NewsBits for October 3, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Four Plead Guilty in Online Piracy Ring Four men have pleaded guilty for their roles in an online piracy ring that illegally distributed tens of thousands of copyrighted items through the Internet. Federal prosecutors said Thursday that the guilty pleas were part of a national probe into pirated video games, movies, music files and computer software. Some of the file servers were located at the State University of New York at Albany. http://www.cnn.com/2003/TECH/biztech/10/03/software.piracy.ap/index.html http://www.latimes.com/technology/la-fi-pirates3oct03,1,6092581.story http://www.usatoday.com/tech/news/computersecurity/2003-10-02-software-piracy_x.htm http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,85702,00.html - - - - - - - - - - Kucinich backer hacks CBS News site The CBS News site was apparently hijacked by a supporter of Democratic presidential candidate Dennis Kucinich on Friday morning. Visitors to the CBSNews.com Web site were presented with a text message and a video promoting the candidacy of the congressman from Cleveland. A CBS representative said the company was "looking into the problem." The network appeared to remedy the situation shortly after it began. http://zdnet.com.com/2100-1105_2-5086070.html - - - - - - - - - - Former Spanish High School Teacher Pleads Guilty To Child Porn A former high school teacher who has admitted to engaging in sex acts with a 13-year-old girl pleaded guilty to possessing child pornography on his computer. Carbon County Judge Roger N. Nanovic deferred sentencing Thursday for James F. Jetter, who pleaded guilty to three felony counts. Prosecutors say Jetter kept hundreds of pornographic images on his home computer. Some of the images depicted the girl with whom he acknowledged having sex upon pleading guilty in July. http://pennlive.com/newsflash/pa/index.ssf?/base/news-7/106517754088570.xml - - - - - - - - - - Former trooper had child porn A former state police corporal who was serving house arrest for 20 counts of sexual abuse of children was arrested Tuesday for allegedly possessing child pornography and sexual paraphernalia. John R. Mason, 42, who worked out of the Waynesburg barracks in western Pennsylvania, was sentenced Aug. 5 to nine to 18 months in Greene County Prison. Mason's illegal activities came to the attention of the state police in 1999, when his wife and daughter discovered images of child pornography on their home computer. http://www.pottstownmercury.com/site/news.cfm?newsid=10262021&BRD=1674&PAG=461&dept_id=18041&rfi=6 - - - - - - - - - - Child pornographer used sister's ID to buy computer later used for porn Convicted child pornographer Scott A. Beckler returned to court Thursday, accused of stealing his sister's identity in 2001 to purchase a computer that he later used for storing porn. Beckler, 36, formerly of Aberdeen, pleaded guilty to the misdemeanor charge in Brown County Circuit Court. Judge Larry Lovrien imposed a 180-day jail sentence but suspended all of the term as long as Beckler pays $1,759.98 in restitution. Beckler is currently serving an eight-year prison term at the state penitentiary in Sioux Falls. http://www.aberdeennews.com/mld/aberdeennews/news/6923653.htm - - - - - - - - - - Greensburg man charged in luring, assaulting teen A Greensburg man faces criminal charges for persuading a Latrobe teenager he met on the Internet to accompany him to a county park for a sexual encounter. Thomas M. Martin Jr., 22, of 538 Waterbury Drive, is charged with indecent assault, corruption of minors and simple assault. http://www.pittsburghlive.com/x/tribune-review/westmoreland/s_158158.html - - - - - - - - - - 'Net Security Expert Waives Teen Sex Hearing An analyst at a government-affiliated facility waived his right to a preliminary hearing Friday on charges that he allegedly tried to have sex with a 15-year-old girl after sending her explicit e-mails. Ian Finlay, 26, of Pittsburgh's Friendship area, was arrested Aug. 22 at a McDonald's restaurant on Route 30 in Hempfield, Westmoreland County. He was allegedly planning to meet the teen there, but it turned out that she does not exist. State police said an undercover officer posed as the girl and met Finlay in an online chat room in July. They kept in touch via e-mail, and Finlay eventually arranged a face-to-face meeting so they could have sex, according to police. http://www.thepittsburghchannel.com/technology/2426808/detail.html - - - - - - - - - - Hacker spoils game for software firm A Bellevue, Wash., company that spent five years developing the sequel to its acclaimed computer game Half Life was victimized this week by an enemy more fearsome than the alien thugs that populate its make-believe world a hacker who apparently penetrated its computer network, stole the games source code and posted it on the Internet. http://www.msnbc.com/news/975464.asp - - - - - - - - - - Security flaws make innocent users into file-swappers Security flaws in internet file-sharing networks could incriminate innocent users, according to a research paper. The anonymous paper - Entrapment: Incriminating Peer to Peer Network Users - detailed several methods that could be used to trick unknowing users into downloading copyrighted files and host them, reported New Scientist. http://www.silicon.com/news/500013/1/6257.html - - - - - - - - - - Symantec on alert after Net activity surge Symantec's security service has been placed on alert in response to a substantial jump in domain name server-related activity across the globe. The computer-security specialist has stepped-up efforts to monitor network ports associated with domain name servers. Vincent Weafer, senior director of US-based Symantec Security Response, said the company's DeepSight firewall sensors had begun reporting an unusually large volume of networks events commonly associated with DNS- activity. http://zdnet.com.com/2100-1105_2-5086013.html - - - - - - - - - - Trojan hijacks web browsers A Trojan that exploits an Internet Explorer vulnerability is capable of allowing attackers to hijack browser behaviour, anti-virus firms warn. The QHosts (Delude) Trojan can't spread by itself. Users only become infected if they visited a maliciously constructed website containing code which allows the malware to run. This code used a critical object data vulnerability in Internet Explorer to execute. http://www.theregister.co.uk/content/56/33187.html http://zdnet.com.com/2100-1105_2-5085861.html http://www.newsfactor.com/perl/story/22418.html http://computerworld.com/securitytopics/security/story/0,10801,85630,00.html http://www.silicon.com/news/500013/1/6259.html?rolling=1 http://news.com.com/2100-7349_3-5085861.html Microsoft patches Exchange glitch http://zdnet.com.com/2100-1104_2-5085967.html - - - - - - - - - - Microsoft security suit raises thorny questions A lawsuit faulting Microsoft for security defects in its products has added a new front in the software giant's battle against vulnerabilities in its software. Microsoft plans to fight a lawsuit that claims the company is responsible for privacy leaks that stem from vulnerabilities in its software. Bottom line: The case raises a host of legal issues, including whether Microsoft's monopoly in the software market should preclude it from escaping liability for flaws in its products. http://news.com.com/2100-7348_3-5086385.html - - - - - - - - - - Senator calls for end to excessive fines against file-traders US Senator Norm Coleman has called for new legislation to reduce fines faced by file-traders that have been sued by the RIAA (Recording Industry Association of America). Coleman, applying a refreshing dose of sanity to the whole P2P affair, says that fines of between $750 and $150,000 per downloaded song are excessive. The high penalties could well force innocent people to settle with the pigopolist mob out of fear. http://www.theregister.co.uk/content/6/33205.html - - - - - - - - - - MPs' spam report due out Monday A report into spam by the All Party Parliamentary Internet Group (APIG) is due to be released on Monday. The report - based on written evidence, public hearings and a "Spam Summit" held during the summer - will see if legislation can be drawn up to beat the spammers. http://www.theregister.co.uk/content/6/33204.html - - - - - - - - - - Ballmer slams hackers as criminals "Hackers are criminals," Ballmer says, plain and simple. And they don't innovate, either, he adds. "Hackers are people who are causing hundreds of millions and billions of dollars in damage," he says. "And they're not showing that they are not all that smart and creative and clever." http://www.itnews.com.au/storycontent.asp?ID=9&Art_ID=15603 - - - - - - - - - - Fraudsters change from African exiles to London bankers West African fraudsters, long known worldwide for mass- mailings that lure the gullible with get-rich-quick schemes, now appear to be rolling out updated tactics: tapping e-mail networks and posing as big London banks. Britain's National Criminal Intelligence Service said on Friday it was investigating a new technique by swindlers who send e-mails under the name of a top executive of a major company from an authentic-looking email address. A bogus e-mail was recently sent out across the UK and abroad, purportedly from a top executive of Barclays Plc, one of Britain's biggest banks, from an e-mail address that appeared to belong to the bank. http://zdnet.com.com/2110-1105_2-5086263.html http://www.msnbc.com/news/975522.asp Fraud danger drives compliance investment http://www.vnunet.com/News/1144047 - - - - - - - - - - US intros tougher sentences for computer crimes US authorities are to introduce harsher sentences for convicted computer criminals starting next month. The stiffer penalties, developed by the US Sentencing Commission to comply with a Congressional bill last year, are designed to reflect the serious damage caused by crackers and virus writers. However, the supposed deterrent effect of the tougher approach have already been questioned by the most famous former computer felon, Kevin Mitnick, who argues that the measures are unlikely to have the desired deterrent effect. http://www.theregister.co.uk/content/55/33194.html - - - - - - - - - - Police target a new venue for child porn Crackdown on porn in shared-music sites aims to enlist Internet service providers. District Attorney Tom Spota does not download Britney Spears songs. But he thinks it's likely his college-age daughter exchanges tunes from Internet file-sharing programs. So he was incensed when a confidential source told his office that there was child pornography - lots of it - to be found by simply typing Britney's name on such services as Kazaa or Morpheus, Internet sites known for facilitating music-file trading. http://www.csmonitor.com/2003/0930/p02s01-usju.html - - - - - - - - - - Email gossip could put firms in the dock Companies have been warned they could face serious legal action if employees use corporate email to connect footballers to an alleged rape. Companies whose employees are speculating over email about the identity of the professional footballers who are alleged to have taken part in a gang rape in London last weekend could face legal action, experts have warned. http://news.zdnet.co.uk/business/legal/0,39020651,39116899,00.htm - - - - - - - - - - Attorney's porn site work lifts eyebrows The municipal attorney for five towns in Hunterdon, Warren and Somerset counties has been offering free legal advice to operators of pornography Web sites as a way to drum up business for the Internet law portion of his Warren Township-based practice. Eric M. Bernstein said his firm earns money from the adult entertainment industry, but it does not interfere with his work for municipal governments. In addition, he said he notified municipal officials of his involvement with Internet pornography law. http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-4/1065074084290910.xml - - - - - - - - - - Organised crime targets ALL IT staff Employees persuaded to infiltrate IT systems, warns High Tech Crime Unit. Organised syndicates are targeting IT staff to carry out online crimes, according to the National High Tech Crime Unit (NHTCU). While companies have been aware of the need to protect key management staff such as board members and IT directors, there has been less progress in protecting and monitoring IT and administrative staff. http://www.vnunet.com/News/1144074 - - - - - - - - - - Florida Dorms Lock Out P2P Users The University of Florida has developed a tool to help extricate the school from the morass of peer-to-peer file trading, and early results show that it's succeeding. Integrated Computer Application for Recognizing User Services, commonly called Icarus, debuted over the summer on the network that links all the residence halls on the UF campus. http://www.wired.com/news/digiwood/0,1412,60613,00.html - - - - - - - - - - Hackers rediscover war dialling Hackers are again using war dialling to break into corporate networks, security experts have warned. NTA Monitor said that companies are not taking sufficient precautions against war dialling, which involves scanning telephone lines to find unsecured modems and create backdoors into corporate networks. http://www.vnunet.com/News/1144060 - - - - - - - - - - Digital media group makes stand on piracy A group of MPEG-related firms wants to become a focal point for digital rights management. Frustrated by the lack of a copy-protection standard that might help the digital content business reach the mainstream, a high-profile digital media group is taking matters into its own hands. http://news.zdnet.co.uk/internet/webservices/0,39020378,39116887,00.htm Firms Push Envelope to Deter Oscar Film Piracy Downloadable flicks wrapped in electronic locks. Special discs designed to baffle digital recorders. DVDs that self-destruct. These are a few of the ways technology companies propose to let Oscar voters view movies at home without fueling piracy. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-screeners3oct03221419,1,2869823.story - - - - - - - - - - VeriSign shuts down Web site finder Web address provider VeriSign Inc. said on Friday it would suspend a controversial new service that steers mistaken Web searches to its own page after the organization that oversees Internet policies demanded it do so. http://www.cnn.com/2003/TECH/internet/10/03/verisign.icann.reut/index.html http://www.wired.com/news/business/0,1367,60682,00.html http://computerworld.com/news/2003/story/0,11280,85723,00.html - - - - - - - - - - Resellers face stubborn wi-fi resistance over security RESELLERS are missing valuable opportunities in wireless network installations because they cannot overcome customer objections to security and performance issues. The charge comes from US Robotics operations director for EMEA Peter Blampied whose recent countrywide road show tried to educate resellers to the benefits of selling wireless technologies. http://www.theinquirer.net/?article=11911 - - - - - - - - - - Security risks posed by 'live data' system testing Use of real data can breach data protection laws says new guidelines. New guidelines aimed at preventing embarrassing security breaches have been issued to help firms comply with the Data Protection Act if they use 'live' personal data to test http://www.silicon.com/news/500022/1/6265.html - - - - - - - - - - Screensavers more secure than network passwords And forget daily anti-virus updates, claims security firm. Activating a password-protected screensaver on users' desktops can provide more protection from unauthorised access than strong network login passwords, according to security firm TruSecure. The company claims organisations are wasting money on expensive security measures and procedures that can actually increase vulnerability to attackers instead of reducing it. http://www.silicon.com/news/500013/1/6260.html - - - - - - - - - - You there? IM users remember - the firewalls have ears Would you let 'Studbroker' or 'Bicepstoobig' deal with customers? Is IM all about idle chit-chat? How can companies harness its power instead of face embarrassment? Simon Marshall explains... No other communications medium has spread through the business community with such vivacity as IM. Analysts believe that of the hundreds of millions of IM users around the world about a third are business users. But don't tell that to chief executives. Most don't believe it even exists in their organisations. http://www.silicon.com/analysis/169/1/6261.html Will IM replace e-mail? http://zdnet.com.com/2100-1104_2-5086089.html - - - - - - - - - - Pitt smart tag may alleviate privacy concern in product tracking A University of Pittsburgh engineer has developed a "smart tag" that he says addresses consumer privacy advocates' concerns surrounding radio frequency identification tags, which are becoming the next generation of bar codes. Besides being able to be disabled at the point of sale, Marlin Mickle says his "Product Emitting Numbering Identification" tags are smaller and cheaper to produce than other smart tags hence the acronym, "PENI" (pronounced like "penny"). http://www.usatoday.com/tech/news/techinnovations/2003-10-03-alt-rfid-chip_x.htm - - - - - - - - - - Washington area set to expand smart-card transit program Washington area bus riders have long been resigned to the frustration of fumbling for exact change as they race to the bus stop. But the fumbling may soon be a thing of the past, thanks to the Washington Metropolitan Area Transit Authoritys plans to improve the smart cards it uses for fare payment. http://www.gcn.com/vol1_no1/daily-updates/23747-1.html - - - - - - - - - - Finger, faceprints get green light for Europe's ID standard The European Union can taken the first step towards standardised ID with biometrics on-board, in the shape of two proposals from the Commission covering a uniform format for visas and residence permits for third country nationals. But this is only the first stage; the Commission's announcement notes that The Thessaloniki European Council earlier this year "confirmed that 'a coherent approach is needed in the EU on biometric identifiers or biometric data which would result in harmonised solutions for documents for third country nationals, EU citizens' passports and information systems (VIS and SIS II)', and invited the Commission 'to prepare the appropriate proposals, starting with the visa.'" http://www.theregister.co.uk/content/6/33208.html - - - - - - - - - - DHS buys fingerprint scanners The Homeland Security Department took a major step this week in its plan to use fingerprint biometrics before issuing visas by awarding a $27 million contract to Identix Inc. for a fingerprint-scanning product. Under terms of a blanket purchase agreement (BPA), Identix will provide its TouchPrint 3000 line of fingerprint biometric, live-scan booking stations and desktop systems to the Citizenship and Immigration Services (CIS) and other DHS agencies. http://www.fcw.com/fcw/articles/2003/0929/web-dhs-10-03-03.asp GAO: Homeland Security needs to better track foreign workers http://www.usatoday.com/tech/news/techpolicy/2003-10-02-gao-re-h1b_x.htm http://computerworld.com/governmenttopics/government/policy/story/0,10801,85725,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.