High Tech "NewsBits" for 11/13/00

November 13, 2000 CIA probes employees' computer use The CIA is investigating 160 of its employees and contract workers for exchanging ``inappropriate'' and off-color messages on a covert ``chat room'' in the spy agency's classified computer network, The Washington Post reported. The ``misuse of computers'' did not involve ``the compromise of any classified information,'' CIA spokesman Bill Harlow told the newspaper in a story for Sunday editions. ``Investigators uncovered evidence of long-term misuse involving multiple violations of CIA computer regulations.'' Harlow said the chat room, which had been hidden from the agency's management, was uncovered during routine computer security checks. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/623673l.htm http://www.zdnet.com/zdnn/stories/news/0,4586,2652732,00.html http://www.msnbc.com/news/488870.asp - - - - - - - - - Hackershammer NHL fans Invaders from cyberspace have attacked a Canadian institution and, temporarily at least, spoiled the fun for hundreds of thousands of hockey fans. One of the largest online hockey pools in the country, www.officepools.com, has fallen victim to hackers from outside North America, says the man who maintains the pool. "Congratulations to the hacker or team of hackers (who've) ruined a free service for 300,000 Canadians and many others around the world," Colin Briosi wrote to his subscribers over the weekend. The site keeps track of player statistics for groups of fans who "draft" teams at the start of the NHL season, the winner finishing with the most points in the group. http://www.canoe.ca/CalgaryNews/cs.cs-11-13-0021.html - - - - - - - - - Kaspersky Lab Warns Over Revamped Hybris Worm Kaspersky Lab this morning issued a warning over a highly dangerous rework of the Hybris worm that has been discovered "in the wild" over the last few days, The Russian anti-virus specialist, which has taken to issuing daily updates to its IT security software, has warned customers that the virus has been seen around the world, but its especially prevalent in Latin America. The first version of Hybris was discovered by Kaspersky Lab and several other anti-virus software developers at the end of September, and was classified as a low-risk malicious program. However, over the last few days, the firm said it has been inundated by reports from users whose computers have been infected by a new version of the virus. http://www.newsbytes.com/news/00/158042.html - - - - - - - - - Software police run anti-piracy program In a secret location in London a team of internet investigators surf the net hunting for sites that publish pirated software. Fed with leads from emails, a phone hotline and tip-offs from industry sources the Business Software Alliance works to stem the flow of unlicensed software online. "We keep the location a secret to protect our staff from reprisals by angry pirates," says Margo Miller, head of the BSA's European enforcement unit. The web is the latest battlefield in a piracy war which, the BSA estimates, last year alone cost the software industry worldwide Ł7bn in missed revenue. "In the UK 26% of new business software installed last year was illegal," says Miller. "That's one in every four computers running a complete suite of pirated programs." http://www.guardianunlimited.co.uk/business/story/0,3604,396621,00.html - - - - - - - - - British cybercops to police E-Crime The British government announced a $35.79 million package Monday to help police deal with high-tech crime from computer hacking fraudsters to pedophiles who use the Internet. Home Secretary Jack Straw said a national high-tech crime unit would be operating by April next year to help local police forces and cooperate with police abroad. ``The crimes concerned cover a wide spectrum from hacking and financial fraud to obscenity and the unlawful activities of pedophiles,'' Straw said in a statement. Police have to be equipped to carry out forensic examination of computer systems, he said. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/627438l.htm http://www.zdnet.co.uk/news/2000/45/ns-19033.html - - - - - - - - - Historic cybercrime treaty gets last-minute remake The world's first cybercrime treaty is being hastily redrafted after Internet lobby groups assailed it as a threat to human rights that could have ``a chilling effect on the free flow of information and ideas.'' The Council of Europe, a 41-nation human rights watchdog based in Strasbourg drawing up the treaty, plans to issue a new draft late this week to clarify passages that led to what it sees as serious misunderstandings, a senior official said. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/627426l.htm - - - - - - - - - International consensus needed to regulate the Net Internet 'crimes' will continue to proliferate as territorial regulations are insufficient to counter them in the absence of a general agreement among nations on the issue of jurisdiction, says a legal consultant specialising in information technology laws. A general consensus on the issue of jurisdiction among countries was difficult to arrive, as it might amount to surrendering some amount of sovereignty of a country, Rahul Matthan, author of The laws relating to computers and the Internet, said while speaking on 'Law of cyberspace' here. http://www.timesofindia.com/131100/13info7.htm - - - - - - - - - Security headaches grow The brave new world of globalisation is raising a new set of safety and security concerns, many of which significantly affect the travel and tourism industry, according to experts at a global security congress held in Bangkok last week. Speakers at the World Security Congress 2000 said terrorism had become just one element among security challenges that now included increased use of fraudulent documentation, Internet virus and hacker attacks, money laundering, industrial espionage, anti-globalisation protests and even whistle-blowing by disgruntled employees. http://www.bangkokpost.com/today/131100_Business12.html - - - - - - - - - Beating Napster at its own game? Not according to software development company MediaDefender Inc. The Los Angeles-based startup thinks new music-swapping technologies and so called peer-to-peer music and entertainment networks will always be one step ahead of the law. Instead of taking hackers to court, the company argues, the entertainment industry should beat them with their own weapon: technology. How? MediaDefender claims the answer lies in "spoofing," a method in which a peer-to-peer entertainment network is flooded with fake files of a certain title. If an end user tries to download that title, he receives a "spoof" that has the same title as the requested song or video, but actually contains a message warning the user that he has attempted to break copyright law. http://www.zdnet.com/zdnn/stories/news/0,4586,2652781,00.html - - - - - - - - - Retailers Predict Increased Credit-Card Theft Online retailers are expecting to battle a sharp increase in credit-card fraud this holiday season. And a recent survey found that they are frustrated by their inability to do much about it. Nearly 83 percent of merchants who sell goods online said fraud is a serious problem, up from 75 percent who reported it as a problem a year ago, according to a survey commissioned by CyberSource, a vendor of electronic commerce software, and conducted by Mindwave Research. In addition, online retailers predicted credit-card fraud cases will increase by 24 percent this holiday season. "Their No. 1 concern wasn't the loss of dollars involved - although that was certainly a concern," said Tom Arnold, chief technology officer at CyberSource. "It was the potential threat to customer goodwill." http://www.zdnet.com/zdnn/stories/news/0,4586,2652636,00.html - - - - - - - - - eBay pulls auction for U.S. presidency How much is the presidency worth? Not enough for online auction site eBay. With confusion increasing over who will be the 43rd president of the United States, one eBay auctioneer had put the presidency up for bid. But the bidding did not last long, as eBay yanked the item, as it has done with undeliverable or illegal auctions in the past. Other auctions pulled have included 500 pounds of marijuana and a human kidney. Item No. 497945868 went up for bid around 9:50 a.m. PST Monday, with bids open for 10 days. Opening at one penny, the bid for the presidency had rocketed to $100 million by 2 p.m. PST. Shortly after, eBay closed down the auction. http://news.cnet.com/news/0-1005-200-3664281.html - - - - - - - - - IRS Raids Cypherpunk's House When a dozen armed federal agents invaded Jim Bell's home this week, he wasn't exactly surprised. Ever since Bell, a cypherpunk whom the U.S. government has dubbed a techno-terrorist, was released from prison in April, he's predicted another confrontation with the Feds. "They're basically trying to harass me," Bell said in a telephone interview. He has not been arrested or charged with a crime. In 1996, Bell attracted the unwelcome attention of the IRS and the U.S. Secret Service after they learned he was talking up a plan to promote the assassination of miscreant bureaucrats through an unholy mix of encryption, anonymity and digital cash. Bell even gave his scheme a catchy title: "Assassination Politics." http://www.wired.com/news/politics/0%2C1283%2C40102%2C00.html - - - - - - - - - You've been hacked: Should you tell the world? The highly publicized Microsoft security breach reportedly related to hacking Microsoft's .Net strategy files and Windows source code offers an example of how things can get worse when public disclosure goes wrong. If your company has no strategy for informing the public about a breach, the way you handle such an episode can damage your corporate credibility. Dealing with the public when a security breach occurs is as important as sealing the system and investigating potential losses. Hoping to be lucky and not be noticed when your company suffers a major security breach is not a realistic policy. News organizations and software and service vendors have a vested interest in exploiting your pain. For instance, security software vendors Trend Micro and Pelican Security both took advantage of Microsoft's misfortune and issued press releases claiming their products could have stopped the problem. http://www.zdnet.com/enterprise/stories/main/0,10228,2652725,00.html - - - - - - - - - Watching the Watchers: Intrusion Detection If you're one of the unfortunate souls who has been at ground zero during a high-impact security incident, you know the chaos that often ensues. When the big one hits, it can spawn teams of crazed administrators, flocks of delusional and impatient managers, and swarms of defensive developers. The resulting mess is a veritable rumor committee so poised for explosion that it rivals The National Enquirer in storytelling ability. Such a disaster is often curbed only by hardened incident-response veterans--teams that are as rare as they are essential. http://www.nwc.com/1122/1122f3.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000, NewsBits.net, Campbell, CA.