NewsBits for July 24, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ U.S. bank hit by international hackers Counterfeit ring hacks Nebraska bank's computer. Some customers of a Kearney bank lost access to their debit card accounts after a Malaysian counterfeit ring hacked the bank's computer system and attacked its Visa Check Card program. According to a report in the Kearney Hub, over the weekend the Malaysian crime ring stole debit card numbers and made $13.99 transactions on Platte Valley Bank accounts, said bank president Mark Sutko. - - - - - - - - - - Online Identity-Theft Tactic Targeted A Los Angeles 17-year-old has settled charges that he used fake Web pages to lure consumers to provide credit card numbers and other personal data, the Federal Trade Commission announced yesterday in a crackdown on a growing form of Internet fraud. The case against the teenager, who was not identified, is the first brought by the FTC that targets "phishing," a pernicious scam that marries e-mail spam with identity theft. The term is used by computer vandals who go fishing for information. The FBI and Justice Department also investigated the case. - - - - - - - - - - Former News Producer Sentenced For Possessing Child Porn A St. Louis man who admitted to possessing child pornography will spend the next 27 months in federal prison. Bill Sandefur, 51, pleaded guilty to the charge back in May. Along with prison time, he also must register as a convicted sex offender. Last year, police raided Sandefur's home on Watson Road, and confiscated a computer that contained child pornography. He's still awaiting trial on statutory sodomy charges involving a teenage boy he met in an online chat room. - - - - - - - - - - Alabama man pleads guilty to child porn charges A Hokes Bluff man pleaded guilty to 12 counts of a federal indictment involving child pornography charges. Benjamin Nelson, 31, acknowledged that he corresponded with an undercover U.S. Postal Service inspector and ordered a child pornography videotape through the Internet that was to be sent through the mail. The investigation also showed that Nelson possessed hundreds of images of child porn and traded child pornography over the Internet during 2002. Assistant U.S. Attorney James Phillips is prosecuting the case. Nelson is to be sentenced later. - - - - - - - - - - 45 molestation, porn charges filed against former soccer coach The Yolo County district attorney's office has filed 45 criminal charges against a former Davis soccer coach and referee accused of molesting three teen-age boys, a Yolo Superior Court spokeswoman said. Jeffrey Allen Hicks appeared in court Wednesday afternoon with his attorney, Roger Hahn, but arraignment proceedings were postponed until Aug. 7, when Hicks is expected to enter a plea in the case. Hahn could not be reached for comment about the case this morning. Hicks, 36, was arrested June 23 following a three-week investigation by Davis police that began with a report that Hicks had child pornography stored on his home computer. While serving a search warrant at Hicks' Spruce Lane residence, police learned that Hicks allegedly had molested the three boys between 1999 and June of this year. The alleged acts occurred over varying periods of time, police said. - - - - - - - - - - Man faces child porn charges A 44-year-old Clover man was arrested Wednesday on charges he sent child pornography over the Internet to an undercover police officer in Illinois, authorities say. Elvis Lee Pressley of 787 Lakedale Drive has been charged with seven counts of second-degree sexual exploitation of a minor. Wednesday night he was awaiting bond at the York County Detention Center. In September 2002, a local FBI agent notified the York County Sheriff's Office that Pressley was sending child porn over the Internet, according to sheriff's office reports. Days later, detectives went to Pressley's home and seized his computer and computer discs. The items were sent to the State Law Enforcement Division for examination. Detective Jerry Hoffman of the sheriff's office said Pressley met the undercover officer through an Internet chat room. - - - - - - - - - - Supreme Court rejects tougher penalty in porn printout case Printing out child pornography from a computer for personal use does not constitute reproduction of the material and subject those who do it to harsher penalties, a divided state Supreme Court ruled in an opinion released Thursday. Those who print out such images from the Internet face only nine-month jail sentences for possession of child pornography under state law rather than the seven-year prison terms for those who create the pictures, the court ruled in a 4-3 vote.,0,389968.story - - - - - - - - - - Vogon to appeal Serious Fraud Office win Police unit will not have to pay contested data recovery bill. Security company Vogon is to appeal after losing a case against the Serious Fraud Office (SFO), which refused to pay up when it received a bill more than 10 times larger than it had expected. - - - - - - - - - - DoubleClick hit by fraud complaint DoubleClick, an online marketing services company, is facing a class-action lawsuit alleging it helped deliver millions of fraudulent online advertisements meant to dupe Web surfers into clicking on them. The suit, filed July 11 in Allegheny County, Penn., civil court, is similar to a case against Bonzi Software, which was charged with deceiving Web surfers into clicking on banner ads by presenting them as computer security warnings. In May, the company settled the case, agreeing to clearly label the ads; but this suit, with new plaintiffs, carries the charges to New York-based DoubleClick. - - - - - - - - - - Web sites post photo of wrong woman in Kobe Bryant case The family of a young woman wrongly identified on the Internet as Kobe Bryant's accuser has hired an attorney in hopes of stopping her image from being circulated online. Attorney Sienna LaRene said the parents, Bob and Beth Matthews of Eagle, aren't looking for financial damages. - - - - - - - - - - Star Wars Kid Files Lawsuit The parents of the infamous "Star Wars Kid" are suing classmates who posted a humiliating video of their son on the Net, according to Canada's Globe and Mail. Quebec teenager Ghyslian Raza was the target of worldwide mockery when a private video he made of himself practicing his lightsaber moves was uploaded to the Net by kids at his school.,1284,59757,00.html - - - - - - - - - - Anti-Porn Bill Targets File Sharing Online file-swapping services would be required to get parental consent before allowing children to use their software under a new bill to be introduced today in Congress. The Protecting Children from Peer-to-Peer Pornography Act is intended to prevent children from downloading pornographic material, which is widely available for free through file-sharing services like Morpheus and Kazaa. - - - - - - - - - - Libraries get a break on Net filters Under a deadline set Thursday, libraries have an extra year to comply with a controversial law that says if they accept federal funds, they must install Internet filtering software. The Federal Communications Commission, which is responsible for enforcing the law, set the deadline of July 1, 2004, in a 49-page ruling released Thursday. Because the law, called the Children's Internet Protection Act (CIPA), had been challenged in court, the FCC decided it was reasonable to give libraries time to comply. CIPA-regulated filters fall far short - - - - - - - - - - Greece warned over gaming 'mess' A Greek law that effectively banned all computer games is creating trouble for Greece from the European Commission. The Greek government has been warned by the European Commission over a law it passed last year that seemed to ban all computer games. The law stirred up anger and disbelief after it resulted in several arrests and the closure of Internet cafes.,,t269-s2138095,00.html - - - - - - - - - - Defense Department lacks data on cyberterror threat More research is needed on how to protect the Defense Department's communications systems from cyberterrorism, the department's top information security official said on Thursday. "One gap that needs to be filled immediately is the need to do more research in this area," Robert Lentz, director of information assurance at Defense, told the House Armed Services Terrorism, Unconventional Threats and Capabilities Subcommittee. Lentz added that the defense community has held an "aggressive series of working groups" on cyber security in the past year. - - - - - - - - - - Russian minister declares spam war on American school A Russian minister launched an automated telephone attack on an American language school in Moscow because they kept sending him spam. A Russian minister was so annoyed by the amount of spam he received from an English-language school, he decided to fight back -- with 1,000 automated phone calls.,,t269-s2138102,00.html Americans demand anti-spam register,,t269-s2138099,00.html,10801,83367,00.html Mobile operators denounce spam,,t269-s2138076,00.html Re: The false spam you requested Is phone spam's number up? - - - - - - - - - - Broadband Britain at risk from Internet piracy The UK government is urged to make it easier for users to buy online, and safer for companies make content available for sale on the Web. The UK's broadband boom is likely to falter unless more progress is made towards combating digital piracy, the Broadband Stakeholder Group (BSG) has warned.,,t269-s2138132,00.html - - - - - - - - - - Economic fraud: Crime busters have a new ache Crime busters have something new to worry about. Moving away from the social arena, crime has now expanded its reach into the corporate world, with economic crime emerging as a major issue. According to a survey conducted by Price Waterhouse Coopers, one fourth of the companies covered in India, reported significant economic crime over the last two years. However, when it comes to impact assessment, these companies appear to be more tolerant about reporting such crimes, and most went on to argue that the impact on their share price was not significant. - - - - - - - - - - Study finds computer voting system vulnerable to tampering An electronic voting system used in some states as an alternative to the troublesome punch-card ballots is highly vulnerable to fraud, computer security experts warned in a study released Thursday. - - - - - - - - - - Hi-tech tool against paedophiles unveiled Internet offenders could be tracked via the victims A computer database which can identify paedophiles and their victims within seconds has been unveiled by police. The Childbase system uses sophisticated software to compare the faces of people in new abusive images with those in pictures already investigated. - - - - - - - - - - Brawl over file-swapping spawns 'secure' software As the recording industry prepares hundreds of copyright lawsuits against online music swappers, the makers of file-sharing software are fortifying their programs to try to mask users' identities. Some of the upgrades reroute Internet connections through so-called proxy servers that scrub away cybertracks. Others incorporate firewalls or encryption to thwart the sleuth firms that the recording industry employs. Music-sharing subpoenas come as rude surprise to some households,1412,59756,00.html - - - - - - - - - - Widespread Windows Hole Discovered Microsoft Corp. on Wednesday warned customers of a serious hole in all versions of Windows that could completely compromise a vulnerable machine. The vulnerability lies in the DirectX technology that is included with Windows and is used to run multimedia presentations. One of the technology's components, DirectShow, contains two buffer overruns in the function that is used to check parameters in MIDI files.,3959,1202067,00.asp,1282,59759,00.html Microsoft flaw exploits music files Microsoft's Charney tells Congress vulnerabilities are a fact of life,10801,83415,00.html - - - - - - - - - - Oracle warns of three new flaws Database maker Oracle warned customers on Wednesday of three new flaws in its products and reiterated its warning to businesses of a fourth flaw that uses the company's application server. The two most serious vulnerabilities were in the firm's E-Business Suite, Oracle's set of server applications for managing everything from accounting to Intranets. Both were given the highest of three threat ratings assigned by Oracle to its products' vulnerabilities.,10801,83424,00.html - - - - - - - - - - 10.2.6 Security update posted Apple has released Security Update 2003-07-23 v.1.0 for Mac OS X 10.2.6 client and server systems. The company describes the update as: "Improving the security of your system by assigning a disabled password to a new account created by Workgroup Manager until that account has been saved for the first time. This ensures the new account cannot be accessed by an unauthorized individual." - - - - - - - - - - PestScan: free spyware checker Review A free online spyware detection service, which its developers claim is the first of its kind, was launched yesterday. PestScan from security software outfit PestPatrol is a Web-based program that runs from the PestPatrol Web site, downloading just a few small ActiveX components to a user's computer. In this respect the service can be compared to McAfee FreeScan. - - - - - - - - - - Internet and Cybercrime Law enforcement bodies have a certain experience in prevention and investigation of computer crimes related to telecommunications, banking, businesses. It is obviously that the Internet becomes criminal element: web sites propagandizing criminal ideology are created, services are used for communication and experience exchange between criminals, coordination of criminal activity is provided. - - - - - - - - - - The Hackers Who Broke Windows The Last Stage of Delirium, the hacking group that laid open nearly every version of the Windows operating system last week, could use a little sleep. Since going public with the RPC buffer overflow bug that some are describing as the worst Windows security hole in history, the group has been caught in a media frenzy. The hubub has been just as bad as when, in April, 2001, LSD broke Argus Systems' PitBull security software in a contest for $50,000 in cash. - - - - - - - - - - Demonstrating ROI for Penetration Testing (Part One) This is the first in a series of articles demonstrating ROI for a Pen-Test. I am going to take you down a little bit different path initially than you are probably used to, but I have a particular goal in mind of teaching security professionals how to demonstrate ROI for a Pen-Test. If you stay with me through this series the light will dawn and your thinking will be a little bit more in line with how the CxO views spending money on security. - - - - - - - - - - IT security experts warns... The analysis of computer crimes, which was carried out by experts of the Computer Crime Research Center, allows to draw a conclusion that number of computer crimes in Ukraine tend to constant increase. So, on November, 16-20, 2001 computer network of General Office "Ukrtelecom" was attacked. More than 700 computers and tens of servers have been desturbed. Attack has resulted to disconnect of computers from the Internet, and corporate email was deactivated. The losses from attack has made more than $ 1 billion Ukrainian Hrivnas. - - - - - - - - - - UK workers talk favourite revenge tactics More than half of UK workers would take revenge against a former employer if they were unhappy about losing their job. Badmouthing the company (31 per cent), taking customer leads (38 per cent), signing their ex-boss up to an X-rated mailing list (10 per cent) and sending nasty emails (10 per cent) were identified as key revenge tactics by UK workers in a survey commissioned by Novell. - - - - - - - - - - Bush gets D on security A liberal think tank gave the Bush administration a D for its attempts to improve homeland security since the Sept. 11, 2001 terrorist attacks. In a report card that it released Wednesday, the Progressive Policy Institute said the administration has not taken advantage of existing technology designed to share intelligence, track foreigners, secure ports and improve aviation security. Agencies failed to grasp pre-Sept. 11 terrorist threat, lawmakers find Government IT Review FBI reports significant progress on IT modernization,10801,83366,00.html *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.