users of new security threats.
Hacker threatens Valve with releasing its customers financial data
According to the latest reports currently circulating online a hacker could have gained illegal access to the servers of Steam, the content distribution system of Valve Software, creator of such prominent game titles as Half-Life and Counter-Strike. The hacker, calling himself MaddoxX, posted a message on an anti-Valve Internet forum on April 8. In this message he presented supposed proof of the break-in, such as Valve’s private financial details.
Other information in his post related to the company’s Cyber Café program, which allows cybercafe owners to run Valve’s games. According to the hacker, he gained access to private financial information, such as credit card and transaction details. In a message to Valve he also threatens the company with releasing all of its customers financial details into the public domain, potentially putting millions of people at risk.
So far there has been no official comment from Valve, which has lead to speculations from some quarters about a possible cover-up. Allegations have also been made that any threads regarding this issue that were posted in the official Steam forum were being deleted almost instantly. However, it is thought that the silence may be related to the ongoing investigation of these claims, which, if true, could pose a serious problem for Valve and its customers.
Wi-Fi leeching leads to police arrests
People stealing their neighbours’ wireless Internet (what is known as “leeching”) could now face the threat of a criminal record in the
In fact, recent research conducted by price comparison website Moneysupermarket.com indicates that lax wireless protection puts up to a quarter of the
All this has lead to more attention from the police, who seem to be taking the problem increasingly seriously. As reported in The Guardian, two people have already been detained in the past month in Worcestershire in two unrelated incidents. Both subsequently received a caution “for dishonestly obtaining electronic communication services with intent to avoid payment.” Police Constable Tony Humphreys from
People stealing their neighbours’ wireless Internet (what is known as “leeching”) could now face the threat of a criminal record in the
In fact, recent research conducted by price comparison website Moneysupermarket.com indicates that lax wireless protection puts up to a quarter of the
All this has lead to more attention from the police, who seem to be taking the problem increasingly seriously. As reported in The Guardian, two people have already been detained in the past month in Worcestershire in two unrelated incidents. Both subsequently received a caution “for dishonestly obtaining electronic communication services with intent to avoid payment.” Police Constable Tony Humphreys from
Calls to tackle cybercrime in India
A seminar on the topic of cybercrime and cybersecurity in
The billion-strong nation is currently experiencing a technology boom, but apart from wealth this has also resulted in an increased number of computer crimes being reported to the police. The latest figures for 2005 show that a total of 481 cybercrime cases were registered, rising from 347 incidents in 2004. However, experts feel that only a tiny proportion of cybercrime is actually reported and such low official figures may lull people into a false sense of security.
Hacker caught in the act at UCSF
Astute technicians who witnessed a hacker breaking into the secure server holding private information on staff and students averted a significant security breach at the
The incident occurred on March 27, when university technicians were remotely accessing a server located at the
The data held on the server related to the university’s payroll and student financial aid. A total of 43,000 campus payroll and 3,000 student aid records were stored there, giving the hacker a potential wealth of vital information that could be used for ID theft. According to Mr Lopez, the data on this particular system was not encrypted, as firewalls and other existing protection was deemed enough. Although it is not known whether the elusive hacker actually managed to access and steal any private information, the university is now revisiting this particular policy and has advised anyone affected to place their credit files on fraud alert if in any doubt.
Online banking fraud on the up
Online banking fraud has seen a massive increase in the
This growth in phishing incidents could be explained by an increase in sophistication of such attacks, seen over the past few years. Phishing emails used to be written in poor English, while fake banking sites were also of poor quality and evident to the naked eye. Now, though, cyberfraudsters create perfect copies of financial sites and send out convincing phishing spam to catch out their victims.
Despite the magnitude of these figures, APACS also reported some good news regarding cyberfraud and phishing: whilst it accounted for losses of £22.5m in the first half of last year, these fell by more than 50 percent to £11m in the second half. And overall levels of financial fraud also fell by 3 percent from £439.4m to £428.0m. The biggest improvements were noted in fraud using stolen or lost cards, which include retailer and cash machine transactions.
Sweden to spy on cross-border Internet traffic
The Swedish government is planning to introduce new rules that would allow its National Defence Radio Establishment to spy on cross-border emails and telephone calls. The plans have been presented to parliament amid controversy over "Big Brother" style of monitoring.
Current rules dictate that the NDRE can only tap military communications, something that was required for counter-intelligence operations during the Cold War. However, it is now seeking to address modern concerns over the use of phone and Internet communications with particular focus on international terrorism. Sweden's defence chief Mikael Odenberg has been quoted by the country's English-language news outlet The Local as saying that "this is about collecting information for the country's foreign, security and defence policy and protecting Sweden from foreign threats." The new rules would allow the intelligence agency to apply pattern analysis and conduct specific searches rather than simply going after all of an individual's communications.
However, critics of the proposals have been pointing out that the introduction of these new rules could lead to taps being put into operation without the go-ahead of law courts. The government would have the last say on what is and is not allowed, and ultimately, critics believe, millions of Swedish citizens could be subject to indiscriminate covert monitoring and surveillance. Interestingly, this may have already taken place for several decades, as the NDRE was secretly wiretapping communications for some sixty years according to Mr Odenberg, who used that fact to argue for the introduction of the new rules to legislate the practice.
Database hacker jailed in US
A man from
Perras was one of five men, the youngest of whom was 19 and the oldest 24, who managed to access a special law enforcement database known as Accurint on a computer based at Port Orange Police Department in
Despite Perras’ claims that there was no malicious intent in his actions, which were fuelled by simple curiosity, the judge thought a prison sentence was the most suitable punishment, sending out a strong signal to other would-be hackers. Apart from the year in jail Perras will have three years on probation and will also have to give 100 hours of community service. His other co-defendents, who were sentenced in December, have already been ordered by the judge to pay up more than $100,000 in damages to LexisNexis, which owns the hacked database, and the Port Orange Police Department, whose computer was infected with a Trojan and broken into.
Revenge hacker charged in Belarus
A man has been charged with gaining illicit access to a former girlfriend’s dating website entry in
The incident took place in January this year, when the former girlfriend saw her dating site account frozen by administrators following a mass mailing of her private message exchanges to other users. The woman then lodged an official complaint to her district police station, which redirected the case to the regional police unit dealing with crimes in the hi-tech sphere.
The investigation did not take long, as the victim pointed out the probable culprit to the authorities, who carried out a search on the suspect’s work computer and found enough evidence to charge him with “computer sabotage”. If the court in
French election suffers from hacking scandal
The French presidential election has been hit by another hacking scandal. This came only a couple of weeks after the news that someone managed to gain access to confidential information held on a computer belonging to an employee of the far-right Front National. The candidacy of prominent right-wing politician Jean-Marie Le Pen may now suffer as a result. One man, the owner of the computer that was infiltrated, was briefly arrested but then released.
The incident took place last week at the party’s headquarters, where a hacker broke into one of the computers and managed to steal a list of elected officials across France who had agreed to back Le Pen’s candidature at the elections. The French electoral system demands that a candidate be endorsed by at least 500 of the existing 42,000 elected officials. The list of officials supporting Le Pen has now been made public, leading to suggestions that those who have given their voice to back the far-right politician may now remove their vote of confidence. At a press conference held last week Le Pen claimed that at least 20% of these votes had already gone as a result of the leak.
The far-right politician himself maintains that there has been a concerted campaign against him, aimed at removing him from running in the election. Last time round, in 2002, Le Pen stunned the French by claiming second place, highlighting serious divisions in French society.
Cyber cafe - or the scene of cybercrime?
In
According to data from
The Japan Complex Café Association, which unites many of the country’s cybercafes, has proposed a membership scheme to facilitate law enforcement, but more than half of these establishments in Japan are not members of the association, making this move hard to enforce across the whole industry. Interestingly, the Internet café in
Dubai eGovernment websites hit by cyberterrorists
The attack lasted for a couple of hours, after which the security team succeeded in blocking it. Some services were temporarily affected and some data held on the sites that were targeted was lost. However no confidential information was exposed in the incident, which was the second attack on
It is believed that the hacking group responsible for the security breach is Turkish in origin and carried out the attack as an act of political protest. Messages in Turkish were left on the hacked sites with what are thought to be approving references to the murder last January of Armenian-Turkish journalist and writer Hrant Dink.
DoS attacks to be made illegal in Sweden
Denial of service attacks will become illegal in
Up until now
Japanese feel increasingly threatened by cybercrime
A new survey released by the Cabinet Office in
A total of 1,795 adults were polled and 40.1% of them revealed they were worried about Internet-based crime and felt vulnerable to it. This is a 21% rise from the results of a survey that was carried out in 2004. Overall, cyberspace was ranked third in the overall list of crime fears, following streets in general and also entertainment districts. Most respondents believe that the overall crime situation in
In
Russian connection in Turkish cybercrime investigation
A large gang of phishers has been disbanded in
The Turkish investigation started a couple of months ago, following an influx of complaints from members of the public regarding irregularities with their online bank accounts. A 20-strong dedicated IT crimes group from the Izmir Organized Crime Bureau was assembled to work on the case and quickly uncovered a network of criminals involved in the scheme. The gang used stolen bank account details and passwords to siphon off funds, but left the IP addresses of the machines employed to log on to the banking system. These IP addresses were traced to a total of 17 gang members, who were all detained in simultaneous raids last Tuesday. The police found computer equipment, fake passports, credit cards and unregistered weapons at what is believed to have been the headquarters of the gang.
According to sources from the Izmir Organized Crime Bureau, this has been one of the largest cybercrime investigations ever carried out in
“Mainstreaming” needed for Britain’s anti-cybercrime effort
The ability of existing cybercrime policing units to fight e-crime in
One recommendation from DCI McMurdie is to spread IT forensics and anti-cybercrime methods into every investigation, both specialist and general, so that all law enforcement officers are familiar with new techniques and trends. There is also evidence of the need for one single structure that could play its part as the first port of call for complaints regarding cases of cybercrime. However, the National High-Tech Crime Unit has now been absorbed by the Serious Organised Crime Agency, dubbed the “British FBI”. The level of priority given by SOCA to cybercrime has been recently criticised by Microsoft in a presentation to the House of Lords Science and Technology Committee enquiry. The situation is currently so strained that recently it has emerged that the police have begun working with cybervigilante groups in an effort to gain more information and intelligence.
The Metropolitan Police is currently undergoing a review process that will serve to highlight issues that need changing in relation to cybercrime. As part of this review several units within the police force that deal with computer crime have been scrutinised, including the Computer Crime Unit, Paedophile Unit, Counter Terrorist Command Intelligence Bureau, Clubs and Vice, Computer Services Laboratory, Professional Standards and Covert Policing Command. With so many different units a key issue becomes the sharing of intelligence and best practices. Until a national cybercrime strategy is agreed upon, though, problems in reporting and investigation will continue plaguing
Cybercriminals sentenced in Holland
A court in the southern Dutch city of
The biggest case of such nature to be heard in the
In addition to their prison sentence the 20-year-old leader of the group, who was just a teenager at the time of the cyberattacks, will have to pay a fine of 9,000 Euros. He will also have to pay-up almost 17,000 Euros of his illegally obtained profits. His 28-year-old accomplice has been fined a total of 4,000 Euros and will also have to return 2,500 Euros. The Dutch prosecution has been on record as to say they are “not unhappy with the ruling in this case”.
Phishing more common than viruses and trojans
New data released by MessageLabs shows that January 2007 was the month in which phishing attacks finally overtook virus attack in terms of overall numbers. Levels of spam have also continued to grow and in January 2007 stood at 84.5% according to MessageLabs figures. The number of emails containing some sort of phishing attack has now reached 1.07%, while Trojans and viruses infected some 0.83% of all email traffic.
MessageLabs believes that the emergence of phishing as the Number 1 threat in the Internet comes down to virus attacks becoming more targeted, rather than the generalized outbreaks of old. Additionally, phishing has become an increasingly lucrative crime and one that keeps in step with new security measures. For instance, the rollout of new two-factor authentication systems has lead to the emergence of so-called “man-in-the-middle” attacks. This is where a cybercriminal sets himself up as a relay between the client machine and the online bank, virtually hijacking an ongoing online banking session by using original security data input from the victim.
Research by the APWG also highlights the growing scope of phishing attacks. The latest available figures are for November 2006 and show a continuation of striking growth in the number of new phishing sites that started in October 2006. Whereas previously the number of phishing sites at most reached 20,000, in October and November this figure jumped to over 37,000. A report from IBM ISS on security threats in 2006 also shows that while a lot of phishing emails originate outside the
Botnets named as the latest danger to Internet
Spam continues to take over online communications as new data suggests that it accounted for 94% of all email traffic last December. Research by Postini shows a 147% overall growth in spam levels in 2006, due to increasingly sophisticated schemes and bot networks.
The current trend is for attackers to combine techniques and build massive botnets that increase their spamming capacity. It is estimated that attackers now use a million computers to coordinate malicious spamming campaigns, while Google’s Vint Cerf has recently suggested that almost 40 million Internet-connected computers worldwide could be infected by Trojans.
The growth of botnets has now reached dangerous levels, as the system uses newly acquired bandwidth to spread even further by means of Trojans and viruses that commandeer new computers. Security company Prolexic has released data which suggests that
US warning to financial institutions over possible cyberattacks
The
Warnings of potential cyber-terrorist attacks have been sounded previously, both in the
So far there has been little reaction to the warning, particularly as the Department of Homeland Security, the federal agency tasked with distributing it, said that there was no concrete information or intelligence to back the threats. The only source of information is thought to be a website from a group linked to al-Qaeda that calls for cyberattacks in December, presumably focusing on the run up to the festive period.
Hi-tech cash machine hacker jailed in the UK
A gang of carders has been dismantled in
Maxwell Parsons, 41, is thought to have gained hacking skills from a friend who was enrolled at
Total damage from this hi-tech fraud operation is though to be £200,000, although the police could only track £14,000 of that back to Mr Parsons. The man himself was apprehended totally by chance, when a car he was travelling in was pulled over for performing an illegal U-turn in
Major hacking crew taken down in South America
Chilean police have reported on a significant success in their fight against cybercrime this week.
The Chilean hacking group became known across the world in 2005, when it engaged in a virtual shoot-out with their counterparts in
The 8-month investigation mostly centred on the leader of the group, who was identified by his place of study. Gerardo Raventos, who led the investigative team in
New anti-cybercrime force to be launched in Britain
The Metropolitan Police will launch a new unit that will fight e-crime in
The new e-crime unit will fill the void left by the departure of the NHTCU for pastures new and provide a response in an area of growing concern for the public. A recent government report on crime in society highlighted the fact that cybercrime has become one of the most feared types of crime in
Huge Patch Tuesday for Microsoft in October
After September’s update that only contained four patches, Microsoft has returned to the routine of “Big Patch Tuesdays”, with it’s October security instalment containing ten security advisories of which six are rated critical. In the ten patches provided Microsoft fixes a record twenty-six vulnerabilities, of which nineteen are critical in nature and could be exploited remotely. IT manager might be happy to know that initially Microsoft was planning to release a total of eleven patches, but one of them did not pass quality control testing and was held back. However, the job of installing more than two-dozen fixes is going to be challenging for any IT professional running a large network.
The six critical bulletins fix flaws in Windows and the Office package, and some of the vulnerabilities addressed have already been exploited in the wild or have had proof-of-concept code released. Of the six patches four deal with problems in Microsoft Office, including vulnerabilities in Excel and Word that have been publicly known for at least a month. The other two patches fixed flaws in Microsoft PowerPoint and general problems in the Microsoft Office suite.
Two further critical bulletins were related to problems in Microsoft Windows. One of these problems in Windows Shell was already being publicly exploited, as confirmed not only by the security community but also by Microsoft itself. The other vulnerability in XML core services has not been publicly disclosed, but has the scope to become a very important problem if not patched as soon as possible.
The rest of the vulnerabilities, seven in total across four bulletins, received ratings between Important and Low. The two that are rated Important were found in the Server Services component of Windows and could lead to denial of service attacks. Of the two “Moderate” bulletins one fixed a flaw in .Net Framework 2.0 that could lead to spoofing and information disclosure, while another addressed an issue in Windows Object Packager that could lead to remote code execution, but only after “significant user interaction”, which prompted the low security rating. The other three vulnerabilities were all rated as “Low” in terms of severity and were found in TCP/IP and were bundled into a single bulletin.
Straight after release on October 10 these updates were not available via the automatic distribution channels Microsoft usually provides due to “some network issues”. However, the problem was later corrected, and users could access the patches via Microsoft Update and Automatic Updates service. Given the “critical nature” of most of the bulletins and the fact that several of the vulnerabilities fixed have already been exploited users are recommended to update immediately either via the automatic update route or manually from Microsoft TechNet.
Three hackers jailed in Russia
A court in the
The criminal group consisted of a number of individuals from several Russian cities, including
After that Canbet decided to pay the ransom into a Latvian bank, but the attacks did not stop, so the company contacted the British National High-Tech Crime Unit. British officers then turned to their Russian colleagues, who carried out their own investigation and arrested two suspects in 2004, with two supposed masterminds of the gang still on the run. In 2005 a third man was arrested and the three men held faced charges in court. It is thought they managed to extort as much as $4 million from their victims, having carried out 54 attacks in 30 countries over six months. Now the three men, including 20-year old Ivan Maksakov from
T-Mobile hacker sentenced
A hacker involved in the infiltration of the T-Mobile USA network two years ago has been sentenced to a year of home detention and also fined $10,000. Nicholas Lee Jacobsen was involved in the infamous T-Mobile Sidekick hack in 2004, when as many as 400 of these wireless devices were accessed by attackers. Among the owners affected by the security breach were
Jacobsen was originally detained in October 2004 as part of a wider investigation, and was initially indicted in early 2005. In February 2005 he entered into a plea agreement with the government and pleaded guilty to one charge of intentionally accessing a protected computer and causing damage. However, his case raised a lot of questions, particularly as it involved Special Agent Peter Caviccia, whose private information was also accessed by Jacobsen. There were also issues regarding the education and expertise level of the accused hacker. More than a year after the original trial was held, US District Judge George King finally sentenced Jacobsen to a year of home detention and restitution to T-Mobile to the sum of $10,000.
Jacobsen, who now lives in
Teenage cyber criminal handed curfew order by UK court
A teenager from Bedworth,
The firm that was targeted suffered tens of thousands of pounds in damages as a result of Lennon’s malicious actions. Police investigating the attack traced the emails back to Lennon’s home computer, which led to his appearance in court, the first successful prosecution of this type of offence under the Computer Misuse Act 1990. Representatives of the Metropolitan Police Computer Crime Unit, which worked on the case, were understandably happy to see the attacker convicted and fitted with an offender’s electronic tag. Detective Chief Inspector Charlie McMurdie, head of the unit, said: “This demonstrates the commitment of the MPS Computer Crime Unit to work with industry to prosecute individuals who use technology to cause harm.”
Cases of malicious use of technology are notoriously difficult to prosecute, and this one was not different in that respect. Lennon originally appeared in court in November last year, but at that time the judge deemed he had no case to answer. The Crown prosecution Service decided to go ahead with an appeal, which led to this first successful conviction in a
Subscribe to:
Posts (Atom)