http://www.01net.com/editorial/365342/huit-administrateurs-de-botnets-coinces-par-le-fbi/
Huit administrateurs de botnets coincés par le FBI
L'agence gouvernementale a identifié plusieurs pirates informatiques utilisant des PC zombies pour mener leurs attaques. Ils ont été condamnés.
La rédaction , 01net., le 03/12/2007 à 10h00
En juin dernier, le FBI déclarait la guerre à la cybercriminalité dans une opération nommée Roast Bot. Moins de 6 mois plus tard, l'agence gouvernementale a réussi à identifier huit bot herders. Ces pirates informatiques qui exploitent des centaines de PC zombies (contrôlés à l'insu de leurs utilisateurs) pour mener à bien des opérations malveillantes, comme le vol de données personnelles, le piratage de serveurs, etc. Les individus ont depuis été condamnés et purgent des peines diverses.
« Aujourd'hui, les botnets sont une arme de choix pour les cybercriminels. Ils cherchent à dissimuler leurs activités criminelles en utilisant les ordinateurs de tierces parties pour mener leurs méfaits. (...) Nous allons poursuivre nos efforts pour trouver les personnes qui tentent d'exploiter des internautes anonymes », a déclaré Robert, S. Mueller, le directeur du FBI dans un communiqué daté du 29 novembre 2007.
Un panel de pirates
Le bureau d'investigation publie sur son site Internet la liste des pirates arrêtés dans le cadre de son plan. Parmi eux : Ryan Brett Goldstein, un jeune homme de 21 ans, condamné pour avoir lancé une attaque par déni de service sur le réseau de l'université de Philadelphie. Ou encore John Schiefer, qui du haut de ses 26 ans a créé un code malveillant afin d'intercepter des communications électroniques. Il s'est ainsi procuré des noms d'utilisateurs et des mots de passe grâce auxquels il a effectué illégalement des achats pour son propre compte.
Plus audacieux, Alexander Dmitriyevich Paskalov, 38 ans, a écopé de 42 mois de prison pour avoir participé à une vaste escroquerie par phishing en copiant le site d'une institution financière sur lequel il attirait les clients de l'établissement pour leur extorquer leurs données personnelles. Plusieurs millions de dollars auraient été ainsi détournés.
Parallèlement, le FBI rappelle que 13 avis de recherche ont été lancés à l'intérieur et à l'extérieur des Etats-Unis pour interpeller d'autres individus soupçonnés de commettre des attaques informatiques.
lundi 3 décembre 2007
mardi 21 août 2007
Suspect named in TJX credit card probe
http://www.boston.com/business/personalfinance/articles/2007/08/21/suspect_named_in_tjx_credit_card_probe/
Suspect named in TJX credit card probe
Ukrainian's arrest seen as break in record fraud case
By Ross Kerber, Globe Staff | August 21, 2007
Authorities have zeroed in on a Ukrainian man they suspect played a key role in the sale of many credit card numbers stolen from TJX Cos. in what is considered the biggest corporate data breach to date.
Officials hope the recent arrest of Maksym Yastremskiy will be a breakthrough in the investigation of who hacked into systems at TJX and other companies, said Greg Crabb, a program manager in the global investigations division of the US Postal Inspection Service. The service is among various law enforcement agencies trying to track down hackers who made off with more than 45 million credit and debit card numbers from TJX starting in 2005.
Crabb said Yastremskiy allegedly sold card numbers through online forums hosted overseas, sometimes in Cyrillic or that were password protected. He is likely the largest seller of stolen TJX numbers, Crabb said.
Prices ranged from $20 to $100 per stolen card, and the cards were sold in batches of up to 10,000, depending on factors like the credit limits of the consumer accounts being traded. Crabb said Yastremskiy is associated with at least one other Ukrainian man previously charged with similar crimes, though unrelated to the TJX case.
"These guys are selling the good stuff," Crabb said.
It's unclear whether Yastremskiy is the mastermind behind the TJX breach itself. Yastremskiy's capture was first reported several weeks ago, though a link to TJX hasn't been made until now. Turkish police arrested him at a nightclub in the resort of Kemer, according to a French summary of a report by Turkish news agency Anatolia. The agency quoted a police official who said Yastremskiy is "one of the world's important and well-known computer pirates."
The Postal Inspection Service is involved in the investigation because it protects US mail customers. In the case of TJX, the postal service has jurisdiction because it is protecting the banks that mailed thousands if not millions of replacement credit cards to consumers whose data was compromised in the breach of TJX, the Framingham parent of stores such as TJ Maxx and Marshalls.
Other agencies involved in the probe include the US Secret Service and the Justice Department. Spokespeople for both agencies said officials wouldn't comment. Officials at the Ukrainian embassy in Washington did not return messages. A spokeswoman for TJX declined to comment.
Last week TJX said it expects to spend $256 million -- 10 times more than it had previously disclosed -- to cover costs related to the breach, such as improving security and dealing with the growing number of lawsuits filed by banks and other issuers of credit and debit cards. Some analysts predict the breach will cost more than $1 billion eventually, including the cost of canceling and reissuing millions of compromised cards.
The case is shaping up as a watershed event in the debate over organizations' responsibilities in protecting consumer data, amid rising security costs to banks, retailers, and card issuers.
TJX has said it believes hackers placed software on the company's computer network to capture data from at least 45.7 million customer credit and debit cards. The breach seems to have lasted from 2005 until TJX discovered the problem at the end of 2006, and to have involved data from customer transactions as early as 2003.
Some numbers were used to make fake credit cards, which law enforcement authorities say were used to buy millions of dollars in expensive electronics from Wal-Mart and other retailers in Florida and elsewhere around the world. Authorities in Florida have won guilty pleas from about 10 people related to the manufacture or use of fake cards, and some of these numbers were originally sold by Yastremskiy, Crabb said.
Crabb said officials are still investigating how Yastremskiy came to obtain the card numbers from the hackers who penetrated TJX in the first place.
Data-security experts say it's common for data thieves to operate in loosely organized rings and said such thieves may not even know each other well. In this case, that could mean the people who committed the breach of TJX itself may only have sought out middlemen afterward to buy card numbers, who in turn could sell them to make phony credit cards for use by people like those arrested in Florida.
That makes these crimes different than traditional credit-card fraud cases involving just a few stolen numbers at a time, said James Gaughran, chairman of the International Association of Financial Crimes Investigators, a trade group in California. "The difference now is that they're able to trade in bulk," he said, sometimes thousands of card numbers at a time.
Authorities allege that's what happened in the case of another Ukrainian, Dmitry Golubov, who was charged there in 2005 with trafficking millions of stolen credit card numbers based on an investigation by Crabb and others. But pursuing these cases internationally can be complex; Golubov's trial dates have been postponed repeatedly and a spokesman for the US Justice Department said the agency now considers Golubov a fugitive.
Ross Kerber can be reached at kerber@globe.com.
Suspect named in TJX credit card probe
Ukrainian's arrest seen as break in record fraud case
By Ross Kerber, Globe Staff | August 21, 2007
Authorities have zeroed in on a Ukrainian man they suspect played a key role in the sale of many credit card numbers stolen from TJX Cos. in what is considered the biggest corporate data breach to date.
Officials hope the recent arrest of Maksym Yastremskiy will be a breakthrough in the investigation of who hacked into systems at TJX and other companies, said Greg Crabb, a program manager in the global investigations division of the US Postal Inspection Service. The service is among various law enforcement agencies trying to track down hackers who made off with more than 45 million credit and debit card numbers from TJX starting in 2005.
Crabb said Yastremskiy allegedly sold card numbers through online forums hosted overseas, sometimes in Cyrillic or that were password protected. He is likely the largest seller of stolen TJX numbers, Crabb said.
Prices ranged from $20 to $100 per stolen card, and the cards were sold in batches of up to 10,000, depending on factors like the credit limits of the consumer accounts being traded. Crabb said Yastremskiy is associated with at least one other Ukrainian man previously charged with similar crimes, though unrelated to the TJX case.
"These guys are selling the good stuff," Crabb said.
It's unclear whether Yastremskiy is the mastermind behind the TJX breach itself. Yastremskiy's capture was first reported several weeks ago, though a link to TJX hasn't been made until now. Turkish police arrested him at a nightclub in the resort of Kemer, according to a French summary of a report by Turkish news agency Anatolia. The agency quoted a police official who said Yastremskiy is "one of the world's important and well-known computer pirates."
The Postal Inspection Service is involved in the investigation because it protects US mail customers. In the case of TJX, the postal service has jurisdiction because it is protecting the banks that mailed thousands if not millions of replacement credit cards to consumers whose data was compromised in the breach of TJX, the Framingham parent of stores such as TJ Maxx and Marshalls.
Other agencies involved in the probe include the US Secret Service and the Justice Department. Spokespeople for both agencies said officials wouldn't comment. Officials at the Ukrainian embassy in Washington did not return messages. A spokeswoman for TJX declined to comment.
Last week TJX said it expects to spend $256 million -- 10 times more than it had previously disclosed -- to cover costs related to the breach, such as improving security and dealing with the growing number of lawsuits filed by banks and other issuers of credit and debit cards. Some analysts predict the breach will cost more than $1 billion eventually, including the cost of canceling and reissuing millions of compromised cards.
The case is shaping up as a watershed event in the debate over organizations' responsibilities in protecting consumer data, amid rising security costs to banks, retailers, and card issuers.
TJX has said it believes hackers placed software on the company's computer network to capture data from at least 45.7 million customer credit and debit cards. The breach seems to have lasted from 2005 until TJX discovered the problem at the end of 2006, and to have involved data from customer transactions as early as 2003.
Some numbers were used to make fake credit cards, which law enforcement authorities say were used to buy millions of dollars in expensive electronics from Wal-Mart and other retailers in Florida and elsewhere around the world. Authorities in Florida have won guilty pleas from about 10 people related to the manufacture or use of fake cards, and some of these numbers were originally sold by Yastremskiy, Crabb said.
Crabb said officials are still investigating how Yastremskiy came to obtain the card numbers from the hackers who penetrated TJX in the first place.
Data-security experts say it's common for data thieves to operate in loosely organized rings and said such thieves may not even know each other well. In this case, that could mean the people who committed the breach of TJX itself may only have sought out middlemen afterward to buy card numbers, who in turn could sell them to make phony credit cards for use by people like those arrested in Florida.
That makes these crimes different than traditional credit-card fraud cases involving just a few stolen numbers at a time, said James Gaughran, chairman of the International Association of Financial Crimes Investigators, a trade group in California. "The difference now is that they're able to trade in bulk," he said, sometimes thousands of card numbers at a time.
Authorities allege that's what happened in the case of another Ukrainian, Dmitry Golubov, who was charged there in 2005 with trafficking millions of stolen credit card numbers based on an investigation by Crabb and others. But pursuing these cases internationally can be complex; Golubov's trial dates have been postponed repeatedly and a spokesman for the US Justice Department said the agency now considers Golubov a fugitive.
Ross Kerber can be reached at kerber@globe.com.
mercredi 27 juin 2007
L'auteur des variantes des virus CommWarrior et Cabir arrêté
Source : http://www.reseaux-telecoms.net/actualites/lire-l-auteur-des-variantes-des-virus-commwarrior-et-cabir-arrete-16650.html
Edition du 26/06/2007 - par Eddye Dibar / IDG News Service
La police espagnole a arrêté l'auteur des variantes des virus pour téléphones mobiles CommWarrior et Cabir. Selon l'Agence France Presse (AFP) l'homme âgé de 28 ans a été arrêté à Valence. Il est accusé d'avoir créé et diffusé 20 nouvelles variantes.
CommWarrior et Cabir sont eux-mêmes des variantes issues du même virus affectant les téléphones fonctionnant sous O.S. Symbian tels que les Nokia Series 60. Ils se propagent via Bluetooth. Ces virus ont infecté plus de 115 000 téléphones. Ron O'Brian, analyste chez Sophos indique qu'il ne s'agit pas d'une menace critique. Il ajoute que le suspect arrêté n'est probablement pas le créateur de Cabir. Il y a trois an un brésilien a diffusé le code source de ce ver sur Internet.
Edition du 26/06/2007 - par Eddye Dibar / IDG News Service
La police espagnole a arrêté l'auteur des variantes des virus pour téléphones mobiles CommWarrior et Cabir. Selon l'Agence France Presse (AFP) l'homme âgé de 28 ans a été arrêté à Valence. Il est accusé d'avoir créé et diffusé 20 nouvelles variantes.
CommWarrior et Cabir sont eux-mêmes des variantes issues du même virus affectant les téléphones fonctionnant sous O.S. Symbian tels que les Nokia Series 60. Ils se propagent via Bluetooth. Ces virus ont infecté plus de 115 000 téléphones. Ron O'Brian, analyste chez Sophos indique qu'il ne s'agit pas d'une menace critique. Il ajoute que le suspect arrêté n'est probablement pas le créateur de Cabir. Il y a trois an un brésilien a diffusé le code source de ce ver sur Internet.
lundi 4 juin 2007
La gendarmerie démantèle un gros réseau de contrefaçon sur Internet
http://www.01net.com/article/350275.html
Une dizaine de personnes ont été interpellées par les autorités. Organisées en réseau, elles écoulaient sur Internet des contrefaçons d'articles de sport de marques Adidas, Nike, et Puma.
Philippe Crouzillacq , 01net., le 04/06/2007 à 19h30
C'est une goutte d'eau dans l'océan de la cybercriminalité, mais la prise est symbolique à plus d'un titre. La compagnie de gendarmerie de Louviers (Eure) a mis un terme aux activités frauduleuses d'une dizaine de personnes sur Internet. Organisés en réseau, les trafiquants commercialisaient via plusieurs sites dédiés (epifa.com, lordfoot.com, confidentiel.com) des chaussures de sport contrefaites.
En mars 2006, c'est la découverte fortuite d'un catalogue suspect dans une voiture immergée dans la Seine qui a mis les enquêteurs sur la piste, rapporte l'AFP. « La marchandise était commandée directement en Chine et au fil du temps le réseau en était venu à réaliser un chiffre d'affaires de plusieurs milliers d'euros par jour, explique le chef d'escadron François de Périer, commandant de la compagnie de gendarmerie de Louviers. Au début, les membres du réseau effectuaient de simples dépôts et des virements sur leur compte bancaire, puis certains ont décidé de créer une société. »
Les responsables de l'organisation gagnaient plusieurs milliers d'euros par mois. Et, selon l'AFP, l'argent dégagé par ce trafic était consacré à l'achat de produits de luxe ou était investi dans des sociétés offshore, ou bien encore dans des biens immobiliers en France, en Espagne et au Liban.
Aujourd'hui mises en examen pour blanchiment d'argent, contrebande de marchandises prohibées, contrefaçon, faux et usage de faux en bande organisée, les personnes interpellées encourent, outre la confiscation des biens concernés, 382 000 euros d'amende et 10 ans de prison. Mais cette opération, malgré son incontestable succès n'est que la partie émergée de l'iceberg.
Revente de listes de sites sur Internet
« La vente de contrefaçons sur Internet a pris des proportions phénoménales, commente Katrina Senez, responsable de la protection des marques à la Fédérations des industries du sport et des loisirs (Fifas). Nous avons affaire à des structures très organisées qui n'hésitent plus à mettre dans la boucle, c'est-à-dire à engager comme "revendeurs locaux" des personnes en grande difficulté (des étudiants, des chômeurs, ou des allocataires du RMI), qui, moyennant quelques milliers d'euros par mois, vont écouler de la marchandise contrefaite sur des sites comme eBay (...). » Selon elle, on trouve même des sites qui, pour 29 euros, proposent aux internautes de leur vendre une liste de sites où ils pourront trouver des contrefaçons et le cas échéant démarrer leur petit business frauduleux sur Internet.
Pour Marc-Antoine Jamet, président d'Unifab (Union des fabricants pour la protection internationale de la propriété intellectuelle), l'irresponsabilité et l'impunité qui caractérisent les grands sites d'enchères en ligne sont parfaitement inadmissibles. « Quand on regarde le top des ventes de certains sites, parfois, sur les dix meilleures, huit d'entre elles concernent de la contrefaçon, c'est dire l'ampleur du phénomène, explique-t-il. On ne peut pas durablement impliquer des hébergeurs sur des dossiers comme le nazisme et la pédophilie, et continuer à les déresponsabiliser et à les mettre hors de cause dès qu'il s'agit de contrefaçon. »
La contrefaçon aux mains des triades
Le président d'Unifab pointe plus particulièrement du doigt la Chine, pays à l'origine d'une grande partie du commerce mondial de la contrefaçon, où les filières sont contrôlées par des consortiums industriels liés à des cadres corrompus du PCC (Parti communiste chinois) ou bien par les triades, des organisations criminelles très actives surtout dans les régions de Canton et de Shenzhen.
En France, au sein du ministère de l'Economie et des Finances, une structure, le Tracfin est chargée de combattre ces nouvelles formes de criminalité. Selon Marc-Antoine Jamet, cette cellule de renseignement financier traiterait aujourd'hui une cinquantaine d'affaires liées à des paiements par carte bancaire pour l'achat de contrefaçons en ligne.
Une dizaine de personnes ont été interpellées par les autorités. Organisées en réseau, elles écoulaient sur Internet des contrefaçons d'articles de sport de marques Adidas, Nike, et Puma.
Philippe Crouzillacq , 01net., le 04/06/2007 à 19h30
C'est une goutte d'eau dans l'océan de la cybercriminalité, mais la prise est symbolique à plus d'un titre. La compagnie de gendarmerie de Louviers (Eure) a mis un terme aux activités frauduleuses d'une dizaine de personnes sur Internet. Organisés en réseau, les trafiquants commercialisaient via plusieurs sites dédiés (epifa.com, lordfoot.com, confidentiel.com) des chaussures de sport contrefaites.
En mars 2006, c'est la découverte fortuite d'un catalogue suspect dans une voiture immergée dans la Seine qui a mis les enquêteurs sur la piste, rapporte l'AFP. « La marchandise était commandée directement en Chine et au fil du temps le réseau en était venu à réaliser un chiffre d'affaires de plusieurs milliers d'euros par jour, explique le chef d'escadron François de Périer, commandant de la compagnie de gendarmerie de Louviers. Au début, les membres du réseau effectuaient de simples dépôts et des virements sur leur compte bancaire, puis certains ont décidé de créer une société. »
Les responsables de l'organisation gagnaient plusieurs milliers d'euros par mois. Et, selon l'AFP, l'argent dégagé par ce trafic était consacré à l'achat de produits de luxe ou était investi dans des sociétés offshore, ou bien encore dans des biens immobiliers en France, en Espagne et au Liban.
Aujourd'hui mises en examen pour blanchiment d'argent, contrebande de marchandises prohibées, contrefaçon, faux et usage de faux en bande organisée, les personnes interpellées encourent, outre la confiscation des biens concernés, 382 000 euros d'amende et 10 ans de prison. Mais cette opération, malgré son incontestable succès n'est que la partie émergée de l'iceberg.
Revente de listes de sites sur Internet
« La vente de contrefaçons sur Internet a pris des proportions phénoménales, commente Katrina Senez, responsable de la protection des marques à la Fédérations des industries du sport et des loisirs (Fifas). Nous avons affaire à des structures très organisées qui n'hésitent plus à mettre dans la boucle, c'est-à-dire à engager comme "revendeurs locaux" des personnes en grande difficulté (des étudiants, des chômeurs, ou des allocataires du RMI), qui, moyennant quelques milliers d'euros par mois, vont écouler de la marchandise contrefaite sur des sites comme eBay (...). » Selon elle, on trouve même des sites qui, pour 29 euros, proposent aux internautes de leur vendre une liste de sites où ils pourront trouver des contrefaçons et le cas échéant démarrer leur petit business frauduleux sur Internet.
Pour Marc-Antoine Jamet, président d'Unifab (Union des fabricants pour la protection internationale de la propriété intellectuelle), l'irresponsabilité et l'impunité qui caractérisent les grands sites d'enchères en ligne sont parfaitement inadmissibles. « Quand on regarde le top des ventes de certains sites, parfois, sur les dix meilleures, huit d'entre elles concernent de la contrefaçon, c'est dire l'ampleur du phénomène, explique-t-il. On ne peut pas durablement impliquer des hébergeurs sur des dossiers comme le nazisme et la pédophilie, et continuer à les déresponsabiliser et à les mettre hors de cause dès qu'il s'agit de contrefaçon. »
La contrefaçon aux mains des triades
Le président d'Unifab pointe plus particulièrement du doigt la Chine, pays à l'origine d'une grande partie du commerce mondial de la contrefaçon, où les filières sont contrôlées par des consortiums industriels liés à des cadres corrompus du PCC (Parti communiste chinois) ou bien par les triades, des organisations criminelles très actives surtout dans les régions de Canton et de Shenzhen.
En France, au sein du ministère de l'Economie et des Finances, une structure, le Tracfin est chargée de combattre ces nouvelles formes de criminalité. Selon Marc-Antoine Jamet, cette cellule de renseignement financier traiterait aujourd'hui une cinquantaine d'affaires liées à des paiements par carte bancaire pour l'achat de contrefaçons en ligne.
vendredi 1 juin 2007
Hackers steal $450,000
http://www.presstelegram.com/news/ci_6025127
City officials uncover general fund break-in, recover cash.
By Gene Maddaus, Staff writer
Article Launched: 05/30/2007 10:16:26 PM PDT
CARSON - Computer hackers broke into the city of Carson's general fund account and stole $450,000, the city revealed Wednesday.
Investigators believe the thieves were able to access the account by using a spyware program to steal passwords from a city-owned laptop computer, Treasurer Karen Avilla said.
Avilla notified the city's bank upon discovering the theft. The bank was able to freeze 90 percent of the money. Sheriff's deputies and Secret Service agents are still trying to track down the other $45,000.
The money was stolen in two wire transfers. Avilla said she noticed the first transfer, in the amount of $90,500, last Thursday. The money had been transferred the previous day to an account in North Carolina, according to a sheriff's report.
Avilla had not authorized the transfer, and notified the bank, the Sheriff's Department and the city manager of a possible fraud.
While she was investigating the first transfer, Avilla discovered a second unauthorized transfer in the amount of $358,500 to Broadbase Financial in Detroit. The second transfer was issued that morning.
The city's bank was able to freeze the entire amount of the second transfer and half of the first, Avilla said. The remainder has been moved to several different accounts, which investigators are still tracking.
The frozen assets will be returned to the city, while insurance will cover any loss.
"There won't be any loss to us either way," Avilla said. "Hopefully, there's going to be someone prosecuted."
Sheriff's Capt. Todd Rogers said one of his fraud detectives is following leads in the theft. At this point, he said, there is no indication that any city employees were involved in the theft.
The first sign that something was amiss came two days before the thefts were discovered, when Avilla was unable to log into the city's account on the bank's Web site. The bank informed her that the passwords had been changed the previous Sunday, when Avilla does not work. Avilla changed the passwords again, but that did not prevent the hackers from accessing the city's account.
The city's security consultants believe that the thieves used a wireless Internet connection to install a "Trojan horse" spyware program on a city laptop. The program logged keystrokes, and thus was able to swipe the city's passwords.
Avilla said the city's account has since been locked, and that, to make a payment, she has to send a fax to the bank. The bank also has installed new security measures that allow transactions only from authorized computers.
The city's computer specialist is also looking at updated anti-virus software, but the city has not restricted the use of laptops or wireless Internet connections.
"I'm feeling really glad that we were able to catch this right away and not let too much time go by," Mayor Jim Dear said. "The recovery looks imminent, and that's good news for us."
For some reason, the thieves left about $200,000 in the city's account.
Gene Maddaus can be reached at gene.maddaus@dailybreeze.com.
City officials uncover general fund break-in, recover cash.
By Gene Maddaus, Staff writer
Article Launched: 05/30/2007 10:16:26 PM PDT
CARSON - Computer hackers broke into the city of Carson's general fund account and stole $450,000, the city revealed Wednesday.
Investigators believe the thieves were able to access the account by using a spyware program to steal passwords from a city-owned laptop computer, Treasurer Karen Avilla said.
Avilla notified the city's bank upon discovering the theft. The bank was able to freeze 90 percent of the money. Sheriff's deputies and Secret Service agents are still trying to track down the other $45,000.
The money was stolen in two wire transfers. Avilla said she noticed the first transfer, in the amount of $90,500, last Thursday. The money had been transferred the previous day to an account in North Carolina, according to a sheriff's report.
Avilla had not authorized the transfer, and notified the bank, the Sheriff's Department and the city manager of a possible fraud.
While she was investigating the first transfer, Avilla discovered a second unauthorized transfer in the amount of $358,500 to Broadbase Financial in Detroit. The second transfer was issued that morning.
The city's bank was able to freeze the entire amount of the second transfer and half of the first, Avilla said. The remainder has been moved to several different accounts, which investigators are still tracking.
The frozen assets will be returned to the city, while insurance will cover any loss.
"There won't be any loss to us either way," Avilla said. "Hopefully, there's going to be someone prosecuted."
Sheriff's Capt. Todd Rogers said one of his fraud detectives is following leads in the theft. At this point, he said, there is no indication that any city employees were involved in the theft.
The first sign that something was amiss came two days before the thefts were discovered, when Avilla was unable to log into the city's account on the bank's Web site. The bank informed her that the passwords had been changed the previous Sunday, when Avilla does not work. Avilla changed the passwords again, but that did not prevent the hackers from accessing the city's account.
The city's security consultants believe that the thieves used a wireless Internet connection to install a "Trojan horse" spyware program on a city laptop. The program logged keystrokes, and thus was able to swipe the city's passwords.
Avilla said the city's account has since been locked, and that, to make a payment, she has to send a fax to the bank. The bank also has installed new security measures that allow transactions only from authorized computers.
The city's computer specialist is also looking at updated anti-virus software, but the city has not restricted the use of laptops or wireless Internet connections.
"I'm feeling really glad that we were able to catch this right away and not let too much time go by," Mayor Jim Dear said. "The recovery looks imminent, and that's good news for us."
For some reason, the thieves left about $200,000 in the city's account.
Gene Maddaus can be reached at gene.maddaus@dailybreeze.com.
mercredi 30 mai 2007
Près de 160 000 ordinateurs ont été infectés par MPack selon PandaLabs - Publi-News
Près de 160 000 ordinateurs ont été infectés par MPack selon PandaLabs - Publi-News
Un exploit détecté par NanoScan (http://www.pandasoftware.fr/infectedornot/), l'analyseur en ligne de Panda Software, a mis PandaLabs sur la trace de MPack. Ce programme est utilisé pour télécharger des malwares sur des ordinateurs distants en exploitant plusieurs vulnérabilités. MPack a déjà été utilisé à plusieurs reprises. PandaLabs a eu accès à plusieurs versions dont une qui a servi à infecter 160 000 ordinateurs.
Ces données proviennent du module de statistiques inclus dans l'application. Les cyber-criminels peuvent ainsi savoir combien d'ordinateurs ont été infectés et consulter les données concernant les ordinateurs attaqués, en les regroupant par système d'exploitation ou par navigateur. Ils disposent également de statistiques sur l'efficacité des infections par région géographique.MPack est vendu sur les forums en ligne pour 700 $ environ. Les créateurs offrent un an de support gratuit avec chaque version. "MPack offre les mêmes types de services que des programmes licites, par exemple, des mises à jour. Les mises à jour de MPack sont de nouvelles versions de l'application comprenant de nouveaux exploits pour profiter des dernières vulnérabilités découvertes. Une nouvelle mise à jour est disponible tous les mois en moyenne et coûte entre 50 et 150 $.", explique Luis Corrons, le directeur technique de PandaLabs.Pour 300 $, les clients peuvent obtenir DreamDownloader en supplément. Ce deuxième outil sert à créer des chevaux de Troie de type "Downloader" (qui servent à télécharger d'autres malwares). DreamDownloader fonctionne de la façon suivante. Le pirate donne à DreamDownloader l'adresse à laquelle est hébergé le malware (un cheval de Troie, un ver, une mise à jour de malware, etc.) et l'utilitaire génère automatiquement un exécutable pour le télécharger."Ces deux outils sont complémentaires. Le premier permet d'infecter les ordinateurs avec le malware de son choix. Le deuxième permet de créer le malware, conçu pour télécharger d'autres codes malicieux.", ajoute Luis Corrons.
Attaques de MPack
MPack infecte les ordinateurs discrètement. Les cyber-criminels utilisent diverses techniques afin que les utilisateurs exécutent le code malicieux. Dans le cas des serveurs Web, les piratent ajoutent généralement dans les pages une balise de type iframe (non visible par l’utilisateur) qui charge la page sur laquelle MPack est installé.
Ils utilisent parfois le même site piraté pour héberger MPack ou d'autres malwares. Les cyber-criminels hébergent les malwares sur des serveurs tiers pour éviter que l'on ne retrouve leurs traces.
Une autre technique d'infection utilisée est l'insertion sur les pages Web de mots clés souvent recherchés. De cette façon, lorsque les pages sont indexées par les moteurs de recherche, les utilisateurs qui recherchent ces mots-clés peuvent se retrouver sur la page contenant MPack et se faire infecter.
Une autre technique est d'acheter des domaines avec des noms proches de ceux de sites web renommés, par exemple "gookle", en référence au fameux navigateur Internet Google. Les utilisateurs qui se trompent seulement d'un caractère en entrant le nom du navigateur peuvent ainsi se faire infecter.
Enfin, le spam est un autre moyen utilisé par les pirates. Les messages de spam contiennent un lien et utilisent des techniques d'ingénierie sociale pour inciter les utilisateurs à cliquer dessus.
Une fois parvenu sur l'ordinateur, l'exploit s'exécute et recueille des données sur l'ordinateur infecté : navigateur, système d'exploitation, etc. Ces informations sont ensuite envoyées à un serveur sur lequel elles sont stockées.
PandaLabs a publié une étude complète sur MPack (en anglais), elle est accessible à l'adresse http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf.
Panda Software met à la disposition des utilisateurs qui souhaitent vérifier si leur ordinateur a été infecté par ces menaces ou par d'autres codes malicieux, ses analyseurs gratuits en ligne, la bêta de NanoScan ou TotalScan, à l'adresse : http://www.pandasoftware.fr/infectedornot/.
Depuis 1990, la mission de PandaLabs est d’analyser les nouvelles menaces le plus rapidement possible pour assurer une totale sécurité à nos clients. Plusieurs équipes, spécialisées dans chaque type spécifique de malware (virus, vers, chevaux de Troie, logiciels espions, phishing, spam, rootkits, etc.) travaillent 24 heures sur 24 et 7 jours sur 7 pour offrir une garantie maximale. Pour cela, elles s’appuient sur les Technologies TruPrevent™, un véritable système global d’alertes, basé sur des sondes distribuées stratégiquement et qui permettent de neutraliser les nouvelles menaces et de les envoyer au plus tôt à PandaLabs pour analyse. Selon AvTest.org, PandaLabs est le laboratoire de virus qui offre des mises à jour complètes dans les délais les plus brefs. Plus d’informations à l’adresse www.pandasoftware.com/pandalabs et sur le blog de PandaLabs :
http://blogs.pandasoftware.com/blogs/pandalabs/.
Un exploit détecté par NanoScan (http://www.pandasoftware.fr/infectedornot/), l'analyseur en ligne de Panda Software, a mis PandaLabs sur la trace de MPack. Ce programme est utilisé pour télécharger des malwares sur des ordinateurs distants en exploitant plusieurs vulnérabilités. MPack a déjà été utilisé à plusieurs reprises. PandaLabs a eu accès à plusieurs versions dont une qui a servi à infecter 160 000 ordinateurs.
Ces données proviennent du module de statistiques inclus dans l'application. Les cyber-criminels peuvent ainsi savoir combien d'ordinateurs ont été infectés et consulter les données concernant les ordinateurs attaqués, en les regroupant par système d'exploitation ou par navigateur. Ils disposent également de statistiques sur l'efficacité des infections par région géographique.MPack est vendu sur les forums en ligne pour 700 $ environ. Les créateurs offrent un an de support gratuit avec chaque version. "MPack offre les mêmes types de services que des programmes licites, par exemple, des mises à jour. Les mises à jour de MPack sont de nouvelles versions de l'application comprenant de nouveaux exploits pour profiter des dernières vulnérabilités découvertes. Une nouvelle mise à jour est disponible tous les mois en moyenne et coûte entre 50 et 150 $.", explique Luis Corrons, le directeur technique de PandaLabs.Pour 300 $, les clients peuvent obtenir DreamDownloader en supplément. Ce deuxième outil sert à créer des chevaux de Troie de type "Downloader" (qui servent à télécharger d'autres malwares). DreamDownloader fonctionne de la façon suivante. Le pirate donne à DreamDownloader l'adresse à laquelle est hébergé le malware (un cheval de Troie, un ver, une mise à jour de malware, etc.) et l'utilitaire génère automatiquement un exécutable pour le télécharger."Ces deux outils sont complémentaires. Le premier permet d'infecter les ordinateurs avec le malware de son choix. Le deuxième permet de créer le malware, conçu pour télécharger d'autres codes malicieux.", ajoute Luis Corrons.
Attaques de MPack
MPack infecte les ordinateurs discrètement. Les cyber-criminels utilisent diverses techniques afin que les utilisateurs exécutent le code malicieux. Dans le cas des serveurs Web, les piratent ajoutent généralement dans les pages une balise de type iframe (non visible par l’utilisateur) qui charge la page sur laquelle MPack est installé.
Ils utilisent parfois le même site piraté pour héberger MPack ou d'autres malwares. Les cyber-criminels hébergent les malwares sur des serveurs tiers pour éviter que l'on ne retrouve leurs traces.
Une autre technique d'infection utilisée est l'insertion sur les pages Web de mots clés souvent recherchés. De cette façon, lorsque les pages sont indexées par les moteurs de recherche, les utilisateurs qui recherchent ces mots-clés peuvent se retrouver sur la page contenant MPack et se faire infecter.
Une autre technique est d'acheter des domaines avec des noms proches de ceux de sites web renommés, par exemple "gookle", en référence au fameux navigateur Internet Google. Les utilisateurs qui se trompent seulement d'un caractère en entrant le nom du navigateur peuvent ainsi se faire infecter.
Enfin, le spam est un autre moyen utilisé par les pirates. Les messages de spam contiennent un lien et utilisent des techniques d'ingénierie sociale pour inciter les utilisateurs à cliquer dessus.
Une fois parvenu sur l'ordinateur, l'exploit s'exécute et recueille des données sur l'ordinateur infecté : navigateur, système d'exploitation, etc. Ces informations sont ensuite envoyées à un serveur sur lequel elles sont stockées.
PandaLabs a publié une étude complète sur MPack (en anglais), elle est accessible à l'adresse http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf.
Panda Software met à la disposition des utilisateurs qui souhaitent vérifier si leur ordinateur a été infecté par ces menaces ou par d'autres codes malicieux, ses analyseurs gratuits en ligne, la bêta de NanoScan ou TotalScan, à l'adresse : http://www.pandasoftware.fr/infectedornot/.
Depuis 1990, la mission de PandaLabs est d’analyser les nouvelles menaces le plus rapidement possible pour assurer une totale sécurité à nos clients. Plusieurs équipes, spécialisées dans chaque type spécifique de malware (virus, vers, chevaux de Troie, logiciels espions, phishing, spam, rootkits, etc.) travaillent 24 heures sur 24 et 7 jours sur 7 pour offrir une garantie maximale. Pour cela, elles s’appuient sur les Technologies TruPrevent™, un véritable système global d’alertes, basé sur des sondes distribuées stratégiquement et qui permettent de neutraliser les nouvelles menaces et de les envoyer au plus tôt à PandaLabs pour analyse. Selon AvTest.org, PandaLabs est le laboratoire de virus qui offre des mises à jour complètes dans les délais les plus brefs. Plus d’informations à l’adresse www.pandasoftware.com/pandalabs et sur le blog de PandaLabs :
http://blogs.pandasoftware.com/blogs/pandalabs/.
mardi 29 mai 2007
Logiciel pour déjouer les fraudeurs
Logiciel pour déjouer les fraudeurs
Parmi tous les risques sécuritaires sur internet figure le détournement de mot de passe.
Key Scrambler est une extension pour Firefox qui intervient quand on se trouve sur une page qui requiert une authentification (vers un compte bancaire, par exemple).
Chaque caractère frappé est crypté entre le clavier et le navigateur. Scramble signifie “brouiller” en anglais.
Il existe une version libre et une version pro (25 dollars).
Parmi tous les risques sécuritaires sur internet figure le détournement de mot de passe.
Key Scrambler est une extension pour Firefox qui intervient quand on se trouve sur une page qui requiert une authentification (vers un compte bancaire, par exemple).
Chaque caractère frappé est crypté entre le clavier et le navigateur. Scramble signifie “brouiller” en anglais.
Il existe une version libre et une version pro (25 dollars).
lundi 28 mai 2007
Phishers Use Call Forwarding to Mask Fraud
Phishers Use Call Forwarding to Mask Fraud
Phishers Use Call Forwarding to Mask Fraud
A phishing attack uncovered by SecureWorks tries to entice victims into forwarding their telephone calls in order to thwart out-of-band authentication by banks.
Researchers at SecureWorks have uncovered a new type of phishing attack that tries to trick victims into forwarding their telephone calls to the attacker to thwart attempts by a bank to detect fraud.
The attack, found by the Atlanta-based security vendor this week, begins with an e-mail sent from the phisher telling the potential victim their bank needs to verify their phone number immediately, and their account will be suspended if they do not confirm the number. The victim is told to confirm their number by dialing *72 and then another number, effectively forwarding their calls to the phisher's telephone.
After going through this process, the victim is asked in the e-mail to update their personal information, such as bank account and Social Security numbers. If the victim's bank calls to question an unusual transaction while the calls are being forwarded, the phisher need only confirm the illegal transaction is legitimate, SecureWorks researcher Don Jackson wrote on the company's Web site.
In an interview with eWeek, Jackson said these types of attacks are currently not widespread, but may become so in the future as more banks use out-of-band authentication - such as telephone calls - to check the validity of suspicious transactions.
He cautioned against trusting e-mails that request the recipient give up personal information.
"If they are asking you to do something, you should call your financial institution," Jackson said.
Phishers Use Call Forwarding to Mask Fraud
A phishing attack uncovered by SecureWorks tries to entice victims into forwarding their telephone calls in order to thwart out-of-band authentication by banks.
Researchers at SecureWorks have uncovered a new type of phishing attack that tries to trick victims into forwarding their telephone calls to the attacker to thwart attempts by a bank to detect fraud.
The attack, found by the Atlanta-based security vendor this week, begins with an e-mail sent from the phisher telling the potential victim their bank needs to verify their phone number immediately, and their account will be suspended if they do not confirm the number. The victim is told to confirm their number by dialing *72 and then another number, effectively forwarding their calls to the phisher's telephone.
After going through this process, the victim is asked in the e-mail to update their personal information, such as bank account and Social Security numbers. If the victim's bank calls to question an unusual transaction while the calls are being forwarded, the phisher need only confirm the illegal transaction is legitimate, SecureWorks researcher Don Jackson wrote on the company's Web site.
In an interview with eWeek, Jackson said these types of attacks are currently not widespread, but may become so in the future as more banks use out-of-band authentication - such as telephone calls - to check the validity of suspicious transactions.
He cautioned against trusting e-mails that request the recipient give up personal information.
"If they are asking you to do something, you should call your financial institution," Jackson said.
mercredi 23 mai 2007
Michigan Man Charged for Using Free WiFi
Michigan Man Charged for Using Free WiFi
May 22, 2007 5:45 PM PDT
Michigan man dodges prison in theft of Wi-Fi
Posted by Steven Musil
A Michigan man who used a coffee shop's unsecured Wi-Fi to check his e-mail from his car could have faced up to five years in prison, according to local TV station WOOD. But it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner's permission--a practice known as piggybacking--was a felony.
Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and--without actually entering the coffee shop--check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing.
"I knew that the Union Street had Wi-Fi. I just went down and checked my e-mail and didn't see a problem with that," Peterson told a WOOD reporter.
Milanowski didn't immediately cite or arrest Peterson, mostly because he wasn't certain a crime had been committed. "I had a feeling a law was being broken," the chief said. Milanowski did some research and found Michigan's "Fraudulent access to computers, computer systems, and computer networks" law, a felony punishable by five years in prison and a $10,000 fine.
Milanowski, who eventually swore out a warrant for Peterson, doesn't believe Milanowski knew he was breaking the law. "In my opinion, probably not. Most people probably don't."
Indeed, neither did Donna May, the owner of the Union Street Cafe. "I didn't know it was really illegal, either," she told the TV station. "If he would have come in (to the coffee shop), it would have been fine."
But apparently prosecutors were more than aware of the 1979 law, which was revised in 2000 to include protections for Wi-Fi networks.
"This is the first time that we've actually charged it," Kent County Assistant Prosecutor Lynn Hopkins said, adding that "we'd been hoping to dodge this bullet for a while."
However, Peterson won't be going to prison for piggybacking. Because he has no prior record, Peterson will have to pay a $400 fine, do 40 hours of community service and enroll in the county's diversion program.
May 22, 2007 5:45 PM PDT
Michigan man dodges prison in theft of Wi-Fi
Posted by Steven Musil
A Michigan man who used a coffee shop's unsecured Wi-Fi to check his e-mail from his car could have faced up to five years in prison, according to local TV station WOOD. But it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner's permission--a practice known as piggybacking--was a felony.
Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and--without actually entering the coffee shop--check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing.
"I knew that the Union Street had Wi-Fi. I just went down and checked my e-mail and didn't see a problem with that," Peterson told a WOOD reporter.
Milanowski didn't immediately cite or arrest Peterson, mostly because he wasn't certain a crime had been committed. "I had a feeling a law was being broken," the chief said. Milanowski did some research and found Michigan's "Fraudulent access to computers, computer systems, and computer networks" law, a felony punishable by five years in prison and a $10,000 fine.
Milanowski, who eventually swore out a warrant for Peterson, doesn't believe Milanowski knew he was breaking the law. "In my opinion, probably not. Most people probably don't."
Indeed, neither did Donna May, the owner of the Union Street Cafe. "I didn't know it was really illegal, either," she told the TV station. "If he would have come in (to the coffee shop), it would have been fine."
But apparently prosecutors were more than aware of the 1979 law, which was revised in 2000 to include protections for Wi-Fi networks.
"This is the first time that we've actually charged it," Kent County Assistant Prosecutor Lynn Hopkins said, adding that "we'd been hoping to dodge this bullet for a while."
However, Peterson won't be going to prison for piggybacking. Because he has no prior record, Peterson will have to pay a $400 fine, do 40 hours of community service and enroll in the county's diversion program.
mardi 22 mai 2007
Telegraph website targeted in mystery attack by hackers
Telegraph website targeted in mystery attack by hackers
The Daily Telegraph website has been the victim of a mystery and
destructive attack by hackers that has blocked access to the site over
the last 24 hours.
The paper confirmed that its site had been the victim of a 'distributed
denial of service attack' (DDoS), and that many readers had not been
able to log on since yesterday morning.
A third party team of experts was still working to return systems to
normal, following what the paper described as "an act of vandalism".
"With these things it's always difficult to know what might be behind
it," a Telegraph spokeswoman said.
The paper had not received any threats demanding that particular stories
be removed, the spokeswoman said, but a "revenge attack" was one of the
possible explanations cited by security experts.
"The nature of these attacks is that they come from multiple sources,"
the paper's digital editor, Edward Roussel, told mediaguardian.co.uk.
"We have had them in the past but they have never succeeded in toppling
the website. This particular one was stronger than anything we have
experienced," Mr Roussel said.
A "denial of service" attacks occurs when hundreds of thousands of
computers are directed to log onto a particular site simultaneously,
causing it to crash under the weight of requests.
The computers owners' are unusually unuaware they are participating in
the attack, their machines having been co-opted by an e-mail or
internet-based worm sent via a network known as a 'botnet'.
"Newspaper sites are often the target of politically motivated attacks,"
William Beer, a director of security practice at Symantec, said.
"In Italy a law was passed recently in relation to peer to peer
software, and we saw a lot of internet-based threats directed at
newspapers that were favourable to the new regulation," he said.
Paul Vlissidis, an expert at NCC, another security firm, said that there
were ways of guarding against DDoS attacks, for instance by installing a
router which sits 'in front of' a website and monitors incoming traffic.
If the router senses a pattern in attempted visits, for instance that
the volume is unusually large for a certain time, the requests can be
directed elsewhere - "down a kind of cyber black hole," Mr Vlissidis
said.
The attack comes less than a week after Estonia accused Russia of being
behind a similar attempt to bring down various of its central websites
and paralyse its infrastructure.
Estonian officials said that they had traced the internet protocol (IP)
addresses responsible for the attacks to Russian authorities, prompting
allegations that Russia had declared 'cyber-war' against its Baltic
neighbour.
Last year a Department of Trade and Industry report found that more than
50 per cent of businesses had suffered "a premeditated and malicious"
security incident in the past twelve months.
For large businesses, the average cost of the worst such incident was as
much as 130,000, the report said.
Tide of denial
In February hackers, possibly based in South Korea, attempted to bring
down at least the of the 13 computers which help manage global internet
traffic, including one operated by the US Department of Defence (DoD). A
DoD official was quoted at the time as saying: "We have to be able to
respond (to this type of threat)."
Last year three Russian citizens were sentenced to eight years each for
extorting money from several British gambling websites. The trio were
accused of receiving $4 million from sites they threatened with DDoS
attacks, and when one site refused to pay a demand for $10,000, it was
targeted and and brought down, reportedly costing it $200,000 a day.
In 2004 several bookmakers, including Paddy Power and Blue Square were
subject to DDoS attacks at the time of the Cheltenham horse races.
Extortionists contacted Blue Square, ordering that it pay 7,000 in order
that the attack be stopped.
The security firm Symantec last year estimated that the number DDoS has
risen by 51 per cent since 2005, and detected an average of 1,402
attacks a day.
The Daily Telegraph website has been the victim of a mystery and
destructive attack by hackers that has blocked access to the site over
the last 24 hours.
The paper confirmed that its site had been the victim of a 'distributed
denial of service attack' (DDoS), and that many readers had not been
able to log on since yesterday morning.
A third party team of experts was still working to return systems to
normal, following what the paper described as "an act of vandalism".
"With these things it's always difficult to know what might be behind
it," a Telegraph spokeswoman said.
The paper had not received any threats demanding that particular stories
be removed, the spokeswoman said, but a "revenge attack" was one of the
possible explanations cited by security experts.
"The nature of these attacks is that they come from multiple sources,"
the paper's digital editor, Edward Roussel, told mediaguardian.co.uk.
"We have had them in the past but they have never succeeded in toppling
the website. This particular one was stronger than anything we have
experienced," Mr Roussel said.
A "denial of service" attacks occurs when hundreds of thousands of
computers are directed to log onto a particular site simultaneously,
causing it to crash under the weight of requests.
The computers owners' are unusually unuaware they are participating in
the attack, their machines having been co-opted by an e-mail or
internet-based worm sent via a network known as a 'botnet'.
"Newspaper sites are often the target of politically motivated attacks,"
William Beer, a director of security practice at Symantec, said.
"In Italy a law was passed recently in relation to peer to peer
software, and we saw a lot of internet-based threats directed at
newspapers that were favourable to the new regulation," he said.
Paul Vlissidis, an expert at NCC, another security firm, said that there
were ways of guarding against DDoS attacks, for instance by installing a
router which sits 'in front of' a website and monitors incoming traffic.
If the router senses a pattern in attempted visits, for instance that
the volume is unusually large for a certain time, the requests can be
directed elsewhere - "down a kind of cyber black hole," Mr Vlissidis
said.
The attack comes less than a week after Estonia accused Russia of being
behind a similar attempt to bring down various of its central websites
and paralyse its infrastructure.
Estonian officials said that they had traced the internet protocol (IP)
addresses responsible for the attacks to Russian authorities, prompting
allegations that Russia had declared 'cyber-war' against its Baltic
neighbour.
Last year a Department of Trade and Industry report found that more than
50 per cent of businesses had suffered "a premeditated and malicious"
security incident in the past twelve months.
For large businesses, the average cost of the worst such incident was as
much as 130,000, the report said.
Tide of denial
In February hackers, possibly based in South Korea, attempted to bring
down at least the of the 13 computers which help manage global internet
traffic, including one operated by the US Department of Defence (DoD). A
DoD official was quoted at the time as saying: "We have to be able to
respond (to this type of threat)."
Last year three Russian citizens were sentenced to eight years each for
extorting money from several British gambling websites. The trio were
accused of receiving $4 million from sites they threatened with DDoS
attacks, and when one site refused to pay a demand for $10,000, it was
targeted and and brought down, reportedly costing it $200,000 a day.
In 2004 several bookmakers, including Paddy Power and Blue Square were
subject to DDoS attacks at the time of the Cheltenham horse races.
Extortionists contacted Blue Square, ordering that it pay 7,000 in order
that the attack be stopped.
The security firm Symantec last year estimated that the number DDoS has
risen by 51 per cent since 2005, and detected an average of 1,402
attacks a day.
Symantec Updates Cause Chaos in China
Symantec Updates Cause Chaos in China
A signature update to Symantec Corp.'s antivirus software crippled thousands of Chinese PCs Friday when the security software mistook two critical Windows .dll files for malware.
According to numerous blog entries from Chinese computer users, a virus-signature database seeded yesterday mistook two system files of a Chinese edition of Windows XP Service Pack 2 as a Trojan horse that Symantec dubbed "Backdoor.Haxdoor." The antivirus software -- Norton AntiVirus, for example, or the antivirus component of the Norton 360 or Norton Internet Security suites -- then quarantined the netapi32.dll and lsasrv.dll files.
"With these files removed, Windows XP will no longer start up, and even the system Safe Mode no longer functions," said one user writing to the Alt.comp.anti-virus newsgroup this morning.
Late Friday, China time, the Chinese Internet Security Response Team (CISRT) posted an alert on its English-language blog. "It's a terrible day for lots of Chinese users (especially Enterprise Users) who use Norton products today," CISRT said. Other reports claimed that more than 7,000 users had already contacted Rising Antivirus International Pty, asked for help on how they could recover their PCs. On the Chinese security company's home page, its threat gauge was rated at red late Friday, the highest ranking this year.
In an e-mailed statement, Symantec acknowledged the signature update bug and said it re-released a new update late Thursday, U.S. time.
The Cupertino, Calif.-based security vendor also said that only Simplified Chinese versions of Windows XP SP2 that have been patched with a Microsoft Corp. fix from November 2006 were affected.
If the PC hasn't been rebooted, users can grab the revised signature update to fix the problem, said Symantec. But if Windows was restarted after the flawed update, the user will have a much harder row to hoe. Because the bad signature update removed the two .dll files, Windows won't boot -- it ends in a so-called blue screen of death, said CISRT -- and so there's no way to retrieve the new signature or to restore from a backup.
"Customers impacted by this issue following reboot of an affected system can return their system(s) to the previous state through use of the Windows recovery console," Symantec said. XP's recovery console is a command-line-driven tool that gives limited access to the PC and its hard drive. Users writing on online forums recommended that users copy the two .dll files from their Windows restore CD to the hard drive.
A likely snafu in that scenario, however, is that many Chinese users don't have a restore CD because they're running pirated copies of Windows.
"Norton this time has made a very serious mistake," the Chinese-language Sogou news site said [translation by Babelfish -- eds.].
"All the main news channel in China has reported this since 6 in the morning ECT +8, but symantec keeps silence," someone identified as "Ink" said on the Wilders Security Forum.
Other antivirus companies have gone through similar fiascos. In March, users blamed Microsoft's Windows Live OneCare for deleting Outlook e-mail files, although the company denied that the security service was at fault. More than two years ago, Trend Micro Inc. distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that the incident had run up $8.2 million in direct costs to the company.
A signature update to Symantec Corp.'s antivirus software crippled thousands of Chinese PCs Friday when the security software mistook two critical Windows .dll files for malware.
According to numerous blog entries from Chinese computer users, a virus-signature database seeded yesterday mistook two system files of a Chinese edition of Windows XP Service Pack 2 as a Trojan horse that Symantec dubbed "Backdoor.Haxdoor." The antivirus software -- Norton AntiVirus, for example, or the antivirus component of the Norton 360 or Norton Internet Security suites -- then quarantined the netapi32.dll and lsasrv.dll files.
"With these files removed, Windows XP will no longer start up, and even the system Safe Mode no longer functions," said one user writing to the Alt.comp.anti-virus newsgroup this morning.
Late Friday, China time, the Chinese Internet Security Response Team (CISRT) posted an alert on its English-language blog. "It's a terrible day for lots of Chinese users (especially Enterprise Users) who use Norton products today," CISRT said. Other reports claimed that more than 7,000 users had already contacted Rising Antivirus International Pty, asked for help on how they could recover their PCs. On the Chinese security company's home page, its threat gauge was rated at red late Friday, the highest ranking this year.
In an e-mailed statement, Symantec acknowledged the signature update bug and said it re-released a new update late Thursday, U.S. time.
The Cupertino, Calif.-based security vendor also said that only Simplified Chinese versions of Windows XP SP2 that have been patched with a Microsoft Corp. fix from November 2006 were affected.
If the PC hasn't been rebooted, users can grab the revised signature update to fix the problem, said Symantec. But if Windows was restarted after the flawed update, the user will have a much harder row to hoe. Because the bad signature update removed the two .dll files, Windows won't boot -- it ends in a so-called blue screen of death, said CISRT -- and so there's no way to retrieve the new signature or to restore from a backup.
"Customers impacted by this issue following reboot of an affected system can return their system(s) to the previous state through use of the Windows recovery console," Symantec said. XP's recovery console is a command-line-driven tool that gives limited access to the PC and its hard drive. Users writing on online forums recommended that users copy the two .dll files from their Windows restore CD to the hard drive.
A likely snafu in that scenario, however, is that many Chinese users don't have a restore CD because they're running pirated copies of Windows.
"Norton this time has made a very serious mistake," the Chinese-language Sogou news site said [translation by Babelfish -- eds.].
"All the main news channel in China has reported this since 6 in the morning ECT +8, but symantec keeps silence," someone identified as "Ink" said on the Wilders Security Forum.
Other antivirus companies have gone through similar fiascos. In March, users blamed Microsoft's Windows Live OneCare for deleting Outlook e-mail files, although the company denied that the security service was at fault. More than two years ago, Trend Micro Inc. distributed a flawed virus-definition file that slowed thousands of PCs to a crawl. Three months later, the antivirus vendor said that the incident had run up $8.2 million in direct costs to the company.
MS Word exploit generator circulating?
MS Word exploit generator circulating?
Managed security services firm MessageLabs is reporting a surge in targeted malware attacks against a known Microsoft Word code-execution vulnerability, suggesting that an exploit generator kit may be circulating online.
Microsoft OfficeIn its monthly threat intelligence report, MessageLabs said Microsoft Word was the most common exploit vector in April 2007 with a noticeable spike in attacks using Word documents that contain the SmartTag bug patched with Microsoft’s MS07-027 bulletin.
From the report:
"These attacks increased dramatically since March 2007 from four attacks going to four single recipients to 66 attacks going to 273 recipients in April."
“On first sight, it appears that more than one hacker ring is using this Microsoft Word exploit, and so an exploit generator kit might exist, although this has not yet been found,” said Alex Shipp, senior anti-virus technologist at MessageLabs.
The report said a Taiwanese crime ring called “Task Briefing” continued its use of Microsoft Office exploits during April, launching spear-phishing attacks with PowerPoint documents embedded in e-mails.
"The ring made six attacks this month, sending 61 emails accounting for 10 percent of all targeted e-mails in April, the longest of which lasted 45 hours. In March, the same gang sent 151 emails accounting for more than 20 percent of targeted attacks."
MessageLabs said it also intercepted one additional attack using the same PowerPoint exploit (patched with MS07-028) but originating from an IP address in China. This second attack was targeting 14 Japanese e-mail addresses, suggesting that there may be a second criminal ring in operation.
During April 2007, MessageLabs said it intercepted 595 e-mails in 249 separate targeted attacks aimed at 192 different organizations. Of these, 180 were one-on-one targeted attacks aimed at a specific organization.
MessageLabs did not identify any of the targets but it is well-known that some of these MS Office zero-days are being aimed at U.S. government agencies. A spate of PowerPoint attacks last year was also linked to corporate espionage.
Overall, the April numbers show a slight drop in targeted attacks compared to the previous month. In March, MessageLabs stopped 716 e-mails in 249 targeted attacks against 263 different domains. These domains belonged to 216 different organizations.
The company said 84% of the attacks used Microsoft Office exploits (PowerPoint and Word) .
"The majority of attacks still comprise one e-mail to one individual, but the number of attacks has risen since last year when it was just 1 or 2 per day. Utilizing several exploits in a single malicious file, a typical attack will download a further component from a website under the control of the attackers that will give them remote access to the compromised computer, including access to confidential and potentially sensitive intellectual property."
Managed security services firm MessageLabs is reporting a surge in targeted malware attacks against a known Microsoft Word code-execution vulnerability, suggesting that an exploit generator kit may be circulating online.
Microsoft OfficeIn its monthly threat intelligence report, MessageLabs said Microsoft Word was the most common exploit vector in April 2007 with a noticeable spike in attacks using Word documents that contain the SmartTag bug patched with Microsoft’s MS07-027 bulletin.
From the report:
"These attacks increased dramatically since March 2007 from four attacks going to four single recipients to 66 attacks going to 273 recipients in April."
“On first sight, it appears that more than one hacker ring is using this Microsoft Word exploit, and so an exploit generator kit might exist, although this has not yet been found,” said Alex Shipp, senior anti-virus technologist at MessageLabs.
The report said a Taiwanese crime ring called “Task Briefing” continued its use of Microsoft Office exploits during April, launching spear-phishing attacks with PowerPoint documents embedded in e-mails.
"The ring made six attacks this month, sending 61 emails accounting for 10 percent of all targeted e-mails in April, the longest of which lasted 45 hours. In March, the same gang sent 151 emails accounting for more than 20 percent of targeted attacks."
MessageLabs said it also intercepted one additional attack using the same PowerPoint exploit (patched with MS07-028) but originating from an IP address in China. This second attack was targeting 14 Japanese e-mail addresses, suggesting that there may be a second criminal ring in operation.
During April 2007, MessageLabs said it intercepted 595 e-mails in 249 separate targeted attacks aimed at 192 different organizations. Of these, 180 were one-on-one targeted attacks aimed at a specific organization.
MessageLabs did not identify any of the targets but it is well-known that some of these MS Office zero-days are being aimed at U.S. government agencies. A spate of PowerPoint attacks last year was also linked to corporate espionage.
Overall, the April numbers show a slight drop in targeted attacks compared to the previous month. In March, MessageLabs stopped 716 e-mails in 249 targeted attacks against 263 different domains. These domains belonged to 216 different organizations.
The company said 84% of the attacks used Microsoft Office exploits (PowerPoint and Word) .
"The majority of attacks still comprise one e-mail to one individual, but the number of attacks has risen since last year when it was just 1 or 2 per day. Utilizing several exploits in a single malicious file, a typical attack will download a further component from a website under the control of the attackers that will give them remote access to the compromised computer, including access to confidential and potentially sensitive intellectual property."
Software pirate to pay $205,000 fine for illegal eBay sales
Software pirate to pay $205,000 fine for illegal eBay sales
May 22, 2007 (Computerworld) -- A software pirate who sold illegal copies of Symantec Corp. software on the online auction site eBay Inc. has agreed to pay a $205,000 fine.
In an announcement today, the Software & Information Industry Association (SIIA) trade group, which filed suit in the case on behalf of Symantec -- a SIIA member -- said the defendant has also agreed to assist authorities in identifying the parties who actually made and distributed the illegal software that was sold.
Keith Kupferschmid, senior vice president of intellectual property for the Washington-based SIIA, said the name and location of the defendant is being kept secret under the terms of the settlement.
"We give a certain level of confidentiality in order for us to get additional information," Kupferschmid said. The lawsuit, Symantec et al. v. Chan (a pseudonym) et al., was one of several civil cases brought by the SIIA. Several cases are still pending, as are several criminal cases being brought by the FBI, he said.
The case was originally filed in U.S. District Court in the Central District of California as part of the SIIA's Auction Litigation Program, which was started to monitor online auction sites for illegal software sales and file related lawsuits on behalf of member vendors.
Some 90% of the software sold on auction sites such as eBay is counterfeit, according to studies, Kupferschmid said.
The $205,000 settlement is in excess of the amount the unnamed software pirate made through the sales of the software.
In the lawsuit, the SIIA charged the defendant with infringing on Symantec's copyrights and trademarks in such titles as Norton PartitionMagic, Norton AntiVirus, pcAnywhere and Norton SystemWorks, as well as illegally reselling OEM, unbundled and counterfeit software.
The SIIA says it represents more than 800 members, including software and information companies.
May 22, 2007 (Computerworld) -- A software pirate who sold illegal copies of Symantec Corp. software on the online auction site eBay Inc. has agreed to pay a $205,000 fine.
In an announcement today, the Software & Information Industry Association (SIIA) trade group, which filed suit in the case on behalf of Symantec -- a SIIA member -- said the defendant has also agreed to assist authorities in identifying the parties who actually made and distributed the illegal software that was sold.
Keith Kupferschmid, senior vice president of intellectual property for the Washington-based SIIA, said the name and location of the defendant is being kept secret under the terms of the settlement.
"We give a certain level of confidentiality in order for us to get additional information," Kupferschmid said. The lawsuit, Symantec et al. v. Chan (a pseudonym) et al., was one of several civil cases brought by the SIIA. Several cases are still pending, as are several criminal cases being brought by the FBI, he said.
The case was originally filed in U.S. District Court in the Central District of California as part of the SIIA's Auction Litigation Program, which was started to monitor online auction sites for illegal software sales and file related lawsuits on behalf of member vendors.
Some 90% of the software sold on auction sites such as eBay is counterfeit, according to studies, Kupferschmid said.
The $205,000 settlement is in excess of the amount the unnamed software pirate made through the sales of the software.
In the lawsuit, the SIIA charged the defendant with infringing on Symantec's copyrights and trademarks in such titles as Norton PartitionMagic, Norton AntiVirus, pcAnywhere and Norton SystemWorks, as well as illegally reselling OEM, unbundled and counterfeit software.
The SIIA says it represents more than 800 members, including software and information companies.
lundi 14 mai 2007
FSA fines BNP Paribas £350,000 for anti-fraud failures
http://finextra.com/fullstory.asp?id=16914
French investment bank BNP Paribas has been fined £350,000 by the UK's Financial Services Authority for systems and control failures at its London-based private banking unit that allowed a senior manager to steal £1.4 million from client accounts.
The employee, who worked at BNP Paribas Private Bank, managed to transfer the cash haul out of client accounts in 13 separate fraudulent transactions between February 2002 and March 2005 using forged signatures and instructions and by falsifying change of address documents.
During its investigation, the FSA found that a flaw in the bank's IT system allowed the senior employee to by-pass normal middle office processes, which meant that basic authorisation and signatory checks were not carried out on internal cash transfers between different customer accounts.
Furthermore, BNPP Private Bank did not have an effective review process for transactions over £10,000 from clients' accounts. The regulator also found that the bank's procedures were not clear about the role of senior management in checking significant transfers prior to payment.
Margaret Cole, FSA director of enforcement, comments: "BNPP Private Bank's failures exposed clients' accounts to the risk of fraud. This is unacceptable particularly with the overall increase in awareness around fraud and client money risks. Senior management must make sure their firms have robust systems and controls to reduce the risk of them being used to commit financial crime."
The bank also failed to improve its procedures for monitoring large transactions or carry out remedial action on a timely basis, says the FSA, despite being aware that some procedures required improvement as a result of an examination of its anti-money laundering systems and controls in August 2002.
The FSA says this is the first time a private bank has been fined for weaknesses in anti-fraud systems but warns that it is "raising its game" against firms with lax controls.
"This is a warning to other firms that we are raising our game in this area and expect them to follow suit. We will not hesitate to take action against any firm found wanting," says Cole.
French investment bank BNP Paribas has been fined £350,000 by the UK's Financial Services Authority for systems and control failures at its London-based private banking unit that allowed a senior manager to steal £1.4 million from client accounts.
The employee, who worked at BNP Paribas Private Bank, managed to transfer the cash haul out of client accounts in 13 separate fraudulent transactions between February 2002 and March 2005 using forged signatures and instructions and by falsifying change of address documents.
During its investigation, the FSA found that a flaw in the bank's IT system allowed the senior employee to by-pass normal middle office processes, which meant that basic authorisation and signatory checks were not carried out on internal cash transfers between different customer accounts.
Furthermore, BNPP Private Bank did not have an effective review process for transactions over £10,000 from clients' accounts. The regulator also found that the bank's procedures were not clear about the role of senior management in checking significant transfers prior to payment.
Margaret Cole, FSA director of enforcement, comments: "BNPP Private Bank's failures exposed clients' accounts to the risk of fraud. This is unacceptable particularly with the overall increase in awareness around fraud and client money risks. Senior management must make sure their firms have robust systems and controls to reduce the risk of them being used to commit financial crime."
The bank also failed to improve its procedures for monitoring large transactions or carry out remedial action on a timely basis, says the FSA, despite being aware that some procedures required improvement as a result of an examination of its anti-money laundering systems and controls in August 2002.
The FSA says this is the first time a private bank has been fined for weaknesses in anti-fraud systems but warns that it is "raising its game" against firms with lax controls.
"This is a warning to other firms that we are raising our game in this area and expect them to follow suit. We will not hesitate to take action against any firm found wanting," says Cole.
jeudi 10 mai 2007
La France se dote d'un piège à spam national
http://www.01net.com/article/348505.html
Regroupés au sein de l'association Signal Spam, autorités publiques et organisations professionnelles du monde d'Internet lancent une plate-forme gratuite de lutte contre le spam.
Karine Solovieff , 01net., le 10/05/2007 à 19h11
Avec Signal-spam.fr, les internautes français disposent depuis ce jeudi 10 mai d'un nouvel outil de lutte contre les e-mails non sollicités. Les tristement célèbres « spams », ou pourriels, qui envahissent les boîtes aux lettres électroniques. Comme son nom l'indique, ce site permet de signaler facilement, depuis son logiciel de messagerie, la réception de ces néfastes e-mails à des organismes publics et privés.
A l'origine de Signal-spam.fr, il y a une association éponyme, qui regroupe les membres du groupe de travail sur la lutte contre le spam, mis en place en 2004 par la Direction du développement des médias (DDM), qui dépend du Premier ministre. On y retrouve une liste imposante d'acteurs concernés de près ou de loin par la Toile en France, comme, entre autres, l'Association des fournisseurs d'accès à Internet (AFA), la Fédération des entreprises de ventes à distance (Fevad) et le Syndicat national de la communication directe et, côté autorités publiques, la Cnil et la Direction centrale de la police judiciaire. « C'est la première fois au monde que l'on réunit autant d'acteurs sur un projet de lutte contre le spam », affirme Francis Bouvier, chef de projet au sein de l'association Signal Spam.
La démarche est gratuite, une simple inscription sur le site suffit. Le fonctionnement de Signal-spam.fr a été simplifié au maximum. Lors de la réception d'un pourriel, un internaute a deux possibilités. Première solution : faire un copier-coller du message complet dans un formulaire disponible en ligne. Deuxième solution : installer l'une des extensions pour les logiciels de courrier électronique Microsoft Outlook ou Mozilla Thunderbird. Il suffit alors de cliquer sur un bouton pour que le spam soit automatiquement transmis à l'association. Des extensions pour navigateurs sont en projet, afin que cette fonction soit disponible pour les webmails.
Une expérience semblable avait déjà été tentée en 2002 par la Cnil. La Commission avait ouvert une adresse e-mail, à laquelle les internautes étaient invités à transmettre les pourriels reçus dans le but de dresser une sorte de cartographie du spam. L'expérience avait tourné court, la Cnil avait été dépassée par son succès.
Un million d'e-mails peuvent être traités par jour
« Signal-spam.fr a été dimensionné pour être capable de traiter un million d'e-mails par jour, rassure Francis Bouvier. Et contrairement à l'expérience de la Cnil, les e-mails seront analysés. »
Pour cela, plusieurs outils ont été développés. Un premier étudiera automatiquement les informations techniques contenus dans l'en-tête de l'e-mail pour retracer son origine. Le cas échéant, un fournisseur d'accès français sera alerté que le compte d'un de ses abonnés est utilisé pour envoyer des pourriels. Un système d'empreinte des messages et des URL permettra également de détecter, derrière des centaines d'e-mails, l'origine de la campagne de spam.
Enfin, une équipe se penchera également sur le contenu des e-mails, pour débusquer les arnaques ou les fraudes, qui sont légion dans ces messages. « S'il y a danger, nous transmettrons l'information au service concerné que cela soit la DGCCRF ou la police judiciaire », indique Francis Bouvier. Les modalités pratiques de ce transfert sont cependant encore en préparation. L'internaute sera tenu au courant des suites données à son signalement.
Le financement de l'association Signal Spam est réparti à égalité entre la DDM et les acteurs professionnels. En 2006, son budget de fonctionnement était de 200 000 euros.
Regroupés au sein de l'association Signal Spam, autorités publiques et organisations professionnelles du monde d'Internet lancent une plate-forme gratuite de lutte contre le spam.
Karine Solovieff , 01net., le 10/05/2007 à 19h11
Avec Signal-spam.fr, les internautes français disposent depuis ce jeudi 10 mai d'un nouvel outil de lutte contre les e-mails non sollicités. Les tristement célèbres « spams », ou pourriels, qui envahissent les boîtes aux lettres électroniques. Comme son nom l'indique, ce site permet de signaler facilement, depuis son logiciel de messagerie, la réception de ces néfastes e-mails à des organismes publics et privés.
A l'origine de Signal-spam.fr, il y a une association éponyme, qui regroupe les membres du groupe de travail sur la lutte contre le spam, mis en place en 2004 par la Direction du développement des médias (DDM), qui dépend du Premier ministre. On y retrouve une liste imposante d'acteurs concernés de près ou de loin par la Toile en France, comme, entre autres, l'Association des fournisseurs d'accès à Internet (AFA), la Fédération des entreprises de ventes à distance (Fevad) et le Syndicat national de la communication directe et, côté autorités publiques, la Cnil et la Direction centrale de la police judiciaire. « C'est la première fois au monde que l'on réunit autant d'acteurs sur un projet de lutte contre le spam », affirme Francis Bouvier, chef de projet au sein de l'association Signal Spam.
La démarche est gratuite, une simple inscription sur le site suffit. Le fonctionnement de Signal-spam.fr a été simplifié au maximum. Lors de la réception d'un pourriel, un internaute a deux possibilités. Première solution : faire un copier-coller du message complet dans un formulaire disponible en ligne. Deuxième solution : installer l'une des extensions pour les logiciels de courrier électronique Microsoft Outlook ou Mozilla Thunderbird. Il suffit alors de cliquer sur un bouton pour que le spam soit automatiquement transmis à l'association. Des extensions pour navigateurs sont en projet, afin que cette fonction soit disponible pour les webmails.
Une expérience semblable avait déjà été tentée en 2002 par la Cnil. La Commission avait ouvert une adresse e-mail, à laquelle les internautes étaient invités à transmettre les pourriels reçus dans le but de dresser une sorte de cartographie du spam. L'expérience avait tourné court, la Cnil avait été dépassée par son succès.
Un million d'e-mails peuvent être traités par jour
« Signal-spam.fr a été dimensionné pour être capable de traiter un million d'e-mails par jour, rassure Francis Bouvier. Et contrairement à l'expérience de la Cnil, les e-mails seront analysés. »
Pour cela, plusieurs outils ont été développés. Un premier étudiera automatiquement les informations techniques contenus dans l'en-tête de l'e-mail pour retracer son origine. Le cas échéant, un fournisseur d'accès français sera alerté que le compte d'un de ses abonnés est utilisé pour envoyer des pourriels. Un système d'empreinte des messages et des URL permettra également de détecter, derrière des centaines d'e-mails, l'origine de la campagne de spam.
Enfin, une équipe se penchera également sur le contenu des e-mails, pour débusquer les arnaques ou les fraudes, qui sont légion dans ces messages. « S'il y a danger, nous transmettrons l'information au service concerné que cela soit la DGCCRF ou la police judiciaire », indique Francis Bouvier. Les modalités pratiques de ce transfert sont cependant encore en préparation. L'internaute sera tenu au courant des suites données à son signalement.
Le financement de l'association Signal Spam est réparti à égalité entre la DDM et les acteurs professionnels. En 2006, son budget de fonctionnement était de 200 000 euros.
mercredi 9 mai 2007
Firms hit rivals with web attacks
http://news.bbc.co.uk/2/hi/technology/6623673.stm
By Mark Ward
Technology Correspondent, BBC News website
Croupier dealing cards, BBC
Gambling sites were targeted in denial of service attacks
Legitimate businesses are turning to cyber criminals to help them cripple rival websites, say security experts.
The rise in industrial sabotage comes as some suggest cyber criminals are turning away from using web-based attack tools in extortion rackets.
Experts suspect this is because of the risks involved in mounting such an attack on a web shop or retailer.
Instead the tools, usually hijacked home computers, are being used to pump out junk e-mail.
Cash call
Often these hijacked PCs, known as bots, are used for "Distributed Denial of Service" (DDoS) attacks that attempt to knock a site or server offline by bombarding it with huge amounts of data.
Online gambling sites were among the first to be threatened with DDoS attacks if they did not hand over significant sums of cash.
In a recent entry on the Symantec Security Response blog, Yazan Gable said the company had seen a "pretty sharp decline" in the number of attacks that try to extort cash.
Mr Gable said this was because extortion attacks were no longer profitable because knocking a website offline via DDoS was "loud and risky".
Many of those controlling the networks of bot computers have now started using them to send out spam which was just as lucrative and a lot less risky, said Mr Gable.
But Paul Sop, chief technology officer at Prolexic which helps victims cope with DDoS attacks, said they were proving as popular as ever.
Network cables, BBC
DDoS attacks try to flood servers with too much data
"We've seen more DDoS attacks in the last few months than we have ever seen," he said.
The decline could just be part of the arms race between criminals and security firms.
"When the gangs feel the pincers coming in they change their strategy," he said.
There was no reason to think the decline was because such attacks were no longer profitable. Not least, he said, because only in 20% of cases do attacks stop once a victim has made a payment.
"Once they have you hooked they'll keep going," he said, "it can get up to some pretty serious numbers."
Mr Sop said the number of extortion-based attacks had declined a little but this had been more than made up for by companies using them to batter rivals.
"We are seeing a lot of anti-competitive behaviour," he said.
Mr Sop added that many more Asian targets were being hit by DDoS attacks - a region in which Symantec did not historically have a big presence.
In Asia, he said, DDoS attacks were proving very popular with unscrupulous firms keen to get ahead of their rivals.
"The really frightening thing is you can buy access to a botnet for a small amount of money and you can have you competitor down for a long time," he said.
In one case that Prolexic helped with a firm was battered for four months by a rival using a botnet owned by a criminal gang.
"It's a great use of funds to destroy your competitor," he said.
By Mark Ward
Technology Correspondent, BBC News website
Croupier dealing cards, BBC
Gambling sites were targeted in denial of service attacks
Legitimate businesses are turning to cyber criminals to help them cripple rival websites, say security experts.
The rise in industrial sabotage comes as some suggest cyber criminals are turning away from using web-based attack tools in extortion rackets.
Experts suspect this is because of the risks involved in mounting such an attack on a web shop or retailer.
Instead the tools, usually hijacked home computers, are being used to pump out junk e-mail.
Cash call
Often these hijacked PCs, known as bots, are used for "Distributed Denial of Service" (DDoS) attacks that attempt to knock a site or server offline by bombarding it with huge amounts of data.
Online gambling sites were among the first to be threatened with DDoS attacks if they did not hand over significant sums of cash.
In a recent entry on the Symantec Security Response blog, Yazan Gable said the company had seen a "pretty sharp decline" in the number of attacks that try to extort cash.
Mr Gable said this was because extortion attacks were no longer profitable because knocking a website offline via DDoS was "loud and risky".
Many of those controlling the networks of bot computers have now started using them to send out spam which was just as lucrative and a lot less risky, said Mr Gable.
But Paul Sop, chief technology officer at Prolexic which helps victims cope with DDoS attacks, said they were proving as popular as ever.
Network cables, BBC
DDoS attacks try to flood servers with too much data
"We've seen more DDoS attacks in the last few months than we have ever seen," he said.
The decline could just be part of the arms race between criminals and security firms.
"When the gangs feel the pincers coming in they change their strategy," he said.
There was no reason to think the decline was because such attacks were no longer profitable. Not least, he said, because only in 20% of cases do attacks stop once a victim has made a payment.
"Once they have you hooked they'll keep going," he said, "it can get up to some pretty serious numbers."
Mr Sop said the number of extortion-based attacks had declined a little but this had been more than made up for by companies using them to batter rivals.
"We are seeing a lot of anti-competitive behaviour," he said.
Mr Sop added that many more Asian targets were being hit by DDoS attacks - a region in which Symantec did not historically have a big presence.
In Asia, he said, DDoS attacks were proving very popular with unscrupulous firms keen to get ahead of their rivals.
"The really frightening thing is you can buy access to a botnet for a small amount of money and you can have you competitor down for a long time," he said.
In one case that Prolexic helped with a firm was battered for four months by a rival using a botnet owned by a criminal gang.
"It's a great use of funds to destroy your competitor," he said.
Phishing Social Networking Sites
http://ha.ckers.org/blog/20070508/phishing-social-networking-sites/
Okay, I had a lot of fun with this post. No new news here, but I was able to talk to someone who was willing to sit down and write out some thoughts from a phisher’s perspective. The phisher goes by the name “lithium” and agreed to answer a number of questions that have been on my mind for a while now. Huge thanks to him, as I think a lot of this is valuable information to the community at large, These are his words - unmodified:
How would you describe yourself? Age? Did you go to school? Interests?
Determined is the best word to describe myself. I’m 18 years young. Yes, I went to school. I left after high school. My interests are mma (mixed martial arts); fitness and last but not least..The internet!
How did you get your start in phishing? How did you get interested in it?
The typical scam mail that my parents kept recieving in their inbox. They were very poorly done! Yet in general they worked. So, I knew automatically I could come up with more efficient methods and have a far greater outcome.
How long have you been phishing?
I’ve been pishing since I turned 14. So thats, Nearly 5 years.
Do you have any idea how many people’s identities you’ve stolen so far?
Way over 20 million. Social networking worms really hit it off for me! I have so many hundreds of thousands of accounts to many websites I haven’t even got a chance to look through.
Did you need to forge any particular relationships with other people/groups to get started?
No, When I started I went solo. Alot of groups came to me asking if I wanted in, I declined.
What types of sites make the best phishing sites?
Social networking sites, Any site that involves teenagers ranging from 14 years old upwards.
What are the steps you take to set up a phishing site?
I try find a domain name that would best suite the current target. Try find a few similarities which would make my site more realistic. Then, Register it! I then find a reliable anonymouse host. (Offshore are the most reliable) Although, I do tend to use compromised hosting accounts.
Secondly, I view the page source. Then I alter the source code to post the forms information to my pishing site.
Thirdly, I create a php file which will POST the current forms information to a text file on my server. I use the same php file with every site, Just minor alterations are needed since it’s mearly a few lines of php code.
How many people do you typically phish per site you post?
That all depends on the size of the website (the ammount of users) Usually, I pish 30k a day.
How do you monetize the identities and how much does that net you?
Social networking sites, Make me $500 to 1k through CPA deals. 5 times out of 10 the person uses the same password for their email account. Now depending what is inside their email inbox determines how much more profit I make. If an email account has one of the following paypal/egold/rapidshare/ebay accounts even the email account itself, I sell those to scammers. All in all, I make 3k to 4k a day. I only pish 3-4 days a week. Depends on how much time I invest, The more time I invest the greater the outcome.
Are there any costs associated with phishing?
Yes there are costs. A dedicated server, VPN, Network encryption software and time.
What sort of hardware/software do you need to do this? Anything special (phishing kits, etc…)? What kind of internet connection do you use?
For MOST social networking sites, I use a program called MyChanger. You can find it on this website - www.myownchanger.com - This makes pishing so much faster on social networking sites. Everything is automated! messaging/bulletins/comments/profile modifications it’s great. Other than that, I get ALOT of custom programs built to suite my needs from freelance developers. My internet connection isn’t anything fancy, A stanard 1mb adsl line.
How do you keep yourself safe from being caught?
I use VPN’s, Dedicated servers, Proxies and my network traffic is
encrypted. All payments are made through egold.
Are there any anti-phishing deterrents (tools or technology) that make life as a phisher harder?
Oh sure, There are many things that make pishing harder. But since Internet Explorer 7 and firefox 2 have implemented an antiphishing protection, Those two cause the most irritation.
Do you forsee any changes to the phishing industry that are worthy of note?
No.
Anything else you’d like to share/last words?
Lazy web developers are the reason I’m still around pishing.
Pretty telling on the current state of affairs, I’d say. The first interesting point I took from this were that IE7 and FF2 were actually a somewhat okay deterrent. From the looks of it, it hasn’t made much of a dent - only changed the tactics that phishers use. I suppose we could have guessed that since there is n o lack of phishing emails in our inboxes, still I found it somewhat surprising that it was making a dent. I actually predicted that it would before IE7.0 launched, but I lost a bit of hope afterwards. Interesting nonetheless.
The second is that the password is used in more than one place 50% of the time - we already knew that but it’s interesting to hear it from a phisher’s perspective on how that’s actually useful to help monetize the attack. A huge thanks to lithium who allowed me to post all of his words. Does it make you re-think that MySpace profile you set up?
Okay, I had a lot of fun with this post. No new news here, but I was able to talk to someone who was willing to sit down and write out some thoughts from a phisher’s perspective. The phisher goes by the name “lithium” and agreed to answer a number of questions that have been on my mind for a while now. Huge thanks to him, as I think a lot of this is valuable information to the community at large, These are his words - unmodified:
How would you describe yourself? Age? Did you go to school? Interests?
Determined is the best word to describe myself. I’m 18 years young. Yes, I went to school. I left after high school. My interests are mma (mixed martial arts); fitness and last but not least..The internet!
How did you get your start in phishing? How did you get interested in it?
The typical scam mail that my parents kept recieving in their inbox. They were very poorly done! Yet in general they worked. So, I knew automatically I could come up with more efficient methods and have a far greater outcome.
How long have you been phishing?
I’ve been pishing since I turned 14. So thats, Nearly 5 years.
Do you have any idea how many people’s identities you’ve stolen so far?
Way over 20 million. Social networking worms really hit it off for me! I have so many hundreds of thousands of accounts to many websites I haven’t even got a chance to look through.
Did you need to forge any particular relationships with other people/groups to get started?
No, When I started I went solo. Alot of groups came to me asking if I wanted in, I declined.
What types of sites make the best phishing sites?
Social networking sites, Any site that involves teenagers ranging from 14 years old upwards.
What are the steps you take to set up a phishing site?
I try find a domain name that would best suite the current target. Try find a few similarities which would make my site more realistic. Then, Register it! I then find a reliable anonymouse host. (Offshore are the most reliable) Although, I do tend to use compromised hosting accounts.
Secondly, I view the page source. Then I alter the source code to post the forms information to my pishing site.
Thirdly, I create a php file which will POST the current forms information to a text file on my server. I use the same php file with every site, Just minor alterations are needed since it’s mearly a few lines of php code.
How many people do you typically phish per site you post?
That all depends on the size of the website (the ammount of users) Usually, I pish 30k a day.
How do you monetize the identities and how much does that net you?
Social networking sites, Make me $500 to 1k through CPA deals. 5 times out of 10 the person uses the same password for their email account. Now depending what is inside their email inbox determines how much more profit I make. If an email account has one of the following paypal/egold/rapidshare/ebay accounts even the email account itself, I sell those to scammers. All in all, I make 3k to 4k a day. I only pish 3-4 days a week. Depends on how much time I invest, The more time I invest the greater the outcome.
Are there any costs associated with phishing?
Yes there are costs. A dedicated server, VPN, Network encryption software and time.
What sort of hardware/software do you need to do this? Anything special (phishing kits, etc…)? What kind of internet connection do you use?
For MOST social networking sites, I use a program called MyChanger. You can find it on this website - www.myownchanger.com - This makes pishing so much faster on social networking sites. Everything is automated! messaging/bulletins/comments/profile modifications it’s great. Other than that, I get ALOT of custom programs built to suite my needs from freelance developers. My internet connection isn’t anything fancy, A stanard 1mb adsl line.
How do you keep yourself safe from being caught?
I use VPN’s, Dedicated servers, Proxies and my network traffic is
encrypted. All payments are made through egold.
Are there any anti-phishing deterrents (tools or technology) that make life as a phisher harder?
Oh sure, There are many things that make pishing harder. But since Internet Explorer 7 and firefox 2 have implemented an antiphishing protection, Those two cause the most irritation.
Do you forsee any changes to the phishing industry that are worthy of note?
No.
Anything else you’d like to share/last words?
Lazy web developers are the reason I’m still around pishing.
Pretty telling on the current state of affairs, I’d say. The first interesting point I took from this were that IE7 and FF2 were actually a somewhat okay deterrent. From the looks of it, it hasn’t made much of a dent - only changed the tactics that phishers use. I suppose we could have guessed that since there is n o lack of phishing emails in our inboxes, still I found it somewhat surprising that it was making a dent. I actually predicted that it would before IE7.0 launched, but I lost a bit of hope afterwards. Interesting nonetheless.
The second is that the password is used in more than one place 50% of the time - we already knew that but it’s interesting to hear it from a phisher’s perspective on how that’s actually useful to help monetize the attack. A huge thanks to lithium who allowed me to post all of his words. Does it make you re-think that MySpace profile you set up?
Gulf Bank warns customers against SMS 'Phishing'
http://www.kuwaittimes.net/read_news.php?newsid=MTczOTUxMjI0Ng==
Published Date: May 09, 2007
KUWAIT: Gulf Bank is warning all customers to be aware of SMS 'phishing', a fraudulent use of SMS mobile phone text messaging which may be designed to obtain confidential bank details illegally.
Gulf Bank has been alerted to a recent case in which customers of another bank received SMS text messages telling them they had won prizes and inviting them to contact their nearest branch.
Gulf Bank urges all customers to exercise extreme caution when receiving SMS text or email messages. These messages may be an attempt to obtain customers' personal account details Should you receive a suspicious message, please contact Gulf Bank immediately on 805805.
It is Gulf Bank's policy not to request account numbers, PIN codes or other confidential customer information via SMS.
'Phishing' is a crime that affects the banking industry around the world. Gulf Bank places the highest priority on protecting confidential account details and has issued this alert in the interests of customer security.
Published Date: May 09, 2007
KUWAIT: Gulf Bank is warning all customers to be aware of SMS 'phishing', a fraudulent use of SMS mobile phone text messaging which may be designed to obtain confidential bank details illegally.
Gulf Bank has been alerted to a recent case in which customers of another bank received SMS text messages telling them they had won prizes and inviting them to contact their nearest branch.
Gulf Bank urges all customers to exercise extreme caution when receiving SMS text or email messages. These messages may be an attempt to obtain customers' personal account details Should you receive a suspicious message, please contact Gulf Bank immediately on 805805.
It is Gulf Bank's policy not to request account numbers, PIN codes or other confidential customer information via SMS.
'Phishing' is a crime that affects the banking industry around the world. Gulf Bank places the highest priority on protecting confidential account details and has issued this alert in the interests of customer security.
vendredi 4 mai 2007
Paiement électronique - A la recherche d’un écosystème
http://www.nouveleconomiste.fr/1386/1386-paiement-electronique.html
Le geste paraît aussi simple que payant : sortir son téléphone portable pour régler de menus achats, bien plus facilement qu’avec quelques pièces de monnaie ou sa carte bleue. Ce n’est plus de la prospective. A peine de l’anticipation : dans quelques mois cette facilité sera à la portée des consommateurs français comme elle l’est déjà dans l’empire du Soleil-Levant. Au Japon, ce ne sont plus des produits digitaux mais des produits physiques ou des services qui se vendent le mieux grâce au mobile depuis 2005. Produits de marque ou DVD, le total du marché s’élève à 1,5 milliard d’euros par an. “On approche son téléphone d’une borne, on tape son code, et le paiement est réalisé en toute sécurité”, explique François Loos, ministre délégué à l’Industrie. Cette opération simplissime met en jeu des acteurs aux intérêts parfois peu convergents : les opérateurs de télécoms et les banques quand il s’agit de trouver une clé de répartition aux nouveaux revenus de cette manne téléphonique.
“L’arrivée du sans-contact”
Comme dans toute guerre, il y a un fait déclencheur, “l’arrivée du sans-contact”, souligne Jacques Sénéca, président d’Eurosmart et de Gemalto pour l’Europe. Grâce à une puce NFC (Near Field Communication), le téléphone mobile se mue en carte bancaire communiquant par radio avec un terminal de paiement, éloigné de quelques centimètres. Ce scénario est en test à Strasbourg, auprès de centaines d’utilisateurs et de commerçants : l’application de débit du Crédit Mutuel est placée sur la carte SIM des opérateurs NRJ Mobile et SFR.
Dans la foulée, se sont réunis autour d’une table le Crédit Mutuel, la BNP, les trois opérateurs cellulaires hexagonaux et les deux leaders internationaux des services de paiement, MasterCard et Visa, afin de définir les standards sécuritaires de l’application bancaire dans la carte SIM. Cela ne règle pas l’essentiel, le futur modèle économique. Comment l’opérateur sera-t-il rémunéré ? Loyer pour la mise à disposition d’espace sur la carte SIM ? Pourcentage sur le paiement ? Rémunération au téléchargement, au SMS, via le trafic supplémentaire généré ? “Le coût pour le consommateur sera exactement le même que pour une carte bancaire”, révèle Bernard Sadun du Crédit Mutuel, qui ne voit qu’un changement de support. “Au Japon il existe un système de commission au profit de l’opérateur lié à la consommation de crédit, mais le procédé reste opaque. L’opérateur gagne surtout un élément de rétention du client”, déclare Patrice Nordey, responsable du développement du Département Asie de l’Atelier.fr BNP-Paribas, qui souligne l’entente plus aisée au Japon : “ les opérateurs n’utilisent pas la carte SIM comme carte à puce pouvant stocker des données. Elle ne sert qu’à héberger l’application de paiement d’une seule banque.” Chaque banque fournit sa carte SIM, incompatible avec les autres, ce qui ressemble plus à un portemonnaie électronique. Les accords entre deux acteurs sont plus aisés. La volonté française d’un paiement universel est nouvelle : l’utilisateur peut via son portable payer ses achats, quelle que soit sa banque, à condition que le commerçant dispose d’une borne. Cela suppose une nouvelle répartition financière. “Le pourcentage sur les transactions n’est pas exclu, surtout si la solution réduit les risques pour les banques”, explique-t-on chez Bouygues Telecom comme le note Jean-Pierre Blettner dans 01 Réseaux. Position qu’en revanche le Crédit Mutuel écarte : “le paiement ne fait pas appel à la fonction téléphone.”
L’entente cordiale forcée
Devant tant de gourmandise, les banques pourraient gérer leur propre composant de sécurité dans le mobile. L’Américain SanDisk propose ainsi la carte de mémoire Trusted Flash embarquant une application bancaire dans le mobile, et “dont un pilote sera expérimenté en 2007 en Asie”, rappelle Pascal Caillon, en charge des contenus chez SanDisk. Les établissements financiers ont toutefois un handicap : ils ont du mal à assurer le service après-vente de matériel informatique, comme l’a démontré l’expérience Cyber-Comm, système de sécurisation des paiements sur Internet. L’introduction d’Eurochèque et de la carte EC direct ont échoué en France, tout comme le porte-monnaie électronique Monéo. Enfin, même si l’application bancaire est téléchargée dans un composant indépendant, “c’est tout de même la carte SIM qui arbitre les accès à la puce NFC pour communiquer vers l’extérieur”, indique Pascal Caillon. Dès lors, les opérateurs sont en position de force. Pourraient-ils s’affranchir des banques, en créant leur propre établissement de paiement ? Ils s’appuieraient sur le nouvel espace unique des paiements en euros (SEPA) qui harmonise les transferts financiers euros entre les pays membres (virements, prélèvements, CB) afin qu’un paiement transfrontalier soit traité avec la même rapidité et sécurité qu’un paiement domestique. L’expertise des banques en matière de moyens de paiements et de gestion du risque les en dissuade. Les opérateurs ne souhaitent pas entrer seuls dans des logiques de confidentialité et de sécurité d’un domaine “qui sera le prochain terrain de jeu des pirates mobiles en 2007”, d’après Bob Egan dans un rapport de TowerGroup Research.
L’enjeu du post-paiement
Le prépaiement – porte-monnaie électronique avec un compte courant déjà débité – s’est un peu développé en France sur des niches comme les parcmètres. Concernant le post-paiement – ligne de crédit que l’on peut dépasser – François Loos évoque une “possible généralisation à l’ensemble du pays d’ici à 2009”... à condition que “les acteurs s’accordent sur un écosystème dans lequel chacun s’y retrouve”, clame-t-on chez SFR. Toutefois les experts d’ABI Research recommandent aux opérateurs de ne pas se focaliser sur les paiements : le mobile servira à d’autres applications sur lesquelles ils pourront percevoir une rétribution. “Les clients attendent plusieurs produits sur leur mobile, comme plusieurs cartes de paiement dans leur portefeuille. Ils veulent aussi de la billetterie de transport, de spectacle, des cartes d’accès ou de fidélité”, souligne-t-on chez Orange. Chaque émetteur de carte doit pouvoir placer son application sur la carte SIM. Ceci vient tempérer les discussions qui s’annoncent mouvementées.
Le geste paraît aussi simple que payant : sortir son téléphone portable pour régler de menus achats, bien plus facilement qu’avec quelques pièces de monnaie ou sa carte bleue. Ce n’est plus de la prospective. A peine de l’anticipation : dans quelques mois cette facilité sera à la portée des consommateurs français comme elle l’est déjà dans l’empire du Soleil-Levant. Au Japon, ce ne sont plus des produits digitaux mais des produits physiques ou des services qui se vendent le mieux grâce au mobile depuis 2005. Produits de marque ou DVD, le total du marché s’élève à 1,5 milliard d’euros par an. “On approche son téléphone d’une borne, on tape son code, et le paiement est réalisé en toute sécurité”, explique François Loos, ministre délégué à l’Industrie. Cette opération simplissime met en jeu des acteurs aux intérêts parfois peu convergents : les opérateurs de télécoms et les banques quand il s’agit de trouver une clé de répartition aux nouveaux revenus de cette manne téléphonique.
“L’arrivée du sans-contact”
Comme dans toute guerre, il y a un fait déclencheur, “l’arrivée du sans-contact”, souligne Jacques Sénéca, président d’Eurosmart et de Gemalto pour l’Europe. Grâce à une puce NFC (Near Field Communication), le téléphone mobile se mue en carte bancaire communiquant par radio avec un terminal de paiement, éloigné de quelques centimètres. Ce scénario est en test à Strasbourg, auprès de centaines d’utilisateurs et de commerçants : l’application de débit du Crédit Mutuel est placée sur la carte SIM des opérateurs NRJ Mobile et SFR.
Dans la foulée, se sont réunis autour d’une table le Crédit Mutuel, la BNP, les trois opérateurs cellulaires hexagonaux et les deux leaders internationaux des services de paiement, MasterCard et Visa, afin de définir les standards sécuritaires de l’application bancaire dans la carte SIM. Cela ne règle pas l’essentiel, le futur modèle économique. Comment l’opérateur sera-t-il rémunéré ? Loyer pour la mise à disposition d’espace sur la carte SIM ? Pourcentage sur le paiement ? Rémunération au téléchargement, au SMS, via le trafic supplémentaire généré ? “Le coût pour le consommateur sera exactement le même que pour une carte bancaire”, révèle Bernard Sadun du Crédit Mutuel, qui ne voit qu’un changement de support. “Au Japon il existe un système de commission au profit de l’opérateur lié à la consommation de crédit, mais le procédé reste opaque. L’opérateur gagne surtout un élément de rétention du client”, déclare Patrice Nordey, responsable du développement du Département Asie de l’Atelier.fr BNP-Paribas, qui souligne l’entente plus aisée au Japon : “ les opérateurs n’utilisent pas la carte SIM comme carte à puce pouvant stocker des données. Elle ne sert qu’à héberger l’application de paiement d’une seule banque.” Chaque banque fournit sa carte SIM, incompatible avec les autres, ce qui ressemble plus à un portemonnaie électronique. Les accords entre deux acteurs sont plus aisés. La volonté française d’un paiement universel est nouvelle : l’utilisateur peut via son portable payer ses achats, quelle que soit sa banque, à condition que le commerçant dispose d’une borne. Cela suppose une nouvelle répartition financière. “Le pourcentage sur les transactions n’est pas exclu, surtout si la solution réduit les risques pour les banques”, explique-t-on chez Bouygues Telecom comme le note Jean-Pierre Blettner dans 01 Réseaux. Position qu’en revanche le Crédit Mutuel écarte : “le paiement ne fait pas appel à la fonction téléphone.”
L’entente cordiale forcée
Devant tant de gourmandise, les banques pourraient gérer leur propre composant de sécurité dans le mobile. L’Américain SanDisk propose ainsi la carte de mémoire Trusted Flash embarquant une application bancaire dans le mobile, et “dont un pilote sera expérimenté en 2007 en Asie”, rappelle Pascal Caillon, en charge des contenus chez SanDisk. Les établissements financiers ont toutefois un handicap : ils ont du mal à assurer le service après-vente de matériel informatique, comme l’a démontré l’expérience Cyber-Comm, système de sécurisation des paiements sur Internet. L’introduction d’Eurochèque et de la carte EC direct ont échoué en France, tout comme le porte-monnaie électronique Monéo. Enfin, même si l’application bancaire est téléchargée dans un composant indépendant, “c’est tout de même la carte SIM qui arbitre les accès à la puce NFC pour communiquer vers l’extérieur”, indique Pascal Caillon. Dès lors, les opérateurs sont en position de force. Pourraient-ils s’affranchir des banques, en créant leur propre établissement de paiement ? Ils s’appuieraient sur le nouvel espace unique des paiements en euros (SEPA) qui harmonise les transferts financiers euros entre les pays membres (virements, prélèvements, CB) afin qu’un paiement transfrontalier soit traité avec la même rapidité et sécurité qu’un paiement domestique. L’expertise des banques en matière de moyens de paiements et de gestion du risque les en dissuade. Les opérateurs ne souhaitent pas entrer seuls dans des logiques de confidentialité et de sécurité d’un domaine “qui sera le prochain terrain de jeu des pirates mobiles en 2007”, d’après Bob Egan dans un rapport de TowerGroup Research.
L’enjeu du post-paiement
Le prépaiement – porte-monnaie électronique avec un compte courant déjà débité – s’est un peu développé en France sur des niches comme les parcmètres. Concernant le post-paiement – ligne de crédit que l’on peut dépasser – François Loos évoque une “possible généralisation à l’ensemble du pays d’ici à 2009”... à condition que “les acteurs s’accordent sur un écosystème dans lequel chacun s’y retrouve”, clame-t-on chez SFR. Toutefois les experts d’ABI Research recommandent aux opérateurs de ne pas se focaliser sur les paiements : le mobile servira à d’autres applications sur lesquelles ils pourront percevoir une rétribution. “Les clients attendent plusieurs produits sur leur mobile, comme plusieurs cartes de paiement dans leur portefeuille. Ils veulent aussi de la billetterie de transport, de spectacle, des cartes d’accès ou de fidélité”, souligne-t-on chez Orange. Chaque émetteur de carte doit pouvoir placer son application sur la carte SIM. Ceci vient tempérer les discussions qui s’annoncent mouvementées.
SecureWorks Uncovers $2 Million Russian Hacker Scheme
http://www.secureworks.com/research/newsletter/2007/04/
In January 2007 the SecureWorks Security Research Group discovered a new trojan that searches for and captures credentials used by several Internet banking and e-commerce websites. The trojan, named Gozi, is able to forward captured credentials to an online database where they were being sold to the highest bidder. While researching Gozi, the SecureWorks Security Research Group uncovered a cache of stolen information holding over 10,000 account records containing everything from online banking user credentials to patient healthcare information and even employee login information for confidential government and law enforcement applications. Further investigation revealed that this data was being offered for sale by Russian hackers for an amount totaling over $2 million. The records retrieved included account numbers and passwords from customers of many top global banks and financial services companies, top US retailers and leading online retailers. SecureWorks is working with the affected organizations and federal law enforcement officials as well as other security groups such as FIRST and CERT to address the Gozi threat.
Gozi is a state-of-the-art, modularized trojan spread through Internet Explorer browser exploits, and it went undetected for weeks by many anti-virus vendors. Many home PCs were infected by Gozi while users were visiting popular community forums for hobbies, online games, etc. Gozi then retrieved the users' credentials when they later logged into their banking, retail, or employers' applications. These credentials were forwarded to an online storefront where they were offered for sale.
The trojan was designed to capture any data entered into websites relying on SSL (Secure Sockets Layer) to protect confidential information. Most Internet banking, online retail, and corporate intranets utilize SSL to encrypt communications from their customers. We also discovered that components of Gozi were purposely designed to circumvent the multi-factor authentication protections of specific large financial institutions. These protections met and exceeded those mandated by the FFIEC. SecureWorks briefed these financial institutions on Gozi's activities so they can be on the lookout for any fraudulent activity.
How to Protect Against Gozi
PCs on corporate networks can be infected if not well-protected. Security administrators should:
1. Enable heuristic detection as part of your anti-virus systems. This will increase the rate of false positives, so it should be done cautiously and with consideration as to how it can impact your operations.
2. Make sure your IPS is configured to detect and block Gozi and similar threats.
3. Ensure that your anti-virus vendor has a signature for the Gozi trojan then make sure all your computing systems are patched and current with the latest anti-virus protections.
4. If you use a managed security services partner to protect your systems, make sure that they have implemented countermeasures specific to Gozi and its variants. Clients relying on SecureWorks' iSensorP?P Network Intrusion Prevention Service were protected from day one.
A full analysis of the Gozi threat is available at http://www.secureworks.com/research/threats/gozi/.
In January 2007 the SecureWorks Security Research Group discovered a new trojan that searches for and captures credentials used by several Internet banking and e-commerce websites. The trojan, named Gozi, is able to forward captured credentials to an online database where they were being sold to the highest bidder. While researching Gozi, the SecureWorks Security Research Group uncovered a cache of stolen information holding over 10,000 account records containing everything from online banking user credentials to patient healthcare information and even employee login information for confidential government and law enforcement applications. Further investigation revealed that this data was being offered for sale by Russian hackers for an amount totaling over $2 million. The records retrieved included account numbers and passwords from customers of many top global banks and financial services companies, top US retailers and leading online retailers. SecureWorks is working with the affected organizations and federal law enforcement officials as well as other security groups such as FIRST and CERT to address the Gozi threat.
Gozi is a state-of-the-art, modularized trojan spread through Internet Explorer browser exploits, and it went undetected for weeks by many anti-virus vendors. Many home PCs were infected by Gozi while users were visiting popular community forums for hobbies, online games, etc. Gozi then retrieved the users' credentials when they later logged into their banking, retail, or employers' applications. These credentials were forwarded to an online storefront where they were offered for sale.
The trojan was designed to capture any data entered into websites relying on SSL (Secure Sockets Layer) to protect confidential information. Most Internet banking, online retail, and corporate intranets utilize SSL to encrypt communications from their customers. We also discovered that components of Gozi were purposely designed to circumvent the multi-factor authentication protections of specific large financial institutions. These protections met and exceeded those mandated by the FFIEC. SecureWorks briefed these financial institutions on Gozi's activities so they can be on the lookout for any fraudulent activity.
How to Protect Against Gozi
PCs on corporate networks can be infected if not well-protected. Security administrators should:
1. Enable heuristic detection as part of your anti-virus systems. This will increase the rate of false positives, so it should be done cautiously and with consideration as to how it can impact your operations.
2. Make sure your IPS is configured to detect and block Gozi and similar threats.
3. Ensure that your anti-virus vendor has a signature for the Gozi trojan then make sure all your computing systems are patched and current with the latest anti-virus protections.
4. If you use a managed security services partner to protect your systems, make sure that they have implemented countermeasures specific to Gozi and its variants. Clients relying on SecureWorks' iSensorP?P Network Intrusion Prevention Service were protected from day one.
A full analysis of the Gozi threat is available at http://www.secureworks.com/research/threats/gozi/.
Russia calls for an end of Whois in Dot RU
http://blog.domaintools.com/2007/05/russia-calls-for-an-end-of-whois-in-dot-ru/
My Russian may be a little bit broken so forgive the translation, I have attempted to read the Russian newspaper where they reported this story first. But appearently Russia is trying to remove whois on their .RU domain names. Here is the translated story.
Information on the ownership of Russian sites in the coming months may be totally secret. The most popular international blast zone. Com has long earned the willingness of owners to maintain Internet sites incognito. Under the Personal Data, which entered into force on January 30, 2007, the written consent of every person to the inclusion of personal data in public facilities. Some organizations have been suspended for bringing his public bases in line with the law until January 2008 or January 2010. According to the Russian Research Institute of public networks (RosNIIROS, Focal Point domain. Ru), in late 2006. In Runete there were more than 700,000 sites belonging to nearly 329,000 owners.
Currently online RosNIIROSa (www.ripn.net) on the WhoIs contact name and contact telephone owner of a site in the cloud. For example, you can find out what famous site compromat.ru owns Sergei Gorshkov. But that may not always be the case. According to the head of Public Relations Ru-Center (the largest domain registrar Runete) Andrei Vorobiev, RosNIIROS together with the domain registrars are now discussing how to give site owners a choice-run or not public access to your personal data.
According to him, the base WhoIs RosNIIROS should be brought into line with the law only by January 1, 2010. But Russian registrars want to give site owners the opportunity to hide themselves within a few months, explains Vorobiev. He said that in the public domain registrars will retain only the e-mail address owner of the site, because it could not obtain any personal information about the person.
Russia is not the first country to safeguarding personal data owners. The American organization ICANN, which maintains a register domain of Dot Com, now requires the owners to disclose the name and phone number for the WhoIs. However, according to Vorobiev, some companies to pay to register sites anonymously, as they apply them on, and then the real owner operates the site.
ICANN representative in the CIS Veni Markovski said “Vedomosti” that the principles of the base WhoIs should consider July 30 a member of the ICANN organization supporting domain names GNSO, which are attended by representatives of various countries. According to him, Russia should work more actively in the GNSO.
However, all wishing to remain anonymous can still call her real name or phone number, said renowned Paul Gross. According to him, nor RosNIIROS, or ICANN does not check the accuracy of these data.
My Russian may be a little bit broken so forgive the translation, I have attempted to read the Russian newspaper where they reported this story first. But appearently Russia is trying to remove whois on their .RU domain names. Here is the translated story.
Information on the ownership of Russian sites in the coming months may be totally secret. The most popular international blast zone. Com has long earned the willingness of owners to maintain Internet sites incognito. Under the Personal Data, which entered into force on January 30, 2007, the written consent of every person to the inclusion of personal data in public facilities. Some organizations have been suspended for bringing his public bases in line with the law until January 2008 or January 2010. According to the Russian Research Institute of public networks (RosNIIROS, Focal Point domain. Ru), in late 2006. In Runete there were more than 700,000 sites belonging to nearly 329,000 owners.
Currently online RosNIIROSa (www.ripn.net) on the WhoIs contact name and contact telephone owner of a site in the cloud. For example, you can find out what famous site compromat.ru owns Sergei Gorshkov. But that may not always be the case. According to the head of Public Relations Ru-Center (the largest domain registrar Runete) Andrei Vorobiev, RosNIIROS together with the domain registrars are now discussing how to give site owners a choice-run or not public access to your personal data.
According to him, the base WhoIs RosNIIROS should be brought into line with the law only by January 1, 2010. But Russian registrars want to give site owners the opportunity to hide themselves within a few months, explains Vorobiev. He said that in the public domain registrars will retain only the e-mail address owner of the site, because it could not obtain any personal information about the person.
Russia is not the first country to safeguarding personal data owners. The American organization ICANN, which maintains a register domain of Dot Com, now requires the owners to disclose the name and phone number for the WhoIs. However, according to Vorobiev, some companies to pay to register sites anonymously, as they apply them on, and then the real owner operates the site.
ICANN representative in the CIS Veni Markovski said “Vedomosti” that the principles of the base WhoIs should consider July 30 a member of the ICANN organization supporting domain names GNSO, which are attended by representatives of various countries. According to him, Russia should work more actively in the GNSO.
However, all wishing to remain anonymous can still call her real name or phone number, said renowned Paul Gross. According to him, nor RosNIIROS, or ICANN does not check the accuracy of these data.
Russian nationals conspired to steal IDs, indictment says
http://www.pe.com/ap_news/California/CA_BRF_NorCal_Identity_Theft_285833C.shtml
The Associated Press
SACRAMENTO
Four Russian citizens, three of whom were in the U.S. on temporary work visas, conspired to steal personal information and used it buy computers, jewelry, clothing and other merchandise, federal prosecutors said Tuesday.
The U.S. attorney's office in Sacramento unsealed the indictment after three of the men were arrested in Baltimore last month. The fourth, Aleksey Chugaev, 24, is believed to be a fugitive in southern Russia, prosecutors said.
Roman Karelov, 18, and Oleg V. Umarov, 20, were ordered held without bail during an appearance Monday in federal court in Sacramento. Radik E. Nizamov, 21, is being transported to Sacramento from Baltimore, where all three were living temporarily at the time of their April 13 arrest, prosecutors said.
The indictment alleges that Chugaev ran the operation from Russia, using the others to steal identities and credit information. He then used the information to withdraw cash in Russia and buy merchandise in the U.S. that was then shipped overseas, according to the indictment.
Umarov's attorney, Donald Dorfman, said his client is innocent. Umarov and his girlfriend, who was named in an earlier complaint but not the indictment, were swept up because they were living in the same Baltimore home as the other Russian nationals, he said.
Attorney Bruce Locke, who represents Karelov, declined comment. Nizamov will be assigned an attorney after he arrives in California.
Karelov, Umarov and Nizamov were in the country on work visas that had expired by the time of their arrest, prosecutors said.
All four men are charged with conspiracy to commit mail and wire fraud, credit card fraud and interstate transportation of stolen goods. Chugaev, Karelov and Nizamov also are charged with wire fraud, while Chugaev is charged with mail fraud and identity theft.
Published: Tuesday, May 1, 2007 17:07 PDT
The Associated Press
SACRAMENTO
Four Russian citizens, three of whom were in the U.S. on temporary work visas, conspired to steal personal information and used it buy computers, jewelry, clothing and other merchandise, federal prosecutors said Tuesday.
The U.S. attorney's office in Sacramento unsealed the indictment after three of the men were arrested in Baltimore last month. The fourth, Aleksey Chugaev, 24, is believed to be a fugitive in southern Russia, prosecutors said.
Roman Karelov, 18, and Oleg V. Umarov, 20, were ordered held without bail during an appearance Monday in federal court in Sacramento. Radik E. Nizamov, 21, is being transported to Sacramento from Baltimore, where all three were living temporarily at the time of their April 13 arrest, prosecutors said.
The indictment alleges that Chugaev ran the operation from Russia, using the others to steal identities and credit information. He then used the information to withdraw cash in Russia and buy merchandise in the U.S. that was then shipped overseas, according to the indictment.
Umarov's attorney, Donald Dorfman, said his client is innocent. Umarov and his girlfriend, who was named in an earlier complaint but not the indictment, were swept up because they were living in the same Baltimore home as the other Russian nationals, he said.
Attorney Bruce Locke, who represents Karelov, declined comment. Nizamov will be assigned an attorney after he arrives in California.
Karelov, Umarov and Nizamov were in the country on work visas that had expired by the time of their arrest, prosecutors said.
All four men are charged with conspiracy to commit mail and wire fraud, credit card fraud and interstate transportation of stolen goods. Chugaev, Karelov and Nizamov also are charged with wire fraud, while Chugaev is charged with mail fraud and identity theft.
Published: Tuesday, May 1, 2007 17:07 PDT
mercredi 2 mai 2007
Un contrat d'assurance pour surfer l'esprit tranquille - 01net
Un contrat d'assurance pour surfer l'esprit tranquille - 01net: "Un contrat d'assurance pour surfer l'esprit tranquille
01net - 27 avr 2007
Un contrat d'assurance pour surfer l'esprit tranquille
Le groupe April va proposer une nouvelle garantie pour assurer les internautes contre la fraude en ligne, les aléas de l'e-commerce et les dommages causés à leur ordinateur.
Philippe Crouzillacq , 01net., le 27/04/2007 à 14h04
Et si l'avenir de l'assurance se trouvait sur le Web ? Dans un pays où 46 % des foyers disposent désormais d'un accès à Internet et où le commerce en ligne a enregistré en 2006 la venue de plus de 3 millions de nouveaux clients, le marché s'annonce prometteur. April Solutions, un groupe spécialisé dans la conception, la gestion et la distribution de solutions d'assurance dommage grand public, semble avoir saisi tout l'intérêt de la situation.
Le groupe va commercialiser grâce à des accords passés avec des FAI, des sites d'e-commerce et des distributeurs informatiques, une assurance « Pack Internet ». Le produit est alléchant. Malheureusement, le groupe April n'ayant pas souhaité nous communiquer les conditions générales de vente et le détail de ce contrat, nous ne pouvons ici qu'en évoquer les grandes lignes.
S'assurer contre le phishing et les connexions surtaxées
Pour 4,90 euros par mois (58,80 euros par an), l'internaute pourra, en théorie du moins, bénéficier d'une garantie matériel sur son équipement informatique (PC, périphériques) de moins de cinq ans. Cette disposition se limite cependant aux sinistres couverts par l'assurance multirisque habitation (vol, incendie, etc.) déjà souscrite par l'assuré et vient en complément de l'indemnisation de celle-ci (avec un maximum de 2 000 euros par an et par sinistre).
Le « Pack Internet » d'April comprend aussi une protection juridique dans les cas de litiges sur Internet. Cela concerne les achats effectués en ligne (garantie « bonne livraison ») et la fraude, comme l'usurpation d'identité (phishing) ainsi que les escroqueries au dialer (connexions surtaxées à l'insu des internautes). Un dispositif auquel vient s'ajouter une protection juridique qui permet à l'assuré de se faire assister par téléphone en cas de conflit avec un cybermarchand et de se faire rembourser les frais de justice (à hauteur de 20 000 euros par sinistre).
Enfin, l'assuré peut compter sur une hot line d'assistance technique pour toute question relative à l'utilisation d'Internet, sans plus de précision de la part d'April... En cas d'attaque de virus, l'assurance prendra en charge tous les frais liés à la réparation de l'ordinateur (déplacement d'un technicien, pièces et main d'oeuvre).
En pratique, si la solution paraît séduisante, le consommateur ne devra pas pour autant s'engager à l'aveuglette. Une lecture attentive de ce type de contrat s'impose, car, comme disent les Anglo-Saxons, « le diable se cache dans les détails ».
01net - 27 avr 2007
Un contrat d'assurance pour surfer l'esprit tranquille
Le groupe April va proposer une nouvelle garantie pour assurer les internautes contre la fraude en ligne, les aléas de l'e-commerce et les dommages causés à leur ordinateur.
Philippe Crouzillacq , 01net., le 27/04/2007 à 14h04
Et si l'avenir de l'assurance se trouvait sur le Web ? Dans un pays où 46 % des foyers disposent désormais d'un accès à Internet et où le commerce en ligne a enregistré en 2006 la venue de plus de 3 millions de nouveaux clients, le marché s'annonce prometteur. April Solutions, un groupe spécialisé dans la conception, la gestion et la distribution de solutions d'assurance dommage grand public, semble avoir saisi tout l'intérêt de la situation.
Le groupe va commercialiser grâce à des accords passés avec des FAI, des sites d'e-commerce et des distributeurs informatiques, une assurance « Pack Internet ». Le produit est alléchant. Malheureusement, le groupe April n'ayant pas souhaité nous communiquer les conditions générales de vente et le détail de ce contrat, nous ne pouvons ici qu'en évoquer les grandes lignes.
S'assurer contre le phishing et les connexions surtaxées
Pour 4,90 euros par mois (58,80 euros par an), l'internaute pourra, en théorie du moins, bénéficier d'une garantie matériel sur son équipement informatique (PC, périphériques) de moins de cinq ans. Cette disposition se limite cependant aux sinistres couverts par l'assurance multirisque habitation (vol, incendie, etc.) déjà souscrite par l'assuré et vient en complément de l'indemnisation de celle-ci (avec un maximum de 2 000 euros par an et par sinistre).
Le « Pack Internet » d'April comprend aussi une protection juridique dans les cas de litiges sur Internet. Cela concerne les achats effectués en ligne (garantie « bonne livraison ») et la fraude, comme l'usurpation d'identité (phishing) ainsi que les escroqueries au dialer (connexions surtaxées à l'insu des internautes). Un dispositif auquel vient s'ajouter une protection juridique qui permet à l'assuré de se faire assister par téléphone en cas de conflit avec un cybermarchand et de se faire rembourser les frais de justice (à hauteur de 20 000 euros par sinistre).
Enfin, l'assuré peut compter sur une hot line d'assistance technique pour toute question relative à l'utilisation d'Internet, sans plus de précision de la part d'April... En cas d'attaque de virus, l'assurance prendra en charge tous les frais liés à la réparation de l'ordinateur (déplacement d'un technicien, pièces et main d'oeuvre).
En pratique, si la solution paraît séduisante, le consommateur ne devra pas pour autant s'engager à l'aveuglette. Une lecture attentive de ce type de contrat s'impose, car, comme disent les Anglo-Saxons, « le diable se cache dans les détails ».
La cybercriminalité progresse en Suisse
http://www.boursorama.com/international/detail_actu_intern.phtml?&news=4144968
Espionnage économique, usurpation d'identité et vol de données sont en recrudescence en Suisse sur Internet. Les méthodes sont de plus en plus raffinées et les cybercriminels n'hésitent pas à recruter des personnes naïves pour en faire leurs complices. L'être humain est le maillon faible, constate la Centrale d'enregistrement et d'analyse pour la sûreté de l'information (Melani) dans son rapport du 2e semestre 2006 publié lundi.
"L'année dernière, un jugement pour soustraction et destruction de données a été rendu pour la première fois en Suisse", a relevé lundi l'Office fédéral de la police (fedpol). Dans cette affaire, un informaticien de la société de chronométrage Datasport avait utilisé un maliciel ("malware") pour espionner ses concurrents suisses. Le cybercriminel se serait ainsi procuré 27.000 fichiers sensibles. En outre, il effaçait les demandes d'offres du système informatique de ses concurrents, de telle façon que ces entreprises ne les recevaient jamais.
Le rapport dénonce en particulier les attaques "d'ingénierie sociale" qui utilisent la serviabilité, la bonne foi ou le manque de sûreté des personnes pour accéder à des données confidentielles ou conduire la victime à effectuer certaines actions spécifiques. Les cybercriminels envoient par exemple un virus afin de prendre le contrôle d'un grand nombre d'ordinateurs. Ils créent alors un "réseau de zombies" qui effectuent à leur insu des opérations illégales, envoient des pourriels ("spams") ou attaquent d'autres ordinateurs.
La création de banques suisses fictives ou de faux portails Internet est en vogue également. En août dernier, la banque Migros avait été obligée d'interrompre les paiements via Internet à la suite d'un "hameçonnage" ("phishing"), qui consiste à tromper les utilisateurs pour les amener à communiquer leurs coordonnées bancaires ou personnelles.
Plus pernicieuse est l'affaire du pseudo-institut financier Porex, qui recrutait des "agents financiers". La personne recrutée devait simplement se faire envoyer des sommes sur son compte et les reverser sur un troisième compte. Elle pouvait prélever au passage une commission allant jusqu'à 10% du montant transféré. "Or, quiconque acceptait l'offre se rendait coupable de complicité de blanchiment d'argent", a constaté fedpol, car l'argent provenait de comptes pillés par hameçonnage.
"Le marché de la cybercriminalité est entré dans une phase de consolidation", ont constaté les experts fédéraux. Les segments les plus lucratifs sont ainsi systématiquement exploités et le professionnalisme tend à s'imposer, alors que les ramifications internationales s'étendent. Et avec des systèmes d'exploitation de plus en plus sûrs techniquement, "l'être humain est le maillon faible auquel s'intéressent les pirates", a mis en garde fedpol. AP
Espionnage économique, usurpation d'identité et vol de données sont en recrudescence en Suisse sur Internet. Les méthodes sont de plus en plus raffinées et les cybercriminels n'hésitent pas à recruter des personnes naïves pour en faire leurs complices. L'être humain est le maillon faible, constate la Centrale d'enregistrement et d'analyse pour la sûreté de l'information (Melani) dans son rapport du 2e semestre 2006 publié lundi.
"L'année dernière, un jugement pour soustraction et destruction de données a été rendu pour la première fois en Suisse", a relevé lundi l'Office fédéral de la police (fedpol). Dans cette affaire, un informaticien de la société de chronométrage Datasport avait utilisé un maliciel ("malware") pour espionner ses concurrents suisses. Le cybercriminel se serait ainsi procuré 27.000 fichiers sensibles. En outre, il effaçait les demandes d'offres du système informatique de ses concurrents, de telle façon que ces entreprises ne les recevaient jamais.
Le rapport dénonce en particulier les attaques "d'ingénierie sociale" qui utilisent la serviabilité, la bonne foi ou le manque de sûreté des personnes pour accéder à des données confidentielles ou conduire la victime à effectuer certaines actions spécifiques. Les cybercriminels envoient par exemple un virus afin de prendre le contrôle d'un grand nombre d'ordinateurs. Ils créent alors un "réseau de zombies" qui effectuent à leur insu des opérations illégales, envoient des pourriels ("spams") ou attaquent d'autres ordinateurs.
La création de banques suisses fictives ou de faux portails Internet est en vogue également. En août dernier, la banque Migros avait été obligée d'interrompre les paiements via Internet à la suite d'un "hameçonnage" ("phishing"), qui consiste à tromper les utilisateurs pour les amener à communiquer leurs coordonnées bancaires ou personnelles.
Plus pernicieuse est l'affaire du pseudo-institut financier Porex, qui recrutait des "agents financiers". La personne recrutée devait simplement se faire envoyer des sommes sur son compte et les reverser sur un troisième compte. Elle pouvait prélever au passage une commission allant jusqu'à 10% du montant transféré. "Or, quiconque acceptait l'offre se rendait coupable de complicité de blanchiment d'argent", a constaté fedpol, car l'argent provenait de comptes pillés par hameçonnage.
"Le marché de la cybercriminalité est entré dans une phase de consolidation", ont constaté les experts fédéraux. Les segments les plus lucratifs sont ainsi systématiquement exploités et le professionnalisme tend à s'imposer, alors que les ramifications internationales s'étendent. Et avec des systèmes d'exploitation de plus en plus sûrs techniquement, "l'être humain est le maillon faible auquel s'intéressent les pirates", a mis en garde fedpol. AP
vendredi 27 avril 2007
RFID virus buster builds wireless firewall
http://www.theinquirer.net/default.aspx?article=39170
"SPYCHIPS," some privacy campaigners call RFID. Two years ago, when Melanie Rieback in 2005 was hunting for a research topic for her PhD, she settled on RFID security because "It was obvious there was a lot of work to be done."
Based at the department of computer science at Vrije Universiteit in the Netherlands, Rieback, an American, caused a storm last year when she published a paper on RFID viruses. "I wrote a completely scientifically and factually neutral paper about how to use RFID to perpetuate common exploits like the ones on the Internet today," she says.
The paper didn't talk about the possible consequences. But, "The reality is that RFID is a new technology like anything else, and you have to do a proper cost-risk analysis in deciding when to deploy it." Using RFID to tag cows in a field clearly carries much less risk than putting them in passports and credit cards.
[Melamie Rieback]
"I think you need to be as worried about RFID malware as any other kind of enterprise software. With big RIFD installations you're going to have big databases, Internet connections in the mix, a lot of bloated source code, and statistically they say there are 16 bugs per thousand line of code."
Rieback's latest project, RFIDGuardian, aims to create a personal firewall for RFID tags. That is, a portable, battery-powered device that anyone can use to see and selectively block the tags around them.
The idea, Rieback says, was inspired by a paper written by Ari Juels that she believes was the first proposal for an RFID privacy-enhancing technology. "It was a brilliant idea, but it had a few shortcomings, and thinking through those led me to RFIDGuardian."
The basis of Juels' idea was to jam the system by using the built-in anticollision protocols. Readers check for nearby tags by proceeding down a tree of possible names. Juels proposed a tag that responds to all of them, slowing the system down and confusing it as to which tags are actually present.
The shortcomings: tags have no power source and can only be read in the right orientation; they have very little data storage, ruling out complex security policies; and changing the policy after widespread distribution would be a "nightmare".
The prototype RFIDGuardian is currently in its third version of hardware and software, and by now it's a single PCB with all the functionality build into it.
"It sends out some random noise in the time slots when an RFID tag is going to be speaking," she says. "Because the jamming signal is so short and selective in can block only one tag and let others speak." Building the prototype took her team about six months and wasn't, she says, technically all that difficult.
"The only thing at the beginning was that we didn't know if we would get tag spoofing/jamming to work." This was, she says, another problem with Juels' proposal: most people can't make their own silicon to create a jamming tag.
Rieback's ultimate goal is to implement the device in a single chip that could be affordable for consumers. "The idea is it could eventually be integrated into a PDA or cellphone," she says.
The version in progress will incorporate Bluetooth so that a Java applet on a cellphone can control the device and display its output on the cellphone screen. Currently, seven are in production destined to be given away to other researchers. Rieback hopes that seven or eight months from now she'll be able to open-source the entire project.
For Rieback, enhancing privacy isn't a primary goal but it is a welcome by-product. "I see myself first as a scientist. It makes me happy that what I'm working on can have a positive impact in terms of privacy, but only being an activist has its limitations. People aren't going to believe you that something is broken until you show it to them. I try not to be too preachy – I just try to show things scientifically and factually."
"SPYCHIPS," some privacy campaigners call RFID. Two years ago, when Melanie Rieback in 2005 was hunting for a research topic for her PhD, she settled on RFID security because "It was obvious there was a lot of work to be done."
Based at the department of computer science at Vrije Universiteit in the Netherlands, Rieback, an American, caused a storm last year when she published a paper on RFID viruses. "I wrote a completely scientifically and factually neutral paper about how to use RFID to perpetuate common exploits like the ones on the Internet today," she says.
The paper didn't talk about the possible consequences. But, "The reality is that RFID is a new technology like anything else, and you have to do a proper cost-risk analysis in deciding when to deploy it." Using RFID to tag cows in a field clearly carries much less risk than putting them in passports and credit cards.
[Melamie Rieback]
"I think you need to be as worried about RFID malware as any other kind of enterprise software. With big RIFD installations you're going to have big databases, Internet connections in the mix, a lot of bloated source code, and statistically they say there are 16 bugs per thousand line of code."
Rieback's latest project, RFIDGuardian, aims to create a personal firewall for RFID tags. That is, a portable, battery-powered device that anyone can use to see and selectively block the tags around them.
The idea, Rieback says, was inspired by a paper written by Ari Juels that she believes was the first proposal for an RFID privacy-enhancing technology. "It was a brilliant idea, but it had a few shortcomings, and thinking through those led me to RFIDGuardian."
The basis of Juels' idea was to jam the system by using the built-in anticollision protocols. Readers check for nearby tags by proceeding down a tree of possible names. Juels proposed a tag that responds to all of them, slowing the system down and confusing it as to which tags are actually present.
The shortcomings: tags have no power source and can only be read in the right orientation; they have very little data storage, ruling out complex security policies; and changing the policy after widespread distribution would be a "nightmare".
The prototype RFIDGuardian is currently in its third version of hardware and software, and by now it's a single PCB with all the functionality build into it.
"It sends out some random noise in the time slots when an RFID tag is going to be speaking," she says. "Because the jamming signal is so short and selective in can block only one tag and let others speak." Building the prototype took her team about six months and wasn't, she says, technically all that difficult.
"The only thing at the beginning was that we didn't know if we would get tag spoofing/jamming to work." This was, she says, another problem with Juels' proposal: most people can't make their own silicon to create a jamming tag.
Rieback's ultimate goal is to implement the device in a single chip that could be affordable for consumers. "The idea is it could eventually be integrated into a PDA or cellphone," she says.
The version in progress will incorporate Bluetooth so that a Java applet on a cellphone can control the device and display its output on the cellphone screen. Currently, seven are in production destined to be given away to other researchers. Rieback hopes that seven or eight months from now she'll be able to open-source the entire project.
For Rieback, enhancing privacy isn't a primary goal but it is a welcome by-product. "I see myself first as a scientist. It makes me happy that what I'm working on can have a positive impact in terms of privacy, but only being an activist has its limitations. People aren't going to believe you that something is broken until you show it to them. I try not to be too preachy – I just try to show things scientifically and factually."
DoS extortion is no longer profitable
http://www.symantec.com/enterprise/security_response/weblog/2007/04/dos_extortion_is_no_longer_pro.html
In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial of service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial of service extortion attacks are no longer profitable.
DoS extortion attacks are usually carried out by a bot-network owner. Using their bots, the extortionsist has to make a successful DoS attack against a target organization. Following that they have to issue the extortion request and hope the target organization pays it.
The thing is that DoS attacks are loud and risky. Whenever a bot-network owner carries out a denial of service attack they run the risk of losing some of their bots. This could happen either because an attacking computer is identified and disinfected, or if it is simply blocked by its ISP from accessing the network. Furthermore, if the bot-network owner isn’t careful they could lose their entire bot network if their command and control server is identified. Since a DoS extortionist has to carry out at least one successful DoS attack before they can even demand their pay, they run some serious overhead risks.
So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.
It is likely that bot network owners are now moving away from DoS extortion and towards more lucrative ventures like spam. Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006.
In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial of service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial of service extortion attacks are no longer profitable.
DoS extortion attacks are usually carried out by a bot-network owner. Using their bots, the extortionsist has to make a successful DoS attack against a target organization. Following that they have to issue the extortion request and hope the target organization pays it.
The thing is that DoS attacks are loud and risky. Whenever a bot-network owner carries out a denial of service attack they run the risk of losing some of their bots. This could happen either because an attacking computer is identified and disinfected, or if it is simply blocked by its ISP from accessing the network. Furthermore, if the bot-network owner isn’t careful they could lose their entire bot network if their command and control server is identified. Since a DoS extortionist has to carry out at least one successful DoS attack before they can even demand their pay, they run some serious overhead risks.
So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.
It is likely that bot network owners are now moving away from DoS extortion and towards more lucrative ventures like spam. Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006.
London hit by malware-infected USB ruse
London hit by malware-infected USB ruse: "Filed under: Misc. GadgetsJoining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of 'malware purveyors' reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming 'the new phishing email,' but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run."
jeudi 26 avril 2007
Les phishers se mettent au renvoi d'appels - Zone-H.org
Les phishers se mettent au renvoi d'appels - Zone-H.org:
SecureWorks ont analysé une nouvelle technique de phishing qui utiliserait le renvoi d'appel afin de conduire les appels entrants de la victime vers un numéro contrôlé par les attaquants.
Ils demandent à leurs victimes de confirmer leur numéro de téléphone en appellant le *72 suivi d'une série de nombres. Ce numéro va renvoyer tous les appels entrants.
Cette technique est combinée avec la méthode plus tradionnelle (phishing par mail) pour récupérer les données personnelles de la victime (nom, prenom, adresse, numéro de carte de crédit ...).
Si l'attaque réussit, l'attaquant pourra faire des transferts d'argent et aussi de confirmer le transfert s'il reçoit un appel de la banque.
SecureWorks ont analysé une nouvelle technique de phishing qui utiliserait le renvoi d'appel afin de conduire les appels entrants de la victime vers un numéro contrôlé par les attaquants.
Ils demandent à leurs victimes de confirmer leur numéro de téléphone en appellant le *72 suivi d'une série de nombres. Ce numéro va renvoyer tous les appels entrants.
Cette technique est combinée avec la méthode plus tradionnelle (phishing par mail) pour récupérer les données personnelles de la victime (nom, prenom, adresse, numéro de carte de crédit ...).
Si l'attaque réussit, l'attaquant pourra faire des transferts d'argent et aussi de confirmer le transfert s'il reçoit un appel de la banque.
La police belge, Western Union et eBay répliquent à une vaste ... - ZDNet
La police belge, Western Union et eBay répliquent à une vaste escroquerie en ligne - ZDNet:
Sécurité - En Belgique, une campagne de sensibilisation a débuté dans les bureaux de poste, pour dissuader les internautes de régler leurs achats à l’étranger avec des mandats Western Union. L’opération pourrait être reprise en France.
«Un inconnu vous demande de régler un achat sur internet avec le service Western Union? Refusez!» Cette recommandation (voir photo) est placardée dans tous les bureaux de Poste en Belgique, les points d'accueil de la police fédérale et les points d'accès internet de l'ANPE locale. Au total, dans le cadre d'une campagne de prévention, près de 6.000 affiches de ce type et 15.000 prospectus ont été distribués dans tout le pays.
À l'origine de cette initiative, Olivier Bogaert, le chef d'équipe de la Regional Computer Crime Unit de Tournai, une des brigades anti-criminalité de la police judiciaire fédérale belge. «Nous avons constaté une hausse du nombre d'escroqueries sur internet pour lesquelles nous n'avions aucune chance d'aboutir, car les escrocs mettent de plus en plus de barrières entre eux et leurs victimes», explique-t-il.
En 2006, les services de la police belge ont en effet enregistré 27.232 arnaques en ligne (phishing, escroquerie "nigériane"...), représentant une hausse de 70%.
Une des escroqueries classiques consiste à demander un paiement pour un achat ou pour une assurance via le service de transfert d'argent à l'international Western Union. Bien sûr, une fois l'argent envoyé par la victime, l'escroc disparaît dans la nature, sans remplir sa partie du contrat. Il est quasiment impossible pour l'internaute berné de récupérer son versement.
Un dispositif identique en France prochainement?
Olivier Bogaert a donc eu l'idée de prévenir les victimes potentielles au moment où elles réalisent le transfert d'argent: «Sur 450 points de vente des services Western Union en Belgique, 350 sont à la Poste», affirme-t-il.
Il a contacté la société de transfert d'argent ainsi qu'eBay, pour leur demander de participer à cette opération. «Je n'étais pas d'un optimisme béat quant à leur réponse, mais j'ai été très surpris de voir qu'ils acceptaient de s'impliquer si rapidement». Western Union a même décidé de financer entièrement les affiches. La société a très vite compris que l'image de marque de son service pâtissait énormément de ses escroqueries, et qu'elle pouvait craindre d'éventuelles poursuites de clients mécontents, selon Bogaert.
La collaboration de partenaires au rayonnement international laisse de bons espoirs au policier pour que cette initiative soit reprise au niveau européen.
Chez eBay France, on se contente de répondre que le site dispose d'une page d'information, exposant les risques d'un paiement via Western Union. Toutefois, selon nos informations, une réunion sur le sujet devrait se tenir début mai, avec les services de police et de gendarmerie pour décider d'une éventuelle reprise de ce dispositif dans l'Hexagone.
Sécurité - En Belgique, une campagne de sensibilisation a débuté dans les bureaux de poste, pour dissuader les internautes de régler leurs achats à l’étranger avec des mandats Western Union. L’opération pourrait être reprise en France.
«Un inconnu vous demande de régler un achat sur internet avec le service Western Union? Refusez!» Cette recommandation (voir photo) est placardée dans tous les bureaux de Poste en Belgique, les points d'accueil de la police fédérale et les points d'accès internet de l'ANPE locale. Au total, dans le cadre d'une campagne de prévention, près de 6.000 affiches de ce type et 15.000 prospectus ont été distribués dans tout le pays.
À l'origine de cette initiative, Olivier Bogaert, le chef d'équipe de la Regional Computer Crime Unit de Tournai, une des brigades anti-criminalité de la police judiciaire fédérale belge. «Nous avons constaté une hausse du nombre d'escroqueries sur internet pour lesquelles nous n'avions aucune chance d'aboutir, car les escrocs mettent de plus en plus de barrières entre eux et leurs victimes», explique-t-il.
En 2006, les services de la police belge ont en effet enregistré 27.232 arnaques en ligne (phishing, escroquerie "nigériane"...), représentant une hausse de 70%.
Une des escroqueries classiques consiste à demander un paiement pour un achat ou pour une assurance via le service de transfert d'argent à l'international Western Union. Bien sûr, une fois l'argent envoyé par la victime, l'escroc disparaît dans la nature, sans remplir sa partie du contrat. Il est quasiment impossible pour l'internaute berné de récupérer son versement.
Un dispositif identique en France prochainement?
Olivier Bogaert a donc eu l'idée de prévenir les victimes potentielles au moment où elles réalisent le transfert d'argent: «Sur 450 points de vente des services Western Union en Belgique, 350 sont à la Poste», affirme-t-il.
Il a contacté la société de transfert d'argent ainsi qu'eBay, pour leur demander de participer à cette opération. «Je n'étais pas d'un optimisme béat quant à leur réponse, mais j'ai été très surpris de voir qu'ils acceptaient de s'impliquer si rapidement». Western Union a même décidé de financer entièrement les affiches. La société a très vite compris que l'image de marque de son service pâtissait énormément de ses escroqueries, et qu'elle pouvait craindre d'éventuelles poursuites de clients mécontents, selon Bogaert.
La collaboration de partenaires au rayonnement international laisse de bons espoirs au policier pour que cette initiative soit reprise au niveau européen.
Chez eBay France, on se contente de répondre que le site dispose d'une page d'information, exposant les risques d'un paiement via Western Union. Toutefois, selon nos informations, une réunion sur le sujet devrait se tenir début mai, avec les services de police et de gendarmerie pour décider d'une éventuelle reprise de ce dispositif dans l'Hexagone.
Entrepreneurial hackers buy sponsored links on Google
Entrepreneurial hackers buy sponsored links on Google:
April 26, 2007 (Computerworld) -- A hacker scheme that involved buying search keywords on Google, then routing users to a malicious site when they clicked on sponsored links, was revealed yesterday by a security company.
According to Roger Thompson, CTO of Exploit Prevention Labs, the ploy involved sponsored links (the text ads that appear alongside search results on Google) a malicious intermediary, and malware that steals online banking usernames and passwords.
"It's quite an investment on the bad guys' part," said Thompson. "Instead of just hacking into sites, they bought keywords."
Those keywords put the criminals' sponsored links at the top of the page when searches were run for brand name sites like the Better Business Bureau or Cars.com using phrases such as "betterbusinessbureau" or "modern cars airbags required." But when users clicked on the ad link, they were momentarily diverted to smarttrack.org, a malicious site that used an exploit against the Microsoft Data Access Components (MDAC) function in Windows to plant a backdoor and a "post-logger" on the PC.
MDAC has been patched three times by Microsoft in the last three years, most recently in February 2007, when the vulnerability was rated critical.
Once the malware was installed on unpatched PCs, smarttrack.org pushed the user's browser along to the real destination link. "It was pretty clever, the sponsored link takes you to the real page," said Thompson. "You'd never know." The post-logger, however, knew plenty. According to Thompson, it targeted users of about 100 different banks, injecting extra HTML into those banks' pages to entice extra personal information out of the victim.
Exploit Prevention Labs first spotted the hack on April 10. Fortunately, the scheme was short-lived. "There was obviously a lot of planning that went into it, but I think the site had only been live for a little while. They registered the [smarttrack.org] domain on April 2." The domain was registered using an anonymous registrant service that masks the name and other information of the person who purchased the URL.
The attackers, said Thompson, profited from a Google design quirk. When users pause the mouse cursor atop a sponsored link, the full URL does not appear at the bottom left of the browser window, as it does when pointing to a link in the search result list. "This means that a user has no clue where she is about to navigate to," said Thompson.
Yahoo's search engine does the same, but rivals, including Microsoft Corp.'s Live Search and Ask.com, reveal the complete URL of all links, sponsored links included.
Google, which was not available tonight for comment, has removed the malicious sponsored links, said Thompson, for the 20 or so search strings that resulted in bogus ad links to smarttrack.org.
April 26, 2007 (Computerworld) -- A hacker scheme that involved buying search keywords on Google, then routing users to a malicious site when they clicked on sponsored links, was revealed yesterday by a security company.
According to Roger Thompson, CTO of Exploit Prevention Labs, the ploy involved sponsored links (the text ads that appear alongside search results on Google) a malicious intermediary, and malware that steals online banking usernames and passwords.
"It's quite an investment on the bad guys' part," said Thompson. "Instead of just hacking into sites, they bought keywords."
Those keywords put the criminals' sponsored links at the top of the page when searches were run for brand name sites like the Better Business Bureau or Cars.com using phrases such as "betterbusinessbureau" or "modern cars airbags required." But when users clicked on the ad link, they were momentarily diverted to smarttrack.org, a malicious site that used an exploit against the Microsoft Data Access Components (MDAC) function in Windows to plant a backdoor and a "post-logger" on the PC.
MDAC has been patched three times by Microsoft in the last three years, most recently in February 2007, when the vulnerability was rated critical.
Once the malware was installed on unpatched PCs, smarttrack.org pushed the user's browser along to the real destination link. "It was pretty clever, the sponsored link takes you to the real page," said Thompson. "You'd never know." The post-logger, however, knew plenty. According to Thompson, it targeted users of about 100 different banks, injecting extra HTML into those banks' pages to entice extra personal information out of the victim.
Exploit Prevention Labs first spotted the hack on April 10. Fortunately, the scheme was short-lived. "There was obviously a lot of planning that went into it, but I think the site had only been live for a little while. They registered the [smarttrack.org] domain on April 2." The domain was registered using an anonymous registrant service that masks the name and other information of the person who purchased the URL.
The attackers, said Thompson, profited from a Google design quirk. When users pause the mouse cursor atop a sponsored link, the full URL does not appear at the bottom left of the browser window, as it does when pointing to a link in the search result list. "This means that a user has no clue where she is about to navigate to," said Thompson.
Yahoo's search engine does the same, but rivals, including Microsoft Corp.'s Live Search and Ask.com, reveal the complete URL of all links, sponsored links included.
Google, which was not available tonight for comment, has removed the malicious sponsored links, said Thompson, for the 20 or so search strings that resulted in bogus ad links to smarttrack.org.
mercredi 25 avril 2007
Anti-phishing tool pays off at Nationwide
http://www.computerweekly.com/Articles/2007/04/20/223364/anti-phishing-tool-pays-off-at-nationwide.htm
Software deployed by Nationwide to automatically identify and shut down phishing scams has paid for itself in three months by reducing online fraud, the building society said last week.
The roll-out followed the creation of the Strategic Fraud Initiative group at Nationwide to consider options for combating phishing attacks, which seek to obtain customer account and log-in information using spoof e-mails and websites.
The MarkMonitor software, which took 10 days to implement, has shut down hundreds of phishing scams during its first three months of operation. Prior to deploying MarkMonitor, Nationwide staff manually tracked phishing scams carried out against the company.
“It became extremely difficult to shut down phishing sites quickly enough and cope with the number of incoming e-mails from customers reporting phishing attacks or suspicious websites,” said Peter Corrie, head of Nationwide’s Strategic Fraud Initiative.
“With online fraud increasing exponentially each year, it is paramount for companies like ours to tackle the problem head-on in order to minimise revenue losses and protect our members.”
Software deployed by Nationwide to automatically identify and shut down phishing scams has paid for itself in three months by reducing online fraud, the building society said last week.
The roll-out followed the creation of the Strategic Fraud Initiative group at Nationwide to consider options for combating phishing attacks, which seek to obtain customer account and log-in information using spoof e-mails and websites.
The MarkMonitor software, which took 10 days to implement, has shut down hundreds of phishing scams during its first three months of operation. Prior to deploying MarkMonitor, Nationwide staff manually tracked phishing scams carried out against the company.
“It became extremely difficult to shut down phishing sites quickly enough and cope with the number of incoming e-mails from customers reporting phishing attacks or suspicious websites,” said Peter Corrie, head of Nationwide’s Strategic Fraud Initiative.
“With online fraud increasing exponentially each year, it is paramount for companies like ours to tackle the problem head-on in order to minimise revenue losses and protect our members.”
jeudi 19 avril 2007
Post-9/11 FBI has little time for fraud
Post-9/11 FBI has little time for fraud:
Post-9/11 FBI has little time for fraud
Restructuring to fight terror leaves fewer agents for domestic crimes and rights abuses
By PAUL SHUKOVSKY, TRACY JOHNSON and DANIEL LATHROP
Seattle Post-intelligencer
TOOLS
Email Get section feed
Print Subscribe NOW
Recommend
RESOURCES
READ MORE
Find more on this story at www.seattlepi.com . SEATTLE — Thousands of white-collar criminals across the country are no longer being prosecuted in federal court and, in many cases, not at all, leaving a trail of frustrated victims and potentially billions of dollars in fraud and theft losses.
It's the untold story of the Bush administration's massive restructuring of the FBI after the terror attacks of 9/11.
Five and a half years later, the White House and Department of Justice have failed to replace at least 2,400 agents transferred to counter-terrorism squads, leaving far fewer agents on the trail of identity thieves, hatemongers, con artists and other criminals.
Two successive attorneys general have rejected the FBI's pleas for reinforcements behind closed doors.
While there hasn't been a terror strike on American soil since the realignment, few are aware of the hidden cost: A dramatic plunge in FBI investigations and case referrals in many of the crimes the bureau has traditionally fought, including sophisticated fraud and embezzlement schemes, and civil rights violations.
"Politically, this trade-off has been accepted," said Charles Mandigo, a former FBI congressional liaison who retired as special agent in charge in Seattle four years ago. "But do the American people know this trade-off has been made?"
Among the findings from a six-month investigation by the Seattle Post-Intelligencer, in which the newspaper analyzed more than a million cases touched by FBI agents and federal prosecutors before and after 9/11:
•Overall, the number of criminal cases investigated by the FBI nationally has steadily declined. In 2005, the bureau brought slightly more than 20,000 cases to federal prosecutors, compared with about 31,000 in 2000 — a 34 percent drop.
•White-collar crime investigations by the bureau have plummeted in recent years. In 2005, the FBI reported 3,453 cases. More than 10,000 cases were assigned to agents in 2000.
•Civil rights investigations, which include hate crimes and police abuse, have continued a steady decline since the late 1990s. The FBI pursued more than 2,000 such cases as recently as 1998 but only 530 cases by 2005.
Fraudsters unprosecuted
While other federal agencies have stepped in to shoulder more of the load in drug enforcement, the gaps created by the Bush administration's War on Terror are troubling to criminal justice experts, police chiefs, and even some current and former FBI officials and agents.
"There's a niche of fraudsters that are floating around unprosecuted," said one recently retired top FBI official, who spoke on condition of anonymity. "They are not going to jail. There is no law enforcement solution in sight."
A solution can't come soon enough for a growing number of frustrated fraud victims, including a 75-year-old Issaquah, Wash., woman who was allegedly swindled out of more than $1 million, and a cancer patient whose identity was stolen from a Seattle hospital.
They each sought the FBI's help. They got little or none.
"As far as I'm concerned, the FBI has no interest in protecting people from these kinds of crimes, "said Lloyd Martindale Jr., a Bellingham, Wash., man who put $500,000 into an investment con and is still fighting get it back.
Officials deny declines
Officially, the U.S. Department of Justice, the Attorney General's Office and White House Office of Management and Budget assert that traditional criminal enforcement by the FBI hasn't suffered in the wake of 9/11. They say federal law enforcement agencies are working more efficiently to compensate for the emphasis on Homeland Security.
"The administration strongly disagrees that the FBI has been anything less than effective in the years since 9/11 in combating domestic crime issues," OMB spokesman Sean Kevelighan said. "We have worked to achieve a balance between the FBI's homeland security and criminal investigative missions. "
"We'll just abide by what the president's budget is," said FBI Assistant Director Chip Burrus. "We work a lot smarter than we have in the past."
FBI Director Robert Mueller, Attorney General Alberto Gonzales and his predecessor, John Ashcroft, declined to be interviewed for this story.
According to the Post-Intelligencer 's analysis, if the FBI had continued investigating financial crimes at the same rate as it did before the World Trade Center came down, about 2,000 more criminals would be behind bars.
The number of fraud convictions in federal courts has dropped about 20 percent.
White-collar crimes often affect the people least able to afford it — lower-income and elderly people, according to Peter Henning, a former Justice prosecutor who teaches law at Wayne State University in Detroit.
"If you keep it small, and act quickly and get out of the jurisdiction, you can avoid being prosecuted," Henning said. "Scam artists know that."
Large numbers of FBI agents were also transferred out of violent crime programs because bureau officials knew that local police — who have overlapping jurisdiction in violent crimes — would have to help.
In the months after 9/11, when the first waves of agents were funneled into counter-
terrorism, FBI director Mueller was well-aware of the consequences to come. Without a major influx of new agents, there was no way to maintain the bureau's grip on a long list of traditional crimes, particularly time-consuming fraud investigations.
Mueller would ask for help from two attorneys general — Ashcroft and Gonzales — only to be rebuffed each time.
"We were told to do more with less," said David Szady, a former FBI assistant director who retired last year as head of counter-intelligence.
Dale Watson, who retired in 2002 as the FBI's executive assistant director over counter-terrorism, also blames the OMB and the Justice Department for failing to heed the warnings.
By the time the bureau started putting together its fiscal 2006-2007 budget in mid-2005, "we realized we were going to have to pull out of some areas — bank fraud, investment fraud, ID theft cases — that protect the financial infrastructure of the country," the retired top FBI official said.
Also in 2005, the FBI sent a five-year strategic plan to Justice that Szady called "the director's attempt to get this agency where it needed to be, including a robust criminal footprint. I know for a fact that the Justice Department beat that down. It was dead on arrival."
A September 2005 Justice Department inspector general's report asserts that in addition to the 1,143 agents transferred from traditional crime programs, the FBI used 1,279 agents on counterterrorism work, even though they were on the books as criminal-program agents. The inspector general concluded that the FBI reduced its investigative efforts related to traditional crimes by more than 2,400 agents.
In fiscal 2006, the bureau sought 250 to 350 new agents. They were funded for fewer than 75, a former official said. Over the past eight years, the ranks of FBI agents have increased from about 11,000 to 12,575, and nearly all have been assigned to anti-terror duties, records show.
Fraud-case 'triage'
Burrus, the FBI assistant director, acknowledges that the bureau has reduced its efforts to fight fraud. He likened the FBI's current fraud-enforcement policies, in which losses below $150,000 have little chance of being addressed, to "triage."
Enforcing civil rights laws has been a core FBI mission since the Johnson presidency, but after 9/11 those efforts declined substantially. The number of cases brought by the FBI to federal prosecutors for any reason from getting subpoenas to seeking charges fell 60 percent between 2000 and 2005, the Post-Intelligencer found.
While the FBI disputes the degree of the decline, the bureau's own figures show drops in cases investigated, indictments and convictions, particularly hate crimes.
Civil rights cases against local police, including allegations of brutality and misuse of power, also dropped after 9/11, but FBI data show a rebound in indictments and convictions since 2005.
There were 24 percent fewer agents working on civil rights cases in 2004 than in 2000, according to the 2005 inspector general report.
paulshukovsky@seattlepi.com; tracyjohnson@seattlepi.com; daniellathrop@seattlepi.com
Post-9/11 FBI has little time for fraud
Restructuring to fight terror leaves fewer agents for domestic crimes and rights abuses
By PAUL SHUKOVSKY, TRACY JOHNSON and DANIEL LATHROP
Seattle Post-intelligencer
TOOLS
Email Get section feed
Print Subscribe NOW
Recommend
RESOURCES
READ MORE
Find more on this story at www.seattlepi.com . SEATTLE — Thousands of white-collar criminals across the country are no longer being prosecuted in federal court and, in many cases, not at all, leaving a trail of frustrated victims and potentially billions of dollars in fraud and theft losses.
It's the untold story of the Bush administration's massive restructuring of the FBI after the terror attacks of 9/11.
Five and a half years later, the White House and Department of Justice have failed to replace at least 2,400 agents transferred to counter-terrorism squads, leaving far fewer agents on the trail of identity thieves, hatemongers, con artists and other criminals.
Two successive attorneys general have rejected the FBI's pleas for reinforcements behind closed doors.
While there hasn't been a terror strike on American soil since the realignment, few are aware of the hidden cost: A dramatic plunge in FBI investigations and case referrals in many of the crimes the bureau has traditionally fought, including sophisticated fraud and embezzlement schemes, and civil rights violations.
"Politically, this trade-off has been accepted," said Charles Mandigo, a former FBI congressional liaison who retired as special agent in charge in Seattle four years ago. "But do the American people know this trade-off has been made?"
Among the findings from a six-month investigation by the Seattle Post-Intelligencer, in which the newspaper analyzed more than a million cases touched by FBI agents and federal prosecutors before and after 9/11:
•Overall, the number of criminal cases investigated by the FBI nationally has steadily declined. In 2005, the bureau brought slightly more than 20,000 cases to federal prosecutors, compared with about 31,000 in 2000 — a 34 percent drop.
•White-collar crime investigations by the bureau have plummeted in recent years. In 2005, the FBI reported 3,453 cases. More than 10,000 cases were assigned to agents in 2000.
•Civil rights investigations, which include hate crimes and police abuse, have continued a steady decline since the late 1990s. The FBI pursued more than 2,000 such cases as recently as 1998 but only 530 cases by 2005.
Fraudsters unprosecuted
While other federal agencies have stepped in to shoulder more of the load in drug enforcement, the gaps created by the Bush administration's War on Terror are troubling to criminal justice experts, police chiefs, and even some current and former FBI officials and agents.
"There's a niche of fraudsters that are floating around unprosecuted," said one recently retired top FBI official, who spoke on condition of anonymity. "They are not going to jail. There is no law enforcement solution in sight."
A solution can't come soon enough for a growing number of frustrated fraud victims, including a 75-year-old Issaquah, Wash., woman who was allegedly swindled out of more than $1 million, and a cancer patient whose identity was stolen from a Seattle hospital.
They each sought the FBI's help. They got little or none.
"As far as I'm concerned, the FBI has no interest in protecting people from these kinds of crimes, "said Lloyd Martindale Jr., a Bellingham, Wash., man who put $500,000 into an investment con and is still fighting get it back.
Officials deny declines
Officially, the U.S. Department of Justice, the Attorney General's Office and White House Office of Management and Budget assert that traditional criminal enforcement by the FBI hasn't suffered in the wake of 9/11. They say federal law enforcement agencies are working more efficiently to compensate for the emphasis on Homeland Security.
"The administration strongly disagrees that the FBI has been anything less than effective in the years since 9/11 in combating domestic crime issues," OMB spokesman Sean Kevelighan said. "We have worked to achieve a balance between the FBI's homeland security and criminal investigative missions. "
"We'll just abide by what the president's budget is," said FBI Assistant Director Chip Burrus. "We work a lot smarter than we have in the past."
FBI Director Robert Mueller, Attorney General Alberto Gonzales and his predecessor, John Ashcroft, declined to be interviewed for this story.
According to the Post-Intelligencer 's analysis, if the FBI had continued investigating financial crimes at the same rate as it did before the World Trade Center came down, about 2,000 more criminals would be behind bars.
The number of fraud convictions in federal courts has dropped about 20 percent.
White-collar crimes often affect the people least able to afford it — lower-income and elderly people, according to Peter Henning, a former Justice prosecutor who teaches law at Wayne State University in Detroit.
"If you keep it small, and act quickly and get out of the jurisdiction, you can avoid being prosecuted," Henning said. "Scam artists know that."
Large numbers of FBI agents were also transferred out of violent crime programs because bureau officials knew that local police — who have overlapping jurisdiction in violent crimes — would have to help.
In the months after 9/11, when the first waves of agents were funneled into counter-
terrorism, FBI director Mueller was well-aware of the consequences to come. Without a major influx of new agents, there was no way to maintain the bureau's grip on a long list of traditional crimes, particularly time-consuming fraud investigations.
Mueller would ask for help from two attorneys general — Ashcroft and Gonzales — only to be rebuffed each time.
"We were told to do more with less," said David Szady, a former FBI assistant director who retired last year as head of counter-intelligence.
Dale Watson, who retired in 2002 as the FBI's executive assistant director over counter-terrorism, also blames the OMB and the Justice Department for failing to heed the warnings.
By the time the bureau started putting together its fiscal 2006-2007 budget in mid-2005, "we realized we were going to have to pull out of some areas — bank fraud, investment fraud, ID theft cases — that protect the financial infrastructure of the country," the retired top FBI official said.
Also in 2005, the FBI sent a five-year strategic plan to Justice that Szady called "the director's attempt to get this agency where it needed to be, including a robust criminal footprint. I know for a fact that the Justice Department beat that down. It was dead on arrival."
A September 2005 Justice Department inspector general's report asserts that in addition to the 1,143 agents transferred from traditional crime programs, the FBI used 1,279 agents on counterterrorism work, even though they were on the books as criminal-program agents. The inspector general concluded that the FBI reduced its investigative efforts related to traditional crimes by more than 2,400 agents.
In fiscal 2006, the bureau sought 250 to 350 new agents. They were funded for fewer than 75, a former official said. Over the past eight years, the ranks of FBI agents have increased from about 11,000 to 12,575, and nearly all have been assigned to anti-terror duties, records show.
Fraud-case 'triage'
Burrus, the FBI assistant director, acknowledges that the bureau has reduced its efforts to fight fraud. He likened the FBI's current fraud-enforcement policies, in which losses below $150,000 have little chance of being addressed, to "triage."
Enforcing civil rights laws has been a core FBI mission since the Johnson presidency, but after 9/11 those efforts declined substantially. The number of cases brought by the FBI to federal prosecutors for any reason from getting subpoenas to seeking charges fell 60 percent between 2000 and 2005, the Post-Intelligencer found.
While the FBI disputes the degree of the decline, the bureau's own figures show drops in cases investigated, indictments and convictions, particularly hate crimes.
Civil rights cases against local police, including allegations of brutality and misuse of power, also dropped after 9/11, but FBI data show a rebound in indictments and convictions since 2005.
There were 24 percent fewer agents working on civil rights cases in 2004 than in 2000, according to the 2005 inspector general report.
paulshukovsky@seattlepi.com; tracyjohnson@seattlepi.com; daniellathrop@seattlepi.com
Inscription à :
Articles (Atom)