Cybercrime

Cybercrime / Most Viewed

Defending Against the Hackers of 1995

Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password. Security problems solved, then? more

U.S. Lawmakers Wary of Kaspersky Lab, the Russian Cybersecurity Firm

U.S. Congress is growing increasingly suspicious of the popular Russian anti-virus software provider, Kaspersky Lab. more

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more

Correlation Between Country Governance Regimes & Reputation of Their Internet Address Allocations

We recently analyzed the reputation of a country's Internet (IPv4) addresses by examining the number of blacklisted IPv4 addresses that geolocate to a given country. We compared this indicator with two qualitative measures of each country's governance. We hypothesized that countries with more transparent, democratic governmental institutions would harbor a smaller fraction of misbehaving (blacklisted) hosts. The available data confirms this hypothesis. A similar correlation exists between perceived corruption and fraction of blacklisted IP addresses. more

US Homeland Security Wants Control Over DNS

The US Department of Homeland Security (DHS), which was created after the attacks on September 11, 2001 as a kind of overriding department, wants to have the key to sign the DNS root zone solidly in the hands of the US government... During the current ICANN meeting in Lisbon, Bernard Turcotte, president of the Canadian Internet Registration Authority (CIRA) drew everyone's attention to this proposal as a representative of the national top-level domain registries (ccTLDs). more

Spam Peaked at 200 Billion per Day in 2008, Botnets Nexus of Criminal Activity, Says Cisco

In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more

Afghanistan Enacts Law Targeting Online Crime and Militancy

Afghanistan's President Ashraf Ghani has signed into law a cybercrime bill this week targeting online crime and militancy by groups such as the Taliban and Islamic State despite concerns it could limit free speech. more

Another One (Partially) Bites the Dust

Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more

Kansas System Hacked, Social Security Numbers of Millions Accessed Spanning 10 States

Hackers breached a Kansas Department of Commerce data system used across multiple states and gained access to more than 5.5 million Social Security Numbers, according to local news sources. more

Kaspersky Calls for an Internet Internpol… Cybercrime Now Second Largest Criminal Activity

With cybercrime now the second largest criminal activity in the world, measures such as the creation of an 'Internet Interpol [International police]' and better cooperation between international law enforcement agencies are needed if criminals are to be curtailed in the future, Kaspersky Labs founder and security expert, Eugene Kaspersky, has argued. Speaking at AusCERT 2011, the Moscow-based Kaspersky said the last five years had proved to be the "Golden Age" of cyber crime... more

Trump Names Former Bush Aide Thomas Bossert Chief Adviser on Cybersecurity, Counterterrorism Role

President-elect Donald J. Trump has named Thomas P. Bossert, a top national security aide under President George W. Bush, to be his homeland security adviser, the Trump transition team announced Tuesday morning," Michael D. Shear reporting in the New York Times. more

10,000 .EU Domains Suspended, Registrant Accused of Cybersquatting

A Chinese woman, Zheng Qingyin, who registered 10,000 .eu domain names, is facing a lawsuit from Eurid, the Belgian-based domain registry that manages the .eu top-level domain. Qingyin, whose 10,000 domain names are currently suspended, has retaliated by bringing her own legal complaint according to Eurid's legal adviser. more

Did Russian Cyber Attacks Precede Military Action?

The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more

Ransomware Crime Bill Goes into Effect in the State of California

As of January 1, the delivery of ransomware is illegal in California as per Senate Bill 1137 going into effect. more

Rethinking Protection Technologies: A Change Has Occurred

Talking technical is easy. Distilling technical detail, complex threats and operation nuances down to something that can be consumed by people whose responsibility for dealing with cybercrime lays three levels below them in their organizational hierarchy is somewhat more difficult. Since so many readers here have strong technical backgrounds and often face the task of educating upwards within their own organizations, I figured I'd share 4 slides from my recent presentation that may be helpful in communicating how the world has changed. more