NewsBits for September 16, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Banks in U.K, Canada hit with e-mail scam Within the past week, customers of Britain's Barclays Bank and two Canadian banks have been the victims of cybercriminals who tricked them into revealing their personal account information. In the U.K., Barclays Bank PLC warned customers on Saturday of an e-mail scam designed to get them to reveal confidential financial information. And in Canada, customers of BMO Bank of Montreal and Toronto-based Mouvement des Caisse Desjardins were hit with a variation of the same e-mail scam. According to Barclays, fraudsters sent an e-mail message purporting to be from the bank with a link to what appeared to be the bank's Web site. It was, in fact, a spoof site. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,85029,00.html - - - - - - - - - - 'Homeless hacker' hits out at wasted dollars spent to catch him Doesn't the government have anything better to do with its money? Adrian Lamo, the notorious homeless hacker has hit out at the cost and the man hours 'wasted' by the US government in bringing him to justice. In an interview with silicon.com's sister site News.com, Adrian Lamo expressed disbelief at the operation which eventually arrested him for alleged offences such as gaining unauthorised access to the New York Times website. http://www.silicon.com/news/500022/1/6033.html http://zdnet.com.com/2100-1105_2-5077078.html - - - - - - - - - - Flurry of arrests in cybercrime cases The crackdown on cybercrime is continuing. Law-enforcement officials have arrested and charged several suspects accused of instigating some of the recent wave of computer viruses and system hacks. Authorities in Romania last week charged Dan Dumitru Ciobanu with cybercrimes for writing the Blaster-F variant; he faces up to 15 years in prison if found guilty. http://www.itnews.com.au/storycontent.cfm?ID=9&Art_ID=12932 - - - - - - - - - - Australia to block stolen cell phones Stolen or lost mobile phones will be blocked across all GSM networks in Australia from September 15, the Australian Mobile Telecommunications Authority has announced. The country's mobile operators, Optus, Telstra and Vodafone, will use an anti-theft technology that works by detecting a mobile phones electronic serial number--the International Mobile Equipment Identity (IMEI) number--which will then be shared among operators to block the identified phone from all GSM networks. http://zdnet.com.com/2110-1103_2-5077145.html - - - - - - - - - - Hacker put details on web in spite A 14-year-old hacker put 895 customer records of Hamilton internet provider Net4U on the web in an act of spite. The information included the names, addresses and telephone numbers, as well as email addresses, passwords and customers' credit card numbers with expiry dates. Net4U customer Dan Clark of Scarfies.net in Dunedin said he was outraged his details had been put on the web. He had been happy with Net4U's overall service, but "in terms of security, they've obviously got a lot to learn still" and planned to move off the internet provider soon. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3523946 - - - - - - - - - - Hackers distributing new Windows exploit Security researchers on Tuesday detected hackers distributing software to break into computers using flaws announced last week in some versions of Microsoft Corp.'s Windows operating system. The threat from this new vulnerability -- which already has drawn stern warnings from the Homeland Security Department -- is remarkably similar to one that allowed the Blaster virus to infect hundreds of thousands of computers last month. http://www.securityfocus.com/news/6975 http://news.com.com/2100-1002-5077666.html http://www.msnbc.com/news/967786.asp - - - - - - - - - - US declares global war on hackers The increasing sophistication and speed of cyber- attacks has prompted the launch of a US-led global internet monitoring service. The US Department of Homeland Security is to get together with Carnegie Mellon University's Computer Emergency Response Team Coordination Center (Cert/CC). http://www.vnunet.com/News/1143664 - - - - - - - - - - Appeals court weighs subpoenas for music downloads A U.S. appeals court wrestled with questions Tuesday over whether the music industry can use special copyright subpoenas in its campaign to track and sue computer users who download songs over the Internet. Judge John Roberts of the U.S. Court of Appeals for the District of Columbia challenged Recording Industry Association of America lawyer Donald B. Verrilli Jr. on whether computer users downloading music were any different from people who maintain libraries in their homes. http://www.usatoday.com/tech/news/techpolicy/2003-09-16-verizon-riaa_x.htm http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6784743.htm http://zdnet.com.com/2100-1104_2-5077240.html http://www.msnbc.com/news/967473.asp http://www.wired.com/news/digiwood/0,1412,60460,00.html Blame Canada http://techcentralstation.com/081803C.html Europe heading down DMCA route, warns think tank http://news.zdnet.co.uk/0,39020330,39116390,00.htm Verizon, Record Companies Duel Over 'Net Piracy http://www.washingtonpost.com/wp-dyn/articles/A20565-2003Sep16.html - - - - - - - - - - BSA survey: Campus attitudes invite software piracy A survey released today by the Business Software Alliance indicates that most students don't think it's wrong to download or swap files. And downloading music, for example, is just one step away from illegally downloading software, said Diane Smirolodo, a spokeswoman for the Washington-based antipiracy group. On the other hand, the BSA survey found that two-thirds of faculty and administrators believe software piracy is wrong, Smirolodo said. http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,85017,00.html - - - - - - - - - - Local Cyberterrorism Exercise Nearly Finished The third and final phase of a year-long exercise aimed to help local infrastructures test and improve their response to cyberterrorism started Monday. The University of Texas at San Antonio's Center for Infrastructure Assurance and Security is running the exercise, called "Dark Screen," in partnership with city, county, state and federal agencies, as well as military and local businesses. Phase Three of "Dark Screen" is a live exercise in which participants will be given cyberattack scenarios that will play out at workplaces. http://www.ksat.com/technology/2485743/detail.html - - - - - - - - - - Kids online - parents in the dark More than half of the UK's parent's haven't the foggiest idea what their kids are up to online, according to a study commissioned by cableco Telewest. Its NOP survey of 500 parents found that half of those quizzed are so concerned they sit with their kids while they flit about on the Net. More than a third of parents said they have been concerned about what their kids have seen online. And four in ten parents are unclear where to go to get advice about being safe online. http://www.theregister.co.uk/content/6/32844.html - - - - - - - - - - $6-Million Campaign Targets Phone Scams A $6-million campaign is under way to protect non- English-speaking Asians and Latinos from unscrupulous practices by suppliers of telephone services. Groups including the Asian-Pacific American Legal Center of Los Angeles are providing information on consumer rights and remedies regarding illegal switching of phone providers, unauthorized charges and fees, telemarketing, prepaid phone cards, false and misleading advertising and cell phones. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-briefs16.4sep16,1,4416172.story - - - - - - - - - - Homeland Security plans cybersecurity summit The Homeland Security Department is planning a National Cybersecurity Summit for the fall. Robert Liscouski, assistant secretary of Homeland Security for infrastructure protection, announced the conference at a hearing this morning of the House Select Homeland Security Committee Subcommittee on Cybersecurity, Science and R&D. He said the conference would occur in November. "Our summit is going to involve not only those in the technology sector but across industries," he said, but declined to give additional details now. http://www.gcn.com/vol1_no1/daily-updates/23545-1.html http://www.fcw.com/fcw/articles/2003/0915/web-lisc-09-16-03.asp - - - - - - - - - - Ballmer to crackers: this PC ain't big enough for the both of us The recent deluge of Internet worms and security vulnerabilities affecting Windows will not affect Microsoft's ability to "innovate", CEO Steve Ballmer pledged yesterday. Ballmer told an audience at the Churchill Club in Santa Clara, California, that "better security and constant innovation go hand in hand". Essentially this was a message for the markets- all these security problems are not going to slow our production of newer, bigger, more expensive stuff. http://www.theregister.co.uk/content/4/32857.html http://www.usatoday.com/tech/news/computersecurity/2003-09-15-ballmer-on-viruses_x.htm http://www.latimes.com/technology/la-fi-rup16.1sep16,1,3533047.story http://zdnet.com.com/2100-1105_2-5076903.html http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2914686,00.html http://www.pcworld.com/news/article/0,aid,112496,00.asp - - - - - - - - - - Beware ID theft, post offices warn If identity theft hasnt gotten your attention yet, it probably will the next time you go to the post office. The U.S. Postal Inspectors Office launched an aggressive consumer awareness program this week aimed at preventing the crime. The campaign features Law & Order star Jerry Orbach, himself a victim of identity theft, as a poster child for victims. If it can happen to me, it can happen to anyone, says Orbach, in posters that began appearing in all 38,000 post offices this week. http://www.msnbc.com/news/967449.asp - - - - - - - - - - Software released to neutralize VeriSign typosquatting The developer of software that essentially guides Web surfers sought Tuesday to neutralize a controversial service designed to help users who mistype Internet addresses. The Internet Software Consortium, the nonprofit organization that develops BIND software for Internet domain name directories, is writing an "urgent patch" for Internet service providers and others who want to block customers from a new Site Finder service from VeriSign Inc. http://www.securityfocus.com/news/6971 - - - - - - - - - - Poor security could hamper web services take-up Firms need to adopt technologies such as smart cards and digital certificates, says analyst. Businesses must adopt stronger user authentication technology, such as smart cards and digital certificates, if they are to take advantage of emerging web services, according to a report by the Butler Group. The research, Identity and Access Management, says traditional username and passwords are not secure enough for the next generation of online services and are also becoming too difficult and costly to manage both for network managers and end-users. http://www.silicon.com/news/500014/1/6028.html CA on security: "Watch this space" http://www.silicon.com/news/500013/1/6030.html Security software edges into limelight http://news.zdnet.co.uk/internet/security/0,39020375,39116389,00.htm - - - - - - - - - - Internet Worms: Worst Is Yet To Come? "We, as a people, have valued productivity and access over security," says Fred Felman, vice president of marketing for Zone Labs. Users have demanded greater access, collaboration, and ease of use from vendors, and "those things don't come without a cost." The success that a few simple Internet worms have had bringing networks to their knees would be downright embarrassing in other security contexts -- sort of like coming home from work to find that a three-year old has outsmarted the house's multilayer security system and spent a few hours rooting around in the refrigerator. http://www.newsfactor.com/perl/story/22298.html - - - - - - - - - - Former spy says policy essential to good security Businesses should base their IT security plans on the principals used by the secret service, according to a former head of MI5. An organisation can never be truly secure until it has developed and enforced a well prepared security policy, according to Dame Stella Rimington, former director general of MI5. http://news.zdnet.co.uk/internet/security/0,39020375,39116398,00.htm http://www.cnn.com/2003/TECH/ptech/09/16/tech.spy.reut/index.html - - - - - - - - - - How should virus writers be punished? News that an American teenager has been arrested on suspicion of releasing one variant of the potentially devastating Blaster virus has reopened the debate on how virus authors should be punished. http://www.vnunet.com/News/1143650 - - - - - - - - - - If These Networks Get Hacked, Beware America's critical transportation, power, and communications systems remain quite vulnerable and lack funds to remedy that. When the subway trains of the Bay Area Rapid Transit system rattle through tunnels under San Francisco and over elevated tracks in Oakland, Ray Mok is in control. As BART's principal network engineer, Mok has created one of the most technologically sophisticated public transportation systems on the planet, using the protocols that power the Internetto manage BART's thousands of moving pieces. http://www.businessweek.com/technology/content/sep2003/tc20030916_9564_tc129.htm - - - - - - - - - - New center to merge terrorist watch lists In the face of continuing criticism over the numerous terrorist watch lists in use across government, the Bush administration today outlined plans for a new center whose job it will be to run a database merging those lists. Dubbed the Terrorist Screening Center, the new unit will consolidate the governments watch lists into a central repository of data available to users around the clock, said Larry Mefford, the FBI's executive assistant director for counterterrorism and counterintelligence. http://www.gcn.com/vol1_no1/daily-updates/23562-1.html http://www.fcw.com/fcw/articles/2003/0915/web-terror-09-16-03.asp - - - - - - - - - - Smart-tag technology speeds forward Backers of new radio-tagged product codes, a kind of souped-up bar code, are heralding this as the week the technology finally moves off the drawing board and into the real world. Unlike traditional bar codes, Radio Frequency Identification tags do not need to pass under a laser reader. They are already commonly used by drivers with "speed passes" at toll booths, by U.S. military quartermasters and by ranchers tracking livestock from "farm to fork." http://www.usatoday.com/tech/news/techinnovations/2003-09-16-smart-tags_x.htm - - - - - - - - - - IBM sued over 'implant' microchip Applied Digital is suing IBM over the rights to a microchip that can be implanted beneath the skin and read by a remote sensor. Applied Digital Solutions says it has filed a lawsuit against IBM, alleging that IBM has tried to take control of the rights to a microchip that can be implanted under human skin. http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39116397,00.htm *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.