NewsBits for September 5, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Man Charged With Raping Girl He Met on Internet An Ossining mother came home from work one day last month to discover that her kitchen screen had been cut and pots overturned. Nothing had been stolen, but another detail a teddy bear had been rearranged in her 13-year-old daughter's bedroom while the girl was out of town seemed even more peculiar. The mother's suspicions led to the arraignment today on charges of rape and sodomy of a 20-year-old Long Island man who the authorities said had formed an online relationship with the girl. (NY Times article, free registration required) - - - - - - - - - - Mother, son sentenced to prison for illegal Web pharmacy A restaurateur and her son were sentenced to federal prison Thursday for running an unlicensed Internet pharmacy that filled orders nationally from a bedroom in her suburban home. Betty Gorman was sentenced to three years and one month and her son James Gorman was sentenced to two years for their convictions on more than 120 counts. - - - - - - - - - - Adrian Lamo charged with computer crimes FBI agents armed with a federal arrest warrant out of New York were searching for Adrian Lamo Thursday, SecurityFocus has confirmed. Lamo has been charged in New York under Title 18 U.S.C. 1030 and 1029, according to deputy federal public defender Mary French, who says she's spoken with one of the FBI agents that were searching for Lamo. 'Homeless hacker' may surrender to FBI - - - - - - - - - - Computer With Secrets Stolen, Officials Say Two men posing as technicians stole computers that may have contained confidential files and top-secret information from Sydney Airport in Australia, a newspaper reported. Federal police confirmed that they were investigating the theft of computer equipment from the airport's customs-processing and intelligence center but gave no other details.,1,5860264.story - - - - - - - - - - Washington phone outage: cable cut intentionally A fiber optic cable failure that disrupted telephone service to more than 60,000 customers was caused by at least one of the lines being severed. "We conducted a preliminary investigation and it's been determined that someone cut this cable intentionally," Qwest spokesman Michael Dunne said Thursday. - - - - - - - - - - Security Holes Vex Web Host Firm Interland, the world's second-largest Web-hosting company, appears to have suffered an ongoing mass hack attack that has compromised some 1,100 websites, according to a security professional who has analyzed the script. Marc Maiffret, a co-founder of eEye Digital Security, said the sites have been infected with a malicious script that continues to reinfect them after they are cleaned. The hack has also placed visitors to the compromised sites at risk of being infected by malicious code, he said.,1367,60303,00.html - - - - - - - - - - Internet e-mail worm targets Tony Blair A new Internet worm has surfaced that criticizes British Prime Minister Tony Blair and launches an attack attempting to knock a UK government Web site off the Internet, according to anti-virus software provider Sophos. The worm, dubbed "Quaters," spreads via e-mail using a variety of subject lines, such as "Your Account Information," and spreads in Internet chat relay systems posing as an attempt to break an Internet chain mail world record.,10801,84653,00.html - - - - - - - - - - Latest Windows Virus Seen as Low Risk Known alternately as Neroma or the 911 virus, the new piece of malware is considered a low risk as it doesn't do any damage to infected machines. It uses the familiar pattern of looking through users' Outlook address books and mailing a copy of itself to each address it finds.,4149,1252255,00.asp First of perhaps many 9/11 viruses emerges - - - - - - - - - - Colleges toughen rules to prevent Internet infections Still recovering from a summer of Internet infections, colleges are taking unusually aggressive steps to protect campus computer networks from virus outbreaks. Students returning to classes are finding themselves summarily unplugged if their computers are infected. Oberlin College in Ohio is threatening to fine students $25 for inadvertently spreading a virus. - - - - - - - - - - The trouble with anti-virus Traditional techniques aimed at stemming the flood of viruses and worms are failing to keep pace with the rise in malicious code. Users have known this for years - at least intuitively. Even vendors admit - at least privately - that there's an issue. Now, for the first time, there's research to back up this gut instinct. - - - - - - - - - - FBI: Power grid not a primary terror target The FBI is concerned about cyberterror, but bombs remain a bigger danger than bytes, the agencys counterterrorism chief told a joint House Homeland Security subcommittee hearing on last months Northeast blackout. We havent seen any evidence that al-Qaida possesses any sophisticated computer capability, Larry A. Mefford said yesterday. Overall, investigators have found only very, very basic computer functionality from terrorists around the world. - - - - - - - - - - IT links to blackout under scrutiny Federal and private-sector officials this week said they still can't rule out cybersabotage or IT-based failures as the cause of the Aug. 14 blackout. Although no clear evidence has been found to suggest that the blackout was the result of anything other than an internal technical failure, the FBI's Joint Terrorism Task Forces have been working with the U.S. Department of Homeland Security and the private sector since the blackout to search system logs of critical utility control computers for evidence of insider abuse or outside intrusions.,10801,84640,00.html In Computer Security, a Bigger Reason to Squirm - - - - - - - - - - House chairman favors temporary terrorist-threat center The new Terrorist Threat Integration Center (TTIC) for compiling terrorism information from various agencies must be temporary if the Homeland Security Department is not to violate its statutory requirements, the chairman of a congressional oversight committee said on Friday. - - - - - - - - - - Record Labels to Offer Amnesty to File Sharers, With Conditions Worried that the major record labels are about to slap you or your teenager with a lawsuit? The labels' trade association is ready to grant music downloaders amnesty provided they put their names, and possibly their faces, into a database. The Recording Industry Assn. of America plans to file its first wave of copyright infringement lawsuits as early as next week against hundreds of people who share songs online. At the same time, it's expected to unveil an amnesty program for file sharers not yet targeted by suits.,1,1679633.story,39020369,39116155,00.htm,1412,60318,00.html File swapper seeks to stay anonymous New RIAA Chief Seeks a Hit Single Sympathy for the File Swapper? Italy vows to throw spammers behind bars - - - - - - - - - - Databases--the next copyright battle? Lawmakers in the U.S. House of Representatives are circulating a proposed bill that would prevent wholesale copying of school guides, news archives and other databases that do not enjoy copyright protection. The proposed bill would provide a legal umbrella for publishers of factual information such as courtroom decisions and professional directories. The measures would be similar to the copyright laws that protect music, novels and other creative works. Database protection bill mulled - - - - - - - - - - Lawmakers may seek full disclosure Spammers, scammers and child pornographers can hide easily on the Internet because regulators allow them to register under false names with stolen credit cards, lawmakers and technology experts said Thursday. One day after U.S. attorneys charged a Miami man with using misspelled domain names to direct Web surfers to pornography sites, lawmakers said the manner in which domain-name sellers collect information about their customers is too lax. - - - - - - - - - - ID theft hits 10m Americans a year A staggering 27.3 million Americans have been victims of identity theft in the last five years, according to Federal Trade Commission survey out this week. In the last year alone, 9.9 million people have had their identity purloined. - - - - - - - - - - EU privacy concerns on passenger data could cause rift with U.S. The European Commission this week warned that a trans- Atlantic row may soon result if U.S. demands for airlines to reveal passenger information as an antiterror measure aren't backed by adequate privacy safeguards. In a letter to Secretary of Homeland Security Tom Ridge, the European Union commissioner in charge of customs issues, Frits Bolkestein, said that only a "tightly worded undertaking" about the manner in which passenger information is handled and shared is acceptable.,10801,84643,00.html - - - - - - - - - - Aiming at Pornography to Hit Music Piracy The recording industry, struggling to curb music piracy, is shining the spotlight on another demon lurking on the Internet: pornography. The industry is trying to enlist broader public support with a campaign intended to show that its nemesis the peer-to-peer networks for swapping files like KaZaA and Morpheus are used not only to trade songs but also pornographic images, including child pornography. - - - - - - - - - - Teach worms a history lesson A world weary of computer viruses needs to take a tip from Nathan Rothschild. Like other financial institutions in the summer of 1815, the House of Rothschild--owned by the London businessman's family--realized that its future depended on the outcome of the Battle of Waterloo. Holding bonds from the winning side guaranteed success; holding the debt of the losers meant ruin. - - - - - - - - - - Is it a worm, a virus, or a trojan? Opinion Let's see, anyone remember the name of the worm that began on August 11th? - - - - - - - - - - The Microsoft Patch-Management Pickle It is only a matter of time before another virus is on the scene -- and, if recent history is any guide, it is going to be sooner rather than later. "There are certainly more worm flavors out there," says Forrester Research analyst Michael Rasmussen. After the triple whammy of SoBig, Blaster and Nachi -- topped off by Microsoft's announcement that it has found yet another 'critical' flaw in MS Office that could affect some versions of Microsoft Access, Excel, PowerPoint and Word -- companies are moving quickly to implement better patch-management procedures and other security measures. - - - - - - - - - - Labs Answers VPN Questions Ziff Davis Media Inc.'s Aug. 19 eSeminar, "Making sense of VPN challenges," revealed high levels of concern among the several hundred attendees in areas such as justifying virtual private network costs and choosing among various technical options. This event continued, in a sense, the VPN discussion that began during our April 16 eSeminar, "VPN strategies.",4149,1238839,00.asp - - - - - - - - - - Is that a firewall on your perimeter or just some Swiss cheese? I feel badly for Swiss cheese. Thanks to a few holes, it will forever be likened to lousy security. These days, perhaps the best application for that metaphor is to your firewall. While firewalls (the non-personal ones) keep the riffraff out of your network, they can no longer be counted on to secure the perimeter of business or home networks the way they once did.,14179,2914608,00.html - - - - - - - - - - Disasters proving to be terminal for many small firms Nearly half of UK small firms that experience disasters such as system failure or fire damage never properly recover, yet less than 50 per cent have any back-up plan to use if things go wrong, according to new research. The study, conducted by insurance firm AXA, found that despite recent scares such as the Sobig computer virus and the London power cut, many companies dont have measures in place to deal with potentially catastrophic events. - - - - - - - - - - Webcams let surfers play security guard It sounds like a chapter out of "Spy vs. Spy": Researchers at Carnegie Mellon University have launched a project called Camera Watch that lists Internet cameras that monitor public spaces, letting Web surfers try the role of bored security guard. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.