Cybercrime

Cybercrime / Most Viewed

In Which We Consider the Meaning of 'Authorized': GIVAUDAN FRAGRANCES CORPORATION v. Krivda

What does authorized access mean? If an employee with authorized access to a computer system goes into that system, downloads company secrets, and hands that information over to the company's competitor, did that alleged misappropriation of company information constitute unauthorized access? This is no small question. If the access is unauthorized, the employee potentially violated the Computer Fraud and Abuse Act (CFAA) (the CFAA contains both criminal and civil causes of action). But courts get uncomfortable here. more»

Microsoft Investigating Windows DNS Server Attacks

Microsoft is investigating attacks exploiting a vulnerability in the Windows Server Domain Name System Service, as well as two types of hacks targeting Vista's OEM BIOS activation feature... "Our investigation reveals that this vulnerability could allow a criminal to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM," a Microsoft spokesperson said. more»

Hacking: Users, Computers, and Systems

As many people have heard, there's been a security problem at the Internal Revenue Service. Some stories have used the word hack; other people, though, have complained that nothing was hacked, that the only problem was unauthorized access to taxpayer data but via authorized, intentionally built channels. The problem with this analysis is that it's looking at security from far too narrow a perspective... more»

ACMA: 30,000 PC's Infected in Australia Per Day

Anti-spam and malware enforcement agency ACMA reports on this (shocking high?) figure. Keep this up and ca. 50% of the Australian population is infected within a year. I remember a presentation from Sweden only a few years ago, that there were only a little over a thousand infected pc's in Sweden. (Reactions were: that can't be correct. Too low) Do you know what the numbers are for your country and maybe more importantly what your government and/or Industry is/are doing about it? more»

Bruce Schneier: The Threat of Cyberwar Grossly Exaggerated

Security expert Bruce Schneier in a blog post today writes: "It's about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top. ... General Keith Alexander, the current commander of the U.S. Cyber Command, hypes it every chance he gets. This isn't just rhetoric of a few over-eager government officials and headline writers; the entire national debate on cyberwar is plagued with exaggerations and hyperbole." more»

Brits Targeted by 3.7 Billion Phishing Scams in Past 12 Months

More than 420,000 scam emails are sent every hour in the UK according to a report published by Card Protection Plan Limited (CPP). The study estimates that Britons were targeted by 3.7 billion 'phishing' emails in the last 12 months alone. And a quarter of people admit to falling victim to e-fraudsters, with the average victim losing over £285 each. more»

Experts Propose Plan for More Secure Wi-Fi Devices

Over 260 global network and security experts have collectively responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by proposing a new approach to improve the security of these devices. The letter warns FCC ruling will cause more harm than good and risk a significant overreach of the Commission's authority. more»

Cybersquatters Try New Tactics: Soft Squatting

Cybersquatting the domain name of a celebrity and selling it for a king's ransom was one of the great get-rich-quick schemes of the early internet. But since courts now tend to favor the star over the squatter, a new kinder, gentler cybersquatting tactic has emerged.

These days, cybersquatters seek to register a star's domain before that person becomes famous, and then develop a business relationship with the new celebrity, offering website hosting or design work. These so-called soft squatters are registering the domains of hundreds of amateur athletes, musicians and other would-be stars in the hope that one or two of the names will become well-known. more»

Hathaway to Head US Cybersecurity Effort

President Barack Obama will tap a top aide to President George W. Bush's intelligence director to head his cybersecurity effort, according to government officials familiar with the decision. An announcement is expected as early as Monday. The appointment of Melissa Hathaway, a former consultant at Booz Allen Hamilton, is the president's first major decision on cybersecurity. She will lead a review of the government's efforts to secure computer networks against spies, terrorists and economic criminals and is expected to then head a new White House office of cybersecurity. more»

One More Reason to Avoid Diet Drug Fakes: They're Dangerous

Garth Bruen writes: "The Food and Drug Administration is reporting that some people have gotten fake Alli that contained twice the recommended dose of sibutramine (aka. Meridia), another diet drug. The issue is possible heart problems. The FDA discovered the illegal Alli-Meridia switch when otherwise healthy people reported feeling anxious, shaky, nauseated, and sleepless after taking the bogus Alli. Some even had heart palpitations. No deaths have been reported." more»

Malware Detection Declining, Anti-Phishing Filters Detect Less than 50% of Attacks, Says Report

A study comparing best-of-breed computer security vendors suggests more than half of active malware and phishing threats on the Internet go undetected, with an average detection rate of 37% for malware and 42% for phishing. "Given the dynamic nature of today's online threats and the traditionally reactive approach taken by today's malware and phishing detection technology, conventional signature-based solutions are inherently at a disadvantage to keep up," said Panos Anastassiadis, CEO and Chairman of Cyveillance. "Because the majority of damage occurs during the first 24 hours of an attack, early detection of attacks is crucial." more»

A Look Inside a Global Cybercrime Ring

A special report by Reuters reveals the inner workings of a cybercrime ring operating out of Ukrain. From the report: "Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses. According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker..." more»

Data Breach Costs Continue to Rise, 40% Increase Since 2005

According to a new study by PGP Corporation and Ponemon Institute, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007. The study is based on 43 organizations across 17 different industry sectors with a range of 4,200 to 113,000 records that were affected. It is also noted that since 2005, the cost component has grown by more than $64 on a per victim basis since -- nearly a 40% increase. more»

FBI Pushing Enforcement Action Against Money Mules

Brian Krebs reporting on the Krebs on Security blog: "The FBI's top anti-cyber crime official today said the agency is planning a law enforcement action against so-called 'money mules,' individuals willingly or unwittingly roped into helping organized computer crooks launder money stolen through online banking fraud." more»

Eugene Kaspersky: We Need Interpol for Internet, Law Enforcement Agencies Have Jurisdictional Limits

Eugene Kaspersky, co-founder of Internet security software Kaspersky Lab, was recently interviewed PC World where he talked about his views regarding cybersecurity and the evolution of malware. In response to fixing the problems with malware on the Internet, Kapersky says: "The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of Internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. ... There is no such thing as anonymity on the Internet, for the average user." more»