High Tech "NewsBits" for 11/02/99

November 2, 1999 Computer Economics Launches First Comprehensive Computer Crime Hotline Computer Economics is extending its effort to help the targets of computer crime by establishing a hotline that will be one of the first efforts to document the extent of these crimes and the losses they cause. Computer Economics aims to record problems and provide advice to companies that have been attacked. "Many people don't realize that between 90 and 95% of computer crimes go unreported," said Adam Harriss, a research analyst for Computer Economics. http://web.lexis-nexis.com/more/cahners-chicago/11407/5159400/2 - - - - - - - - - - - - - - - - - - - - - - HACKERS' BUG CAUSES CHAOS COMPUTER hackers are causing chaos with a virus that tricks systems into thinking the Millennium has arrived. Companies across Britain are being hit by the bug, which can render systems useless for up to three days. Security software experts are concerned valuable data could be wiped out or stolen while computers are crippled. The problem was revealed at a conference on electronic security, organised by software firm mi2g. A company spokesman said: "Hackers are causing chaos with this code because it can immediately shut down computer systems. "There are not just financial risks to be considered - serious safety issues are also involved." The virus, which forwards internal clocks to January 1, 2000, was first detected in the UK last month, when a firm was unable to use 40 per cent of its system. http://web.lexis-nexis.com/more/cahners-chicago/11407/5154796/2 - - - - - - - - - - - - - - - - - - - - - - U.S. expert says computer viruses a Y2K threat Add a rash of new computer viruses to the list of Y2K headaches that could await the world on Jan. 1, a leading technology researcher said Tuesday. More than 30,000 threats from computer hackers and virus writers who say they will release new viruses to herald the new year and the new millennium have been logged by the FBI and other law enforcement groups, Lou Marcoccio, worldwide research director at the technology consulting firm Gartner Group said. http://www.sjmercury.com/svtech/news/breaking/merc/docs/011456.htm http://news.cnet.com/news/0-1009-200-1428221.html - - - - - - - - - - - - - - - - - - - - - - A Common Sense Guide to Y2K Security Easy tips for avoiding potential problems surrounding the millennium glitch. For the past year, I have been relatively quiet about Y2K security issues. As the media and Y2K experts predicted disasters, I was reluctant to address Y2K, wanting to give those experts as little credence as possible. I, for one, do not believe there is much the average person will have to worry about. Originally I was very naive about the depths of the problem. Because the intelligence community's systems were primarily Sun-based (their date-related problems won't surface until 2037), I theorized that the main problem would be databases, which could easily be fixed. Now many years-- and a few billion dollars-- later, I realize that I was wrong. http://www.zdnet.com/zdtv/cybercrime/spyfiles/story/0,3700,2384467,00.html - - - - - - - - - - - - - - - - - - - - - - Virus hoaxes causing headaches E-mail alerting readers to `threat' a common problem The warning arrived via Wayne Ribble's electronic mail account Oct. 25, alerting him to a devastating new computer virus capable of erasing a user's hard drive. The alert, which cited several companies as sources of the warning, said e-mail with the subject line ``It Takes Guts to Say Jesus'' should be deleted to eliminate the threat. http://www.sjmercury.com/svtech/news/indepth/docs/virus110399.htm - - - - - - - - - - - - - - - - - - - - - - Appeals Court rejects New Mexico Internet law A federal appeals court Tuesday stopped New Mexico prosecutors from enforcing a law that made it illegal to use the Internet to send sexually explicit material to juveniles, saying the law was too broad. http://www.sjmercury.com/svtech/news/breaking/internet/docs/1038218l.htm - - - - - - - - - - - - - - - - - - - - - - Man sent to prison for defrauding eBay customers A southern California man was sentenced to prison Tuesday for a number of fraudulent schemes, including defrauding customers on the Internet auction site eBay Inc. Robert J. Guest of Blue Jay, California, was sentenced to 14 months in prison and ordered to pay more than $100,000 in restitution to eBay customers and credit card companies he defrauded. http://www.sjmercury.com/svtech/news/breaking/merc/docs/029615.htm - - - - - - - - - - - - - - - - - - - - - - Israel charges blind Arab brothers with cybercrime Three blind Arab brothers tapped into Israeli army telephone lines and enabled Palestinians in the West Bank and Gaza to call overseas at the military's expense, an Israeli prosecutor said Tuesday. http://www.sjmercury.com/svtech/news/breaking/reuters/docs/1034068l.htm - - - - - - - - - - - - - - - - - - - - - - Erase the digital signature: After a day of heated opposition by Democrats, the House rejected legislation that would have made it easier for companies and consumers to conduct business online by affirming the validity of electronic signatures. http://www.mercurycenter.com/svtech/news/breaking/merc/docs/011016.htm - - - - - - - - - - - - - - - - - - - - - - Author sues AOL over male-mail name The author of a book titled ``You've Got Male'' is suing America Online, alleging the Internet giant is blocking access to her Web site because the title closely resembles its e-mail catchphrase, ``You've Got Mail.'' http://www.sjmercury.com/svtech/news/breaking/ap/docs/1037935l.htm - - - - - - - - - - - - - - - - - - - - - - RealNetworks tweaks privacy policy, issues a patch Admitting that it has been quietly collecting information on users' listening habits, RealNetworks Inc. of Seattle yesterday issued a patch that will disable the data-collection function of the RealJukebox music software that directly sent this information to RealNetworks servers. RealNetworks also altered the privacy statement on its Web site to reflect this practice, which theoretically could reveal copyright infringers who copy CDs. http://www.computerworld.com/home/news.nsf/all/9911022patch - - - - - - - - - - - - - - - - - - - - - - House committee to hold spam hearing There's no question that spam is a hot-button topic, and U.S. Rep. Gary Miller made the most of that fact at a press conference today on antispam legislation. He handed out a study by the Spam Recycling Center, a coalition of antispam groups, complete with steamy X-rated photographs and language gathered from spam messages that's certain to offend. http://www.computerworld.com/home/news.nsf/all/9911022spam More than 30 Percent Of Spam Pornographic - Study Congressional spamming foes got more ammunition for their legislative assault today as the Spam Recycling Center released a report indicating that more than 30 percent of all unsolicited commercial e-mail - a.k.a. "spam" - contains pornographic material. Unveiled today by Rep. Gary Miller, R-Calif. and handful of other congressional members, the report, which contained enough graphic examples to earn an NC-17 rating in its own right, is the latest released by the Spam Recycling Center run by the for-profit ChooseYourMail.com http://www.newsbytes.com/pubNews/99/138769.html - - - - - - - - - - - - - - - - - - - - - - Four US '.mil' Web Sites Invaded By Cracker Group A group of hackers - more accurately known as "crackers" - hit at least four US military Web sites sometime on Monday, according to a Web site that tracks such infiltrations. As Web site crackings go, though, three of the four invasions were relatively benign. The group "hV2k" claimed responsibility for the invasions, through text left behind at each site, according to copies or "mirrors" of the sites stored at Attrition.org. http://www.newsbytes.com/pubNews/99/138770.html - - - - - - - - - - - - - - - - - - - - - - SEC Eyes Internet Stock Hucksters Internet stock hucksters take note: the Securities and Exchange Commission is on the prowl for Web sites that offer spurious investment advice aimed at artificially driving up the price of certain stocks, SEC Office of Internet Enforcement Chief John Stark said today. The SEC is concerned about the long-standing practice of "touting" - wherein a would-be investment advisor sings the praises of a certain company's stock without disclosing that he or she is on that company's payroll. This scam involves Web site operators promoting "thinly-traded" stocks in order to generate more value for their own portfolios, Stark told Newsbytes today. http://www.newsbytes.com/pubNews/99/138788.html - - - - - - - - - - - - - - - - - - - - - - Net peeves: Bosses police cyber-slackers Xerox fired about 40 workers this year for spending excessive time on the Internet gambling, viewing pornography or otherwise goofing off. St.Louis based brokerage firm Edward Jones fired 18 employees after an investigation about inappropriate e-mail in the company system. Companies are snapping up products that track how many times employees tap their keyboards or where they go when they're online. http://www.usatoday.com/life/cyber/tech/ctg552.htm - - - - - - - - - - - - - - - - - - - - - - ***EDITOR'S NOTE*** While this isn't directly crime or security related, these products have some other possible uses - like detailed above. Software Mines Employee E-mail For Hidden Treasures When it comes to the acquisition of knowledge, the whole can be larger than the sum of its parts. At least that seems to be the belief behind the development of two enterprise software systems by privately held Tacit Knowledge Systems, Inc. The products, known as KnowledgeMail and Knowledgemail Plus, are said to be the first applications designed to transform e-mail into a powerful and strategic information asset. They work within large enterprise e-mail systems to automatically discover the knowledge, skills, and work focus of each employee and make that information available throughout the enterprise in a way that requires no administration or facilitation. http://www.newsbytes.com/pubNews/99/138780.html - - - - - - - - - - - - - - - - - - - - - - Hackers wreak havoc on Romanian Web site Romania's Finance Ministry said it will investigate how hackers tapped into its Web site and changed tax laws and the leu's exchange rate. The Web site last weekend showed a tax on "silliness" that varied according to the importance of the taxpayer's job. For one day, the Web site said, monthly wages of as much as 1 million lei ($59.14) would be taxed 100 percent. It also changed the official exchange rate of the leu to 0.5 per dollar from 16,870 per dollar. http://news.cnet.com/news/0-1005-200-1427148.html - - - - - - - - - - - - - - - - - - - - - - More firms pitch in for anti-piracy audit The Federation Against Software Theft (Fast) has awarded three more companies its certificate of software licence compliance, taking the total to 45. Scientific instruments specialist Jeol, rugged PC builder, WPI Husky Technology, and BAA Southampton have achieved Fast's Audit Certification. The benefits of achieving Audit Certification go beyond legal compliance and include reduced cost of ownership and improved information security, according to Fast. http://www.zdnet.co.uk/news/1999/43/ns-11175.html - - - - - - - - - - - - - - - - - - - - - - Why the DVD Hack Was a Cinch The anonymous developers of the decryption program that removes DVD copy protection had an easy time doing it, thanks to a gaffe by a software developer and the surprising weakness of the encryption technology. Essentially, the two European hackers who developed the DeCSS utility that copies a DVD movie disc were able to break the code because one of the product's licensees inadvertently neglected to encrypt the decryption key. http://www.wired.com/news/technology/0,1282,32263,00.html - - - - - - - - - - - - - - - - - - - - - - Feds say funds needed for security Spending caps may force agencies to raid other programs A group of federal technology managers last week said one of the biggest obstacles to making the government's computer systems more secure is lack of money and that Congress should fund security efforts in much the same way it funded the effort to fix federal computers for the Year 2000 problem. Donald Hagerling, information systems security program manager for the Treasury Department, said federal leaders knew years in advance that they had to devote resources to the Year 2000 problem but reallocated money internally until budget decision-makers had realized that additional money from Congress was needed to upgrade agencies' computer systems. http://www.fcw.com/pubs/fcw/1999/1101/fcw-polsecurity-11-01-99.html - - - - - - - - - - - - - - - - - - - - - - High Tech Lab Ties Computers to Crimes The airman was accused of hiring a hit man to kill his wife. He thought he would get away with murder when he literally cut the evidence to pieces. As two Air Force Office of Special Investigations agents interrogated the suspect, he reached into his back pocket and jerked his arm forward as if drawing a concealed handgun. The agents backed off, but instead of a gun, the suspect produced a pair of pinking shears and began smugly cutting two 5 1/4-inch floppy diskettes into a pile of useless plastic. Or so he believed it was useless. http://www.defenselink.mil/news/Nov1999/n11021999_9911023.html - - - - - - - - - - - - - - - - - - - - - - Virginia Adopts Plan to Use Digital Signatures The Virginia Council on Technology Services (COTS) moved closer last week to embracing the use of digital signatures for government business. The approved plan recommends the commonwealth start to use digital signatures on a limited basis in early 2000. The pilot installations will focus on government-to-government, government-to-business, and government-to-public transactions. Participants will include the Departments of Information Technology, Motor Vehicles and Transportation as well as Chesterfield County and Fairfax County http://www.civic.com/news/1999/nov/civ-signatures-11-2-99.html - - - - - - - - - - - - - - - - - - - - - - In Search Of More-Secure Extranets From Passwords To Digital Certificates, Companies Have More Ways To Protect Sensitive Data Companies can streamline their processes and speed development by setting up an extranet to share information with customers, partners, and suppliers. But they also increase the risk of a security breach by opening their systems to outsiders. http://www.informationweek.com/759/extranet.htm - - - - - - - - - - - - - - - - - - - - - - Hacking 101 or Leaving Your Network Door Open Thanks to extensive media coverage, hackers are well known "boogie men" of the computer age. As with any type of threat, the level of reality never matches the level of the perceived threat. Threats are either under- or over-estimated, never accurately identified to prevent their damage. While the traditional type of hacker in the early days of the computer age were extremely knowledgeable people without malicious intent, the term hacker is too identified in the negative aspect of perception. It is the negative type of hacker that this article pertains to; both the outsider and the insider hacker. http://securityportal.com/direct.cgi?/topnews/hack101.html - - - - - - - - - - - - - - - - - - - - - - Bobbing for Hooligans on Web Police here have arrested eight suspects and identified one more three weeks after posting their photographs on a Web site following a major riot in June. In what is thought to be the city's first Internet lineup of suspects, police posted 72 photos that were taken mainly by closed-circuit TV cameras. The suspects are wanted for inciting riots at the Carnival Against Capitalism on 18 June. http://www.wired.com/news/politics/0,1283,32229,00.html - - - - - - - - - - - - - - - - - - - - - - FBI probing Moscow link in cyber 'attack' The FBI is trying to determine if cyber-spies at Moscow's prestigious Russian Academy of Sciences were responsible for Moonlight Maze, the most pervasive assault yet on sensitive US Defence Department and other computer networks. The first Moonlight Maze attack was detected in March last year. Three months later, US security sleuths were able to monitor a series of intrusions as they occurred and traced them back to seven dial-up Internet connections near Moscow. http://straitstimes.asia1.com/cyb/cyb4_1102.html - - - - - - - - - - - - - - - - - - - - - - Probe into hack at S'pore Govt website THE National Computer Board is investigating Sunday's possible hacking into the Singapore Government website. Asked about the incident yesterday, Minister for Communications and Information Yeo Cheow Tong said the incident showed the risk all countries face. He said that adding safeguards may prove to be a temporary solution. "Each time you come up with some safeguards, we find that somebody else will come up with an equally innovative way to bypass our safeguards. http://straitstimes.asia1.com/cyb/cyb1_1102.html - - - - - - - - - - - - - - - - - - - - - - Taiwan Prepares For Possible Chinese Cyber Attacks China could be able in five years to use computer viruses, hackers and other types of cyber warfare to quickly break down Taiwan's defenses and prepare for an invasion, the Taiwanese military said Tuesday. Taiwan's economy, government and military are highly dependent on computers and could be vulnerable to such high-tech weapons, the official Central News Agency quoted Chang Jia-sheng of the Defense Ministry as saying. http://www.tampabayonline.net/news/news101k.htm - - - - - - - - - - - - - - - - - - - - - - First Hacker Contest Starts on Nov. 2 A Hacker Survival Game will open on the Internet for six days from November 2 to November 7 for the first time in Korea. A Korean Internet company SecureSoft announced Tuesday that it is to open a hacker survival game on its Internet homepage 'King of Fight' (http://kof.hackerslab.org) from today until 7 p.m., November 7. Hackers can join the event by breaking into and replacing other competitors' homepages with their own. http://english.joongang.co.kr/jnews/jnews.asp?n_id=19991102013 - - - - - - - - - - - - - - - - - - - - - - Ukrainian Hacks Into US Agency's Files A Ukrainian has hacked into the secret files of a U.S. federal agency, a Ukrainian law-enforcement source told Itar-Tass on Tuesday. The U.S. discovered the hacking and traced it back to the company Nikave based in the central Ukrainian city of Vinnitsa. But Nikave director Yulia Shakula told Itar-Tass she did not have the faintest idea of how the hacker had learnt the company's login and password. However, the company may face a huge fine, and the case is being investigated by Ukraine's law enforcers and Interpol. There were no details about the name of the U.S. agency and of the damage inflicted. [Description of Source: ITAR-TASS -- Main government information agency.] - - - - - - - - - - - - - - - - - - - - - - Computer hackers could tap police files By ALLEY Oskar, The Sunday Star-Times (Auckland), 10/31/99 Incis in danger, chiefs warned COMPUTER hackers could tap into the Incis network and access information on police activity, criminals and suspects, a senior project source says. The computer system's network was not encrypted and sophisticated hackers could illegally access crime information, the source says. Also, the network's main server, based at the EDS Mt Wellington site, has no back-up system if it crashes in an emergency, such as a fire in the computer room. IBM constantly warned police bosses about the enormous danger of not having encryption or a disaster back-up plan, only to be told there was not enough money to do it, the source said. Police headquarters said yesterday the system's security met government guidelines but refused to comment on whether it could be hacked into, citing "commercial sensitivity". Last week, the Incis project was settled out of court, with IBM paying the crown $ 25 million in damages and the police paying $ 18m to the computer company -- a fraction of the amount it still owes for work on the project. A source close to the negotiations said the deal was a "political balancing act" to help the Government save face, allowing them to say they had 70% of the project for 70% of the final cost. However, the Incis network was not encrypted, the source said. Asked if that meant the system could be hacked into, he said: "Oh yes. It's probably the only police network in the world that isn't encrypted. It really is ludicrous. "The network is very, very frail. It's the police's single biggest problem." The network's main server was based at the EDS site in Mt Wellington, formerly the government computing centre, and its management was contracted out to a small firm called Anite, the source said. Anite manages about 300 networks in New Zealand, including the Social Welfare and Inland Revenue systems and several banks. Police bosses had rejected IBM's advice to develop a disaster recovery plan, which is used as a back-up system if anything goes wrong. "In the event there is a fire in that computer room the whole police network would be down and could be down for ages," the source said. "IBM was screaming blue murder on those two points (the lack of encryption or a disaster recovery plan). Police said they couldn't afford to do it. IBM's position was that you can't afford not to do it." The computer company offered the security of its Sydney-based disaster recovery centre, which is on constant standby and can be used as a back-up system to take over in an emergency. Another option was to store tapes containing the network's information off site, which could then run on a separate system in an emergency. Police information technology general manager Jeffrey Soar said in a statement yesterday the Mt Wellington site had an "extremely high level of security", including fire walls. The Wanganui computer system was also run by EDS from the site. The security of the actual network matched government guidelines but it was not appropriate to comment further, or on whether hackers could gain access, he said. Further information regarding the Incis network and the agreement with Anite was commercially sensitive and would not be released. Funding had not been an issue for either network security or developing a disaster plan, Soar said. It is understood the end result of the Incis agreement hammered out by IBM and the Government is the same offer police bosses rejected in March, when the computer company told them it was pulling out of the project.