NewsBits for May 12, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Hacking victim goes postal A Cleveland man named Biswanath Halder, who claims his Web site was destroyed by a hacker, took hostages at gunpoint on the campus of Case Western Reserve University on Friday. Tragically, the hacking victim killed a young postgraduate student at the university, Norman Wallace aged 30, and wounded two others when he fired indiscriminately in an apparent fit of rage. Halder took over the campus business-school building and kept police at bay for seven hours until being wounded by gunfire and taken into custody. http://www.theregister.co.uk/content/55/30646.html - - - - - - - - - - Man Admits Running Internet Auction Scam Chris Kim, 28, of Los Angeles pleaded no contest Friday to defrauding more than 170 people in an Internet auction scam. Instead of serving jail time, Kim agreed to repay his victims. By the time of his sentencing June 6, he must post $100,000 toward restitution. (LA Times article, free registration required) http://www.latimes.com/la-me-briefs10.3may10,0,5496526.story Fight against online scams http://www.crime-research.org/eng/news/2003/05/Mess1209.html Bidding for Trouble? http://www.washingtonpost.com/wp-dyn/articles/A37863-2003May10.html - - - - - - - - - - SEC reaches deal in spam fraud case Securities regulators on Monday announced that they had reached a settlement with one of the Internet's most prolific spammers, K.C. Smith, over allegations that he touted phony investment opportunities. Smith, who last year was ordered to pay $25 million to EarthLink for sending more than 1 billion unsolicited commercial e-mails over the Internet service provider's network, agreed to pay $100,000 to settle the case with the U.S. Securities and Exchange Commission. The case is among the latest of the more than 400 Internet securities enforcement actions taken by the SEC during the past eight years. http://news.com.com/2100-1032_3-1001074.html - - - - - - - - - - Former council president pleaded guilty to child porn After an extensive, three-month personal background investigation, a U.S. District Court judge Friday sentenced Fremont's former city council president to 18 months in a federal correctional institution for possession of child pornography. Ken Schneider, who resigned his post on the council last November after his home was raided by U.S. Customs agents as part of a statewide probe into child porn activity, pleaded guilty to the charge in February. http://www.thenews-messenger.com/news/stories/20030510/localnews/278399.html - - - - - - - - - - Child solicitation sentence James Robert Tatton, 26, a former teacher at Wahlquist Junior High School in Weber County, has been sentenced to prison for up to 5 years for soliciting sex acts over the Internet from a police officer posing as a 13-year-old boy. Tatton pleaded guilty in 2nd District Court to third-degree felony criminal solicitation and misdemeanor distribution of pornography. He was arrested last September when he arrived at a Brigham City park to meet the "boy" for a sexual rendezvous and had previously sent the officer a sexually explicit photo. http://www.sltrib.com/2003/May/05102003/utah/55683.asp - - - - - - - - - - GAL FLIES HERE FOR TEEN SEX: FEDS An Arizona woman who FBI agents say flew to New York to meet a teenage Internet pal for sex was nabbed soon after she got off the plane. The feds took Arlis Hailey, 22, into custody Friday night at La Guardia Airport after she contacted the 15- year-old Bronx boy. Agents said Hailey, of Florence, Ariz., which is about an hour southeast of Phoenix, met the boy on the Internet and was flying to the Big Apple to have sex with him. Hailey had been held early yesterday in a Manhattan jail on suspicion of traveling across state lines for sex with a minor. http://www.nypost.com/news/regionalnews/75411.htm - - - - - - - - - - Man nabbed for child porn photos admits to having more A Centerville man accused of e-mailing a pornographic picture of a young girl allegedly admitted to having more than 100 sexual images of children on his computer, police said. Philip Bacon, 53, of 65 Sanford St., faces one count of possession of child pornography. He is free on $10,000 bond and is scheduled to appear in Superior Court May 23. Deputy Police Chief Jack Kennelly said Bacon told detectives about the additional child pornography on his hard drive shortly after police searched his home and seized three of his computers. http://www.zwire.com/site/news.cfm?newsid=7971775&BRD=1645&PAG=461&dept_id=33198&rfi=6 - - - - - - - - - - Troubling Discovery For Dorothea Perry and Robert Gross, the course of action seemed clear enough when Gross, an IT support specialist working at New York Law School, opened a folder on a faulty PC last June only to discover thumbnail images of naked young girls in sexually explicit positions. The IT colleagues reported the finding to their manager, setting off a chain of events that resulted in the arrest of the professor who used the computer and, last month, his guilty plea. An open-and-shut case, right? http://www.crime-research.org/eng/news/2003/05/Mess1208.html - - - - - - - - - - Kline prosecutors argue to use hacked evidence Prosecutors in the child- pornography case against former Orange County Judge Ronald Kline argued Friday that a judge should rethink throwing out evidence obtained by a Canadian hacker, saying he has recanted a statement that he was a government informant. Brad Willman, 23, of Langley, British Columbia, now says he felt pressured by Kline's attorney when he stated that he had been involved in law-enforcement investigations in the United States, Russia and Canada, according to the government's motion. http://www2.ocregister.com/ocrweb/ocr/article.do?id=38584 - - - - - - - - - - Fizzer stealth worm spreads via KaZaA Yet another Internet worm has been discovered spreading through the KaZaA P2P file-sharing network. Fizzer, which can spread via email as well as over file sharing networks, is more dangerous that most such worms because its malicious code includes key logging and Trojan functionality. http://www.usatoday.com/tech/news/2003-05-12-virus_x.htm http://www.wired.com/news/technology/0,1282,58813,00.html http://www.cnn.com/2003/TECH/internet/05/12/fizzer.virus.reut/index.html http://www.msnbc.com/news/912447.asp http://news.com.com/2100-1002_3-1000985.html http://news.zdnet.co.uk/story/0,,t269-s2134570,00.html http://www.theregister.co.uk/content/56/30659.html http://zdnet.com.com/2100-1105_2-1001062.html http://www.washingtonpost.com/wp-dyn/articles/A45020-2003May12.html http://www.silicon.com/news/500013/1/4115.html - - - - - - - - - - Feds warn Web sites advertising SARS products The Food and Drug Administration warned Web sites selling bogus treatments and products for severe acute respiratory syndrome to stop advertising hem or face charges and possible fines. The FDA and the Federal Trade Commission said they were taking the action because there is no scientific proof that any product can prevent, treat or cure SARS, the pneumonia-like illness that has spread around the globe and killed more than 500 people. http://www.nandotimes.com/technology/story/885104p-6166803c.html - - - - - - - - - - Al-Qaeda said to be using stegged porn From time to time a rumour that international terrorists are trading Net porn embedded with secret blueprints for some dastardly deed resurfaces. It has returned this week, in a New York Post article claiming that Italian members of al-Qaeda have been caught with stegged terror .jpg's. "Chilling details of al-Qaeda's secret communications system - and the possibility of widespread knowledge that the devastating attacks on New York and Washington were in the works - were unveiled in a courtroom in Milan, where a group of Islamic militants are on trial for supporting al- Qaeda's terrorist activities," the Post explains. http://www.theregister.co.uk/content/6/30654.html - - - - - - - - - - Lawmaker to Present Anti-Spam Bill This Week A powerful U.S. lawmaker plans to introduce an anti- spam bill this week that is expected to move quickly through Congress but may fall short of what consumer advocates say is needed to stop the plague of unwanted e-mail. http://www.washingtonpost.com/wp-dyn/articles/A45669-2003May12.html http://www.wired.com/news/politics/0,1283,58815,00.html http://news.zdnet.co.uk/story/0,,t269-s2134518,00.html http://zdnet.com.com/2100-1105_2-1000836.html - - - - - - - - - - Court draws a line for online privacy In a ruling that marks a victory for privacy proponents, a federal appeals panel is allowing a group of Web surfers to sue a company that gathered certain data about them without their consent. The decision, handed down Friday by the First Circuit U.S. Court of Appeals, clears the way for some pharmaceutical Web site users to pursue a class-action case against the operators of Boston-based Pharmatrak. The lawsuit alleges that the now-defunct Web traffic analysis company violated the Electronic Communications Privacy Act (ECPA) by intercepting communications without permission. http://news.com.com/2100-1029_3-1001081.html - - - - - - - - - - Police can pose as cyberminors Patrick Condon the Olympian Pierce County law enforcement officials thought they had a suspected online predator dead-to-rights Posing as a 13-year- old girl, a Tacoma detective had met the Seattle man in an Internet chat room. After exchanging sexually explicit details online, they made arrangements to meet near the Tacoma Mall. When police arrested the man, he was carrying condoms and a pistol. http://www.theolympian.com/home/news/20030504/frontpage/3689.shtml - - - - - - - - - - Hack attacks on banks increase Nearly 40 percent of financial institutions in a new survey admitted that their systems had been compromised, as 'intelligent attacks' increased Hack attacks are becoming increasingly sophisticated, with over a third of banks and financial services companies reporting a security breach in the last year, according to a new survey. Of the 39 percent who admitted their systems had been compromised, 16 percent were due to external attacks, 10 percent internal breaches and 13 percent both, according to the 2003 Global Security Survey of worldwide financial services institutions by consultant Deloitte Touche Tohmatsu (DTT). http://news.zdnet.co.uk/story/0,,t269-s2134573,00.html - - - - - - - - - - Australian computer crime losses double Losses from computer crime have more than doubled in the last 12 months, according to the annual Australian Computer Crime and Security Survey report, which was released today. The huge losses, around US$7.67 million over the 214 organizations surveyed, have stemmed primarily from financial fraud (US$2.29 million), laptop theft (US$1.46 million), virus, worm and trojan infection (US$1.45 million), and insider abuse of resources (US$0.83 million). http://zdnet.com.com/2110-1105_2-1001031.html - - - - - - - - - - Recyled credit card numbers pose fraud risk The use of recycled credit card numbers by UK banks could create loopholes for fraud. Clydesdale Bank customer Stuart Robertson recently discovered that a MasterCard from the bank he cancelled a few years ago was still "live". The number has been reissued to another Clydesdale customer. Robertson found that all he needed to access the rebadged account through Clydesdale's Web site was the revised expiry date for the card (no name, address etc. were required). Robertson was able to guess this expiry date after 23 attempts and succeeded in transferring a small amount from the account (to prove the breach), The Guardian reports. http://www.securityfocus.com/news/4661 - - - - - - - - - - RIAA apologizes for threatening letter The Recording Industry Association of America apologized Monday to Penn State University for sending an incorrect legal notice of alleged Internet copyright violations. The notice and subsequent apology appears to mark the first time that a faulty notification has been made public. The incident also shows just how easily automated programs that search for copyrighted material can be fooled, as well as how disruptive such notices can be on college campuses. http://news.com.com/2100-1025_3-1001095.html - - - - - - - - - - Hackers: iTunes can be shared over Net Apple Computer's iTunes software has apparently opened up a new way for Macintosh owners to share music collections across the Internet. The new music jukebox software, released two weeks ago as part of a set of high-profile Apple music announcements, contains features that allow Mac users to stream music to each other over a network. The songs are not downloaded permanently but do allow computer users to listen to any song on another network- connected Macintosh's hard drive. http://news.com.com/2100-1027_3-1001121.html - - - - - - - - - - Iran blocks Web sites over political, pornographic content The Iranian authorities have banned several dozen Web sites for political and pornographic content, including those of U.S. radio stations broadcasting in Farsi, the press reported Sunday. "One hundred illegal Web sites are blocked," Post and Telecommunications Minister Ahmad Motamedi was quoted as saying in the reformist newspaper Yass-e No. "There are Web sites that insult the beliefs of different religions," the minister argued to explain the ban. http://www.cnn.com/2003/TECH/internet/05/12/iran.crackdown.reut/index.html http://www.nandotimes.com/technology/story/885082p-6166700c.html http://news.bbc.co.uk/2/hi/technology/3019695.stm http://news.zdnet.co.uk/story/0,,t269-s2134527,00.html - - - - - - - - - - Free security alerts launched A FREE service to alert small and large companies to imminent IT security threats through the Australian Computer Emergency Response Team was launched at the AusCERT 2003 conference on the Gold Coast today. Attorney-General Daryl Williams said the alerts system, and a complementary incidents reporting scheme due to be operational within three months, would give businesses greater access to information about computer vulnerabilities and combatting network attacks. http://www.news.com.au/common/story_page/0,4057,6422070%255E15319,00.html - - - - - - - - - - Check Point bolsters apps security defences Check Point Software is introducing defences against application-driven attacks to its flagship firewall and VPN software. In recent months, Cisco, Netscreen and Network Associates have attempted to redefine the function of traditional firewalls with intrusion prevention features. That's the rationale behind Cisco acquisition of behaviour blocking software developer Okena and Network Associates's purchase of intrusion detection firms Entercept Security and IntruVert Networks last month. http://www.theregister.co.uk/content/55/30668.html http://news.com.com/2100-1009_3-1000999.html http://news.zdnet.co.uk/story/0,,t269-s2134580,00.html http://zdnet.com.com/2100-1105_2-1000999.html http://www.eweek.com/article2/0,3959,1074992,00.asp - - - - - - - - - - Tenable's Software Tracks Attacks To Network Security For the average person, network security goes on in back rooms where overworked techies study blinking lights and speak in code. The relevance of that world to the daily life of a banker or lawyer is minimal -- except, of course, when the system is attacked and everything stops. http://www.washingtonpost.com/wp-dyn/articles/A40389-2003May10.html - - - - - - - - - - Unemployed virus writers take heart The recording industry is hiring cyber miscreants to attack its own customers. And we thought you'd never amount to anything, writes George Smith, SecurityFocus columnist. Nowhere Man, please listen, the recording industry has a job for you. The pay is good, the work easy and exciting, ripe with opportunity for someone creatively adept at clandestine dirty tricks. http://www.securityfocus.com/columnists/160 - - - - - - - - - - Those undead files The Undead could cause you problems. Not the ones from horror movies, but the files on your hard drive that you only think you zapped. Suppose you're reviewing the wide range of skin tones your monitor will display when your wife asks to borrow the computer. Naturally, you erase the evidence. But you didn't erase the data. That's still on your hard disk. All you did was tell your computer's operating system that the areas on the hard disk where those pictures were stored are now free to store other data. And there's a lot of software, much of it free, that makes data recovery quick and easy. http://www.nandotimes.com/technology/story/885573p-6170530c.html - - - - - - - - - - U.S. Information Security Law, Part Three: Information Security and the Public Sector This is the third part of a four-part series looking at U.S. information security laws and the way those laws affect security professionals. This installment begins the discussion of information security in the public sector. Government's involvement with information security takes place in two unique contexts: criminal justice and national defense. http://www.securityfocus.com/infocus/1693 - - - - - - - - - - Iraq foe print, voice, eye info indexed U.S. interrogators in Iraq are building a digital catalog of prisoners of war and loyalists of Saddam Hussein's Baath Party, scanning and saving their fingerprints and other body characteristics in databases. THE DATA BANKS, controlled by the FBI, CIA, Department of Homeland Security and other federal agencies, are being used to investigate suspicious foreigners entering the United States, as well as to trace suspects in future terrorist attacks. http://www.cnn.com/2003/TECH/05/12/sprj.irq.prisoners.ap/index.html http://www.msnbc.com/news/911548.asp - - - - - - - - - - Computer failure traps Thai minister Guards break window to extract minister from BMW limousine. Security guards smashed their way into an official limousine with sledgehammers on Monday to rescue Thailands finance minister after his cars computer failed. http://www.msnbc.com/news/912445.asp *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.