Cybercrime

Cybercrime / Most Viewed

California Man Gets 6 Years in Prison for Phishing

A California man who was found guilty earlier this year for operating a sophisticated phishing scheme that attempted to deceive thousands of AOL users has now received a prison sentence of 70 months -- a fraction of the 101 years he could have been given. InformationWeek reports: "In the first jury conviction under the Can-Spam Act of 2003, Jeffrey Brett Goodin, of Azusa, Calif., was convicted of sending thousands of e-mails set up to appear to be from AOL's billing department to the company's users, prompting them to reply with personal and credit-card information. He then used the information to make unauthorized purchases, according to the U.S. Attorney's Office in Los Angeles." more»

DNS Troubles at the U.S. National Security Agency

DNS server problems at the U.S. National Security Agency have knocked the secretive intelligence agency site offline for several hours. Reports suggest various possible reasons including an internal routing problem of some sort on their side or errors in firewall or ACL [access control list] policy. Other possibilities are speculated to be a technical glitch or a hacking incident. The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks -- the outage is an embarrassment for the agency. more»

VeriSign Expands DNS Capacity From 400 Billion to Over 4 trillion Queries Per Day

Since 2000, the volume of Internet traffic on VeriSign's global infrastructure has increased from an average of 1 billion domain name system queries per day to a peak of more than 50 billion DNS queries per day under normal traffic conditions, reports VeriSign in a press release today. Under Project Titan, VeriSign reports it will increase its daily DNS query capacity from 400 billion queries a day to over 4 trillion queries a day and will increase the aggregate network bandwidth of its primary resolution centers around the world from more than 20 gigabits per second (Gbps) to greater than 200 Gbps per second. VeriSign also plans to expand its deployment of Regional Internet Resolution Sites to more than 100 locations across the globe by 2010. Plans also include deploying new proprietary security upgrades and monitoring tools to identify, track and isolate malicious Internet traffic generated from cyber attacks. more»

APWG: The Internet Has Never Been More Dangerous

Anti-Phishing Working Group (APWG) released its latest Phishing Activity Trends Report today warning that the number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement. "The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June," says the report. more»

Two Europeans Charged for DDOS Attacks in U.S.

A British man and a German man have been indicted by a federal grand jury on charges of conspiring to intentionally cause damage to the computers of two U.S.-based retail satellite companies by launching large-scale distributed denial of service (DDOS) attacks that shut down the companies' websites. The two men were allegedly hired by the owner of Orbit Communication, currently wanted by the FBI, to carry out DDOS attacks. Those attacks were directed at the public websites of two of Orbit's competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles. If convicted, Walker and Gembe face 15 years in prison. more»

Cigarette Smuggling and Cyber Security: Low-Tech Crimes Fund High-Tech Threats

You may not connect the cheap cigarettes sold under the counter (or out of a trunk, bodega or by a street vendor) with the mysterious charges on your credit card that you don't remember making or the cash that has, somehow, just disappeared from your bank account. You also may not connect that website selling cheap cigarettes made in second and third world countries with Shellshock or whatever the fashionably scary cyber-threat of the day is when you're reading this. more»

Security, Privacy Issues and USB Drives

In an article on CSO.com.au a report from Sophos Australia is reported on. The anti-virus software company had bought 50 usb drives for analyses at a public transport auction of devices left on the Sydney trains. When they wrote that 66% was infected with malware, I presumed that they were left behind consciously, but were they? more»

U.S. Not Vulnerable to Type of Cyberattacks Launched at Georgia

Experts agree that the U.S. is probably more Internet-dependent than any place in the world and hence more vulnerable than any other country. However in a CNN report today, Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute, says that U.S. "can command so much bandwidth that it's hard to overwhelm our servers," in light of last week's, and still ongoing, cyberattacks against Georgia. "We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don't have those capabilities," says Borg. more»

Industry Group Representing Largest Banks Issues Urgent Warning Against Cybercrime

Brian Krebs of the Washington Post reports: "A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to put in place many of the precautions now used to detect consumer bank and credit card fraud. 'In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses...'" more»

DHS Cybersecurity Chief: We Want to Build Cybersecurity Into DNA of Infrastructure

The U.S. Department of Homeland Security's cybersecurity top official Phil Reitinger was recently interviewed by the InformationWeek stating: "Cybersecurity always has been and always will be a distributed effort. If people want to say, well, there's a single locus of cybersecurity and anything and everything will be handled from one point, I say, dream on. We want to build cybersecurity into the DNA of the infrastructure, into the DNA of the businesses, into the DNA of all the government entities." more»

Rethinking Protection Technologies: A Change Has Occurred

Talking technical is easy. Distilling technical detail, complex threats and operation nuances down to something that can be consumed by people whose responsibility for dealing with cybercrime lays three levels below them in their organizational hierarchy is somewhat more difficult. Since so many readers here have strong technical backgrounds and often face the task of educating upwards within their own organizations, I figured I'd share 4 slides from my recent presentation that may be helpful in communicating how the world has changed. more»

Google Chrome Found Vulnerable to Carpet-Bombing

Just hours after the launch of Google's new web browser, reports have surfaced about its security vulnerability to carpet-bombing that can expose Windows users to hacker attacks. If exploited, hackers could potentially run unauthorized software on a victim's computer and then used to execute web-based computer attacks. Researcher Aviv Raff has discovered that it is possible to combine this vulnerability (also at one point affecting Apple Safari which uses the same WebKit technology used by Google's Chrome browser) and a Java bug discussed at this year's Black Hat conference, to trick users into launching executables direct from the new browser. more»

Domain Name Arbitration Disputes on Rise

Internet domain name arbitration disputes have risen by more than a quarter since January 2005 -- despite the expansion of generic top-level domain addresses like .biz and .info -- as cybersquatters find more sophisticated ways of encroaching on legitimate Web sites.

...Typosquatting, a form of cybersquatting that involves capturing another company's Web traffic by registering misspelled versions of a well-known Internet site or brand name, is driving much of the growth in domain-name disputes, according to intellectual property lawyers. more»

Liberty Reserve Now, Bitcoin Next?

The papers have been abuzz with the shutdown of Liberty Reserve, an online payments system, due to accusations of large scale money laundering via anonymous transactions. Many people have noted similarities between LR and Bitcoin and wonder whether Bitcoin is next. I doubt it, because with Bitcoin, nothing is anonymous. more»

Study Ranks Riskiest Online Cities in US

A recent study by Symantec Norton and Sperling's Best Places has ranked 50 cities in the United States by "Riskiest Online Cities". The study included investigation of a number of factors including... more»