NewsBits for April 16, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Voicemail Hacking Leaves Ears Ringing Voicemail can cost you. Just ask K.C. Hatcher, a San Francisco-based graphic artist. AT&T wants her to pay $12,000 in long-distance charges rung up by a hacker who apparently changed Hatcher's voicemail message to accept third-party billed calls to Saudi Arabia and the Philippines. (LA Times article, free registration required),1,6980247.story - - - - - - - - - - Man to serve jail time in Web sting A man who lost a Wisconsin Supreme Court challenge to the states use of adults posing as teens in Internet sting operations will spend six months in jail and serve six years of probation. Brian D. Robins, 49, of Wauwatosa, was sentenced by Outagamie County Circuit Judge Michael Gage on a charge of child enticement. The sentencing comes more than three years after Robins was nabbed in February 2000 outside a Little Chute fast-food restaurant, where he had gone in believing he was going to meet a 13-year- old boy he had met in an Internet chat room. However, the 13-year-old was actually a state agent posing as a teen to nab sex offenders. - - - - - - - - - - Teacher jailed for child porn A TEACHER has been jailed for child porn crimes. Gordon Paul Crompton, 42, an English teacher at Almondbury High School, was caught in the huge Operation Ore investigation into pornography, which spanned the world. And today he was starting a nine-month jail sentence after a court was told he was caught with 1,600 computer images of children in pornographic situations. - - - - - - - - - - CHILD PORN BUS DRIVER IS JAILED A bus operator who downloaded 500 child pornography images from the Internet has been jailed for four months. Michael Buley, aged 45, was found with sickening pictures of children having sex with adults when police raided his home and seized computer disks. He has now been banned from using Internet chat rooms or accessing pornographic websites after he is released from jail. Exeter Crown Court was told that Buley's Ayreville Coaches is facing possible closure because it has lost local authority contracts after his arrest during the police's Operation Ore last year. - - - - - - - - - - Internet sex sting charges waived to court A 32-year-old Wilkes-Barre man will face trial in Dauphin County court on charges he allegedly arranged to have sex with two young girls he met on the Internet. John Levandowski, North Pennsylvania Avenue, was arrested Jan. 17 by agents with the state attorney general's office when he arrived at a hotel on Nationwide Drive in Susquehanna Township, Dauphin County. Levandowski allegedly responded Jan. 14 to an Internet advertisement designed to attract the attention of child sexual predators. The advertisements were posted by the AG's office in January as part of a child sex sting investigation on the Internet. - - - - - - - - - - Five more arrested on child porn charges As Toronto investigators announced the arrest of five more people on child porn charges related to a long- running international investigation, Police Chief Julian Fantino called for a crackdown on computer software that allows patrons of porn to cover their tracks. All five arrested are connected to Project Snowball -- the Canadian arm of a U.S. investigation that resulted in the arrest of Texas kiddie-porn magnates Thomas and Janice Reedy. A warrant has been issued for the arrest of a sixth suspect. - - - - - - - - - - Viera man arrested in computer porn case A Viera man arrested on multiple child pornography charges remains in the Broward County jail this morning, unable to post bond. David Mackenzie, 41, was arrested Monday morning, charged with one count of computer pornography, three counts of transmission of harmful material to a minor by electronic device, three counts of electronically transmitting child pornography and two counts of sending child pornography. Police arrested Mackenzie at a South Florida park where he had arranged to meet a police officer who had been posing as a 14- year-old girl. Broward authorities began their investigation into the Viera resident on March 18, when an investigator with the Law Enforcement Against Child Harm (LEACH) Task Force claims to have received an instant message while in an AOL online chat room. The officer, a LEACH detective, had identified himself as a 14-year old girl in his online profile. - - - - - - - - - - Former teacher pleads guilty to porn charge Francis Lambert, 60, of 8 Kent Drive, was sentenced to three years probation He will be prohibited from having unsupervised contact with minors and must undergo a sex-offender treatment program and any other evaluation ordered by the court. The investigation began after the mother of one of Lambert's former students said her 12-year-old daughter was receiving inappropriate computer messages from Lambert. The school found that Lambert tried to view approximately 1,000 pornography or suspected child pornography Web sites, but was blocked by the school's computer security system. Hudson police and a special investigation unit from the Middlesex County District Attorney's Office searched Lambert's computer at school and his sons computer at home. The investigation team found that Lambert had viewed 18 depictions of child pornography on a laptop computer issued by the Hudson Police Department to Lambert's son, Peter Lambert, who is a Hudson police officer. - - - - - - - - - - Uncle Sam: Share your system secrets The Department of Homeland Security is hoping to convince technology and telecommunications firms that it's safe to share information about infrastructure vulnerabilities with the federal government. This week, the new department published a set of proposed regulations designed to convince corporate America to hand over infrastructure information to the government, promising that it will be kept in the strictest confidence. - - - - - - - - - - Partnership formed to combat cyber-terrorism Instead of pursuing strict regulations to guard against cyber-terrorism, the federal government and technology industry have decided to jointly develop voluntary standards. Critics say that won't properly protect consumers from online pranksters, hackers and identity thieves. - - - - - - - - - - Sparks over Power Grid Cybersecurity A new measure aims to protect the networks that control electric power distribution throughout North America. But not everyone is juiced over plans to hold utilities accountable to tight security practices The organization responsible for keeping electricity flowing throughout the United States and Canada took its first serious step this week to shoring up cybersecurity on the Byzantine computer networks that control electric power distribution. - - - - - - - - - - Homeland Security To Fill Privacy Post The former privacy officer of Internet advertising giant DoubleClick will be the Department of Homeland Security's first privacy czar, Bush administration officials said. The administration will appoint Nuala O'Connor Kelly to the privacy post, where she would be responsible for vetting proposals or programs that involve collecting and using U.S. citizens' personal information. O'Connor Kelly currently serves as a Commerce Department attorney. - - - - - - - - - - Australia mulls global antispam effort Australia should work aggressively with international organizations and other nations to curb spam, a new report from the country's technology agency recommends. If Australia's government follows this advice, it would apparently become the first nation to take the campaign against unsolicited bulk e-mail to an international level. The report suggests turning to groups like the Economic Cooperation and Development Organization (OECD) and the Asia-Pacific Economic Cooperation (APEC) forum to persuade other governments to enact antispam laws.,,t269-s2133536,00.html - - - - - - - - - - Mailblocks could help end the spam jam Can't anybody stop spam? I wish I had a nickel for every time I've heard that from a friend, colleague, reader or member of my family. All of us whose livelihoods and passions depend on a regular exchange of e-mail can relate. The spam scourge is out of control and getting worse. - - - - - - - - - - E-mail encryption program catches on with DOD contractors A public-key infrastructure system the Defense Department extended to its contractorswhich initially drew a tepid responseis gaining support as more vendors sign on to secure their e-mail messages to agency officials. Under the DOD Interim External Certificate Authority program, three companiesDigital Signature Trust Co. of Salt Lake City, Operational Research Consultants Inc. of Chesapeake Va., and VeriSign Inc. of Mountain View, Calif.have been providing the PKI software to protect e-mail communications, work flow and document access between DOD and its contractors. - - - - - - - - - - Phone porn can boost 3G How keen will consumers be on watching videos on 3G mobile phones? That's the question Finland's National Consumer Research Centre tried to answer through looking at the experience of a small number of trialists in the Nordic country. Video on mobile phone have been available in Finland since the back end of last year, albeit through slower speed mobile networks. The National Consumer Research Centre gave packages to a selection of punters of mixed aged groups and asked them to note their viewing habits, alongside comments from their family and friends. - - - - - - - - - - Liberty Alliance demos technology The online indentity project held its first public interoperability demonstration at the RSA Conference. Proponents of the Liberty Alliance Project, a group developing online identity standards, provided details on Tuesday of their Phase Two specifications and demonstrated new features. Liberty held its first public interoperability demonstration at the RSA Conference in San Francisco with four different applications on display, built with Liberty 1.0 technology from some 20 vendors.,,t269-s2133539,00.html - - - - - - - - - - Filling in security GAAPs Security is on every IT managers priority list, but what is security and how can executives measure and promote their efforts? An initiative launched the RSA Conference in San Francisco this week aims to answer those questions through the establishment of practical guidance that draws on corporate experience with accounting principles. More talk, little action in war on cyberterrorism Security Biz Thrives on Fear,1377,58492,00.html TechNet, audit firms team up on cybersecurity best practices,10801,80403,00.html - - - - - - - - - - RSA: Split passwords make secrets safer RSA Security's Nightingale could keep passwords more secure by storing them in two places. The process was formerly used only in high-end systems, but could now help make consumer e-commerce sites safer. Breaking passwords in two and storing them in two places will make systems more secure, said RSA Security at its eponymous security show in San Francisco on Tuesday. The company also launched a framework for increased integration of its identity management products.,,t269-s2133526,00.html - - - - - - - - - - Honeypot snares raise ethical and legal issues CATCHING NETWORK FLIES: The deployment of ``honeypot'' snares to trap and study malicious computer hacking is gaining credence in the networked world. But the practice, however useful, raises legal and ethical issues. The idea is to set up a server that holds no crucial data. Then you wait for the bad guys to invade -- it typically doesn't take long and figure out what they're doing, so you can prevent them from doing it to more valuable machines. - - - - - - - - - - Getting Realistic in the War on Hackers Give up on the notion that computer security can be improved by putting more people in prison. The war on hackers is failing for the same reason the war on drugs failed: Most individuals can control themselves, but there is a substantial group of people for whom no legal penalties will be enough to discourage their behavior. The temptation to try and "beat the system" that is often felt by hackers and crackers, and even just regular computer users, can be enormous. People will succumb to the temptation to pirate copyrighted material, to disable copy protection on software, and to try and break into other people's computer systems. - - - - - - - - - - Debate: Should You Hire a Hacker? The question, posed to four panelists at the RSA Security Conference held at the Moscone Center today, pitted hacker Kevin Mitnick against Christopher Painter, who prosecuted Mitnick in 1995. Mitnick argued that hackers, if reformed, make excellent security consultants because of their nature of pushing technology to the limits and their skills in penetrating computer systems. - - - - - - - - - - Statistical-Based Intrusion Detection On January 24, 2003, the W32.SQLExp.Worm (later named Slammer/Sapphire) was released into the wild. This worm exploited a stack-based buffer overflow vulnerability in Microsoft's SQL Server 2000 software (including MSDE 2000). While vulnerabilities affecting Microsoft products are nothing new, the speed at which this worm propagated was extremely novel - scary in fact. The worm was released and within ten minutes it had compromised 90% of all vulnerable systems worldwide. Before this incident, worms of this type were merely theoretical, given serious consideration primarily in the academia. - - - - - - - - - - Software tunnels through great Firewall of China The Voice of America will be heard in China if a US government agency's initiative to promote anti-censorship software succeeds in getting into the country, where Internet access is often restricted The news and propaganda wing behind the US government's Voice of America broadcasts has commissioned software to let Chinese Web surfers sneak around the boundaries set by their regime.,,t269-s2133588,00.html - - - - - - - - - - System taps data for bioterror clues Two Massachusetts-based companies, Metatomix Inc. and SiteScape Inc., have developed a Web-based syndromic surveillance system that provides real-time monitoring of potential bioterrorist threats by culling data from a variety of sources. Syndromic surveillance involves tapping data from laboratories, clinics, pharmacies, hospitals or public health departments, looking for clusters of particular symptoms that may signal a bioterrorist attack. - - - - - - - - - - Digital homeland library readied The Naval Postgraduate School plans to launch a digital library by June, offering up research on homeland security issues. The library will be open to students at the school, employees of the departments of Justice and Homeland Security, and likely other federal agencies as well, said Lillian Gassie, head of technical services and systems at the Naval Postgraduate School Dudley Knox Library. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.