NewsBits for March 17, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ U.S. military computer attacked Previously undiscovered flaw used to attack Army Web site. A computer intruder armed with a secret, particularly effective attack tool recently took control of an Army Web server, MSNBC.com has learned. Both Microsoft and the CERT Coordination Center released hastily-prepared warnings about the vulnerability that led to the attack on Monday. But it was a disturbingly successful attack, experts say, because the intruder found and exploited a flaw that took security researchers completely by surprise. http://www.msnbc.com/news/886524.asp Windows 2000, server security hole exploited Microsoft warned customers on Monday that a security hole in Windows 2000 and the company's Web server software is allowing online attackers to take control of corporate servers. Because the vulnerability is being actively exploited by Internet vandals, Microsoft advised customers to apply a patch or use a workaround to defend against the attack as soon as possible. http://zdnet.com.com/2100-1105-992920.html http://www.theregister.co.uk/content/55/29795.html - - - - - - - - - - Armed robbers target computer chips British crime gangs are switching from hijacking security vans carrying cash to trucks transporting millions of pounds worth of computer chips. A spate of robberies on vehicles leaving Heathrow airport has prompted the police to set up a covert operation against the armed raiders. In the most recent attack, this month, a truck carrying PS7 million ($20.1 million) of computer equipment was hijacked as it left the airport. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3250394 - - - - - - - - - - Arrests in Sex Chats With 'Girls' A Lindenhurst man arrived at a Selden parking lot on Thursday expecting to meet a 12-year-old girl he had been having sexual chats with on the Internet Suffolk police said. Three days earlier, another man took the Long Island Rail Road from Queens to meet a 13-year- old girl he planned to take back to his apartment to have sex. Both men instead were greeted by Suffolk detectives with handcuffs. For about six weeks, Richard Himbele, 31, of Lindenhurst, and Mitchell Kaplan, 51, of Middle Village, believed they were communicating with young girls via Internet chat rooms. In reality, they were chatting up undercover detectives from the computer crimes unit, Det. Sgt. John Cowie said. http://www.newsday.com/news/printedition/longisland/ny-liinte153174484mar15,0,1833989.story - - - - - - - - - - Two caught in child-porn sting Two Queens men have been charged in separate sting operations involving Internet child pornography, police and prosecutors said Friday. The men, Luis Alonzo, 52, of Bayside, and William Burgess, 42, of Forest Hills, are accused of engaging in sexually explicit communications with agents posing as young girls, said Queens District Attorney Richard Brown. http://www.rochesterdandc.com/news/0315story23_news.shtml - - - - - - - - - - Lebanon man arrested in Internet sex sting Two men, one a city councilman in northern Kentucky, have been arrested after police said the men either arranged or tried to arrange to have sex with undercover detectives posing as 15-year-old girls. Otis Ketron, 47, of Independence, Ky., is charged with one count of attempted unlawful sexual conduct with a minor and five counts of importuning, all felonies. http://www.activedayton.com/ddn/localnews/daily/0316ohnetsex.html - - - - - - - - - - N.C. man planned child sex via Internet, police allege A North Carolina man accused of traveling to Memphis expecting to have sex with a 10-year-old girl faces state and federal charges. Thomas Reid DeCarlo, 36, of Greensboro was arrested at a motel on the outskirts of town and charged by state authorities with solicitation to commit child rape. He was charged Thursday in a federal complaint with crossing state lines to engage in sex with a minor. A Shelby County sheriff's deputy posing as a 13- year-old girl corresponded with DeCarlo over the Internet, authorities say. http://www.knoxnews.com/kns/local_news/article/0,1406,KNS_347_1815114,00.html - - - - - - - - - - FBI: Attorney used Internet for sex crime FBI agents arrested a prominent Atlanta attorney at the Akron-Canton Regional Airport on Friday, accusing him of an Internet sex crime involving a child - and planning to have sex with her and her mother. Lou Litchfield, 56, was arrested by FBI agents when his flight landed at the airport. Agents said he was here to have sex with who he thought were a 12-year-old girl and her mother, but actually were undercover agents. A partner in an Atlanta law firm that handles family law cases and a former state legislative attorney, Litchfield was charged with using the Internet to induce a juvenile to engage in sexual activity with a minor. He was booked into the Stark County Jail in Canton to await a hearing in federal court Monday. http://www.cantonrep.com/index.php?ID=89450 - - - - - - - - - - EXPRESS EXECUTIVE IN CHILD PORN QUIZ A SENIOR executive of Express Newspapers last night denied downloading child porn from the internet. Andy Bull, deputy editor of the Sunday Express, said he has "nothing to hide. Mr Bull, 45, was arrested this week when police from Scotland Yard's Paedophile Investigation Unit raided his home. He was taken to a police station and questioned for several hours before being released on bail. Officers took away his computer and other equipment. It is being examined at Scotland Yard. Mr Bull's credit card was allegedly used to download child pornography from an internet site about two years ago. http://www.mirror.co.uk/news/allnews/page.cfm?objectid=12734037&method=full&siteid=50143 - - - - - - - - - - Man charged with owning child porn Routine computer service work culminated in a Hamilton Road man behind bars and his computer confiscated by police after child pornography was allegedly found on his hard drive. Arlington police arrested Hyman D. Baig, 41, 18 Hamilton Road, Apt. 401, and charged him with possessing pornographic images of persons under 18 Monday. "Our first search warrant was to get computers and evidence," said Police Chief Fred Ryan Tuesday. "Now we will file another application and look at those files. This is a time-consuming legal process. I don't know when it will be all done." http://www.townonline.com/arlington/news/local_regional/aa_newaaporn03132003.htm - - - - - - - - - - Computer, items seized in porn raid Investigators removed several computers and more than 100 videocassettes and DVDs from a home in Sugarcreek Twp. on Wednesday after they were alerted the homes owner had purchased child pornography via the Internet, according to a search warrant filed in Xenia Municipal Court. The owner, who lives in the 1300 block of Sugarhill Lane, had not been charged with any crime as of Friday, according to Greene County prosecutors. The computer equipment has been sent to the Miami Valley Regional Crime Lab for analysis, according to the warrant township police and FBI agents served. Investigators in New Zealand gave area authorities the mans name and address because they were investigating a company based there that sold child pornography via the Internet, according to the search warrants affidavit. http://www.activedayton.com/ddn/localnews/daily/0315raid.html - - - - - - - - - - N. Ireland official gets 21 months in sex sting With his family sobbing feet away from him, a former top Northern Ireland civil servant was sentenced to 21 months in prison Friday for flying to Chicago to have sex with a 14-year-old girl. The girl didn't exist but was part of a Cook County sheriff's office Internet sting operation that snagged John Mallon, 62, who went by the online moniker BigDaddyMel. U.S. District Judge Joan B. Gottschall gave Mallon a significant break in his sentence after deciding he had led an exemplary life in Ireland and that his behavior was an aberration, caused by serious health problems. The defense argued that Mallon suffered from a diminished mental capacity that prevented him from controlling himself, and the judge agreed. http://www.suntimes.com/output/news/cst-nws-sent15.html - - - - - - - - - - Man barred from the Web for possessing child porn gets new sentence A computer technician jailed and barred from the Internet after a conviction for possessing child pornography was resentenced Friday to comply with a court ruling that the ban would have jeopardized his livelihood. Under the restructured punishment, Robb W. Freeman will be allowed to use the Internet, but the government will be allowed to put monitoring software on his computer, Assistant U.S. Attorney Louis Lappen said Friday. He is also not allowed to go to any Web sites that have anything to do with child pornography or pedophilia, Lappen said. http://www.zwire.com/site/news.cfm?newsid=7380168&BRD=2212&PAG=461&dept_id=465812&rfi=6 - - - - - - - - - - Purdue prepares for disciplinary hearings concerning child porn Purdue University says it will start disciplinary action against eleven students accused of possessing child pornography. Executive associate dean Stephen Akers says disciplinary hearings are expected to begin after April 1. Purdue police originally investigated 17 students in connection with possessing child porn obtained over the Internet using Purdue's computer network. http://www.wndu.com/news/032003/news_18959.php - - - - - - - - - - China arrests another Internet activist Chinese Internet activist Zhang Yuxiang has been arrested in the eastern city of Nanjing and is being held in a guesthouse, New York-based Human Rights in China (HRIC) said Saturday. Citing unamed sources, the report said that following his detention on March 12, Zhang was taken by police to Siyang county in eastern China's Jiangsu province to be interrogated about articles he posted on the Internet. Zhang's wife has not been given any formal notice of his arrest, the report said. http://www.nandotimes.com/technology/story/809274p-5752214c.html - - - - - - - - - - Computer bug paralyzed Japan's air traffic system The government said Thursday a glitch in a program made by technology giant NEC Corp., overlooked by both aviation bureau and company technicians for months, led to the failure of Japan's central air traffic control system two weeks ago. The failure, which occurred in both the main computer and its backup at 7 a.m. on March 1, delayed hundreds of thousands of passengers and prompted the cancellation of more than 200 flights over a two-day period. (NandoTimes article, free registration required) http://www.nandotimes.com/technology/story/810632p-5759939c.html - - - - - - - - - - Former employee: Huawei even copied Cisco's bugs Huawei Technologies, being sued by Cisco Systems for allegedly unlawfully copying its software, used software mirroring Cisco's right down to the "bugs," a former Huawei employee said in court documents filed on Monday. "I was told by a Huawei engineer ... that new Quidway routers were being withheld from shipment because they contained too many 'problems' that were the same as Cisco routers had," Chad Reynolds said in a declaration filed at U.S. District Court in Texas. Reynolds worked at Futurewei, the Chinese telecommunications gear maker's U.S. unit in Plano, Texas, from April 2001 until December 2002, when he was laid off as manager of administration. http://zdnet.com.com/2110-1104-992866.html - - - - - - - - - - Lock up your computers! Crime is everywhere Did you know that 61 per cent of British businesses suffered computer-related crime last year? This astonishing statistic is supplied courtey of the British Chamber of Commerce. And if that were not hyberbolic enough for you, how about another "fact": "93% of firms experienced a virus attack or irregular intrusion" last year. http://www.theregister.co.uk/content/67/29789.html - - - - - - - - - - Scepticism greets data retention plans Industry watchers fear imposition of compulsory scheme. Scaled-down government plans for collecting communications data will not work, industry watchers have warned. The consultation paper launched last week by the Home Office outlined what information would have to be kept by communication service providers, and for how long. http://www.vnunet.com/News/1139491 - - - - - - - - - - Hackers evolve from pranksters into profiteers Computer identity theft has long been a fast-growing cybercrime. But increasingly, hackers are seeking profit rather than just fun. Complaints of Internet- related identity theft tripled to 1,000 last year, says the Federal Trade Commission. While that still accounts for a only fraction of the 160,000 nationwide reports of identity theft, the growth is alarming as more consumers put credit card and other financial data online. http://www.usatoday.com/tech/news/computersecurity/2003-03-16-hacking_x.htm - - - - - - - - - - Online file-sharing networks bring porn into workplaces Child pornography and other sexually explicit videos and images are the most sought-after content on online file-swapping networks, surpassing even the brisk unauthorized music and movie trade. A new study to be released today reveals that pornography accounts for more than 40 percent of the traffic on the Gnutella network, which connects such file-sharing services as Morpheus, LimeWire and BearShare. Child porn constitutes a small yet disturbingly measurable percentage of all searches: about 6 percent. http://www.bayarea.com/mld/mercurynews/5411265.htm - - - - - - - - - - Helping cops keep tabs on wireless data Cops are finally getting to see firsthand whether pager-favoring, tech-savvy criminals have upgraded to America's newest wireless networks. Until recently, police conducting wiretaps on services such as mMode from AT&T Wireless and PCS Vision from Sprint PCS could intercept only phone conversations. Millions of instant messages or photos were off limits to crime fighters' wiretaps because the necessary eavesdropping technology didn't exist. Now, VeriSign, Cisco Systems and other members of 2-month-old Global LI Industry Forum (LI stands for "lawful interception") say they have finally developed the answer, beginning with VeriSign's NetDiscovery service, which was introduced at the CTIA Wireless 2003 show here Monday. http://msnbc-cnet.com.com/2100-1039-992832.html - - - - - - - - - - Spam fighters connect at JamSpam Several major technology companies convened here on Friday to discuss solutions to a frustrating common denominator among them: spam. Representatives from Yahoo, Dell Computer, Oracle, Microsoft, Sun Microsystems, AOL Time Warner and DoubleClick, among others, gathered at CNET Networks for a second meeting this year to talk about the problem unsolicited bulk e-mail has created for legitimate marketers, technology developers, Internet service providers and their customers. http://zdnet.com.com/2100-1105-992759.html http://news.zdnet.co.uk/story/0,,t269-s2132006,00.html http://www.usatoday.com/tech/webguide/internetlife/2003-03-17-cities-spam_x.htm - - - - - - - - - - Samba vuln - get your patches on A buffer overflow has been found in Samba that requires immediate action, the team's Jeremy Allison tells us. Samba is the most-widely used software that allows access Windows networks from non-Windows clients. If you're running a Samba server version 2.0 or higher, you urgently need to install the latest version 2.2.8, or block access to TCP ports 139 and 445. Code that exploits the hole - which gives a potential attacker root privileges has already been created by the black hat Community. http://www.theregister.co.uk/content/55/29775.html - - - - - - - - - - DOD, vendors to test secure access The Defense Department and the vendors it works with plan to test a system later this year that would give them access to each other's employee credentials as part of an effort to bolster the security of their facilities. The interoperability demonstration pilot project, scheduled for this fall, would test the feasibility of creating a cross-credentialing system between DOD and industry. As envisioned, the Defense Cross-credentialing Identification System would consist of a collection of shared government and contractor databases, but the control and management of that information would remain with the agency or company that collected it. http://www.fcw.com/fcw/articles/2003/0317/news-secure-03-17-03.asp - - - - - - - - - - NIST rates facial recognition systems After testing 14 facial recognition products, the National Institute of Standards has identified software from Cognetic Networks Inc. of Houston, Eyematic of Los Angeles and Identix Inc. of Minnetonka, Minn., as the most reliable. For its Face Recognition Vendor Test 2002, NIST evaluated facial recognition software by comparing 121,589 images of 37,437 people, an extremely large data set http://www.gcn.com/vol1_no1/daily-updates/21408-1.html - - - - - - - - - - Who's Winning Privacy Tug of War? If you opt to protect your privacy, you'll regret it. That's what some businesses apparently would like consumers to think. Privacy is set to become even more of a key issue for businesses and government over the next few months, as some firms fight to retain what they believe is a key provision of the Fair Credit Reporting Act, a federal law that restricts who can access credit information and how it can be used. http://www.wired.com/news/privacy/0,1848,58064,00.html - - - - - - - - - - IT Security on a Shoestring Budget "The most basic thing you can do in security is a firewall," the Yankee Group's Eric Ogren told the E-Commerce Times, "because you're instantly getting both protection for your network and for your servers." Recent weeks have brought more grim news about tech spending. A study released March 4th by Merrill Lynch. Latest News about Merrill Lynch, which surveyed 75 U.S. and 25 European CIOs, showed that people who run networks in corporate America are loath to expend capital unless they absolutely must. http://www.newsfactor.com/perl/story/21010.html - - - - - - - - - - Strengthen application defenses to prevent network attacks According to Microsoft, applications are one of the five biggest areas that you should concentrate on when securing your network. Applications often contain bugs and other vulnerabilities that attackers can exploit to gain unauthorized access to your network. Here are some steps that you can take to secure your network against such attacks. (TechRepublic article, free registration required) http://www.techrepublic.com/article.jhtml?id=r00620030227pos01.htm - - - - - - - - - - Surveillance Nation Webcams, tracking devices, and interlinked databases are leading to the elimination of unmonitored public space. Are we prepared for the consequences of the intelligence-gathering network were unintentionally building? http://www.technologyreview.com/articles/farmer0403.asp - - - - - - - - - - Windows robot can 'see' intruders, call police Fujitsu has developed a Windows-powered robot that can operate household appliances and watch out for burglars. Fujitsu has begun sales in Japan of a Windows-powered robot which it hopes can become the foundation of more sophisticated household robots in the future. Called Maron-1, the $2,500 (PS1,582) machine runs on the Windows CE 3.0 operating system and is only being sold to companies who can add more specialised functions, for everything from home security to simple butler-type tasks. http://news.zdnet.co.uk/story/0,,t269-s2132026,00.html - - - - - - - - - - Justice IG says foreign student tracking system inadequate The Internet-based system for tracking foreign students studying in the United States has "significant deficiencies," according to a report released Monday by the Justice Department's Office of the Inspector General. The report found that the Immigration and Naturalization Service (INS) processes for certifying schools and training employees on the Student and Exchange Visitor Information System (SEVIS) are inadequate. Particular problems lie in INS' oversight of contractors hired to review the schools and in the reviews of schools' record-keeping and internal controls. http://www.govexec.com/dailyfed/0303/031703td1.htm - - - - - - - - - - FBI spy aircraft tracking terrorism suspects The FBI has a fleet of aircraft, some equipped with night surveillance and eavesdropping equipment, flying America's skies to track and collect intelligence on suspected terrorists and other criminals. The FBI will not provide exact figures on the planes and helicopters, but more than 80 are in the skies. There are several planes, known as "Nightstalkers," equipped with infrared devices that allow agents to track people and vehicles in the dark. http://www.usatoday.com/tech/news/2003-03-17-fbi-planes_x.htm - - - - - - - - - - Police use 'bait' cars to nab auto thieves Police in the Phoenix area have arrested at least six people since they began using special bait cars to lure would-be car thieves. Mesa police have caught four people. Scottsdale police have arrested two men. Phoenix is expected to unveil its bait cars in several weeks. Tempe is using several vehicles as lures, but no one has taken the bait yet. "We're optimistic that will change," Tempe police Sgt. Dan Masters said. http://www.usatoday.com/tech/news/2003-03-17-car-thefts_x.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.