Google Robbed By 'Bahama' Botnet
Thomas Claburn writes on InformationWeek:
The "Bahama botnet," a collection of thousands of compromised computers that has been defrauding online advertisers lately, has also been stealing revenue from Google.
Beyond its efforts to cash in on fraudulent clicks, the botnet has been acting as "a sort of perverted Robin Hood," according to Click Forensics, an online ad auditing company. It robs from the rich -- Google, for instance -- and gives to the scammers and to the ad networks that don't care about Web traffic legitimacy.
The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit.
As a Click Forensics blog post scheduled for publication on Thursday explains, "When a user with an infected machine performs a search on what they think is google.com, the query actually goes to the Canadian computer, which pulls real search results directly from Google, fiddles with them a bit, and displays them to the searcher. Now the searcher is looking at a page that looks exactly like the Google search results page, but it's not."
More
here.
Citing Cyber Crime, FBI Director Doesn't Bank Online
Robert McMillan writes on PC World:
The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt.
FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.
"It looked pretty legitimate," Mueller said Wednesday in a speech at San Francisco's Commonwealth Club. "They had mimicked the e-mails that the bank would ordinarily send out to its customers; they'd mimicked them very well."
In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.
Though he stopped before handing over any sensitive information, the incident put an end to Mueller's online banking.
More
here.
Federal Investigation Nets 100 in Phishing Scheme
Brian Prince writes on eWeek:
The FBI partnered with Egyptian law enforcement to shutdown a phishing ring authorities say was targeting American banks. The investigation, which began in 2007, represents the biggest cyber-crime roundup thus far in the U.S.
Authorities in the U.S. and Egypt have charged 100 people with participating in a sophisticated phishing ring authorities say defrauded two banks in the United States.
Early today, police in cities across the U.S. arrested 33 of the 53 suspects named in a federal indictment in Los Angeles last week. Overseas, Egyptian authorities charged another 47 defendants for participating in the scheme.
The charges were the result of a two-year probe known as Operation Phish Phry, which started when FBI agents working with United States financial institutions began working to identify and disrupt white collar criminals targeting the financial infrastructure in the United States . Using intelligence developed during the initiative, the FBI partnered with Egyptian law enforcement to investigate multiple suspects based in Egypt . By the time it was over, the effort resulted in the largest cyber-crime investigation to date in the U.S., FBI officials said.
More
here.
U.S. Toll in Iraq, Afghanistan
Iraq and Afghanistan statistics via The Boston Glove (AP).
As of Tuesday, Oct. 6, 2009, at least 4,348 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.
The figure includes nine military civilians killed in action. At least 3,474 military personnel died as a result of hostile action, according to the military's numbers.
The AP count is three fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.
As of Tuesday, Oct. 6, 2009, at least 791 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EDT.
Of those, the military reports 611 were killed by hostile action.
More
here and
here.
Honor the Fallen.
Zeus Trojan Infiltrates Bank Security Firm
Brian Krebs writes on Security Fix:
On Sept. 1, security industry start-up Silver Tail Systems held an in-depth online seminar for its bank and e-commerce clients that examined the stealth and sophistication of Zeus, a data-stealing Trojan horse program that organized thieves have used in a string of lucrative cyber heists this year.
A week later, Silver Tail learned that Zeus had infiltrated its own network defenses.
Silver Tail founder Laura Mather said she believes her company was targeted by criminals wielding Zeus specifically because of the recent webinar, which spotlighted the myriad ways in which Zeus can defeat online banking security measures. Still, she said the incident shows this family of malware can be a threat to any business - even security companies.
"Luckily, we were vigilant enough and had things locked down to a degree that the attackers weren't able to get anything of value to them," Mather said.
More
here.
Australia: RailCorp Wrestles With Conficker
Suzanne Tindal writes on ZDNet Australia:
RailCorp has confirmed that some of its workstations had been infected with the Conficker virus, although it insisted that the virus had caused no operational impact.
"Instances of the virus were detected on some workstations on various networks. However, there has been no wide scale outbreak," a spokesperson for the corporation told ZDNet.com.au.
The organisation's security and patching stance made sure that the "bulk" of its computing network wasn't susceptible to the virus, they continued.
The antivirus had also paid its way. "Instances where the virus was able to infect a machine were isolated and resulted in no loss of service to commuters or operational capacity for RailCorp," the spokesperson said.
More
here.
Bankers Gone Bad: Financial Crisis Making The Threat Worse
Kelly Jackson Higgins writes on Dark Reading:
A former Wachovia Bank executive who had handled insider fraud incidents says banks are in denial about just how massive the insider threat problem is within their institutions. Meanwhile, the economic crisis appears to be exacerbating the risk, with 70 percent of financial institutions saying they have experienced a case of data theft by one of their employees in the past 12 months, according to new survey data.
Shirley Inscoe, who spent 21 years at Wachovia handling insider fraud investigations and fraud prevention, says banks don't want to talk about the insider fraud, and many aren't aware that it's an "epic problem."
"There needs to be more training around this issue," says Inscoe, who co-authored a book about bank insider fraud called Insidious -- How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them, which publishes later this month. "We are seeing a huge increase in this country of organized crime rings threatening individuals who work in financial institutions and making them [commit fraud on their behalf]," she says.
More
here.
Nasty Banking Trojan Makes Mules of Victims
Robert McMillan writes on PC World:
A sophisticated Trojan horse program designed to empty bank accounts has a new trick up its sleeve: It lies to investigators about where the money is going.
First uncovered by Finjan Software last week, the URLzone Trojan is already known to be very advanced. It rewrites bank pages so that the victims don't know that their accounts have been emptied, and it also has a sophisticated command-and-control interface that lets the bad guys pre-set what percentage of the account balance they want to clear out.
But Finjan isn't the only company looking into URLzone. RSA Security researchers say the software uses several techniques to spot machines that are run by investigators and law enforcement. Researchers typically create their own programs that are designed to mimic the behavior of real Trojans. When URLzone identifies one of these, it sends it bogus information, according to Aviv Raff, RSA's FraudAction research lab manager.
Security experts have long published research into the inner workings of malicious computer programs such as URLzone, Raff said. "Now the other side knows that they are being watched and they're acting," he said.
More
here.
With No Plan to Respond to Cyber Attacks, U.S. Risks Reliving 9/11
Jill R. Aitoro writes on NextGov.com:
The United States, in the wake of a widespread cyberattack, could face the same lack of coordination and preparedness the nation experienced after the Sept. 11 terrorist attacks because the government has not developed clear policies for how to respond, a panel of current and former federal security officials said on Monday.
"In terms of terrorism response, I think that we're getting well practiced and well organized. We are an efficient nation," said Gen. Michael Hayden, principal at consulting firm Chertoff Group and former director of the CIA. "Not so with the new-age threat of cyberattacks, [where] we are not well organized. It's very unclear who would be in charge of response."
As a result, the federal response to a cyberattack might resemble what happened on Sept. 12, 2001, the day after the World Trade Center and Pentagon were attacked, said Hayden, The government would pull together people to "frankly act like a committee, because we don't have any other alternative" strategy in place to define how federal, state and local government and the private sector will respond, he added.
More
here.
TA Associates Buys Stake in AVG Technologies
Via The Boston Globe Business News.
TA Associates, a private equity firm with offices in Boston, said it has paid more than $200 million for a minority stake in AVG Technologies, a company focused on providing home and business computer users with comprehensive and proactive protection against computer security threats.
AVG Technologies is based in Amsterdam, with US operations headquartered in Chelmsford. Of the company's roughly 550 employees, nearly 60 are in Chelmsford, a spokesman for TA Associates said.
More
here.
Hacker Leaks Thousands of Hotmail Passwords
Gregg Keizer writes on ComputerWorld:
More than 10,000 usernames and passwords for Windows Live Hotmail accounts were leaked online late last week, according to a report by Neowin.net, which claimed that they were posted by an anonymous user on pastebin.com last Thursday.
The post has since been taken down.
Neowin reported that it had seen part of the list. "Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe," said the site. "The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists."
Hotmail usernames and passwords are often used for more than logging into Microsoft's online e-mail service, however. Many people log onto a wide range of Microsoft's online properties -- including the trial version of the company's Web-based Office applications, the Connect beta test site and the Skydrive online storage service -- with their Hotmail passwords.
It was unknown how the usernames and passwords were obtained, but Neowin speculated that they were the result of either a hack of Hotmail or a massive phishing attack that had tricked users into divulging their log-on information.
More
here.
Ken Burns on PBS: The National Parks
The premier on PBS of Ken Burns' wonderful new film "The National Parks: America's Best Idea" was shown over a course of a few nights this past week. I recorded them all on my DVR to watch today, and I have to tell you, it is a magnificent & triumphant film.
If you missed it, you can watch all of it online at PBS.org.
It is surely worth every minute.
Enjoy.
- ferg
India: Spooks Want Govt to Block Skype
Mohua Chatterjee writes on The Times of India:
Intelligence agencies have asked the government to consider blocking Skype as operators of the popular global VoIP (Voice over Internet Protocol) engine are refusing to share the encryption code that prevents Indian investigators from intercepting conversations of suspected terrorists.
The Cabinet Committee on Security has accepted the recommendation in principle but has not set a date for initiating action. The urgency to track Skype calls stems from the fact that terrorists -- as the 26/11 attacks in Mumbai showed -- are increasingly using VoIP services. The shift to VoIP has been prompted by the growing ability of intelligence agencies to intercept mobile and other calls.
Sources said Skype has shared its encryption code with the US, China and other governments but is refusing to accept similar Indian requests.
Since Skype is not registered here, Indian authorities have been forced to mull the drastic option of blocking its gateways here. This, however, may not be entirely effective as Skype can route traffic through other service providers. The agencies feel blocking the gateways will at least serve as a signal to local service providers against carrying traffic from Skype or any other similar service provider which does not share the encryption code with the government.
More
here.
Soldiers' Data Still Being Downloaded Overseas, Firm Says
Ellen Nakashima writes on The Washington Post:
The personal data of tens of thousands of U.S. soldiers -- including those in the Special Forces -- continue to be downloaded by unauthorized computer users in countries such as China and Pakistan, despite Army assurances that it would try to fix the problem, according to a private firm that monitors cybersecurity.
Tiversa, which scours the Internet for sensitive data, discovered the data breaches while conducting research for private clients. The company found, as recently as this week, documents containing Social Security numbers, blood types, cellphone numbers, e-mail addresses, and the names of soldiers' spouses and children.
The availability of such data, security experts say, exacerbates the threat of identity theft and retaliation against troops on sensitive missions. In addition to using the information to drain financial accounts, hackers could pose as soldiers in an effort to ferret out sensitive data, including passwords to government systems.
Such disclosures represent a "major security risk" to the service members and the military, said Rep. Edolphus Towns (D-N.Y.), chairman of the House Oversight and Government Reform Committee, which was informed of the data breach by Tiversa.
More
here.
Yet Another Cyber Theft: $50K Stolen from New York Non-Profit
Mary Perham writes in The Corning Leader/Bath Courier:
The FBI has been called to investigate the alleged cyber-theft last week of roughly $50,000 from the Arc of Steuben, in Bath.
Arc Executive Director Bernie Burns said the theft occurred last week after a hacker gained access to an unidentified Arc employee’s personal e-mail at work. The employee also was authorized to handle Arc’s financial information at Five Star Bank, and hackers gained enough details to access the bank funds, Burns said.
Arc’s insurance is expected to recoup the loss, Burns said.
Steuben County Chief Deputy Noel Terwilliger said Wednesday the theft was reported Sept. 23 after information technology staff and fraud investigators at Five Star Bank noticed the illegal transfer of funds. Bank officials took immediate action to prevent a larger sum from being moved out of the Arc account, Terwilliger said.
Although early reports indicated as much as $200,000 had been re-moved from the Arc account, Terwilliger said all but about $50,000 has been recovered.
The theft in Bath could be a part of larger nationwide scheme to steal millions from corporations and schools over the past few months. Several health care providers, including non-profit organizations that cater to the disabled and the uninsured have been recent targets, according to The Washington Post.
More
here.
SCADA Watch: Australian Energy Company's Virus Outbreak a Threat to Power Grid
Asher Moses writes in The Age:
A virus outbreak is wreaking havoc with Integral Energy's computer network, forcing it to rebuild all 1000 of its desktop computers before the "particularly sinister" bug spreads to the machines controlling the power grid.
A spokesman for Integral Energy, a major energy supplier, confirmed that the company had called in external information security experts to "rebuild all desktop computers to contain and remove the virus".
The malware had not affected power supplies to customers or business data and was "contained within Integral Energy's information technology network", the spokesman said.
But Chris Gatford, a security consultant at Hacklabs who has conducted penetration testing on critical infrastructure, said there was often "ineffective segregation" or "more typically none at all" between the IT network and the network that monitors and controls the infrastructure.
He said the two networks often needed to be connected in some way in order to share data such as usage information that is used in the billing process or quality of service measuring.
"The risk of having a virus in this type of environment is it might affect the operation of the power grid if the virus was to infiltrate the process control network," said Gatford.
More
here.
