July 29, 2005

Look on the Bright Side - Not!

Hackers Look Outside Windows for Flaws

Security vulnerabilities are on the rise with a 10.8 percent increase in vulnerabilities over last quarter, according to a study from the SANS Institute. There were 422 new vulnerabilities in the second quarter of 2005, compared to the 381 reported in Q1 2005. [via The Register]

Going Deep - Deep Deep!

Cyber-Blackmailers & Adware Threaten

Increases in the number of cyber blackmailers and adware going 'deep' are just some of the highlights in the April-June 2005 Malware report from Alexander Gostev, senior virus analyst, Kaspersky Lab. [via ComputerWeekly.com: ]

Who Me?

p>Growing Concern over Identity Cloning

Protecting consumer identity and preventing data loss and leakage are the new brand protection priorities facing large organisations today as consumers become increasingly concerned over identity cloning, theft and fraud, according to personal records management specialists, PAOGA [via ComputerWeekly.com: ]

July 28, 2005

More e-Sleuthing Skills Required

More e-Crime Training for UK Police

Police get basic high tech training

UK police officers are to receive improved training on how to deal with high-tech criminal evidence, using an elearning portal [via Computing.co.uk]

Getting Personal

Hackers Target Personal Web-hosting Sites

Hackers are exploiting free personal web hosting sites to store and spread malicious code and spyware, internet security experts have warned. [via ComputerWeekly.com]

UK Police & Encryption

Police have told Tony Blair that they need sweeping new powers to counter the terrorist threat, including the right to detain a suspect for up to three months without charge instead of the current 14 days....

They also want to make it a criminal offence for suspects to refuse to cooperate in giving the police full access to computer files by refusing to disclose their encryption keys.


It's certainly possible that password-guessing programs are more successful with three months to guess. But the Regulation of Investigatory Powers (RIP) Act, which went into effect in 2000, already allows the police to jail people who don't surrender encryption keys:


If intercepted communications are encrypted (encoded and made secret), the act will force the individual to surrender the keys (pin numbers which allow users to decipher encoded data), on pain of jail sentences of up to two years.

Spyware Worries

Web Surfers' Sense of Siege

While users know about adware and spyware, many don't grasp the difference, according to a new survey -- and that's a big problem [via BusinessWeek Online ]

July 25, 2005

Hack on Sight Policy Requested

UK Police Chiefs Seek Powers to Attack Terror Web Sites

The Association of Chief Police Officers has asked for new legislation giving the security services "powers to attack identified websites". The proposal, along with one for a new offence covering "use of the internet to prepare, encourage, facilitate acts of terrorism" was part of the terror law 'shopping list' presented by ACPO at the Prime Minister's meeting with law enforcement agencies last Thursday. [via The Register]

The Mobile Opportunity

Banks Warned Over m-Commerce Security Peril

Banks risk exposing customer data to hacking attacks in deploying mobile-phone ATM applications, warns independent security consultancy SecureTest. Up to 20 high street banks in the UK are gearing up to roll-out balance request and mobile phone top-ups using the service, dubbed MobileATM, by the end of the year. [via The Register]

You Can Run and You Can Still Hide

Virus Bounties No Longer Effective

Symantec experts believe that paying bounties to track down and prosecute writers of computer worms no longer works, blaming the shift on the changing hacking landscape. Worms and viruses are increasingly used for identity theft or to create zombie PCs used to launch distributed denial of service attacks or send spam. [via TechNewsWorld]

The McKinnon Moment

Hacker Gary McKinnon Interviewed

This week 'The BBC's Interview' talks to the man described by US prosecutors as "the biggest military computer hack of all time". Briton Gary McKinnon stands accused of breaking and entering into US secret computer systems, causing hundreds of thousands of dollars worth of damage, and effectively immobilising the military district of Washington DC for three days in 2002.

New SANS Survey - Viruses Up

They're Playing Our Virus

These days, digital attacks on PCs are coming disguised as media files or targeting corporate backup systems Despite increasing public and corporate awareness about cybersecurity, the number of computer vulnerabilities in the second quarter of 2005 increased 10.8% compared with the first quarter, according to a new survey from the SANS Institute, which develops data and research on information security. [via BusinessWeek Online -- Technology]

The Great Chinese Takeaway

Chinese Worms Steal Trade Secrets

The People's "Republic" of China is engaged in a war of worms in a bid to nick technology and documents from the US and UK companies and government agencies. According to Forbes magazine, at least one trojan program used to steal files from infected computers has been traced to servers in China, providing further evidence that US companies may be targets.

[via the INQUIRER]

July 20, 2005

Visa Cuts Payment Processor

Computer Weekly reports that Visa has axed payment processor CardSystems Solutions after its network was breached, compromising the data security of 40 million Visa, MasterCard and American Express customers.

When news broke that remote hackers had broken into the processor’s network in June, the main focus was on MasterCard, which went public on the scandal. But most of the accounts affected were in fact Visa customers.

It is believed that personal details of around 200,000 customers were actually stolen.

July 19, 2005

Small Business @ Risk

Over half of small firms have no clear policy for the secure disposal of sensitive information, new research reveals.

A survey by paper shredder manufacturer Fellowes finds that 56% of small businesses do not have a fully documented policy for disposing of key information and 14% have no policy in place at all.

Despite the lack of formal policy, nearly half of firms surveyed believe identity fraud is increasing, while over half feel credit card crime is set to boom.

Online Crime Losses Down, Attacks Up

Average losses from cybercrime declined dramatically in 2004, according to a new report from the FBI.

But Web site incidents, such as denial of service (define) attacks, also rose between 2003 and 2004, as did unauthorized access incidents at Web sites involved in the report.

Crime Down Under

Online fraud costing NAB millions

The National Australia Bank is losing about A$1 million a month to Internet banking fraud, according to a confidential internal document acquired by Australian newspaper Herald Sun BusinessDaily.

According to the newspaper article, the document was issued to senior technology staff as part of a drive to improve online security and stem a "tide of losses".

July 14, 2005

Phlood Warning

Phlooding attack could leave enterprises high and dry

You've got to hand it to the IT security industry for its ability to coin new and impressive sounding terms for security threats. Hot on the hells of WiPhishing and Evil Twins comes the latest buzz word for wireless Lan security: phlooding.

Phlooding involves a "group of simultaneous but geographically distributed attacks that targets a business's authentication or network log-in structure, with the goal of overloading its central authentication server," according to wireless security firm AirMagnet, which coined the term. - The Register

July 12, 2005

Government Grapples with Hackers

Majority of MoD hack attempts come from within...

The UK government's IT infrastructure continues to be a target for hackers, new figures have revealed.

In response to a series of parliamentary questions by Liberal Democrat Paul Burstow, government departments have revealed the level of hacking attempts against them in recent years.

The Ministry of Defence has provided the most detailed answer, revealing that there have been 30 "hacking incidents" this year, compared to 36 last year and 12 in 2003. - Silicon.Com

Too Many Zombies

Personal computers that play unwitting host to "zombie" code are proliferating at a startling pace, according to a new report.

Incidents involving the malicious code, also known as "bot" code, reached 13,000 from April through June, according to a report from antivirus software maker McAfee. That's quadruple the number tracked by the company in the previous three months. McAfee estimated that 63 per cent more machines were exploited by bot programs and by spyware and adware - their slightly less insidious but more common cousins - in the first six months of this year than in the whole of last year. - Silicon.Com

NHTCU Investigates Manchester DoS Attack

Computer crime experts at the National Hi-Tech Crime Unit (NHTCU) have been called in to help investigate an attempted denial of service attack on Greater Manchester Police.

GMP chief constable Michael Todd was bombarded with 2,000 emails per hour at the beginning of May in what is believed to have been an attempt to crash the force's computer systems. - Silicon.Com

ICANN Warns World of Domain Hijacking

A report by the internet's leading security experts has warned the world of the risk of domain name hijacking and told the industry to pull its socks up.

ICANN's Security and Stability Advisory Committee has outlined several famous and recent thefts of websites, including Panix.com, Hushmail.com and HZ.com, and listed where the system went wrong and what can be done to correct the flaws - The Register

July 11, 2005

The Lowest Form of Life

Virus Writer Exploits London Bomb blast

A virus has been spotted in the wild which attempts to exploit concerns surrounding the bomb blasts which rocked London last Thursday and left at least 50 people dead. Warning levels are currently low but that makes the attempt to infect no less tasteless. An email purporting to offer a link to amateur video footage of the events on the London Underground in the aftermath of the bomb blast will install a Trojan on users' machines if they click on the attachment. [via silicon.com]

Instantly Compromised

Instant Messaging Security Attacks Soar

The threat of new instant messaging security attacks to enterprises has rocketed 2,700% in the second quarter of the year, according to instant messaging security researcher IMlogic. [via ComputerWeekly]

Global Chaos = 30 Hour Community Service Order

Sasser Author Let Off Lightly

Considering the tendency for courts to give computer criminals extremely harsh sentences compared to the real damage of their crime, it's a bit surprising to find a German court let Sven Jaschan, the admitted author of a number of successful computer worms, what amounts to a slap on the wrist: a suspended sentence and 30 hours of community service. [via Techdirt]

Domain Disaster

Another Domain Hijacked

A Danger now faced by businesses and the scenario tha was dropped for this year's eCrime Congress. Cafe.com, a LA-based wholesale wireless hotspot provider for establishments like Denny’s and Radisson Hotel chain ran afoul of domain hijackers yesterday. According to an email sent to its subscribers, at approximately 2am Sunday morning, the cafe.com domain name was hijacked by an offshore hacking operation. “This has caused the www.cafe.com website to be redirected to another server (Sedo.com) and has caused erratic login/logout behaviour in our wireless hotspot locations,” the company wrote in its email. No idea if the problem has been fixed or now. [via Om Malik's Broadband Blog]

July 09, 2005

Recently Discovered

Home Internet Users 'Biggest Threat to Business'

As if they have only just noticed?

Unsecured home PCs are accused of providing hackers with a platform for attacking companies and governments.

Poorly protected home PCs now pose the biggest threat to computer networks belonging to businesses and governments, according to cyber crime experts, who say that the increasingly organised nature of hackers and internet fraudsters requires a more organised response.

Times Online

July 08, 2005

More Money = Less Crime?

Fighting e-Crime With Private Sector Funding

How just £1m a year extra would help in the war against high-tech crime

The Metropolitan Police says private sector funding of just £1m per year would allow its Computer Crime Unit (CCU) to double the number of cases it investigates. [via Computing.co.uk]

Adjust Your Online Behaviour Today

Spyware Fears Prompt Changing Net Habits

The threat of spyware and other unwanted software programs is changing the way people use the internet, according to a survey of US net users from the Pew Internet and American Life Project. Nine out of ten internet users quizzed said they'd "adjusted their online behavior" out of fear of falling victim to malware attacks. Pew notes that user fears are often grounded in personal experience. A quarter (25 per cent) of net users have spotted new programs or desktop icons on their PCs that they hadn't installed. One in five internet users (18 per cent) have had their homepage inexplicably changed. Both are common signs of malware infection.

[via The Register]

July 01, 2005

The Rule of Ten

Forgers will crack e-Passports Within a Decade

"All we can do is keep changing," says head of UK Passport Service..

The head of the UK Passport Service (UKPS) claims the biometric technology behind new passports will have to be updated more than once every 10 years in order to keep one step ahead of the criminal gangs who mass produce forgeries. [via silicon.com]

Going Down - Well Maybe

Anti-spam Success Drives Malware Authors Downmarket

Crooks are turning to spyware scams because it's getting harder to make money from spam, according to a leading UK anti-virus expert. "Spam is less effective because of improved anti-spam filters, so crooks are looking at phishing, ID theft, and stealing information on demand to make money[via The Register]

That First Twelve Minutes

According to research from Sophos, there's a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online.

Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year."