Danish Websites Attacked
Almost 1,000 Danish websites have been defaced by Islamic hackers protesting about controversial cartoons mocking the Prophet Muhammad. The attacks typically replace home pages with pro-Islam messages and condemn the publication of the images. Many of the messages that replaced the home pages on hacked sites simply condemned the publication of the cartoons in Danish newspaper Jyllands-Posten on 30 September 2005. Some messages called for boycotts of Danish goods. Other messages warned against mocking Muhammad and some told the Danes to expect a violent response. More than 900 Danish websites have suffered defacement during the wave of attacks, said Mr Preatoni. He added that a further 1600 Western sites have also been attacked and defaced as part of the same protest. Most of the sites targeted were run by small organisations and companies that do not have dedicated security workers and cannot keep up with the latest alerts and patches for vulnerabilities.
French Connection
The Guardian newspaper reports that Russian scammers used key logging Trojans to steal more than a €1m from French people accessing online bank accounts.The Trojans were sent by email but were not activated until people accessed their online bank accounts. Then the Trojan forwarded on user names and passwords to the crooks.The thieves then used the details to transfer funds to third party "mule" accounts. The worst individual loss was €40,000. French police were told in November 2004 and the scam lasted 11 months.Arrests have been made in Moscow and St Petersburg and several "Ukrainian masterminds" have also had their collars felt.
Spyware in Decline
The Register reports that Spyware programs that monitor users' surfing habits remain prevalent, but their frequency is on the decline, according to a recent academic study. Security researchers at the University of Washington used web crawler technology to discover that around one in 20 executable files (5.5 per cent) offered for download on the net during a five month period contained some type of malware, mostly less malign code that generated invasive pop-up ads rather than more dangerous key-logging software.Although the density of scripted attacks dropped between May and October last year, spyware remains a substantial problem, the Washington researchers conclude.
18% of UK Households Affected by Viruses
One in eight people received an offensive e-mail in the last year, government figures have indicated. The Fraud and Technology Crimes survey by the Home Office also found one in 11 had received similar types of messages by text message or voicemail. Men aged 26 to 30 were most likely to be the victims of e-mail harassment, the study found. But women were likely more than men to receive unpleasant messages through mobile phone texts or voicemail. Almost one in ten women (9.9%) received offending messages via phone, compared with 7.6% of men. Computer crimes The Home Office study revealed 6.9% of people with a mobile phone had theirs stolen in the previous year. Carried out in 2002 and 2003, the survey is said to be the first on such a large scale to ask specifically about mobile phone harassment. It drew on the British Crime Survey (BCS) and the Offending, Crime and Justice Survey. It also found just over 18% of households with internet access said their computer had been affected by a computer virus over the past year, while 15% of those questioned admitted downloading pirated software or music from the internet. Just over 2% reported that someone had accessed or hacked into their computer, while 1.9% said they had visited a website on how to commit a crime. The survey also found just under 1% of those aged 10 to 65 confessed they had knowingly sent a computer virus in the same period. The Fraud and Technology Crimes survey by the Home Office also found one in 11 had received similar types of messages by text message or voicemail. Men aged 26 to 30 were most likely to be the victims of e-mail harassment, the study found. But women were likely more than men to receive unpleasant messages through mobile phone texts or voicemail. Almost one in ten women (9.9%) received offending messages via phone, compared with 7.6% of men. Computer crimes The Home Office study revealed 6.9% of people with a mobile phone had theirs stolen in the previous year. Carried out in 2002 and 2003, the survey is said to be the first on such a large scale to ask specifically about mobile phone harassment. It drew on the British Crime Survey (BCS) and the Offending, Crime and Justice Survey. It also found just over 18% of households with internet access said their computer had been affected by a computer virus over the past year, while 15% of those questioned admitted downloading pirated software or music from the internet. Just over 2% reported that someone had accessed or hacked into their computer, while 1.9% said they had visited a website on how to commit a crime. The survey also found just under 1% of those aged 10 to 65 confessed they had knowingly sent a computer virus in the same period.
Streaming Live on eCrime
Listen to Simon Moores talk on the subject of eCrime and the eCrime Congress on the “My Technology Lawyer Show” in the United States. Available as a streamed RealPlayer file.
Peddling Exploit Code
Silicon reports that competing hacker groups in Russia were peddling the exploit code responsible for the Windows Meta File (WMF) attacks last December for $4,000, according to security company Kaspersky Labs.According to a Kaspersky quarterly report released this week: "One of the purchasers of the exploit is involved in the criminal adware/spyware business. It seems likely that this was how the exploit became public."Security companies have lamented the practice by some web advertisers of paying others to distribute their software. Some of the more unscrupulous among them are in the business of distributing exploits that facilitate the spread of adware without the knowledge of computer users.
ID Fraud Figures 'Inflated'
The Times reports that the Government was accused yesterday of playing on people’s fears by producing hugely inflated figures on the cost of identity fraud. In a report published yesterday, the Home Office said that the annual cost of ID fraud had reached £1.7 billion. However, this figure was undermined by Apacs, the group that represents payment organisations such as banks and credit firms, which said that the cost had been grossly overestimated and that its own figures had been misrepresented. Ministers included in their total the figure of £395 million as the annual cost of money laundering alone. But the Home Office admits that this figure is only “for illustrative purposes” and that “no figures are currently available on the proportion of money laundering that relies on identity fraud”. Furthermore, the Government claims that Apacs puts the cost of ID fraud linked to plastic cards at £504 million a year. But a spokeswoman for Apacs said that the real figure was less than £37 million. “The £504 million is the total losses for plastic cards. It is not just identity fraud on cards,” she said. “Within that overall figure there will be some cards stolen in the post, some skimmed or cloned, some lost or stolen.” Asked why the Home Office used the larger sum, she said: “I just think they think it is a good story to scare people with.”
Tell it to Them Ed..
Silicon reports that Microsoft UK's chief security advisor, Ed Gibson, has attacked the government over what he claims is a lack of effective reporting channels for internet-related crime.Speaking at the launch of a CBI report into online security for small and medium-sized businesses, Gibson said that while creating documents was all well and good, very few companies had any real notion of who they should report an electronic attack to.He said: "I bet if I asked anyone in this room, 'Who would you report an electronic crime to in the police?', no one would know. We are ignorant of the size of the problem. There is a real lack of meaningful statistics."Rejecting the offer of a microphone and choosing instead to stride up and down between the panel of experts and the audience of IT and business professionals, Gibson claimed that the government was not doing enough to facilitate the timely reporting of cyber crime.Gibson said the decision to roll the National Hi-Tech Crime Unit (NHTCU) into a new larger agency, The Serious Organised Crime Agency (Soca), in April 2006 would actually make it harder for businesses to work out to whom they should report an electronic crime. Gibson also attacked the amount of funding the NHTCU has received since its creation in 2001, claiming it has declined annually.The CBI report, called Securing Business Value Online, is specifically aimed at small to medium-sized companies.
Measures To Toughen Cyber-crime Laws Supported
eGov monitor reports that the government has given its full support to Tom Harris MP’s measures to get tough on cyber-crime. The proposals contained within Tom Harris MP’s Private Member’s Bill to amend the 1990 Computer Misuse Act (CMA) have now been included in the government’s Police and Justice Bill.Specifically, these measures will broaden the definition of the section 3 offence to clarify that all means of interference with a computer system are criminalised and ensuring that adequate provision is made to criminalise all forms of denial-of-service attacks. The Police and Justice Bill will also increase the penalty for CMA section 1 (hacking) offences from six months to five years and will increase the penalty for CMA section 3 offences from 5 years to 10 years. The Bill will also add a new offence relating to supplying articles (e.g. hacking tools) for committing CMA offences.
Beware of Chatroom Blondes
Beware of chatroom blonde, she's a fraud, the Telegraph reports.If you find yourself on the brink of a steamy cyber-relationship with a woman who looks like a model, talks only about herself and is strangely secretive about her job there are only two explanations.Either you've found yourself a genuine Page 3 girl desperate for a relationship with a slightly overweight, socially inept man, or you are about to become the latest victim of a very 21st-century honey trap.The odds are not in your favour. Fraud experts say criminals increasingly use online dating services, posing as young attractive women to rip off gullible men.Once they have the victim's trust - and for some men that can take only a few minutes - they ask for money, either for travel expenses or because they have just been robbed.
Minister 'Misled' MPs over £15m Fraud
The Telegraph reports that Dawn Primarolo, the Paymaster General was accused this week of "seriously misleading" MPs over a huge organised fraud involving tax credits.At least £15 million in false claims has been diverted into bank accounts by criminals using the stolen identities of thousands of benefit office workers and rail staff.Shortly after the discovery, the system of application via the internet was closed down and a criminal investigation was launched.But the Paymaster General, was attacked by the Liberal Democrats after telling the Commons Treasury sub-committee yesterday that she did not know about the fraud until the end of November.
Spware Suspects Deported to ISrael
The Register reports that Spyware-for-hire suspects Michael and Ruth Haephrati arrived in Israel on Monday to face industrial espionage charges following their extradition from Britain. The couple, alleged masterminds behind a spyware-linked industrial espionage program, face trial in their native Israel after dropping an appeal against deportation.
Phishing Attacks Hit New Levels
ITP reports that In its latest Phishing Activity Trends Report released this month, the Anti-Phishing Working Group (APWG) said that after steadily swelling throughout the year, the number of unique e-mail-based fraud attacks detected in November 2005 peaked higher than ever at 16,882 — almost double the 8,975 attacks that were launched in November 2004. With global e-commerce and banking institutions most regularly spoofed, the number of well-known brands targeted increased by nearly 50% over the course of last year — from 64% through January rising to an overwhelming 93% in November.Two waves of phishing attacks hit a number of leading banks in the UAE around July and October last year, with some experts warning that the problem targeting Middle East financial institutions had become “endemic”. At the time, the National Bank of Abu Dhabi (NBAD) said that phishers had sent e-mails to its customers, claiming to be from the bank, which linked to a fake website similar to that of the bank’s own.
