Tuesday, March 23, 2010

All you need is an Internet connection to reach out to every online banking system in the world. Someone, somewhere has probably used a default or easily guessable password. If only 1 in a million did so, that's still hundreds (if not thousands) of opportunity for theft. (It's just statistics)

http://www.databreaches.net/?p=10772

Organized Crooks Hit NJ Town, Ark. Utility

March 22, 2010 by admin

Brian Krebs reports:

An Arkansas public water utility and a New Jersey town are the latest victims of an organized cyber crime gang that is stealing tens of millions of dollars from small to mid-sized organizations via online bank theft.

On Thursday, officials in Egg Harbor Township, N.J. acknowledged that a sizable amount of money was taken in an “outside intrusion into a municipal banking account,” suggesting in public statements that computer criminals were responsible.

[...]

In a separate incident on March 4, organized crooks stole roughly $130,000 from North Garland County Regional Water District, a public, nonprofit utility in Hot Springs, Ark. Again, thieves somehow broke into the utility’s online bank account and set up unauthorized transfers to more than a dozen individuals around the country that were not affiliated with the district.

Read more on KrebsonSecurity.com

For those keeping track: I’m not sure how to categorize such breaches as it’s not clear whether someone on the victim entity’s side lost control of login info or was compromised or if the compromise was on the bank’s side.



This is interesting. I wonder if this hack will be added to the toolkit of their Cyber War division?

http://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrested?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Russia Arrests Alleged Mastermind of RBS WorldPay Hack

Russian authorities have nabbed the man accused of masterminding a coordinated global ATM heist of $9.5 million from Atlanta-based card processing company RBS WorldPay.

Viktor Pleshchuk, 28, of St. Petersburg, was arrested by the Russian Federal Security Service, or FSB, according to the Sunday Mail, which broke the story last week in the United Kingdom.

The Financial Times confirmed the arrest this week, adding that Pleshchuk was among “several suspects” arrested. The paper didn’t name the other suspects or say when any of them were arrested. The arrests are being touted by some as signaling a new era of cooperation between Russian and U.S. Authorities.

… The hack involved reverse-engineering PINs for payroll debit card accounts — the holy grail of bank card hacking.

… The hackers compromised RBS WorldPay’s database encryption to raise the amount of funds available on the compromised cards, and boost their daily withdrawal limits. In some case, the hackers raised the limits to $500,000.



You could characterize this as a Government Grant to learn how to commit computer crime.

http://www.wired.com/threatlevel/2010/03/gonzalez-salary/

Secret Service Paid TJX Hacker $75,000 a Year

By Kim Zetter March 22, 2010 12:23 pm

Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government.

… Gonzalez, 28, is set for sentencing this week on three indictments covering nearly every headline-making bank-card theft in recent years, including intrusions at TJX, Office Max, Hannaford Brothers, 7-Eleven and Heartland Payment Systems (which alone exposed magstripe data on 130 million credit and debit cards).



Denver is number 8

http://norton.newslinevine.com/

The Norton Top 10 Riskiest Online Cities Report Reveals Who’s Most Vulnerable to Cybercrime



Oh, joy. How to explain the scope of computer crime to legislators?

http://it.slashdot.org/story/10/03/23/1226241/The-Biggest-Cloud-Providers-Are-Botnets?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Biggest Cloud Providers Are Botnets

Posted by CmdrTaco on Tuesday March 23, @09:35AM

Julie188 writes

"Google is made up of 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwidth, according to cloud service provider Neustar. Amazon comes in second with 160,000 systems, 320,000 CPUs and 400 Gbps of bandwidth, while Rackspace offers 65,000 systems, 130,000 CPUs and 300 Gbps. But these clouds are dwarfed by the likes of the really big cloud services, otherwise known as botnets. Conficker controls 6.4 million computer systems in 230 countries, with more than 18 million CPUs and 28 terabits per second of bandwidth."



A candidate for the Privacy Foundation's collection of “Privacy Laws that 'Get it right!'” or at least “Get management's attention!”

http://www.databreaches.net/?p=10777

Hacked personal data originating from China

March 22, 2010 by admin

Park Sung-woo reports:

A 22-year-old Korean man named Kim is under arrest for purchasing lists of Koreans’ personal information, such as cell phone numbers and e-mail addresses, which had been hacked in China. After spending 1 million won ($880) for 31 million items of data since July of last year, Kim posted an Internet ad and sold off 10 million such items.

A 27-year-old man Lee, who runs a branch for an Internet service provider, was one of the buyers. He spent 3 million won for 140,000 phone numbers for his branch’s telemarketing scheme.

The Seoul Metropolitan Police Agency took in Kim and Lee without physical detention, and also detained the owners of the companies that failed to protect their customer information from computer hackers.

Last September, a used-car trading Web site and the Internet home page for a car navigation manufacturer were victims of Chinese hackers who stole names and residential registration numbers of 910,000 online members.

Read more on JoongAng Daily.

Imagine: actually detaining someone for not adequately protecting customer information. Can you imagine what our jails would like like if they did that here?


(Related) Interesting model. They gathered some “ordinary citizens” then gave them an overview of current practices and asked what bothered them.

http://www.databreaches.net/?p=10782

Compensation should be paid for personal data loss, says report

March 23, 2010 by admin

Urmee Khan reports:

Putting a price on privacy will deter organisations from losing or abusing people’s personal details, the influential think tank Demos found.

The recommendation comes amid increasing concern that there has been a dramatic expansion of a “surveillance society”, which threatens to erode civil liberties.

The report Private Lives, published today, recommended that consumers affected by the misuse or illicit sale of information should be compensated.

It has also advocated giving consumers more say over how their data is used. More consent should be required before personal data such as medical data and banking details are released, according to the findings.

Read more in the Telegraph.

Related: Private Lives: a People’s Inquiry into Personal Information by Peter Bradwell, Demos.

[From the Telegraph article:

Regulators should be required to name companies and government departments who mishandle information and produce a ‘Top 100 named and shamed’ list. [I like it, but you would need to factor in such things as Zero Day attacks and Security Best Practices. Bob]



For those interested in Self-Surveillance? Or perhaps Monitoring your Teenage Driver?

http://news.cnet.com/8301-19882_3-20000948-250.html?part=rss&subj=news&tag=2547-1_3-0-20

Motolingo brings telematics to clunkers

Motolingo's Motoriety is a neat tool that marries the data your car is generating in real time with the power of a smartphone to bring some pretty modern capabilities to older cars. There's hardware, software, and a Web service involved in the product, but it looks like it should all work together well.

The hardware component is a small black box that you plug into your car's diagnostic port (all cars built after about 1996 have them). It communicates via Bluetooth to software on your smartphone and monitors things like road speed, engine performance, and the causes of check engine lights. If you drive too fast (based on your programming), or in a way that's not "green," (based on engine load over time), you can get an alert.

The program can also use the GPS capability of your smartphone to "geofence" your car, sending an alert if you leave a pre-programmed area.

[Will your Toyota tweet “Let's go faster?” Bob]



Lots of stories on this topic. NPR mentioned that China I in the range of 600-800 million dollars (out of $27 Billion) of Google's business.

http://www.pogowasright.org/?p=8503

Google stops censoring in China

March 22, 2010 by Dissent

Everyone’s writing about Google’s cessation of censoring search results in China. Here’s a sampling:

Thomas Claburn reports:

Ending months of speculation, Google on Monday stopped censoring search results in China.

The company has done so by redirecting searchers who arrive at Google.cn, its search site in China, to Google.com.hk, which relies on servers based in Hong Kong.

Google’s chief legal officer David Drummond, in a blog post, explained that figuring out how to keep the company’s promise to stop censoring Google Search, Google News, and Google Images on Google.cn was difficult.

Read more on InformationWeek.

The BBC adds:

The US National Security spokesman, Mike Hammer, said: “We are disappointed that Google and the Chinese government were unable to reach an agreement that would allow Google to continue operating its search services in China on its Google.cn website.”

China’s official Xinhua news agency said Google had violated a “written promise” and was “totally wrong” to end censorship of its Chinese-language search portal Google.cn.

Chinese government officials had warned Google repeatedly that it would face consequences if it did not comply with the country’s censorship rules.

But Ryan Singel of Wired thinks that China will get the last word.

[From the Information Week article:

To assist users in determining which of Google's services have been blocked in mainland China, Google has created an Apps Status Web page for its users in China. The page currently shows that Blogger, Google Sites, and YouTube are blocked, that Google Docs, Groups and Picasa are partially blocked, and that Google Ads Gmail, News, and Web Search are available.

[From the BBC article:

While Google is the world's most popular search engine, it is a distant number two in the Chinese market, which is dominated by Baidu.



Hey, kids! Let's put all our Health Records online so Big Brother can protect them for us!

http://www.phiprivacy.net/?p=2270

Prescription drug database battle rages

By Dissent, March 22, 2010 10:09 am

Bob Barr comments on legislation proposed in Georgia:

Federal and state drug agencies want Georgia to create a database of doctors who prescribe pain medications, pharmacists who fill prescriptions for pain medications, and patients who receive prescription pain medications. And law enforcement agencies are employing a full-court press in the General Assembly to get what they want. Whether they succeed against a coalition of state senators and representatives concerned about such a privacy-invasive database, remains very much up in the air as the General Assembly enters the home stretch of its 40-day session. Hanging in the balance is the question of whether law enforcement and regulatory agencies across the state and across the nation will have ready access to Georgia citizens’ private medication records — to be analyzed, cataloged and manipulated in ways they will never know.

[...]Leaving aside for the moment the fundamental principle that what a doctor prescribes for a patient should be the concern of the doctor and his patient, and not law enforcement or government regulators, the bill pending before the Georgia General Assembly (currently, SB 418) to create a mandatory electronic database to monitor prescription drugs, sweeps far too broadly and raises serious privacy and other constitutional concerns.

Read more on The Barr Code.



Something for my Disaster Recovery classes.

http://www.bespacific.com/mt/archives/023812.html

March 22, 2010

ebrary Launches Free Natural Disaster and Extreme Weather Searchable Information Center

News release: "ebrary®, a leading provider of digital content products and technologies..announced that it has created a publicly available research center featuring hundreds of important government documents related to natural disasters and extreme weather - the Natural Disaster and Extreme Weather Searchable Information Center."



Ah ha! Al Gore is connecting his inventions (the Internet and Global Warming). Do you suppose he's been buying up lots of used computers? But more seriously, is this the best way the Brits can come up with to stop Global Warming? By the same logic, perhaps the government should pay us to keep 20 year old cars running rather than build new one?

http://it.slashdot.org/story/10/03/23/1016202/Tax-Free-IT-Repairs-Proposed-For-the-UK?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Tax-Free IT Repairs Proposed For the UK

Posted by timothy on Tuesday March 23, @07:02AM

judgecorp writes

"Removing tax from computer repairs could have a real impact on the IT industry's carbon footprint, according to a petition of the UK government. Old computer equipment often ends up in landfill, or in toxic illegal re-cycling centers in developing countries, because users think it is not cost-effective to repair it. Making repairs tax free could be a simple bit of financial engineering to encourage skilled jobs and keep electronics out of the waste stream, says the author of the campaign."


(Related)

http://reviews.cnet.com/8301-12261_7-20000872-10356022.html?part=rss&subj=news&tag=2547-1_3-0-20

Mobile phone buyback offered at carrier stores



April First humor...

http://www.makeuseof.com/tag/4-free-april-fools-prank-ideas-friends-love/

4 Free April Fools Prank Ideas Your Friends Will Love

No comments: