• United States
Senior Editor, Network World

Security roundup for week ending Nov. 11

Nov 11, 20116 mins

Clickfraud takedown; Chinese cyberspy case goes to trial; more mischief in SSL server certificates

Is there justice in cyberspace? The U.S. Department of Justice (DOJ) last week offered hope there is, charging seven individuals with 27 counts of wire fraud and other computer-related crimes in connection with a massive “clickfraud” scheme that was based in Estonia.

The arrests of six of these individuals were carried out in cooperation with the Estonian police, and the U.S. wants them extradited to the U.S. to stand trial. Viewed at one of the largest botnet operations ever, the group allegedly controlled at least half a million infected computers in the U.S. The defendants are said to have set up a phony Internet advertising agency, entering into agreements with online ad providers that would pay the group whenever its ads were clicked on by “users,” otherwise known as victims with malware-infected computers.

Security vendors such as Trend Micro also helped in the case, and if you look at some of the visuals of the crime group’s computer operation that Trend Micro is providing, you’ll notice it’s all in Russian, not Estonian. In fact, one of the indicted suspects not yet in custody, Andrey Taame, resides in Russia. Though neighbors geographically, Estonia and Russia have had a tangled and tormented history when it comes to their languages, which are not at all similar. Russian is apparently the preferred language for cybercrime in this case. Always sad to see the language of Tolstoy debased in this way…

Case of former Motorola software engineer gets started

Federal prosecutors are accusing Hanjuan Jin of stealing copious amounts of sensitive Motorola documents to share with the Chinese military and a China-based firm, Kai Sun News (Beijing) Technology Company, based on actions alleged to have taken place about four years ago that have finally made it to trial in a Chicago court last week. Jin was detained at O’Hare International Airport by U.S. Customs officials in 2007 as she attempted to board a plane to China with a one-way ticket, $30,000 and a massive pile of Motorola-printed and electronically stored documents, as well as Chinese documents for military telecommunications technology.

Even as this closely watched case began, another element in the winding story of Jin unfolded. 4G equipment manufacturer Lemko sued Motorola Solutions, accusing the company of trying to “destroy” Lemko through “Chinese spy ring” insinuations against Lemko. Motorola, in its own investigations into Jin’s actions, believes she went off to secretly work for Lemko during a period she was ostensibly on leave for medical reasons from Motorola, and Motorola more than three years ago launched a civil lawsuit against Lemko. The two have been battling legally ever since.

Another chapter in the SSL certificate mess

The security of SSL server certificates has been called into question in the wake of data breaches at several SSL certificate authorities during the past few months, and last week the latest to acknowledge a problem was Dutch-based telecom provider KPN, which stopped issuing certificates after it said its Web server used in issuing them may have been hacked.

Cyberspace, a dangerous place

In just two instances that made news last week, the Israeli government had to fend off suggestions that its government servers were under attack from enemies and quite possibly the hactivist group Anonymous, which had allegedly issued a threat to the Israeli government after Israel moved to blockade vessels bound for the Gaza Strip. Israel says it was a “server glitch” that took several government websites offline, including those of the Mossad Intelligence service, Israel Defense Forces and the Israeli Security Agency. Some glitch.

In the private sector, Adidas had to shut down several websites due to what it said was a criminal attack. These included,, and But Web services were restored later in the week.

Charlie Miller, at it again

When security researcher Charlie Miller showed off his considerable skills in hacking Apple products by creating a little booby-trapped proof-of-concept app called Instastock that bypassed Apple’s code inspection process to be published in Apple’s App store as a demonstration of a flaw he’d uncovered, Apple was not amused.

The app, which looks as though it just lists stock ticker information, is actually a Trojan that can connect back to Miller’s server so he can read what’s on the iPhone and control it. Miller wasn’t hiding what he’d done and in fact discussed it with a Forbes reporter. Apple immediately yanked Miller’s iOS Developer Program License, saying Miller violated the developer agreement.

Miller, a noted security researcher who was included in our Security Industry All-Stars lineup this year, was ticked off. Readers familiarizing themselves with Miller’s actions of last week seem to be torn between taking Apple’s side or his, some calling Miller a “buffoon” and another saying Apple seems to be “shooting the messenger” carrying bad news about Apple security.

Personally, I think Apple should go with the flow on this one unless they think Miller is a secret Chinese spy.

DARPA wants to push security envelop

Network World News Editor Michael Cooney attended the “Colloquium on Future Directions in Cyber Security” meeting held this week by the Defense Advanced Research Projects Agency (DARPA), and he reports DARPA is working on radically new methods for authentication. In a program called Active Authentication, the goal is to tie identity to the level of access within a system, with the machine using software applications that can determine identity through activities the user normally performs.

Gen. Keith Alexander, who gave a keynote address at the DARPA meeting, spoke on the topic of cloud computing, expressing confidence it can be used securely.

In cloud-security product news, RSA and McAfee each announced major cloud-security offerings related to secure authentication and other services in cloud environments.

News you can use

If you’re looking for tips on secure use of Wi-Fi, check out Eric Gaier’s article “Wi-Fi Security Do’s and Don’ts.”

Also, consultancy Forrester published a report last week called “Planning for Failure” that offers advice on handling data breach incidents. One point that Forester makes is it could be wise to hold back on remediation until a complete forensics examination is done and law enforcement is contacted. Forrester says security professionals in a company have to decide immediately after a data breach is identified whether they will try to prosecute the perpetrator, and closing down security weaknesses that may have been exploited could destroy needed evidence.

Security services — everything from consulting to code-writing to maintenance to managed security — are set to accelerate over the next three years, according to Gartner research published last week, which predicted spending will hit $49 billion in 2015. Managed security services are seen as the fastest rising in all the segments Gartner defines, with small to midsize companies driving a lot of new business.