NewsBits for June 24, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Man sentenced for scheme to steal chips from Compaq A Houston man has been sentenced to four years and three months in federal prison for his role in a multimillion- dollar scheme to steal microprocessors from Compaq Computer Corp. and resell them in California. Former Compaq employee Delynn Montell Smith, 39, who pleaded guilty last Aug. 12 to conspiracy to transport stolen property and the interstate transportation of stolen property, was handed his punishment Monday by U.S. District Judge Vanessa Gilmore. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6160126.htm http://www.usatoday.com/tech/news/2003-06-24-compaq-chip-caper-crushed_x.htm - - - - - - - - - - Former Microsoft employee faces fraud charges A former Microsoft Corp. employee accused of stealing software worth $17 million was charged Monday in federal court with 62 counts of mail and computer fraud. Richard Gregg, 43, of Bellevue, Wash., pleaded not guilty to the charges. Gregg, a former project coordinator for Windows development, is accused of ordering software with a retail value of $17 million through the company's internal software ordering system and then reselling it. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6158089.htm http://www.securityfocus.com/news/6110 http://zdnet.com.com/2100-1105_2-1020348.html http://news.com.com/2100-1012_3-1020354.html http://www.cnn.com/2003/TECH/biztech/06/24/microsoft.fraud.ap/index.html http://www.theregister.co.uk/content/51/31391.html - - - - - - - - - - Man arrested in Illinois for enticing girl An Evansdale man has been arrested in the outskirts of the Chicago area for allegedly setting up a meeting to have sex with a 15-year-old girl. St. Charles, Ill., police took Michael D. Sampson, 31, of 522 Jones Road, into custody for indecent solicitation of a child after he arrived at the meeting place in Illinois Saturday. According to St. Charles detectives, Sampson had been talking with the 15-year-old girl over the Internet, and during the conversation he asked to meet with her in Illinois for the purpose of having sex. He e-mailed her a photograph of himself, detectives said. Police said he had been talking with the girl for only one day. When Sampson showed up at the undisclosed meeting place, police officers were waiting for him. http://www.wcfcourier.com/articles/2003/06/24/news/metro/0b3b74b4ce4f39f886256d4f00474a97.txt - - - - - - - - - - Online chat leads Westminster police to suspect in attempted child sex assault case Online conversations led Westminster police to a man who they say was trying to arrange a meeting with a teen-ager for sex. A Westminster detective posing as a 14-year-old girl contacted suspect Solomon Nunya Nuka, 23, in a chat room. Police say during their conversations Nuka asked to meet with the teen to have sex. A meeting was arranged and Nuka was arrested after contacting an undercover female officer at the designated meeting place. http://www.9news.com/storyfull-newsroom.asp?id=15735 - - - - - - - - - - More evidence offered in child porn case A Taunton man accused of distributing explicit pictures over the Internet of adults raping and molesting children had allegedly offered similar material for more than a year before police caught him last October. In a document filed in New Bedford Superior Court yesterday, prosecutors allege that Marcus Aponte, 18, of 101 1/4 2 Wilbur St., had hundreds of pictures on his home computer of children engaged in sexual activity, dozens of child pornography movies and more stories about children having sex. When state police executed a warrant at Aponte's house last Oct. 3, Aponte allegedly admitted that he had "a lot" of child pornography on his home computers which he made available via Internet chat rooms, the document filed by Assistant Attorney General Kathy Chen states. http://www.tauntongazette.com/site/news.cfm?newsid=8586562&BRD=1711&PAG=461&dept_id=24232&rfi=6 - - - - - - - - - - Yahoo Website Solicits Young Teens for Sex Police are looking into an internet chat room that targets young Albuquerque boys for sex. The website invites boys as young as thirteen to try gay sex and it's a site that is apparently frequented by men who are much older. The website is part of yahoo groups. It's not in the section designed for adults but is accessible to children of any age. The group is called "Gay-bi-guys at Cibola High School." Its purpose is to "meet, hang out and get laid," and it's designed for boys aged thirteen to twenty. It's not hard to log on and take a look. Inside, postings seeking young gay teens aged thirteen to eighteen for sexual encounters. Even though it says no-one over the age of twenty can join, KRQE news 13 found members as old as 55. http://www.krqe.com/expanded4.asp?RECORD_KEY%5BHeadlines%5D=ID&ID%5BHeadlines%5D=678 - - - - - - - - - - Number of Japanese youth victimized through Internet meeting sites doubles The number of young Japanese who have fallen victim to crimes related to personals sites on the Internet more than doubled to 1,317 in 2002 from a year earlier, Government figures showed on Tuesday. Victims of web- crimes under age 20 surged 120.2 per cent from the previous year, while more than half the cases involved child prostitution or pornography with minors under 18 years old, the report said. Violent crimes related to the meeting sites, including murder and rape, involved 42 victims, a sevenfold increase since 2000, when statistics for the category began to be compiled. http://www.hindustantimes.com/news/181_288869,00030010.htm - - - - - - - - - - Pak hackers deface 126 Indian sites Pakistani hackers hacked a record 126 Indian sites on Saturday, leaving behind a warning not to provoke them again. All the 126 sites including those of movie houses, chemicals, pharmaceutical, construction and fashion companies were hacked on Saturday by a group which calls itself FBH (federal bureau of hacking). http://www.hindustantimes.com/news/181_288469,00030010.htm - - - - - - - - - - 'Disgruntled employee' hacks system--exposes secrets A disgruntled employee is suspected of hacking a global networking consultancy's computer systems and then emailing staff with confidential information about forthcoming restructuring plans. New York-based networking consultancy ThruPoint, which partners with Cisco and KPMG spin-off BearingPoint, confirmed it is conducting an investigation after the embarrassing incident. The confidential document, which has been seen by silicon.com, refers to major restructuring at the company's European offices and contains individual employee names along with management comments. Affected staff and offices are due to be notified of the details later this week. http://zdnet.com.com/2110-1105_2-1020435.html - - - - - - - - - - DirecTV files flurry of lawsuits against pirates in several states DirecTV, the nation's largest satellite TV service, has filed a spate of lawsuits in Missouri, Kansas and Illinois as part of a national effort to fight against theft of its satellite signal. "We are attacking up and down the entire food chain of the pirate community, from the demand side to the supply side," said Robert Mercer, a company spokesman. "We really have to adopt a take-no-prisoners kind of attitude on this activity. They are stealing." http://www.usatoday.com/tech/news/2003-06-24-directv-pirates_x.htm - - - - - - - - - - Judge refuses to block New York's ban on Internet cigarette sales A judge refused Monday to temporarily block the state's ban on Internet cigarette sales while several online retailers challenge the law in court. The law, passed in 2000 but not enforced until last week, prohibits Internet and mail-order sales of cigarettes to private individuals in the state who are not licensed by New York to receive them. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6158074.htm - - - - - - - - - - Calif. Law Fights Identity Theft A new California law will require companies for the first time to notify their customers if their computerized personal information, including credit card details, has been stolen. The law, the first of its kind in the United States, will go into effect next Tuesday and is aimed at preventing identity theft, which experts say is on the rise. Under the law, companies, organizations or governmental agencies must notify California residents if their unencrypted personal data -- name and social security number, driver's license number or credit card number and password -- are "acquired" by an unauthorized person or believed to have been stolen. http://www.wired.com/news/politics/0,1283,59376,00.html - - - - - - - - - - Hackers move on to hijacking Cyberjackers take over Web addresses for porn, spam. Hackers are taking over abandoned or little-used Internet addresses for all sorts of unauthorized activity. Some call it cyberjacking. Others call it corporate identity theft. Its the latest twist among computer hackers who have figured out new ways to hijack Web sites and use them to launch all kinds of unauthorized activity. http://www.msnbc.com/news/930843.asp - - - - - - - - - - WTO challenge for Net betting rules Online gambling haven Antigua takes on U.S. restrictions. The tiny twin-island Caribbean state of Antigua and Barbuda on Tuesday took on the worlds biggest trade superpower in challenging U.S. restrictions on online gambling one of Antiguas most promising sources of export income. http://www.msnbc.com/news/930837.asp - - - - - - - - - - Many libraries will skip grants to avoid using Net filters Uncle Sam wants YOU to have no library access to potentially pornographic Web sites. But many local libraries will do whatever it takes to avoid computer filters that restrict access to information, even if it means losing their federal funding in lean economic times. From Los Gatos to Livermore, library directors throughout the Bay Area vowed to continue upholding their patrons' First Amendment rights to free speech and freedom of information. Which means local library patrons should not expect their Internet access to change, despite a landmark ruling Monday by the U.S. Supreme Court requiring libraries receiving certain federal funds to install software filters to block pornography that could reach children. http://www.siliconvalley.com/mld/siliconvalley/6158188.htm A Ruling in Need of Filtering http://www.washingtonpost.com/wp-dyn/articles/A25720-2003Jun24.html http://www.wired.com/news/business/0,1367,59367,00.html Court OKs tying library funding to Net filtering http://www.siliconvalley.com/mld/siliconvalley/6158183.htm - - - - - - - - - - GAO: Feds falling down on IT security U.S. federal agencies' information security efforts are weak, haphazard and worse than White House figures suggest, according to an auditor's report released Tuesday. The U.S. General Accounting Office, the auditing arm of Congress, said in a 36-page report that agencies have "not yet shown significant progress" in securing their computers from internal and external attacks and have been slow to comply with the Federal Information Security Management Act of 2002. http://zdnet.com.com/2110-1105_2-1020685.html http://www.gcn.com/vol1_no1/daily-updates/22556-1.html - - - - - - - - - - OPM speeds hiring of cyber specialists All executive branch agencies are free to hire their own information technology professionals to bolster the security of their information systems, the Office of Personnel Management has announced. The agency notified agency heads and chief human capital officers of the new direct-hire authority, effective immediately, for professionals in the GS-2210 series at Grade 9 and above. The announcement is intended to speed hiring of cybersecurity specialists. http://www.fcw.com/fcw/articles/2003/0623/web-hire-06-24-03.asp - - - - - - - - - - Feds Form Anti-Terror E-Posse Power plants, bridges and buildings aren't the only things vital to national security computer networks also are crucial. And the FBI can't keep an eye on everything. So a unique partnership called the Infragard program has developed between the FBI and 8,300 companies to share information about both cyber and physical threats. http://www.cbsnews.com/stories/2003/06/23/attack/main559834.shtml - - - - - - - - - - Joe Public blames banks for credit card fraud Over half of all consumers (54%) feel that banks and building societies aren't doing enough to protect them from credit and debit card fraud, according to the results of a survey published today. Although the survey (conducted last month) didn't quiz members of the public on the Chip and PIN programme, a serious omission in our view, it still provides some insight into public perceptions about credit card fraud. http://www.theregister.co.uk/content/55/31404.html - - - - - - - - - - Web privacy policies confuse Net surfers Privacy policies that explain a company's Web surveillance habits have done little to dispel confusion among Internet users about how they are tracked online, according to a report released Wednesday. The dense, legalistic documents that many commercial Web sites post to explain their data-collection habits are more likely to provide false reassurance than clarity to Web surfers, the University of Pennsylvania's Annenberg Public Policy Center found. http://news.com.com/2100-1029_3-1020709.html Wyden presses TIA probe http://www.fcw.com/fcw/articles/2003/0623/web-wyden-06-24-03.asp - - - - - - - - - - Japanese group wants more human faces scanned A new industry consortium will promote widespread use of facial-recognition software. A group of commercial and government bodies have banded to promote the development of biometrics, or the technology of measuring human features for security and other purposes. According to a statement from Hitachi, one of the members of the newly-formed Biometrics Security Consortium (BSC), there was a need for common goals and standards in order to help the market for biometric products grow. http://news.zdnet.co.uk/story/0,,t269-s2136517,00.html - - - - - - - - - - Symantec expands security arsenal Symantec will lay electronic 'honey pots' for hackers and beef up its intrustion-detection software. Security- software maker Symantec's latest products use intrusion- detection technology that it acquired from other companies. Two of the products that it unveiled on Monday fall into the major categories of intrusion- detection systems (IDSes): software that runs on and protects individual servers, known as a host-based IDS, and appliances that detect potentially hostile data traversing a corporate network, known as a network IDS. In addition, the company announced that it would enter the "honey pot" arena -- offering software that detects attacks by emulating computers in hopes of attracting intruders. http://news.zdnet.co.uk/story/0,,t269-s2136511,00.html Symantec security product contains flaw http://news.com.com/2100-1009_3-1020682.html - - - - - - - - - - Security firm develops new PDA protection Network Associates releases antivirus application for wireless handhelds. Security vendor Network Associates (NAI) has unveiled an antivirus application designed to run on forthcoming wireless handheld devices that use Wi-Fi and Bluetooth technology. The company's McAfee VirusScan personal digital assistant (PDA) has been developed for handhelds running Microsoft's new mobile operating system, Windows Mobile 2003. http://www.vnunet.com/News/1141800 Devil's Advocate: Defeating the viruses in your Palm http://www.silicon.com/opinion/500011-500001/1/4807.html - - - - - - - - - - Network Associates Updates Desktop Firewall Network Associates Monday plans to roll out a new version of its McAfee Desktop Firewall with new capabilities to prevent users from installing potentially harmful applications or connecting remotely via an insecure machine. McAfee Desktop Firewall 8.0 allows IT administrators to prevent users from running unauthorized programs without taking away users' ability to control their desktops, said Ryan McGee, director of product marketing at McAfee Security, a division of Network Associates, based in Santa Clara, Calif. http://www.internetweek.com/breakingNews/showArticle.jhtml%3Bjsessionid=P43UEOGYSVE1UQSNDBGCKH0CJUMEKJVN?articleID=10800013 - - - - - - - - - - A Dictionary For Vulnerabilities CVE gives users, vendors, and toolmakers a common vocabulary for vulnerabilities. Unfortunately, the bad guys move quite a bit faster. If you ever read security vulnerabilities you eventually run into a notation looking like "CVE-2002-0947." This is a standard naming convention for vulnerabilities called Common Vulnerabilities and Exposures (CVE). CVE is administered by a company called Mitre, a non-profit company that operates governmental research facilities and other such cool things. In addition to hosting the CVE list, Mitre acts as the editor for aspects of list development. But the most important decisions are made by an editorial board with representatives of security and software firms. http://security.ziffdavis.com/article2/0,3973,1134336,00.asp - - - - - - - - - - Fined student gets donations to tune of $12K One of four college students who were accused of trading songs online and settled lawsuits in early May with the music industry has managed to collect his entire $12,000 fine on the Internet. http://www.usatoday.com/tech/news/2003-06-24-verizon_x.htm - - - - - - - - - - Database lets Missourians search old court cases Famed explorer Meriwether Lewis died with outstanding debts. Missouri's first senator, Thomas Hart Benton, was sued for libel. And scores of other lesser-known Missourians were embroiled in land disputes, divorces and such. From the famous to the obscure, about 7,000 legal cases heard by Missouri's highest court from 1783 to 1871 are now available on one of the tools of the 21st century the Internet. http://www.usatoday.com/tech/news/2003-06-24-show-me-the-database_x.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.