NewsBits for February 3, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ UK police release TK worm suspects Two Britons suspected of writing a virulent Internet worm have been released on police bail, pending further investigations. On Thursday morning, police arrested a 19 year-old electrician and a 21 year-old unemployed man suspected of membership of a hacking group called the "THr34t-Krew" as part of a joint US/UK investigation. Investigators believe the pair, from County Durham, and a US man, are members of a group which released the TK worm earlier this year. http://www.theregister.co.uk/content/56/29264.html - - - - - - - - - - Pair who hacked court get 9 years Former computer consultant tried to dismiss pending cases. Two hackers who broke into Riverside County, Calif., court computers and electronically dismissed a variety of pending cases pleaded guilty to the crime Friday. Both William Grace and Brandon Wilson were sentenced to nine years in jail after pleading guilty to 72 counts of illegally entering a computer system and editing data, along with seven counts of conspiracy to commit extortion. http://www.msnbc.com/news/870163.asp - - - - - - - - - - Police charge four men with child porn offences, call for more resources Police have charged four more men - including a local dentist - in an international child pornography probe, and said Friday there could be many more arrests if detectives could speed up their investigation. The men arrested Thursday under Project Snowball, the largest child-porn probe in Canadian history, were identified earlier in two U.S. child-porn investigations along with nearly 250 others in Canada's largest city. http://canada.com/national/story.asp?id=60948C77-C3D1-413A-ACA8-1FB29AEECD32 http://www.mirror-guardian.com/to/northy/story/878622p-1043869c.html http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1035777594657&call_pageid=968332188492&col=968793972154 - - - - - - - - - - E-groups targeted in child porn case A career federal employee accused of possessing child pornography on his work computer is scheduled to go on trial this month in a case expected to raise questions about the role of Internet service providers in the distribution of pornography. Jimmy Todd, a midlevel manager at the U.S. Department of Agriculture office in Fort Worth, belonged to a Yahoo e-group, whose members shared a Web site and exchanged photographs and videos by e-mail, prosecutors say. http://www.dfw.com/mld/startelegram/news/local/5142370.htm - - - - - - - - - - Fremont ex-councilman agrees to porn plea deal The former president of the Fremont City Council pleaded guilty in federal court to possessing child pornography. Kenneth Schneider's home was one of 12 houses and one business raided throughout Ohio in October as part of an investigation into a global Internet pornography operation. Schneider, 41, agreed to a plea agreement Friday in U.S. District Court in Toledo. His attorney said he probably will be sentenced to 21 to 27 months in prison under federal guidelines, although the maximum sentence is five years - 60 months - and a $250,000 fine. http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1044788139155680.xml - - - - - - - - - - Former USA medical student sentenced in child pornography A former USA medical student was sentenced to three years in prison after pleading guilty to charges of possessing child pornography. Michael Davidson a 27 year old aspiring doctor, was arrested last March at his home after being caught in "Operation Candyman", an undercover internet sweep targeting those collected child pornography from the Web. http://www.usavanguard.com/vnews/display.v/ART/2003/02/10/3e48346d9e661 - - - - - - - - - - Probation Denied to Former Deputy A former sheriff's deputy charged with computer sex crimes involving a Houston County teenager has begun serving a 10-year prison sentence. Probation was denied today for 49-year-old Joseph Bundrick. He was arrested last summer at a Dothan restaurant, where he thought he had set up a meeting over the Internet with a 14-year-old girl. http://www.wtvynews4.com/home/headlines/213376.html - - - - - - - - - - Famous hacker suffers break-ins to own corporate Web site The world's best-known computer hacker suffered the indignity of having someone break into his new security consulting company's Web site. But Kevin Mitnick shrugged it off as "quite amusing," not serious enough for him to call the FBI. Mitnick, whose federal probation on hacking charges ended a few weeks ago, acknowledged that this weekend's electronic break-in at Defensive Thinking Inc. of Los Angeles was actually the second time in weeks that hackers found a way into the computer running the firm's Web site. http://online.securityfocus.com/news/2326 Mitnick Amused By Website Hacks http://www.wired.com/news/infostructure/0,1377,57618,00.html - - - - - - - - - - Text spammer fined PS15,000 ICSTIS - the premium rate phone services regulator - has slapped a PS15,000 fine on an operator for sending a misleading text spam. The watchdog received loads of complaints after Polo Ltd, based in the British Virgin Island, texted the spam telling phone users they had won a "PS150 prize". http://www.theregister.co.uk/content/59/29268.html - - - - - - - - - - Ashcroft proposes vast new surveillance powers A sweeping new anti-terrorism bill drafted by the Justice Department would dramatically increase government electronic surveillance and data collection abilities, and impose the first-ever federal criminal penalties for using encryption in the U.S. A draft of the Domestic Security Enhancement Act of 2003 dated January 9th was obtained by the non-partisan Center for Public Integrity and released Friday. The 120-page proposal would further expand many of the surveillance powers Congress granted federal law enforcement in the USA-PATRIOT Act in 2001, while increasing the secrecy surrounding some government functions. http://online.securityfocus.com/news/2296 http://www.govexec.com/dailyfed/0203/021003td1.htm Perspective: Ashcroft's worrisome spy plans http://news.com.com/2010-1071-983921.html - - - - - - - - - - DARPA releases strategic plan The Defense Advanced Research Projects Agency last week released a strategic plan, which lays out the agency's vision for the controversial Total Information Awareness project, as well as its top eight research areas. http://www.fcw.com/fcw/articles/2003/0210/web-darpa-02-10-03.asp - - - - - - - - - - Europe Unites Against Cyberattack Europe has to coordinate its fight against the threat of cyberattacks on key installations such as electricity and water supply, the European Commission said as it unveiled a plan for a new expert task force. The planned European Network and Information Security Agency will employ 30 experts charged with rapidly exchanging information across the 15-nation EU once a risk is detected. http://www.wired.com/news/business/0,1367,57614,00.html http://www.theregister.co.uk/content/6/29269.html - - - - - - - - - - High-Stakes Hunt For Cable Pirates Premium-Channel Theft Leads to More Arrests, Fines Who knows what the residents of the ground-floor garden apartment in Fairfax County will think when they return from work and see a blue piece of paper hanging from their doorknob like a request for hotel maid service. All it says on the outside is "IMPORTANT NOTICE!" And the language Cox Communications has chosen for the inside -- "our records do not indicate we have a customer at this address" -- is perhaps a tad vague. http://www.washingtonpost.com/wp-dyn/articles/A49299-2003Feb9.html - - - - - - - - - - High Tech Helps Child Pornographers and Their Pursuers The combination of digital photography and high-speed home Internet access has set off what the authorities say is an explosion of homemade child pornography in recent years, with growing numbers of victims. The authorities in this country have responded by compiling a federal catalog of all known child pornography photographs. (NY Times article, free registration required) http://www.nytimes.com/2003/02/09/technology/09PORN.html - - - - - - - - - - Firms' hacking-related insurance costs soar Computer worms and viruses cost companies time and cleanup costs and now higher insurance premiums. Many insurance companies overwhelmed with hacking- related claims the past two years have sliced hacking losses from general-liability policies, forcing companies to spend extra for "network risk insurance," which costs about $5,000 to $30,000 a year for $1 million in coverage. http://www.usatoday.com/tech/news/computersecurity/2003-02-09-hacker_x.htm - - - - - - - - - - ID theft victims get little help Law enforcement still struggling to keep up with crime It happens almost every day. Someone calls Charles Rutherfords small mobile phone shop in Minnesotas Twin Cities area with an obviously stolen identity, and tries to buy a cell phone. At his own expense, Rutherford finds and warns the ID theft victim, and sometimes he can even build an iron-clad case against the criminal. But it doesnt matter, and the crimes continue, because no one will arrest the thieves hes caught. http://www.msnbc.com/news/868706.asp - - - - - - - - - - Online music to get ID tags As music is increasingly sold online in the form of downloads, a new scheme aims to track sales so that it's possible to know how much musicians are owed in royalies. A music industry trade body has launched electronic identity tags to keep tabs on Internet music sales in a bid to compensate musicians and songwriters as more of their works become available online. http://news.zdnet.co.uk/story/0,,t269-s2130190,00.html http://news.com.com/2100-1023-983961.html http://www.cnn.com/2003/TECH/internet/02/10/music.tag.reut/index.html http://www.usatoday.com/tech/news/2003-02-10-music-tracking_x.htm - - - - - - - - - - Netegrity unveils XML security software Security company Netegrity on Monday introduced XML-based security software for exchanging network log-in information between business partners. The company's SAML Affiliate Agent software is based on the XML-based standard called Security Assertion Markup Language, or SAML. Businesses can use the new software with Netegrity's SiteMinder server to authenticate a visitor to a Web site and share the authentication information with a business partners' own Web site. http://zdnet.com.com/2110-1105-983978.html - - - - - - - - - - Suing Over Slammer The Slammer worm was successful because thousands of users didn't patch Microsoft's security holes. Should we sue them all? In the aftermath of the SQL Slammer worm, companies have once again claimed massive financial losses as a result of malicious code. As with the Code Red and Nimda worms, the Melissa virus and the Mafiaboy distributed denial of service attack, the press has reported widespread system disruption with "losses" in the hundreds of millions -- if not billions -- of dollars worldwide. http://online.securityfocus.com/columnists/141 - - - - - - - - - - If tech companies were liable for security holes, cyberspace would become safer. Just two weeks ago, a nasty little piece of software known to security experts as an Internet ``worm,'' wreaked havoc in parts of cyberspace. ``Slammer,'' as the worm was dubbed, went beyond the usual disruptions to e-mail and Web sites: It crippled 911 systems near Seattle, disabled Bank of America ATMs, and gummed up ticketing systems at Continental Airlines. http://www.siliconvalley.com/mld/siliconvalley/5147205.htm - - - - - - - - - - How Vulnerable Is the Internet Now? According to Gartner research director Richard Stiennon, it would not be difficult for an attacker to send spoofed routing tables to poorly configured routers and misdirect traffic across large parts of the Internet. It is increasingly rare for a month to pass without a report of a serious vulnerability in one or more of the technologies that underpin the Internet. Even products that are not a direct part of the Internet infrastructure can cause huge problems. The SQL Slammer worm, for example, significantly disrupted traffic after infecting only a small number of machines. http://www.newsfactor.com/perl/story/20704.html - - - - - - - - - - Cyber civil libertarian stays grounded in latest fight As a millionaire high-tech entrepreneur and activist, John Gilmore ought to be jetting off to board meetings in New York, battling officials in Washington or visiting his family in Florida. Instead, he's grounded in northern California, unwilling to fly because he believes the requirement to show identification before boarding a domestic flight violates his constitutional rights. http://online.securityfocus.com/news/2307 - - - - - - - - - - Send Money! 'Cyberbegging' sites popping up all over the World Wide Web They make their pleas for help via the World Wide Web. Some are struggling single moms or recent college graduates loaded down with student loans and maxed-out credit cards. Others are childless couples seeking treatment for infertility. One site even makes a pitch for a cat named Buster. The tales of woe vary. But the request is the same: They want people to send money via home pages that are becoming a cottage industry on the Web. Skeptical Internet experts have even coined a term for the trend; they call it ``cyberbegging.'' http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5149124.htm http://www.usatoday.com/tech/webguide/internetlife/2003-02-10-cyber-begging_x.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.