Not If Just When

Told you so… I predicted the inevitability of this scam two years ago and it’s only a matter of time before it reaches the UK.

Email fraudsters are taking advantage of lax government security around a US government website to run a scam designed to trick US taxpayers into handing over sensitive personal information.

A phishing email which pose as notification of a refund from the US's Internal Revenue Service (IRS) takes advantage of security configuration weaknesses on a secondary website run by the Department of Labor, according to security firm Sophos. It warns that these emails redirect surfers to a bogus website with users fooled into thinking they remain on a legitimate US government site. –The Register.

Beating the Bank Robbers

Silicon reports that thanks to the introduction of CCTV, sophisticated alarm systems and forensic methods, bank robbers have changed tactics - the risk of getting caught for forced entry is just too high.

Businessmen use technology to make their businesses more efficient - it would be foolish to assume criminals don't use it in a similar way. They can then glean the information they can't get digitally by paying off poorly-paid staff..

According to the Financial Services Authority, criminal gangs are now placing shady people in banks. These 'employees' observe the bank's security systems and then report bank on the weaknesses to their leaders.

More Money than Drugs

Global cybercrime turned over more money than drug trafficking last year, according to a US Treasury advisor reported in The Register

Valerie McNiven, an advisor to the US government on cybercrime, claimed that corporate espionage, child pornography, stock manipulation, phishing fraud and copyright offences cause more financial harm than the trade in illegal narcotics such as heroin and cocaine.

"Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105bn," McNiven told Reuters. "Cybercrime is moving at such a high speed that law enforcement cannot catch up with it."

Online Fraud Set to Soar

The Sunday Times reports that Internet experts are predicting a surge in online fraud over the festive season as record numbers of shoppers are expected to turn to the internet in search of Christmas bargains.

IMRG, the internet retail monitoring group, estimates that UK shoppers will spend £5 billion on 24 million online purchases over the Christmas period. The sheer volume of online spending has prompted criminal gangs to venture on to the internet in search of rich pickings from shoppers who fail to take the necessary security precautions with their card purchases.

Online fraud now accounts for more than half the overall losses to card-not-present fraud, which rose to £90.6 million in the first half of this year, up 29 per cent on the previous year.

Identity Fraud @ Work is Rife

The Register reports that dishonesty and fraud are widespread in the UK, with nearly half of people quizzed in a survey admitting to forgery and one in ten to low level identity fraud. A quarter of 1,000 Britons polled in a survey by document and identity verification firm TSSI confessed to exaggerating their educational qualifications to gain employment.

ET May be a Hacker

According to the Guardian newspaper a scientific report reveals that planet Earth's computers are wide open to a virus attack from Little Green Men.

The concern is raised in the next issue of the journal Acta Astronautica by Richard Carrigan, a particle physicist at the US Fermi National Accelerator Laboratory in Illinois. He believes scientists searching the heavens for signals from extra-terrestrial civilisations are putting Earth's security at risk, by distributing the jumble of signals they receive to computers all over the world.

Cyberterrorism Distracts from NetCrime Risks

Security expert Bruce Schneier has warned that talk of cyber terrorism could have a damaging effect on levels of IT security.

He is concerned that resources are being diverted away from the fight against cyber crime as governments focus on cyber terrorism.

He said: "We should not ignore criminals and I think we're under-spending on crime. If you look at ID theft and extortion - it still goes on. Criminals are after money."

He said: "There is definitely a marketplace for vulnerabilities, exploits and old computers. It's a bad development but there are definitely conduits between hackers and criminals."

China Syndrome

Silicon reports that security experts have revealed tantalising details about a group of Chinese hackers who are suspected of launching intelligence gathering attacks against the US government.

The hackers, who are believed to be based in the Chinese province of Guangdong, are thought to have stolen US military secrets, including aviation specifications and flight-planning software.

The team is thought to consist of 20 hackers It is claimed the Chinese government was the most likely recipient of the information they intercepted.

The US government has coined the term 'Titan Rain' to describe the hackers.

Soft Target - Cyberterrorism

CNET reports that foreign governments are the primary threat to the UK.'s critical national infrastructure because of their hunger for information, a British government agency said.

The National Infrastructure Security Co-ordination Centre said on Tuesday that the most significant electronic threats are content-based, targeted, Trojan horse e-mail attacks from the Far East.

"Foreign states are probing the CNI for information," said Roger Cummings, the director of NISCC, speaking at SANS Institute's launch of its Top 20 Critical Internet Vulnerability Listing in London.

The agency is in charge of defending the UK's critical national infrastructure, which is made up of financial institutions; key transport, telecom and energy networks; and government organizations.

NISCC is working with its equivalents in the countries concerned to try to shut the attacks down, Cummings said. The agency cannot name the countries concerned as this may "ruin diplomatic efforts to halt the attacks," he added.

It's From the FBI

The Register reports that the latest variants of the prolific Sober worm series are posing as messages from either FBI or CIA investigators in an attempt to dupe Windows users into opening infectious attachments. The trick was last used in February.

On Tuesday afternoon, variants of the worm had accounted for over 35 per cent of all viruses reported to UK-based security firm Sophos, making it the most prevalent virus currently spreading across the world. The FBI is so concerned about the messages that it has issued a warning on its website. The FBI has urged users who receive the viral emails to report them to the Internet Crime Complaint Centre (ic3.gov).

The SANS "Top 20" - 2005

This year’s SANS “Top 20 Security Vulnerabilities” holds no great surprises but in 2005 there is a “marked deviation from the previous Top-20 lists.” In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products.

The change, says SANS, reflects the dynamic nature of the evolving threat landscape. Unlike the previous Top-20 lists, this list is not "cumulative" in nature. We have only listed critical vulnerabilities from the past year and a half or so. If you have not patched your systems for a length of time, it is highly recommended that you first patch the vulnerabilities listed in the Top-20 2004 list

The Great Nigerian Put-away

Silicon reports that two of the perpetrators of the largest ever fraud in Nigerian history have been jailed for a total of 37 years.

According to Reuters, Emmanuel Nwude was sentenced to 25 years and Nzeribe Okoli to 12 years for their part in a scam which brought down Brazilian bank Banco Noroeste.

The two men agreed to forfeit assets worth $121.5m to victims of the scam.

The Nigerian government has recently grown aware of the full extent to which it has become synonymous with fraud and has begun working with Microsoft and the UK Office of Fair Trading to combat the problem.

BitTorrent Breaches

Silicon reports that security sleuths at FaceTime Communications say they have linked a group of hackers operating in the Middle East to a worm that began spreading last month via AOL's Instant Messenger service.

Experts at FaceTime's security unit reported on Thursday that the hacker group has seized control of at least 17,000 computers across the globe. The hackers have the capability to pilfer personal information from a computer's hard drive or remotely commandeer a PC to help launch attacks against companies or networks.

Six More Shadowcrew Plead Guilty

The Register reports that a further six people linked to the trade in stolen personal information and credit card details via the notorious Shadowcrew web site pleaded guilty on Thursday. The six are among 28 people charged last year following an undercover investigation, codenamed Operation Firewall, mounted by the US Secret Service against Shadowcrew.com, a members-only underground web site that became an online marketplace for credit card fraudsters and counterfeit identification document forgers

The End of Rootkits

Microsoft’s Bob Muglia has made public the company’s plans to secure 64-bit versions of Windows from dangerous malware such as rootkits.

According to remarks attributed the senior vice president of the Windows server group, Microsoft had put in place a “patch guard” on the Windows kernel, which would make it impossible to append code to the core of the OS while it was running.

Such a design would stop software such as rootkits from hitching into kernel software processes as a means to make themselves appear legitimate.

Keyloggers Set New Record

Newsfactor reports that keylogging malware is on the way to setting a record in 2005, with 6,191 keyloggers unleashed, according to a study released this week by VeriSign iDefense. The number represents a 65 percent increase from the 3,753 keyloggers documented in 2004 and an astronomical increase over the 300 attacks recorded in 2000.

As with most malware, keyloggers are stealthily deployed, silently installed programs that can record every keystroke on infected systems and send the information back to hackers. The spyware is the preferred tool of criminal Internet groups. These cybercrime syndicates package the keystroke programs in phishing e-mail or spyware applications that are able to elude antivirus software and firewalls.

Once a keylogging program is in place, thieves receive strings of text entered while the computer user is online, such as addresses, account numbers, usernames, and passwords. Using their ill-gotten information, hackers have been able to steal a great deal of money from those targeted.

While the study found that only 16 percent of victims were required to pay for some of the fraudulent charges -- which averaged $4,000 per victim -- the greatest cost was in time. According to the study, victims spent an average of 81 hours trying to rectify the problem.

Small Bots are Best Bots

Silicon.Com reports that over the past two years, the average network of bots, or compromised PCs commandeered by remote attackers, has dropped from more than 100,000 to an average of 20,000.

Apparently, the move to pint-size botnets helps malicious attackers have more success in delaying detection of their illicit zombie networks.

An increase in the numbers of hackers hoping to put together networks has made the task of securing zombie computers more competitive, so it is harder for the "bot herder" to amass a larger number of drone computers.

Also, according to Message Labs, home users with high-bandwidth connections, the primary targets of hackers, are taking more steps to secure their computers.

One Weasel Less

The Daily Telegraph reports that a computer obsessive nicknamed Weaselboy was jailed for six years yesterday for an elaborate internet scam that earned him more than £1.5 million.

23 year old, Peter Francis-Macrae boasted that he could bring the country's economy to its knees by crashing computer systems.

He also threatened to kill police and trading standards officers when they began investigating the online rackets he had run for five years and which, at times, brought in £200,000 a week.

At Peterborough Crown Court yesterday he was jailed after being found guilty of two charges of fraudulent trading, two of threatening to kill, one of blackmail, one of money laundering and one of criminal damage.

The jury had heard that, since the age of 18, Francis-Macrae had tricked thousands in e-mail and other internet scams, operating Ultra Technologies Ltd from his bedroom in a modest, terrace house.

Home Office Guidelines for ISPs on Child Protection

The Register reports that The Home Office has announced new guidelines for ISPs to help protect kids from the dark side of the internet. The main points suggest that providers should:

• Offer users a way of reporting material that is illegal or potentially harmful to children


• Offer content filtering on search engines


• Manually review and approve websites included in search services aimed at children


• Consider whether they need human or automatic moderation for chatrooms


• Ensure where necessary staff who come into contact with children have had relevant Criminal Records Bureau checks

Home Office minister Paul Goggins - who is chair of the government's Taskforce on Child Protection on the Internet - proclaimed: "Countries across the EU and around the world are committed to making the internet safe for children and cracking down on paedophiles' use of the internet. I want to make sure that by working across international boundaries and involving the internet industry, we keep children safe from abuse in the UK and the rest of the world.

Mafia Gangs Infiltrate Banks Warning

The Times newspaper reports that gangs of organised criminals have infiltrated Britain’s leading banks to commit fraud, the City’s most senior financial regulator cautioned yesterday.

Callum McCarthy, the chairman of the Financial Services Authority, said that criminals were getting jobs in the financial services industry to gain knowledge and sidestep anti-fraud systems.

Should Business Outlaw Skype?

A special Silicon report asks whether business should ban the Skype (VoIP) telephony software and identifies several reasons why they might.

These reasons include Skype's ability to bypass corporate firewalls; basic technical vulnerabilities which leave it open to hacker attacks despite encrypting communications; and the burden of tracking and storing all user communications with the software

New Get Rich Quick Scams Appear

The Register reports that the incidence of email "get rich quick" scams more than doubled (albeit from a low base) last month, according to email security firm Clearswift. It warns surfers to disregard spurious "work from home opportunities" received via junk mail which are normally designed to lure naive users into criminal enterprises. After accounting for 0.5 per cent of spam emails in September these work at home scams made up 1.2 per cent of junk emails caught in a Clearswift's sieve last month.

These so-called opportunities typically come in two flavours. The first involves accepting delivery of goods paid for with a stolen credit card, then forwarding them further along the chain, and the second is a simple money-laundering role where the "worker" acts as a laundering mule.

As "get rich quick" scams have increased in prevalence other categories, including phishing fraud and pornographic junk mail, have taken a nose-dive, according to Clearswift's latest monthly spam index. Phishing - where crooks set up a fake banking websites in order to gather credit card details of gullible users - has suffered a decline, now accounting for only 0.4 per cent of all unsolicited mail. Clearswift reckons greater awareness of the existence of phishing scams has contributed to their decline.

A 419 Fraud Story

The Guardian explores the shady world of the Nigerian ‘419’ advance fee fraud

Patient as fishermen, the young men toil day and night, trawling for replies to the emails they shoot to strangers half a world away. Most recipients hit delete, delete, delete, without ever opening the messages that urge them to claim the untold riches of a long-lost deceased second cousin, or offer millions of dollars to help smuggle loot stolen by a corrupt Nigerian official.

But the few who actually reply make this a tempting and lucrative business for the boys of Festac, a suburb of Lagos in Nigeria at the center of the cyber-scam universe. The targets are called maghas - slang from a Yoruba word meaning fool.

Viruses and Worms Top Security Threats

Computer Weekly reports that more than two-thirds of company executives believe reliable network security is the single most critical factor in successful implementation of converged IP networks.

More than 60% of those surveyed by the Economist Intelligence Unit, reported that processing customer data online exposed their businesses to electronic security breaches, more than any other type of vulnerability. But 62% nevertheless expected to implement IP networks across all or most of their businesses within three years.

The survey found that 89% of respondents feared viruses and worms as the top electronic security threat. But company executives expected the threat from hackers and industrial espionage to grow over the same time frame.

Card Fraud Increasingly an Internet Crime

Credit-card fraudsters are increasingly turning to the internet now that the "chip and pin" system has closed other money-making opportunities.

"Card-not-present" fraud has grown by 29% in a year, says the Association for Payment Clearing Services (Apacs). Online banking fraud has also risen sharply. Apacs is promoting a consumer awareness campaign to inform people of safety precautions they can take when shopping online.

Overall, card fraud losses have fallen. For the six months to June 30 they totalled £219m - down 13% on the £253m of losses recorded during the same period last year.

The Guardian reports that many fraudsters now appear to have shifted their attention to the internet. Card-not-present fraud amounted to £90.6m in the first six months of this year, up from £70.2m during the same period in 2004. Internet card fraud made up the lion's share (£58m) of this.

Meanwhile, online banking fraud - involving "phishing" and other scams more than trebled to £14.5m in the first six months of this year.

Bot Net Charges

The Register reports that in what prosecutors have labeled the first case of its kind in the nation, a federal grand jury charged Jeanson James Ancheta with seventeen counts of conspiracy and computer crime stemming from his alleged profitable use of bot nets.

The arrest comes as authorities are turning up the heat on bot herders, the name for people that control millions of compromised computers worldwide. In October, Dutch authorities arrested three men in the Netherlands who allegedly controlled a network of more than 1.5 million compromised computers. In August, the FBI and Microsoft helped authorities in Turkey and Morocco track down two men suspected of creating and spreading the Zotob worm--a program that consisted of bot software modified to exploit a flaw in Windows 2000.

Computer Misuse Acts Proves Useless Against DOS Attacks

A teenager has been cleared of launching a denial-of-service (DoS) attack against his former employer, in a ruling that delivers another blow to the UK’s Computer Misuse Act.

Judge Kenneth Grant ruled that the youth, who can't be named for legal reasons, had not broken the CMA, under which he was charged. He was accused of sending five million emails to his ex-employer, causing the firm's email server to crash.

The CMA, make illegal the 'unauthorised access' and 'unauthorised modification' of computer material. Section 3, concerns unauthorised data modification and tampering with systems.

Judge Grant told the court that "the computer world has considerably changed since the 1990 Act", and that there was little legal precedent to refer back to. He then ruled that DoS attacks were not illegal under the CMA.

IM Threats Soar

Silicon reports that the number of threats targeting instant messaging (IM) is soaring, with one vendor reporting its own data shows a 1,500 per cent increase in threats year-on-year.

IMLogic's Threat Center reported the huge increase in threats occurring between October 2004 and October 2005. An unlucky 13 companies on the Fortune 50 have been hit with an IM-related security incident in the past six months

The research revealed that all threats exploited some form of social engineering in order to launch, such as tempting users with an enticement to click on a link or attachment, suggesting it is still with the power of the users who employ common sense to protect themselves

CMA Tested in Court Over DOS Attack

Silicon reports a teenager will appear in court this week accused of unleashing an "email bomb" on his former employer, in what will be a test case for the Computer Misuse Act (CMA).

Police accuse the youth, who cannot be named for legal reasons, of sending five million emails to the company he used to work for. This amount of email could cause an email server to crash — and is hence classed as a form of denial-of-service (DoS) attack.

This case will prove to be a test of the effectiveness of the CMA as no-one has yet been successfully convicted under the Act of launching a DoS attack. According to those familiar with the case, the defence will argue that a launching a DoS attack is not illegal under the CMA.

At present, the CMA does not specifically include a denial of service attack as a criminal offence — something some MPs want changed. The Act currently explicitly outlaws "unauthorised access" and "unauthorised modification" of computer material, but DoS attacks sit in a legal grey area.

Man Jailed for eBay Phishing Fraud

Silicon reports that a British man ha been  jailed for four years for masterminding an eBay auction swindle which stole computer account details from users and assumed their identities.

David Levi led six others in a gang which scooped almost $355,000 through a phishing fraud - the practice of stealing goods after tricking computer users into revealing their personal details.