This section is devoted to featuring late-breaking cyber security news stories.
Oct. 13, 2008
Top Security Suites Fail Exploit Tests
Security software suites don't protect users from real-world exploits, a bug-tracking company charged today after launching 300 test attacks against a dozen programs, including popular software from McAfee Inc., Symantec Corp. and Trend Micro Inc.
"The Internet security suites are marketing themselves as the one solution users need to be safe online," said Thomas Kristensen, chief technology officer at Secunia Inc., which ran the tests. "In our opinion, that's just not true."
Oct. 29, 2008 - John Markoff
Antiviral "Scareware" Just One More Intruder
How much money can criminals make scaring naïve computer users? Try $5 million a year.
That is how much a marketing associate of one Russian operation appears to be earning from its sales of fake antivirus software through an elaborate scheme that relies on e-mail spam and indirectly controlling thousands of unprotected PCs, according to internal company files posted online by a Russian hacker.
Oct. 28, 2008 - Brian Robinson
Report: Some Good News On Government IT Security
A recent report by PricewaterhouseCoopers states that the government has greatly improved its use of security technology, but it still lags on setting policies for using that technology and training employees about it.
Less than two of three government officials responding to the survey said their organizations have an overall information security strategy or centralized security information management process, and about half don’t understand basic ideas such as risks to sensitive data.
Oct. 27, 2008 - Taylor Buley
Hackonomics
Your personal identity isn't worth quite as much as it used to be--at least to thieves willing to swipe it.
According to experts who monitor such markets, the value of stolen credit card data may range from $3 to as little as 40 cents. That's down tenfold from a decade ago--even though the cost to an individual who has a credit card stolen can soar into the hundreds of dollars.
Oct. 24, 2008 - John Markoff
Security Flaw Is Revealed in T-Mobile's Google Phone
Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles A. Miller, notified Google of the flaw this week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Oct. 24, 2008 - David Hubler
Panel: Cybersecurity Tops Agencies' Wish List
Despite a consensus that government technology budgets will remain flat through at least 2010, analysts say federal contracting opportunities will remain strong for cybersecurity, health care and logistics.
Companies that excel in those areas are also the main targets of mergers and acquisitions, said Jean Stack, senior vice president of Houlihan Lokey, an investment banking company. She was a panelist at the recent 2008 Vision Conference sponsored by the Information Technology Association of America and the Government Electronics and IT Association.
Oct. 23, 2008 - Noah Shachtman
Russian Coder: I Hacked Georgia's Sites In Cyberwar
Government and independent investigators are still trying to figure out who, exactly, hit Georgia's websites during its August war with Russia. Now, one of the hackers who claims to be behind some of the cyberattacks is telling all.
Oct. 20, 2008 - Lizzy Davies
Bank Hackers Steal from Sarkozy
The French government was forced to admit that no one was safe from internet fraud yesterday after it emerged that thieves had managed to hack into President Nicolas Sarkozy's personal bank account and siphon off cash.
The unknown hackers removed several small sums of money from the account after obtaining Sarkozy's online access codes. An inquiry was launched after the president noticed the transactions and complained to the police, said a government spokesman.
Oct. 19, 2008 - Jim Hall
Hospital Patient Data Revealed
A security breach in an online computer system at Mary Washington Hospital exposed the private medical information of some of its maternity patients.
A man who tried to use the Fredericksburg hospital's online registration system for his expectant wife said the files for 803 patients were publicly available on the site.
Oct. 18, 2008 - Iain Thomson
Teenager Charged Over Scientology Hack
A teenager who took part in a distributed denial-of-service attack against the so-called Church of Scientology has been charged. Dmitriy Guzner, 18, of Verona, New Jersey, is accused of helping in the attack on Scientology servers in January.
He has agreed to plead guilty to a single felony charge of unauthorised impairment of a protected computer and to pay $37,500 in damages.
Oct. 18, 2008 - Ellen Knickmeyer
Al-Qaeda Web Forums Abruptly Taken Offline
Four of the five main online forums that al-Qaeda's media wing uses to distribute statements by Osama bin Laden and other extremists have been disabled since mid-September, monitors of the Web sites say.
The disappearance of the forums on Sept. 10 -- and al-Qaeda's apparent inability to restore them or create alternate online venues, as it has before -- has curbed the organization's dissemination of the words and images of its fugitive leaders. On Sept. 29, a statement by the al-Fajr Media Center, a distribution network created by supporters of al-Qaeda and other Sunni extremist groups, said the forums had disappeared "for technical reasons," and it urged followers not to trust look-alike sites.
Oct. 16, 2008 - Brian Krebs
Report: Russian Hacker Forums Fueled Georgia Cyber Attacks
An exhaustive inquiry into August's cyber attacks on the former Soviet bloc nation of Georgia finds no smoking gun in the hands of the Russian government. But experts say evidence suggests that Russian officials did little to discourage the online assault, which was coordinated through a Russian online forum that appeared to have been prepped with target lists and details about Georgian Web site vulnerabilities well before the two countries engaged in a brief but deadly ground, sea and air war.
Oct. 16, 2008
IRS Computer System Security Risk
Two new IRS computer systems that will eventually cost taxpayers almost $2 billion are being put into service with known security and privacy vulnerabilities, a Treasury watchdog said in a report coming out Thursday.
The office of the Treasury Inspector General for Tax Administration said Internal Revenue Service officials failed to ensure that identified weaknesses had been addressed before putting the new systems into use.
Oct. 15, 2008 - Stephanie Condon
FBI Targets Rise in Cybercrime From U.S. and Abroad
The threat of cybersecurity attacks are on the rise from organized crime, terrorists, and foreign governments, an FBI official warned on Wednesday.
There are a "couple dozen" countries interested in breaching U.S. networks, said Shawn Henry, assistant director of the FBI cyber division, though he declined to list any specific countries.
The attempted attacks on U.S. networks are "increasingly sophisticated" and "the amount of information that has been stolen is significant," Henry said.
(Click here to read news.) (Related Story)
Oct. 15, 2008 - AFP
South Korean PM Warns of Hacking Threat by North Korea, China
South Korean Prime Minister Han Seung-Soo on Tuesday warned his cabinet over attempts by Chinese and North Korean computer hackers to obtain state secrets, officials said.
The National Intelligence Service (NIS), Seoul's main spy agency, said it had told Han that about 130,000 items of government information had been hacked over the past four years.
Oct. 14, 2008 - Op-Ed by Melissa Hathaway
Safeguarding Our Cyber Borders
The link below contains an Op-Ed by Melissa Hathaway, Cyber Coordination Executive for the Office of the Director of National Intelligence, that was published by the McClatchy-Tribune News Service on Wednesday, October 8, 2008. She says the nation needs to work on many things in this area, including more work in alliances and partnering, re-thinking relationships between government and the private sector regarding cyber security, and enhancing ways to share sensitive info with industry.
(Click here to read editorial.)
Oct. 14, 2008 - Brad Stone
Authorities Shut Down Spam Ring
The Federal Trade Commission won a preliminary legal victory against what it called one of the largest spam gangs on the Internet, persuading a federal court in Chicago on Tuesday to freeze the group’s assets and order the spam network to shut down.
The group, which used several names but was known among spam-fighting organizations as HerbalKing, sent billions of unsolicited messages to Internet users over the last 20 months, promoting replica watches and a variety of pharmaceuticals, including weight-loss drugs and herbal pills that supposedly enhanced the male anatomy, according to the commission.
Oct. 13, 2008 - John Leyden
Home Secretary Rejects McKinnon Anti-Extradition Plea
The Home Secretary has rejected a request to rip up an extradition order against accused Pentagon hacker Gary McKinnon.
McKinnon was diagnosed with Asperger's syndrome and solicitors for the Briton wrote to Jacqui Smith saying his medical condition ought to mean he should face criminal prosecution over his admitted hacking activities in the UK rather than the US. The 42 year-old London-based Scot faces seven charges of hacking into 97 US government, NASA and military systems during 2001 and 2002. He has described the acts as an attempt to unearth proof that the US military was suppressing evidence that it had acquired advanced technology from UFOs.
(Click here to read news.) (Related Story)
Oct. 13, 2008 - Alice Lipowicz
DHS Not Prepared For Cyberattacks, House Committee Chair Says
The Homeland Security Department is severely behind schedule in its core mission of preparing for major cyberattacks, explosive attacks, natural disasters and other scenarios, according to Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee.
Of eight planning scenarios and associated planning documents that are supposed to be the foundation of the National Response Framework, the department has completed only the first step of planning on a single scenario, Thompson wrote in an Oct. 9 letter to DHS Secretary Michael Chertoff.
Oct. 13, 2008 - Kevin Poulsen
Cybercrime Supersite "DarkMarket" Was FBI Sting, Documents Confirm
DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.
Reports from the German national police obtained by the Südwestrundfunk, Southwest Germany public radio, blow the lid off the long running sting by revealing its role in nabbing a German credit card forger active on DarkMarket. The FBI agent is identified in the documents as J. Keith Mularski, a senior cybercrime agent based at the National Cyber Forensics Training Alliance in Pittsburgh, who ran the site under the hacker handle Master Splynter.
Oct. 13, 2008 - Tien Phong
The Culprit of DDOS Attack Is a Student
On October 10, 2008, the police arrested a high school student in the central province of Quang Nam. He was discovered to be the culprit of the DDOS attack that has stirred up the IT community for the last few days.
The decision to arrest the student was released 20 hours after the rush investigation made by the High-tech Crime Fighting Agency under the Ministry of Public Security (PC 15) and the Bach Khoa Internet Security Centre (Bkis).
Oct. 11, 2008
Cyber-Warfare Between Sunnis and Shiites: New Take on an Old Game
Saudi-owned Al-Arabiya television seems to have been the target in a Shiite riposte for damage recently inflicted by Sunni hackers on hundreds of sites connected to the Iranian government and Iraq's most senior Shiite cleric. Attacks and counter-attacks of this sort are not a surprise anymore, but they remain a disappointment. Just as then-new mediums like radio and satellite television prompted "wars" in which supporters of one movement or another sought - by means both fair and foul - to counter the arguments and limit the influence of their rivals, so does the Internet now constitute a new venue for "ideological" battles that fly in the face of what the open interchange of ideas is supposed to be all about.
Oct. 10, 2008 - Express News Service
Two Reasons To Worry About City's WiFi Connections
Pune, India – The recent hacking of Wi-Fi connections by terrorists has underscored the difficulty in securing such networks. “Unlike bomb blasts carried out by terrorists, hacking is a hidden and difficult-to-trace activity. Tampering into others’ computer systems does not leave any tangible trace,” said Sudam Choure, chief coordinator of Pune police’s cyber committee.
“There is nothing like ‘ethical hacking’. People with a criminal intent can easily get trained in ‘ethical hacking’ and use their knowledge for criminal activities,” Choure said.
Oct. 10, 2008 - ONE News
Buyer Beware After TradeMe Crime
New Zealand – Online buyers who think they have bagged themselves electronics at prices too good to be true, could be right.
The team at TradeMe have led police to a Hamilton man they claim used fake identities to sell electronics at a bargain.
The 29-year-old is also accused of hijacking people's wireless internet connections to sell the goods. He is facing 46 charges.
Oct. 10, 2008 - Chua Hian Hou
Facing Down Cyber Threats
Organized crime syndicates are raking in fat profits in cyberspace, and becoming one of the biggest online menaces.
Such professional cyber gangsters are among the quickest to use new technology to, say, hijack and loot online banking or video game accounts. Some are making big bucks renting out hacking tools to aid less skilled parties in causing havoc, say security experts.
Oct. 8, 2008 - Jabulani Leffall
Jury Is Out On Virtualization Security
Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.
Virtualization security appeared to be a doubtful matter for nearly half of respondents in a survey released on Monday by San Francisco-based network security firm nCircle Inc.
Oct. 8, 2008 - A. Ahmed Ali, TNN
Foreigners Gave Hacking Lessons, Says Peerbhoy
The Mumbai crime branch, which is investigating the hacking of Internet Protocol (IP) addresses by suspected IM terrorists, have now got the names of at least three other persons besides Mohammed Mansoor Asgar Peerbhoy, a principal software engineer with Yahoo.
Sources in the Intelligence Bureau (IB), who were the first to interrogate Peerbhoy, said the lecture on hacking which they had attended in Hyderabad had been held in the second week of May 2007.
Oct. 8, 2008 - Robert McMillan
Accused Palin Hacker Has a History of Intrusion
The college student charged with illegally accessing Alaska Governor Sarah Palin's e-mail has been accused of computer intrusion before, although last time he faced only an afternoon detention.
David Kernell allegedly broke into a school server about eight years ago while studying at Eastern Hills Middle School in Harker Heights, Texas, one of his former teachers said Wednesday.
(Click here to read news.) (Related Story)
Oct. 8, 2008 - Kelly Jackson Higgins
Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks
Heightened concern over the growing financial crisis is making banks more vulnerable to targeted social engineering and spear-phishing attacks, researchers said this week.
Penetration testers who work with bank clients say the fragile state of the banking community is making it easier for them to dupe understandably anxious bank employees. Bank employees are overly eager or easily coerced into cooperating with “auditors,” or into clicking on links purportedly from the bank about its own financial welfare.
Oct. 7, 2008 - Ofri Ilani
Israeli Hacker Said Behind Global Ring That Stole Millions
The United States will ask Canada to extradite Israeli computer hacker Ehud Tenenbaum, better known as the "Analyzer," so that he can be indicted as one of the masterminds of a worldwide ring of hackers that allegedly stole millions of dollars.
Prosecutors say that the ring hacked into financial institutions in Russia, Turkey, Holland, Sweden, Germany and other countries.Ten years ago, Tenenbaum became famous for having hacked into the Pentagon's computers.
Oct. 6, 2008 - Adam Stone
Sipera Develops VoIP Spy Program – To Prove a Point
Can someone eavesdrop on your enterprise VoIP calls? Almost certainly. It hasn't been talked about much in the press but the simple fact is, these networks are vulnerable to snooping.
Jason Ostrom is ready to prove it.
As director of Sipera Systems' VIPER (Voice over IP Exploitation Research) Lab, Ostrom has been busy devising ways to sniff out VoIP vulnerabilities. He's just released VIPER's latest offering, UCSniff, a free tool capable of listening in on calls within an enterprise. Lots of calls.
Oct. 4, 2008 - SGGP
Shortage Of Security Experts Leaves Hackers Ruling the Roost
Viet Nam faces a huge shortage of network security experts even as a string of hacking incidents has shown that computer security in the country is seriously flawed.
Vo Do Thang, training manager at a center for network administration and network security, said while there are thousands of banks and brokerages, the number of experienced network security experts remains small.
Oct. 3, 2008 - Elinor Mills
Hack and Tell: Teen Hacker Mafiaboy Writes Memoir
Michael Calce, aka "Mafiaboy," has written a memoir about how he temporarily shut down a handful of major Web sites and led the FBI and Royal Canadian Mounted Police on a manhunt when he was 15.
Due out next week, "Mafiaboy: How I Cracked the Internet and Why It's Still Broken," is a tell-all book and "cautionary tale" about how the teen (now 23) learned to hack from other "online rebels," according to The National Post.
Oct. 3, 2008 - The Canadian Press
Slick Hackers Wormed Their Way Into Alberta's Computers, Report Says
Weak computer security across the Alberta government allowed sophisticated hackers to worm their way into the system, Auditor-General Fred Dunn reported yesterday.
Mr. Dunn says the hackers, possibly criminals from Asia or Eastern Europe, left signs that they had been inside Alberta's computer network.
Oct. 3, 2008 - Tim Wilson
Targeted Attacks, DNS Issues Hit Home in New CSI Report
Enterprises are beginning to feel the heat from two emerging classes of exploits that have emerged over the past year: targeted attacks and DNS vulnerabilities, according to a new study scheduled to be released next week.
The Computer Security Institute is preparing to release its 13th annual Computer Crime and Security Survey, which outlines the attitudes and experiences of more than 500 enterprise security professionals over the course of the last year. The full CSI report will be revealed in a webcast to be held on Oct. 8.
Oct. 3, 2008 - Job Jackson
Beware of Hotel Internet Connections
Jetsetting federal workers should be careful about how they use the Internet connections supplied by hotels, as most are not secured properly, according to a new study from the Cornell University School of Hotel Administration.
"Hotels in the U.S. are generally ill-prepared to protect their guests from network security issues," concluded the study, titled "Hotel Network Security: A Study of Computer Networks in U.S. Hotels."
Oct. 3, 2008 - John E. Dunn
Encrypted Image Backups Open To New Attack
Bitmaps stored inside encrypted backup files could be vulnerable to a sophisticated ‘comparison' attack, a German security researcher has discovered.
In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data 'leaks'.
Oct. 3, 2008 - Gregg Keizer
Researcher Finds Evidence of Massive Site Compromise
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
Oct. 2, 2008 - Brian Grow, Chi-Chu Tschang, Cliff Edwards and Brian Burnsed
Dangerous Fakes - How Counterfeit, Defective Computer Components From China Are Getting Into U.S. Warplanes and Ships
The American military faces a growing threat of potentially fatal equipment failure—and even foreign espionage—because of counterfeit computer components used in warplanes, ships, and communication networks. Fake microchips flow from unruly bazaars in rural China to dubious kitchen-table brokers in the U.S. and into complex weapons. Senior Pentagon officials publicly play down the danger, but government documents, as well as interviews with insiders, suggest possible connections between phony parts and breakdowns.
Oct. 2, 2008 - Elinor Mills
All the News That's Fit To Exploit – Google Trends
Caution: Web sites about the Tampa Bay Rays baseball team and the U.S. vice presidential debate may cause serious harm to your computer.
Cybercriminals who want to steal data and take control of computers are doing so by luring victims to sites with hidden malware. But how do they attract unsuspecting victims?
The answer: Google Trends.
(Click here to read news.) (Related story below)
Oct. 2, 2008 - Dancho Danchev
Cybercriminals Syndicating Google Trends Keywords to Serve Malware
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
Oct. 2, 2008 - Jeremy Kirk, IDG News Service
Gaping Security Hole Found in RFID Chips
Data on radio chips can be cloned and modified without detection, according to a security researcher, raising question marks over the use of so-called e-passports that use RFID chips.
Upwards of 50 countries are rolling out passports with embedded RFID (radio frequency identification) chips containing biometric and personal data. The move is intended to cut down on fraudulent passports and strengthen border screenings, but security experts say the systems have several weaknesses.
Oct. 2, 2008 - Brian Krebs
October Is Cyber Security (Un)Awareness Month
October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed, follow-up inspections found that only half of those users actually had the software installed or running on their PCs.
The data comes from a poll of 3,000 Americans conducted by Zogby International, with security vendor Symantec conducting follow-up manual computer scans on computers belonging to 400 of those surveyed.
Oct. 1, 2008 - Dan Goodin
DoS Attack Reveals (Yet Another) Crack in Net's Core
Security experts say they have discovered a flaw in a core internet protocol that can be exploited to disrupt just about any device with a broadband connection, a finding that could have profound consequences for millions of people who depend on websites, mail servers, and network infrastructure.
The bug in the transmission control protocol (TCP) affords attackers a wealth of new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points on the internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and has the ability to paralyze a server or router even after the flood of malicious data has stopped.
Oct. 1, 2008 - Dave Hodges
Tallahassee Ranks Well in Computer Security
Tallahassee's rank at the bottom of the 100 U.S. cities with the most computer security threats and virus threats means the community is the safest of those analyzed, but experts say that is no reason to relax security.
Advertisement
Software company PCTools officially released Tuesday a list of the most targeted cities from members of its Threatfire community, made up of about 450,000 users of that security software in the United States.
Oct. 1, 2008 - Brian McCartan
Myanmar On the Cyber Offensive
MAE SOT, Thailand - The distributed denial of service attacks, or DDoS, that hit and disabled several exile media websites between September 17 to 19, are widely held to be the latest attempt by Myanmar's military regime to silence its legion of critics.
The cyber-attacks, which flood a website with information requests which block regular traffic and eventually overload and crash it, coincided with the run-up to last year's "Saffron" revolution, in which soldiers opened fire and killed Buddhist monks and anti-government demonstrators.
