December 29, 2005

eBay DDOS Attack Verdict

The Register reports that in the USA an Oregon man has pleaded guilty to launching a DDoS attack against eBay that caused at least $5,000 in damages

Anthony Scott Clark, 21, admitted to working with several other people to take control of 20,000 computers. According to the US Department of Justice, Clark in 2003 exploited vulnerability in to gain access to the computers and knock eBay and other sites offline via DDoS attacks. The US Secret Service's Electronic Crimes Task Force investigated the case and pegged Clark as the culprit.

"The 'bots' were then directed to a password-protected Internet Relay Chat (IRC) server, where they connected, logged in, and waited for instructions," the DoJ said in a statement. "When instructed to do so by Mr. Clark and his accomplices, the 'bots' launched DDOS attacks at computers or computer networks connected to the Internet."

Clark faces a maximum penalty of 10 years in jail and a $250,000 fine for is that there is more to come until the thaw arrives late on Friday.

December 28, 2005

Sand Phishing Strikes Saudi Arabia

I predicted that given the relatively poor attention given to the risks posed by information security and identity theft in the broader Arab world, attacks on Arab banks were inevitable but writing “told you so” holds no joy. Arab News reports that on Sunday, the Samba Financial Group became the target of a “phishing” attack. E-mail directed users of Samba Online banking services to proceed to an “authorization page” where they would be assisted in measures to increase their level of security in regard to Samba’s Internet banking transactions. A link in the e-mail led to the site, www.sambaonlineaccess.com, which had been registered on Sunday specifically for use in the attack. At the site, a registration form requested such details as user name, password and national ID number. The intention of the fraud was to steal financial and personal information from Samba customers.

After being notified of the phishing attack, the Internet Services Unit at KACST blocked the URL. As of yesterday afternoon, however sambaonlineaccess.com was still live and could be accessed by anyone outside of Saudi Arabia. This is of particular concern to Samba customers who may be travelling abroad at this time and while accessing their e-mail might respond to the fraudulent request for information.

December 27, 2005

Turn Yourself in Please

Computing reports that a 20 year-old German man has turned himself over to the police for owning child pornography after an email worm warned that he was being 'investigated'.

The man had received a copy of a mass email that was sent by the Sober Y internet worm.

December 21, 2005

The Bean Connection

The Register reports that hackers have developed a sneaky technique for installing pirated movie files on Windows PCs infected with the lockx.exe rootkit. Doctored copies of BitTorrent are loaded on infected machines and used to download Disney movies or the film version of Mr. Bean.

The motive for the bizarre (and short-lived) attack, linked to a Middle East-based group in control of the network of infected machines - remains unclear. FaceTime Communications, the firm which uncovered the attack, reckons the assault is an experiment which might be applied to far more malign purposes in future.

Online Store Shut Down

Silicon reports that a maker of popular role-playing games was forced to shut down its online store for four days after hackers pilfered email addresses, user names and encrypted passwords.

White Wolf Publishing, creator of video and table-top games such as World of Darkness and Vampire: The Requiem, received a message from an "international group of hackers" on 11 December saying they had penetrated the company's online security defence, said a company spokeswoman.

The hackers threatened to post user data on the web unless the company paid them a sum of money. White Wolf has not publicly disclosed the amount of that sum.

Guidance Hacked

The Register reports that Computer forensics firm Guidance Software has itself become the subject of a hack attack, prompting warnings to its clients in law enforcement and computer security that their financial details may have been exposed.

In a letter sent out last week, Guidance warned its customers that a November attack on its databases might have exposed details of its approximately 3,800 credit cards. Guidance stored customer credit details on an unencrypted database along with card value verification (CVV) numbers, a violation of merchant guidelines issued by both Visa and Mastercard. The names, addresses and telephone numbers of clients were also exposed.

December 19, 2005

Government Services May be Rife with ID Fraud


Silicon reports that the UK government has said it still does not know the full extent of the tax credits ID fraud that has so far resulted in 13,000 benefits staff having their personal details stolen and used to make false claims.

That theft of the personal details of the Department for Work and Pensions (DWP) staff has to date resulted in £15m lost in fraudulent claims and led to the online tax credits service being closed down completely on 2 December ahead of a full criminal investigation.

HM Revenue and Customs (HMRC) executive director David Varney told MPs this latest ID fraud appears to have come from criminals using a list of staff details leaked by an insider at the DWP, which according to BBC News is from DWP payroll records from the 2003-04 financial year.

Arab States Taking Netcrime More Seriously

The Gulf state of Qatar has established a cyber police force to tackle hackers and computer related crime. The Q-Cert team will help the Internet community by building up cyber security expertise in the Gulf as a centre of excellence, said officials.

December 17, 2005

Fighting the Retail Fraudster

Silicon Reports that moves by major banks to shift the cost of fraud back onto customers and merchants appear to have stirred the online retail operators into action, with many now reporting that a crackdown on fraud has seen levels either plateau or dip.

In total, two-thirds of respondents to a recent survey of 160 e-tailers said they had seen no increase in fraud during 2005, with 30 per cent saying levels had fallen and 35 per cent claiming they had remained static.

December 16, 2005

When in Spain

The Register reports that workers across Europe are continuing to place their own companies at risk from information security attacks. This 'threat from within' is undermining the investments organisations make to defend against security threats, according to a study by security firm McAfee.

The survey, conducted by ICM Research, produced evidence of both ignorance and negligence over the use of company IT resources. One in five workers (21 per cent) let family and friends use company laptops and PCs to access the internet, dramatically increasing the chances of infection of the device and potentially the corporate network.

More than half (51 per cent) connect their own devices or gadgets to their work PC and a quarter of these do so every day. Around 60 per cent admit to storing personal content on their work PC. One in ten confessed to downloading content at work they shouldn’t. Spanish workers were the worst offenders at this with just under one in five (18 per cent) admitting to downloading inappropriate content, behaviour that leaves firms at heightened risk to both security attacks and legal sanctions.

December 10, 2005

Hackers Steal Details of Charity Donors

Silicon reports that hackers have stolen the personal details of thousands of donors to a Christian charity website and tried to extort money from the victims. I can confirm this as a donor, from the letter I have in front of me from “Aid to the Church in Need.”

UK charity Aid to the Church in Need admitted today that its online security systems had been breached by hackers.

The charity does not yet know how much money the criminals have stolen but the addresses of more than 2,000 online donors have been compromised and the hackers have used these details to contact the benefactors directly to try and extract more money.

The security breach has prompted the Charity Commission to issue a warning for all charities to be on their guard against internet fraud.

December 07, 2005

November Worst Month Ever

Computing reports that November was the worst month for malware since records began in the mid-1980s, according to antivirus firm Sophos.

The company detected 1,940 new pieces of malware in the past month, and has seen a 48 per cent increase in threats over the year.

The bulk of the new threats are not self-propagating viruses such as worms, but Trojan software that either logs the user's behaviour or allows remote control of their PC.

A report published in November 2005 by Financial Insights, an IDC company, estimated that global financial institutions lost USD400 million in 2004 due to phishing schemes. Phishing is a system whereby scammers send an email, purporting to be from their financial institution, which induces them to reveal their online banking details.

Instead of going for the large financial institutions, cyber criminals are now engaging in what has been dubbed "puddle phishing", where they target a smaller financial institution that may only have a few branches.

Another phishing phenomenon is the "spear phishing" practice, where attackers will target employees in a specific company in an attempt to gain passwords and usernames to access confidential data.

While all of the top ten threats are Windows-based worms, the Register reports the number of Trojan horses written during 2005 outweighs worms by a ratio of two-to-one.

Will Fraud Frighten Net Shoppers @ Christmas

Silicon reports there could be some good news for those of us who dread battling through the crowds to complete their Christmas shopping - the high streets could be a good deal quieter than usual this year.

Instead of swarms of shoppers hitting the shops, more people are buying gifts on the internet.

Paul Lucraft, vice president and of business services for payments firm MasterCard, said: "We are seeing a lot more transactions online. We're anticipating another big increase in online shopping. It's convenience more than anything."

Analyst Deloitte predicts a 50 per cent increase in the use of the internet for Christmas shopping this year. This figure is more than Royal Mail's prediction – it claims the UK will spend £5bn online this December, £1.5bn higher than last year's figure of £3.5bn.

To boost the confidence of online shoppers, MasterCard has introduced a two-factor authentication service called SecureCode – a pop-up box that requires a password to authorise any transactions used with MasterCard. As with an ATM, the transaction can be confirmed in seconds. Visa has a similar system and most card issuers now provide insurance in case someone loses money through online fraud.

December 06, 2005

Fraud Takes Down UK Tax Website

Silicon reports the government has come under fire after it emerged ministers have known for months that criminals were using stolen identities to make £30m of fraudulent online tax credit claims.

HM Revenue and Customs (HMRC) was warned about the flaw over six months ago but only closed the tax credit portal down last week after it discovered criminals had used the identities of 1,500 civil servants at the Department of Work and Pensions (DWP) to make fraudulent claims.

The tax credit website handles around half a million transactions a year and the fraudsters were able to change claim details and redirect the money into their own bank accounts by getting hold of a genuine claimant's name, date of birth and national insurance number.

The police have now been called in and a spokesman for HMRC declined to comment further while the criminal investigation is ongoing - but said the tax credit website will remain down until the review of its security is completed.

December 05, 2005

Israeli Spear-Phishing Problems

CNET reports that some of Israel's most prestigious corporations are now under investigation for possibly stealing information from companies in such assorted fields as military contracting, telephony, cable television, finance, automobile and cigarette importing, journalism and high technology.

While the Israeli victims were diverse, they shared one thing in common: the Trojan horses that penetrated their computers came packaged inside a compact disc or an e-mail message that appeared to be from an institution or a person that the victims thought they knew very well. Once the program was installed, it whirred along surreptitiously, logging keystrokes or collecting sensitive documents and passwords before transmitting the information elsewhere.

1500 DWP Identities Stolen

Silicon reports ,that criminals have stolen the identities of 1,500 Department for Work and Pensions (DWP) staff and used them to make fraudulent claims on the government's tax credits website.

HM Revenue and Customs (HMRC) has been forced to close the tax credit e-portal down while it develops new checks to ensure the system is secure.

The fraud came to light during compliance checks by HMRC and a criminal investigation is now underway into how the 1,500 DWP staff had their identities stolen.

HMRC is also setting up a helpline for any DWP staff who think they might be victims of the tax credit fraud.

December 01, 2005

The IM Nasty Explosion

Silicon reports that the number of worms that targeted instant-messaging services hit 62 in November, up 226 per cent from October and hitting a new record.

Of the worms, 58 were variants of previous pests, and four were new. In the same month, a total of 14 attacks hit peer-to-peer networks, such as eDonkey and Kazaa, according to Akonix Systems, which sells security software and appliances.

Of the worms related to IM services, 36 per cent were tuned to more than one public network and 13 per cent had the capability to spread through all four major IM networks, such as AOL, Microsoft and Yahoo!.