NewsBits for November 24, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Jail for internet identity fraud Six men have been jailed after a PS345,000 plot to defraud banks by obtaining fake identities over the internet. The men - from the London area - used house auction websites to find out the details of people who had died. With the information, they forged documents to open bank accounts and receive loans from Lloyds TSB and the Halifax and Co-operative banks. The men were jailed for between 18 months and four-and-a-half years. http://news.bbc.co.uk/1/hi/uk/3228040.stm http://asia.cnet.com/newstech/security/0,39001150,39159062,00.htm - - - - - - - - - - Wi-Fi hacker caught downloading child porn So you catch a man driving with his pants around his ankles who's paying more attention to the child porn video running on his laptop than the road ahead. What do you charge him with? That's the dilemma Toronto traffic police found themselves in when they arrested a man driving the wrong way down a residential one-way street. http://www.theregister.co.uk/content/55/34153.html - - - - - - - - - - Man Arrested in Threats Over Internet Spam Federal agents arrested a Sunnyvale man Friday for allegedly making death threats against employees of a Canadian Internet advertising company. Charles T. Booher, 44, faces a maximum statutory penalty of five years imprisonment and a $250,000 fine if convicted. He was released on $75,000 bail, according to Matt Jacobs at the U.S. attorney's office. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-sbriefs22.3nov22,1,7720685.story - - - - - - - - - - $100,000 bounty offered for stolen PC Wells Fargo said on Friday it had offered a $100,000 reward for information leading to the arrest and conviction of the burglar who stole a bank consultant's omputer that had sensitive customer information on it. The computer was one of several stolen earlier this month from the office of an analyst for the bank in Concord, California, the bank said. http://zdnet.com.com/2100-1105_2-5110830.html - - - - - - - - - - Independence man gets prison time for luring girl online A federal judge sentenced an Independence man to 10 years and five months in prison for enticing a 15-year-old Alabama girl to have sex with him after making contact on the Internet. U.S. District Judge C. Lynwood Smith Jr. went above the sentencing guideline range, which capped at seven years three months, when he sentenced Dennis R. Eiermann, 49, on Thursday. http://www.examiner.net/stories/112403/new_112403012.shtml - - - - - - - - - - Former teacher pleaded guilty to possession of child porn A former Pinewood Preparatory School calculus teacher has pleaded guilty to possession of child pornography. Harry Dale Peterson entered a conditional guilty plea Friday. That plea allows him to appeal a judges' decision earlier this week not to throw out evidence. Peterson was charged after an April 2002 search of his home. The search was prompted after a computer technician found child pornography on a computer he was repairing in Peterson's home. http://www.wistv.com/Global/story.asp?S=1536714&nav=0RaPJHiq - - - - - - - - - - Valparaiso man sentenced to home detention A Valparaiso man, among 10 arrests from an ongoing sting on Internet child predators, was sentenced on Friday. Randall Farley, 22, of 775 Heritage, won't go to jail. He will serve home detention. He received a four-year sentence in LaPorte Circuit Court under a plea agreement. Half of the sentence will be served on electronic home monitoring and the rest on probation. Last December, Farley was one of the first men arrested in what's believed to be the first sting in the state that involves LaPorte police posing as a 13-year-old girl on the Internet. http://www.post-trib.com/cgi-bin/pto-story/news/z1/11-22-03_z1_news_10.html - - - - - - - - - - 13 sex offenders nabbed in sweep Thirteen foreign-born convicted sex offenders living in Utah were arrested this week as part of a federal immigration sweep aimed at protecting children, authorities said. Eight of the arrests came in Salt Lake City, three in northern Utah and two in the southern part of the state, said Jonathan Lines, resident agent in charge for the Salt Lake office of U.S. Immigration and Customs Enforcement (ICE). The arrests were part of Operation Predator, aimed at protecting children from pornographers, child prostitution rings, Internet predators, immigrant smugglers, human traffickers and other criminals. http://www.sltrib.com/2003/Nov/11222003/utah/113314.asp 11 Arrested In 'Operation Predator' http://www.turnto10.com/news/2654218/detail.html - - - - - - - - - - Attorney General's office snares more than 60 child predators Texas Attorney General Greg Abbott on Monday announced that two of the state's major child predator initiatives have captured 64 sex offenders throughout Texas in the last six months. Formed last May, the Cyber Crimes Unit dispatches specially trained officers to pose as children on the Internet. Whenever predators approach these "children" for sex, they are arrested. http://sanantonio.bizjournals.com/sanantonio/stories/2003/11/24/daily4.html - - - - - - - - - - EXPERT FINDS CHILD PORN ON COMPUTER A LONG-STANDING Ulverston Christian fellowship member has been sentenced for downloading child porn. Nicholas Karfoot, of Oakwood Drive Ulverston, pleaded guilty to two offences of making an indecent photograph of a child. The court heard how Karfoot had contacted a computer expert for help to make his computer more efficient. A man checking the software came across names on a search engine, indicating that child sex pictures had been accessed, which was later verified by police. http://tera.nwemail.co.uk/viewarticle.asp?id=51020 - - - - - - - - - - Cyber Terrorism Targets Brunei Bank Baiduri Bank has received an extortion threat from an international cyber group with Eastern European connections, claiming to have accessed information pertaining to its customers. Mr Pierre Imhof, the bank General Manager in a circular to customers added that such threats are not new and more and more financial institutions and commercial companies worldwide are now targeted by such groups. The Bank's strategy is clear. We will not let our customers or the Bank become victims of cyber terrorism. http://www.brudirect.com/DailyInfo/News/Archive/Nov03/241103/nite01.htm - - - - - - - - - - Nachi worm infected Diebold ATMs The Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines. The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of Windows, was vulnerable to the RPC DCOM security bug exploited by Nachi, and its more famous forebear, Blaster. http://www.securityfocus.com/news/7517 - - - - - - - - - - Congress Passes Bill That Will Limit Spam Congress moved significantly closer to the first-ever federal protections against unwanted commercial e-mails with the House passing a bill Saturday that would impose new limits on sending irritating offers on the Internet. Final approval by lawmakers could come before Thanksgiving. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/7328519.htm http://news.zdnet.co.uk/business/legal/0,39020651,39118065,00.htm http://www.wired.com/news/politics/0,1283,61361,00.html http://www.newsfactor.com/perl/story/22747.html http://www.usatoday.com/tech/news/techpolicy/2003-11-22-house-spam-deal_x.htm http://www.theregister.co.uk/content/55/34164.html http://www.boston.com/business/globe/articles/2003/11/22/congress_reaches_antispam_bill_accord/ Gates throws weight behind anti-spam bill http://www.vnunet.com/News/1150050 Spam vigilante faces jail http://news.zdnet.co.uk/internet/ecommerce/0,39020372,39118075,00.htm http://www.theregister.co.uk/content/6/34147.html Proposed Spam-Blocking Technology Is A Long Way Away http://www.securitypipeline.com/news/showArticle.jhtml%3Bjsessionid=PJPGLL2BOWOZAQSNDBCCKHQ?articleId=16400305 - - - - - - - - - - Congress Expands FBI Spying Power Congress approved a bill on Friday that expands the reach of the Patriot Act, reduces oversight of the FBI and intelligence agencies and, according to critics, shifts the balance of power away from the legislature and the courts. A provision of an intelligence spending bill will expand the power of the FBI to subpoena business documents and transactions from a broader range of businesses -- everything from libraries to travel agencies to eBay -- without first seeking approval from a judge. http://www.wired.com/news/politics/0,1283,61341,00.html - - - - - - - - - - File-Sharing Suit May Be Moved A federal judge on Friday signaled her support for the record industry as it seeks to file more lawsuits against people who trade songs online, though a challenge from a North Carolina student added a new hurdle for the music companies. (LA Times article, free registration required) http://www.latimes.com/technology/la-fi-riaa22nov22,1,6616799.story - - - - - - - - - - Fears over Singapore hacking laws NEW laws allowing Singapore to launch pre-emptive strikes against computer hackers have raised fears that internet controls are being tightened and privacy compromised in the name of fighting terrorism. http://www.news.com.au/common/story_page/0,4057,7959908%255E15322,00.html http://www.hindustantimes.com/news/181_469712,00030010.htm - - - - - - - - - - Hacker attacks on firms are rising Hacker attacks on company computer systems are increasing. Specialists say that around 98 percent of cases are discovered by chance. The number of unreported cases is believed to be high. http://www.taipeitimes.com/News/worldbiz/archives/2003/11/24/2003077123 - - - - - - - - - - Nigerian fraudsters 'shop early for Xmas' African fraudsters are attempting to fleece UK computer resellers in the run up to Christmas with scams involving counterfeit cheques and bogus credit card payments. The Register has learned that one reseller specialising in audio-visual products has received bogus payments totalling PS100,000 this month. This is not an isolated case: the fraud is being repeated across the industry and is growing in prevalence as the Christmas sales season approaches. http://www.theregister.co.uk/content/51/34170.html - - - - - - - - - - Exchange flaw could open up user accounts Microsoft is investigating what may be a serious flaw in Exchange Server 2003, only a month after the software's launch as part of Office System 2003. The bug appears to affect an Exchange component called Outlook Web Access (OWA), which allows users to access their in-boxes and folders via a Web browser. http://zdnet.com.com/2100-1105_2-5111330.html Microsoft investigates Exchange security hole http://news.zdnet.co.uk/0,39020330,39118071,00.htm http://computerworld.com/securitytopics/security/story/0,10801,87506,00.html - - - - - - - - - - VA has new security program The Department of Veterans Affairs started a proactive vulnerability management program to provide improved cybersecurity at more than 250 facilities nationwide. http://www.fcw.com/fcw/articles/2003/1124/web-va-11-24-03.asp - - - - - - - - - - European cybercrime squad gets green light ENISA is intended to provide coordination for police forces across Europe in their fight against cybercrime. The EC has given the go-ahead to setting up a pan- European cybercrime squad, designed to help police forces across the continent coordinate their efforts. http://news.zdnet.co.uk/internet/security/0,39020375,39118074,00.htm http://www.net4nowt.com/isp_news/news_article.asp?News_ID=1588 - - - - - - - - - - Opera update seals security holes A new version of Opera, released Friday, fixes two vulnerabilities in the Web browser. The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles "skin" files, or configuration files that can change the look of a program. http://news.com.com/2100-1032_3-5110845.html - - - - - - - - - - iWise offers e-banking security solution With increasing incidents of e-fraud making the news, local company iWise has launched a single-use password system designed to make e-commerce more secure. The Cape Town-based software development company says its solution adds an extra dimension to e-banking security by sending a single-use, five-digit password directly to the user's cellphone. It grants access to a single workstation for a limited period of time. http://www.itweb.co.za/sections/internet/2003/0311240729.asp - - - - - - - - - - Firms Wep up security nightmare Basic wireless encryption standards have lulled UK firms into a false sense of security, with many relying on the Wireless Encryption Privacy (Wep) standard, according to a survey commissioned by SonicWall. http://www.vnunet.com/News/1150021 - - - - - - - - - - ID cards: can technology cope? The government will have to meet a wide range of technology challenges if plans for a national identity card are to be successfully achieved. http://www.vnunet.com/Analysis/1150034 ID cards: the cost to business http://www.vnunet.com/Analysis/1150033 - - - - - - - - - - Exploit Code on Trial Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability. http://www.securityfocus.com/news/7511 - - - - - - - - - - Alternative medicine: Future virus fighting Viruses and worms are likely to be with us for the foreseeable future - but how will the methods used to fight them develop? Although viruses have been with us for 20 years and worms considerably longer, there has been remarkably little movement in the way they are written, detected and removed. In general, an unknown writer identifies a vulnerability in a common system, writes software to exploit it and releases it to his chums and the antivirus companies, sometimes into the wild. The virus is analysed, a unique pattern within it is identified and the antivirus companies release the update to their customers. http://insight.zdnet.co.uk/0,39020415,39118047,00.htm - - - - - - - - - - Check your sums, Debian advises developers after breach Servers hosting the GNU/Linux source code for the Debian project have been compromised, and project leads are advising developers to place close attention to their checksums. While it isn't certain that source code has been tampered with, the intrusion has caused the delay to a point release of the distro, release 3.0r2. Machines hosting the bug tracking system, mailing list, and source code tree were affected. You can find the latest on the security breach here. At publication time, Debian was not accepting new packages and didn't expect normal service to be resumed until Wednesday. http://www.securityfocus.com/news/7513 http://news.zdnet.co.uk/internet/security/0,39020375,39118062,00.htm http://www.newsfactor.com/perl/story/22748.html http://computerworld.com/securitytopics/security/hacking/story/0,10801,87516,00.html - - - - - - - - - - Busting the Worm Writers Microsoft deserves praise for offering a cash reward to catch people who criminally exploit their bugs. The Microsoft bounty is almost old news, but I could not let the subject slip by without throwing in my two cents worth. For the cave dwellers out there, let me summarize: Microsoft, the US Secret Service, the FBI and Interpol announced the creation of a special fund to provide reward money to aid in the conviction of worm writers. http://www.securityfocus.com/columnists/199 Microsoft Spills its Security Secrets http://www.pcworld.com/news/article/0,aid,113620,00.asp - - - - - - - - - - Security: It's all or nothing Security concerns about the vulnerability of technology now command attention at the highest levels of government on both sides of the Atlantic. But despite knowing about the potential risks of a disabling software virus attack, the private sector still remains reluctant to make security its top priority. http://zdnet.com.com/2100-1105_2-5110888.html - - - - - - - - - - Democrats question watch list center Democrats on the House Select Committee on Homeland Security questioned the capabilities of a center created to consolidate terrorist watch lists. http://www.fcw.com/fcw/articles/2003/1124/web-watch-11-24-03.asp - - - - - - - - - - Box to replace drug-sniffing canines? A new invention can sniff like a dog, find drugs like a dog and help police catch criminals like a dog. One day soon, the so-called "Dog on a Chip" may replace the police officer's best friend -- the K-9 drug dog. http://www.cnn.com/2003/TECH/ptech/11/21/dog.chip.ap/index.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.