disLEXia

Tuesday, 22. July 2003

Hackers possibly using home PCs to defraud clients in South Afrika

• Hacker sneaks in the back door [moreover Computersecurity]
• Hacker still at large [moreover Computersecurity]
• Hackers possibly using home PCs to defraud clients [moreover Computersecurity]

Cisco IOS vulnerability

• Attacks already exploiting Cisco IOS vulnerability [isn]
• BT overdoses on Cisco security fix [The Register - Security]
• CA-2003-15: Cisco IOS Interface Blocked by IPv4 Packet [CERT/CC]
• Cisco Admits Flaw in Networking Software [LinuxSecurity.com]
• Cisco DOS Exploit in the wild. [NETSYS.COM]
• Cisco IOS Denial of Service Alert (update-2) [NETSYS.COM]
• Cisco IOS DoS exploit released in the wild [moreover Computersecurity]
• Cisco IOS DoS exploit released in the wild [The Register - Security]
• Cisco IOS IPv4 DoS [Kill-HUP.com]
• Cisco Router Flaw Leaves Internet Exposed [NewsFactor Cybercrime & Security]
• Cisco Routers Vulnerable to DoS Attack [moreover Computersecurity]
• Cisco flags DoS security alert [moreover Computersecurity]
• Cisco security hole hacked at top speed [moreover Computersecurity]
• Code to exploit Cisco flaw may pose risk [isn]
• DoS Flaw in Cisco Router, Switches [moreover Computersecurity]
• Fatale Cisco IOS Sicherheitsluecke [q/depesche]
• Hackers Attack Flaw in Cisco Equipment [moreover Computersecurity]
• Hackers Exploit Cisco Software Flaw [moreover Computersecurity]
• Hackers attack Cisco flaw; No outages reported [moreover Computersecurity]
• Rumours of new Cisco IOS vulnerability (update-6) [NETSYS.COM]

Small.biz has crap security

Small.biz has crap security

Published By: TheRegister.co.uk Posted By: Benjamin D. Thomas 7/18/2003 7:03

Small firms are at risk of disclosing their financial statements to unauthorised parties due to a lack of IT security, KPMG says. A global study carried out by KPMG found 87 per cent of those firms surveyed had suffered security breaches in the past year.

According to KPMG, small businesses could be at risk of disclosing financial information such as balance sheets and profit and loss accounts to parties outside their company. "Many businesses are failing to determine the level of risk they are exposed to, and are unsuccessful in identifying the security weaknesses within their IT systems and management practices," KPMG says. [LinuxSecurity.com]

http://www.theregister.co.uk/content/67/31821.html
10:49 | permanent link | mail this

Spammers Target Wi-Fi security

Spammers are preparing to use weaknesses in corporate wireless local area networks (Lans) to send out floods of unsolicited email, a security company chief has claimed.

CipherTrust said that, as security on fixed line internet connections tightens, spammers could gear up to exploit vulnerabilities in wireless Lan security.

Steve Raber, CipherTrust's chief executive, warned that spammers could send someone out with a laptop PC looking for vulnerable networks and then hijack a company's mail servers to send junk email. [NewsFactor Cybercrime & Security]

10:48 | permanent link | mail this

Thawte issues doppelganger certs warning

Thawte issues doppelganger certs warning By John Leyden Posted: 17/07/2003 at 16:04 GMT

  Digital certificate specialist Thawte has discovered that its systems have issued certificates with duplicate numbers over the last few months.

If one of the paired certificates is revoked the other will also be disavowed. Which is a pain. But essential encryption and security functions are not affected.

A technical rep for the South Africa-based security firm assured us that each private key obtained for a certificate is unique regardless of the certificate's serial number. We're thankfully not looking at a repeat of the incident two years ago when Verisign mistakenly issued a pair of digital certificates to scam artists in Microsoft's name .

...

[The Register - Security]
10:42 | permanent link | mail this

Re: [ISN] Update: Money seen as biggest obstacle to effective IT- security

Forwarded from: Mark Bernard <mbernard@nbnet.nb.ca>

Dear Associates,

If you read between the lines this story really identifies the
difference between a CISSP designation and a CISM designation. One
designation is entirely solution oriented while the other is business
oriented.

The CISSP does not demonstrate the skills necessary to justify
Information Security (InfoSec) to a business. So all those businesses
rushing out to get staff with a CISSP designation without additional
business management skills have shot themselves in the foot. Companies
will not budget for InfoSec unless it is a legitimate business need
and that means justification in business terms.

Without justification businesses will continue to only budget for
InfoSec positions assigned to larger non InfoSentric business units.
Its not entirely managements fault because they truly believe that
this will reduce the risk and take care of any problems that they
might encounter. This is the way that traditional management has
always dealt with more work, they hire more staff!

This however is a short-term fix which is very apparent within this
survey. Without adequate justification tied to strategic and tactical
business objectives InfoSec budgets will continue to not get approved.
After all, just because someone with a CISSP says that something needs
to be attended to doesn't mean that the company will automatically
open up the vault.

Regards,
Mark, CISM, CISSP.


----- Original Message -----
From: "InfoSec News" <isn@c4i.org>
To: <isn@attrition.org>
Sent: Thursday, July 17, 2003 4:46 AM
Subject: [ISN] Update: Money seen as biggest obstacle to effective IT
security

http://www.computerworld.com/securitytopics/security/story/0,10801,83109,00.html

By JAIKUMAR VIJAYAN
JULY 16, 2003
Computerworld

Inadequate funding remains the single largest obstacle to
implementing effective IT security measures at most companies,
according to the results [1] of a recently completed global survey
by Ernst & Young International.

Even so, a majority of the companies surveyed said they rarely or
never calculate return on investment when building a case for
information security budgets.

"Return on investment appears to have fallen out of favor as a
measure of the effectiveness of information security spending," Mark
Doll, Americas director of Ernst & Young's Security Services
division, said in a prepared statement. "It looks like we need to
find a credible alternative to conventional ROI approaches in order
to secure funds for the information security function."

The "2003 Ernst & Young Global Information Security Survey" was
conducted over a two-month period in early 2003 and includes
responses from more than 1,400 organizations in 66 countries.

Not surprisingly, 90% of the organizations surveyed said that IT
security is of high importance to them, with 78% identifying risk
reduction as the top factor influencing security spending.

Hackers hit Likud Web site, insert newsflashes of Sharon criticizing sons

Last Update: 20/07/2003 03:50

Hackers hit Likud Web site, slam Sharon's sons

By Yuval Dror , Haaretz Corespondent

Before dawn on Friday hackers entered the Likud's Internet site Likud.org.il, replacing three newsflashes with English ones in which Prime Minister Ariel Sharon criticizes his sons Omri and Gilad for remaining silent during their police interrogation.

The planted newsflashes also had Sharon blasting the Knesset members' moral standards.

For example, the headline of one newsflash says: "Sharon: my two sons Gilad and Omri behave like Uday and Qusay." The text said: "My sons' silence in police investigations signals to

others to do the same. The public must know that the police is not the enemy."

The headline of the second item said: "Sharon: there is a strong link between 15 year olds who cannot read and the example my sons set." The body of the text said: "Young people get the impression that this is how things really work. Why study hard if you can cheat. Why make an effort if you have no one to look up to?"

The third report quoted Sharon as saying, "The Likud suffers from low quality Knesset members ... Likud Knesset members Naomi Blumenthal, Yehiel Hazan, Michael Gorolovsky, Yaakov Edri and my son Omri set a bad example for the citizens. How can we expect people to follow the law while some of us double-vote and some keep silent in police investigations?"

Likud director-general Arik Barmi confirmed the site had been hacked into on the night between Thursday and Friday. "I asked our computer people to shut it down, clean out the inserted messages and put it back on the Internet. At the same time I ordered filing a complaint with the police," he said.

At noon Friday the site went up again without the phony news flashes, but over the weekend was removed again, probably for fear not all of the hackers' access points were traced.

Haaretz Daily Jul 19 2003 2:31PM ET [moreover Computersecurity]
10:31 | permanent link | mail this

Missing Computer Adds to Airport Screeners' Woes

Forwarded from: William Knowles <wk@c4i.org>

http://www.nynewsday.com/news/local/queens/nyc-screen0721,0,3811514.story?coll=nyc-manheadlines-queens

By Glenn Thrush
Staff Writer
July 21, 2003

[Federal officials are quietly scouring the Washington, D.C., area for
a stolen laptop computer loaded with vital information on dozens of
airport baggage and passenger screeners that could be used to forge
IDs.

The computer, property of the federal Transportation Security
Administration, contains screeners' names and addresses, along with
social security numbers, birthdates and other personal data. It was
stolen from an agency staffer's car in late May, according to TSA
spokeswoman Chris Rhatigan.

"We are working furiously to get it back and we've sent out a message
to let all of our screeners know they need to safeguard their personal
information," Rhatigan said.

There's no indication the theft was terrorism-related, but Washington
police and transportation officials are worried that the highly
sensitive contents could get into the wrong hands, she said.

"We're not giving out too much information on this because we don't
want to provide a road map for the terrorists," Rhatigan said.

The laptop is password-protected and contains other security features
that should make it hard for all but a hardened hacker to access, she
said.

Word of the missing computer comes just two weeks after a pair of top
TSA officials resigned amid criticism that the agency has performed
background checks on 22,000 of 55,000 employees, while failing to vet
85 criminals who got jobs at U.S. airports.

In June, Homeland Security chief Tom Ridge announced a cost-cutting
plan to lay off 6,000 screeners by the fall. Kennedy and Newark
Liberty International airports, stand to lose 396 and 273 full-time
positions, respectively, or about 20 percent of their screeners.
LaGuardia Airport will lose 36 or about 4 percent.

The TSA is fighting efforts by unions to organize the screeners. Union
activists and screeners gathered on the steps of City Hall yesterday
to accuse the agency of covering up security breaches and bullying
employees who complain to their supervisors.

"We don't have any whistleblower protection, so when we complain about
something that isn't right we can be fired or transferred," said
Miguel Shamah, a screener at LaGuardia. "That creates a danger because
the truth isn't getting out." Rhatigan called the comments
irresponsible and accused union organizers of "trying to scare the
flying public."

• ==============================================================*
  "Communications without intelligence is noise; Intelligence
  without communications is irrelevant." Gen Alfred. M. Gray, USMC
  ----------------------------------------------------------------
  C4I.org - Computer Security, & Intelligence - http://www.c4i.org
  ================================================================
  Help C4I.org with a donation: http://www.c4i.org/contribute.html
  
• ==============================================================* [isn]

Re: "Googlepol"

Hallo Liste,

Monday, July 21, 2003, 8:49:27 PM, Sven Ã&156;belacker wrote:

..

wenn du die zensurma=DFnahmen bei google.de meinst, kannst du auf die=20
internationale google-seite gehen:

http://www.google.com/intl/en

google.com allein leitet auf die deutsche zensierte seite.

FTC Warns Against Phisher Sites

Earthlink and the FTC warns against "phisher" sites that collect users' personal information in order to drain a bank account or steal an identity: Phisher site spams instruct consumers to click on a link to what looks like a real corporate Website and input their personal information. The fake, or "phisher" Website looks like it comes from a legitimate company with whom a consumer may have a relationship, but the fraudulent site is really just a vehicle to steal information. [GrepLaw]

http://www.nbc4columbus.com/technology/2347693/detail.html http://www.fbi.gov/pressrel/pressrel03/spoofing072103.htm http://www.boston.com/dailynews/202/economy/_EarthLink_Warns_Internet_User:.shtml

10:15 | permanent link | mail this

MO Sex Offenders Posted on Internet

[GrepLaw]
10:14 | permanent link | mail this

Privacy Isn't the Issue, Trust Is

Privacy Isn't the Issue, Trust Is

Published By: EditorAndPublisher Posted By: Adam Chalemian 7/21/2003 16:27

Privacy is an issue that uniquely plagues the online industry. Consumers don't seem to mind that banks sell their balance information, or that their in-store transactions, catalogue purchases, and magazine subscriptions are routinely sold to direct marketers. Or that security cameras record their comings and goings. For years, customers of Radio Shack freely gave up their home addresses and phone numbers just to buy some batteries.

I suspect there is more to fear in how offline personal credit records are compiled than in whether cookies are tracking you when you click on Internet ads, but the public remains convinced there is something, well sinister, about the collection and use of online data ... or do they?

Consumers rightfully complain about the intrusiveness of pop-up and pop-under ads and the incredible amount of irrelevant spam that overflows their in-boxes, and suspect that they might become targets when they complete online registration forms, sweepstakes, e-commerce orders, or newsletter sign-ups with their e-mail addresses. These complaints are regularly offered and portrayed in the press and by privacy pundits as evidence of significant consumer concerns about violations of their privacy. [LinuxSecurity.com]

http://www.mediainfo.com/editorandpublisher/headlines/article_display.jsp?vnu_content_id=1937712
10:09 | permanent link | mail this

Identity theft explodes in US

Almost 4% of Americans had their identity stolen in the past year, new research suggests, and the problem is only getting worse. [BBC News Online]
10:02 | permanent link | mail this

Cyber sex lures love cheats

Growing numbers of married people are turning to chat rooms for sexual thrills, say US researchers. [BBC News Online]
10:01 | permanent link | mail this

Music pirates face subpoenas

US record industry officials win 871 subpoenas to identify music pirates illegally downloading songs. [BBC News Online]
10:01 | permanent link | mail this

Cambodia expels web scammers

Twenty foreigners are thrown out of Cambodia, after facing charges of defrauding investors via the internet. [BBC News Online]
10:00 | permanent link | mail this

ID thieves rip off 7m US adults a year

By John Leyden Posted: 21/07/2003 at 12:57 GMT

  Seven million US adults,were victims of identity theft in the 12 months ending June 2003, according to Gartner. The analyst group is calling on banks to make it tougher for crooks to obtain credit in false names.

Gartner says its figures represent a 79 per cent increase in people affected by ID theft since its last survey in February 2002.

It takes issue with a common misconception about identity theft - that it's a Net crime perpetrated by anonymous, career criminals.

"Identity theft is not necessarily a high-tech crime, and can just as easily damage the credit reputations of low-tech adults who don't spend any time on the Internet," said Avivah Litan, vice president and research director for Gartner.

"More than half of all identity theft - where the method of theft is documented - is committed by criminals that have established relationships with their victims, such as family members, roommates, neighbours, or co-workers," said Litan, citing numbers published by the Federal Trade Commission.

With identity theft, a thief takes over a consumer's entire identity by stealing critical private information, such as the Social Security number, driver's license number, address, credit card number or bank account number. The thief can then use the stolen information to obtain illegal loans or credit lines to buy goods and services under the stolen name. Identity thieves typically change the consumer's mailing address to hide their activities.

"Many banks, credit card issuers, cell phone service providers and other enterprises that extend financial credit to consumers don't recognize most identity theft fraud for what it is," Litan said. "Instead they mistakenly write it off as credit losses, causing a serious disconnection between the magnitude of identity theft that innocent consumers experience and the industry's proper recognition of the crime. This causes a disincentive to fix the problem with the urgency it requires."

Without external pressure from legislators and industry associations, financial service providers (FSPs) may not have the sufficient incentive to stem the flow of identity theft crimes.

According to Gartner, consumers and lobbyists must press banks and other FSPs to wholeheartedly back efforts such as the US Fair Credit Reporting Act and BITS' Work on Identity Theft.

BITS , the Technology Group of The Financial Services Roundtable, was formed by the CEOs of the largest US financial institutions as the strategic "brain trust" for the financial services industry in the e-commerce arena.

The Fair Credit Reporting Act would cover security and accuracy of personal financial information and access to credit and financial services; BITS' initiative would make it easier for victims to report a crime to financial institutions.

"Most importantly, however, banks and FSPs must implement solutions that effectively screen for application fraud, so they don't wrongfully extend credit to identify thieves," said Litan. "Without industry prevention efforts, consumers whose identities have been stolen will continue to bear the brunt of social and indirect economic costs."

Additional information is available in two Gartner reports. These reports examine the rising trend of identity theft and what solutions are emerging in the market to prevent it. [The Register - Security]
09:58 | permanent link | mail this

Feds nab teen who scammed AOL

The Federal Trade Commission settles charges against a 17-year-old boy who used spam to snooker AOL customers into giving him their credit-card numbers. After going on a shopping spree, he's agreed to repay the money and spam no more. [Help Net Security]
09:56 | permanent link | mail this

Con artists pretending to be Internet companies

Stealing identities and credit card numbers with bogus e-mail and Web sites that appear to come from legitimate companies is an increasing problem on the Internet, federal officials warned Monday.

The Federal Trade Commission said it had brought its first case against this type of scheme, called "spoofing" or "carding." A 17-year-old California boy accused of posing as America Online agreed to settle federal charges by accepting a lifetime ban on sending junk e-mail and paying a $3,500 fine, the FTC said.

The FBI has received increasing numbers of complaints about this kind of scam, said Keith Lourdeau, a section chief with the bureau's Cyber Division.

"Due in part to this growing scam, we are seeing a rise in identity theft, credit card fraud and other Internet frauds," Lourdeau said at a news conference with officials from the FTC and EarthLink. Officials said they didn't know how many people have been victimized by the scam. [Help Net Security]

http://www.securityfocus.com/news/6458

09:55 | permanent link | mail this

Crime pays for identity thieves

The number of consumers who have fallen prey to identity thieves is severely underreported, market researcher Gartner said in a survey.

Crime pays for identity thieves Posted by Mirko Zorz - LogError Tuesday, 22 July 2003, 2:41 AM CET

The research firm estimates that 3.4 percent of U.S. consumers--about 7 million adults--have been victims of identity theft of some form in the past year. Moreover, arrests in identity theft cases are extremely rare, catching the perpetrator in only one out of every 700 cases, said Avivah Litan, vice president of financial service for Gartner.

"The odds are really stacked against the consumers," she said. "Unfortunately, they are the only ones with a vested interest in fixing the problem."

The release of the survey comes as state and federal governments are trying to stem the problem of identity theft. On July 1, California started requiring companies to report to consumers any incident that may have compromised their personal data. And new national legislation, the Fair Credit Reporting Act, would help protect victims once they determined that their identity had been stolen.

[Help Net Security]

http://zdnet.com.com/2100-1105_2-5050295.html

09:54 | permanent link | mail this

Chat channels make online fraud easier

Chat channels make online fraud easier Posted by Mirko Zorz - LogError Monday, 21 July 2003, 10:38 AM CET

On a recent Tuesday morning, one Internet chat group called #ccpower was bustling.

A user there was selling credit- card numbers, obtained illegally online, for 50 cents to $1 each. Another was accusing other sellers of stolen credit-card numbers of cheating, and yet another user wanted lessons on cracking into online sites containing credit-card information.

Internet chat groups, particularly those using a format called Internet relay chat, or IRC, now play an important and growing role in online credit-card fraud, according to a report released this month by a group of Internet security experts who form the Honeynet Project. The project sets up computer systems called honeynets that are intended to be easy to infiltrate in order to monitor and record how hackers work.

Online credit-card fraud has generally been carried out by hackers operating on their own, without much organization or automation of their schemes, the group says. But that appears to be changing. [Help Net Security]

http://www.rockymountainnews.com/drmn/technology/article/0,1299,DRMN_49_2123848,00.html
09:53 | permanent link | mail this

Code flaws push up cost of IT security

UK companies face a multimillion-pound bill as the number of flaws in Microsoft Windows software escalates, analyst firm Gartner has warned.

John Pescatore, an analyst with Gartner, said implementing personal firewalls to guard against Microsoft security flaws is a critical enterprise requirement.

However, businesses would have to pay about £100 per user to roll out personal firewalls to corporate PCs. Ongoing support costs could be an extra £30 a year per user.

"The growing use of corporate desktops on broadband connections means that corporate PCs, particularly laptops used by remote workers, are more exposed to direct internet-based attacks," said Pescatore.

Microsoft agreed that laptops and desktops should be loaded with their own firewall, which is not yet standard practice.

Graham Titterington, a senior analyst at Ovum, said corporate network security was particularly at risk from vulnerabilities in laptops and homeworkers' PCs with always-on broadband connections. He said the risk has been there for years but it is gradually increasing.

Pescatore pointed out that this is the first year when more laptops have been sold than desktop PCs. In-built security provided by Microsoft, such as the Internet Connection Firewall in Windows XP, is "not sufficient" as it only blocks incoming connections, he said.

Microsoft has released six Windows patches in the past fortnight and 13 "critical" patches this year. Pescatore said it was not unusual for firms to take 18 months to deploy such a large number of patches to all of their PCs, and the situation is set to get worse. Computer Weekly Jul 21 2003 8:15PM ET [moreover Computersecurity]
09:52 | permanent link | mail this

Hackers break into ATMs security system

Hackers break into ATMs security system

By Azhar Mahmood

KARACHI: Hackers have broken into some banks' ATM security system compelling them to modify systems to combat the new electronic attackers, sources in banking industry said on Monday.

The affected banks have so far failed to trace them and many among them have preferred to keep silence on the issue in order to avoid backlash from customers, sources said.

The attacked banks have not yet started any joint efforts to curb the rising problem of e-raiding under the supervision of central bank.

Sources said a top private bank, which has serious stakes in the ATMs has cautioned its ATM card holders by sending them a notice captioned "Compulsory Change of Pin Code for ATM Cards".

The notice says, "The holders of newly issued ATM cards will be required to first of all change their personnel identification number, generally called as PIN with some different 4 digits of their own choice, which they will keep confidential.

"After one-month, from the date of last PIN changed, ATMs will automatically illustrate an option to change the previous PIN. The facility for changing PIN at any time will, however, remain available to the card holders."

In Pakistan, the ATM card holders manifest a unique tendency to finance ATM accounts by channalising funds from foreign currency accounts. In July 2002 the total FCAs of $3,839.5 billion went down to $2,589.5 billion by the end of June 2003, said the latest official statistics of the SBP.

Sources said according to the first ever census on electronic banking conducted by SBP, the recent massive drop in ATM business of Rs13.948 billion up to March, 2003 was a direct result of $1.250 billion decline in overall foreign currency accounts (FCAs) of the country.

Sources said the funds transfer from FCAs to ATM accounts has however declined for last one year but the overall ATMs business is still facing serious problems.

Sources said the recently established Payment System Department (PSD) in the SBP has started monitoring electronic banking and a draft of new prudential regulations on electronic banking has been issued to solicit views of the bankers and stakeholders.

The PSD is busy evolving a new security system for smooth and safe transaction of electronic baking keeping in view the requirements and standards of the committee on payment systems and technical committee of the international organisation of securities commissions, sources said.

Sources said the central bank is at the same time busy in setting up real-time growth settlement system (RTGS) for safe banking transactions but it will take almost a year to start. The system will make the SBP the first central bank of South Asia to have this state-of-the-art system.

Sources in PSD said, "Payment system stability is a core central banking function. Efficient and well functioning payment system reduces systematic and operational risks, lowers transaction costs, aids in efficient use of financial resources, helps in financial market to become more liquid and promotes stability in the financial system."

Jang Group Jul 21 2003 6:33PM ET [moreover Computersecurity]
09:49 | permanent link | mail this

Police need breakthrough in Absa hacker case

• Hacker stole half-a-million rand from Absa clients [moreover Computersecurity]
• Hacker: Big banks set to talk [moreover Computersecurity]
• How Absa hacker targeted clients' home PCs [moreover Computersecurity]
• Police need breakthrough in Absa hacker case [moreover Computersecurity]

Industry Report Confirms Australians are Pirates

The Australian Record Industry Association has released a report (PDF),about file sharing and cd burning. The 1001-person telephone survey concluded that many millions of Australians obtained music illegally. The report noted that approximately 3 million of Australians had burnt compact discs and about the same number had downloaded music from the internet. Apparently, many young people were not aware the activity was against the law. [infoAnarchy]
09:42 | permanent link | mail this

Guilty plea in Kinko's keystroke caper

SecurityFocus is carrying the news that JuJu Jiang has entered a guilty plea to charges stemming from his use of keyloggers at thirteen Manhattan Kinko's stores. While this isn't really a case of "hacking", it does reinforce the notion of being careful what you access from a station that's not under your control. [Kill-HUP.com]

http://www.securityfocus.com/news/6447

Guilty Plea in Kinko's Keystroke Caper

By Kevin Poulsen ,SecurityFocus Jul 18 2003 4:20PM If you used a computer at a Kinko's in New York City last year, or the year before, there's a good chance that JuJu Jiang was watching.

The 25-year-old Queens resident pleaded guilty in federal court in New York last week to two counts of computer fraud and one charge of unauthorized possession of access codes for a scheme in which he planted a copy of the commercial keyboard sniffing program Invisible KeyLogger Stealth on computers at thirteen Kinko's stores sprinkled around Manhattan.

For nearly two years ending last December, Jiang's makeshift surveillance net raked in over 450 online banking passwords and user names from hapless Kinko's customers, according to the plea. He would use victims' financial information to open new accounts under their names, and then siphon money from their legitimate accounts into the new, fraudulent ones.

According to court records, the caper began unraveling last October, when Jiang had the bad luck to use a stolen GoToMyPC account to remotely control a victim's home computer while the victim was sitting in front of it. The victim, unnamed in court filings, watched as the PC's cursor began moving of its own accord, riffling through files, opening a browser window, and then establishing an account with online money transfer site Neteller.com under the victim's name. The victim had logged into the machine through GoToMyPC from a Kinko's on Seventh Avenue a few days earlier.

GoToMyPC's access logs captured Jiang's IP address, and after a brief investigation, the U.S. Secret Service raided the apartment Jiang shared with his mother in Queens. They seized books on hacking, a laptop computer and four desktop machines from Jiang's bedroom. Under questioning, Jiang, admitted sniffing passwords and usernames from Kinko's machines and selling them over the Internet, according to a Secret Service affidavit filed in the case.

Two months later, while free on bail, Jiang got caught planting another keyboard sniffer at a Kinko's on West 40th Street in New York.

The plea is silent on how much Jiang made from the scam, and prosecutor Joseph DeMarco said he couldn't answer questions about the case. The only financial losses that Jiang admitted to last week were $5,000 in "damage" caused to Kinko's computers by his installation of the surveillance software -- a stipulation that satisfies the minimum statutory requirement for a computer fraud conviction. Jiang also pleaded guilty to two criminal copyright violations for auctioning Microsoft software that was not meant for resale.

Jiang's attorney, Louis Freeman, told a judge that his client was undergoing a psychiatric evaluation, and that Freeman plans to use the results to ask for a reduced sentence. Reached by telephone, the lawyer declined to elaborate.

A Kinko's spokesperson said the company tries to make customers aware of the risks of entering personal information and data on publicly accessible machines, but would not discuss what security measures they take, or comment on whether the company made any changes as a result of the Jiang case. At least some Kinko's stores have warning placards next to every public workstation.

Last year, Kinko's security measures became an issue in the pre-trial arguments in the Zacarias Moussaoui terrorism prosecution. Defense attorneys sought information on Moussaoui's 2001 use of a public access PC at a Minnesota Kinko's store, but were foiled by what the FBI said was Kinko's national policy of completely reimaging public access machines on a weekly basis. It's not clear how that policy squares with Jiang's success; one possible explanation is that Jiang visited the 13 Kinko's frequently enough to retrieve the stored keystrokes before they were wiped out, and then re-installed his loggers afterwards.

Sold by San Francisco-based Amecisco for about $100 a copy, Invisible KeyLogger Stealth is a kernel mode keyboard sniffer that hooks Windows system calls to prevent users from seeing the program. Some anti-spyware products -- like Spydex's Advanced Anti- Keylogger -- can detect IKS through its growing keystroke logfile.

In an e-mailed statement, Amecisco's director Leon Yan said the company strongly condemns illegal use of its surveillance software. "Our intended audiences are authorized system administrators and parents," Yan wrote. "And I can give you examples after examples of parents [who] wisely used this tool to help with their children."

Jiang is in custody at New York's Metropolitan Correctional Center pending sentencing. A sentencing date has not been set.

09:26 | permanent link | mail this

Hackers leak Quake IV assets

Hackers leak Quake IV assets

by Lisa Byron

ID SOFTWARE has reacted fiercely to hackers having leaked a large number of unauthorised Quake IV assets onto the web. The US developer and its publisher Activision issued a statement this morning, warning that they will refuse to work in future with any games magazines and specialist websites who run these images. "On Friday 18th July a large number of unauthorised Quake IV assets were leaked onto the web," offered the statement. "We do not know the source of these leaked assets. Please be warned that id Software has instructed Activision that we are not to work with any magazine which uses any of these assets. If any magazine does so, id Software will not allow any assets for id games to be sent to these magazines in the future."

MCV Jul 21 2003 11:37AM ET [moreover Computersecurity]
09:23 | permanent link | mail this

Hackers using home PCs to defraud clients

Hackers using home PCs to defraud clients Related links

Monday July 21, 2003 15:07 - (SA)

Hackers could be using home computers to steal thousands of rands from Absa Bank's clients -- and not the system of the bank, the Banking Council said in a statement today.

"Because they are finding it increasingly difficult to breach the banks' own security systems, they are beginning to turn to weaker links outside of these systems, for example, internet service providers or the customers' own PCs.   "In this specific instance, it appears that the loophole was not in the banks' system but that home computers are being compromised," council spokeswoman Claire Gerbhardt-Mann said.   She said the banking industry should seek a solution to the problem and prevent fraudsters who continue to try new ways of robbing people of their money.   The Sunday Times reported that a hacker or "internet burglar" had been illegally transferring money from the accounts of Absa clients, apparently after obtaining their banking details by sending them "spy software" -- an email message that, when opened, sets itself up to record certain keystrokes on the computer and transmit these to a given address.   Thus the hacker obtains the victim's bank account number and personal identification number (PIN).   Experts from the police Commercial Crime Unit in Cape Town were investigating the illegal internet transfer of funds from Absa accounts as reported in the Sunday Times, police spokesman Superintendent Riaan Pool said on Sunday.   He said the police team was being assisted by a team from the bank. Police had received 10 complaints of fraud with the amount involved totalling R530,000.   The complaints were all laid at the same Cape Town police station in the course of the past two or three months, Pool said.   Gebhardt-Mann said the way the way this particular scam was perpetrated was that emails were being sent to the public, and when these were opened a virus was downloaded on to the computer which copied whatever was typed in.   "This information is then sent to the fraudsters," she said.   The Banking Council advised the public to make sure that no one had unauthorised access to their computers.   Gebhardt-Mann advised bank customers to install the latest anti-virus applications on their computers, exercise control over the shared folders, keep their PIN secret and to never disclose their PIN to anyone, including bank staff.

Sapa

Sunday Times South Africa Jul 21 2003 10:57AM ET [moreover Computersecurity]

http://www.sundaytimes.co.za/2003/07/20/news/news01.asp

Hacker cleans out bank accounts

Hundreds of thousands of rands stolen via Internet from Absa clients. By Edwin Lombard

A HACKER is targeting clients of South Africa's largest bank and has managed to steal hundreds of thousands of rands by breaching their accounts over the Internet.

The Police Commercial Crimes Unit confirmed this week it was investigating nine cases involving thefts from Absa accounts. Absa is the leading South African Internet banker with about 35% of the market and about 300 000 online clients.

Police and bank officials say it appears the perpetrator used "spyware" to gain access to the personal computers of the victims, and, having found out their Internet banking information, had transferred money out of their accounts.

Total losses of R230 000 have been reported to police - but one victim said late on Friday that he had discovered another R300 000 missing from his account.

Another victim, Helene van Tonder, a bookkeeper from Bellville, said her whole R15 000 salary had disappeared from her bank account the day after she was paid.

"When I went to the ATM on June 27, all my money was gone. When I contacted the bank, they said I must go and lay a charge at the police."

Van Tonder said the bank reimbursed her money and told her that somebody had gained access to her account via the Internet. She had, however, cancelled her Internet account with the bank.

Police spokesman Riaan Pool said police did not yet have all the details of how the hacker had worked but they knew that there was only one perpetrator.

"It is a hacker. The police are following up extremely good clues," he said.

Absa refused to refer to the culprit as a "hacker" and would only refer to the crime as "identity fraud" committed by a person who had gained access to clients' accounts through their own personal computers using the Internet.

Absa's group information security officer, Richard Peasy, said the bank's "security systems and processes had alerted the bank to suspicious activity before these clients knew about it.

"The transactions were frozen and the process for dealing with potentially fraudulent transactions was instituted," he said.

However, attorney Harry de Villiers said R300 000 had gone missing from one of his trust accounts when he went to check his statements on Friday. Fortunately, his trust accounts were insured. He said the bank had only alerted him to R10 000 that was mysteriously transferred into one of his accounts earlier in the week.

De Villiers made a report to the police late on Friday. His complaint is in addition to the nine already being investigated by the police.

He said when he checked his accounts more closely later, he discovered that the hacker had transferred amounts of R227 000 and R93 000 to another account.

De Villiers said further inquiries revealed that the person had bought 15 laptop computers by transferring some of the money into the account of the computer company and the rest into an account at a different bank.

Peasy said the crook had gained access to personal information of account holders through their own computers and said it had nothing to do with the bank.

He said the bank had already identified suspects and Absa's forensic team was working with the police.

"As with other banking channels, no fraud can take place on Internet banking accounts without the fraudster obtaining the client's Internet banking access account number and PIN number," he said.

Peasy said it appeared the fraudster had sent unsuspecting clients an e-mail, which, when it was opened, installed software that recorded information.

"It is a new trend called spyware. This has got nothing to do with the bank. It records keystrokes, like your account and PIN number, and then it e-mails the information to a Hotmail mailbox," he said.

Peasy refused to say how many Absa clients had been defrauded or how much money was involved, saying it was "a forensic issue".

http://www.sundaytimes.co.za/zones/sundaytimes/newsst/newsst1058764362.asp

Police on trail of bank hacker

Police experts from the commercial crime unit in Cape Town were investigating the illegal internet transfer of funds from Absa bank accounts as reported in the Sunday Times of July 20, a spokesman reported yesterday.   Superintendent Riaan Pool said the police team was being assisted by a team from the bank.   The Sunday Times reported that a hacker or "internet burglar" had been illegally transferring money from the accounts of Absa clients, apparently after obtaining their banking details by sending them "spy software" - an email message that, when opened, sets itself up to record certain keystrokes on the computer and transmit these to a given address.   Thus the hacker obtains the victim's bank account number and personal identification number or PIN.   Police had received ten complaints of fraud, said Pool, with the amount involved totalling R530,000. The complaints were all laid at the same Cape Town police station in the course of the last two or three months.   He could not divulge further information because of the sensitivity of the investigation, said Pool.

Sapa

http://www.sundaytimes.co.za/zones/sundaytimes/newsst/newsst1058781448.asp

Absa forensic team probes internet fraud

Monday July 21, 2003 12:30 - (SA)

South African banking group Absa's forensic team is probing several cases of internet fraud. This follows incidents where three clients in the Western Cape have had money moved from their accounts by a fraudster who gained unauthorised access to their computers.

Absa said in a statement that the fraudster gained unauthorised access to these clients computers and loaded software called key-stroke logging software which automatically copied everything they typed on their computers and sent it back to the fraudster without their knowledge.

The software therefore transmitted information about the bank accounts typed in by the clients to the fraudster, who was then able to use this information to electronically impersonate the client and gain access to their bank accounts.  A further six cases are under investigation, it said.

Absa said in a statement that a small number of internet account holders in South Africa have become victims of the latest international trend in internet fraud called identity theft.  Absa and the rest of the banking industry are working together to combat this new crime.

"Fraudsters are beginning to realise how difficult it is to breach bank security systems and are now targeting the home computers of account holders by stealing their electronic identity, mainly their PIN and access account numbers," said Richard Peasey, Absa Group Information Security Officer.

"Absa's forensic team is progressing with the investigation," said Peasey.

All Absa transactions are monitored 24 hours per day, seven days a week, all year round.

Absa has also called a meeting of all the information security officers in the banking industry to find ways of stopping this form of crime.

"At Absa and all the other banks, the peace of mind of our clients is our first priority and whenever we as the industry are faced with a new security problem like this, we work together to ensure the safety of clients' money,"

Peasey added. Absa's forensic team is working with industry experts to resolve the matter.

"All the banks including Absa have been putting information on their websites and in their banking halls for internet banking clients about safety precautions that they should take to protect their personal information.

"Internet banking is safe and clients need to be more vigilant than ever to ensure that it stays safe," he said.

I-Net Bridge

09:22 | permanent link | mail this

Internet-Attacken: Mittwoch ist der gefährlichste Tag

Internet-Attacken: Mittwoch ist der gefährlichste Tag  

Hacker arbeiten immer gezielter

Die Zahl sicherheitsrelevanter Ereignisse ist im ersten Halbjahr 2003 leicht zurückgegangen. Sie sank von 160,5 Millionen im ersten auf 136,5 Millionen im zweiten Quartal. Dafür hat der Anteil bestätigter Attacken und gefährlicher Vorfälle im gleichen Zeitraum um 13,7 Prozent zugenommen. Das ist das Ergebnis des vierteljährlichen Sicherheitsberichts für das Internet, den das Unternehmen Internet Security Systems (ISS) in Atlanta/ USA veröffentlicht hat.

Insgesamt 727 neue Schwachstellen hat das Forschungsteam der X-Force von April bis Juni 2003 registriert. 209 davon wurden mit dem Risiko-Level "High" eingestuft, 377 mit "Medium" und 141 mit "Low". Verglichen mit dem ersten Quartal, als 606 zusätzliche Lecks in Soft- und Hardware entdeckt wurden, entspricht das einem Anstieg um 20 Prozent. Den Sicherheitslöchern stehen 654 aufgespürte Würmer und hybride Gefahren gegenüber. Damit nähern sich Schwachstellen und Angriffsmethoden zahlenmäßig mehr und mehr an. Im gesamten Jahr 2002 standen 494 Gefahren noch 2.374 Lecks entgegen. Diese Entwicklung deute laut X-Force-Chef Chris Rouland darauf hin, dass Hacker immer gezielter bestehende und seit langem bekannte Schwachstellen angriffen.

Bei den Angriffszielen zeichnet sich ebenfalls ein eindeutiger Trend ab. Obwohl die FTP- und HTTP-Ports noch immer unter den zehn am meisten attackierten Ports sind, haben die Angriffe auf diese beiden Schnittstellen in den letzten 18 Monaten um durchschnittlich 46 und 96 Prozent abgenommen. Am häufigsten attackiert wurden Port 80 (45,54 Prozent), 137 (20,22 Prozent) und Port 1434 (13,68 Prozent).

Gefährlichster Tag für die IT-Sicherheit war im zweiten Quartal der Mittwoch. Durchschnittlich 1.809.222 Security-Events hat die X-Force für die Wochenmitte registriert. Dazu gehören auch Attacken, die dem so genannten Hacktivismus zuzurechnen sind. Das US-Ministerium für Homeland Security hat seine Gefahrenstufe für politisch motiviertes Hacking und Cyberterrorismus zweimal auf "Orange" (große Gefahr) erhöht. Einmal war dies der Fall vom 17. März bis 16. April während des Irak-Krieges und ein zweites Mal zwischen 20. und 31. Mai als Reaktion auf terroristische Angriffe in Saudi-Arabien und Marokko.
09:15 | permanent link | mail this

Typischer Hacker ist unter 21

Dienstag 15. Juli 2003, 08:25 Uhr Typischer Hacker ist unter 21

Wiesbaden (pte) - Der typische Internet-Hacker ist männlich, zwischen 16 und 21 Jahren alt und lebt noch bei seinen Eltern. Zu diesem Ergebnis kommt das deutsche Kriminalistische Institut des Bundeskriminalamts (BKA) http://www.bka.de in einer Studie über "Account-Missbrauch im Internet". Das BKA hat gemeinsam mit der Universität Münster einen Fragebogen entwickelt, der an beteiligte Staatsanwaltschaften, Gerichte und Eltern von Tatverdächtigen verschickt wurde. 599 Fragebögen wurden ausgewertet. Drei Typen von Hackern konnten ausgemacht werden. http://www.bka.de/informationen/account_missbrauch.pdf Der Studie zufolge gibt es einen "typischen" Hacker, 65,8 Prozent (373 Mitglieder) der Täter zählen zu dieser Gruppe. Er ist männlichen Geschlechts, zwischen 16 und 21 Jahren alt und lebt bei seinen Eltern. Er hat eine mittlere oder gehobene Schulbildung und mittlere bis hohe Computerkenntnisse, die er sich autodidaktisch erworben hat. Gründe für den Account-Missbrauch sind in dieser Gruppe in erster Linie wirtschaftlicher Natur oder um auszuprobieren, was geht. Der durchschnittliche Schaden, den diese Gruppe anrichtet, beträgt 388 Euro.Die zweitgrößte Gruppe der "untypischen Täter" (119 Mitglieder) ist auch männlich, aber älter als die typischen Täter und lässt sich wegen vielfältiger Möglichkeiten zur Lebensgestaltung nicht eindeutig kategorisieren. Die untypischen Täter haben mehr Geld und mehr PC-Erfahrung als die erste Gruppe. Der Schaden, den sie angerichtet haben, ist mit durchschnittlich 429 Euro nur geringfügig größer als der der typischen Täter. Die dritte und kleinste Gruppe besteht aus Frauen (5,8 Prozent, 35 Mitglieder). Im Schnitt sind sie 34,7 Jahre alt und haben geringere EDV-Kenntnisse und langsamere Rechner als die männlichen Täter. Ihr Hauptmotiv besteht meistens auch im Ausprobieren oder in wirtschaftlichen Erwägungen. Nur fünf Prozent von ihnen wussten, dass sie eine strafbare Handlung begehen.Im Mittel waren die Täter 23 Jahre alt, insgesamt 72,2 Prozent von ihnen lebten während der Tatbegehung bei ihren Eltern. Das Hauptmotiv bei allen drei Gruppen sind wirtschaftliche Gründe (51,3 Prozent), zweithäufigstes Motiv ist das Ausprobieren (33,1 Prozent).
09:14 | permanent link | mail this

Verbreitung von kriminellen Informationen im Web nimmt zu

Montag 14. Juli 2003, 15:24 Uhr Verbreitung von kriminellen Informationen im Web nimmt zu

New York (pte) - Chat-Gruppen, vor allem solche, die das Format IRC (Internet relay chat) benutzen, spielen eine immer bedeutendere Rolle im Online-Kreditkarten-Betrug. Das geht aus einem Report von Honeynet Project http://project.honeynet.org , einer internationalen Gruppe von Experten für Internetsicherheit, hervor. Demnach haben Kriminelle, die mit gestohlenen Kredit-Karten-Infos handeln, bisher allein gearbeitet. Honeynet Project konnte mit einem speziellen System, den sogenannten honeynets, die Hacker ausfindig machen und entdeckte dabei, dass mittlerweile ganze Organisationen hinter den Betrügereien stecken.Chat-Channels ermöglichen es großen Gruppen von Usern, ihre Taktiken für kriminelle Aktivitäten auszutauschen. Die IRC-Channels können nur von jenen Eingeweihten benutzt werden, die den genauen Server sowie den Namen des Channels kennen. Die meisten dieser Channels sind auf Websites außerhalb der USA installiert, zum Beispiel in so "exotischen" Ländern wie Aserbaidschan. Des weiteren muss der Interessent die geeignete Software installiert haben, um den Channel betreten zu können.Zu den größten der zum kriminellen Zweck verwendeten IRC-Channels zählen dem Report zufolge ccpower, ccinfo, masterccs oder cc. Auf diesen Channels werden Kreditkarten-Nummern und Informationen ausgetauscht. Außerdem werden Tutorials angeboten, in denen gelehrt wird, wie man hackt, anonym bleibt und Ähnliches. Die User dieser Channels stammen aus der ganzen Welt, wird eine Location geschlossen, öffnet sich bereits die nächste. Im vergangenen Jahr betrug die Gesamtsumme im Online-Kreditkarten-Betrug über 850 Mio. Dollar.
09:13 | permanent link | mail this

RECHNER-HIJACKING

Spam- und Porno-Server wider Willen

"migmaf" ist kein Trojaner wie all die anderen: Das wahrscheinlich seit Anfang Juni im Umlauf befindliche Schadprogramm kidnappt unbemerkt Rechner und macht sie zum Server für Spam und Pornoseiten.

Der Fluch des Web: Spam macht E-Mail zunehmend unbrauchbarer

Echte Hacker sehen auf die Viren-schreibenden pubertären Skript-Kiddies nur hinab. Für sie scheidet sich die hackende Community in nur zwei ernst zu nehmende Lager: Die Hacker oder Whitehats auf der einen und die Cracker oder Blackhats auf der anderen Seite. Die einen sehen sich als die Helden von Digitalien, die anderen sind kriminell.

Das jedoch heißt nicht, dass sie keine Programme schreiben könnten, die Hackern wie IT-Sicherheitsexperten Respekt abnötigen. Bei "migmaf" etwa, sagte der IT-Experte Richard Smith der "PC World", habe er zunächst nur eines gedacht: "Wow! Das ist interessant!"

P2P-Spamnetz

Denn migmaf, scheinbar zunächst nicht mehr als einer der üblichen, vielen Hundert lästigen Trojaner, entpuppte sich schnell als etwas Außergewöhnliches.

Wahrscheinlich seit Anfang Juni ist der Schädling unterwegs und befiel seitdem nur einige Tausend Rechner. Das ist zunächst nicht viel - aber mehr will das Virus anscheinend auch gar nicht.

Denn migmaf kredenzt seinen Kontrolleuren - wahrscheinlich russischen Crackern - einen Zugang zum befallenen Rechner. Die vollenden dann die Installation eines für das Opfer kaum zu bemerkenden Proxy-Servers: Das Opfer wird zum Teil des Crack-Netzwerkes - und in den Augen vieler hundertausend danach bespamter E-Mail-Kontenbesitzer zum Täter.

Denn migmaf vollbringt eine alles andere als triviale Leistung: Er verteilt Spam-Mails über "sein" Netzwerk, die den User zu einer pornografischen Website führen sollen. Doch die hat zwar eine fixe Adresse, aber keinen "Ort" im Internet: Alle paar Minuten wechselt sie scheinbar die IP-Adresse.

Denn letztlich installiert migmaf nichts anderes als die kriminelle Karikatur eines P2P-Netzwerkes: Von einem zentralen Server aus "senden" seine Programmierer ihre Pornoseiten aus, die dann in stetem Wechsel über die

DER SPIEGEL

Durchgezählt: Spam-Mail-Aufkommen nach Kategorien

unfreiwilligen Proxyserver der von migmaf befallenen Rechner "wandern". Mit migmaf wird also wirklich und endlich jeder ein Sender - ob er nun will oder nicht.

Damit baut migmaf nicht nur eine außerordentlich hohe Kapazität für den Versand von Spam auf, sondern verwischt auch relativ effektiv die Spuren zum wirklichen Verursacher.

Schutz vor Entdeckung

Doch es geht noch weiter. Um die Porno-Websites "wandern" lassen zu können, installiert migmaf ein kleines DNS-System auf den befallenen Rechnern. Keiner der gekidnappten Rechner "sendet" für mehr als zehn Minuten Pornoseiten aus - in diesem Takt wechseln sich die "Sender" ab. Solange es davon genug gibt, fällt der Mehrverkehr wahrscheinlich noch nicht einmal den Serviceprovidern auf, was in diesem Falle sogar wünschenswert wäre: Normalerweise kommt es bei massivem Mehrverkehr zu einer Warnung oder Verwarnung durch den Serviceprovider.

Sicherheitsexperten gehen davon aus, dass es bereits mehrere Versionen des Virus gibt, die großen Virenschutz-Entwickler arbeiten an Programmen, migmaf und ähnliche Programme zuverlässig erkennen zu können. Bis dahin bleibt nur die Mahnung vor allem an die Nutzer von DSL-Leitungen, diese nie ohne eine gut funktionierende Firewall zu betreiben. Die kann zumindest verhindern, das migmaf "auf Sendung" geht.

Denn zumindest die Frage, was all das für einen Sinn haben soll, war sehr schnell erklärt: migmaf leistet nichts anderes als den Aufbau eines P2P-Netzwerkes ausschließlich zur Verteilung von Spam. Und weil diese nicht von einem, sondern von Tausenden ständig wechselnden Servern verteilt werden, hat es die Spamfilter-Software schwer, mitzuhalten.

Pyrrhussieg

Sicherheistexperten des US-Unternehmens LURHQ gelang es Ende letzter Woche, das erste nachgewiesene migmaf-Netzwerk stillzulegen. Keine leichte Aufgabe: Die Experten berichteten, dass sie für IP-Rückverfolgungen, für die sie normalerweise wenige Minuten brauchten, satte sieben Tage gebraucht hätten. Selbst dann könnten sie sich nicht sicher sein, ob sie wirklich den "Master-Server" gefunden haben, oder nur das erste der Opfer in einer Kette von Tausenden.

Eines aber scheint klar: Prinzipiell lassen sich migmaf-Trojaner mit Hilfe jedes Virus ausliefern, und ungezählte migmaf-Spamnetze ließen sich parallel betreiben.

migmaf ist also die Antwort der Spam-Mafia auf die Versuche, dem Werbemüll endlich den Hahn abzudrehen. Sieht so aus, als würde das noch schwerer als gedacht: Schöne Aussichten sind das nicht.

Frank Patalong
09:12 | permanent link | mail this

Der typische Hacker Junger Mann, lebt bei den Eltern

Montag, 14. Juli 2003 Der typische Hacker Junger Mann, lebt bei den Eltern  

Der typische Computer-Hacker ist ein junger Mann, der bei seinen Eltern lebt. Das ist das Ergebnis einer am Montag vorgestellten Studie des Bundeskriminalamts (BKA) in Wiesbaden und der Polizei Münster.   Die Täter seien zwischen 16 und 21 Jahren alt und hätten eine mittlere bis gehobene Schulbildung. Die Verbindungen mit fremden Daten bauten sie vom Telefonanschluss der Eltern aus auf. Zugangsdaten würden über Chat-Rooms und Hacker-Seiten bekannt.   Im Januar 2000 sei im Polizeipräsidium Münster die Ermittlungskommission "INET" gebildet worden, die 310 Strafanzeigen aus dem gesamten Bundesgebiet bearbeitete, berichteten das BKA und die Polizei Münster weiter. Die Fahnder ermittelten 3.600 Menschen, von deren Anschlüssen aus Internet-Verbindungen mit fremden Zugangsdaten aufgebaut wurden. Der Gesamtschaden liegt nach Berechnungen der Ermittlungskommission bei 1,5 Mio. Euro. Insgesamt 990.000 Einzelverbindungen, 29.000 Kundendaten und rund 8.600 Telefonanschlüsse seien überprüft worden.
09:11 | permanent link | mail this

Wie Trojanische Pferde fremde PCs zu willenlosen Spam-Monstern machen

Wie Trojanische Pferde fremde PCs zu willenlosen Spam-Monstern machen

In Russland angesiedelte Spammer () verbreiten ihren elektronischen Müll seit einiger Zeit mit einer neuen hinterhältigen Methode: Sie schmuggeln Trojanische Pferde auf Rechner unwissender Opfer, die Massen-Mails aussenden und als Host () für Porno-Inhalte dienen. Sicherheitsexperten bekamen erste Hinweise auf das illegale Treiben bereits Ende Juni, sagte Joe Stewart, Analyst beim Security-Spezialisten Lurhq. Damals waren Massen-Mails unter anderem mit Angeboten russischer Porno-Sites aufgefallen, die alle paar Minuten von einem anderen Absender ausgingen.

HACKER VERWENDEN IP-ADRESSE () DER OPFER UM () IHRE ZU VERSTECKEN Das "Migmaf" (Migrant Mafia) genannte Trojanische Pferd dient als eine Art Proxy-Server, über den die Spammer ihre wahre Herkunft verschleiern. Einerseits ersetzt es die Original-Adresse durch die IP-Adresse des infizierten Rechners, andererseits schleust es die pornografischen Inhalte über den Rechner, wenn ein Spam-Empfänger auf einen Link () in der Massen-Mail klickt. Um die Spuren weiter zu verwischen, werden infizierte PCs immer nur für kurze Zeit eingesetzt, so die Experten.

ANSTECKEN KANN MAN () SICH QUASI ÜBERALL Auf welchem Weg die Spammer den Schädling verbreiten, ist noch nicht bekannt. Laut Stewart ist ein Wurm () als Träger ebenso möglich wie ein manipuliertes ActiveX-Control. Auch könnten infizierte Dateien in Online-Tauschbörsen wie Kazaa () eingeschleust oder via IRC () (Internet Relay Chat) auf die Rechner gebracht worden sein. (idg/oli)
08:59 | permanent link | mail this

IDENTITÄTS-DIEBSTAHL: Cracker räumt Online-Konten ab

Einem unbekannten Cracker gelang bei Südafrikas größter Bank die Selbstbedienung: Mit einem Keylogger-Programm stahl er Zugangscodes direkt bei den Kunden. Die müssen nun nachweisen, dass sie sich ausreichend geschützt haben.

Über das Online-Banking gibt es zahlreiche Legenden: Lange Jahre zögerte das Gros der Kunden, über das Web überhaupt Geld zu bewegen. Inzwischen gilt das als weitgehend sicher - und hartnäckig hält sich die Legende, die Banken würden erfolgreiche Hacks, wenn es sie geben würde, schon stillschweigend vertuschen. Der Kunde jedenfalls müsse keinen Schaden erwarten.

Harry de Villiers, Rechtsanwalt in Südafrika, weiß das jetzt besser. Als Kunde von Südafrikas größter Bank Absa gehört er zu einem bisher kleinen Kreis von Kunden, deren Konten in den letzten Tagen durch einen Cracker erleichtert wurden. Drei Fälle erkennt die Bank bisher an, sechs weitere werden augenblicklich untersucht. Insgesamt 530.000 Rand (rund 61.500 Euro) zog der Cracker bisher ab, 300.000 allein bei Villiers.

Ihn aufzuspüren wird nicht leicht. "Auf Seiten der Bank", versichert Absa-Sprecher Richard Peasey, "gab es keine Sicherheitsverletzung". Absa sei mitnichten gehackt worden, vielmehr setze der unbekannte Cracker direkt bei den Kunden an.

Wahrscheinlich, vermuten Sicherheitsexperten, jubele der Cracker den Kunden ganz gezielt per E-Mail einen so genannten Trojaner unter. Der aktiviere ein Keylogging-Programm, das von da an jeden Tastaturanschlag protokolliere und an den Cracker weiterleite. Die entsprechenden Mails landen auf einem unter falschem Namen eröffneten Hotmail-Account.

Nach und nach erfahre der Cracker so Zugangspassworte und PIN-Nummern. In den meisten Banking-Systemen bedarf es zu einer Abhebung aber darüber hinaus so genannter TAN-Nummern, die nach ihrem ersten Gebrauch verfallen. Das deutet darauf hin, dass der Cracker auch einen Echtzeit-Zugang zum Rechner der Betroffenen geschaffen hat: Er fängt die TAN-Nummern ab und gebraucht sie in der Folge im Namen ihrer eigentlichen Besitzer. Für die Bank besteht dabei kaum eine Möglichkeit festzustellen, ob sich nun Kunde oder Cracker im System befinden: Das ganze, sagt Pearsey, sei ein klassischer Fall von ID-Diebstahl, und kein Hack des Banksystems.

Auch, wenn das zunächst anders klingt, sind dies keine guten Nachrichten für Banking-Kunden. Bei einem Hack des Banksystems könnten diese gegenüber der Bank Schadensersatzansprüche geltend machen. Bei einer Methode, die beim Kunden ansetzt, müssten sie zunächst einmal nachweisen, dass sie zumindest versucht hatten, sich hinreichend zu schützen. Selbst dann bleibt die Schadensersatzfrage unklar.

Banksprecher Pearsey gibt an, man sei dem Cracker bereits auf den Fersen. Das ist noch nicht einmal unwahrscheinlich: Alle Geschädigten erstatteten ihre Anzeigen bei der gleichen Polizeibehörde, leben am gleichen Ort. Das erklärt auch, wie der Cracker so gezielt einzelne Bankkunden "ansprechen" konnte: Wahrscheinlich begann der Crack mit einer Beobachtung einer örtlichen Bank und ihrer Kunden.

Mit rund 400.000 Online-Kunden ist Absa Südafrikas größte Online-Bank. Insgesamt nutzen etwa 1,2 Millionen Südafrikaner die Möglichkeiten des Online-Banking.

Presseerklärung: http://www.absa.co.za/ABSA/Media_Releases/Article_Page/0,1551,424,00.html

Absa leads fight against Internet fraud

Publication Date : 20 July 2003

A small number of Internet account holders in South Africa have just become victims of the latest international trend in Internet fraud called identity theft. Absa and the rest of the banking industry are working together to combat this new crime.

“Fraudsters are beginning to realise how difficult it is to breach bank security systems and are now targeting the home computers of account holders by stealing their electronic identity, mainly their PIN and access account numbers,” says Richard Peasey, Absa Group Information Security Officer.

An Absa investigation has confirmed that so far, only three clients in the Western Cape have had money moved from their accounts after the fraudster managed to gain unauthorised access to their computers and load software called key-stroke logging software which automatically copied everything they typed on their computers and sent it back to the fraudster without their knowledge. The software therefore transmitted information about the bank accounts typed in by the clients to the fraudster. The fraudster was then able to use this information to electronically impersonate the client and gain access to their bank accounts. A further six cases are under investigation.

“Absa's forensic team is progressing with the investigation, ” says Peasey. All Absa transactions are monitored 24 hours per day, seven days a week, all year round.

Absa has also called a meeting of all the information security officers in the banking industry to find ways of stopping this form of crime. “At Absa and all the other banks, the peace of mind of our clients is our first priority and whenever we as the industry are faced with a new security problem like this, we work together to ensure the safety of clients’ money,” confirms Peasey. Absa’s forensic team is working with industry experts to resolve the matter.

“All the banks including Absa have been putting information on their websites and in their banking halls for Internet banking clients about safety precautions that they should take to protect their personal information. “Internet banking is safe and clients need to be more vigilant than ever to ensure that it stays safe,” says Peasey. He says that the safety precautions that clients should be taking include:

To prevent key-logging:

Make sure that no-one has unauthorized access to your PC. Ensure that you have the latest anti-virus applications loaded on your PC. Your local supplier will provide you with details in this regard. Make sure that the software that is loaded onto your PC via a third party is licensed. Update your operating system and browser with the latest Microsoft patches to protect your PC from exploitation. These can be downloaded from the Microsoft website http://www.microsoft.com Do not open suspicious or unfamiliar e-mails. Ensure that you have control over the shared folders on your PC as a shared folder could make your PC vulnerable to unauthorized installation of suspicious software. A shared folder can be identified by a blue icon shaped in the form of a hand.

General safety tips:

It is important to ensure that you are at the Absa website. This you do by checking the Absa Security Certificate by clicking on the security icon. Ensure that you are on the secure Absa Internet banking website by checking that the URL begins with “https” rather than “http.” The initial connection to www.absadirect.co.za will redirect the connection to an available Internet banking server. Always ensure the secrecy of your PIN number. Never disclose your PIN number to anyone – this includes bank staff members. A bank staff member will never ask you for your PIN. When entering your PIN information make sure that you cannot be seen – you never know who might be watching. Be especially vigilant of security cameras trained on your PC.
08:56 | permanent link | mail this

disLEXia, a research project by Maximillian Dornseif