NewsBits for March 12, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ New Code Red Variant Causes Concern A new version of the Code Red worm is spreading on the Internet, more than 18 months after the original worm infected Web servers worldwide, according to alerts posted Wednesday by a number of antivirus software vendors. The new version, labeled CodeRed.F, is almost identical to another Code Red variant, CodeRed.C, also known as Code Red II, according to information posted by F-Secure of Helsinki, Finland. http://www.pcworld.com/news/article/0,aid,109788,00.asp http://news.com.com/2100-1002-992361.html http://www.theregister.co.uk/content/56/29724.html http://www.computerworld.com/securitytopics/security/story/0,10801,79267,00.html - - - - - - - - - - Man on house arrest stole thousands of identities online A man already on house arrest for identity theft is back in jail on charges that he stole information from more than 2,000 people over the Internet. Sirvon Thomas, 22, used those people's information to open lines of credit to buy computer equipment, which he then put up for sale on eBay, investigators said. He then accepted money but never delivered the goods, they said. After a five-month investigation, police arrested Thomas on Saturday and charged him with scheming to defraud and two counts of identity theft. Over three years, police said, he told them he got 2,000 identities from across the country and pocketed more than $100,000. http://www.usatoday.com/tech/news/2003-03-12-net-theft_x.htm - - - - - - - - - - Suspected piracy ringleader indicted The suspected leader of one of the Internet's oldest piracy groups has been indicted and his extradition from Australia is being sought, a U.S. federal attorney said Wednesday. A federal grand jury in Connecticut charged Hew Raymond Griffiths of Bateau Bay, Australia, with one count of conspiracy to commit criminal copyright infringement and one count of copyright infringement related to his alleged role in leading the software piracy group called DrinkorDie. DrinkorDie illegally copied and distributed more than $50 million worth of pirated software, movies, games and music, according to a press release issued by the office of U.S. attorney Paul McNulty. http://news.com.com/2100-1028-992373.html - - - - - - - - - - 42-year-old pervert 'groomed' teen girl A MAN 'groomed' a Newbury teenager he had contacted through an Internet chat room before persuading her to indulge in 'phone sex' and to send him indecent pictures of herself. Posing as someone much younger, Peter Tomlinson also persuaded her to meet him and kissed and fondled her, although by then she was 16, Warwick Crown Court was told. Tomlinson had confessed to the police after they had raided his home and discovered that he had been visiting child porn websites - which he claimed must have been put there by someone hacking into his computer. http://icberkshire.icnetwork.co.uk/0100news/0200berkshireheadlines/page.cfm?objectid=12726175&method=full&siteid=50102 - - - - - - - - - - Brown receives additional child porn charges A federal grand jury on Tuesday indicted Randy Brown on two additional child pornography charges. The former Iowa State University men's assistant basketball coach now is facing additional charges of possession and receipt of pictures of minors engaged in sexually explicit conduct. Last week, authorities charged Brown with obstruction of justice and possession of child pornography. The obstruction charge has been dropped. http://www.zwire.com/site/news.cfm?newsid=7350271&BRD=2035&PAG=461&dept_id=238101&rfi=6 - - - - - - - - - - Harmon facing child porn charges A former vice president of the South Central Ohio Big Brothers/Big Sisters was arrested Friday on child pornography charges. Harold Harmon, 59, of 22798 Morris Leist Road, Stoutsville, has been charged with illegal acts with a minor and use of a minor in nudity oriented materials, a second-degree felony. According to a Big Brothers/Big Sisters publication in Gazette files, he was vice president of the board of directors for the local chapter in 1991. According to Pickaway County Sheriff's Office Detective Gary Combs, who is handling the Harmon investigation, his office received a tip that Harmon had child pornography at his home and a search warrant was issued Friday. During the search, officers uncovered several forms of computer-generated child pornography. http://www.chillicothegazette.com/news/stories/20030312/localnews/1160784.html - - - - - - - - - - Librarys computer used by parolee for porn A 32-year-old man was taken into custody on violations of his probation after his probation officers found him with pornography that reportedly had been downloaded from a computer at the Fond du Lac Public Library. Circuit Court records show Troy Craig is a convicted sex offender in Fond du Lac County. Fond du Lac Police Capt. Kevin Lemke said he was aware that Craig had downloaded the pornography from a library computer, despite filters being used there. http://www.wisinfo.com/thereporter/news/archive/local_9181965.shtml - - - - - - - - - - Albuquerque prosecutor fired over child porn allegations District Attorney Kari Brandenburg of Albuquerque has fired one of her prosecutors. She says she fired Assistant District Attorney Richard Earl on Monday after learning he was once investigated for allegedly having child pornography on his computer. The 1997 case was never prosecuted. http://www.kobtv.com/archive/2003/march/12/earl_fired.htm - - - - - - - - - - Pete Townshend Off the Hook? The Who mastermind could be close to cutting a deal that could make his child-porn case disappear. British authorities are considering giving him a caution for illegally downloading kiddie porn, according to London's Daily Mail newspaper. Such a decision would mean the rock icon would avoid a potentially damaging trial, but Townshend would have to admit guilt, which would then go on his record. http://www.eonline.com/News/Items/0,1,11421,00.html - - - - - - - - - - Network worm slow to spread Despite initial fears, the new Windows network worm Deloder, which made its appearance this week, does not appear to be spreading. Advice put out by TruSecure's surgeon-general Russ Cooper on the NTBugTraq mailing list said the rapid increase in the worm's activity was being monitored by the company's director of malcode research. Some anti- virus firms like F-Secure ranked the worm as likely to pose some problems and it even gained a listing on AusCert. http://www.smh.com.au/articles/2003/03/12/1047145001902.html - - - - - - - - - - Senate leader explains poll "hack" Senator Frist's office has elaborated on its explanation of why it pulled a website poll about the Iraq war last week. We could find no evidence of a security breach at the Senate, although this was the primary reason suggested by a Frist spokesperson on Friday. In fact, the poll was hosted outside the Senate firewall, his office now confirms. The poll was discovered by bloggers, including Tom Tomorrow, who linked to the poll while it was showing a majority in favor of the war. By the time the poll was pulled, the vote count had swung to the Noes. "Our computer guy has identified one individual who voted 8,700 times," the spokesperson told us today. Apparently, the software deleted the cookie and voted again. http://www.theregister.co.uk/content/6/29713.html - - - - - - - - - - Congress cracks down on P2P porn The U.S. Congress is targeting peer-to-peer networks again--and this time politicians aren't fretting over music and software piracy. A pair of government reports scheduled to be released at a hearing on Thursday warn that file-swapping networks are exploding with pornography --much of which is legal, and some of which is not. Searching for words such as "preteen," "underage" and "incest" on the Kazaa network resulted in a slew of images that qualify as child pornography, the General Accounting Office said in a 37-page report, one of two obtained by CNET News.com. The second report, prepared by staff from the House Government Reform Committee, concluded that current blocking technology has "no, or limited, ability to block access to pornography via file-sharing programs." http://news.com.com/2100-1028-992371.html - - - - - - - - - - Court hears appeal on game violence The video game industry told a federal appeals court on Wednesday that it has the same rights to free speech as moviemakers and publishers and urged the court to overturn a local government ban on the sale of violent video games to minors. Appearing before a three-judge panel of the U.S. Eighth Circuit Court of Appeals, attorneys for the Interactive Digital Software Association, which represents the video game industry, argued that a lower court ruling upholding St. Louis County's restrictions on game sales should be overturned as unconstitutional. http://news.com.com/2100-1026-992290.html - - - - - - - - - - Kansas lawmakers debate filters on library computers A proposal to require that public libraries install computer filters to shield minors from Internet pornography would be costly and ineffective, opponents told a Kansas House committee Tuesday. The testimony before the state's Federal and State Affairs Committee came one day after proponents spoke for the measure. Among the supporters was a Topeka woman who said the Topeka-Shawnee County Public Library was not policing its computers and their use by minors. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5374384.htm - - - - - - - - - - Top Homeland hires considered The Bush administration is considering hiring New York City's counterterrorism chief and Coca-Cola Co.'s top cybersecurity watchdog for top jobs in the new Homeland Security Department, Federal Computer Week has learned. Retired Marine Corps Lt. Gen. Frank Libutti, who took on the New York City post Jan. 16, 2002, is being considered as undersecretary for intelligence analysis and infrastructure protection for the new department. And Robert Liscouski, the director of information assurance for the soft-drink maker, is under consideration for assistant secretary for infrastructure protection. http://www.fcw.com/fcw/articles/2003/0310/web-home-03-12-03.asp - - - - - - - - - - Report to recognize agencies' progress toward IT security The Bush administration is readying a report that will recognize several government agencies for making tangible progress in their efforts to meet security goals for information technology, according to administration officials. The White House Office of Management and Budget (OMB) is preparing to send Congress an annual report highlighting the status of those IT initiatives, OMB analysts told members of a National Institute of Standards and Technology advisory board on Wednesday. The report will be the last IT security review by OMB before it updates its guidelines and agency reporting requirements under new IT rules created under a recent e-government law. http://www.govexec.com/dailyfed/0303/031203td2.htm - - - - - - - - - - Netherlands No Hacker Haven The Netherlands is no Napster nation. Contrary to implications in recent media reports, Dutch lawyers say their small European country shouldn't be held up as the poster child for file-sharing and copyright violation. A court case against file-sharing service Kazaa helped stir up the confusion. Dutch royalties agency Buma/Stemra sought an injunction against Kazaa to stop it from distributing a file-sharing utility and allowing copyrighted material to be swapped on its network. But the judges in the case said Kazaa could not be responsible for the illegal actions of others. Buma/Stemra has appealed the decision to the Dutch Supreme Court. http://www.wired.com/news/digiwood/0,1412,58007,00.html - - - - - - - - - - Stalkers, the merely curious troll for lost acquaintances online Savvy Web users are using Google and other powerful Web search tools to track down or keep tabs on long- lost acquaintances be they former lovers, classmates, friends or enemies. These searches, which once might have required hiring a private detective, have become increasingly easy as the amount of data available on the Web grows. Sites like AltaVista, which indexed about 20 million Web pages when it was founded in the mid-1990s, now has information on billions of pages. http://www.usatoday.com/tech/webguide/internetlife/2003-03-12-net-search_x.htm - - - - - - - - - - Military to Clamp Down on E-Mail Concerned that sensitive information might leak out, some units of the United States military are starting to clamp down on e-mail communication from their soldiers and sailors, who have been using it from ships, bases and even desert outposts to stay in touch with family and friends. The uncertainty underscores the double-edged nature of a technology that is providing a new opportunity for instantaneous interaction from remote locations, a development the Pentagon believes is helping to improve morale in the field and among relatives back home. At the moment, much of the electronic communication is unmonitored by the military, providing an opportunity for what some fear could be inadvertent leaks. (NY Times article, free registration required) http://www.nytimes.com/2003/03/12/international/middleeast/12MAIL.html - - - - - - - - - - NIH monitoring Internet use The National Institutes of Health has deployed software to track and manage Internet use for more than 41,000 employees. NIH, an agency in the Department of Health and Human Services, signed a two-year contract with San Diego-based Websense Inc. for the company's Websense Enterprise employee Internet management software. The software, which blocks certain Web sites or limits personal Internet use, is intended to increase productivity and cut down on security risks. http://www.fcw.com/fcw/articles/2003/0310/web-nih-03-11-03.asp - - - - - - - - - - Group resumes Xbox cracking project A group of computer hobbyists has resumed its effort to crack the main security code for Microsoft's Xbox video game console. The Neo Project, a group that uses distributed computing techniques to crack security challenges, on Wednesday began offering software for its "Operation Project X." Distributed computing, best known by the Seti@Home project searching for signs of extraterrestrial life, divvies up complex computing tasks among myriad computers. The Neo Project software will use thousands of PCs to try to guess the 2,048-bit encryption code used by the Xbox, an approach that could take years to yield results. http://news.com.com/2100-1043-992252.html - - - - - - - - - - New Mexico gets ready for HIPAA compliance As states scramble to meet the April 14 deadline for the Health Insurance Portability and Accountability Acts privacy rules, New Mexico is smoothing its way to HIPAA compliance by focusing on data integration. HIPAAs privacy rule took up 40 pages of the Federal Register, plus 900 pages of preamble and explications, said Mary Gerlach, CIO of New Mexicos Health Department. All of this was in three columns, in tiny print. Its a very challenging law, she said. http://www.gcn.com/vol1_no1/daily-updates/21386-1.html - - - - - - - - - - OMB, DHS working on privacy The Office of Management and Budget is working with closely with the Homeland Security Department (DHS) to that ensure privacy concerns are adequately addressed as new information systems and sharing mechanisms are developed. OMB met with officials in January to help develop a blanket privacy policy, said Eva Kleederman, privacy policy analyst with OMB. She was speaking March 12 at a meeting of the Information Security and Privacy Advisory Board in Bethesda, Md. OMB also is starting discussions on what DHS and its partner agencies must do to comply with the Privacy Act of 1974 during and after the department's formation, she said. http://www.fcw.com/fcw/articles/2003/0310/web-privacy-03-12-03.asp - - - - - - - - - - TSA prepping smart card pilots The Transportation Security Administration has neared the end of the planning phase for its smart card program and is finalizing a set of requirements for two pilot sites. "We're optimistic that we're going to be able to move forward very, very soon on this program," said Chris Rhatigan, a spokeswoman for TSA. The agency is preparing to launch pilot projects for its Transportation Worker Identification Credential system, which will provide employees at airports, ports, railways and other locations with secure access to buildings and systems. http://www.fcw.com/fcw/articles/2003/0310/web-twic-03-12-03.asp - - - - - - - - - - As The Worms Turn The term "worm" comes from The Shockwave Rider, a 1972 sci-fi novel in which a tapeworm program liberated data as it proliferated through networks. Xerox Palo Alto Research Center security researchers John Shoch and Jon Hupp appropriated it in 1982 when they automated the installation of Ethernet-performance measuring tools on 100 computers at Xerox PARC. They devised a program that could send and install itself, but the program developed a bugand to their surprise the bad code spread across the network as well. http://www.techweb.com/tech/security/20030312_security - - - - - - - - - - Open Source Honeypots, Part Two: Deploying Honeyd in the Wild This is the second part of a three-part series looking at Honeyd, an open source solution that is excellent for detecting attacks and unauthorized activity. In the first paper, we introduced honeypots and discussed what they are, their value, and the different types of honeypots. We then went into detail about the Honeyd,. In this paper we take a closer look at Honeyd. Specifically, we will deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered. http://www.securityfocus.com/infocus/1675 Open Source Honeypots, Part One: Learning with Honeyd http://www.securityfocus.com/infocus/1659 - - - - - - - - - - Technology Turns Up Heat on Cold Case Files New methods catch up with old criminals. The challenge is making past come alive for juries. As improved technology allows police to solve more long-dormant cases, prosecutors say they increasingly face the difficult task of persuading juries that aging defendants should be held accountable for the crimes of their youth. Many prosecutors say the advantages of scientific and technological crime detection can be outweighed by the damage done by the passage of time: dead or forgetful witnesses, aging and sympathetic defendants, lost evidence. (LA Times article, free registration required) http://www.latimes.com/technology/la-me-cold12mar12001446,1,4439036.story - - - - - - - - - - Big Brotherware? Benetton clothing to carry tracking devices Clothes sold at Benetton stores will soon contain microchip transmitters that allow the Italian retailer to track its garments from their point of manufacture to the moment they're sold in any of its 5,000 shops. Benetton's introduction of "smart tag" tracking technology will be the largest example of a trend now emerging in the retail industry, according to Phillips Semiconductors, a unit of the Dutch electronics giant that designed 15 million tags being delivered to Benetton this year. http://www.usatoday.com/tech/news/techinnovations/2003-03-12-clothing-tags_x.htm http://www.computerworld.com/managementtopics/ebusiness/story/0,10801,79286,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.