NewsBits for May 14, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Fake bank Web site scam reaches U.S. Bank of America Corp. has warned its customers to be aware of a scam that attempts to get them to log into a fake Web site that then captures their personal financial details. The scam was attempted recently via e-mail and is similar to ones recently perpetrated in Australia on Commonwealth Bank, Westpac Bank, and Australia and New Zealand (ANZ) Bank. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,81211,00.html - - - - - - - - - - MasterCard accused of online fraud Just a few weeks after settling a $1bn law suit for overcharging its merchants, Mastercard has been accused of committing fraud when processing online transactions. Internet payment firm Paycom Billing Services has filed a lawsuit against MasterCard, alleging the credit card issuer committed fraud when processing merchants' online transactions. http://news.zdnet.co.uk/story/0,,t269-s2134668,00.html - - - - - - - - - - Buffalo Spammer arrested Howard Carmack - the Buffalo Spammer - has been arrested and charged in New York for four felony (i.e. criminal) and two misdemeanour counts relating to his alleged fraudulence in obtaining Internet access accounts to send more than 825 million spam emails. His nemesis, Earthlink, the US ISP, last week won $16.4m damages and a permanent order to stop spamming against Carmack. He didn't turn up in the US District Court in Atlanta where the case was held. Neither did he send a lawyer. http://www.theregister.co.uk/content/55/30708.html http://news.com.com/2100-1032_3-1001513.html - - - - - - - - - - Ericsson Telecom Spy Trial Begins in Stockholm A former LM Ericsson engineer charged with espionage gave Russian intelligence agents 2,700 internal company documents in exchange for money, jeopardizing Sweden's national security, prosecutors said as his trial began Wednesday. Afshin Bavand, 46, received tens of thousands of dollars from Russian agents in return for computer files containing secret information about Ericsson's telecommunications technology and its joint cell phone venture with Sony, prosecutor Tomas Lindstrand said. http://www.usatoday.com/tech/news/2003-05-14-ericsson-trial-start_x.htm http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5859537.htm - - - - - - - - - - Raid hits child porn producers Police in Sweden and Norway launched a combined action on what they believe could be a pedophile network that has produced and distributed child pornography around the world. Dozens of Swedish children may have been abused. Two arrests were made as police descended in Fredrikstad, Norway and Swedish capital Stockholm. Computer hard disks were confiscated and will be examined for pornographic images. Norway's National Bureau of Crime Investigation has long been after the source of particularly hardcore images distributed on the Internet. A 41-year-old Swede is suspected for being a central figure, and police now believe he has both committed and photographed serious sexual assaults on children. http://www.aftenposten.no/english/local/article.jhtml?articleID=545792 - - - - - - - - - - Man Arrested, Suspected Of Trying To Meet Online 'Lolita' A Wisconsin man was charged Monday with traveling to the Chicago area to have sex with his "little Lolita," an undercover officer posing as a female minor he met on the Internet. David Nelson, 41, of Madison, Wis., was charged in a criminal complaint with traveling to another state for the purpose of engaging in sex with a minor. He was scheduled to appear for a detention hearing at 10:45 a.m. Wednesday before U.S. Magistrate Judge Nan Nolan, U.S. Attorney's Office spokesman Randall Samborn said. Nelson was arrested about 4:20 p.m. Saturday at a McDonald's restaurant in Forest Park, Ill., after a Cook County Sheriff's Police Child Exploitation Unit officer posing as 14-year-old "Stef" approached him. http://www.channel3000.com/news/2200814/detail.html - - - - - - - - - - Child Porn Charges Against Former Judge Dropped A former administrative judge is a free man after charges that he possessed child pornography were dismissed Tuesday. The felony and misdemeanor possession charges against Marvin Teal were dismissed at a hearing Tuesday before Baltimore District Court Judge Charles Chiapparelli. A spokesman for the Baltimore City State's Attorney's Office said there was no proof that Teal possessed the pornography. Teal was a judge until the early 1990s, when he was first charged with child sexual abuse. He's been behind bars for most of the past decade, and was on probation when he was arrested in April. Police said Teal was caught downloading child pornography on a computer at the Enoch Pratt Free Library's downtown branch. http://www.thewbalchannel.com/news/2201127/detail.html - - - - - - - - - - CHILD-PORN COP COPS A PLEA An 18-year veteran cop pleaded guilty yesterday to kiddie porn charges in exchange for a reduced sentence of up to 27 months behind bars. Kevin Green has been suspended from the force since last October when he was busted with a stash of pornography - including at least 10 CDs and 10 videotapes showing children of various ages having sex with other children and with adults. "I knowingly accepted a purchase of pornography," Green told Brooklyn federal Judge Edward Korman as he pleaded guilty to receiving one pornographic image through the mail as part of a plea deal that could put him away for between 21 and 27 months. The charges carry a maximum of 15 years. http://www.nypost.com/news/regionalnews/75711.htm - - - - - - - - - - Man booked on child porn possession A Hamden man, picked up early Thursday evening by police, has been charged with sending child pornography over the Internet. Police say Phillip Bacon, 53, of 65 Sanford St. passed an image of a young girl approximately six or seven years of age to a police officer in Irving, Texas. Bacon has been charged with possession of child pornography. He was released on $10,000 bond later that night. Police say Bacon e-mailed the pornographic image as an attachment to the officer while in an America Online chat room March 7. http://www.zwire.com/site/news.cfm?BRD=1636&dept_id=8977&newsid=7998308&PAG=461&rfi=9 - - - - - - - - - - 'Matrix' sequel spotted on the Net Underground Internet file-swapping circles were buzzing Wednesday with rumors that a copy of "The Matrix Reloaded" had been released online, a day before its theatrical opening date. Information posted on several widely read hacker sites described a two-CD release of the Warner Bros. film by a group that had earlier claimed to have posted the "X-Men" sequel, "X2." The news sparked a frenzy of activity in Internet Relay Chat (IRC) channels and other forums dedicated to movie swapping. http://news.com.com/2100-1026_3-1001562.html - - - - - - - - - - Internet gambling ban hits snag in U.S. Congress Internet gambling opponents hit a snag Wednesday when U.S. lawmakers modified a bill aimed at choking off payments to offshore Web casinos that take in some $4 billion annually, creating competing drafts that could divide support. The House of Representatives Judiciary Committee voted 16-15 to modify the legislation that would block credit-card payments to gambling Web sites, removing language that would have exempted lawful casinos and other state-licensed gambling businesses. http://www.usatoday.com/tech/news/2003-05-14-gambling-ban-snag_x.htm http://www.msnbc.com/news/913560.asp http://www.washingtonpost.com/wp-dyn/articles/A54990-2003May14.html - - - - - - - - - - State Could Outlaw "Virtual" Child Porn Prosecutors have gone before a state Senate committee to testify in favor of bill to outlaw so-called "virtual" child pornography. Supporters of the measure say it is necessary because a U.S. Supreme Court ruling struck down a 1996 federal child porn law as overly broad. They say technology makes it possible to create realistic sexual images without using real children, but that "virtual" child pornography is no less destructive. http://www.thewgalchannel.com/news/2201744/detail.html - - - - - - - - - - Spammers Fight Back in Court After spending years cracking down on spammers, two prominent organizations that list senders of junk e-mail are fending off an unorthodox legal challenge by e-mail marketers. In a case that's raising the hackles of antispam activists, a group of anonymous e-mail marketers are charging that two blacklisting sites, Spamhaus and SPEWS.org (Spam Prevention Early Warning System), have published false, misleading and libelous information about their business practices. http://www.wired.com/news/business/0,1367,58812,00.html http://www.msnbc.com/news/913505.asp Blacklists vs. Spam http://www.washingtonpost.com/wp-dyn/articles/A53496-2003May14.html - - - - - - - - - - Civil action may hit cyber thugs harder than criminal laws Stop Cybercrimes Civil remedies are a more viable legal solution to cyber crime for the enterprise than criminal prosecution, according to IT security consultant and forensics expert Ajoy Ghosh. Tort law (specifically the tort of negligence) is likely to pressure large market sectors such as Internet service providers (ISPs) to adopt security measures that prevent cyber criminals from plying their trade and more readily identifies them, he said. http://www.computerworld.com.au/nindex.php?taxid=6&id=1292973971 - - - - - - - - - - Security chiefs worry about police state Chief security officers and senior security executives are worried that the United States could be on its way to becoming a police state, according to a poll released Monday by CSO magazine. When considering the impacts of Patriot Acts I and II, nearly a third of respondents (31 percent) said they think the United States is in jeopardy of becoming a police state. Thirty-six percent (36 percent) do not think the Bush administration's goal of regime change in Iraq will ultimately improve national security at home. And 41 percent of CSOs do not think the terror-threat information provided by the U.S. Department of Homeland Security is timely or accurate. http://dayton.bizjournals.com/dayton/stories/2003/05/12/daily14.html - - - - - - - - - - Whistle blown over extent of UK data seizures Around one billion pieces of personal data are handed over to the police and other official bodies each year by communications companies, privacy advocates have calculated. UK law enforcement and investigative agencies are forcing communications providers to hand over around one million customer records each year, Privacy International claimed on Wednesday. http://news.zdnet.co.uk/story/0,,t269-s2134686,00.html - - - - - - - - - - Fizzer worm serves a warning Companies are being urged to learn valuable lessons from the outbreak of the Fizzer worm which began spreading earlier this week. While the worm is still appearing by the thousand in the wild, it hasn't exploded in the same way as viruses such as Melissa or the Love Bug. And while it is still bubbling under--with infections yesterday only down slightly on Monday--the mass mailer should, more importantly, serve as a warning to PC users and companies worldwide about the nature of future threats. http://zdnet.com.com/2100-1105_2-1001519.html - - - - - - - - - - DHS creating cyber R & D center The Homeland Security Department is creating a research and development center to coordinate cybersecurity efforts across civilian and defense agencies, universities, and the private sector, a top official told Congress today. Charles McQueary, the new under secretary for DHS' Science and Technology Directorate, told the House Science Committee that the center will make sure cybersecurity research and resources are effectively used. McQueary was one of four top officials testifying about cybersecurity and the need to ratchet up U.S. defenses against a new kind of warfare. http://www.fcw.com/fcw/articles/2003/0512/web-cyber-05-14-03.asp - - - - - - - - - - Operation Teen Saver a Model for Fighting Internet Crimes against Kids Hundreds of teenage girls and boys are sexually assaulted each year by people they meet on the Internet. In Nassau County, "Operation Teen Saver" is designed to prevent such attacks. Investigators pose as kids to draw out predators. The adults are trained to think and write as a teen might. There's a handy cheat sheet nearby to help them out. The numbers are startling. One study indicates 20 percent of children have been solicited for sex online. Others show between 14 and 24 percent of teens have actually arranged to meet strangers in person who they have chatted with- a potentially dangerous decision. Parry Aftab is an expert on Internet safety. She showed us how quickly a seemingly innocent conversation can turn X-rated. Within five minutes, the language became explicit. The NYPD has started a similar Internet unit, and efforts are underway to educate parents online as well as online. http://abclocal.go.com/wabc/news/wabc_051303_internetcops.html - - - - - - - - - - New attack sheds light on virtual machine security flaws A student researcher has come up with an attack that uses light to thwart the security of Java and .Net virtual machines. A Princeton University student has shed light on security flaws in Java and .Net virtual machines using a lamp, some known properties of computer memory and a little luck. http://news.zdnet.co.uk/story/0,,t269-s2134662,00.html - - - - - - - - - - RIAA blames temp for false accusations The music industry's antipiracy efforts took an embarrassing turn Tuesday when the Recording Industry Association of America acknowledged that it has erroneously sent dozens of copyright infringement notices. The RIAA said Tuesday that a temporary worker was responsible for firing off legal notifications last week that invoked the Digital Millennium Copyright Act without confirming that any copyrighted files were actually being offered for download. "We have sent two dozen withdrawal notices--all appear related to this particular temp," the RIAA said in a statement. "We apologize for any inconvenience this may have caused." http://zdnet.com.com/2100-1104_2-1001319.html - - - - - - - - - - The mood among campus file-swappers The Recording Industry Association of America recently stepped up its effort to combat music sharing by suing four university students who used their college networks to run file-sharing services. But at Stanford University --as well as at other colleges and universities around the country--students are growing increasingly perturbed by what they see as an attempt by the record labels to infringe on their legitimate right to make copies of digital media. This is not a group to alienate. http://news.com.com/2010-1071_3-1001272.html - - - - - - - - - - Hollywood fights DVD-copying technology Brian Martin, a computer consultant in Maryland, is careful when he handles the plastic discs in his DVD library of more than 200 movies. But accidents - and scratches - still happen. "The worst thing is, one little scratch is enough to make the movie skip foward a chapter," says Martin, who estimates his collection at more than $3,000. "That's become really annoying with a few of mine." http://www.nandotimes.com/technology/story/888091p-6187794c.html - - - - - - - - - - The technical expertise in computer crimes forensics Various examinations are necessary for successful investigation of computer crimes. Purpose and carrying out of traditional examinations (criminalistics, examinations of substances and materials, economic, etc.) does not cause special difficulties. Computer- technical examination is a rather new kind of examinations and has some features. http://www.crime-research.org/eng/news/2003/05/Mess1406.html - - - - - - - - - - Snooping on a Shoestring Competitive intelligence doesn't go away during a down market -- it just gets that much more competitive. Three years ago, as chief competitive officer at Palm (PALM), Michael Mace wouldn't think twice before ordering a $70,000 scouting report on the Japanese handheld market or buying a last-minute plane ticket to Cannes to work a new source at a trade show. In the world of competitive intelligence (CI) -- where you shake down every possible source to get the skinny on your rivals -- having an edge was all that mattered. "It was about attack and defend," Mace says. http://www.business2.com/articles/mag/0,1640,48746,00.html - - - - - - - - - - In Search of the IT Patch Master "There's a false sense of security" once a patch is installed on a network, says Steve Larsen, CEO of BigFix. Over a six- to 12-month period, about 20 percent of machines will become unpatched. IT organizations have a new scalability problem to deal with, and it has nothing to do with network performance or how many servers it takes to run an application. It has everything to do with system security and how system administrators can protect against software vulnerabilities. The scalability issue is the question of how to deal with the hundreds of software patches issued every month to fix software bugs or plug security holes that may be exploited later by hackers. http://www.newsfactor.com/perl/story/21508.html - - - - - - - - - - Security Tools: From Mermaids to Suckling Pigs The recent Nmap-hackers survey provides a glimpse of what security professionals are packing in their tool-belts these days. One of my favorite authors is Jorge Luis Borges. Borges, for those of you who have not had the pleasure yet, was an Argentine writer whose short stories exhibited a fascination with mirrors, labyrinths, infinity, mysticism, and the nature of reality and identity. He delighted in creating literary patterns, supposedly real books, games, puzzles, and lists. To give you a taste of the unique Borges, here's a list from a piece by Borges titled "The Analytical Language of John Wilkins", http://www.securityfocus.com/columnists/161 - - - - - - - - - - Puzzles could block mass computer attacks Setting computers a puzzle could thwart a type of mass computer attack increasingly being used to target websites, say US computer researchers. Distributed denial of service (DDoS) attacks involve bombarding a web server with a flood of faked requests. This can prevent legitimate requests reaching a site and may crash the site's server. The attack is co-ordinated from thousands of previously hacked computers making very hard to identify and block the source of an assault. http://www.newscientist.com/news/news.jsp?id=ns99993729 - - - - - - - - - - Securing Apache: Step-by-Step This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found. Before we start securing Apache, we must specify what functionality we expect from the server. Variety of Apache's use makes it difficult to write a universal procedure to secure the server in every case. http://www.securityfocus.com/infocus/1694 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.