• United States

In brief: Not a good week to be a cybercriminal

Aug 30, 20044 mins
BiometricsCellular NetworksCisco Systems

Also: Fujitsu develops biometric security system; Cisco warns customers about ACS holes; Sprint, SBC ink wireless deal; Microsoft makes Longhorn cuts

  • Federal law enforcement officials last week concluded an operation that netted 103 arrests and 53 convictions involving a series of cybercrimes that targeted 150,000 victims. Operation Web Snare, which began June 1, wrapped up with several arrests across the country. Department of Justice officials said victims lost more than $215 million. They added that there were 160 investigations of the various schemes aimed at 350 subjects resulting in 117 criminal complaints or indictments and 140 search warrants. Attorney General John Ashcroft announced the results of the initiative, which he said was targeted at a variety of online economic crimes, including identity theft, fraud, counterfeit software, computer intrusions and intellectual property theft.

  • Meanwhile, U.S. law enforcement agents raided five homes and one ISP last week in what the Justice Department calls the first federal enforcement action against piracy on peer-to-peer networks. Agents seized computers, software and computer equipment in the searches, which took place in Texas, New York and Wisconsin. The action targeted illegal distribution of copyright-protected movies, software, games and music on five peer-to-peer networks operated by a group known as The Underground Network, the Justice Department said in a statement. No charges have been filed. Although this is the first time the Justice Department is taking criminal enforcement action involving peer-to-peer networks and piracy, it is not the first time it has involved itself with file sharing or illegal downloads online.

  • Fujitsu has commercialized a biometric security system based on vein-pattern recognition. The system works by shining a near-infrared light on a palm placed about four centimeters above a scanner. The scanner takes a snapshot of the palm. The vein patterns illuminated under the skin become the basis for security applications. The information can then be loaded into a server or put into an integrated circuit embedded in a credit card. The company has received orders from two Japanese banks, one of which already uses the technology. While iris-recognition technology is probably more secure than vein-pattern identification, few ordinary bank customers want a retinal scan each time they withdrew money, Fujitsu says. Fingerprint scanners are small and convenient, but their use by hundreds of people raises hygiene issues.

  • Cisco has warned customers about security holes in two products that provide user authentication and authorization services for network devices such as firewalls and routers. The company issued a security advisory last week identifying “multiple denial-of-service and authentication related vulnerabilities” in two products: the Cisco Secure Access Control Server for Windows (Windows ACS) and Cisco Secure Access Control Server Solution Engine (Secure ACS). The vulnerabilities could let attackers or malicious users crash the ACS products or gain unauthorized access to network devices, Cisco said. ACS products centralize user identity management for other Cisco products and management applications, which lets administrators manage and enforce network access policies. Cisco recommended that customers with service contracts obtain the updates using the Cisco Product Upgrade Tool or by contacting the company’s Technical Assistance Center.

  • Customers of Sprint and SBC will be able to use both companies’ wireless Internet connections with less hassle under a mutual deal announced last week. The agreement lets SBC customers use Sprint’s Wi-Fi hot spots and vice versa. Instead of having several different accounts, users can roam on other hot spots covered through the reciprocal arrangements, and carriers handle the billing, Sprint says. Sprint also has a reciprocal agreement with AT&T Wireless.

  • Microsoft last week made dramatic cuts to its plans for the Longhorn client operating system, slicing out the storage sub-system called WinFS and saying it would be in beta when Longhorn is released. The company said Longhorn would focus on “performance, security and reliability.” The shift makes Longhorn more of an evolutionary release than the computing revolution Microsoft had touted. Microsoft also committed to 2006 as the Longhorn client delivery date. The server will come in 2007. WinFS, which Microsoft Chief Software Architect Bill Gates called his Holy Grail, was a pillar technology in Longhorn for universal search. Microsoft said two other pillars, the Avalon presentation sub-system and Indigo Web services middleware, would be made available in 2006.