Friday, August 28, 2009

UK: e-Crime Victims Confused on Where to Go for Help


E-crime victims in the UK are confused as to where they should report such crimes.

According to a report by the Association of Chief Police Officers (Acpo), the UK lacks a central reporting point for online crime, leaving victims "often uncertain about how, and to whom, they should report an e-crime incident". The report suggests creating regional e-crime hubs to deal with the problem.

More here.

Bill Would Give U.S. President Emergency Control of Internet

Declan McCullagh writes on C|Net News:

Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.

They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."

More here.

Florida Man in Credit Card Data Thefts Accepts Plea

Albert Gonzales

An AP newswire article by Tamara Lush, via, reports that:

A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed Friday to plead guilty and serve up to 25 years in federal prison for his crimes.

Albert Gonzalez of Miami was charged with conspiracy, wire fraud and aggravated identity theft charges in federal courts in New York and Boston. Court documents filed in federal court in Boston indicate the 28-year-old Gonzalez agreed to plead guilty to 19 counts and combine the two cases in federal court in Massachusetts.

Additional charges against Gonzalez are still pending in New Jersey, but they are not currently part of the plea deal.

The Miami man is accused of swiping the credit and debit card numbers of more than 170 million accounts; officials said Gonzalez was the ringleader of a group that targeted large companies such as T.J. Maxx, Barnes and Noble, Sports Authority and OfficeMax, among others.

More here.

Thursday, August 27, 2009

U.S. Gov't Tightens Oversight of Laptop Border Searches

An AP newswire article by Eileen Sullivan, via, reports that:

The Obama administration on Thursday put new restrictions on searches of laptops at U.S. borders to address concerns that federal agents have been rummaging through travelers' personal information.

The long-criticized practice of searching travelers' electronic devices will continue, but a supervisor now would need to approve holding a device for more than five days. Any copies of information taken from travelers' machines would be destroyed within days if there were no legal reason to hold the information.

Given all the personal details that people store on digital devices, border searches of laptops and other gadgets can give law enforcement officials far more revealing pictures of travelers than suitcase inspections might yield. That has set off alarms among civil liberties groups and travelers' advocates who say the government has crossed a line by examing electronic contact lists and confidential e-mail messages, trade secrets and proprietary business files, financial and medical records and other deeply private information.

In some cases, travelers suspected that border agents were copying their files after taking their laptops and cell phones away for time periods ranging from a few minutes to a few weeks or longer.

More here.

Wednesday, August 26, 2009

Mark Fiore: Dogboy and Mr. Dan

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Tuesday, August 25, 2009

In Passing: Edward 'Ted' Kennedy

Edward "Ted" Kennedy
February 22, 1932 – August 25, 2009

DHS Official: Agencies Must Make High-Risk Cyber Threats Top Priority

Jill R. Aitoro writes on NextGov:

Federal agencies should prioritize their information security requirements to ensure mission-critical operations are protected first, and delineate between "that which is aggravating and that which is truly dangerous," the Homeland Security Department's cyber chief Greg Schaffer said during a conference on Tuesday.

Cyberattacks are growing far more sophisticated, in part because they're more difficult to detect, said Schaffer, who was appointed assistant secretary of DHS' Office of Cybersecurity and Communications in June. Schaffer and Dave DeWalt, chief executive officer of security vendor McAfee, spoke Tuesday morning at the GFirst conference in Atlanta hosted by the department's U.S. Computer Emergency Readiness Team.

"The more sophisticated attacks ...are low and slow, designed to not draw attention, but insidiously get at data and resources," Schaffer said "Yet at the same time, the level of noise from less sophisticated attacks continues to grow. This makes for an environment where it is easy to focus on the wrong pieces of the puzzle while bad things happen under the radar. We need to be vigilant and focused."

More here.

Botnet Traffic Bounds Back 90% Within 48 Hours of ISP Shutdown

Casey Johnston writes on ARS Technica:

A common way of combating spam traffic is to shut down the service provider through which the traffic is being processed. With a new variety of botnets, though, this method is becoming increasingly ineffective. The August report from Message Labs indicates that the shutdown of a Latvian ISP, while initially effective, ultimately did little to quell the malicious activity of one botnet, whose traffic recovered in a matter of days.

Cutwail is one of the largest botnets running amuck on the Internet, and is estimated to be behind 15-20 percent of all spam, including malicious websites, phishing websites, and fake antivirus products. Message Labs noted that Cutwail was conducting a large portion of its dubious business through Real Host, an ISP based in Riga, Latvia. Real Host was allegedly involved with "command-and-control" servers allowing large-scale botnet infection.

Because Real Host was supporting such a large amount of suspicious traffic, it was disconnected by its upstream providers on August 1, 2009. As a result, spam volumes dropped by 38 percent across the board within 48 hours, and Cutwail's activity fell by as much as 90 percent during that time. A win for the good guys, or so it seemed.

After the 48-hour mark, Cutwail's activity levels has rebounded significantly, nearly to those of its Real Host heyday. This recovery indicates that botnets are increasingly able to continue their operations almost undisturbed, despite the lack of a colluding ISP.

More here.

'The Analyzer' Pleads Guilty in $10 Million Bank-Hacking Case

Kim Zetter writes on Threat Level:

Ehud Tenenbaum, aka “The Analyzer,” quietly pleaded guilty in New York last week to a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.

The Israeli hacker was arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks. But before Canadian authorities could prosecute him, U.S. officials filed an extradition request to bring him to the States.

Prosecutors alleged in an extradition affidavit that Tenenbaum hacked into two U.S. banks, a credit- and debit-card distribution company and a payment processor, in what they called a global “cash-out” conspiracy. But he was only charged with one count of conspiracy to commit access-device fraud and one count of access-device fraud.

Tenenbaum is set to be sentenced Nov. 19, and he faces a maximum of 15 years in prison. Prosecutors declined to comment on the case or describe the details of his plea agreement. The second count in the indictment, charging conspiracy, appears to have been dropped.

More here.

U.S. Officials Warned About Fake DHS Intel e-Mails

An AP newswire article by Eileen Sullivan, via, reports that:

Some e-mails purporting to be from the Homeland Security Department's intelligence division were fake and contained malicious software.

The e-mails actually originated from Internet addresses in Latvia and Russia, according to a three-page alert from the Homeland Security Department's counterintelligence unit. The document was obtained by The Associated Press.

These fake e-mails were sent to officials in the Defense Department and to state and local officials since June. The spyware appears to be criminal, according to the alert. But counterintelligence officials "cannot discount that targeting of DHS partners and DoD personnel may be for other purposes."

The e-mails were made to look as if they had actual text from a department intelligence assessment. They included links embedded with spyware known for stealing banking data and protected passwords.

More here.

Monday, August 24, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Monday, Aug. 24, 2009, at least 4,335 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,466 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is two fewer than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

As of Monday, Aug. 24, 2009, at least 721 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Monday at 10 a.m. EDT.

Of those, the military reports 546 were killed by hostile action.

More here and here.

Honor the Fallen.

Credit, Debit Card Industry at Odds Over Security

A Reuters newswire article by Ross Kerber, via MSNBC, reports that:

Fresh details of large-scale cyber attacks against data processor Heartland Payment Systems and supermarket chain Hannaford Brothers show the challenges facing the efforts of the United States credit-card industry to upgrade security measures.

While both companies say their computer networks met the tough new standards meant to prevent data breaches, Visa said Heartland at least may have let its guard down.

The positions reflect broader disagreements in the industry, as squabbling between merchants and financial firms over technology and the cost of systems upgrades continues to impede progress, said Robert Vamosi, an analyst for California consulting firm Javelin Strategy & Research.

"They both need to fight fraud and they are fighting each other," he said.

The financial stakes are getting higher. Fraud involving credit and debit cards reached $22 billion last year, up from $19 billion in 2007, according to Javelin.

More here.

Eastern European Cyber Criminals Target U.S. Businesses

Brian Krebs writes in The Washington Post:

Organized cyber gangs in Eastern Europe are increasingly preying on small and mid-sized companies in the United States, setting off a multi-million dollar online crime wave that has begun to worry the nation's largest financial institutions.

A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to put in place many of the precautions now used to detect consumer bank and credit card fraud.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," reads the confidential alert sent to members of the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector.

The group is operated and funded by such financial heavyweights as American Express, Bank of America, Citigroup, Fannie Mae and Morgan Stanley.

Because the targets tend to be smaller, the attacks have attracted little of the notoriety that has followed larger-scale breaches at big retailers and government agencies. But the industry group said some companies have suffered hundreds of thousands of dollars or more in losses.

More here.

Cyber-Thieves Linked to Citibank ATM Breach

Joe Menn writes in The Financial Times:

The hacking ring allegedly at the centre of the largest-ever identity theft breach last week was also involved in cracking a network of Citibank-branded ATMs that were located in 7-Eleven stores and operated by a third company, a law enforcement source claimed.

While hacking credit card data is common, successful attacks on ATM systems are much rarer and cause for greater concern because of the direct access they offer to large sums of money. Banks have said very little about their losses to cyber-thieves, but federal authorities say the figures have been growing rapidly.

In the case of the Citibank-branded ATMs, the perpetrators penetrated a network linking 2,200 kiosks inside 7-Eleven stores from late 2007 through to at least February 2008, the law enforcement sources said.

The ATMs displayed Citibank's logo. The network and the machines were owned by Texas-based CardTronics, which took in monthly fees from Citi.

According to documents from the earlier case, a group connected to the current allegations lifted card and PIN codes from the system, and their allies manufactured new cards that were used to get about $2m in cash from Citibank ATMs elsewhere. An FBI affidavit said Yuriy Ryabinin of Brooklyn withdrew $750,000 from Citibank accounts in February 2008.

A set of prepaid iWire cards was also compromised, leading to about $5m in fraudulent withdrawals. Most of the money was sent to Russia.

More here.

Sunday, August 23, 2009

Quote of The Day: Robert Baer

"The notion that we are are in Afghanistan to make our country safer is complete bullshit."

- Robert Baer, former CIA field operative in the Middle East and the author of "See No Evil".

This strikes me as some of the smartest security thinking I've heard on this topic in a very long time. - ferg

Via The Huffington Post.