NewsBits for December 1, 2003 sponsored by, Southeast Cybercrime Institute - ************************************************************ Spanish police arrest Raleka worm suspect Spanish police have arrested a 23-year-old man in Madrid, who is suspected of being the author of the W32/Raleka worm which infected more than 120,000 computers in August. The Raleka worm operated in a similar way to the Blaster worm, exploiting the Windows RPC Service vulnerability in versions of Microsoft Windows 2000 and XP operating systems. Infected machines could then be used to mount further remote attacks. - - - - - - - - - - Police arrest ID thief in Wells Fargo case Police have arrested a California man for stealing computers containing the personal information of thousands of Wells Fargo customers. Edward Jonathan Krastof, 38, of Concord in California, has confessed to stealing a computer containing the sensitive information after breaking into the offices of a financial analyst hired by Wells Fargo, Reuters reports. Krastof also stole another computer and laptop during the same burglary. h - - - - - - - - - - April Fools e-mail freed detained kidnapper A homeland department employees prank e-mail prompted the release of an immigration agency detainee who had been convicted of kidnapping, according to the departments inspector general. The detainee, whom the IGs brief report on the incident did not name, turned himself in to Immigration and Customs Enforcement deportation officers two days after his improper release. - - - - - - - - - - Man sentenced in child pornography case A man arrested in Gwinnett earlier this year on child molestation charges was sentenced this week on federal charges of interstate transportation of child pornography. Thomas McLean Hendley, 34, of Carrollton, was sentenced Tuesday by U.S. District Judge Charles Pannell to serve six years and six months in federal prison. Hendley will then serve three years of supervised release, according to Patrick Crosby, spokesman for the U.S. Attorney's Office. On Aug. 22, Hendley pleaded guilty to transmitting child pornography through America Online. Police investigating a child pornographer in Tampa, Fla., discovered another AOL user who was trading images using the name "bi4you0418" in Carollton. FBI agents tracked the e-mail address to Hendley, who admitted to trading child porn. - - - - - - - - - - School Finds Child Porn On Coach's Computer An employee of a local school district faces charges after police say child pornography was found stored on the computer he uses. Kevin Ayrhart, 31, a five- year employee of Lincoln Park Schools, was arrested and arraigned Tuesday on one count of possession of sexually abusive material involving a child. During a routine check of student and employee computers in September, school officials allegedly found child pornography downloaded onto one of the computers used regularly by Ayrhart, according to The News-Herald. - - - - - - - - - - Delmar man faces child porn charges A 21-year-old Delmar man was being held in a Delaware jail Friday after allegedly posting child pornography on the Internet, state police said. Charles L. Tull was charged Wednesday with 50 counts of sexual exploitation, said Cpl. Jeff Oldham, a Delaware State Police spokesman. The charges stem from an allegation that Tull posted child pornography on a Yahoo! group site, Oldham said. Oldham also said Maryland State Police were first told about Tull through the National Center for Missing and Exploited Children, which was alerted by an anonymous source. - - - - - - - - - - Police employee's sick sex movies A POLICE service employee made sickening home sex movies with two young sisters he had corrupted, a Brisbane court was told today. Andrew Mark Hugh Dickeson, 29, pleaded guilty to two counts of maintaining a sexual relationship with a child and one count each of indecent treatment and possessing child abuse computer games, between January and October last year. Director of Public Prosecutions Leanne Clare told the District Court Dickeson was obsessed with pre-pubescent girls, and had hundreds of pictures of children he had taken in public places, as well as more than 800 child pornography images stored on his computer.,5936,8029523%255E1702,00.html - - - - - - - - - - .name registry site hacked The website of the .name registry was hacked over the weekend through an Apache exploit. London-based Global Name Registry was updating its Apache and PHP system when hackers SUr00tIK & GroMx broke into the system and replaced the frontpage index file. The hackers didn?t manage to access the system and no data was lost, GNR?s president Hakon Haugnes told us, but the hack did some cause some embarrassment. The site was taken offline and was back up by Sunday with added security. - - - - - - - - - - Activist Illegally Sold High-Tech Items to China Gao Zhan, who was freed from a Chinese prison with U.S. help, pleads guilty to selling goods with potential military uses. A human rights activist freed from a Chinese prison after the U.S. government interceded on her behalf pleaded guilty Wednesday to illegally selling American high-tech items with potential military uses to China. Gao Zhan, who was born in China but is a permanent U.S. resident living in McLean, Va., pleaded guilty to one count of unlawful export for selling 80 microprocessors. (LA Times article, free registration required),1,770328.story - - - - - - - - - - 3 Detained Over Internet Postings Reported Freed China has released three people who were detained on charges of posting Internet articles critical of the government, a human rights group reported. The three were freed Friday, after President Hu Jintao expressed concern about their cases, the Hong Kong-based Information Center for Human Rights and Democracy said. It noted that the move came just ahead of a visit by German Chancellor Gerhard Schroeder. (LA Times article, free registration required),1,1212994.story,39020375,39118198,00.htm - - - - - - - - - - Vietnam jails online activists Vietnam has been criticised by Amnesty International for the jailing of at least 10 'cyberdissidents' Human rights group Amnesty International has slammed the Vietnamese government for jailing at least 10 people for online activitism, saying the government is using national security legislation to prosecute government criticism on the Web.,39020375,39118176,00.htm - - - - - - - - - - Cybersquatters in rugby domain scrummage After England's success in the Rugby World Cup, internet speculators have been scrumming down to grab websites related to the team. While the bookies are bringing down the odds on who will be knighted, speculators are snapping up domain names associated with those squad members believed to be first in line to visit Buckingham Palace following the New Year's Honours list. - - - - - - - - - - E-commerce targeted by blackmailers Russia has high net access and low regulation Law enforcement agencies are investigating an increasing number of reports of organised criminal gangs carrying out denial-of-service (DDos) attacks - with the specific intention of blackmailing companies. A DDos attack, of the kind that brought down the WorldPay system earlier this month, floods a website with computer-generated requests. - - - - - - - - - - Victim advocates want names, addresses, records offline Heidi McDonald says her abusive ex-husband used the Internet to stalk and harass her after she left him. He lurked in online chat rooms she frequented about 1980s musicians. When she posted a message, he would jump in with an obscene response that smeared her reputation, she says. - - - - - - - - - - Pay attention -- that guy could be a laptop thief A man walked into an Atlanta office, made chitchat with two workers and sat down for lunch with them. Nobody noticed when he left with four stolen laptops. In another incident, police officers stopped a pregnant woman as she left an Atlanta-area workplace and found a laptop strapped to her belly. In yet another case, a thief walked into San Francisco-based Aligo Inc. during business hours, hid until everyone left and then took about a dozen devices worth at least $7,000, including laptops and personal digital assistants. - - - - - - - - - - Fraudulent e-commerce site proves hard to close A convincing e-commerce site is still up six weeks after the discovery that it is fraudulently using fake security certificates and the details of another, legitimate, Web site. A Web site that purportedly offers cheap mobile phones is still online more than six weeks after efforts began to close it down for what is believed to be fraudulent activity.,39020330,39118208,00.htm - - - - - - - - - - Hackers haunting Europe now Hackers, it appears, are now forsaking North America in favour of European targets. In November, said a report from British Internet security specialists at mi2g, Europe overtook North America as the most attacked continent in cyberspace. - - - - - - - - - - Sobig.F lingers as cure backfires One of the IT sector's biggest threats in 2003 is still out there. The blame lies partly with PCs that don't know the time, but also with action that was taken to minimise damage done by the worm. Sobig.F is still rampaging around the Internet, two months after the virus was supposed to have terminated itself.,39020375,39118188,00.htm - - - - - - - - - - Debian attacker may have used new exploit An as-yet-unknown security hole allowed the recent hack attack on the Debian GNU/Linux operating system project. An as-yet-unknown security exploit in Linux may have been responsible for a recent compromise of's servers, according to a system administrator with the Debian operating system project.,39020330,39118183,00.htm - - - - - - - - - - Nigeria renews efforts to stop 419 scammers New legislation could be introduced in Nigeria to combat the notorious 419 spam scams that flood inboxes worldwide. The Nigerian government has launched a new crackdown on organised criminals who attempt to con email users with get-rich-quick schemes. According to BBC News Online, President Olusegun Obasanjo, Nigeria's political leader, announced an inquiry into the problem on Wednesday, vowing to "step up measures against these criminal activities.",39020375,39118141,00.htm,4057,8002290%255E15318,00.html - - - - - - - - - - Business flourishes on Web's seedy side The Internet can be a great tool: It can help friends across the world communicate; it can seek out cheap travel deals; it can educate patients about prescription drugs. But there's another side of the Web, one that schemers such as con artists and pedophiles have latched onto, drawing victims into the darkest caverns of cyberspace and leaving law enforcement agencies scrambling to keep up. Internet scams, child pornography sites and cyber-stalking are all part of the seedy side of the Web.,0,4125630.story - - - - - - - - - - Launch agreed for Euro tech-crime team European cyber-crime unit set for January start after compromise agreed on membership. A European high-tech crime unit is to launch in January following a compromise brokered between the European Parliament and the Council of Ministers. - - - - - - - - - - Microsoft decries overseas Longhorn rustling Malaysia's brazen software pirates are hawking the next version of Microsoft Windows operating system years before it is supposed to be on sale. Underscoring the scale of U.S. companies' copyright problems in Asia, CDs containing software that Microsoft has code-named Longhorn are on sale for 6 ringgit ($1.58) in southern Malaysia. Microsoft's current version of Windows, XP, sells for more than $100 in the United States.,10801,87707,00.html Microsoft investigates IE holes,39020375,39118197,00.htm,1367,61416,00.html - - - - - - - - - - A Web of drugs Online 'rogue pharmacies' offer quick access to prescription drugs, many of them addictive and dangerous. Along the Internet's Main Street and its various side streets and alleys they are everywhere, promising easy access to the pills that pump you up, chill you out, slim you down and shift your sex life into overdrive. They are, to some Americans, a medicine chest of fun, purveyors of all the stuff that addicts need and the adventurous want to try but are afraid to request from their doctor. (LA Times article, free registration required),1,6285987.story Google to Limit Some Drug Ads - - - - - - - - - - Local companies battle cyber crime Boeings Bob Jorgensen likes to talk about how well the aerospace giant protects its computer systems from cyber attacks. Such comments reassure customers and investors. But they also can hurt the company if made too often and too public, he said. - - - - - - - - - - Single bug or virus attack could cost your business PS66,000 The cost to businesses of a single bug or virus attack can be as much as PS66,000, research has revealed. The estimate, contained in a report from analyst firm Datamonitor, comes as users face threats from the latest flaw in Microsoft Internet Explorer and the "Mary" e-mail bug which tempts users with porn.Users are still waiting for a patch from Microsoft to prevent Explorer from downloading damaging code from hacked websites. This code, in turn, allows users desktops to be hacked remotely. Swen fends off Mimail to top viral charts Sysbug-A Virus On the Prowl,aid,113680,00.asp - - - - - - - - - - Viruses may jeopardize power supplies, official FINNISH MAGAZINE Helsingin Sanomat said that large corporations have received official notices from the government to keep a close eye on their networks. In particular, the Finnish government seems concerned about comms and electricity distributors suffering from viruses and worms. The paper said that a virus forced the Nordea Bank in Finland to shut down some of its branches. The government is worried not about viruses and worms affecting the distribution of electricity, but delays in carrying out repairs if necessary. Top viruses for November Top 10 viruses and hoaxes reported to Sophos in November 2003 - - - - - - - - - - The Object of This Game: Sink the Music Pirates Hey, kids! Want to join the FBI and chase music pirates? That would be the Funny Bureau of Investigations, and the chase would take place in the make-believe world of a computer game based loosely on Robert Louis Stevenson's "Treasure Island." But the underlying message is serious: Don't bootleg music. (LA Times article, free registration required),1,2184614.story Ukraine Takes War on Pirated Copies - - - - - - - - - - EU internet privacy laws tightened Norway's Data Inspectorate says it is ready to go after people who publish embarrassing pictures of others without their permission, the Norwegian daily paper Aftenposten reports. - - - - - - - - - - SMEs to be offered IT security guidelines The police and leading businesses have asked IT professionals for their feedback on new IT security guidelines for small and medium-sized companies. The guidelines, put together by police, business and government experts in the IT lobby group Eurim, aims to provide small firms with a one-stop source of advice on IT security. The move follows concerns in the industry that security weaknesses in small firms can place larger supply chains at risk. Pentagon's IT Overhaul Gets Boost NamITech moves into information security training Internet Security & Fraud: The Wild, Wild West Online Criminals in Computer Related Crimes - - - - - - - - - - Rules to Address Holes in Software As the cost of securing data against malicious attacks continues to escalate, big technology companies and security researchers are stepping up efforts to control the spread of information about software holes that make computers vulnerable to hackers. (LA Times article, free registration required),1,1845462.story - - - - - - - - - - Smart-card crypto engine gets certification A flash-based secure cryptographic controller for smart cards from Atmel Corp. of San Jose, Calif., has been granted a Common Criteria Evaluated Assurance Level 4+, augmented to Assurance Vulnerability Assessment-Vulnerability Analysis.4. The AVA-VLA.4 augmentation represents a high level of assurance against sophisticated attacks, according to the National Institute of Standards and Technologys Computer Security Resource Center. UK to consider national biometric ID cards, database,10801,87642,00.html - - - - - - - - - - Readers Wouldn't Buy Security Products From Microsoft Microsoft's latest security initiative, "Securing the Perimeter," shows it hasn't given up in its battle against hackers and virus writers. But it appears the software giant has a long ways to go to win the trust of InternetWeek readers. - - - - - - - - - - Reseller touts home WLAN pack with easy to use security UK reseller Dabs has launched a Wi-Fi offering that it claims will deliver a fully secure environment yet retain plug-and-play access to home WLANs. Dabs is essentially bundling services provided by hotspot aggregator MyZones with Netgear's ME103 ProSafe Wireless Access Point and the vendor's MA111 Wireless USB Adaptor for PS99 excluding sales tax. Essentially, MyZones allows you to manage your WLAN's security through its web page - or in this case, a Dabs-branded one. The Wi-Fi hardware is preconfigured to operate with MyZones. - - - - - - - - - - Finding the Missing Piece in Corporate Security Puzzle Corporations are spending millions on advanced technologies to protect important computer networks, but assessing the effectiveness of those safeguards can be a challenge in itself, said Elizabeth A. Nichols, founder of a software firm that analyzes security products. - - - - - - - - - - A two-pronged approach to cybersecurity In September, Amit Yoran became the United States' top cybersecurity defender. Against a backdrop ofnew challenges from increasingly sophisticated hackers, Yoran is responsible for preparing the government's response to any major cyberattacks. Yoran Steps Down from Digital Sandbox Board; More Headlines... - - - - - - - - - - Tips on locking down your WLAN In August, engineers with AirDefense Inc., a wireless LAN security software vendor, made war drives in Atlanta, Chicago and San Francisco, using scanners to find WLAN access points around downtown office buildings. The drivers discovered more than 1,100 access points. Of these, 57% weren't using any form of data encryption, although most of the actual data traffic in Chicago and San Francisco was encrypted by other means, such as a VPN.,10801,87705,00.html - - - - - - - - - - Password hint: Think whether yours is good enough Recent website security scares have brought home the importance of a sensible approach to passwords, at both the personal and corporate levels. Tony Hallett reports on what the industry is saying - and whether passwords are enough. Tricky things, passwords. They are our most common way of safeguarding digitally stored information over shared media but they are fraught with contradictions. Most obviously, the safer they look - in terms of length and mix of characters - the harder they often are to remember, making them dangerous when end users write them down.,39024655,39117138,00.htm - - - - - - - - - - Wi-Fi arrest in Toronto highlights security dangers Wireless security for home networks is in the spotlight following an unusual arrest in Canada, where a man stands accused of downloading child pornography over a hijacked Wi-Fi connection. Toronto police said they stopped a car last week for a traffic infraction when they found the driver naked from the waist down with a laptop computer on the front seat, playing a pornographic video that had apparently been streamed over a residential wireless hot spot. Top-down security Cyber watchdogs to get stronger teeth,Curpg-2.cms Secure remote access - the way to go,39024711,39117105,00.htm - - - - - - - - - - Security worries keep many from banking online Alma Villalpando, a program director at Eastfield College in Mesquite, Texas, says she's comfortable using a computer. She even offers training programs on cybersecurity. But when it comes to online banking, it's a firm, ``No.'' The Wells Fargo Example Spam fears dampen online Christmas shopping,39020372,39118212,00.htm Pa. company has e-mail you want to read - - - - - - - - - - Exploiting Cisco Routers: Part 2 Access Granted -- Now What? Welcome back! The first article in this two-part series covered a few different methods of getting into the target router. This article will focus on what we can do once we've gotten in. For the remainder of this article, we'll assume that the only progress we've made is that we've gotten the below router config via the vulnerable HTTP server. At this point, Access Control Lists (ACLs) prevent us from logging in directly to the router. - - - - - - - - - - Insurer taps voice analysis tech to detect fraud Online insurer Esure is to use technology that recognises when a speaker is under stress in a bid to detect fraud. - - - - - - - - - - USC to study terrorism and economics The University of Southern California will receive $12 million in federal funding over the next three years to study economic risks from potential terrorist threats and events to targets, such as critical infrastructure systems, and develop tools for planning responses and emergencies. *********************************************************** Computer Forensics Training - Online. An intense, 150 hour, instructor lead program that teaches you computer forensics and helps prepare you for the Certified Computer Examiner exam. For more information see; *********************************************************** Search the Archive at: *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits ( should be cited as the source of the information. Copyright 2000-2003,, Campbell, CA.