NewsBits for May 31, 2005 ************************************************************ Israelis Nab Computer Spies Eighteen people have been arrested in one of Israel's largest industrial espionage schemes, police said Sunday, charging that business executives and private investigators used sophisticated software to infiltrate competitors' computers. The investigation implicated a car importer, two cell phone providers and the nation's main satellite television company. Police said they were still sifting through documents and computer files to figure out the extent of the damage, but maintained that victims lost competitive bids and thousands of customers because of the spying. http://www.wired.com/news/privacy/0,1848,67684,00.html http://news.zdnet.com/2100-1009_22-5725976.html http://news.zdnet.co.uk/internet/security/0,39020375,39201340,00.htm http://www.theregister.co.uk/2005/05/31/israel_spyware_espionage_scandal/ http://www.msnbc.msn.com/id/8045362/ - - - - - - - - - - Computer crime: Group of hackers arrested in Russia The investigation of computer crime involving a group of 39 people was finished in Volgograd, Russia. They committed illegal access to computer information protected by law. On September 15, 2004, regional police department filed a criminal case on counts of illegal access to computer information protected by law, Oleg Stepannikov, investigation senior officer told CCRC. http://www.crime-research.org/news/28.05.2005/1259/ Moscow carder arrested http://www.crime-research.org/news/31.05.2005/1266/ - - - - - - - - - - Laptop with credit card info for 80,000 DOJ workers stolen The FBI and Fairfax, Va., police are investigating the theft of a laptop containing the names and credit card numbers of about 80,000 U.S. Department of Justice workers. Gina Talamona, a DOJ spokeswoman, said the laptop was stolen between May 7 and May 9 from the Fairfax, Va., headquarters of Omega World Travel, a travel agency used by the DOJ for its employees. http://www.computerworld.com/securitytopics/security/story/0,10801,102146,00.html Laptop lockdown http://www.it-observer.com/news.php?id=5153 MCI Data Theft Intensifies Encryption Debate http://www.eweek.com/article2/0,1759,1821333,00.asp - - - - - - - - - - Hacker may have stolen Social Security numbers from Jackson Community College A hacker who broke into the computer system at Jackson Community College may have accessed as many as 8,000 Social Security numbers, the college said Monday. The hacker broke into the system Wednesday. College officials are still investigating but say the hacker may have downloaded employee and student passwords. http://www.freep.com/news/statewire/sw116169_20050523.htm - - - - - - - - - - One of our disc drives is missing Investment bank UBS has launched an investigation after a disc reckoned to contain sensitive client data went missing. The lost drive held data from the bank's Tokyo share trading division raising fears that confidential trading histories from the bank's corporate clients might be disclosed, The Times reports. Japanese regulators told the paper they took the leak "extremely seriously". Japan's Financial Services Agency was told about the missing disc last week and though its unclear when the disc went missing, theories abound. http://www.theregister.co.uk/2005/05/31/ubs_missing_disc_drive/ Used hard drives betray company secrets http://www.vnunet.com/vnunet/news/2137314/hard-drives-betray-company-secrets - - - - - - - - - - July trial for Sasser suspect The German teenager accused of creating the infamous Sasser worm faces a July trial for computer sabotage offences. Sven Jaschan, 19, was arrested in the village of Waffensen near Rotenburg, in northern Germany, on suspicion of writing and distributing the Sasser worm in May 2004. He later confessed to police that he was both the author of Sasser and the original author of the NetSky worm. Jaschan's trial, scheduled last week, is due to begin on 5 July in the juvenile court of the German town of Verden. http://www.theregister.co.uk/2005/05/31/sasser_trial_date_set/ - - - - - - - - - - Criminals use eBay to sell fake or stolen items A growing number of criminals are using internet sites such as eBay to sell counterfeit and stolen goods, police said yesterday. The warning comes just days after a woman was convicted of selling a fake Louis Vuitton handbag on the auction website. Launched in 1999 in Britain, eBay is now the UK's most visited commercial website. More than 10 million Britons have registered with the site, which offers 50 million items from around the world at any one time. http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2005/05/28/nebay28.xml - - - - - - - - - - MasterCard nets 1,400 phishing sites MasterCard International said it has successfully shut down nearly 1,400 global phishing websites 300 operating from Asia Pacific last year through its Operation Stop IT (Identity Theft) campaign. The credit card giant said its success was due to the effective monitoring of phishing activities discovered on the Internet and swift counteraction by Internet service providers (ISPs) and law enforcement agencies. http://star-techcentral.com/tech/story.asp?file=/2005/5/31/technology/11096986 - - - - - - - - - - CIA girds against electronic attacks The CIA is conducting a secretive war game, dubbed "Silent Horizon," this week to practice defending against an electronic assault on the same scale as the September 11 attacks. The three-day exercise was meant to test the ability of government and industry to respond to escalating Internet disruptions over many months, according to participants. They spoke on the condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville. http://washingtontimes.com/national/20050526-111734-3190r.htm - - - - - - - - - - New Bagle variants spreading At least three new versions of the Bagle e-mail worm were spreading quickly on the Internet today, according to several Internet security firms. MessageLabs Ltd., which monitors 110 million pieces of e-mail sent per day, found about 145,000 copies of just one of the new Bagle downloader variants, said Maksym Schipka, a senior antivirus researcher at the company. MessageLabs tracked about 4,000 copies of the variant between 7 a.m. and 8 a.m. EDT. That number jumped to nearly 42,000 copies in the next hour and rose to 56,000 copies between 9 a.m. and 10 a.m., the company reported. http://www.computerworld.com/securitytopics/security/story/0,10801,102143,00.html Blank virus blanks email In brief It's happened yet again. A new version of the Bagle Downloader is spreading like wildfire via email, according to email filtering firm MessageLabs. MessageLabs has intercepted almost 70,000 copies since the arrival of the virus at lunchtime on Tuesday. The virus appears to have originated from a Yahoo! group. http://www.theregister.co.uk/2005/05/31/bagle_downloader/ - - - - - - - - - - Hybrid Worm Wave Of The Future A new worm that hit users this week is a perfect example of the future of malicious code, said Panda Software. And that future looks ominous. The worm, dubbed "Eyeveg.d" by Panda (but Bugbear.b by Sophos, Lanieca.b by Symantec) is a sophisticated hybrid that spreads like a worm but conducts Trojan-style actions against the compromised computer. http://www.it-observer.com/news.php?id=5151 - - - - - - - - - - IM worm lures users to the dark side Users of AOL and Yahoo instant messaging clients have been bombarded with a phishing attack that plays on the current interest in Star Wars. Yahoo users have received messages urging them to try out an online Star Wars game, but are directed to a phishing site which tries to steal log-in details. http://www.vnunet.com/vnunet/news/2137282/im-worm-lures-users-dark-side - - - - - - - - - - Nortel patches flaw in VPNs Nortel Networks customers are being urged to upgrade their virtual private network routers, after a security research company found a serious vulnerability in them. The denial-of-service vulnerability enables hackers to crash IPSec VPN machines using a specially designed UDP packet. NTA Monitor, the company that discovered the flaw, said it would withhold details of the vulnerability because it is so dangerous. http://news.zdnet.com/2100-1009_22-5726465.html More Than a Token Overhaul of the VPN http://www.computerworld.com/securitytopics/security/story/0,10801,102041,00.html - - - - - - - - - - Federal ID Act May Be Flawed The new law could actually increase the risk of a person's identity being stolen, critics say. A federal law designed to make it harder to assume someone else's identity may instead have the opposite effect, critics of the measure say. The Real ID Act, attached to a crucial bill for military spending and tsunami relief that was signed by President Bush on May 11, sets new rules for issuing driver's licenses and requires states to share electronic access to their records. http://www.latimes.com/technology/la-fi-realid31may31,1,5737312.story Cost of ID Cards could triple, plan could breach DRA http://www.theregister.co.uk/2005/05/31/idcards_cost_dra/ Panel debates Real ID http://www.fcw.com/article89024-05-31-05-Web - - - - - - - - - - Government moves to tackle phishing An update to the UK's fraud laws has been proposed, with online scammers finding themselves in the firing line of the new Bill. The UK government is proposing changes to a fraud law that would mean scammers behind phishing attacks could face up to 10 years in jail. The Home Office has published the government's Fraud Bill in which it suggests a new offence of fraud to close loop holes in the current law. http://news.zdnet.co.uk/internet/security/0,39020375,39201079,00.htm - - - - - - - - - - Stanford rejects hacker applicants Applicants tried to access school's admissions files. Stanford University's Graduate School of Business has rejected 41 applicants who tried to access an admissions Web site earlier this year in hopes of learning their fate ahead of schedule. School officials said the applicants were given the opportunity to explain why they attempted to gain access to their admissions files before the date when the university was to tell them if they were admitted. http://www.cnn.com/2005/EDUCATION/05/30/hackers.rejected.ap/index.html http://www.msnbc.msn.com/id/8048224/ - - - - - - - - - - FBI veteran to secure Microsoft Experts have welcomed Microsoft's appointment of 20-year FBI veteran Ed Gibson as chief security advisor in the UK, but warned he will face an uphill struggle to repair Microsoft's battered reputation. Bob Tarzey of analyst Quocirca said Gibson's experience of tackling money laundering, intellectual property theft, fraud and high-tech crime, coupled with being a regular speaker at UK security events, would lend credibility to Microsoft's security efforts. But he added that Gibson would have his work cut out to change users' perceptions that Microsoft systems are rife with flaws. http://www.vnunet.com/itweek/news/2137316/fbi-veteran-secure-microsoft - - - - - - - - - - DISA seeks stronger software for sensitive Defense systems The Defense Information Systems Agency is searching for solutions from vendors, academia and other government agencies to help combat internal threats to Defense networks, systems and data. DISA has issued a request for information for he toolset on FedBizOpps.gov. Responses are due June 21. http://www.gcn.com/vol1_no1/daily-updates/35928-1.html - - - - - - - - - - Finding security in a wireless world Front Lines is a guest viewpoint section offering perspectives on current issues and events from people working on the front lines of Canada's technology industry. Marcus Shields is enterprise product manager with Soltrus Inc. The cost- effectiveness and flexibility of wireless ("Wi-Fi") LANs or WLANs offer a seemingly ideal solution to mobile workers. http://www.globetechnology.com/servlet/story/RTGAM.20050512.gtflshieldsmay12/BNStory/Technology/ Windows GSM phones get 'unbreakable' encryption http://www.zdnet.com.au/news/security/0,2000061744,39194316,00.htm Ofcom eyes phone slamming breaches http://www.theregister.co.uk/2005/05/31/ofcom_slamming/ Tougher laws planned to combat mobile phone thefts - report http://www.theregister.co.uk/2005/05/31/mobile_phone_crimes/ - - - - - - - - - - Hardware Security Scheme Works At Net Infrastructure Two small networking companies are collaborating on a new concept for network security. Their idea of inserting a server-based hardware monitor at Layer 3 would simplify many aspects of packet encryption or inspection in traditional TCP/IP networks. http://www.it-observer.com/news.php?id=5152 - - - - - - - - - - Secure open source desktop gets public funding The DTI is supporting a project to create a secure centrally managed desktop system based on Linux A UK company is using a six-figure sum from the UK government to develop a secure Linux- based desktop operating system. http://news.zdnet.co.uk/0,39020330,39201351,00.htm - - - - - - - - - - Irish college deploys fingerprint scanners It was with a little fanfare of trumpets that St Andrew's College in Dublin today announced it has rolled out a biometric student registering solution which allows the reading of kids' fingerprints without physically storing an image of same. http://www.theregister.co.uk/2005/05/31/irish_fingerprint_scanners/ - - - - - - - - - - GAO study of RFID technology, policy seen flawed A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives. GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs thatthe agencies are implementing. http://www.fcw.com/article89024-05-31-05-Web - - - - - - - - - - TiVo-like devices for radio raise piracy fears It's like TiVo for radio, but is it legal? Various devices that enable listeners to record Internet radio streams and then convert them into MP3 files are catching on and making Web radio and streaming services more appealing to the general public. But some legal experts say the recording software may violate digital copyright laws and does little more than promote piracy. http://news.zdnet.com/2100-1009_22-5724494.html - - - - - - - - - - Many unaware of browser-security link: study Many American online computer users are unaware that choice of browser affects Internet security, and few switch browsers even when they know the risk, a Norwegian study said Monday. The Oslo- based browser-maker Opera Software ASA, which touts its own browser as being one of the most secure, released a survey of 2,835 online users in the United States, which indicated that only 51 per cent of what it called the "adult online population" were aware that the type of browser can affect a computer's vulnerability to malicious software, such as viruses and spyware. http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1117495798665_139/ Security barometer survey - the results are in http://www.theregister.co.uk/2005/05/31/security_survey_results/ - - - - - - - - - - Online extortion victim speaks out The founder of NoChex has spoken about how his business survived its Web site being targeted by mobsters. The founder of an online payment system has spoken out about his experience of being targeted by Russian gangsters who threatened to destroy his Web site and his business if he didn't pay them $10,000. http://news.zdnet.co.uk/internet/security/0,39020375,39201078,00.htm - - - - - - - - - - Insider Threats Mount The recent rash of data compromises at large companies, several of them caused by insiders, highlights the need for IT managers to develop tight internal controls for monitoring and enforcing compliance with corporate data- usage policies. http://www.computerworld.com/securitytopics/security/story/0,10801,102102,00.html Sygate Checks Remote Threats http://www.eweek.com/article2/0,1759,1820335,00.asp - - - - - - - - - - How to crack passwords, and why you should Your network's weak point is often the users and their passwords, and the only way to check the security of your passwords is to try to crack them. Auditing passwords is a worthwhile venture, particularly in an environment that deals with sensitive information. Because systems encrypt passwords when they store them, you really can't properly judge the strength of a password unless you try to crack it. http://insight.zdnet.co.uk/internet/security/0,39020457,39201076,00.htm - - - - - - - - - - AI Seduces Stanford Students Psychologists and salesmen call it the "chameleon effect": People are perceived as more honest and likeable if they subtly mimic the body language of the person they're speaking with. Now scientists have demonstrated that computers can exploit the same phenomenon, but with greater success and on a larger scale. http://www.wired.com/news/culture/0,1284,67659,00.html - - - - - - - - - - Japanese state to restrict sales of violent U.S. video game A state in Japan has decided to ban a U.S. video game from being sold or rented to minors, after officials deemed it harmful and capable of inciting violence. ``Grand Theft Auto III,'' produced by U.S.-based Rockstar Games Inc., was introduced in Japan in September 2003 and has sold about 350,000 copies. It depicts random killing sprees in public places, cars being blown up and other acts of violence that officials fear teens might try to mimic, said Takahito Hayashi, a child welfare official. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11778869.htm http://www.usatoday.com/tech/news/techpolicy/2005-05-31-gta-japan_x.htm