When Bill Boni, corporate VP of information security at Motorola contacted me with this story, I couldn't believe it. In some states, he said, computer investigators could go to jail for practicing without a PI license.
"You're crazy," I told him. "PI's don't know the first thing about logic bombs and slack space and other hidden files. They don't have the years of geek it takes to know how to do gather evidence without disturbing it."
Turns out, Boni was right, at least in South Carolina and Texas where they've made it a crime to present evidence in their states that's not overseen by a licensed PI. Dozens of other states are honing their laws do the same. I've since written two articles on the subject, the latest (June 2) here. Read more
After reading Sunday’s Dear Abby Column in our local paper yesterday, it became chillingly clear that our young people are growing up in a surveillance society. Who would have thought it would start with their parents watching their every move, listening to their every word, reading their every IM.
In the note to Jeanne Phillips (in beloved Abby’s absence), a mother writes:
“Although he [the son] knows we keep abreast of what he’s doing line, he’s obviously unaware of how much detail we have access to,” the mother wrote of her spying on her son’s IM’s.
Read more
Since when do we get special privileges for committing crimes on the Internet? Apparently harassment is not prosecutable if it happens in cyberspace. Read more
Exploit Prevention Labs has just uncovered a new type of multi-faceted attack spreading through MySpace's Top Artist's pages, including the Alicia Keys page (MySpace's 4th most popular artist).
This is not your typical Web worm attack, which spreads through phishing inside the social network that gets people to give away their passwords so they can infect again and again. This one resulted from a successful hack against MySpace itself, claims Roger Thompson, CTO of the New Kingston, PA-based Exploit Prevention Labs, who's analysts discovered the attack. Read more
The "courtesy" call came at 11:52 this morning from (818) 870-8192. It lit up as 'NSI GRP' on the LED. It is assumable GRP means Group.
"Recently we sent you a postcard in the mail saying your service maintenance warranty was about to expire for your 98 Volvo," the male-voice recording said. I recalled the postcard: small, white with a blue border around the frame. Not from my dealer so I threw it out.
The recorded message then goes on to say that if you don't respond by pressing 1 on the touchtone, your car will never be eligible for warranty again.
Stupid about things like keeping warranties in places where they can be found, and just as ignorant of details like warranty expiration dates, this one actually got me to push a button. Read more
Bots, Trojan Horses and Denial of Service (DOS) are the top three malicious attack types being picked up in the wild by security vendors, according their recent reports. Secure Computing’s Trends Report for August states that:
* Spam made up 89% of all e-mail Read more
* Trojan Horses made up 78% of all newly-detected malicious code. Trojan horses are hidden malicious applications hidden inside downloadable executable files, such as iFrame and other types of animations; 97% of all malware came in the form of Windows Executables.
* An average of 264,000 new Zombie/Bot machines were located daily.
So now the bad guys are taking time to target me, directly, hoping to undo my brand and my blog in order to get to the very people I'm trying to protect. And it's not just me in the online crime fight that they're targeting. On Friday, multiple e-mails I received from a scammer going by the name of Praveen Tapase were cc'd to NetSafe.org, Crime-Research.org, 419scam.org, even an officer in the City of London. Read more
Hats off to my good friend, Liz Safran, who makes her videojournalism debut on ZDNet for following a sneaky Dateline reporter all the way to her car in 110 degrees Friday afternoon in Las Vegas.
It was a few hours after the official Kick Off of DEFCON 15, an annual hacker conference proceeding BlackHat every Summer, just after Vegas' annual monsoon. The reporter, an associate producer for Dateline NBC, was outed in a public meeting for flirting up hackers and trying to get them to brag about felonies for a "caught in the act"-type expose. Read more
Web applications that we use every day are riddled with vulnerabilities, according to numerous surveys. Statistics also show that, increasingly, those vulnerabilities are being found by criminal geeks-for-hire who turn a profit by turning good Web pages into bad Web pages that turn visiting computers into ‘bots.’ There are literally millions of bots being controlled by criminal programs that tell them to send and relay spam and identity theft information.
The problem with Web apps, as I’ve written in several stories for my business trade journals, is one that can’t be solved easily for several reasons. Read more
We put everyone and their gramma into this World Wide Web rife with deceivers, liars, scammers, stalkers and others who have learned just how easy it is to trick technology - and its users - into doing their bidding. Just read Symantec's statistics for second half of '06:
23 percent increase in Trojan horses (which vendors are having a hard time getting control of.) Trojans made up 45 percent of the top 50 malicious code samples collected in Symantec's global malicious code traps. Trojan horses pretend to be friendly applications, like a driver to run an audio file. Instead, they open a door on the computer to load other malware and set up commands between bots and their controllers.
12 documented zero days, which are just the tip of the iceberg, given the criminal underground wants to keep these things quiet so as to continue exploiting the exposure before detection, says Dean Turner, senior manager in Symantec Security Response, during a phone call yesterday.
6 million bot-infected computers, a 29 percent increase. Botware takes over computers and uses their Internet connections and processing power to run scams, spams and to send out their financial identity information to strangers.
What's troubling to Turner is the combination of malicious events that are coming together all at once.
"Bot-infected computers were up 29 percent, while controllers are down 25 percent," he says. "That suggests more organization and structuring of the criminal underground."
The bad guys are also targeting third party applications, which are not particularly built and tested well for security.
Overall, Turner says, threats to enterprise and individual computers has risen nearly 300 percent since 2005.
Can anybody say "Duck and Cover?"
An excellent February article in FedTech Magazine describes how at least two criminals - an embezzler and a murderer - were caught through international cooperation between identity information systems. The United States Visitor and Immigrant Status Indicator Technology system identified the embezzler when he applied for a U.S. visa, and he was arrested in Costa Rica, where he applied for the visa.
"As a result of that success, Interpol sent US-VISIT another set of prints, and U.S. authorities got a match with a commercial truck driver who drove regularly from Canada to Lewiston, N.Y. The man was a citizen from the Republic of Georgia who was wanted for murder in Germany. He too was arrested," the article goes on. Read more
Ever since my last blog on check-cashing job offers that are really check fraud scams, I've been getting interesting emails from victims. In essence, they're saying "Help! I've cashed one of those checks. Now what?"
In the case of Al, who's been writing me since Friday, he at least didn't send any money to the scammers. But now he wants to know what to do with the $5,000 sitting in his account.
Doooon't spend it, whatever you do. Even if it's past the five-day clear date and still sitting there, the banks will figure out the check's a fraud at some point soon and withdraw the funds.
Al says he's already contacted the FBI and filed a complaint at its Computer Crime Complaint Center. "Should I also report it to the local police before going to the bank? Please advice (sic). As I said, I'm embarased (sic) and nervous about going to the bank," he then wrote. Read more
Phishers who got ahold of internal email lists and addressed users by their first names were able to install key loggers on 60 internal machines at an unnamed bank by tricking people into following a link with a very realistic phish, according to CSO Online.
Phishers using harvested, internal email addresses to make their phishes more believable to targeted, named users, has been on the rise for several months, according to my sources at Trend Micro. This is troubling because users who are addressed personally are more likely to open mails and click links.
More troubling, to me anyway, is that they use a journalist name to get users to click in response, at which time they get the keystroke logger.
According to the CSO article, the phishers posed as a journalist with the Financial News, "I am a reporter for Finance News doing a follow up story on the recent leak of customer records from [the bank’s name]. I saw your name come up in the article from Central News and would like to interview you for a follow-up piece." Read more
In my previous blog, I wrote about Fred Gomez who received a fraudulent check made out in the name of Time Warner for $35,100. It's a new take on a check cashing scam. Had Gomez cashed that check and forwarded the funds like his "employer" suggested, he'd be in trouble with Bank of America, the issuer, and the law, because the check is fraudulent.
Gomez has sent me countless emails expressing dismay over the fact that law enforcement would not investigate. I was hoping that Time Warner would. But here's Time Warner's response to me:
"Thanks for sending me the link. We don't comment on security issues such as these. I hope you understand."
No I don't understand. Gomez and I have vital evidence their fraud team could use. And knowing what I know about Internet investigations, I'd like to think that a company such as Time Warner would like to see that evidence. Read more
OK, this is scary. And huge. My source below, a reader of this blog, posted to my previous blog about a job version of the check cashing scam.
Ths scam lures job hunters into cashing checks for the "such and such Holdings, LLC" or similar sounding name, usually in the UK, and you keep 10 percent. Then sometime after the legal period allowed for the cashier's check to clear, the bank realizes the check is bogus. By then, your check to the criminal *has* cleared, and you're left holding the bag for whatever the difference.
In the case below, the check to be cashed was made out by Time-Warner for over $35,000! And even for that amount and the size of the brand being defrauded in this crime, the FBI won't respond and local agencies are too busy. So I'm copying his posting, below, in full, for you to read yourselves: Read more
SOS. Need your help this time.
I'm on a story about gray and counterfeit networking gear such as Cisco switching, VOIP interface and other popular gear. I need to talk to network engineers and managers who've found this stuff in their enterprise or purchased it accidentally.
Please respond by emailing me at . Thanks!
Been too busy to post my impressions about BlackHat until now. Here's what I came away with from last week's security briefings in Vegas:
1. Rootkits and VMware - Rootkits are now taking a new twist and using virtual machines to cover their tracks. There's no way to detect rootkits and malware downloaded through virtual machines except to look for latency in application executitions, which take longer in virtual mode. No vendor products are doing this. And every operating system that can run virtual mode, including Vista (Microsoft's new Beta), is susceptible.
2. A sense of doom - Everyone I talked to expressed uneasiness around the overwhelming risks associated with Internet computing. Fears of infrastructure collapse to the demise of e-commerce were being voiced by security experts from fortune 500 companies, consultancies, security vendors and hacker groups who spoke with me during the conference. This level of openly-spoken concern has not been present at conferences past. Read more
Normally I never just print a vendor alert in its entirety. But this time it's personal. A few months ago, my daughter, who's away in college, got her wallet stolen. In a panick I called the CEO of Lifelock, an identity theft protection company, and asked him to make sure she didn't get her identity stolen. A few weeks later, copies of her credit report arrived from all three reporting agencies and it appears her identity is intact.
Today the company sent me this report on the FTC's latest report that college-age students are the number one victim group to get taken by identity theft. Below is Lifelock's suggestions to young people on how to protect their identities: Read more
Since 1995, I’ve been writing about the dangers of online computing and ridden the storm relatively unscathed. I’m one who knows the dangers, who keeps my security software up to date and surfs safely. Still I get hit during a moment of weakness sometime in April when I was running a new security software package that was supposed to make all this pain go away. Unfortunately, the software wouldn’t update through my secure firewall router (see previous blog). And so, for a few days, my computer was hanging out there unprotected.
After I replace it with Panda Platinum (another all in one that claims to be less complicated), I again receive no updates. This time it's my fault for ignoring the part that says I need to authenticate my security settings with a separate username and password so it can update. Knowing my vulnerability, I practice safe computing by making my deadlines on my Mac and keeping my XP turned off except when trying to configure the software. Read more
About two months ago, I loaded a new trial software by Aluria Software, security software provider to Earthlink users. I was excited to try the product because it's a one stop firewall/antivirus/antispyware/antispam tool, my logic being if you can make it easy, then computer owners will actually use it.
Problem was it didn’t play nice with other security software, as Aluria's marketing director, David Goldstone had warned me. So I removed all other security software and ran it. It slowed my computer to a crawl, but I endured because my XP is a couple years old and I figured it would be worth the wait if the software really did its job. Then I kept getting error messages from Aluria that “this page could not be viewed.” For a couple of weeks, I figured the error pages were probably some sort of Aluria ad not being allowed through my secure antimalware/antispam/firewall router by Eli. What I didn't realize was that these were failed attempts to update, which Aluria wouldn't do through my router. I tested by trying to manually go to Aluria for updates and my Eli blocked me saying I was not authorized to view this page. Read more
The Leader in Network Knowledge
