NewsBits for February 24, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Charges Filed in Online Drug Paraphernalia Sales Case Federal authorities charged 55 people Monday with trafficking in illegal drug paraphernalia from coast to coast, using both traditional stores and the Internet. A federal grand jury in western Pennsylvania handed up indictments against 27 people as part of "Operation Pipe Dreams," an investigation stretching from Pittsburgh to Phoenix to southern California, Attorney General John Ashcroft said. - - - - - - - - - - Ethical wireless hacker is innocent A Houston ethical hacker accused of breaking into the wireless network of a Texan court has been acquitted of all charges. Stefan Puffer, 34, was charged in July 2002 on "two counts of unauthorized access into a protected computer system and unauthorized access of a computer system used in justice administration", the Houston Chronicle reported yesterday. It's believed to be the first case of its kind in the US. - - - - - - - - - - Ohio Man Pleads Guilty In Sex-Slave Case An Ohio man pleaded guilty Friday to charges that he had a 15-year-old South Carolina girl sign a contract to be his sex slave and distributed child pornography over the Internet. Donald M. Cosstephens, 42, of Reynoldsburg, Ohio, was sentenced to 25 years in prison and will not be eligible for parole. - - - - - - - - - - Man pleads guilty in federal child pornography case With a last-minute guilty plea, a manager for the U.S. Department of Agriculture on Monday avoided a trial on charges that he downloaded child pornography from a Yahoo user group with his government computer at work. Prosecutors said they did not offer Jimmy Todd, 55, a plea bargain and that the Arlington resident now faces the same potential penalties as if he had been convicted at trial - up to five years in prison and a $250,000 fine. - - - - - - - - - - Child porn ring linked to gay club Five people have been charged with running a child pornography ring on the Internet which also advertised the services of an Athens gay dance club where minors were encouraged to meet men, police said yesterday. A police raid on the Spices club in Rouf, western Athens, resulted in another seven people being charged with public indecency and drug offenses after three men were found engaging in sex before an audience. - - - - - - - - - - Introducing the LoveGate-C Trojan Yet another mass mailing email worm is spreading across the Net today. LoveGate-C is a mass-mailing virus which incorporates its own SMTP engine and (of particular concern) a backdoor key-logging component. The virus, and its previous variants, normally arrives as an email with an infectious .exe attachment. Finnish AV firm F-Secure provides more details on what the worm looks like and what it does here. Blocking .exe attachments in email (which corporate security managers should do anyway) will block its spread. Users, whether in business or at home, may want to update their AV signature files to detect the virus, which is spreading - though not to the extent where normal Internet traffic is being significantly affected. LoveGate worm carries nasty payload,,t269-s2130975,00.html Worm variant is spreading from Asia - - - - - - - - - - Senate cracks down on child porn The Senate has unanimously voted to ban pornography that uses both real and computer-generated children. The 84 to zero vote came on a measure that senators crafted after last year when the Supreme Court struck down most of a 1996 law banning virtual child pornography. The court ruled the law was unconstitutionally vague when it banned images that only appear to depict real children engaged in sex. - - - - - - - - - - Firing Leaflets and Electrons, U.S. Wages Information War Even before President Bush orders American forces to loose bullets and bombs on Iraq, the military is starting an ambitious assault using a growing arsenal of electronic and psychological weapons on the information battlefield. American cyber- warfare experts recently waged an e-mail assault, directed at Iraq's political, military and economic leadership, urging them to break with Saddam Hussein's government. A wave of calls has gone to the private cellphone numbers of specially selected officials inside Iraq, according to leaders at the Pentagon and in the regional Central Command. - - - - - - - - - - Citibank gags crypto researchers The High Court in London has imposed an injunction on Cambridge University security experts who claim to have uncovered serious failings in the system banks use to secure ATM PIN codes. The gagging order, preventing public disclosure of cryptographic vulnerabilities, was made at the request of CitiBank and Diners' Club against experts due to testify in a 'phantom withdrawal' case to be heard in the South African High Court next month. - - - - - - - - - - Visa getting tough on child porn The giant credit card company Visa sponsors the Olympics, the National Football League and NASCAR. "It's everywhere you want to be," proclaims its ads. But now, Visa has taken an unpublicized stance on where it doesn't want to be: on Internet sites selling child pornography and other depictions of sexually deviant behavior. Over the past year, Visa has set up a system to identify purveyors who use Visa to sell illegal pornography. This means the card issuer is reporting sites with illegal photos and videos to the global police forces responsible for enforcing child-porn laws. - - - - - - - - - - Ban on Porn Is Proposed at University Professor's bid to limit use of computers spurs debate on academic, 1st Amendment freedoms. An engineering professor at Cal Poly San Luis Obispo has launched a campaign to ban the use of school computers to view pornography, igniting debate over the limits of academic freedom. Linda Vanasupa, chairwoman of the materials engineering department, plans to introduce a resolution in April before the academic senate to impose the ban. (LA Times article, free registration required),1,6345456.story - - - - - - - - - - A world of imaginary victims but very real crimes They met on the Internet. Before their first online chat was over, he raised the prospect of sex. Three weeks later, he was urging her to go with him to a hotel. He would wear a condom, he promised, assuring her there was little chance she would get pregnant. He was 38 and she was 13. But when Michael Ciano drove to an East Brunswick restaurant to pick up his young date, he was met by FBI agents and investigators from the Middlesex County Prosecutor's Office. - - - - - - - - - - Parents patrol for those who troll for sex It is 10:30 a.m. on a school day and Parry Aftab is monitoring an Internet chat room for youngsters ages 8 to 16. A 40-year-old man from Florida is obviously trolling for sex. A Canadian claims he is 16 but will later admit to being older. Online, you can be anyone you want. But two can play that game. Aftab, the founder of WiredPatrol and an expert on Internet safety, logs on as a 13-year-old girl from New Jersey to demonstrate the hazards youngsters face online. - - - - - - - - - - Parents turn to Internet filters to protect their children No doubt the Internet is a teen's dream, a place to chat with friends, find help with homework and surf for news about sports, music or any other interest a kid could have. But it's also a parent's nightmare, where a Web address that appears harmless actually spews hate or sells porn, and a chat room for pre-teens could hide a child predator. - - - - - - - - - - Microsoft 'turning the tide against pirates' A year after announcing a heavy crackdown on piracy in the channel, Microsoft is claiming significant success in its battle against counterfeiters. Last year the software giant launched more than 1,000 legal cases against UK resellers caught selling illegal software. During 2002, Microsoft's anti- piracy team investigated more than 2,200 leads in the channel. - - - - - - - - - - IT counts cost of grey market Grey market damages brands and erodes profits for vendors and VARs, says KPMG. The worldwide grey market for IT hardware is costing the industry PS3.1bn in lost profit, and its annual market worth is PS25bn, according to research by consultant KPMG. - - - - - - - - - - Studios, Firms in Piracy Talks Trying to plug another potential hole in the anti- piracy dike, Hollywood studios have started a new round of private meetings with high-tech companies and consumer-electronics manufacturers to explore ways to stop unauthorized recordings. This time, the issue is how to preserve anti-copying signals on a digital television show, online video or DVD when converted from digital to analog. (LA Times article, free registration required),1,4082697.story Media Copyright Law Put to Unexpected Uses,1,7346857.story - - - - - - - - - - 'Honest Thief' waves pirate flag Dutch company PGR says it "will become to file sharing what the Swiss are to banking." It's the latest threat to the entertainment and recording industry. A Dutch company calling itself an "honest thief" has become the latest threat to an entertainment and recording industry beset by swelling numbers of file-swapping services.,,t269-s2130915,00.html - - - - - - - - - - Program Hides Secret Messages in Executables Netizens with extreme privacy needs got a new tool for their cyber utility belts recently with the release of an application that lets users hide secret messages in virtually any executable computer program, without changing the program's size or affecting its operation. The tool is called "Hydan," an old English word for the act of hiding something, and it's part of a research project by Columbia University computer science masters student Rakan El-Khalil, who showed off the program to a small group of open-source programmers and hackers gathered at the second annual CodeCon conference in San Francisco on Sunday. - - - - - - - - - - Antispam Tools Multiplying Like Spam Many companies are offering multiple levels of filtering, including so-called blacklists and whitelists. Other tools streamline administration, such as adding automated updating services much like antivirus software. As spam continues to roll over corporate networks in ever-larger quantities, the cavalry of vendors offering defenses continues to grow as well. No fewer than five vendors are shipping or are about to release new products designed to keep spam from polluting corporate e-mail systems. - - - - - - - - - - Novel explores U.S.-Iraq cyberwar Iraq has launched a cyberattack against the United States, targeting everything from critical infrastructure networks to government systems. Authorities are hamstrung by political and legal impediments, forcing a cyber vigilante to lead a rebel force against Iraq, which makes him the target of the U.S. government as well as the terrorists. - - - - - - - - - - California city blocks employees access to some sites American Canyon, Calif., described as the gateway to Napa Valley, supplies water to nearby wineries. But this city of about 12,000 is using software to block the gateway to harmful or inappropriate Internet use by city employees. Systems administrator Keith Finkel is using Sentian software from N2H2 Inc. of Seattle to report and monitor employees Internet use. - - - - - - - - - - An ID With a High IQ 'Smart Cards' Are in Demand as Concerns About Security Rise, but Privacy Issues Loom. Far from a mere photo ID, the government badge dangling from Doug Verner's belt is also a high-tech security key. - - - - - - - - - - DOD will sponsor biometrics training at West Virginia Univ. The Defense Departments Biometrics Management Office and West Virginia University have developed a Graduate Certificate Program in Information Assurance and Biometrics. University professors, using curriculum they developed with DODs biometrics office, will teach 25 students about the uses for biometrics, security system principles, the scientific foundation for biometrics, and about social, psychological, ethical and legal policies in the field. - - - - - - - - - - Media Gone Mad Why last week's big Windows security hole is nothing more than technology press hot air. "Windows XP Kills Dog, Steals Toaster" That's the next headline I'm expecting to read after wallowing through a week of technology press misreporting about the latest security issue in Windows XP -- an "issue" that's really nothing of the sort. At the center of this shameful tempest in a teapot is the Windows Recovery Console (RC), which by design allows you to boot up a damaged system and access supported file systems like FAT and NTFS. - - - - - - - - - - Spyware epidemic rallies call for action EarthLink's technical support staff handles a variety of problems: broken networks, corrupted files, coffee spills--and, increasingly over the past few months, bitter complaints from subscribers about "spyware" and "adware." Those persistent types of programs, frequently operating on computers without owners' knowledge, have spread quickly in the last year, evolving as rapidly as anti-spyware software has been able to find them. EarthLink executives estimate that 40 percent to 50 percent of the Internet service provider's subscribers have running on their machines some kind of advertising or more-malicious program, which often monitors their behavior and sends the data back to the software's parent company. - - - - - - - - - - Perspective: Get ready to be fleeced Don't look now, but a team of lobbyists and politicians is gearing up to enact new digital copyright laws that will cost you more money and result in more government regulations. Unhappy with the current reach of the law, the lobbyists and politicians believe that more restrictions levied on U.S. companies are necessary. Their target: The consumer electronics industry, which is already suffering through America's economic malaise and, conceivably, companies that sell music and video-playing software as well. - - - - - - - - - - UK tech 'not ready' for terror attack Work on a computer network designed to enable coordination of responses in the event of a terror attack has stalled, leading to some fears about how the UK would cope. The UK government's ability to protect its citizens in the event of a large-scale terrorist attack has been called into question today following the revelation that work on a dedicated computer network to coordinate the emergency services' response to such a situation has stalled.,,t269-s2130960,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.