October 14, 1999 Internet Overhaul Alarms Privacy Advocates The group in charge of overhauling the Internet is alarming privacy advocates with a plan that will not only make it easier to deliver information, but make it easier to track as well. The Internet Engineering Task Force -- the international body that sets standards for cyberspace -- is mulling a draft proposal that would include creating special Internet protocol numbers -- or electronic fingerprints -- that could be inserted into the billions of packets of information tossed daily into cyberspace. http://www.apbnews.com/newscenter/internetcrime/1999/10/13/privacy1013_01.html?s=emil - - - - - - - - - - - - - - - - - - - - - - Alleged Scam Artists Find Marks on eBay People who might pass up the too-good-to-be-true offer of $70 or less for Windows 2000 on a street corner have fallen prey to scam artists using just such a ruse on the popular Internet auction site eBay, police said. Police have arrested men in two states for allegedly promising hundreds of people around the country computer software and other equipment at bargain-basement prices, then taking their cash in advance and never delivering the merchandise. http://www.apbnews.com/newscenter/internetcrime/1999/10/13/auctions1013_01.html?s=emil - - - - - - - - - - - - - - - - - - - - - - Privacy online: All Web site owners are required to list their name, address and phone number for billing purposes. All that information is contained in a publicly available online database called "whois." And because of a mandate from the Department of Commerce, all the "whois" information is completely stripped of any privacy protections. http://www.msnbc.com/news/322926.asp - - - - - - - - - - - - - - - - - - - - - - VW files counter-suit against Internet service firm German automaker Volkswagen AG said Thursday it has filed a counter- lawsuit against an Internet service provider it charges with extortion and cyberpiracy for using the domain name www.vw.net. http://www.sjmercury.com/svtech/news/breaking/merc/docs/082510.htm - - - - - - - - - - - - - - - - - - - - - - Microsoft files software piracy lawsuits Microsoft Corp. said Thursday it filed lawsuits against five computer resellers in Illinois for allegedly distributing counterfeit Microsoft software and installing unlicensed software on computers. Microsoft said the lawsuits are part its ongoing efforts to hinder the negative effects of software piracy, which it said has significant impact on the commercial businesses of software distributors and the economies they work to support. http://www.sjmercury.com/svtech/news/breaking/internet/docs/962766l.htm - - - - - - - - - - - - - - - - - - - - - - Internet lets amateur sleuths track Ramsey case While a Boulder grand jury sifted through the evidence in one of the nation's most high-profile murder cases, a Philadelphia housewife was parsing the mystery of who killed JonBenet Ramsey, too. In cyberspace. http://www.sjmercury.com/svtech/news/breaking/internet/docs/958899l.htm - - - - - - - - - - - - - - - - - - - - - - Net crime poses challenge to authorities Incidents of auction fraud, the sale of illegal items, and criminal trespassing are booming in the e-commerce market--showing that for some, crime does pay. Law enforcement officials have been scrambling to catch up with these kinds of criminals--hobbled by insufficient resources and a flurry of trained investigators leaving for the private sector, observers say. In addition, the nature of the Internet--and the ease of gaining anonymity on it--has made crime easy and catching criminals much more difficult. Just this week, an FBI representative testified before Congress about the growing number of attacks on computer systems. http://news.cnet.com/news/0-1007-200-850601.html?tag=st - - - - - - - - - - - - - - - - - - - - - - Senator: Agencies not ready for millennium cyberterrorism Federal agencies are ready for Y2K disruptions, but are not prepared to deal with the threat of millennium cyberterrorism, Sen. Robert F. Bennett, R-Utah, concluded Thursday at a "virtual hearing" on Year 2000-related emergencies. While agencies have worked hard to prepare for more common Y2K threats, such as disruption of essential services, they have not developed a long-term strategy addressing cyberterrorism and information warfare, Bennett said. http://www.govexec.com/dailyfed/1099/100899k2.htm - - - - - - - - - - - - - - - - - - - - - - NIH is first to move on ACES The General Services Administration today announced that the National Institutes of Health has started development work on a task order under a governmentwide contract covering public-key infrastructure and security services. According to GSA, NIH's Office of Extramural Research is working with the GSA on developing the first task order by a federal agency under the Access Certificates for Electronic Services contract. ACES will provide a governmentwide contract for agencies to procure PKI technology and services, including digital certificates that will encrypt and authenticate communications sent across the Internet. http://www.fcw.com/pubs/fcw/1999/1011/web-aces-10-14-99.html - - - - - - - - - - - - - - - - - - - - - - Melissa spawns deadly offspring The Melissa virus continues to be the virus that will not die, as two new, much more destructive Melissa variants have been discovered and are spreading across the world via e-mail. As predicted by security experts when the original Melissa virus outbreak occurred in March of this year, virus writers have co-opted Melissa's code to create similar but different viruses which have been loosed upon networks. The latest variants, Melissa.U and Melissa.V, propagate themselves in a similar fashion to the original Melissa, but now carry a potentially disastrous payload, according to anti-virus security vendor Network Associates. http://www.networkworld.com/news/1999/1014moreviruses.html - - - - - - - - - - - - - - - - - - - - - - Internet Explorer vulnerable to Java security problem A new weakness has been discovered in Microsoft's version of the Java technology, one that allows a malicious Java program launched over the Internet to delete a computer's files or take any of a host of equally dangerous actions. Karsten Sohr, a graduate student at the University of Marburg in Germany, discovered the security hole, which takes advantage of a problem that allows an untrusted Java program to masquerade as a trusted one. Researchers at Princeton University's Secure Internet Programming team created a demonstration "attack applet" that exploits the hole, slipping in under the radar of the Internet Explorer Web browser and deleting files. http://news.cnet.com/news/0-1003-200-852686.html?tag=st - - - - - - - - - - - - - - - - - - - - - - AOL passwords reportedly stolen A free e-mail service has been receiving complaints from AOL users that one of its subscribers is stealing AOL passwords. But a manager at the service charges that AOL has taken weeks to even begin to address a security hole that allows passwords to be stolen. Christian Dysthe, sales manager at Gonzales, Texas-based e-mail service OperaMail, charged that AOL's customer support staff disregarded the problem when he phoned to alert them last month. He said they attributed the bug to the general lack of security on the Internet and asked for the IP addresses of the offending accounts without discussing remedial measures. "They didn't seem too worried and suggested that I go to the FBI," said Dysthe. "I said, 'Why should I go to the FBI with your problem; there is nothing I can do. Why don't you go to the FBI?'" http://www.computerworld.com/home/news.nsf/all/9910144aolpass - - - - - - - - - - - - - - - - - - - - - - California Verifies Verisign For Digital Signatures Conducting business electronically with agencies of the State of California has just become a little bit easier. Bill Jones, secretary of state for California, today named VeriSign, Inc. as the first licensed certification authority for the state of California. As a result of being licensed by California, VeriSign can now provide digital certificate services to citizens and government agencies, enabling them to conduct legally valid paperless communications with public entities in California. http://www.newsbytes.com/pubNews/99/137826.html - - - - - - - - - - - - - - - - - - - - - - G8 To Meet Next Week On Cybercrime The G8 group of nations, which represents the world's industrialized countries, will hold a ministerial meeting next week in Moscow to take up the issue of crime, and especially cybercrime, a German magazine said. The G8 Ministerial Meeting on Crime will take place Oct. 18-19, a note at the official G8 Web site, at http://www.g7.utoronto.ca , said. Details on the meeting were not immediately available. http://www.newsbytes.com/pubNews/99/137817.html - - - - - - - - - - - - - - - - - - - - - - Visa forgives online gambling debt Settling an unusual lawsuit, Visa has agreed to forgive the debts of a woman who gambled away more than $70,000 on the Net, and to warn consumers of the legal risks of using its cards to roll the dice online. As previously reported, Cynthia Haines used her credit cards to gamble over the Internet from her home in California, and was sued by her credit issuer, Providian National Bank, over unpaid bills. She then filed a countersuit against the bank as well as Visa and MasterCard, claiming the companies were at fault for letting her gamble with credit in the first place. http://news.cnet.com/news/0-1005-200-853061.html?tag=st - - - - - - - - - - - - - - - - - - - - - - Information Warfare Resources The following technical resources will help you fight big brother if you have the inclination. Here you will find some very serious resources on computer hacking, computer viruses and cryptography. This is dangerous stuff if you don't know what you're doing, so be careful! http://www.logoplex.com/resources/ameagle/infowar.html - - - - - - - - - - - - - - - - - - - - - - Internet hacker dupes GIA clients A Hacker may have acquired the secret passwords of hundreds of internet users by an elaborate hoax on Global Internet Access (GIA) customers. The hacker has duped customers into transmitting their private details by issuing an e-mail which appears to originate from GIA. The message said a database crash had deleted its records, and asked users to resubmit their user name, password, full name and GIA identity number. http://www.africanews.org/south/southafrica/stories/19991012_feat10.html - - - - - - - - - - - - - - - - - - - - - - Islamic Crackers Take Over Pakistan Government Website Crackers have hit a Pakistan Government website[http://www.punjab.gov.pk/], replacing the site's front page with a message that reads "After all Hero's of KARGIL taken over the charge from Brainless & hairless Stupids." Seemingly in support of the military takeover in Pakistan, the crack is signed by the "Islamic group of Hackers". Due to the situation in Pakistan, 7am.com has found it impossible to raise comment from anyone related to the site or its administration. - - - - - - - - - - - - - - - - - - - - - - (***NOTE*** This article isn't directly crime related, but investigators may want to be aware of this "free" storage site that could be used to store other files than MP3's. RJL) Web site for storing digital music files launched A newly launched Web site is offering computer-savvy music fans a free way to make their song collections available anywhere there is Internet access. Myplay.com, based in Redwood City, launched its Web site Wednesday. It offers registered users 250 megabytes of free online storage space -- enough to keep about 60 digital songs in MP3 format. http://www.sjmercury.com/svtech/news/breaking/merc/docs/006934.htm