Saturday, August 21, 2010

$9 Here, 20 Cents There and a Credit Card Lawsuit

Randall Stross writes in The New York Times:

It's easier to steal a million dollars a dollar at a time than a million dollars once. So goes an old saying.

If the allegations in a civil case filed in a federal court in Chicago hold up, you can even haul off $10 million if you stick to $9 here or 20 cents there.

The suit, filed in March by the Federal Trade Commission, contends that over at least four years, scammers placed more than $10 million in bogus charges on consumers’ credit and debit cards. Then, the suit says, they moved the money to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan. The suit was filed in United States District Court for the Northern District of Illinois.

The scammers evaded detection by keeping each charge under $10 and stealing from each cardholder only once, spreading the theft across more than a million cardholders, the suit says.

The identity of defendants has not been discovered; it may have been only a single “John Doe.” All the F.T.C. says it currently knows are the names of shell companies.

“No one has appeared to defend the companies,” said Steven M. Wernikoff, a trade commission staff lawyer overseeing the case.

When the commission filed a motion to seize the United States assets of the companies, less than $100,000 was recovered. It hopes to recover sums transferred abroad, but Mr. Wernikoff says that “it’s going to take some time.”

More here.

Friday, August 20, 2010

ICANN Asks Demand Media for Answers After Report

Robert McMillan writes on ComputerWorld:

The group responsible for managing the Internet's domain name system is asking Demand Media's eNom division for answers following complaints from Internet security groups.

ENom, the world's second-largest domain name registrar, came under fire last week in a report from HostExploit, a volunteer-run anti-malware research group. According to HostExploit, eNom is host to an unusually large number of malicious websites and is a preferred domain name registrar for pharmaceutical spammers.

ICANN now says that it is looking into the matter, according to Kurt Pritz, senior vice president of services with the Internet Corporation for Assigned Names and Numbers. Typically, ICANN advises people with information on illegal activity to take their complaints to law enforcement. "However, given the serious nature of some of the allegations made in the HostExploit report, we will ask eNom for their response and will follow up as appropriate," Pritz said in a statement, e-mailed to IDG News Service.

HostExploit says that some eNom resellers are violating ICANN rules by allowing customers to provide false Whois database information, not following ICANN deletion policy and generally not complying with their obligations as resellers.

More here.

Wednesday, August 18, 2010

Programming Note: All-Day Meetings Wed. Through Friday

I'll be wrapped up with business meetings all day through the end of this week, so posting to the blog will be virtually nonexistent until the weekend.

Thanks for following, and things should be back to normal (whatever that is) by the weekend.

- ferg

Tuesday, August 17, 2010

Google CEO: Change Your Name to Escape Our Watchful Eye

Brennon Slattery writes on PC World:

Google is often accused of behaving like Big Brother, and Google's CEO Eric Schmidt isn't doing much to dispel those perceptions. In fact, in an interview with the Wall Street Journal, Schmidt dropped an interesting -- and frightening -- tidbit: perhaps people should change their names upon reaching adulthood to eradicate the potentially reputation-damaging search records Google keeps.

"'I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time,' [Schmidt] says. He predicts, apparently seriously, that every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends' social media sites," the Wall Street Journal reports.

This isn't the first time Schmidt has made parental -- and borderline moralistic -- statements about Internet behavior. Late last year Schmidt told CNBC that "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

More here.

Monday, August 16, 2010

Pentagon Wants to Secure Dot-Com Domains of Contractors

Marc Ambinder writes in The Atlantic:

To better secure unclassified information stored in the computer networks of government contractors, the Defense Department is asking whether the National Security Agency should begin to monitor select corporate dot.com domains, several officials and consultants briefed on the matter said.

Under the proposal, which is being informally circulated throughout the department and the Department of Homeland Security, the NSA could set up equipment to look for patterns of suspicious traffic at the internet service providers that the companies' networks run through. The agency would immediately notify the Pentagon and the companies if pernicious behavior were detected. The Agency would not directly monitor the content of the data streams, only its meta-data. (A Pentagon spokesperson called later to clarify that it would not be legal for the NSA to "monitor" private networks; rather, "DoD and NSA are seeking to provide technical advice, expertise and information to the defense industrial base.")

The proposal originated in the Office of the Secretary of Defense. Because of the sensitivity associated with NSA internet surveillance and capabilities, the fact of the exploratory tasker, as it is known in Pentagon parlance, and details associated with it are being closely held.

The new program would apply to the companies that make up the Defense Industrial Base (DIB) and only to the parts of those companies that indigenously store and use sensitive information. As the Department reconfigures its network defenses and the internal structure of its information operation, it continues to deal with a large number of aggressive hacker attacks and data penetrations. Classified information is not supposed to be stored on any dot.mil subdomain that is accessible to outside computer networks.

More here.

Hat-tip: InfoSecurity News