NewsBits for July 21, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Con artists posing as Net companies are a growing problem Stealing identities and credit card numbers with bogus e-mail and Web sites that appear to come from legitimate companies is an increasing problem on the Internet, federal officials warned Monday. The Federal Trade Commission said it had brought its first case against this type of scheme, called ``spoofing'' or ``carding.'' A 17-year-old California boy accused of posing as America Online agreed to settle federal charges by accepting a lifetime ban on sending junk e-mail and paying a $3,500 fine, the FTC said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6351795.htm http://www.securityfocus.com/news/6458 http://news.zdnet.co.uk/story/0,,t269-s2137915,00.html http://news.com.com/2100-1009_3-5050295.html http://www.washingtonpost.com/wp-dyn/articles/A23606-2003Jul21.html http://www.theregister.co.uk/content/55/31853.html http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,83282,00.html Feds Nab Teen Who Scammed AOL http://www.wired.com/news/infostructure/0,1377,59707,00.html - - - - - - - - - - Computer Game Turned Bloody Mismatch Lands 9 Teens in Court One player and friends were ambushed when he agreed to fight the other player, authorities say. For two San Gabriel Valley teenagers, an Internet computer game was too intense to forget about in cyberspace, so they agreed to fight in person. It ended with the arrest of nine teenagers charged as adults with 10 felony counts after a bloody mismatch in a secluded Hacienda Heights community. They are all due in Pomona Superior Court today for their preliminary hearings to determine if they should stand trial. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-hacienda21jul21,1,7211290.story - - - - - - - - - - Trojan infection linked to SA Net bank thefts A Trojan infection has been linked to the theft of hundreds of thousands of rand from Internet accounts held at South African bank Absa. South Africa's Sunday Times yesterday reported that police are investigating nine cases involving thefts from Absa accounts. Losses reported to the police come in at R230,000 (PS18,800) but the Sunday Times says it has evidence that a further R300,000(PS24,600), not included in police figures, went missing from the account of one customer who contacted the paper. http://www.theregister.co.uk/content/6/31848.html - - - - - - - - - - Teacher Possessing Child Porn Gets Four Years In Prison An Oahu public school teacher who pleaded guilty to federal charges of possessing child pornography was sentenced Friday to nearly four years in prison. Keith Akana admitted in September to using the Internet to collect and trade images of underage children involved in sex. Prosecutors say more than 400 illegal images were found on his home computer. Akana was sentenced to three years and 10 months behind bars and fined $3,000. He had faced a possible five-year sentence, but asked for leniency because of health problems that could become worse in prison. http://www.thehawaiichannel.com/news/2344710/detail.html - - - - - - - - - - Four men charged with child-sex crimes Prosecutors have filed charges against four of five men arrested in one night by the Utah Internet Crimes Against Children Task Force. Benjamin Frank Sartor, 20, and Jesse John Kavachevich, 20, both of Sunset, were charged Friday with attempted sodomy on a child, a first-degree felony punishable by a sentence of up to life in prison. Derrick Paul Bowen, 19, of Draper, was charged with two counts of enticing a minor over the Internet, and Justin Warren Bass, 20, of Holladay, was charged with one count. The second-degree felony is punishable by a sentence of up to 15 years in prison. The four men were arrested early Thursday by task force agents. They had traveled first to a West Valley City convenience store for a meeting with a 13-year-old girl, then went to a Salt Lake City elementary school for a meeting with another 13-year-old, according to documents filed in the case. Both teens were actually task force agents. The men thought the girls would perform oral sex on them, according to court documents. http://www.sltrib.com/2003/Jul/07202003/utah/77032.asp - - - - - - - - - - Sly Microsoft-update' worm gets abusive Netxactics, the southern African distributor for Sophos Anti-Virus, reports that the new Gruel worm (W32/Gruel-D) the latest in a number of variants of the worm, which poses as a critical security patch from Microsoft attacks Windows installation and gets abusive in the process. http://196.30.226.221/sections/software/2003/0307211010.asp Gruel worms launch cruel attack on Microsoft, Sophos says beware http://196.30.226.221/sections/software/2003/0307210808.asp - - - - - - - - - - Japan Weighs Halt to Internet Suicide Sites Authorities should focus on counseling and support rather than a Web crackdown after a spate of deaths this year, experts say. The pattern has become chillingly familiar. After forging a pact with strangers over the Internet, young Japanese get together to carry out a carefully planned task suicide. (LA Times article, free registration required) http://www.latimes.com/technology/la-adfg-net20jul20,1,2588014.story - - - - - - - - - - U.S. Internet Gambling Crackdown Sparks WTO Complaint Caribbean Nation Charges that U.S. Policies Violate International Trade Accords. The World Trade Organization today said it will appoint a three-member panel to determine if U.S. efforts to crack down on offshore Internet gambling operations violate international trade accords. http://www.washingtonpost.com/wp-dyn/articles/A24490-2003Jul21.html - - - - - - - - - - Court speeds file-swapping appeal A Los Angeles federal court has put the record and movie industry's appeal of April's surprise file- swapping decision on the fast track. The move means that the appeal of the lower court's ruling, which said that file-swapping software like Grokster and Morpheus is legal, could be heard by the end of the year. Briefs for the record labels and movies studios are due August 18, with reply briefs for the file- swapping companies due on Sept. 17. http://zdnet.com.com/2110-1105_2-1027504.html - - - - - - - - - - Patriot Act Complaints Reviewed Justice Department investigators found that 34 claims were credible of more than 1,000 civil rights and civil liberties complaints stemming from anti-terrorism efforts, including allegations of intimidation and false arrest. According to a report Monday, Glenn A. Fine, the Justice Department's inspector general, looked into allegations made between Dec. 16, 2002, and June 15 under oversight provisions of the USA Patriot Act. Many complaints were from Muslims or people of Arab descent who claimed they were beaten or verbally abused while being detained. http://www.wired.com/news/politics/0,1283,59709,00.html - - - - - - - - - - RIAA nails 1,000 music-lovers in 'new Prohibition' jihad The Recording Industry Association of America's attack on US culture has escalated at an alarming pace this week. On Friday the lobby group that works on behalf of the large, mostly foreign-owned, music conglomerates that own the music copyrights and distribution channels confirmed that it was serving subpoenas at the rate of 75 a day on US citizens for the crime of sharing the music they love. http://www.theregister.co.uk/content/6/31833.html Anti-RIAA protests begin http://www.vnunet.com/News/1142485 - - - - - - - - - - Private-sector IT execs see diminished cybersecurity role This Friday marks the end of the 30-day period in which the U.S. Department of Homeland Security hoped it would hire a leader for its cybersecurity division. But there are serious doubts about whether the DHS will be able to hire the right person this week or even in the foreseeable future. According to the former top cybersecurity adviser to the president, a high-level source in the DHS and IT industry executives, many of the most qualified candidates have been turned off by what they perceive as the administration's surprising change of heart on cybersecurity. http://computerworld.com/governmenttopics/government/policy/story/0,10801,83242,00.html - - - - - - - - - - Police target free email THE Federal Police is talking with the major free email providers in the hope of making it easier to trace suspects who use the accounts for crimes like fraud and paedophilia. The news came as an ex-NCA member suggested abolishing free email accounts as a way to better identify offenders online. http://www.news.com.au/common/story_page/0,4057,6786644%255E15306,00.html - - - - - - - - - - Police seek more cyber muscle The Australian Crime Commission is seeking greater powers for police and other agencies to identify and prosecute computer criminals as part of a national crackdown on cybercrime. The commission has called for state police to gain the use of search warrants, currently reserved for federal agencies such as the Australian Security Intelligence Organisation, which would enable police to monitor an individual or organisation's computer remotely. http://afr.com/articles/2003/07/18/1058035197739.html - - - - - - - - - - PEDOPHILE DRAGNET THERE is a picture on the wall of Special Agent Stacey Bradley's office. It shows a young girl in a yellow polo neck smiling up at the sky. Once, it was Stacey's favourite childhood photograph of herself. During an undercover operation, the FBI investigator emailed it to a man who hoped to persuade a 12-year-old girl to have sex with him. Stacey looks at that picture differently now. It floats through cyberspace, duplicated on dozens of paedophile sites and exchanged by men aroused by the prospect of one more child to violate. Stacey Bradley is the sort of woman Hollywood dreams about. A blonde with a pneumatic figure, who tucks a pistol in the waistband of her skirt, she is one of the agency's most senior investigators into online child abuse. http://www.mirror.co.uk/news/allnews/content_objectid=13200251_method=full_siteid=50143_headline=-PAEDOPHILE-DRAGNET-name_page.html - - - - - - - - - - Net scandal that will shock every parent This is the moment when an evil internet pervert snared his innocent prey. Karan Singh Randhawa, a married father of two, persuaded "12-year-old Gillian" to meet him face to face after an extraordinary three-and-a-half hours of practised - and sickening - seduction in an online children's chatroom. But what the 30-year-old pervert didn't know was that the "youngster" was in reality a Sunday Mirror investigator - and our team was monitoring his every move. While ex-US marine Toby Studabaker was being quizzed by police after his alleged abduction of 12-year-old Shevaun Pennington following an internet courtship, Randhawa was trying to satisfy his evil lust by logging on to a teenage chat site called Schoolgirls. The site is open to anyone to enter for free, but it is targeted at young school children. Within minutes our investigator was contacted by dozens of adults who had only one thing in mind - sex with young children. http://www.sundaymirror.co.uk/news/content_objectid=13197354_method=full_siteid=106694_headline=-Sunday-Mirror-Investigates--Net-scandal-that-will-shock-every-parent-I-D-LOVE-TO-TOUCH-YOU-name_page.html - - - - - - - - - - EDS security so good, security memo gets leaked THE CHIEF Information Security and Privacy Executive at EDS has had a memo he posted about security leaked. Over at Internalmemos.com, the purported memo from Mr Clark tells the world that "recent intrustion attempts" have used techniques to exploit simple passwords. He urges all EDS staff to make sure that their passwords are compliant with "best practice guidelines". http://www.theinquirer.net/?article=10592 - - - - - - - - - - E-mail trauma goes beyond spam, survey concludes Thirty-four percent of CIOs consider an e-mail outage more traumatic than a car accident or a divorce, according to the findings of a new survey of IT chiefs from around the globe. Almost half the respondents said they had difficulty retrieving specific e-mail from backup media, said Jeremy Burton, senior vice president of Veritas Software Corp. The Mountain View, Calif., company commissioned the survey from market researcher Dynamic Markets Ltd. of Abergavenny, Wales. http://www.gcn.com/vol1_no1/daily-updates/22837-1.html - - - - - - - - - - Hackers War Drive into Wireless Security weaknesses of 802.11 LANs will be addressed in three separate sessions, and include ways to defeat wireless encryption protocol (WEP), detecting attacks against 802.11 networks, and installing rogue access points in existing LANs. August in Las Vegas is always hot, but the airwaves will be burning when DEFCON kicks off August 1-3, 2003, at the Alexis Park Hotel. http://www.newsfactor.com/perl/story/21935.html - - - - - - - - - - Sensors guard privacy In a world where sensor networking and location tracking technology is becoming increasingly sophisticated and prevalent, preserving privacy is an increasingly difficult challenge. Researchers from the University of Colorado at Boulder have addressed the problem with a way to set up networks of tiny sensors that allows users to gain useful traffic statistics but preserves privacy by cloaking location information for any given individual. http://www.trnmag.com/Stories/2003/071603/Sensors_guard_privacy_071603.html - - - - - - - - - - IS unveils Security Proxy The modern office environment with its extensive reliance on the Internet provides employees with access to the Web because it is such an important business tool. However, Internet access has a downside for companies because most staff are able to use it to escape from the day to day routine of work, by periodically browsing, downloading music or software, shopping or banking online and accessing any number of Internet sites unrelated to their work. http://196.30.226.221/sections/internet/2003/0307210812.asp WLAN Security Apps Tighten IT's Net Control http://www.eweek.com/article2/0,3959,1199130,00.asp - - - - - - - - - - Calculating security ROI is tricky business IT departments have traditionally been viewed as cost centers, though they have learned to provide a business- case analysis for IT initiatives. Information security departments are trying to figure out how to do the same thing. They can't sell security initiatives based on fear anymore. They have to come up with the same justifications as any other business unit, complete with the dreaded metrics, or hard financial facts. http://computerworld.com/securitytopics/security/story/0,10801,83207,00.html - - - - - - - - - - Cyberterrorism - the new side of terrorism Prompt development of electronic control means in technological processes has resulted to occurrence of essentially new kind of terrorism - electronic terrorism or cyberterrorism.There are known attempts of threats to use nuclear, chemical and bacteriological weapon by way of the cyberterrorism. It is vitally important to provide protection of national critical infrastructure against this kind of criminal activity, that represents a danger to people life and well-being, threatens the world and national security, undermines trust to the state authorities. http://www.crime-research.org/eng/news/2003/07/Mess2102.html - - - - - - - - - - SAN and NAS systems have security problems. Here's how to fix them. Storage systems weren't designed with security in mind. They started out as direct-attached, so if the host was secure, the storage was too. That's all changed. Fibre Channel storage networks often have multiple switches and IP gateways, allowing access from a myriad of points. Compound this with poor work by systems administrators, new data security laws and recent high-profile cases of consumer information theft, and the need for improved storage security becomes urgent. http://computerworld.com/securitytopics/security/story/0,10801,83194,00.html - - - - - - - - - - The Prisoner of Sex.com Gary Kremen started Match.com but ended up with chump change. Then he got caught up in Sex.com, where success left him lying on his back in the gutter. It's a typically sunny day in Rancho Santa Fe, California, and Gary Kremen is standing on the back patio of the mansion that's a monument to his greatest success - and his worst failure. A sleepy suburb 15 miles north of San Diego, Rancho Santa Fe is the richest community in the country, according to the US Census Bureau. Even by local standards, Kremen's seven-bedroom home is swank: It has a swimming pool, an in-ground hot tub, a tennis court, and a volleyball sandpit, all set against rolling acres of lemon groves. http://www.wired.com/wired/archive/11.08/sex_com.html - - - - - - - - - - BT overdoses on Cisco security fix BT restored its ADSL network to normal operation this afternoon after attempts to guard against a serious security problem overnight inadvertently disrupted the connections of a substantial minority of UK Net users this morning. In response to a serious DoS risk affecting a wide range of Cisco routers and switches (which emerged yesterday), BT sensibly decided to upgrade the software on its core network routers to non-vulnerable versions of Cisco's IOS software. Unfortunately not everything went smoothly. http://www.securityfocus.com/news/6457 - - - - - - - - - - Police use Java to keep track of crime SOUTH Australia Police are planning a major expansion of their operational computer systems, proposing to build a criminal intelligence system linked to a data warehouse, as well as upgrading a legacy crime reporting system. The service's forward procurement plan says major investments will take place between 2003 and 2005 as part of a systems upgrade. Information systems and technology director Gary Dickie said the criminal intelligence system would enable police to operate in a secure environment. http://australianit.news.com.au/articles/0,7204,6787297%5E15321%5E%5Enbv%5E15306,00.html - - - - - - - - - - In gyms, few are smiling for the camera Cell phones that also take pictures raise concerns about privacy in L.A.'s health clubs. They're small, inconspicuous, can send and receive pictures surreptitiously and could make the locker room the riskiest place in the gym. The new breed of cell phones with built-in cameras is stirring anxiety in L.A.'s fitness world, where some health clubs are banning cell phones from locker rooms and other areas of the gym. Their concern: The phones, which typically have a tiny lens on the back and a viewing screen in the front, could be used to take clandestine shots that could find their way to the Internet or elsewhere. (LA Times article, free registration required) http://www.latimes.com/technology/la-he-bodywork21jul21,1,4955523.story - - - - - - - - - - Cyber sex lures love cheats Growing numbers of married people are turning to internet chat rooms for sexual thrills, a US study has found. Most spouses who got involved with the opposite sex over the internet did not think they were doing anything wrong, said the report by a University of Florida researcher. But partners felt betrayed by the virtual infidelity, even though in most cases no physical contact had taken place. http://news.bbc.co.uk/2/hi/technology/3083173.stm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.