Four Who Ran Credit Card Fraud Market to Serve Prison Time
Jeremy Kirk writes on ComputerWorld:
Three men and a woman who ran what U.K. police say was the largest English-language criminal forum for selling stolen credit card numbers and the tools to steal data were imprisoned for a combined total of more than 15 years, according to the Metropolitan Police.
The GhostMarket forum had more than 8,000 members and was a marketplace for everything from the famous Zeus online banking malware to recipes for making crystal meth and even bombs, police said.
Ringleader Nicholas Webber, 19, of Southsea, and Gary Paul Kelly, 21, of Manchester, were arrested at Gatwick Airport in January 2010, after they'd been living in an apartment in Port d'Andratx, Majorca.
They pleaded guilty to computer misuse and fraud charges and were sentenced Wednesday in Southwark Crown Court in London. They both received five-year prison sentences.
Mark Fiore: Cut & Ruin
More Mark Fiore brilliance.
Via The San Francisco Chronicle.
Australian Spy Agency Handed Powers to Share Spy Data
Darren Pauli writes on ZDNet Australia:
Australia's chief spy agency, the Australian Security and Intelligence Agency (ASIO), has been handed new powers to share wiretaps and grill citizens on behalf of agencies without suspicion of crime.
The powers reside under the Telecommunications Interception and Intelligence Services Legislation Amendment Bill 2010, reintroduced to parliament after last year's federal election, and passed in Senate this morning.
Amendments introduced by the Greens to force ASIO to disclose certain interception details in its annual report were dumped due to concerns about national security.
The Bill means ASIO will be able to conduct telecommunications intercepts and interviews for agencies that are in the "national interest", a concept which is undefined. Officers may not need to disclose they are working on behalf of ASIO if it is similarly in the interest of security.
Attackers Find Point-of-Sale Software an Easy Target
Dennis Fisher writes on ThreatPost:
While most consumers worry about their credit card or debit card numbers or other valuable data being stolen from their home computers or leaked via a data breach at their banks, a new report shows that the vast majority of attacks that harvest this sensitive data actually target weak software on point-of-sale devices at retail locations.
The data shows that 75 percent of the more than 220 breach investigations done by Trustwave's SpiderLabs unit last year involved an attack that targeted POS software. These systems, which are the first link in the long chain of payment processing, tend to be the softest targets for attackers interested in gathering large amounts of payment card data quickly. Many POS systems are proprietary systems that are set up either by the vendor or a third-party consultant and may not be well understood by the customer's IT staff.
"For instance, our investigations often uncover deficiencies in regards to basic security controls, such as the use of default passwords and single-factor remote access solutions. In 87% of POS breach cases, third party integrators used some form of default credentials with either remote access systems or at the operating systems layer. Businesses should work with their third party vendors to help ensure non-functional security requirements are part of the implementation and maintenance agreements," the SpiderLabs Global Security Report 2011 says.