Cybercrime

Cybercrime / Most Viewed

Many Systems Open to Attack Through Channels Enabled to Support IPv6 Traffic

It may be years before the new internet protocol IPv6 takes over from the current IPv4, but a security researcher is warning that many systems -- corporate and personal -- are already open to attack through channels that have been enabled on their machines to support IPv6 traffic, according to the Wired report by Kim Zetter. Joe Klein, a security researcher with Command Information, says many organizations and home users have IPv6 enabled on their systems by default but don't know it. They also don't have protection in place to block malicious traffic, since some intrusion detection systems and firewalls aren't set up to monitor IPv6 traffic, presenting an appealing vector through which outsiders can attack their networks undetected. more»

US Homeland Security Still Without Cybercrisis Plan

When the U.S. Department of Homeland Security was created, it was supposed to find a way to respond to serious "cybercrises." "The department will gather and focus all our efforts to face the challenge of cyberterrorism," President Bush said when signing the legislation in November 2002. More than six years later, and after spending more than $400 million on cybersecurity, DHS still has not accomplished that stated goal. "We need to have a plan tailored for a cybercrisis," DHS Secretary Michael Chertoff said on Thursdaymore»

VeriSign Expands DNS Capacity From 400 Billion to Over 4 trillion Queries Per Day

Since 2000, the volume of Internet traffic on VeriSign's global infrastructure has increased from an average of 1 billion domain name system queries per day to a peak of more than 50 billion DNS queries per day under normal traffic conditions, reports VeriSign in a press release today. Under Project Titan, VeriSign reports it will increase its daily DNS query capacity from 400 billion queries a day to over 4 trillion queries a day and will increase the aggregate network bandwidth of its primary resolution centers around the world from more than 20 gigabits per second (Gbps) to greater than 200 Gbps per second. VeriSign also plans to expand its deployment of Regional Internet Resolution Sites to more than 100 locations across the globe by 2010. Plans also include deploying new proprietary security upgrades and monitoring tools to identify, track and isolate malicious Internet traffic generated from cyber attacks. more»

Major International Botnet Disabled Says U.S. Department of Justice

The U.S. Department of Justice and the FBI announced on Wednesday that they have taken actions to disable an international botnet of more than two million infected computers responsible for stealing corporate data including user names, passwords and financial information. more»

Microsoft Data Suggests 1 Out of Every 14 Downloads is Malware

Microsoft Program Manager, Jeb Haber, reports in a blog post that from browser data collected on user downloads, 1 out of every 14 programs downloaded is later confirmed as malware. Haber says: "Consumers need information to make better decisions. That said, IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded -- this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation." more»

Cyberattacks on Estonia Further Explored

The distributed denial of service (DDoS) attack that brought down most of Estonia's internet infrastructure a few months ago, has been explored by Joshua Davis in a recent story at the Wired Magazine. "In the coming months, commentators around the world would look back at this moment and debate its significance. But for Aaviksoo, the meaning was clear. This was not the first botnet strike ever, nor was it the largest. But never before had an entire country been targeted on almost every digital front all at once, and never before had a government itself fought back..." more»

ZeuS Botnet Takes a Hit But Already on the Rebound

Brian Krebs reporting in Krebs on Security: "Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world's most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound..." more»

Cyberspace is Man-Made and Its Laws Can Be Rewritten to Favor Defensive Forces, Says US Air Force

Air Force Research Laboratory's "Integrated Cyber Defense" program, has recently announced a project request for proposals based on the belief that "the 'laws' of cyberspace can be rewritten, and therefore the domain can be modified at any level to favor defensive forces." The objective of the program, according to the announcement issued last month, is to "avoid threats entirely by obviating the effects of adversary actions, deterring attacks, and anticipating threats," which is partly based on the following philosophy offered by the Air Force... more»

Obama: From Now On Digital Infrastructure Treated As Strategic National Asset

In a speech today from the White House, President Obama declared that the United States' computers and digital networks are strategic national assets and that he will personally appoint a cybersecurity coordinator to oversee the effort to protect this critical infrastructure. more»

APWG: The Internet Has Never Been More Dangerous

Anti-Phishing Working Group (APWG) released its latest Phishing Activity Trends Report today warning that the number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement. "The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June," says the report. more»

DNS Troubles at the U.S. National Security Agency

DNS server problems at the U.S. National Security Agency have knocked the secretive intelligence agency site offline for several hours. Reports suggest various possible reasons including an internal routing problem of some sort on their side or errors in firewall or ACL [access control list] policy. Other possibilities are speculated to be a technical glitch or a hacking incident. The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks -- the outage is an embarrassment for the agency. more»

California Man Gets 6 Years in Prison for Phishing

A California man who was found guilty earlier this year for operating a sophisticated phishing scheme that attempted to deceive thousands of AOL users has now received a prison sentence of 70 months -- a fraction of the 101 years he could have been given. InformationWeek reports: "In the first jury conviction under the Can-Spam Act of 2003, Jeffrey Brett Goodin, of Azusa, Calif., was convicted of sending thousands of e-mails set up to appear to be from AOL's billing department to the company's users, prompting them to reply with personal and credit-card information. He then used the information to make unauthorized purchases, according to the U.S. Attorney's Office in Los Angeles." more»

Two Europeans Charged for DDOS Attacks in U.S.

A British man and a German man have been indicted by a federal grand jury on charges of conspiring to intentionally cause damage to the computers of two U.S.-based retail satellite companies by launching large-scale distributed denial of service (DDOS) attacks that shut down the companies' websites. The two men were allegedly hired by the owner of Orbit Communication, currently wanted by the FBI, to carry out DDOS attacks. Those attacks were directed at the public websites of two of Orbit's competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles. If convicted, Walker and Gembe face 15 years in prison. more»

U.S. Not Vulnerable to Type of Cyberattacks Launched at Georgia

Experts agree that the U.S. is probably more Internet-dependent than any place in the world and hence more vulnerable than any other country. However in a CNN report today, Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute, says that U.S. "can command so much bandwidth that it's hard to overwhelm our servers," in light of last week's, and still ongoing, cyberattacks against Georgia. "We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don't have those capabilities," says Borg. more»

Industry Group Representing Largest Banks Issues Urgent Warning Against Cybercrime

Brian Krebs of the Washington Post reports: "A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to put in place many of the precautions now used to detect consumer bank and credit card fraud. 'In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses...'" more»