NewsBits for May 7, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Internet-fraud suspect admits guilt An Alberta man accused of masterminding a $60-million Internet investment scam has agreed to a guilty plea in a dramatic twist to the case, say U.S. authorities. Alyn Richard Waage has been charged with six counts of mail fraud, 10 counts of wire fraud, seven counts of money laundering and one count of conspiracy to commit money laundering. http://www.crime-research.org/eng/news/2003/05/Mess0707.html - - - - - - - - - - International child porn ring smashed Two UK men, both alleged members of The Brotherhood, a worldwide child porn ring, were arrested today in an "International Day of Action". The UK men were among 21 "board owners, senior administrators and administrators of a complex Internet paedophile network have had premises under their control searched in five different countries in connection with making and distributing paedophilic images". The UK arrests were a retail manager, 36, from Worcestershire; and an ex-engineer in the Merchant Navy, 51, from Northants. Others arrested or questioned today include ten Americans, seven Germans, one Canadian and one Norwegian. http://www.theregister.co.uk/content/6/30600.html - - - - - - - - - - Former Navy worker pleads guilty to child porn A former civilian fire captain at Naval Station Everett has pleaded guilty to two counts of possession of child pornography, after the discovery of pictures of nude children on his government computer. Prosecutors will recommend that 46-year-old Michael T. Schuhow, whose sentencing is set for July 7, spend 60 days in jail. He will also be required to register as a sex offender. More than 40 photographs of children in sexually explicit poses were discovered in a folder called "fun stuff" on the hard drive of Schuhow's work computer, according to court documents. The Navy seized the computer and turned it over to police after a routine security check found he had visited a forbidden Internet site. http://seattlepi.nwsource.com/local/120870_porn07.html - - - - - - - - - - Judge convicts man on child-porn charge For Vero Beach resident Richard Strouse, an image on the hard drive of his laptop may cost him up to five years in prison. The 47-year-old construction worker was found guilty Tuesday of a third-degree felony for downloading onto his computer a picture of a 9-year- old girl having sexual relations with a man. Despite strenuous arguments by Strouse's Stuart attorney Robert Watson that the evidence was tainted, Circuit Judge Paul B. Kanarek ruled that Assistant State Attorney Suzanne Stewart had won the case by proving Strouse was the one who downloaded the picture and saved it to the hard drive. On Aug. 22, 2001, Strouse's girlfriend, Corky Cranwell, was using his laptop when she discovered the pornographic picture, she testified Tuesday. She spoke with a computer expert at her father's firm in Roanoke, Va., about what to do and then took the laptop to the Indian River County Sheriff's Office. http://www.tcpalm.com/tcp/pj_local_news/article/0,1651,TCP_1121_1942681,00.html - - - - - - - - - - Pete Townshend placed on sex offenders register Former Who guitarist Pete Townshend has been cautioned by police and placed on the sex offenders register for five years after he admitted accessing a website containing child abuse images. The musician was formally cautioned at Kingston police station today for looking at child abuse images on a web site in 1999. Scotland Yard said in a statement, after four months of investigation by officers from Scotland Yard's Child Protection Group, it has established that Mr Townshend was not in possession of any downloaded child abuse images. http://www.thisislocallondon.co.uk/news/display.var.726149.Top+Stories.pete_townshend_placed_on_sex_offenders_register.html - - - - - - - - - - Police arrest suspect in child porn case Pornographic images of children, apparently intended for distribution, were discovered at the home of a Silverton man last week. April 30 police served a search warrant on the residence of Richard Howard Henjum, 62, at 918 Bryan Court, the result of an investigation into possession and distribution of child pornography from the residence. The investigation was initiated when a Silverton parent brought copies of child pornography to the police department. It had been sent to her child by Henjum over the Internet. http://www.eastvalleynews.com/appeal/article.cfm?i=2103 - - - - - - - - - - Campus police seize computers used for illegal downloads Ohio State University police said they dismantled a network that used dormitory computers to distribute music and movies illegally downloaded from the Internet. Detectives seized five computers that allegedly were being used to provide free entertainment to about 3,000 students. University police Chief Ron Michalec said no one was charged with a crime during the Monday night raids. http://www.usatoday.com/tech/news/2003-05-07-osu-seizures_x.htm - - - - - - - - - - 800 Visa cards blocked Credit union responds to data hacking. Someone hacked into a merchant's computer system, compromising information on cards and leaving some bank and credit- union customers without use of cards with the Visa logo. Virginia Credit Union responded by blocking the use of 800 Visa cards, canceling the accounts and issuing new account numbers and cards. New cards should arrive in the mail this week. "The compromise occurred as a result of an intrusion into a merchant's data system and was not related to Virginia Credit Union or our card processor," the credit union wrote to members in a letter dated April 30. http://www.timesdispatch.com/business/MGB6S1MMEFD.html - - - - - - - - - - SCO Looks for Linux Community Link in DoS Attack SCO Group Tuesday confirmed that it was the victim of a denial of service (DoS) attack Friday, and said it is investigating the possibility of a link between the attack and its lawsuit against IBM for alleged intellectual property violations. "SCO is vigorously investigating the source of the attack and the identity of the perpetrators," said company spokesman Blake Stowell. "This attack came within 48 hours of IBM's response to SCO's lawsuit against IBM alleging intellectual property infringement. Given this close proximity in time, we are carefully examining whether a link exists between SCO's legal action and some of the Linux community who are hostile toward SCO for asserting its legal rights." http://www.crime-research.org/eng/news/2003/05/Mess0701.html - - - - - - - - - - Cyber, check fraud hits home Steve Head won't ship anything to Lagos, Nigeria. The owner of the Joplin-based Internet business A Family Moment (www.family-moment.com), which sells and ships Christian material all over the world, said he has been burned too many times by credit-card fraud from orders through that country. After one or two bogus orders a week for several weeks, he finally gave up. http://www.crime-research.org/eng/news/2003/05/Mess0704.html - - - - - - - - - - Microsoft, Best Buy accused of scam A Los Angeles man has filed a proposed class action lawsuit against Best Buy and Microsoft, accusing them of scamming customers by charging them for online services without their knowledge. The suit, filed Tuesday in Los Angeles Superior Court, claims the alleged scam stemmed from a promotion in which customers at Best Buy, who paid for purchases with credit or debit cards, were given free compact discs that allowed them to try Microsoft's online service, MSN. http://news.com.com/2100-1026_3-1000393.html - - - - - - - - - - Earthlink brings down the Buffalo Spammer Earthlink, the US ISP, was today awarded $16.4 million damages and permanent relief against a notorious spammer. The company accused Howard Carmack - aka The Buffalo Spammer - of sending more than 825 million illegal emails since March 2002. Also, it alleged that Carmack and accomplices "used stolen credit cards, identity theft, banking fraud and other illegal activities to fraudulently purchase Internet accounts and send out unsolicited, commercial emails". http://www.theregister.co.uk/content/55/30590.html http://news.com.com/2100-1032_3-1000272.html http://www.siliconvalley.com/mld/siliconvalley/news/5808540.htm EarthLink to Offer Anti-Spam E-Mail System http://www.washingtonpost.com/wp-dyn/articles/A22390-2003May6.html Antispam fund aids blacklist http://news.com.com/2100-1024_3-964797.html Software takes new angle against spam http://www.fcw.com/fcw/articles/2003/0505/web-spam-05-07-03.asp - - - - - - - - - - House panel votes to restrict Internet gambling A House subcommittee voted Tuesday to make it harder for Americans to gamble on the Internet, opting not to consider an alternative proposal that could lead to states legalizing and taxing online casinos. Democrats on the House Judiciary subcommittee on crime said they would raise that alternative when the full committee considers the bill. By a voice vote, the subcommittee approved legislation that would prohibit the use of credit cards, checks and electronic fund transfers to pay for online betting transactions. http://www.usatoday.com/tech/news/techpolicy/2003-05-07-gambling_x.htm http://www.wired.com/news/technology/0,1282,58755,00.html http://www.nandotimes.com/technology/story/880144p-6134857c.html - - - - - - - - - - Feds Defend Data-Mining Plans Plans to collect info on U.S. citizens do not pose privacy problems, lawmakers say. Leaders of two much criticized projects that privacy advocates fear will collect massive amounts of data on U.S. residents defended those projects before the U.S. Congress Tuesday, saying the projects will be much more limited in scope than opponents fear. http://www.pcworld.com/news/article/0,aid,110614,00.asp - - - - - - - - - - Database targets child predators Ministers have given a green light to proposals for a global image database to help identify children who fall prey to paedophiles. An international image database is to be created to help police identify the victims of paedophile crimes. The project received approval from representatives of the G8 nations, including the UKs Home Secretary David Blunkett, at a meeting in Paris on 5 May 2003. At present, images of victims are held only on national databases or by individual police forces, making their use in international investigations very difficult. http://www.crime-research.org/eng/news/2003/05/Mess0703.html - - - - - - - - - - Virus attacks down in war DESPITE an expected increase in viruses and hack attacks during the war in Iraq, online security warnings dropped to their lowest level for the year in April. Anti-virus vendor Trend Micro reports only eight alerts, all low-level, were issued in April, down from 22 in March. Trend Micro says even before fighting in Iraq ended in mid-April, the cyberwar appeared to have run its course, and even at its worst it had been little more than an outbreak of cyber-graffiti. http://www.news.com.au/common/story_page/0,4057,6375008%255E15318,00.html - - - - - - - - - - Insurance coverage for ID theft Identity theft has become the most common consumer fraud complaint. Anyone who has had their identity stolen can tell you, it can be so easy for criminals to get the numbers they need to do real damage. Credit cards, drivers licenses, computers thats all it takes. Yet cleaning up the problem and reclaiming your identity can take a lot more time and money. Now, major insurance companies are trying to ease that burden. http://www.msnbc.com/news/910153.asp - - - - - - - - - - Surveillance software boosts ad profiling Ad profiling, a controversial practice from the dot-com heyday, is making a comeback as some of the biggest names in publishing test new Web surveillance software, with hopes of eventually boosting revenue. Conde Nast owner Advance Publications, for one, recently began testing a product from Tacoda Systems that promises to compile detailed information about the Web site visitors of its Advance Internet news network. http://zdnet.com.com/2100-1104_2-999828.html - - - - - - - - - - Next Palm OS keys on security The next version of the Palm operating system for handhelds will be available to licensees at the end of the year, according to a PalmSource executive. The company expects to debut major OS releases every 12 months to 18 months after the first hardware ships, Albert Chu, PalmSource's vice president of business development, said in an interview with CNET News.com. Devices using the latest version, OS 6, likely won't be available until early to the middle of next year, he added. http://zdnet.com.com/2100-1103_2-1000110.html - - - - - - - - - - Gates quells fears over new PC security Consumers shouldn't be worried that Microsoft Corp.'s new security technology will wrest control of their PCs and give it to media companies, Bill Gates said this week. They can always choose not to use it, he said. The Microsoft co-founder expects consumers as well as governments and businesses to embrace the system, which hard-wires security into silicon chips rather than just software. It's designed to offer unprecedented levels of protection against hacking and eavesdropping. http://www.cnn.com/2003/TECH/biztech/05/07/microsoft.security.ap/index.html http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1052313042166_59///?hub=SciTech WinHEC: Microsoft's hard line http://zdnet.com.com/2251-1110-999740.html MS takes open-source security lessons http://zdnet.com.com/2100-1105_2-1000227.html - - - - - - - - - - Media Player flaw peels open PC security Microsoft warned Windows Media Player users on Wednesday that a flaw in the way the application handles the download of "skins," or interface colors and motifs, could allow an attacker to take over a victim's PC. The vulnerability could let an intruder create a file that appears to be a Windows Media Player skin, but that in reality is a malicious program. The program can be copied to a location of the intruder's choice when downloaded. An online vandal could, for example, have a Trojan horse loaded onto a victim's start-up folder, so that it executes when the computer is restarted. http://news.com.com/2100-1002_3-1000355.html - - - - - - - - - - Phreaks threaten voice IP security INCREASING use of voice-over-IP technology could result in a return to "phreaking" - hacking of telephony systems to make free calls. Security expert Matt Barrie said VoIP was cheap and increasingly popular, but it introduced many vulnerabilities of traditional Internet Protocol networking to voice telephony. Mr Barrie, a lecturer in security at the University of Sydney and former manager of the Packetstorm security portal, said telephone network operators had spent years coming to terms with security issues in voice transmission, which could re-emerge as VoIP grew. http://australianit.news.com.au/articles/0,7204,6385811%5E15321%5E%5Enbv%5E15306,00.html - - - - - - - - - - AIG eBusiness Risk Solutions Expands Coverage New Features Address Network Business Interruption, CyberTerrorism, Forensic Expenses, and Identity Theft. AIG eBusiness Risk Solutions, a unit of the property and casualty subsidiaries of American International Group, Inc. (AIG) has enhanced its AIG NetAdvantage(R) Suite of network security insurance and risk management services to address the increasing exposure to threats of viruses, hackers, information theft and destruction, and cyber terrorism. http://www.crime-research.org/eng/news/2003/05/Mess0702.html - - - - - - - - - - Virtual evidence The scene of a cybercrime needs to be secured just like the scene of any other crime. Karl Cushing finds out what you should and should not do to protect vital evidence. Clifford May, computer forensic investigator at IT security specialist Integralis, says that prosecuting someone responsible for an IT security breach is difficult but not impossible. All too often, though, the reason for failing to secure a prosecution stems from inexperienced people getting to the scene of the crime first and inadvertently compromising evidence by not following correct procedures. http://www.crime-research.org/eng/news/2003/05/Mess0705.html - - - - - - - - - - Deutsche Bank tries to marry wireless and security A company looking to beef up the security of its wireless operations should start with its own policies and standards, according to Ken Newman, director of security and risk management at Deutsche Bank AG. That's because standards and policies form the foundation upon which all security efforts are built, he said during a case study demonstration at Computerworld's Mobile & Wireless Conference here. http://computerworld.com/mobiletopics/mobile/story/0,10801,81025,00.html - - - - - - - - - - Cyber rights... and wrongs I can't remember a single person worrying about cyber rights when I was in college. Maybe it was because the Internet heyday hadn't yet arrived; maybe it was because the thought never crossed our minds; maybe we didn't know they were important. Just a few years later, the rules have changed. Technology writer Annalee Newitz looked at the best and worst when it comes to campus cyber rights for the latest edition of Wired Magazine. What she found surprised me. http://www.cnn.com/2003/TECH/05/06/hln.wired.cyber.rights/index.html - - - - - - - - - - Starting from Scratch: Formatting and Reinstalling after a Security Incident Missing files, corrupt data, sluggish performance, programs not working - any of these things could indicate a breach in network security. Once the breach has been identified and mitigated, the painful process of rebuilding and recovery begins. There is a point you reach in the recovery process, after you have done a little digging, put a finger on what might have gone wrong, where you come to the proverbial "fork in the road". Every security professional or systems administrator has faced the decision at some point in his or her career: is it better to try to repair the damage, or just reinstall the system and start from scratch? http://www.securityfocus.com/infocus/1692 *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.