http://www.theinquirer.net/default.aspx?article=39170
"SPYCHIPS," some privacy campaigners call RFID. Two years ago, when Melanie Rieback in 2005 was hunting for a research topic for her PhD, she settled on RFID security because "It was obvious there was a lot of work to be done."
Based at the department of computer science at Vrije Universiteit in the Netherlands, Rieback, an American, caused a storm last year when she published a paper on RFID viruses. "I wrote a completely scientifically and factually neutral paper about how to use RFID to perpetuate common exploits like the ones on the Internet today," she says.
The paper didn't talk about the possible consequences. But, "The reality is that RFID is a new technology like anything else, and you have to do a proper cost-risk analysis in deciding when to deploy it." Using RFID to tag cows in a field clearly carries much less risk than putting them in passports and credit cards.
[Melamie Rieback]
"I think you need to be as worried about RFID malware as any other kind of enterprise software. With big RIFD installations you're going to have big databases, Internet connections in the mix, a lot of bloated source code, and statistically they say there are 16 bugs per thousand line of code."
Rieback's latest project, RFIDGuardian, aims to create a personal firewall for RFID tags. That is, a portable, battery-powered device that anyone can use to see and selectively block the tags around them.
The idea, Rieback says, was inspired by a paper written by Ari Juels that she believes was the first proposal for an RFID privacy-enhancing technology. "It was a brilliant idea, but it had a few shortcomings, and thinking through those led me to RFIDGuardian."
The basis of Juels' idea was to jam the system by using the built-in anticollision protocols. Readers check for nearby tags by proceeding down a tree of possible names. Juels proposed a tag that responds to all of them, slowing the system down and confusing it as to which tags are actually present.
The shortcomings: tags have no power source and can only be read in the right orientation; they have very little data storage, ruling out complex security policies; and changing the policy after widespread distribution would be a "nightmare".
The prototype RFIDGuardian is currently in its third version of hardware and software, and by now it's a single PCB with all the functionality build into it.
"It sends out some random noise in the time slots when an RFID tag is going to be speaking," she says. "Because the jamming signal is so short and selective in can block only one tag and let others speak." Building the prototype took her team about six months and wasn't, she says, technically all that difficult.
"The only thing at the beginning was that we didn't know if we would get tag spoofing/jamming to work." This was, she says, another problem with Juels' proposal: most people can't make their own silicon to create a jamming tag.
Rieback's ultimate goal is to implement the device in a single chip that could be affordable for consumers. "The idea is it could eventually be integrated into a PDA or cellphone," she says.
The version in progress will incorporate Bluetooth so that a Java applet on a cellphone can control the device and display its output on the cellphone screen. Currently, seven are in production destined to be given away to other researchers. Rieback hopes that seven or eight months from now she'll be able to open-source the entire project.
For Rieback, enhancing privacy isn't a primary goal but it is a welcome by-product. "I see myself first as a scientist. It makes me happy that what I'm working on can have a positive impact in terms of privacy, but only being an activist has its limitations. People aren't going to believe you that something is broken until you show it to them. I try not to be too preachy – I just try to show things scientifically and factually."
vendredi 27 avril 2007
DoS extortion is no longer profitable
http://www.symantec.com/enterprise/security_response/weblog/2007/04/dos_extortion_is_no_longer_pro.html
In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial of service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial of service extortion attacks are no longer profitable.
DoS extortion attacks are usually carried out by a bot-network owner. Using their bots, the extortionsist has to make a successful DoS attack against a target organization. Following that they have to issue the extortion request and hope the target organization pays it.
The thing is that DoS attacks are loud and risky. Whenever a bot-network owner carries out a denial of service attack they run the risk of losing some of their bots. This could happen either because an attacking computer is identified and disinfected, or if it is simply blocked by its ISP from accessing the network. Furthermore, if the bot-network owner isn’t careful they could lose their entire bot network if their command and control server is identified. Since a DoS extortionist has to carry out at least one successful DoS attack before they can even demand their pay, they run some serious overhead risks.
So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.
It is likely that bot network owners are now moving away from DoS extortion and towards more lucrative ventures like spam. Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006.
In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial of service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial of service extortion attacks are no longer profitable.
DoS extortion attacks are usually carried out by a bot-network owner. Using their bots, the extortionsist has to make a successful DoS attack against a target organization. Following that they have to issue the extortion request and hope the target organization pays it.
The thing is that DoS attacks are loud and risky. Whenever a bot-network owner carries out a denial of service attack they run the risk of losing some of their bots. This could happen either because an attacking computer is identified and disinfected, or if it is simply blocked by its ISP from accessing the network. Furthermore, if the bot-network owner isn’t careful they could lose their entire bot network if their command and control server is identified. Since a DoS extortionist has to carry out at least one successful DoS attack before they can even demand their pay, they run some serious overhead risks.
So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.
It is likely that bot network owners are now moving away from DoS extortion and towards more lucrative ventures like spam. Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006.
London hit by malware-infected USB ruse
London hit by malware-infected USB ruse: "Filed under: Misc. GadgetsJoining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of 'malware purveyors' reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming 'the new phishing email,' but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run."
jeudi 26 avril 2007
Les phishers se mettent au renvoi d'appels - Zone-H.org
Les phishers se mettent au renvoi d'appels - Zone-H.org:
SecureWorks ont analysé une nouvelle technique de phishing qui utiliserait le renvoi d'appel afin de conduire les appels entrants de la victime vers un numéro contrôlé par les attaquants.
Ils demandent à leurs victimes de confirmer leur numéro de téléphone en appellant le *72 suivi d'une série de nombres. Ce numéro va renvoyer tous les appels entrants.
Cette technique est combinée avec la méthode plus tradionnelle (phishing par mail) pour récupérer les données personnelles de la victime (nom, prenom, adresse, numéro de carte de crédit ...).
Si l'attaque réussit, l'attaquant pourra faire des transferts d'argent et aussi de confirmer le transfert s'il reçoit un appel de la banque.
SecureWorks ont analysé une nouvelle technique de phishing qui utiliserait le renvoi d'appel afin de conduire les appels entrants de la victime vers un numéro contrôlé par les attaquants.
Ils demandent à leurs victimes de confirmer leur numéro de téléphone en appellant le *72 suivi d'une série de nombres. Ce numéro va renvoyer tous les appels entrants.
Cette technique est combinée avec la méthode plus tradionnelle (phishing par mail) pour récupérer les données personnelles de la victime (nom, prenom, adresse, numéro de carte de crédit ...).
Si l'attaque réussit, l'attaquant pourra faire des transferts d'argent et aussi de confirmer le transfert s'il reçoit un appel de la banque.
La police belge, Western Union et eBay répliquent à une vaste ... - ZDNet
La police belge, Western Union et eBay répliquent à une vaste escroquerie en ligne - ZDNet:
Sécurité - En Belgique, une campagne de sensibilisation a débuté dans les bureaux de poste, pour dissuader les internautes de régler leurs achats à l’étranger avec des mandats Western Union. L’opération pourrait être reprise en France.
«Un inconnu vous demande de régler un achat sur internet avec le service Western Union? Refusez!» Cette recommandation (voir photo) est placardée dans tous les bureaux de Poste en Belgique, les points d'accueil de la police fédérale et les points d'accès internet de l'ANPE locale. Au total, dans le cadre d'une campagne de prévention, près de 6.000 affiches de ce type et 15.000 prospectus ont été distribués dans tout le pays.
À l'origine de cette initiative, Olivier Bogaert, le chef d'équipe de la Regional Computer Crime Unit de Tournai, une des brigades anti-criminalité de la police judiciaire fédérale belge. «Nous avons constaté une hausse du nombre d'escroqueries sur internet pour lesquelles nous n'avions aucune chance d'aboutir, car les escrocs mettent de plus en plus de barrières entre eux et leurs victimes», explique-t-il.
En 2006, les services de la police belge ont en effet enregistré 27.232 arnaques en ligne (phishing, escroquerie "nigériane"...), représentant une hausse de 70%.
Une des escroqueries classiques consiste à demander un paiement pour un achat ou pour une assurance via le service de transfert d'argent à l'international Western Union. Bien sûr, une fois l'argent envoyé par la victime, l'escroc disparaît dans la nature, sans remplir sa partie du contrat. Il est quasiment impossible pour l'internaute berné de récupérer son versement.
Un dispositif identique en France prochainement?
Olivier Bogaert a donc eu l'idée de prévenir les victimes potentielles au moment où elles réalisent le transfert d'argent: «Sur 450 points de vente des services Western Union en Belgique, 350 sont à la Poste», affirme-t-il.
Il a contacté la société de transfert d'argent ainsi qu'eBay, pour leur demander de participer à cette opération. «Je n'étais pas d'un optimisme béat quant à leur réponse, mais j'ai été très surpris de voir qu'ils acceptaient de s'impliquer si rapidement». Western Union a même décidé de financer entièrement les affiches. La société a très vite compris que l'image de marque de son service pâtissait énormément de ses escroqueries, et qu'elle pouvait craindre d'éventuelles poursuites de clients mécontents, selon Bogaert.
La collaboration de partenaires au rayonnement international laisse de bons espoirs au policier pour que cette initiative soit reprise au niveau européen.
Chez eBay France, on se contente de répondre que le site dispose d'une page d'information, exposant les risques d'un paiement via Western Union. Toutefois, selon nos informations, une réunion sur le sujet devrait se tenir début mai, avec les services de police et de gendarmerie pour décider d'une éventuelle reprise de ce dispositif dans l'Hexagone.
Sécurité - En Belgique, une campagne de sensibilisation a débuté dans les bureaux de poste, pour dissuader les internautes de régler leurs achats à l’étranger avec des mandats Western Union. L’opération pourrait être reprise en France.
«Un inconnu vous demande de régler un achat sur internet avec le service Western Union? Refusez!» Cette recommandation (voir photo) est placardée dans tous les bureaux de Poste en Belgique, les points d'accueil de la police fédérale et les points d'accès internet de l'ANPE locale. Au total, dans le cadre d'une campagne de prévention, près de 6.000 affiches de ce type et 15.000 prospectus ont été distribués dans tout le pays.
À l'origine de cette initiative, Olivier Bogaert, le chef d'équipe de la Regional Computer Crime Unit de Tournai, une des brigades anti-criminalité de la police judiciaire fédérale belge. «Nous avons constaté une hausse du nombre d'escroqueries sur internet pour lesquelles nous n'avions aucune chance d'aboutir, car les escrocs mettent de plus en plus de barrières entre eux et leurs victimes», explique-t-il.
En 2006, les services de la police belge ont en effet enregistré 27.232 arnaques en ligne (phishing, escroquerie "nigériane"...), représentant une hausse de 70%.
Une des escroqueries classiques consiste à demander un paiement pour un achat ou pour une assurance via le service de transfert d'argent à l'international Western Union. Bien sûr, une fois l'argent envoyé par la victime, l'escroc disparaît dans la nature, sans remplir sa partie du contrat. Il est quasiment impossible pour l'internaute berné de récupérer son versement.
Un dispositif identique en France prochainement?
Olivier Bogaert a donc eu l'idée de prévenir les victimes potentielles au moment où elles réalisent le transfert d'argent: «Sur 450 points de vente des services Western Union en Belgique, 350 sont à la Poste», affirme-t-il.
Il a contacté la société de transfert d'argent ainsi qu'eBay, pour leur demander de participer à cette opération. «Je n'étais pas d'un optimisme béat quant à leur réponse, mais j'ai été très surpris de voir qu'ils acceptaient de s'impliquer si rapidement». Western Union a même décidé de financer entièrement les affiches. La société a très vite compris que l'image de marque de son service pâtissait énormément de ses escroqueries, et qu'elle pouvait craindre d'éventuelles poursuites de clients mécontents, selon Bogaert.
La collaboration de partenaires au rayonnement international laisse de bons espoirs au policier pour que cette initiative soit reprise au niveau européen.
Chez eBay France, on se contente de répondre que le site dispose d'une page d'information, exposant les risques d'un paiement via Western Union. Toutefois, selon nos informations, une réunion sur le sujet devrait se tenir début mai, avec les services de police et de gendarmerie pour décider d'une éventuelle reprise de ce dispositif dans l'Hexagone.
Entrepreneurial hackers buy sponsored links on Google
Entrepreneurial hackers buy sponsored links on Google:
April 26, 2007 (Computerworld) -- A hacker scheme that involved buying search keywords on Google, then routing users to a malicious site when they clicked on sponsored links, was revealed yesterday by a security company.
According to Roger Thompson, CTO of Exploit Prevention Labs, the ploy involved sponsored links (the text ads that appear alongside search results on Google) a malicious intermediary, and malware that steals online banking usernames and passwords.
"It's quite an investment on the bad guys' part," said Thompson. "Instead of just hacking into sites, they bought keywords."
Those keywords put the criminals' sponsored links at the top of the page when searches were run for brand name sites like the Better Business Bureau or Cars.com using phrases such as "betterbusinessbureau" or "modern cars airbags required." But when users clicked on the ad link, they were momentarily diverted to smarttrack.org, a malicious site that used an exploit against the Microsoft Data Access Components (MDAC) function in Windows to plant a backdoor and a "post-logger" on the PC.
MDAC has been patched three times by Microsoft in the last three years, most recently in February 2007, when the vulnerability was rated critical.
Once the malware was installed on unpatched PCs, smarttrack.org pushed the user's browser along to the real destination link. "It was pretty clever, the sponsored link takes you to the real page," said Thompson. "You'd never know." The post-logger, however, knew plenty. According to Thompson, it targeted users of about 100 different banks, injecting extra HTML into those banks' pages to entice extra personal information out of the victim.
Exploit Prevention Labs first spotted the hack on April 10. Fortunately, the scheme was short-lived. "There was obviously a lot of planning that went into it, but I think the site had only been live for a little while. They registered the [smarttrack.org] domain on April 2." The domain was registered using an anonymous registrant service that masks the name and other information of the person who purchased the URL.
The attackers, said Thompson, profited from a Google design quirk. When users pause the mouse cursor atop a sponsored link, the full URL does not appear at the bottom left of the browser window, as it does when pointing to a link in the search result list. "This means that a user has no clue where she is about to navigate to," said Thompson.
Yahoo's search engine does the same, but rivals, including Microsoft Corp.'s Live Search and Ask.com, reveal the complete URL of all links, sponsored links included.
Google, which was not available tonight for comment, has removed the malicious sponsored links, said Thompson, for the 20 or so search strings that resulted in bogus ad links to smarttrack.org.
April 26, 2007 (Computerworld) -- A hacker scheme that involved buying search keywords on Google, then routing users to a malicious site when they clicked on sponsored links, was revealed yesterday by a security company.
According to Roger Thompson, CTO of Exploit Prevention Labs, the ploy involved sponsored links (the text ads that appear alongside search results on Google) a malicious intermediary, and malware that steals online banking usernames and passwords.
"It's quite an investment on the bad guys' part," said Thompson. "Instead of just hacking into sites, they bought keywords."
Those keywords put the criminals' sponsored links at the top of the page when searches were run for brand name sites like the Better Business Bureau or Cars.com using phrases such as "betterbusinessbureau" or "modern cars airbags required." But when users clicked on the ad link, they were momentarily diverted to smarttrack.org, a malicious site that used an exploit against the Microsoft Data Access Components (MDAC) function in Windows to plant a backdoor and a "post-logger" on the PC.
MDAC has been patched three times by Microsoft in the last three years, most recently in February 2007, when the vulnerability was rated critical.
Once the malware was installed on unpatched PCs, smarttrack.org pushed the user's browser along to the real destination link. "It was pretty clever, the sponsored link takes you to the real page," said Thompson. "You'd never know." The post-logger, however, knew plenty. According to Thompson, it targeted users of about 100 different banks, injecting extra HTML into those banks' pages to entice extra personal information out of the victim.
Exploit Prevention Labs first spotted the hack on April 10. Fortunately, the scheme was short-lived. "There was obviously a lot of planning that went into it, but I think the site had only been live for a little while. They registered the [smarttrack.org] domain on April 2." The domain was registered using an anonymous registrant service that masks the name and other information of the person who purchased the URL.
The attackers, said Thompson, profited from a Google design quirk. When users pause the mouse cursor atop a sponsored link, the full URL does not appear at the bottom left of the browser window, as it does when pointing to a link in the search result list. "This means that a user has no clue where she is about to navigate to," said Thompson.
Yahoo's search engine does the same, but rivals, including Microsoft Corp.'s Live Search and Ask.com, reveal the complete URL of all links, sponsored links included.
Google, which was not available tonight for comment, has removed the malicious sponsored links, said Thompson, for the 20 or so search strings that resulted in bogus ad links to smarttrack.org.
mercredi 25 avril 2007
Anti-phishing tool pays off at Nationwide
http://www.computerweekly.com/Articles/2007/04/20/223364/anti-phishing-tool-pays-off-at-nationwide.htm
Software deployed by Nationwide to automatically identify and shut down phishing scams has paid for itself in three months by reducing online fraud, the building society said last week.
The roll-out followed the creation of the Strategic Fraud Initiative group at Nationwide to consider options for combating phishing attacks, which seek to obtain customer account and log-in information using spoof e-mails and websites.
The MarkMonitor software, which took 10 days to implement, has shut down hundreds of phishing scams during its first three months of operation. Prior to deploying MarkMonitor, Nationwide staff manually tracked phishing scams carried out against the company.
“It became extremely difficult to shut down phishing sites quickly enough and cope with the number of incoming e-mails from customers reporting phishing attacks or suspicious websites,” said Peter Corrie, head of Nationwide’s Strategic Fraud Initiative.
“With online fraud increasing exponentially each year, it is paramount for companies like ours to tackle the problem head-on in order to minimise revenue losses and protect our members.”
Software deployed by Nationwide to automatically identify and shut down phishing scams has paid for itself in three months by reducing online fraud, the building society said last week.
The roll-out followed the creation of the Strategic Fraud Initiative group at Nationwide to consider options for combating phishing attacks, which seek to obtain customer account and log-in information using spoof e-mails and websites.
The MarkMonitor software, which took 10 days to implement, has shut down hundreds of phishing scams during its first three months of operation. Prior to deploying MarkMonitor, Nationwide staff manually tracked phishing scams carried out against the company.
“It became extremely difficult to shut down phishing sites quickly enough and cope with the number of incoming e-mails from customers reporting phishing attacks or suspicious websites,” said Peter Corrie, head of Nationwide’s Strategic Fraud Initiative.
“With online fraud increasing exponentially each year, it is paramount for companies like ours to tackle the problem head-on in order to minimise revenue losses and protect our members.”
jeudi 19 avril 2007
Post-9/11 FBI has little time for fraud
Post-9/11 FBI has little time for fraud:
Post-9/11 FBI has little time for fraud
Restructuring to fight terror leaves fewer agents for domestic crimes and rights abuses
By PAUL SHUKOVSKY, TRACY JOHNSON and DANIEL LATHROP
Seattle Post-intelligencer
TOOLS
Email Get section feed
Print Subscribe NOW
Recommend
RESOURCES
READ MORE
Find more on this story at www.seattlepi.com . SEATTLE — Thousands of white-collar criminals across the country are no longer being prosecuted in federal court and, in many cases, not at all, leaving a trail of frustrated victims and potentially billions of dollars in fraud and theft losses.
It's the untold story of the Bush administration's massive restructuring of the FBI after the terror attacks of 9/11.
Five and a half years later, the White House and Department of Justice have failed to replace at least 2,400 agents transferred to counter-terrorism squads, leaving far fewer agents on the trail of identity thieves, hatemongers, con artists and other criminals.
Two successive attorneys general have rejected the FBI's pleas for reinforcements behind closed doors.
While there hasn't been a terror strike on American soil since the realignment, few are aware of the hidden cost: A dramatic plunge in FBI investigations and case referrals in many of the crimes the bureau has traditionally fought, including sophisticated fraud and embezzlement schemes, and civil rights violations.
"Politically, this trade-off has been accepted," said Charles Mandigo, a former FBI congressional liaison who retired as special agent in charge in Seattle four years ago. "But do the American people know this trade-off has been made?"
Among the findings from a six-month investigation by the Seattle Post-Intelligencer, in which the newspaper analyzed more than a million cases touched by FBI agents and federal prosecutors before and after 9/11:
•Overall, the number of criminal cases investigated by the FBI nationally has steadily declined. In 2005, the bureau brought slightly more than 20,000 cases to federal prosecutors, compared with about 31,000 in 2000 — a 34 percent drop.
•White-collar crime investigations by the bureau have plummeted in recent years. In 2005, the FBI reported 3,453 cases. More than 10,000 cases were assigned to agents in 2000.
•Civil rights investigations, which include hate crimes and police abuse, have continued a steady decline since the late 1990s. The FBI pursued more than 2,000 such cases as recently as 1998 but only 530 cases by 2005.
Fraudsters unprosecuted
While other federal agencies have stepped in to shoulder more of the load in drug enforcement, the gaps created by the Bush administration's War on Terror are troubling to criminal justice experts, police chiefs, and even some current and former FBI officials and agents.
"There's a niche of fraudsters that are floating around unprosecuted," said one recently retired top FBI official, who spoke on condition of anonymity. "They are not going to jail. There is no law enforcement solution in sight."
A solution can't come soon enough for a growing number of frustrated fraud victims, including a 75-year-old Issaquah, Wash., woman who was allegedly swindled out of more than $1 million, and a cancer patient whose identity was stolen from a Seattle hospital.
They each sought the FBI's help. They got little or none.
"As far as I'm concerned, the FBI has no interest in protecting people from these kinds of crimes, "said Lloyd Martindale Jr., a Bellingham, Wash., man who put $500,000 into an investment con and is still fighting get it back.
Officials deny declines
Officially, the U.S. Department of Justice, the Attorney General's Office and White House Office of Management and Budget assert that traditional criminal enforcement by the FBI hasn't suffered in the wake of 9/11. They say federal law enforcement agencies are working more efficiently to compensate for the emphasis on Homeland Security.
"The administration strongly disagrees that the FBI has been anything less than effective in the years since 9/11 in combating domestic crime issues," OMB spokesman Sean Kevelighan said. "We have worked to achieve a balance between the FBI's homeland security and criminal investigative missions. "
"We'll just abide by what the president's budget is," said FBI Assistant Director Chip Burrus. "We work a lot smarter than we have in the past."
FBI Director Robert Mueller, Attorney General Alberto Gonzales and his predecessor, John Ashcroft, declined to be interviewed for this story.
According to the Post-Intelligencer 's analysis, if the FBI had continued investigating financial crimes at the same rate as it did before the World Trade Center came down, about 2,000 more criminals would be behind bars.
The number of fraud convictions in federal courts has dropped about 20 percent.
White-collar crimes often affect the people least able to afford it — lower-income and elderly people, according to Peter Henning, a former Justice prosecutor who teaches law at Wayne State University in Detroit.
"If you keep it small, and act quickly and get out of the jurisdiction, you can avoid being prosecuted," Henning said. "Scam artists know that."
Large numbers of FBI agents were also transferred out of violent crime programs because bureau officials knew that local police — who have overlapping jurisdiction in violent crimes — would have to help.
In the months after 9/11, when the first waves of agents were funneled into counter-
terrorism, FBI director Mueller was well-aware of the consequences to come. Without a major influx of new agents, there was no way to maintain the bureau's grip on a long list of traditional crimes, particularly time-consuming fraud investigations.
Mueller would ask for help from two attorneys general — Ashcroft and Gonzales — only to be rebuffed each time.
"We were told to do more with less," said David Szady, a former FBI assistant director who retired last year as head of counter-intelligence.
Dale Watson, who retired in 2002 as the FBI's executive assistant director over counter-terrorism, also blames the OMB and the Justice Department for failing to heed the warnings.
By the time the bureau started putting together its fiscal 2006-2007 budget in mid-2005, "we realized we were going to have to pull out of some areas — bank fraud, investment fraud, ID theft cases — that protect the financial infrastructure of the country," the retired top FBI official said.
Also in 2005, the FBI sent a five-year strategic plan to Justice that Szady called "the director's attempt to get this agency where it needed to be, including a robust criminal footprint. I know for a fact that the Justice Department beat that down. It was dead on arrival."
A September 2005 Justice Department inspector general's report asserts that in addition to the 1,143 agents transferred from traditional crime programs, the FBI used 1,279 agents on counterterrorism work, even though they were on the books as criminal-program agents. The inspector general concluded that the FBI reduced its investigative efforts related to traditional crimes by more than 2,400 agents.
In fiscal 2006, the bureau sought 250 to 350 new agents. They were funded for fewer than 75, a former official said. Over the past eight years, the ranks of FBI agents have increased from about 11,000 to 12,575, and nearly all have been assigned to anti-terror duties, records show.
Fraud-case 'triage'
Burrus, the FBI assistant director, acknowledges that the bureau has reduced its efforts to fight fraud. He likened the FBI's current fraud-enforcement policies, in which losses below $150,000 have little chance of being addressed, to "triage."
Enforcing civil rights laws has been a core FBI mission since the Johnson presidency, but after 9/11 those efforts declined substantially. The number of cases brought by the FBI to federal prosecutors for any reason from getting subpoenas to seeking charges fell 60 percent between 2000 and 2005, the Post-Intelligencer found.
While the FBI disputes the degree of the decline, the bureau's own figures show drops in cases investigated, indictments and convictions, particularly hate crimes.
Civil rights cases against local police, including allegations of brutality and misuse of power, also dropped after 9/11, but FBI data show a rebound in indictments and convictions since 2005.
There were 24 percent fewer agents working on civil rights cases in 2004 than in 2000, according to the 2005 inspector general report.
paulshukovsky@seattlepi.com; tracyjohnson@seattlepi.com; daniellathrop@seattlepi.com
Post-9/11 FBI has little time for fraud
Restructuring to fight terror leaves fewer agents for domestic crimes and rights abuses
By PAUL SHUKOVSKY, TRACY JOHNSON and DANIEL LATHROP
Seattle Post-intelligencer
TOOLS
Email Get section feed
Print Subscribe NOW
Recommend
RESOURCES
READ MORE
Find more on this story at www.seattlepi.com . SEATTLE — Thousands of white-collar criminals across the country are no longer being prosecuted in federal court and, in many cases, not at all, leaving a trail of frustrated victims and potentially billions of dollars in fraud and theft losses.
It's the untold story of the Bush administration's massive restructuring of the FBI after the terror attacks of 9/11.
Five and a half years later, the White House and Department of Justice have failed to replace at least 2,400 agents transferred to counter-terrorism squads, leaving far fewer agents on the trail of identity thieves, hatemongers, con artists and other criminals.
Two successive attorneys general have rejected the FBI's pleas for reinforcements behind closed doors.
While there hasn't been a terror strike on American soil since the realignment, few are aware of the hidden cost: A dramatic plunge in FBI investigations and case referrals in many of the crimes the bureau has traditionally fought, including sophisticated fraud and embezzlement schemes, and civil rights violations.
"Politically, this trade-off has been accepted," said Charles Mandigo, a former FBI congressional liaison who retired as special agent in charge in Seattle four years ago. "But do the American people know this trade-off has been made?"
Among the findings from a six-month investigation by the Seattle Post-Intelligencer, in which the newspaper analyzed more than a million cases touched by FBI agents and federal prosecutors before and after 9/11:
•Overall, the number of criminal cases investigated by the FBI nationally has steadily declined. In 2005, the bureau brought slightly more than 20,000 cases to federal prosecutors, compared with about 31,000 in 2000 — a 34 percent drop.
•White-collar crime investigations by the bureau have plummeted in recent years. In 2005, the FBI reported 3,453 cases. More than 10,000 cases were assigned to agents in 2000.
•Civil rights investigations, which include hate crimes and police abuse, have continued a steady decline since the late 1990s. The FBI pursued more than 2,000 such cases as recently as 1998 but only 530 cases by 2005.
Fraudsters unprosecuted
While other federal agencies have stepped in to shoulder more of the load in drug enforcement, the gaps created by the Bush administration's War on Terror are troubling to criminal justice experts, police chiefs, and even some current and former FBI officials and agents.
"There's a niche of fraudsters that are floating around unprosecuted," said one recently retired top FBI official, who spoke on condition of anonymity. "They are not going to jail. There is no law enforcement solution in sight."
A solution can't come soon enough for a growing number of frustrated fraud victims, including a 75-year-old Issaquah, Wash., woman who was allegedly swindled out of more than $1 million, and a cancer patient whose identity was stolen from a Seattle hospital.
They each sought the FBI's help. They got little or none.
"As far as I'm concerned, the FBI has no interest in protecting people from these kinds of crimes, "said Lloyd Martindale Jr., a Bellingham, Wash., man who put $500,000 into an investment con and is still fighting get it back.
Officials deny declines
Officially, the U.S. Department of Justice, the Attorney General's Office and White House Office of Management and Budget assert that traditional criminal enforcement by the FBI hasn't suffered in the wake of 9/11. They say federal law enforcement agencies are working more efficiently to compensate for the emphasis on Homeland Security.
"The administration strongly disagrees that the FBI has been anything less than effective in the years since 9/11 in combating domestic crime issues," OMB spokesman Sean Kevelighan said. "We have worked to achieve a balance between the FBI's homeland security and criminal investigative missions. "
"We'll just abide by what the president's budget is," said FBI Assistant Director Chip Burrus. "We work a lot smarter than we have in the past."
FBI Director Robert Mueller, Attorney General Alberto Gonzales and his predecessor, John Ashcroft, declined to be interviewed for this story.
According to the Post-Intelligencer 's analysis, if the FBI had continued investigating financial crimes at the same rate as it did before the World Trade Center came down, about 2,000 more criminals would be behind bars.
The number of fraud convictions in federal courts has dropped about 20 percent.
White-collar crimes often affect the people least able to afford it — lower-income and elderly people, according to Peter Henning, a former Justice prosecutor who teaches law at Wayne State University in Detroit.
"If you keep it small, and act quickly and get out of the jurisdiction, you can avoid being prosecuted," Henning said. "Scam artists know that."
Large numbers of FBI agents were also transferred out of violent crime programs because bureau officials knew that local police — who have overlapping jurisdiction in violent crimes — would have to help.
In the months after 9/11, when the first waves of agents were funneled into counter-
terrorism, FBI director Mueller was well-aware of the consequences to come. Without a major influx of new agents, there was no way to maintain the bureau's grip on a long list of traditional crimes, particularly time-consuming fraud investigations.
Mueller would ask for help from two attorneys general — Ashcroft and Gonzales — only to be rebuffed each time.
"We were told to do more with less," said David Szady, a former FBI assistant director who retired last year as head of counter-intelligence.
Dale Watson, who retired in 2002 as the FBI's executive assistant director over counter-terrorism, also blames the OMB and the Justice Department for failing to heed the warnings.
By the time the bureau started putting together its fiscal 2006-2007 budget in mid-2005, "we realized we were going to have to pull out of some areas — bank fraud, investment fraud, ID theft cases — that protect the financial infrastructure of the country," the retired top FBI official said.
Also in 2005, the FBI sent a five-year strategic plan to Justice that Szady called "the director's attempt to get this agency where it needed to be, including a robust criminal footprint. I know for a fact that the Justice Department beat that down. It was dead on arrival."
A September 2005 Justice Department inspector general's report asserts that in addition to the 1,143 agents transferred from traditional crime programs, the FBI used 1,279 agents on counterterrorism work, even though they were on the books as criminal-program agents. The inspector general concluded that the FBI reduced its investigative efforts related to traditional crimes by more than 2,400 agents.
In fiscal 2006, the bureau sought 250 to 350 new agents. They were funded for fewer than 75, a former official said. Over the past eight years, the ranks of FBI agents have increased from about 11,000 to 12,575, and nearly all have been assigned to anti-terror duties, records show.
Fraud-case 'triage'
Burrus, the FBI assistant director, acknowledges that the bureau has reduced its efforts to fight fraud. He likened the FBI's current fraud-enforcement policies, in which losses below $150,000 have little chance of being addressed, to "triage."
Enforcing civil rights laws has been a core FBI mission since the Johnson presidency, but after 9/11 those efforts declined substantially. The number of cases brought by the FBI to federal prosecutors for any reason from getting subpoenas to seeking charges fell 60 percent between 2000 and 2005, the Post-Intelligencer found.
While the FBI disputes the degree of the decline, the bureau's own figures show drops in cases investigated, indictments and convictions, particularly hate crimes.
Civil rights cases against local police, including allegations of brutality and misuse of power, also dropped after 9/11, but FBI data show a rebound in indictments and convictions since 2005.
There were 24 percent fewer agents working on civil rights cases in 2004 than in 2000, according to the 2005 inspector general report.
paulshukovsky@seattlepi.com; tracyjohnson@seattlepi.com; daniellathrop@seattlepi.com
SMSishing en Malaisie
http://www.f-secure.com/weblog/#00001173
It seems that SMS phishing scams have come closer to home. As it turns out, apparently lots of people here in our Kuala Lumpur office received similar text messages during the week.
Below is the message that we received on our mobile phones:
Translation:
"Announcement from PETRONAS MLSY. CONGRATULATIONS your phone number has won a prize of RM 11000. (About US$3,200) Please contact the following number at 0062858853982xx tomorrow morning at 8.00am. Thank you".
The SMS message was received at 12:15am on 16/4/2007. This looks pretty odd – why would Petronas Malaysiam, a national Oil and Gas company in Malaysia, want to send an SMS at this time?
From the phone numbers that we got from the SMS, we know that they belong to the Indonesian mobile network Indosat and therefore the phisher is located somewhere in Indonesia. This was further confirmed when the phisher spoke to us in Malay with a clearly Indonesian accent.
Apparently, this is not the first time these numbers have been used in a SMS phishing attack – the first reported attack using this number was on the 23rd of March 2007.
We decided to call the listed number and play along with the phisher to find out more about the phishing scheme. The original conversation was in the Malay language. Here is a translated transcript:
Phisher: Hello.
Us: Hello.
Phisher: What is your name?
Us: My name is Devinder.
Phisher: What's your phone number?
Us: My number is xxxxxxx.
Phisher: Congratulations, we have chosen your number to win RM 11000.
What is your bank account number?
(Line got disconnected at this point.)
(Next call.)
Phisher: Hello Mr.Devinder?
Us: The line was disconnected just now…
Phisher: In order for us to transfer the RM 11000, we need your bank account number.
Us: I am using Maybank.
Phisher: Do you have an account in any other bank other than Maybank?
Us: I have Maybank only.
Phisher: You can't use Maybank because we have another winner who is using Maybank.
You need to have an account in one of these banks – RHB, Affin Bank, Bank Simpanan Nasional, Eon Bank and Public Bank.
Us: I have an account in Bank Simpanan too.
Phisher: Do you have an ATM card? We will not be able to give you the money if you don't have an ATM card.
Do you have any friend who has an ATM card for an account in any of the [mentioned] banks?
Us: Yes, my friend has a Giro ATM from Bank Simpanan and we can give you the number. The number is xxxx.
Phisher: Is this the number on the card?
Us: Yes
Phisher: Is it an ATM card?
Us: Yes it is an ATM card.
Phisher: How much money do you have in that account?
Us: I have around one thousand Ringgit.
Phisher: Now go and check your balance from an ATM machine.
It will be RM 12000 now.
Us: How are you going to send the money? Are you going to send a check?
Phisher: I am going to send a check to you. Please go to the ATM machine to insert the check in the ATM machine.
Us: What is your name?
Phisher: Mohammed Paisol.
Phisher: Go to the ATM machine now and call us from there.
Us: Ok. I will do that. Bye
(After a short time we tried calling again.)
Us: I am now at the ATM machine now.
Phisher: What is your name?
Us: Devinder.
Phisher: Why did you call again?
Us: Because just now you told me to go to the ATM machine.
Phisher: So are you at the ATM now?
Us: Yes.
Phisher: Are you familiar with the ATM machine?
Us: Yes I'm use to using it.
Phisher: Please put your card in.
Us: Ok the card is in.
Phisher: What did the display say on the screen?
Us: The screen says to choose either English or Bahasa Melayu.
Phisher: Please choose Bahasa Melayu.
Us: Ok I have chosen it.
Phisher: Key in your pin number.
Phisher: You have to be at the ATM! I know that you are not at the ATM now!
Us: No, I'm at the ATM now.
Phisher: No! You are not at the ATM now!
Us: I'm at the ATM.
Phisher: Have you insert the card in?
Us: Yes.
Phisher: Take the card out!
Us: Ok, it's out.
Phisher: It's ok. It's obvious you don't deserve the money. Thank you!!
The phisher hung up abruptly right after that.
We are still in the process of getting the latest information on this phisher. After two days passed, we invited our PR Manager to call the phisher using a mobile phone and found out that the phisher was receiving calls from another mobile phone and was on voice mail. The voice mail box was apparently full. As a result of this we had to abort the call.
So, everyone out there, be prudent when you receive this kind of SMS on your mobile phones.
It seems that SMS phishing scams have come closer to home. As it turns out, apparently lots of people here in our Kuala Lumpur office received similar text messages during the week.
Below is the message that we received on our mobile phones:
Translation:
"Announcement from PETRONAS MLSY. CONGRATULATIONS your phone number has won a prize of RM 11000. (About US$3,200) Please contact the following number at 0062858853982xx tomorrow morning at 8.00am. Thank you".
The SMS message was received at 12:15am on 16/4/2007. This looks pretty odd – why would Petronas Malaysiam, a national Oil and Gas company in Malaysia, want to send an SMS at this time?
From the phone numbers that we got from the SMS, we know that they belong to the Indonesian mobile network Indosat and therefore the phisher is located somewhere in Indonesia. This was further confirmed when the phisher spoke to us in Malay with a clearly Indonesian accent.
Apparently, this is not the first time these numbers have been used in a SMS phishing attack – the first reported attack using this number was on the 23rd of March 2007.
We decided to call the listed number and play along with the phisher to find out more about the phishing scheme. The original conversation was in the Malay language. Here is a translated transcript:
Phisher: Hello.
Us: Hello.
Phisher: What is your name?
Us: My name is Devinder.
Phisher: What's your phone number?
Us: My number is xxxxxxx.
Phisher: Congratulations, we have chosen your number to win RM 11000.
What is your bank account number?
(Line got disconnected at this point.)
(Next call.)
Phisher: Hello Mr.Devinder?
Us: The line was disconnected just now…
Phisher: In order for us to transfer the RM 11000, we need your bank account number.
Us: I am using Maybank.
Phisher: Do you have an account in any other bank other than Maybank?
Us: I have Maybank only.
Phisher: You can't use Maybank because we have another winner who is using Maybank.
You need to have an account in one of these banks – RHB, Affin Bank, Bank Simpanan Nasional, Eon Bank and Public Bank.
Us: I have an account in Bank Simpanan too.
Phisher: Do you have an ATM card? We will not be able to give you the money if you don't have an ATM card.
Do you have any friend who has an ATM card for an account in any of the [mentioned] banks?
Us: Yes, my friend has a Giro ATM from Bank Simpanan and we can give you the number. The number is xxxx.
Phisher: Is this the number on the card?
Us: Yes
Phisher: Is it an ATM card?
Us: Yes it is an ATM card.
Phisher: How much money do you have in that account?
Us: I have around one thousand Ringgit.
Phisher: Now go and check your balance from an ATM machine.
It will be RM 12000 now.
Us: How are you going to send the money? Are you going to send a check?
Phisher: I am going to send a check to you. Please go to the ATM machine to insert the check in the ATM machine.
Us: What is your name?
Phisher: Mohammed Paisol.
Phisher: Go to the ATM machine now and call us from there.
Us: Ok. I will do that. Bye
(After a short time we tried calling again.)
Us: I am now at the ATM machine now.
Phisher: What is your name?
Us: Devinder.
Phisher: Why did you call again?
Us: Because just now you told me to go to the ATM machine.
Phisher: So are you at the ATM now?
Us: Yes.
Phisher: Are you familiar with the ATM machine?
Us: Yes I'm use to using it.
Phisher: Please put your card in.
Us: Ok the card is in.
Phisher: What did the display say on the screen?
Us: The screen says to choose either English or Bahasa Melayu.
Phisher: Please choose Bahasa Melayu.
Us: Ok I have chosen it.
Phisher: Key in your pin number.
Phisher: You have to be at the ATM! I know that you are not at the ATM now!
Us: No, I'm at the ATM now.
Phisher: No! You are not at the ATM now!
Us: I'm at the ATM.
Phisher: Have you insert the card in?
Us: Yes.
Phisher: Take the card out!
Us: Ok, it's out.
Phisher: It's ok. It's obvious you don't deserve the money. Thank you!!
The phisher hung up abruptly right after that.
We are still in the process of getting the latest information on this phisher. After two days passed, we invited our PR Manager to call the phisher using a mobile phone and found out that the phisher was receiving calls from another mobile phone and was on voice mail. The voice mail box was apparently full. As a result of this we had to abort the call.
So, everyone out there, be prudent when you receive this kind of SMS on your mobile phones.
mardi 17 avril 2007
Anti-Phishing Browsers Not Working
Anti-Phishing Browsers Not Working: "A new report from Harvard University finds browser-based anti-phishing warnings have little effect"
mercredi 11 avril 2007
Cyber-terrorisme : comment la DST surveille l'islamisme radical sur Internet
Cyber-terrorisme : comment la DST surveille l'islamisme radical sur Internet: "Lors d'une table ronde spécial sécurité IT, un membre du service de renseignement français a expliqué comment le Net est devenu 'le QG d'Al-Qaida '.
La DST qui parle (presque) à visage découvert, c'est trop rare pour ne pas le souligner. L'assistance, présente jeudi soir au dîner-débat du Cercle européen de la Sécurité et des Systèmes d'Information organisé dans un palace parisien, a pu suivre l'intervention d'un représentant du ministère de l'Intérieur rattaché à la Direction de la (...) - France"
La DST qui parle (presque) à visage découvert, c'est trop rare pour ne pas le souligner. L'assistance, présente jeudi soir au dîner-débat du Cercle européen de la Sécurité et des Systèmes d'Information organisé dans un palace parisien, a pu suivre l'intervention d'un représentant du ministère de l'Intérieur rattaché à la Direction de la (...) - France"
mercredi 4 avril 2007
Spam Costs $712 Per Employee Annually
http://www.informationweek.com/management/showArticle.jhtml?articleID=198701941&cid=RSSfeed_TechWeb
As a luncheon meat, Spam is a bargain. As unsolicited marketing, spam is a rip-off: $712 per employee per year, or $71 billon to all U.S. businesses annually.
That's the cost of spam in terms of lost productivity, according to a survey released Monday by IT research firms Nucleus Research and KnowledgeStorm.
These figures come from a survey of 849 e-mail users conducted last month that found that two of every three e-mail messages received by businesspeople are spam, despite the fact that 60% of companies filter spam. The survey results are based on a $30-per-hour pay rate, a 2,080-hour work year, 100,249,046 U.S. e-mail-using workers, and that e-mail users are spending 16 seconds on average identifying and deleting spam that has evaded detection and landed in an in-box.
While 16 seconds may seem like an extraordinarily long time to ascertain whether a message titled, say, "DEAR BELOVE FRIEND" or "Attention: Winner" is spam, Rebecca Wettemann, VP of Research of Nucleus Research, said that's the amount of time reported by survey respondents.
It is, surprisingly, a marked decrease in the amount of time Nucleus Research survey respondents wrote off to spam in 2004. That year, e-mail users said it took them 30 seconds to identify and delete spam, putting the annual cost of spam at $1,934 per employee.
Asked if this decline in the cost of spam to businesses demonstrated the value of anti-spam technology, Wettemann was skeptical. "Spam filtering helps," she said. "However, the spammers keep getting smarter and more innovative in the way they're getting around filtering technology."
For spammers, evolution may be necessary for survival, both from a business perspective and from a personal perspective. The survey indicates that frustration with spam has risen to the point where 18% of respondents said spammers should be jailed, with a third of those in favor of sentences longer than 36 months.
When provided with an "Other" option on questions about spammer punishment, respondents filled in the blank with suggestions that included "the death penalty, slow hanging [lowered gently from the gallows until the rope is taut?], public flogging, psychological assessment, and other responses that are inappropriate to print." From this, the survey concludes that nine out of 10 e-mail users are frustrated with spam and one in 100 "appear to be at the breaking point."
Whether spammers will ever really face the rage expressed in this survey remains to be seen. But given that 17% of respondents identified unsolicited e-mail from family and friends as spam, we all might be well advised to sleep with one eye open.
As a luncheon meat, Spam is a bargain. As unsolicited marketing, spam is a rip-off: $712 per employee per year, or $71 billon to all U.S. businesses annually.
That's the cost of spam in terms of lost productivity, according to a survey released Monday by IT research firms Nucleus Research and KnowledgeStorm.
These figures come from a survey of 849 e-mail users conducted last month that found that two of every three e-mail messages received by businesspeople are spam, despite the fact that 60% of companies filter spam. The survey results are based on a $30-per-hour pay rate, a 2,080-hour work year, 100,249,046 U.S. e-mail-using workers, and that e-mail users are spending 16 seconds on average identifying and deleting spam that has evaded detection and landed in an in-box.
While 16 seconds may seem like an extraordinarily long time to ascertain whether a message titled, say, "DEAR BELOVE FRIEND" or "Attention: Winner" is spam, Rebecca Wettemann, VP of Research of Nucleus Research, said that's the amount of time reported by survey respondents.
It is, surprisingly, a marked decrease in the amount of time Nucleus Research survey respondents wrote off to spam in 2004. That year, e-mail users said it took them 30 seconds to identify and delete spam, putting the annual cost of spam at $1,934 per employee.
Asked if this decline in the cost of spam to businesses demonstrated the value of anti-spam technology, Wettemann was skeptical. "Spam filtering helps," she said. "However, the spammers keep getting smarter and more innovative in the way they're getting around filtering technology."
For spammers, evolution may be necessary for survival, both from a business perspective and from a personal perspective. The survey indicates that frustration with spam has risen to the point where 18% of respondents said spammers should be jailed, with a third of those in favor of sentences longer than 36 months.
When provided with an "Other" option on questions about spammer punishment, respondents filled in the blank with suggestions that included "the death penalty, slow hanging [lowered gently from the gallows until the rope is taut?], public flogging, psychological assessment, and other responses that are inappropriate to print." From this, the survey concludes that nine out of 10 e-mail users are frustrated with spam and one in 100 "appear to be at the breaking point."
Whether spammers will ever really face the rage expressed in this survey remains to be seen. But given that 17% of respondents identified unsolicited e-mail from family and friends as spam, we all might be well advised to sleep with one eye open.
lundi 2 avril 2007
Cyber anti-terrorisme
Cyber anti-terrorisme: "Après le 'cyber-terrorisme', voici le 'cyber anti-terrorisme'.
Alors que les terroristes islamistes utilisent de plus en plus Internet, l'armée américaine aurait décidé de les attaquer directement sur le terrain électronique en sabotant à distance leurs sites Web. C'est ce que révèle un article du quotidien USA Today.
Selon ce journal, l'armée américaine aurait passé des contrats sur 4 ans pour 40 millions de dollars avec des entreprises privées spécialisées pour (...) - International"
Alors que les terroristes islamistes utilisent de plus en plus Internet, l'armée américaine aurait décidé de les attaquer directement sur le terrain électronique en sabotant à distance leurs sites Web. C'est ce que révèle un article du quotidien USA Today.
Selon ce journal, l'armée américaine aurait passé des contrats sur 4 ans pour 40 millions de dollars avec des entreprises privées spécialisées pour (...) - International"
'ABN Amro compensates victims of man-in-the-middle attack'
'ABN Amro compensates victims of man-in-the-middle attack': "Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank?s two-factor authentication. After the attack, ABN Amro removed an ?urgent payment? option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety. The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers? behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site."
TECH - the 'Technical Mujahid' no. 2 was released...
TECH - the 'Technical Mujahid' no. 2 was released...: "...a week ago or more, but we were busy with something else. The lovely thing is that the jihadis think there is a technical solution to their security problems. As reported by the Jamestown foundation:According to the editor-in-chief of Technical..."
Inscription à :
Articles (Atom)