High Tech "NewsBits" for 02/07/03

NewsBits for February 7, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Report: Bush orders cyberwarfare plans President Bush has ordered the government to draw up guidelines for cyberattacks against enemy computer networks, according to a report published Friday. Bush signed a directive last July ordering the government to develop, for the first time, rules for deciding when and how the United States would penetrate and disrupt foreign computer systems, The Washington Post reported. The secret national security directive had not been publicly disclosed until now, the newspaper reported. http://zdnet.com.com/2100-1105-983723.html http://news.zdnet.co.uk/story/0,,t269-s2130058,00.html http://www.washingtonpost.com/wp-dyn/articles/A38110-2003Feb6.html http://www.msnbc.com/news/869751.asp http://www.cnn.com/2003/TECH/biztech/02/07/arms.cyber.reut/index.html http://www.wired.com/news/conflict/0,2100,57591,00.html http://www.vnunet.com/News/1138573 http://www.usatoday.com/tech/news/2003-02-07-cyberspace-war_x.htm DOD plans network attack task force http://www.fcw.com/fcw/articles/2003/0203/web-net-02-07-03.asp Anti-terror spying technology to receive oversight http://www.usatoday.com/tech/news/techpolicy/2003-02-07-oversight_x.htm - - - - - - - - - - International raid nabs two over TK worm In a joint U.K.-U.S. operation, two men have been questioned and evidence seized related to the TK worm, which caused millions of dollars in damage to computer systems worldwide. The two U.K. men --a 19-year-old electrician and an unemployed 21- year-old man--were interviewed Thursday by the London-based National Hi-Tech Crime Unit (NHTCU). The move follows the use of search warrants this morning in County Durham in the north of England. Two addresses were searched and evidence was retrieved relating to computer and drugs offences. http://news.com.com/2100-1001-983804.html http://www.vnunet.com/News/1138572 http://www.nandotimes.com/technology/story/753510p-5450708c.html - - - - - - - - - - Student charged with massive ID fraud A former student has been charged with installing secret keystroke monitoring software on "dozens of computers" on the Boston College campus to harvest personal data on thousands of University computer users. Douglas Boudreau, 21, of Warwick, Rhode Island, was yesterday indicted by a Middlesex County, Massachusetts grand jury on six counts of interception of wire communications, eight counts of unauthorized access to a computer system, two counts each of larceny over $250 and identity fraud. To cap that he's also charged with breaking and entering, as well as one count each of stealing from a building and distributing counterfeit movies and television shows. http://www.theregister.co.uk/content/55/29233.html http://news.zdnet.co.uk/story/0,,t269-s2130064,00.html http://www.wired.com/news/infostructure/0,1377,57587,00.html - - - - - - - - - - FBI Seeks Hacker Who Stole Credit Card Numbers From EBay Users At least one person and possibly more lost money when a hacker used the University of North Carolina at Charlotte's computer system to steal personal financial information from eBay users, the FBI said Friday. Agents know of one person who lost money, said Chris Swecker, who heads the FBI in North Carolina. "I'm pretty sure there's some more out there," he said. http://www.washingtonpost.com/wp-dyn/articles/A39049-2003Feb7.html http://www.cnn.com/2003/TECH/internet/02/07/ebay.hacker.ap/index.html http://www.wired.com/news/business/0,1367,57592,00.html http://www.usatoday.com/tech/news/computersecurity/2003-02-07-ebay-scammer_x.htm http://www.nandotimes.com/technology/story/754395p-5455638c.html - - - - - - - - - - Former employee charged in ViewSonic hack A felon and ex-employee of ViewSonic was arrested Thursday for allegedly hacking into its computer system and destroying data, and shutting down a server that was central to the company's foreign operations. Andy Garcia, 39, was taken into custody on a federal indictment that charges him with unauthorized access to a protected computer and for being a convicted felon in possession of a firearm. http://zdnet.com.com/2110-1103-983802.html http://news.com.com/2100-1040-983748.html http://news.zdnet.co.uk/story/0,,t269-s2130094,00.html - - - - - - - - - - On the trail of a stolen Tablet PC Tracking information from security software has allowed Devon Police to recover a stolen Tablet PC and make an arrest today. The Acer Tablet was stolen from Newbury, Berkshire-based IT reseller Eurotechnix last December. Fortunately the PC was loaded with security tracking software, called Computrace, which allowed its location to be determined once the PC was plugged onto the Net. http://www.theregister.co.uk/content/55/29242.html - - - - - - - - - - Judge Won't Exclude Alleged Child Porn A federal judge has refused to toss out evidence gathered by police last year during a search of a Clearfield couple's computer, which allegedly yielded pornographic images of their young daughters. The couple's defense attorneys had argued that a woman who was living at their home while the couple vacationed did not have authority to consent to the police's search of the computer. http://www.sltrib.com/2003/Feb/02072003/utah/27129.asp - - - - - - - - - - Sex sting acquittal prompts response from state delegate A local judge's acquittal of a man charged with soliciting sex from a state trooper posing as 13-year-old girl over the Internet has prompted a Baltimore County lawmaker to introduce a bill that would strengthen the hand of prosecutors in such cases. The law regulating online solicitation must be amended so that the Internet stings police use to catch alleged sexual predators will have a better chance of standing up in court, Del. Bobby Zirkin said. http://news.mywebpal.com/news_tool_v2.cfm?pnpID=573&NewsID=427000&CategoryID=742&show=localnews - - - - - - - - - - ASU student nabbed in Internet sting Maricopa County Sheriff's deputies arrested an ASU student Thursday afternoon who had been snared in an Internet sting as an alleged sexual predator. Samuel Ellis Lawson, a 19-year-old undeclared undergraduate at ASU, was apprehended and charged with luring a minor for sexual exploitation [a Class 3 felony] after he allegedly arranged a meeting with who he thought was a 13-year-old girl he encountered via an Internet chat site, MCSO Sgt. Paul Chagolla said. The girl, however, was actually an undercover deputy working with the MCSO's Computer Crimes Division who had been communicating with Lawson for the past two weeks, Chagolla said. http://www.statepress.com/news/363743.html - - - - - - - - - - Man gets prison term for Internet child porn A Lansing man will serve at least 23 months in prison for sending child pornography over the Internet. John Edward Bean also will have to pay $50,000 in fines after pleading guilty to three child pornography charges. He could serve as long as 10 years in prison. "My message to criminals is simple: If you target the children of this state I will put a target on you," Attorney General Mike Cox said in a statement. http://www.lsj.com/news/local/p_030207_sentence_1b.html - - - - - - - - - - Ex-priest gets five more years A federal judge on Thursday tacked five more years onto the child pornography prison sentence of a former Roman Catholic priest from a Wheeling church, raising the admitted child molester's total punishment to 20 years. The overall sentence imposed on Vincent McCaffrey, 50, is believed to be the longest ever given to someone convicted of possessing lewd images of children, prosecutors said. The former priest was arrested after authorities busted a New Zealand-based child porn Internet site last year. McCaffrey's name was found on a subscribers list, and U.S. Customs agents raided his Chicago condo. http://www.dailyherald.com/cook/main_story.asp?intID=37659159 - - - - - - - - - - Suspended term for computer child porn man A MAN found drunk in front of a computer where he had downloaded child porn movie files walked free from a Belfast court today. Detectives found former City Council worker David Fleming, 50, slumped and asleep when then they raided his home at Whitehead, Co Antrim. Later, he was forced to leave and return to live with his parents after neighbours became aware of his secret activity. Police examined his computer and found graphic film footage of young girl aged 10 or 11 involved in sex acts with a man. http://www.belfasttelegraph.co.uk/news/story.jsp?story=376398 - - - - - - - - - - Web magazine publishes, retracts virus hoax story An online news site published and then retracted a story this week that claimed a radical Islamic group was behind a virus-like attack in January that clogged the Internet. In Wednesday's article on the Web site of Computerworld magazine, someone identified as "Abu Mujahid" said his Pakistan-based Harkat-ul- Mujahadeen group had unleashed the Internet worm attack as part of a "cyber jihad." http://online.securityfocus.com/news/2286 http://www.nandotimes.com/technology/story/753560p-5450872c.html http://www.theregister.co.uk/content/55/29245.html - - - - - - - - - - Discarded computer had confidential medical information A state computer put up for sale as surplus contained confidential files naming thousands of people with AIDS and other sexually transmitted diseases, the state auditor said Thursday. "This is significant data. It's a lot of information with lots of names and things like (the numbers of) sexual partners of those who are diagnosed with AIDS," Auditor Ed Hatchett said. "It's a terrible security breach." The computer, which had been awaiting sale at the state's surplus-property office, never left state custody, Hatchett said. http://online.securityfocus.com/news/2274 http://www.usatoday.com/tech/news/2003-02-07-surplus-computer_x.htm - - - - - - - - - - Pop-up ad lawsuit settled The nations largest news publishers have settled a dispute over an Internet advertising practice they had deemed parasitical: unauthorized, third-party ads that pop up while visiting NYTimes.com and other news sites. Terms of the settlement were confidential, said Terence Ross, the lead attorney for the publishers. He said Friday that the settlement was reached late Tuesday. http://www.msnbc.com/news/870002.asp http://www.cnn.com/2003/TECH/internet/02/07/ad.tussle.ap/index.html http://www.nandotimes.com/technology/story/754724p-5457427c.html - - - - - - - - - - Slammer report: More headaches After a round-the-clock weekend watch for any infection of the so-called SQL Slammer worm--also know as Sapphire and SQL Hell--that hammered other companies' networks, the software maker apparently had escaped with only minor incidents in its international offices. Until Tuesday. More than three days after the worm started spreading on the evening of Jan. 24, Slammer somehow got into Siebel's internal network and sent traffic skyrocketing. http://zdnet.com.com/2100-1105-983736.html The Week in Review: Lair of the SQL worm http://news.zdnet.co.uk/story/0,,t269-s2130096,00.html http://news.com.com/2100-1083-983720.html - - - - - - - - - - Law Would Require Computer Repairmen To Report Child Porn People who fix computers would have to report child pornography they find under a bill an Illinois House committee approved on Thursday. Woodstock Democrat Jack Franks sponsored the bill. He said computer service workers would have to alert authorities if they find obscene images of children on machines they repair. People who don't report images they discover could be fined $1,000. A judiciary committee sent the bill to the House floor without opposition. Supporters of the bill say it is similar to a current law requiring photo-processing workers to report instances of child pornography. http://www.nbc5.com/news/1963265/detail.html - - - - - - - - - - Manila a major source of Net child porn The Philippine capital has become a major source of Internet child porn, but weak laws and lack of trained investigators are hampering an ongoing crackdown, officials admit. Arrests in recent months have opened the lid on a highly lucrative business that exploits mainly children and is run by single, tech-savvy men in their mid- to late-20s who use computers in Internet cafes to evade detection. This profile was culled from recent investigations, said Mr Alex Ramos, executive director of the Philippine Centre for Missing and Exploited Children. http://straitstimes.asia1.com.sg/asia/story/0,4386,170363,00.html - - - - - - - - - - Crime scene investigation Postal inspectors at the Jack D. Watson Post Office in Forth Worth, Texas, spend most of their days investigating credit card fraud, the theft of parcels and other abuses of the US mail system. Early in 1999, however, a very different kind of case came along. The tip-off that would eventually lead to the arrest of Pete Townshend, the guitarist with The Who, came from an acquaintance of Bob Adams, a postal inspector. The friend, from Minnesota, who has never been named, stumbled upon a website operating under the name Landslide Productions Inc. The name of the site was innocuous; its content was not. At the bottom of Landslide Productions' home page, which was illustrated with a scenic mountainside view, was an invitation to click on a button marked "child porn". http://www.theage.com.au/articles/2003/02/07/1044579926881.html - - - - - - - - - - Spyware found on one in three corporate networks One in three European companies are harbouring spyware apps on their networks, a new study claims. Spyware applications, programs which surreptitiously send information from surfers' PCs to marketing outfits, are becoming a bigger problem, according to the Emerging Internet Threats Survey 2003. Spyware on company systems leaves companies vulnerable to unknown outside parties such as competitors, crackers or spammers, who can gather confidential company information without consent, the survey warns. http://www.theregister.co.uk/content/55/29235.html - - - - - - - - - - Europe takes on cybercrime A rapid reaction force to act against attacks on computer networks is to be set up by the European Commission. The European Commission will next week announce plans to set up a pan-European rapid reaction force against attacks on vital computer networks, a Commission spokesman has said. Authorities worldwide have woken up to the dangers of serious network failures, such as those caused by computer worm "SQL Slammer" earlier this year. Potential terror strikes are also a source of concern after the 11 September attacks. http://news.zdnet.co.uk/story/0,,t269-s2130065,00.html - - - - - - - - - - States Still Trying to Stop Spam In the losing battle against spam, two states are considering a novel approach: the creation of "do not e-mail" registries patterned after the statewide "do-not-call" lists that restrict the activities of telemarketers. Legislation introduced in Colorado and Missouri would create a central database of residents who don't want to receive unsolicited e-mail and would allow consumers to sue marketers who ignore their wishes. http://www.wired.com/news/business/0,1367,57585,00.html - - - - - - - - - - Microsoft coders get a bug-catcher Microsoft developers now have a new tool to help them catch security bugs in their own code. The software giant plans to announce on Monday that a plug-in created by security firm Sanctum, scheduled for release in March, will be the first to easily integrate with Microsoft's development platform Visual Studio .Net. The tool, AppScan Developer Edition 1.5, can be run on Web applications in real time to catch common programming flaws. http://news.com.com/2100-1001-983827.html - - - - - - - - - - MS and IBM demo secure Web services Web Service interoperability between the Microsoft and IBM environments using tools compliant with the WS-Security specification was successfully demonstrated for the first time earlier this week. SSL and web server-enforced security is generally considered inadequate when deploying mission critical Web Services on the Net. To address this, IBM and Microsoft helped develop products compliant with the WS-Security specification. http://www.theregister.co.uk/content/53/29243.html - - - - - - - - - - Future Secure Quantum cryptography, which uses principles of quantum physics to encrypt data and track attempts to steal it, is one next-generation security technology attracting more attention. If the multifaceted computer attack threats and surprises of the past year are any indication, 2003 could shake out to be as tumultuous and unpredictable as its predecessor. http://www.newsfactor.com/perl/story/20707.html - - - - - - - - - - Why Spy? Technology that monitors employees' Web usage sounds like a smart way to keep them focused on work. Wrong. Let 'em surf. It's no secret that plenty of workers use their company's high-speed Internet access to shop, make travel arrangements, or just surf the Web. Research firm ComScore Networks, in fact, found that, excluding auctions, 59 percent of all 2001 Web purchases in the United States were made from the workplace. Another study, by Vault. com, found that 47 percent of employees spend at least half an hour a day cruising the Web for personal reasons. http://www.business2.com/articles/mag/0,1640,46179,00.html - - - - - - - - - - French police seize mobile phone guns French police said Friday they had seized two lethal mobile phones capable of shooting four bullets, with the digital touchpads used as triggers. The black phones, identical to normal mobile phones on the outside, were discovered in a raid on a suspected criminal's home Tuesday in the northern city of Rouen. The deadly phones come apart in the middle to reveal a four-chamber compartment for .22 caliber bullets, which can be shot out of a protruding fake antenna. http://www.cnn.com/2003/TECH/ptech/02/07/france.guns.reut/index.html - - - - - - - - - - Video screens suspicious activity A man walks into an airport, nonchalantly drops his suitcase in the corner of a waiting area filled with people and leaves. Did this passenger simply forget his bag, or does it contain explosives that could injure or kill everyone in the room? http://www.fcw.com/fcw/articles/2003/0203/web-video-02-07-03.asp *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.