High Tech "NewsBits" for 09/02/03

NewsBits for September 2, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ FBI Says Teen Put Worm on Internet Government investigators yesterday arrested a Minnesota teenager on charges of unleashing a version of the "Blaster" worm that snarled Internet traffic and shut down computer systems from Maryland to Sweden earlier this month. FBI agents arrested Jeffrey Lee Parson, an 18-year-old high school senior, early yesterday at the home he shares with his parents in Hopkins, Minn. The U.S. attorney's office in Seattle, which is leading the case, charged Parson with intentionally damaging thousands of computers owned by Redmond, Wash.-based Microsoft Corp., other businesses and individuals. http://www.washingtonpost.com/wp-dyn/articles/A2306-2003Aug29.html Cops take a bite, or maybe a nibble, out of cybercrime Score one for the cybercops. But the game is far from over. The arrest Friday of a Minnesota high school student, who authorities say wrote a variation of the Blaster worm that has wreaked havoc with thousands of Microsoft Windows users and caused millions of dollars in damage, was a partial but rare victory in the emerging world of cybersleuths. http://www.usatoday.com/money/industries/technology/2003-09-01-blaster-cover_x.htm Worm suspect: Im not the one http://www.msnbc.com/news/960377.asp Cyberprints, police work led to arrest of suspected virus author http://www.usatoday.com/tech/news/computersecurity/2003-08-30-how-hacker-caught_x.htm Computer virus creators rarely face jail http://www.cnn.com/2003/TECH/internet/08/30/hacker.penalties.ap/index.html http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6657374.htm Should we lock up virus writers? http://zdnet.com.com/2100-1105_2-5070123.html FBI arrests 'stupid' Blaster.B suspect http://www.vnunet.com/News/1143304 Parsons not dumbest virus writer ever, shock! http://www.theregister.co.uk/content/56/32591.html Teen caught by own "Blaster" worm http://seattletimes.nwsource.com/html/localnews/2001676433_blaster30m.html Blaster Suspect a Typical Teen? http://www.wired.com/news/technology/0,1282,60263,00.html http://www.usatoday.com/tech/news/computersecurity/2003-09-02-parson-parents_x.htm Digital Vandalism Spurs a Call for Oversight http://www.nytimes.com/2003/09/01/technology/01NET.html?th - - - - - - - - - - Former Iowa State University student gets prison for child porn A former Iowa State University student was sentenced Friday to more than four years in federal prison on child pornography charges. Jason Neal Lighthall, 21, of Altoona was sentenced to 50 months in federal prison and a three-year supervised release after his prison term. Lighthall was charged with 100 counts of child pornography possession and 60 felony counts of promoting materials depicting sex with minors in May 2002. He pleaded guilty to reduced charges. Campus police seized a computer and disks from Lighthall's dormitory room in March 2002. More computer equipment was taken from his parents" house. Lighthall was suspected of allowing others to copy the images through the Internet. http://www.dmregister.com/news/stories/c4788993/22129413.html - - - - - - - - - - Sex offender gets 4-year prison term A Morrow County man was sent to prison for four years and designated a sexual predator during his sentencing Wednesday for having sex with a Tuscarawas County teenager last year. David A. Gardner, 36, of Iberia was taken from the courtroom directly to jail at the direction of Tuscarawas County Common Pleas Court Judge Elizabeth Lehigh Thomakos. In June Gardner pleaded guilty to one count each of unlawful sexual conduct with a minor and importuning. The first count stems from a rendezvous he had with the 15-year-old boy on Aug. 20, 2002, and the second charge resulted from his Internet conversations with an undercover law enforcement officer posing as the teen last November. http://www.timesreporter.com/left.php?ID=22073&r=3 - - - - - - - - - - Man gets jail term for Internet fraud THE Court of First Instance in Dubai has sentenced a Pakistani aged 32 to a year's imprisonment to be followed by deportation. He was also sentenced to one more year's jail term in the second and third cases on charges of fraud and misuse of bank accounts. The accused had published an advertisement in the local media offering jobs to drivers. http://www.godubai.com/gulftoday/article.asp?h_id=33 - - - - - - - - - - Sheriff's Department Hit by Computer Virus The San Diego County Sheriff's Department was hit by a computer virus that forced jail workers to manually book prisoners Saturday and disconnected employees from the Internet and e-mail. The virus, which struck early Friday, did not do any serious damage, said Lt. Don Crist. But jail workers could not operate the computer programs they usually use to fingerprint and book suspects, so they had to do the jobs manually, he said. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-sbriefs31.3aug31,1,3866619.story - - - - - - - - - - Sobig beats Blaster in Top of the Viral Pops Sobig eclipsed Blaster in the August viral charts. More than a third of support calls (37.6 per cent) logged by AV firm Sophos in August involved Sobig, twice as many (18.8 per cent) as that received about the prolific Blaster worm. Managed services firm MessageLabs has blocked more than 12.8 million Sobig- infected emails, since the appearance of Sobig-F on August 18. At the peak of infection, one in 17 emails MessageLabs scanned harboured the virus. IntY, which provides malicious code screening services for SMEs, reckons one in three emails in a sample of UK small businesses contained the virus at the peak of the outbreak. http://www.theregister.co.uk/content/56/32579.html http://www.smh.com.au/articles/2003/09/02/1062403503226.html http://www.vnunet.com/News/1143336 http://www.newsfactor.com/perl/story/22206.html - - - - - - - - - - Email scam seeks to fleece bank customers Another round of spam purporting to be from Citibank attempts to con customers into revealing personal information. A new spoofed Citibank spam email is doing the rounds that attempts to part unwitting victims from their credit card details, PIN number and email account details. http://news.zdnet.co.uk/internet/security/0,39020375,39116065,00.htm Vendor sells Latin American citizen data to U.S. http://news.zdnet.co.uk/internet/security/0,39020375,39116065,00.htm Fake websites on the Increase http://www.prosperity4.com/news/details.asp?id=108&pageno=1 Online retailers, security companies join to fight Web ID theft http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,84556,00.html - - - - - - - - - - The war on worms inches forward As agencies sopped up the mess from recent rolling worm attacks, the FBI asked for help from the public in tracking down the creators of the virus-bearing bugs. We employ the latest technology and code analysis to direct us to potential sources, and I am confident that we will find the culprits, FBI director Robert S. Mueller III said last week. http://gcn.com/22_25/news/23363-1.html - - - - - - - - - - Hacking by subpoena ruled illegal Issuing an egregiously overbroad subpoena for stored e-mail qualifies as a computer intrusion in violation of anti-hacking laws, a federal appeals court ruled Thursday, deciding a case in which a litigant in a civil matter subpoenaed every single piece of e-mail his courtroom adversary sent or received. http://www.theregister.co.uk/content/6/32571.html - - - - - - - - - - Viruses boost 'Big Brother' software It has never been easier for employers to monitor the e-mails and Internet activity of their staff. New anti-virus software easily enables companies to read e-mails, track Web surfing, and monitor content moving in and out of corporations. "Security software is a very competitive market and most vendors have now moved in to anti-spamming solutions and content filtering," Nancy Ho from security specialists Trend Micro told CNN. http://www.cnn.com/2003/TECH/08/29/your.tech.it.security/index.html Big Brother: It's not government, but corporate America doing the spying http://www.usatoday.com/tech/news/internetprivacy/2003-09-01-corporate-spying_x.htm - - - - - - - - - - Tone Deaf to a Moral Dilemma? Susan Philips has a conscience so sensitive to ethical failings that she feels guilty if she leaves her shopping cart adrift in the grocery store parking lot. Her influence is reflected in her elder daughter's career choice: Miriam Philips, 22, wants to be a rabbi. On at least one moral dilemma, though, mother and daughter are on opposite sides. To Susan, downloading music on the Internet without permission is wrong. To Miriam, it's just what you do when you go to college. (LA Times, free registration required) http://www.latimes.com/technology/la-fi-morals2sep02234423,1,7836665.story Colleges warn students about file swapping http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6672595.htm http://www.usatoday.com/tech/news/techpolicy/2003-09-02-file-sharing-students_x.htm Google sucked into RIAA/P2P fight http://www.vnunet.com/News/1143341 - - - - - - - - - - Guarding against ID theft The Armchair Millionaire guide to keeping your good name from going bad. My sister was the victim of identity theft and went through months of hassle getting everything straightened out. What are your suggestions for safeguarding your identity? http://money.cnn.com/2003/08/18/pf/banking/armchair_idtheft/index.htm http://money.netscape.cnn.com/credit.jsp - - - - - - - - - - James Bond evicts cybersquatter James Bond actor Pierce Brosnan has won a legal battle to claim the Internet Web site bearing his name, international arbitrators ruled Monday. The Irish star brought the case against a company that was a front for the now infamous cybersquatter Jeff Burgar, who redirected piercebrosnan.com to a commercial Web site. Burgar has been involved in several other disputes over celebrity Web sites and has lost cases against singer Celine Dion, rock group Pearl Jam and former Baywatch beauty Pamela Anderson. http://news.com.com/2100-1025_3-5070091.html http://www.cnn.com/2003/TECH/internet/09/01/web.brosnan/index.html http://www.theregister.co.uk/content/6/32612.html - - - - - - - - - - Surprising percentage of public fear cyberattacks About half of Americans fear terrorists will launch cyberattacks on the large networks that operate the banking, electrical transportation and water systems, disrupting everyday life and possibly crippling economic activity, according to a survey taken by Federal Computer Week and the Pew Internet & American Life Project. Some 49% of Americans surveyed said they were afraid of cyberassaults on key parts of the U.S. economy. A significant gender gap showed up in the data, as women were more likely to express fear. People in the Midwest were the most concerned about cyberterrorism. http://www.usatoday.com/tech/news/2003-08-30-cyberterror_x.htm http://www.fcw.com/fcw/articles/2003/0901/cov-pew2-09-01-03.asp http://www.orlandosentinel.com/news/nationworld/orl-asecwebterror01090103sep01xx,0,4358947.story - - - - - - - - - - New Office locks down documents As digital media publishers scramble to devise a foolproof method of copy protection, Microsoft is ready to push digital rights management into a whole new arena--your desktop. Office 2003, the upcoming update of the company's market- dominating productivity package, for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date. http://zdnet.com.com/2100-1104_2-5069246.html http://www.msnbc.com/news/960433.asp - - - - - - - - - - nCipher Aids PKI Portability Cryptographic hardware provider nCipher plc. is developing an application that promises to remove a major stumbling block for organizations looking to implement a PKI by automating the onerous process of moving encryption keys among devices. One drawback of public-key infrastructure cryptosystems, such as those used in e-commerce applications and other online transactions, has been that the keys used to encrypt messages or sign other keys are typically tied to specific devices. In many cases, the keys are generated and stored in hardware security modules designed to prevent people from removing them. http://www.eweek.com/article2/0,3959,1234621,00.asp - - - - - - - - - - Pocket-Sized Wireless Detection There you are: sitting in your favorite bookstore/cafe, sipping a caramel latte and casually leafing through the latest copy of Wired magazine when you are suddenly bombarded from almost every direction without warning and with no means to stop it. Fortunately, the storm you are caught in is made up of 802.11 packets which are traveling in the 2.4 or 5 gigahertz range and pose no real physical danger to you or those around you. http://www.securityfocus.com/infocus/1727 A multi-layered approach to wireless security http://www.itweb.co.za/sections/techforum/2003/0309020822.asp?A=MAW&S=Mobile%20and%20Wireless%20Technology&T=Section&O=FPSH - - - - - - - - - - Tippingpoint gets security nod Tippingpoint Technologies Inc. recently earned a security stamp of approval that could make the company's intrusion prevention appliances more attractive to government agencies. After completing rigorous testing last month, the company's UnityOne high-speed intrusion prevention systems became the first products in this category to earn the highly- regarded Common Criteria security certification, according to TippingPoint officials. http://www.fcw.com/fcw/articles/2003/0901/web-point-09-02-03.asp - - - - - - - - - - Digital Sandbox Recognizes Risks to Government Agencies In late 1998 Bryan S. Ware and Anthony F. Beverina thought they found a way to help federal and local government agencies analyze the risks to their infrastructure. The two, who were working for a government technology company at the time, proposed spinning off a new firm to pursue the idea. Their bosses' response, according to Ware: "Get back to work." They did get back to work, but at night they developed prototypes of the technology and floated the idea by every government official who would pick up the phone. http://www.washingtonpost.com/wp-dyn/articles/A8102-2003Aug31.html - - - - - - - - - - Security Service of Ukraine declares the necessity of monitoring communications "Introduction of lawful telecommunications monitoring is necessary in connection with requirements of Cybercrime Conventions and the corresponding directive of the European Community", - Security Service of Ukraine (SSU) declares. According to SSU's press-service, the passing of bill "About monitoring communications " will allow to develop the legislative base for regulation the work of law enforcement bodies on getting the information through communications for prevention or disclosing cybercrime and cyberterrorism; it could also allow to realize effective cooperation with foreign law enforcement bodies on monitoring communications in fighting criminality. http://www.crime-research.org/eng/news/2003/08/Mess3001.html - - - - - - - - - - How many security vulnerabilities a month are acceptable? Reading through responses to an article I wrote about Mad Hatter and the broader subject of auto-immune code, and since I am working on a project for a client that involves Sun products in a security context, it begs me to ask the question - are twenty security vulnerabilities in one month an acceptable number for Sun customers? http://www.it-director.com/article.php?articleid=11201 - - - - - - - - - - Editorial: Cyber Terrorism There is an assumption that the march of science and technology is taking humankind toward ever-dizzier heights of achievement. Yet those who feel disturbed about the loss of all the old-fashioned skills that are being replaced by technology must have felt a grim satisfaction recently. First there was the paralysis of the eastern states of North America in the biggest-ever power failure and now yet another computer virus has brought hundreds of thousands of computers around the world to a grinding halt. http://www.arabnews.com/?page=7SSion;=0&article=31196&d=1&m=9&y=2003 - - - - - - - - - - How some spammers get your e-mail Forget bad luck. Those annoying chain letters circulating the Internet could be cursing you with an inbox full of spam e-mail, computer experts warn. While not as efficient as "spiders" which automatically crawl the Web in search of addresses, computer experts warn that some spammers are using chain letters to collect e-mail usernames. http://www.cnn.com/2003/TECH/internet/09/01/spam.chainletter/index.html A Support Group for Spammers http://www.wired.com/news/culture/0,1284,60224,00.html - - - - - - - - - - Sex, lies and Data Protection Act leave SMEs in peril Firms trying to protect themselves against claims for sex discrimination by completing equal pay questionnaires submitted by employees risk falling foul of the Data Protection Act, legal experts have warned. UK commercial law practice Reynolds Porter Chamberlain (RPC) said the danger - which is most acute for small companies - centres on the fact that employees who suspect that they may have a claim under the Equal Pay Act 1970 are now allowed to submit a questionnaire to their employer requesting information on the pay of a comparable colleague, either by name or by job title. http://www.theregister.co.uk/content/67/32584.html - - - - - - - - - - DHS expands information sharing The Homeland Security Department today unveiled a program that will increase its terrorist information sharing with state and local authorities, as part of a series of steps to reorganize security functions. During a speech this afternoon in Washington, department secretary Tom Ridge described the Strategic Communications Resources, or Secure, initiative. http://www.gcn.com/vol1_no1/daily-updates/23386-1.html Ridge sees technology, agency restructuring bolstering homeland security http://computerworld.com/securitytopics/security/story/0,10801,84550,00.html GAO: Federal, local agencies do not effectively share terrorism intelligence http://www.govexec.com/dailyfed/0903/090203gsn1.htm - - - - - - - - - - Text-messaging drivers may go to jail Singaporeans who send text messages on their mobile phones while driving face a fine of up to 1,000 Singapore dollars (US $570) and six months in jail, police said Tuesday. Police issued a statement about text messaging behind the wheel after a letter appeared in the Straits Times newspaper asking whether it was legal for a bus driver to send messages with one hand while steering his vehicle with the other. http://www.cnn.com/2003/TECH/internet/09/02/message.jail.ap/index.html http://www.usatoday.com/tech/world/2003-09-02-singapore-texting_x.htm - - - - - - - - - - GPS device thief caught by GPS To track down this alleged thief, all police had to do was flick on a computer. A 40-year-old man was arrested Wednesday and charged with stealing a computerized tracking device that uses a global positioning system to keep track of jail prisoners on home detention. http://www.cnn.com/2003/US/Midwest/09/01/offbeat.gps.thief.ap/index.html http://www.usatoday.com/tech/news/2003-09-02-stolen-gps_x.htm http://www.theregister.co.uk/content/55/32610.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.