NewsBits for July 14, 2003 sponsored by, Southeast Cybercrime Institute - www.cybercrime.kennesaw.edu ************************************************************ Cyber pirates hack into Barisal DC office Internet account Cyber pirates recently hacked into the Internet account of Barisal DC office marking the first cyber crime in the Barisal region. Sources said the computer hacking incident was revealed after the DC office received a heavily bloated Internet bill and lodged a complaint with the Bangladesh Telegraph and Telephone Board (BTTB), which is the internet service provider for the DC office. http://www.thedailystar.net/2003/07/12/d30712100464.htm - - - - - - - - - - Missing in France: The 12-year-old girl who ran off with the US Marine she met online. Shevaun Pennington seemed to be the same as any normal 12-year-old experiencing growing pains. She listened to loud punk rock, surfed the Net for hours and talked endlessly of "her boyfriends" despite never having been on a proper date. No one could have guessed that the person she referred to as her "American boy- friend" was something other than the figment of an excitable school-girl's imagination. The "boy" in question was in fact Toby Studabaker, a 31-year-old American Marine who, two weeks ago, discharged himself from the US military to meet the child he had befriended in his e-mails. http://news.independent.co.uk/uk/crime/story.jsp?story=424542 - - - - - - - - - - Hollywood actor busted in kiddie-sex sting A small-time screen actor who once appeared in a disaster movie with Charo was arrested yesterday in a pre-teen Internet sex sting. The California thespian was nabbed at an Essington hotel by a Delaware County anti-kiddie- porn task force. Actor Robert Courts, 68, was charged with criminal solicitation of rape and solicitation of sexual assault among other charges. In an unconnected incident, the sting also scored a Pittsburgh man who allegedly was seeking to meet two girls, 7 and 10 years of age. Jeffrey Therrien, 29, was charged with attempted rape, attempted involuntary deviate sexual intercourse and attempted corruption of minors. Officials said both men visited Delaware County after arranging on the Internet to have sex with pre-teen girls. http://www.philly.com/mld/dailynews/news/local/6287570.htm - - - - - - - - - - Fayetteville Man Arrested On Child Porn Charges Police arrested a 27 year old Northwest Arkansas man on child pornography charges Friday. Fayetteville police say a co-worker of Mark Anthony Rayer of Fayetteville found child pornography on Rayer's computer at work. Investigators discovered Rayer had also deleted similar pictures from his home computer and they say he had an inappropriate internet relationship with a 14 year old Oklahoma girl. Rayer faces two counts of possessing computer child pornography and one count of sexual indecency with a child. http://www.arkansasnbc.com/Global/story.asp?S=1358732&nav=F8n2GsdY - - - - - - - - - - Sailors Allegedly Exchanged Child Porn Images Via E-Mail A USS Constellation sailor accused of transmitting and receiving child pornography while aboard the ship in the Persian Gulf will remain in custody on $500,000 bail, a judge ruled. Wayne Craig, 22, is one of three people charged in the child porn ring and is also accused of having sex with at least one of the 15- and 16-year-old alleged victims. Prosecutor Jeff Dort said the sex acts depicted in the pornography occurred before the Constellation went to sea last November, then e-mails were allegedly exchanged between Craig and co-defendant Robert Quackenbush aboard the ship and the victims, KGTV reported. http://www.local6.com/news/2329004/detail.html - - - - - - - - - - Internet Sex Arrests Coming Under Criticism Police investigations of potential sexual predators on the Internet are coming under fire from defense lawyers. Xenia police pioneered child exploitation investigations several years ago, but now arrests made by officers they helped train are being questioned. Xenia police have made more than 50 sex-related arrests in the last 3-4 years based on Internet investigations. http://www.whiotv.com/news/2329729/detail.html - - - - - - - - - - Stealth program hijacks PCs to send porn ads Close to 2 000 Windows-based PCs with high-speed Internet connections have been hijacked by a stealth program and are being used to send ads for pornography, computer security experts said on Friday. It is unknown exactly how the so-called Trojan program is spreading to victim computers around the world, whose owners most likely have no idea what is happening, said Richard Smith, a security consultant in Boston. http://196.30.226.221/sections/internet/2003/0307140828.asp http://www.cnn.com/2003/TECH/internet/07/14/porn.backdoor.reut/index.html - - - - - - - - - - Lawmakers Drafting IT Security Requirements Lawmakers are getting less subtle with their demands that vendors and network operators do everything possible to make the nation's cyber-infrastructure secure. Even legislation dictating IT security requirementsregarded as a last resortis in the works and slated for introduction by year's end. Advising corporations to "get their house in order" and demonstrate that regulation is unnecessary, Rep. Adam Putnam, R-Fla., chairman of the subcommittee on technology and information policy, said last week that legislation is in development. http://www.eweek.com/article2/0,3959,1190708,00.asp Dire shortage of security experts spurs gov't to help IT training http://mdn.mainichi.co.jp/news/20030713p2a00m0fp029000c.html - - - - - - - - - - Planned Parenthood goes for anti-abortionist necks The Planned Parenthood Federation of America (PPFA) is going for several notorious anti-abortionists necks and a famous cybersquatter in a case it has brought over nine domains it claims infringe its trademarks. The federation, which provides teenagers with sexual health information and runs abortion clinics across America, has named four people in the court action over nine domains including wwwplannedparenthood.com (note the missing dot) and .org and teenswire.com, teenwires.com and teenwire.info and .biz. It owns the trademarks Planned Parenthood and Teenwire. http://www.theregister.co.uk/content/6/31721.html - - - - - - - - - - Government to set out e-crime strategy The government is to work with law enforcement agencies and industry to produce its first strategy on tackling e-crime. The Home Office said that new communication technologies offer massive benefits but at the same time present new opportunities for criminals. http://www.vnunet.com/News/1142284 - - - - - - - - - - Ukraine Police and Interpol declare war to child porn Three-day visit of the head of the Interpol to Ukraine has come to the end on July, 8. During visit the delegation of International organization of Criminal Police had official meetings with representatives of Ukraine's Law Enforcement Bodies. The 33-rd Regional European Conference with 46 countries - participants will take place in Kiev in 2004. http://www.crime-research.org/eng/news/2003/07/Mess1104.html - - - - - - - - - - Cyber crime is a national security threat The president of Ukraine Leonid Kuchma has signed the changes in the Concept of National Security of Ukraine (the Basis of a public policy). The related law on bases of national security of Ukraine has been passed by the Verhovna Rada on June, 19, 2003. The law will come into effect from the date of its publication. http://www.crime-research.org/eng/news/2003/07/Mess1403.html - - - - - - - - - - 'Open and helpful community' - of credit card thieves Credit card fraud "power users" with programming skills and no fear are making it easier for newbies to break into white collar crime, according to a report from the Honeynet Research Alliance this week. http://www.theregister.co.uk/content/55/31707.html - - - - - - - - - - Hard for file swappers to hide identity People swapping material online can easily have their identity traced, leaving them vulnerable to threatened US legal action. File swappers hoping to share music and other works online without exposing their identity to the prying eyes of copyright enforcers face a tough choice. http://news.zdnet.co.uk/story/0,,t269-s2137474,00.html http://www.bayarea.com/mld/mercurynews/6299172.htm - - - - - - - - - - Researchers ``privacy appliance'' seeks to harness government snooping The Pentagon's plan to sniff out terrorists from a sea of personal data collected by the government, banks, airlines, credit card companies and other sources has been criticized as the most sweeping invasion of privacy in history. But Teresa Lunt believes that the much-maligned Terrorism Information Awareness system can work without stomping on individual rights. The researcher has proposed -- and the government is funding -- the creation of a device that could watch and rein in the watchers. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6300152.htm Funding for TIA All But Dead http://www.wired.com/news/politics/0,1283,59606,00.html Pentagon Alters LifeLog Project http://www.wired.com/news/politics/0,1283,59607,00.html - - - - - - - - - - Flaw leaves work PCs and Internet cafes open A researcher says PCs with restricted user accounts are vulnerable to 'shatter' attacks. A class of attacks that allows a user to take control of any PC or server could leave computer systems in corporations and Internet cafes vulnerable to attack, a researcher says. http://news.zdnet.co.uk/story/0,,t269-s2137472,00.html - - - - - - - - - - Program focuses on security response The CERT Coordination Center, a security-incident clearinghouse, introduced on Monday a program to certify information technology professionals in incident handling and response. The certification program will train participants in how to react to security incidents and network intrusions. Those people who take five courses, including an elective, and pass a test administered by the Software Engineering Institute will be granted a Certified Computer Security Incident Handler Certification (CCSIHC). The Software Engineering Institute is part of Carnegie Mellon University and manages the CERT Coordination Center. http://news.com.com/2100-1009_3-1025613.html - - - - - - - - - - The Persistence of Hoax Vmyths.com is fading into the sunset, while the virus hoaxes it steadfastly debunked seem to live on forever. "I received the e-mail this morning from someone who got it from the governor's office," came the tired complaint. Somewhere in the world, government workers in high place had fallen for the "Teddy Bear" hoax, a.k.a. "jdbgmgr.exe." Lemmings were heading for the cliff to delete the "virus," obeying the e-mail suggestions of the joker who wrote the trick. http://www.securityfocus.com/columnists/172 - - - - - - - - - - CA details management and security plans On-demand, flexibility and management tools central themes of Computer Associates conference. On-demand computing, flexibility and management tools are central themes at this year's CA World conference in Las Vegas. http://www.vnunet.com/News/1142270 http://www.theregister.co.uk/content/5/31735.html http://www.vnunet.com/News/1142272 Security alarm: Let's get physical http://zdnet.com.com/2100-1105_2-1025368.html - - - - - - - - - - Sophos Anti-Virus goes OS X Business anti-virus software maker Sophos Inc. announced Monday that it would introduce a Mac OS X (news - web sites)-native solution at Macworld CreativePro Conference & Expo. The expo kicks off today, and its main exhibit hall will be open from July 16-18, 2003. http://story.news.yahoo.com/news?tmpl=story&ncid=1292&e=1&u=/mc/20030714/tc_mc/sophosantivirusgoesosx&sid=95573662 - - - - - - - - - - A Security State of Mind CIOs need to ensure that their enterprise has the right balance between security risks, dollars and defences. Decades ago, a reporter asked the notorious American bank robber Willie Sutton why he robbed banks. He replied: Because thats where the money is. Now the money (and valuable information) is in computers and computer networks. http://www.cio.com.au/index.php?id=501521472&fp=16&fpid=0 - - - - - - - - - - You've been hacked: What to do in the first hour What you do in the first hour after a hack attack can make a big difference to the ongoing security of your network - here are the most important steps to take. The hair stands up on the back of your neck, and you feel the first bead of sweat roll down the side of your face: You've been hacked. The adrenaline starts to flow and you're ready to jump into action. But what do you do first? http://techupdate.zdnet.co.uk/story/0,,t481-s2137487,00.html - - - - - - - - - - How Security Conscious Is Your Company? Are you wondering how thorough your company's security measures are? Whether they (or you!) are doing enough? Take our Security Quiz! The SANS Institute, in partnership with Computerworld, has identified four key levels of security awareness. Answer the following multiple-choice questions to find out which level your company most closely matches. http://computerworld.com/securitytopics/security/securityquiz - - - - - - - - - - Actual problems of fighting cybercrimes All of us are witnesses of a prompt development of information technologies. By 2005, about 1 billion computers will be connected to the Internet. At the same time several billions sites and images will be placed on the Net. In 2003 the Internet-economy worldwide accounts for about 5 % of a total product. http://www.crime-research.org/eng/library/Nomokonov.html - - - - - - - - - - Computer information has to be protected as a proprietary Very few things can be done without collecting, integrating, generating or having an access to information. M. Winner defined information as an indication of contents taken from the environment when adapting ourselves and our feelings to it. Obtaining and using information allows us live and survive in the surrounding world. http://www.crime-research.org/eng/library/Golubev_july.html - - - - - - - - - - Linux Firewall-related /proc Entries Most people, when creating a Linux firewall, concentrate soley on manipulating kernel network filters: the rulesets you create using userspace tools such as iptables (2.4 kernels,) ipchains (2.2 kernels,) or even ipfwadm (2.0 kernels). However there are kernel variables -- independent of any kernel filtering rules -- that affect how the kernel handles network packets. This article will discuss these variables and the effect they have on the network security of your Linux host or firewall. http://www.securityfocus.com/infocus/1711 - - - - - - - - - - Firm hires former INS exec A former federal official has joined SI International to guide the company's homeland security efforts. Mike Becraft, former acting deputy commissioner of the former Immigration and Naturalization Service is now the information technology firm's senior vice president for homeland security. http://www.fcw.com/fcw/articles/2003/0714/web-ins-07-14-03.asp *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; www.cybercrime.kennesaw.edu *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2003, NewsBits.net, Campbell, CA.