NewsBits for May 29, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Lamo Hacks Cingular Claims Site Cingular can issue insurance to its mobile-phone customers to protect them against loss and damage, but it apparently can't ensure that hackers won't have full access to their personal data. Adrian Lamo, a hacker who in the past has broken into The New York Times and Yahoo, found a gaping security hole in a website run by a company that issues the insurance to Cingular customers. By accessing the site, Lamo said he could have pulled up millions of customer records had he wanted to.,1848,59024,00.html - - - - - - - - - - Man pleads not guilty in pirated-TV case Police say residential satellite service was resold to unsuspecting motels. A man suspected of selling pirated satellite TV service to hotels and motels from his home-based business in Riverside has pleaded not guilty to grand theft charges, authorities said. Troy Michael Radford, 37, of Riverside surrendered to Orange County authorities on May 14, Riverside police Officer Felix Medina said in a news release. - - - - - - - - - - Arguments made in DVD-cracking case California Attorney General Bill Lockyer called DVD- cracking software DeCSS a tool for "breaking, entering and stealing" during a hearing before the California Supreme Court on Thursday. "The program DeCSS is a burglary tool," Lockyer told the judges, adding that the movie studios lose millions of dollars because of piracy over the Internet. - - - - - - - - - - 10 Men Indicted in Investigation of Child Porn on Web Ten Orange County men were indicted Wednesday in a federal child pornography case fueled in part by a Danish police investigation dubbed Operation Hamlet. Three of the men were arrested Wednesday morning, and two others, both apparently hospitalized, are expected to be arrested later this week. Five men had earlier agreed to plead guilty to federal child pornography charges. (LA Times article, free registration required),1,2770862.story - - - - - - - - - - Local Official Faces Sex Charges A county roads supervisor from New Jersey was charged with arranging to pay $300 to have sex with a woman and her supposed 7- and 10-year-old daughters, officials said. Alan W. Haag, 49, road supervisor in Middlesex County, was arrested Tuesday after driving to a prearranged meeting with the woman _ who was actually an undercover state agent in the Philadelphia suburbs. Haag was being held in the Delaware County Prison on Wednesday in lieu of $500,000 bail following his arraignment on 20 charges, including attempted rape, solicitation of prostitution and criminal use of a communication device, court officials said. Haag arranged the meeting Tuesday over the Internet from his office in New Brunswick, police said. - - - - - - - - - - St. Rose man admits possessing child porn A 29-year-old St. Rose man admitted possessing child pornography and will be on home confinement until he is sentenced. Richard W. Stieffel could get up to five years in prison followed by three years supervised release, plus a $250,000 fine, according to a statement from the U.S. Attorney's Office and the FBI. He pleaded guilty Tuesday to possessing materials involving sexual exploitation of children. About 195 child porn images were found on his computer, which Stieffel agreed to forfeit as part of his guilty plea, the statement said. - - - - - - - - - - Virginia Tech Grad Charged with Child Porn A Virginia Tech graduate student is facing serious charges tonight after being arrested in Canada for child pornography. Police in Christiansburg say they haven't filed charges locally. They have seized computer equipment and magazines from 33-year-old Aaron Tornberg's home. Canadian authorities arrested Tornberg last week after they searched his computer equipment while he tried to enter the country from New York. Tornberg is also a music teacher. He has taught students at elementary schools in Cincinnati, Charlotte, Boston and Toronto. Federal Authorities are investigating and have contacted those cities. - - - - - - - - - - Child Porn Arrest A northwest Iowa man faces federal child pornography charges after authorities seized computers and video recording equipment from his home. Forty-three-year- old Scott Sweet, of Spirit Lake, was indicted Tuesday on a charge of possession of child pornography. Authorities seized the computers and video equipment during a search of Sweet's home in February 2002. - - - - - - - - - - China sentences four in Internet dissent Four Chinese intellectuals accused of criticizing the government on the Internet and setting up a democracy study group have been sentenced to up to ten years in prison for subversion, a human rights group reported. The Beijing Intermediate Court delivered the sentences at a hearing Wednesday, almost 1 1-2 years after the four were tried, Human Rights in China said. - - - - - - - - - - High court refuses to hear child porn case The states highest criminal court turned down a request this week by the Texas Attorney Generals Office to review an appellate courts opinion overturning a former Red River County band directors possession of child pornography conviction. Clayton Leydon Taylor, a former Rivercrest High School band director, was convicted of nine counts of possession of child pornography in 2001. The case was heard in the 102nd District Court in Red River County. Prosecutors alleged child pornography was found on the hard drive of a computer in Taylors home, but evidence revealed in the trial and appeal suggested that an Attorney Generals Office computer technician used a tainted disc to copy the band directors hard drive and the material in question. - - - - - - - - - - Injunction granted against Net posting of sex offenders A Superior Court judge has issued an injunction preventing the state from posting photographs and other personal information of high-risk sex offenders on the Internet. Judge Thomas P. Billings wrote in his decision that the state's sexual offender notification law does not specifically allow for the Internet postings. The ruling can be appealed, but Gov. Mitt Romney said it is more likely he will file legislation to expand the law to include Internet postings. - - - - - - - - - - Lawmakers see cyberterror vulnerability Lawmakers are charging that government agencies and industry are not doing enough to protect the countrys power plants, industries and financial institutions from the threat of cyberterrorism attacks. At one recent hearing, House Science Committee Chairman Sherwood Boehlert (R-N.Y.) complained that not nearly enough research and development is underway. He argued that government agencies have neither sought nor set aside adequate funding to implement the goals of the Cybersecurity Research and Development Act passed last fall. - - - - - - - - - - FBI fights cybercrime rise The Federal Bureau of Investigation's Hawaii office established its first cybercrime squad this year, responding to what investigators are calling "explosive growth" in computer-related crimes. FBI Director Robert Mueller recently said that nationwide complaints increased 300 percent last year to 48,000. And Hawaii had the second-highest per-capita number of computer- fraud complaints in the country in 2002. - - - - - - - - - - Security data project to combat terrorism The government is developing an IT project to pull together intelligence data from security agencies to help counter terrorism,'s sister title Computing has revealed. The multimillion- pound Scope programme is being run by the Cabinet Office Intelligence and Security Secretariat. - - - - - - - - - - Ukraine: Fighting Cybercrimes Computer viruses, fraud, theft money from bank accounts and identity theft is not a full list of computer crimes. That is why the problem of cybercrimes counteraction is crucial now. Cybercrime is an integral part of traditional crimes and has transnational nature. These illegal actions make certain public danger and really threaten information safety and national defense. Despite of efforts of many states on fighting cybercrime, it doesn't decrease, but constantly grows. - - - - - - - - - - City kids surf porn sites for long hours Worried that your child is spending hours before the computer? Anxious to know if he/she is surfing through objectionable sites? Going by the response to the Mumbai cyber crime cells helpline, youre in company of a growing number of concerned parents. Most parents complain about the Internet habits of their children. They say their children surf porn sites for long hours. Children are more net savvy than their parents and often the latter are clueless about what their children are accessing, said Ramesh Mohite, assistant police inspector, cyber crime cell. - - - - - - - - - - Criminals' new trick CHILD-PORN COLLECTORS USING POCKET-SIZE STORAGE DRIVES They're small enough to fit in the palm of your hand, and so unassuming that they are sometimes mistaken for lighters. But portable storage drives are becoming increasingly popular among child pornography collectors, Bay Area high-tech detectives say. - - - - - - - - - - UK plc neglects basic VPN security Corporate UK is failing to configure and manage its firewalls and VPN services properly. Just like more publicised Web server vulnerabilities, issues with security software are frequently left unaddressed - months after a problem comes to light. The Fifth Annual NTA Monitor Security Audit found that risks present on corporate firewalls tested by NTA have risen by almost a fifth (or 17 per cent) since 2000. The report was published last month but a breakdown looking specifically at firewall/VPN problems, published today, sheds fresh light on an important - but neglected - area of security.,1377,59021,00.html - - - - - - - - - - Putting a Trace on Copyrighted Booty Paul Kocher's technology would allow investigators to track pirated material's provenance -- without snooping on the innocent. Star cryptographer Paul Kocher's business strategy is simple: Search out industries that are losing money because of security holes and then find ways to plug them. So it's no surprise that Kocher has zeroed in on Hollywood, which views global piracy of movies with dread. The illicit swapping of music files online has already ravaged the music industry, which saw CD shipments fall 9% in 2002, according to industry trade group the Recording Industry Association of America (RIAA). Movie piracy is already big business -- and it only threatens to get worse. - - - - - - - - - - Cyber Terrorism and Hackers with Online Degree The University of Advancing Technology (UAT) announced the launch of one of the only 100% online network security degrees through its UAT-Online division. The program is designed to teach students how to fight against cyber terrorism and hackers. UAT has been a national leader, as one of the only universities to offer bachelor's and associate's degrees strictly focused on network and computer security. With a startling rise in cyber crimes in recent years, companies and individuals are setting new priorities and standards for protecting networks and valuable online information. - - - - - - - - - - Microsoft taps new security head Microsoft this week named a new top executive for its Security Response Center, the unit responsible for addressing vulnerabilities in the company's existing products. Kevin Kean, who had been working as a senior group product manager on Windows Server 2003, is taking over for Steve Lipner as head of the unit that issues security bulletins and patches for Microsoft's existing products. - - - - - - - - - - Trojan Horse warning, as Cisco 'gives away' extensions to WLAN Cisco was accused today of attempting to create an alternative standard to WiFi in the wireless networking market, by creating a new "CCX compatible" logo. The Cisco message is: "You need a smart 'edge' to the wireless Internet." But consultant Cees Links, a former vice-president at Agere, believes that the only people who definitely need that smart edge are Cisco people. - - - - - - - - - - Wakey, Wakey it's Patching Day. Again It's patching time again for sys admins with the release of a further set of enterprise software patches by Microsoft last night. First up is a cumulative patch for Internet Information Service, Microsoft's Web server software. This includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1. In addition the cumulative patch includes fixes for four newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and 5.1.,,t269-s2135354,00.html,10801,81612,00.html - - - - - - - - - - New Apache release patches holes The Apache Software Foundation released on Wednesday an updated version of its market-leading Web server software, primarily to patch previously undisclosed security holes. The group, which coordinates development and distribution of the open-source software, recommended that system administrators promptly upgrade to version 2.0.46 of Apache HTTP Server, available for download from the Apache Web site. - - - - - - - - - - 'Too much cyber security' at CIA While other government agencies struggle with their cyber security practices, the Central Intelligence Agency apparently suffers from the opposite problem: too much security -- according to a recent study of the agency's use of information technology. In an unclassified report titled "Failing to Keep Up With the Information Revolution," former CIA officer Bruce Berkowitz -- now a research fellow at Stanford University's Hoover Institution -- found that the agency's intelligence analysts were hobbled by outdated software and cut off from many of the technological advances that workers outside the intelligence community take for granted.,10801,81605,00.html - - - - - - - - - - Success in Iraq due to better info sharing, Tenet says The CIA should mimic how intelligence agencies collaborate and how they collected the signals intelligence targeting data that helped the day- to-day business processes of U.S. forces in Iraq, the agencys director said last week. We must be even betterby channeling the same sense of urgency of community that we bring to Iraq or the war on terrorism to all our disciplines, each and every day, George J. Tenet said at a Security Affairs Support Association (SASA) ceremony, where he was presented with the William Oliver Baker Award. - - - - - - - - - - Public-private partnership weighs homeland security technology ideas The Center for Commercialization of Advanced Technology (CCAT), a public-private research and development partnership funded by the Defense Department, announced Thursday that it has received more than 100 responses to its recent solicitation for innovative technologies related to defense and homeland security. - - - - - - - - - - Terror lists linked to gun checks Justice Department officials have linked terrorism watch lists to the system that performs background checks to clear gun purchasers, department officials said today. "We have linked up various terrorist lists to be checked by the [National Instant Criminal Background Check System (NICS)]" a senior Justice Department official said. "But the system is there for the Brady Law. It is used only for preventing prohibited persons [such as felons and illegal aliens] from purchasing firearms, but mere suspicion of criminal activity is not necessarily a prohibitive factor." - - - - - - - - - - License-plate readers boost crime fighters Police forces across the UK are set to adopt high- tech vehicle number plate reading technology next year following a successful pilot, which resulted in the seizure of illegal drugs and stolen vehicles and goods. The automatic number plate recognition (ANPR) system, reported on earlier this week by, was tested by nine police forces for six months in a trial codenamed Project Laser. The police haul included PS100,000 ($165,00) in drugs, 300 stolen vehicles worth over PS2 million ($3.3 million) and PS715,000 ($1.2 million) in stolen goods--and 3,000 arrests. - - - - - - - - - - Louisiana transforms court network Louisiana's 19th Judicial District Court struggled for years with a network made up of legacy systems and a jumble of configurations. The infrastructure performed poorly, and sharing information was slow and subject to degradation. "At times whole sections and whole segments would freeze up and be inoperable," said Freddie Manint, the court's criminal justice information services director who also serves as the FBI threat assessment coordinator. - - - - - - - - - - Electronic Order in the Court As Judge Lewis A. Kaplan took his seat in Courtroom 12D in United States District Court in Manhattan, the plaintiff's lawyer sheepishly raised a question. He needed help connecting a laptop that contained a PowerPoint presentation that a witness would use during questioning. A court clerk sprang into action, and minutes later the cover page of the witness's presentation appeared on the courtroom's monitors. As a result of an initiative by federal and state judges, Judge Kaplan's courtroom is one of many across the country where computer technology is becoming as much a fixture as the American flag. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.