High Tech "NewsBits" for 06/11/03

NewsBits for June 11, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ FBI: Cell phones found in Saudi probe rigged to trigger bombs Investigators looking into the recent terrorist bombing in Saudi Arabia found cell phones rigged to detonate explosives by remote control, the FBI said Wednesday, urging U.S. law enforcement officials to be on the lookout for similar devices. The modified cell phones turned up during searches following the May 12 bombing in Riyadh that killed 35 people, including nine Americans, according to a weekly FBI bulletin to 18,000 state and local law enforcement agencies. http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2003/06/11/national1833EDT0748.DTL - - - - - - - - - - Virus attacked computer networks of the Ukrainian government The Ukrainian government has suffered from the new computer virus BugBear.B last week. In particular, State Office of Public Prosecutor and the Ministry for Foreign Affairs have officially confirmed that their computer networks have been attacked with a new virus. The computer network of the Ministry of Foreign Affairs of Ukraine has been disconnected for few days in connection with a threat of viruses. Similar problems have concerned the State Office of Public Prosecutor (SOPP), officials have found necessary to inform everyone who has e-communication with SOPP about a new virus. The virus sent to the State Office of Public Prosecutor on Thursday, has been automatically distributed to all addresses contained in a database. Now the consequences of virus are liquidated. http://www.crime-research.org/eng/news/2003/06/Mess1102.html - - - - - - - - - - Telewest hit by 'particularly large' DoS attack Telewest was hit by a "particularly large" DoS attack yesterday evening causing problems for thousands of users in the North of England, London and the South East. The cableco is still investigating the incident, which is believed to have affected a sizeable chunk of Telewest's 300,000 broadband punters, denying them access to their service from around 6.30pm to 11.00pm yesterday evening. It seems the attack originated from a number of different locations outside the UK. The cableco said it was unable to trace the source of the attack. http://www.theregister.co.uk/content/55/31145.html - - - - - - - - - - Student hacks school, erases class files Highlighting the vulnerability of most computer networks, a 17-year-old student taking a networking course was arrested for hacking into his school's computers and erasing folders belonging to the junior class, New York State Police said Tuesday. http://edition.cnn.com/2003/TECH/internet/06/10/school.hacked/index.html - - - - - - - - - - Kiddie-porn smuggler leaves after Immigration issues deportation order A Filipino man has left Canada after pleading guilty to possession of child pornography and a charge under the Customs Act of smuggling prohibited goods. Victor Vesgara Arieta, 31, was a crew member on a Liberian cargo ship that arrived in Halifax on Saturday. During a routine search, Canada Customs and Revenue officers discovered a video disc containing pornographic films involving young children in Arietas belongings. As with all vessels that arrive in port, we make decisions about which ships to search and what areas of them well search, said Customs communications officer Roy Jamieson. Our targeters use a variety of criteria to make those decisions, but it is routine to search crewmembers lockers and belongings. Customs turned the evidence over to the Customs and Excise section of the RCMP and arrested Arieta. http://www.canada.com/halifax/dailynews/story.asp?id=764EEC84-E23E-49DB-BAA9-AF2279368FCE - - - - - - - - - - Utica Priest Formally Charged With Child Porn Prosecutors have formally charged a Utica priest with possessing child pornography on his laptop computer. The Rev. Timothy Szott (pictured, left) was pastor of one of the area's largest Catholic churches. He's currently on leave from St. Lawrence Church in Utica. Authorities said they found thousands of images of nude boys in sexual poses or situations on his computer and church server. http://www.clickondetroit.com/det/news/stories/news-226280920030611-090617.html - - - - - - - - - - Internet Sex Sting A local teacher is in jail, busted in an internet sting. Police say he was trying to arrange to have sex with a child. Lima police arrested Christopher Helle, 30, last night. Police say an officer posed as a 14-year-old girl on the web. They say Helle went to Lima to meet who he thought was the young girl and was arrested. Police say he is a teacher at Evergreen local schools and lives in Sylvania. He's expected to be arraigned this afternoon in Allen County. http://www.13abc.com/index.cfm?Article=8064&SecName=28&Level=1&SubID=0&Itm=&SideID=&IsItm= - - - - - - - - - - Alleged Hacker Had Child Porn On Computer Suspect Accused Of Trying To Hack Into Sheriff's Site. A Hamilton County grand jury has indicted a local man on six counts of unauthorized use of property. Jesse Tuttle, 26, is accused of trying to hack into the Hamilton County Sheriff's Department Web site, WLWT Eyewitness News 5 reported Wednesday. When Tuttle was arrested, officers said they found images of child pornography on his computer. Hamilton County Prosecutor Mike Allen said Tuttle's computer skills were well-known, according to WLWT. "This individual has a reputation in the community for being proficient at this type of thing," Allen said. "But the important thing to keep in mind is that he got caught and is now facing criminal charges." Tuttle also faces 10 charges involved with child pornography. He could get up to 80 years in prison if convicted on all charges. http://www.channelcincinnati.com/technology/2264030/detail.html - - - - - - - - - - Judge turns up in court to face child porn charge A CIRCUIT Court judge yesterday avoided arrest by turning up in court to face a charge of possessing child pornography. Judge Brian Curtin, who had twice previously failed to appear before District Judge Humphrey Kelleher at Tralee Court, yesterday arrived at the courthouse with his solicitor, Robert Pierse, 25 minutes before the court started at 11am. Judge Curtin, 51, was returned for trial to the next sittings of the Circuit Criminal Court in Tralee, due to commence on July 22, on a charge of knowingly possessing child pornography, under the Child Trafficking and Pornography Act 1998, at his home, 24 Ard na Li, Tralee, on May 27 last year. His home was among more than 100 premises raided by gardai under Operation Amethyst in May 2002. The raids arose from an investigation into the downloading of child pornography from the internet. http://www.examiner.ie/pport/web/Full_Story/did-sgttc5ERb20--sgdq-nXlDAyFE.asp - - - - - - - - - - IT expert in job battle after child porn claims A COMPUTER expert claims he lost his job at a top hotel after accusing a colleague who allegedly accessed child porn on the internet. William Barrie, 32, of Kilmarnock, says he suffered stress and had no option but to quit as IT boss at the five-star Turnberry Hotel, Ayrshire after blowing the whistle on alleged surfing of sordid websites. He also claims that management tried to cover up the matter and a senior manager at SLC Turnberry Ltd misused the computer system. Mr Barrie is taking the hotel to an employment tribunal claiming constructive and unfair dismissal. He has also lodged a complaint under the Public Interest Disclosure Act. http://www.eveningtimes.co.uk/hi/news/5016375.html - - - - - - - - - - Web sites advising suicide becoming targets of law enforcement The instructions downloaded from the Internet were explicit, and, according to police, followed precisely by a 52-year-old St. Louis woman in taking her own life June 2. Printouts from the Web site left nearby described how to use helium to cause asphyxiation, exactly as she did. This is the Web site's recommended method. It is worrisome advice to a person on the edge, say people who study suicide and its causes. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6063119.htm - - - - - - - - - - House Wants to Inhibit Offshore Internet Gambling The House on Tuesday approved legislation that targets unregulated offshore Internet gambling sites by prohibiting financial institutions and creditors from completing credit- card payments or wire transfers for funds owed by online losers. Because the government cannot regulate online casinos that are located beyond U.S. jurisdiction, the Unlawful Internet Gambling Funding Prohibition Act, which passed 319 to 104, would wage a war of attrition by closing the U.S. money pipeline. Rep. Spencer Bachus (R-Ala.), who sponsored the legislation, said that the bill was an attempt to curb betting, particularly by underage or chronic gamblers. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6062188.htm http://zdnet.com.com/2100-1105_2-1015475.html http://www.washingtonpost.com/wp-dyn/articles/A42986-2003Jun11.html http://www.latimes.com/technology/la-na-gamble11jun11,1,5862553.story House exempts U.S. operations from ban on credit card gambling The House voted Tuesday to exempt American gambling operations from legislation that would ban gamblers from using credit cards, checks or electronic fund transfers at illegal offshore Internet casinos. Some lawmakers said the exemption while aimed at protecting existing legal gambling operations like horse racing, lotteries, dog racing could expand American gambling operations to the World Wide Web. http://www.usatoday.com/tech/news/techpolicy/2003-06-10-gambling-bill_x.htm - - - - - - - - - - Staff monitoring must be transparent The UK Information Commissioner has clarified that to comply with the Data Protection Act, any monitoring should be done 'with the knowledge of the employee' Information Commissioner Richard Thomas today started his move to make companies' compliance with the Data Protection Act easier and simpler. http://news.zdnet.co.uk/story/0,,t269-s2135870,00.html - - - - - - - - - - FTC seeks more authority to fight spam The Federal Trade Commission (FTC) asked Congress today for additional authority to fight unwanted Internet spam, which now accounts for up to half of all e-mail traffic. In testimony before the House of Representatives Energy and Commerce Committee, FTC commissioners said they need the ability to secretly investigate those who send deceptive e-mail as well as more leeway to go after spammers who send their messages across international borders. http://computerworld.com/softwaretopics/software/groupware/story/0,10801,82016,00.html http://zdnet.com.com/2100-1105_2-1015517.html http://news.com.com/2100-1028_3-1015948.html http://www.washingtonpost.com/wp-dyn/articles/A46834-2003Jun11.html http://www.msnbc.com/news/925181.asp Spam will die out in three years http://silicon.com/news/165/1/4613.html - - - - - - - - - - Government surveillance centre goes live The UK government's new PS25m internet surveillance centre has become fully operational, Computing can reveal. The National Technical Assistance Centre (NTAC) acts as an intermediary between internet service providers (ISP) and law enforcement agencies for intercepting and reading emails and web traffic. http://www.vnunet.com/News/1141544 - - - - - - - - - - Cybercorps grads aim to boost federal IT security IT security at federal agencies will get a boost this month from the first class of 46 students, mostly midcareer IT professionals, who have completed training under a federal scholarship-for-service program. Cybercorps, as the program is called, was created in 2000 to produce a pool of security-trained IT professionals obligated to work for the government. The program provides up to two years of scholarship funding for students studying information security in return for a commitment to work an equal amount of time for the federal government. http://computerworld.com/securitytopics/security/story/0,10801,82023,00.html - - - - - - - - - - Police warn of latest email fraud Watch out for generous offers when you're selling your car. The Metropolitan Police Fraud Squad is warning of a new twist to an old scam as crooks turn to the internet to help them con people out of thousands of pounds. Similar to the so-called 'Nigerian' or '419' emails cams, it starts off in the old-fashioned way via classifieds in UK newspapers. http://www.vnunet.com/News/1141529 - - - - - - - - - - Text complaints on the up, up, up Complaints concerning premium rate email, SMS and fax services have gone through the roof in the last year as more and more people have been diddled by unscrupulous operators. The number of complaints about dodgy text message jumped eight-fold in 2002 to more than 1,200. And reports about spam scams - including ones tricking people into unknowingly activating a premium rate Internet dialer - also neared 1,200. http://www.theregister.co.uk/content/59/31124.html - - - - - - - - - - Former officials assess security needs on cyber front A panel of former government experts in cybersecurity on Wednesday assessed the need to address that issue. At a Center for Strategic and International Studies conference, Ronald Dick, director of strategic initiatives on information assurance at Computer Sciences Corp., identified several drivers to improving cyber security and protecting critical infrastructures. Dick once headed the FBI's National Infrastructure Protection Center, whose functions were absorbed into the Homeland Security Department this year. http://www.govexec.com/dailyfed/0603/061103td1.htm - - - - - - - - - - Fighting Child Pornography in the Internet According to Law Enforcement Bodies of Russia 75 % of all child pornography is distributed in the Internet. According to experts, 70 % of Internet - payments in system B2C falls on payments for services of "xxx-sites". The words related to sex and pornography are contained in half of requests of search engines. It is easy to explain commercial success of such enterprises: amateurs of a child pornography have already got used to search for production not in illegal shops, but in police free virtual network. A subscriber gets an opportunity to have a good time with child porn in Internet for 15-20 dollars a month, knowing that these actions are not punishable in many countries, including the Soviet Union. http://www.crime-research.org/eng/news/2003/06/Mess1101.html - - - - - - - - - - Europe vs. Cyberterrorism The desire of Europe to go in own way and to be less dependent on U.S. is shown not only in a policy, but also in sphere of high technologies. After attacks of virus Slammer the European Community has decided to create the European Agency on Information and Computer Networks Security. The budget of agency will make 24 million euro for the first 5 years. The agency will begin work in January, 2004. The purpose of new structure is to fight computer piracy and fast information interchange between the countries of EU in cases of cyber threats. http://www.crime-research.org/eng/news/2003/06/Mess1104.html - - - - - - - - - - Retailers back online security scheme Good news for e-commerce as 4,000 European retailers join Verified by Visa initiative. Companies including HBOS, Lloyds TSB and Opodo have signed up for the Verified by Visa scheme, aimed at improving consumer confidence in online shopping. http://www.vnunet.com/News/1141521 - - - - - - - - - - New WPA wireless security on its way Virtually no one has a kind word to say about Wired Equivalent Privacy (WEP), the standard for securing data transmissions on Wi-Fi networks, writes Anne Zieger. WEP, which relies on cryptography that can be cracked with a half-hour of laptop time, isn't well-defended, but until recently it's all Wi-Fi fans had. http://www.theregister.co.uk/content/69/31131.html 802.11i Shores Up Wireless Security While WPA goes a long way toward addressing the shortcomings of WEP, not all users will be able to take advantage of it. Not all users can share the same security infrastructure. Some users will have a PDA and lack the processing resources of a PC. The inadequacy of the Wired Equivalent Privacy protocol has delayed widespread adoption of wireless LANs in many corporations. While most network administrators and end users understand the productivity benefits of cutting the Ethernet cord, most worry about the risk of doing so. http://wirelessnewsfactor.com/perl/story/21709.html - - - - - - - - - - WLAN alert! Get your helmets on Somerset County Council (SCC) has advised its employees not to install wireless networks in the county's schools and offices until it's carried out a full investigation into the safety of the technology. Details about the warning remain sketchy since Health and Safety officials at the council were reluctant to discuss the matter until the tests have been completed. However, in a statement the council told us: "Somerset County Council has a radiation working group looking into the risks of wireless network technology. http://www.theregister.co.uk/content/69/31143.html - - - - - - - - - - Virus Protection Gets Better The latest addition to McAfee's line of corporate antivirus solutions, McAfee VirusScan Enterprise 7.0, gives companies strong virus protection with lower maintenance requirements. VirusScan runs only on Windows NT, 2000, and XP, but it performs double duty, replacing VirusScan 4.51 on desktops and NetShield 4.5 on file servers. The Achilles' heel in any enterprise's virus protection is end users who disable the software to save time. To help minimize this, McAfee has improved performance and given administrators better tools to make sure protection is on and up to date. For example, the new File Scan Caching technology improves performance over time by remembering scanned areas and not rescanning unmodified files in future passes. http://www.pcmag.com/article2/0,4149,1116264,00.asp?kc=PCRSS02129TX1K0000530 - - - - - - - - - - Industrial Defender protects against digital attack Control-system specialist Verano has introduced a service and software package to help companies protect their critical infrastructure from digital attacks. The product, dubbed Industrial Defender, aims to close holes in the security surrounding control systems used by utility companies, manufacturers and other industries. Verano announced the first piece, a network monitoring appliance and service, on Tuesday. http://silicon.com/news/500003-500012/1/4609.html - - - - - - - - - - Temp workers the weakest link in security chain Short-term contracts, long-term headaches... Companies who employ high numbers of temporary staff are increasing their exposure to serious security attacks. Corporate compliance specialist PolicyMatter believes temp staff on short-term contracts represent the biggest danger to a company because they are often not made aware of security policies before being set loose on sensitive systems. http://www.silicon.com/news/500020/1/4617.html http://news.zdnet.co.uk/story/0,,t269-s2135890,00.html - - - - - - - - - - Privacy vs. Internet piracy Verizon and Earthlink have informed five Internet service customers that they can expect to be hearing from the record industry very, very soon. But the Recording Industry Association of America says it hasn't decided what to do with the names it won last week in a bitter court battle over Internet piracy. Verizon challenged a subpoena requested by the RIAA, refusing to turn over the identities of subscribers accused of trading copyrighted music online. An appeals court last week gave the company two weeks to comply. Verizon turned over the names of four subscribers, traced by the music industry through their numerical Internet Protocol (IP) addresses. http://www.usatoday.com/tech/news/2003-06-10-privacy-piracy_x.htm - - - - - - - - - - Magazine, university draw ire of antivirus industry First the University of Calgary announced plans to offer a class in writing computer viruses and other destructive programs. Then Wired magazine published the code of a virus-like program that caused mass havoc on the Internet this year. Both developments infuriated virus-fighting companies and illustrated the high-stakes dilemma of computer security: Do you keep vulnerabilities secret or spread the knowledge so problems can be remedied faster? http://www.usatoday.com/tech/news/2003-06-11-wired-and-calgary_x.htm - - - - - - - - - - Cracking Down on Cyberspace Land Grabs The people who keep the Internet running are coming to terms with address space hijacking, an old scam that's turned suddenly nasty. Earlier this year an expanse of Internet address space belonging to the County of Los Angeles was put to some uses that had little to do with effective municipal governance. Some county addresses inexplicably began hosting porn websites, while others generated suspicious scanning activity that tripped intrusion detection systems around the net. http://www.securityfocus.com/news/5654 - - - - - - - - - - Reality Check: How Safe Is Linux? Many of the programs included in Linux distros have programming errors that lead to things like privilege escalation, whereby a common user tricks a program into thinking it has more privileges than it does, says Guardian Digital CEO Dave Wreski. It is not enough for an operating system to be low cost, reliable and capable of handling mission-critical applications. At some point in every OS's cycle of life, the question comes down to security and safety. http://www.newsfactor.com/perl/story/21702.html - - - - - - - - - - Effects of Worms on Internet Routing Stability The impact of worms on the Internet has increased significantly over the past five years. In particular worms such as CodeRed II, NIMDA, and the more recent SQL Slammer prove that the ability to effectively impact the Internet overall is here. This impact is not only felt at the connection endpoint where the worm takes residence and replicates itself but also on the infrastructure in-between. In the period of time that CodeRed II infection was at its most severe levels a unique effect began to be observed whereby global routing instability was detected throughout the Internet. http://www.securityfocus.com/infocus/1702 - - - - - - - - - - Strategic security assessment can define what degree of risk is acceptable Many businesses respond to increased information security threats by shoring up their perimeter defences. Implementing tools that serve a very specific purpose is part of the solution, but smart organisations are waking up to the need toimplement a strategy that also includes security assessment. http://196.30.226.221/sections/techforum/2003/0306110923.asp - - - - - - - - - - Government IT Review Lockheed vs. Boeing; General Dynamics Gets Bigger; High-Tech Warfare; Northrop's TRW Stomach Ache; and More News. The use and purchase of technology by governments has created a multi-billion-dollar sector, involving some of the world's biggest companies and scores of smaller companies serving niche markets. After Sept. 11, 2001, the so-called government IT sector attracted even more attention, as governments started spending more on security technology and as a battered tech sector reoriented itself to serve a growing and relatively more stable marketplace. http://www.washingtonpost.com/wp-dyn/articles/A44749-2003Jun11.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.