I just love this video clip prepared by our security marketing guys 🙂
http://youtu.be/YrqYpmp06Ic
Category: Cybercrime
Facebook ID theft
People are now hacking into the social networking site, posing as friends in need and requesting money. There is a big article in the Swedish newspaper on this, whereby a facebook user’s friends have been conned for significant amounts of money. Due to the public nature of these profiles, hackers are able to not only identify the location of the person they are pretending to be, but they can also identify and in turn adopt writing styles in their email plead for ‘help’ – making it that much more difficult to spot a fake. What makes this different from ID theft is that it is not the person who’s id that is stolen that is the victim, although clearly it can be very embarrassing for them to subsequently explain their actions, it is that their Facebook identity is stolen and their friends who are the victims.
Tips on how to counteract this type of fraud, apart from not using social networking sites, are provided at ninemsn Today.
U.S. House overwhelmingly passes cybersecurity research bill
The Cyber Security Research and Development Act of 2009, which passed by a vote of 422 to 5, authorizes the National Institute of Standards and Technology (NIST) to develop a cybersecurity education program that can help consumers, businesses, and government workers keep their computers secure.
“This bill will help improve the security of cyberspace by ensuring federal investments in cybersecurity are better focused, more effective, and that research into innovative, transformative security technologies is fully supported,” said Symantec CTO Mark Bregman. “HR 4061 represents a major step forward towards defining a clear research agenda that is necessary to stimulate investment in both the private and academic worlds, resulting in the creation of jobs in a badly understaffed industry.”
Article here
Stolen account information as a commodity
This came on the news this weekend:
Stolen account data from a bank in Switzerland are for sale for 2.5 million euros. German state says that it is considering a purchase, when calculating the opportunity to access 100 million in tax liabilities. Germany has previously made a similar deal with good profit back in 2008.
It all feels a little sad when it leads to the legitimizing this type of trade in personal data. Data that has been aquired through breaking the law (hacking).
Read all about it here
So who’s hacking who ;-)
Chinese search engine Baidu.com has filed a lawsuit that blames a U.S.-based Internet domain registrar for allegedly allowing a hacking attack that left the site disabled and defaced. Read more at cnet news.
Google briefs Clinton on Chinese cyber attack
Things are getting interesting following Google’s statement to stop censorship on Google search results in China ….
Clinton has made a brief statement “We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy. I will be giving an address next week on the centrality of Internet freedom in the 21st century, and we will have further comment on this matter as the facts become clear.”
Google Enterprise president Dave Girouard stresses that the attack was “not an assault on cloud computing” and “we believe our customer cloud-based data remains secure.” It is unusual for corporations to disclose such attackzs precisely because of the uncertainty they might fuel among customers, but Google says it is opening up “because we are committed to transparency, accountability, and maintaining your trust.”
The Chinese cyber warriors are well armed
Following my previous post, and understanding Google’s sudden decision… or maybe not so sudden….
“The decision wasn’t made in a vacuum, but rather came after years of increasing cyberattacks from the Chinese mainland. A recent, massive infiltration attempt that targeted Google and 20 other tech companies was the final straw. Though Google stops short of naming the Chinese government as the party behind the attacks, the implication is clear.
-
In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident—albeit a significant one—was something quite different.</ul>
Here is an interesting report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation .
Cybersitter is suing the Chinese government
In addition to the vulnerabilities discovered in Green Dam, the filtering software now installed on every PC sold in China since July 2009… the American company that created this program is has filed a $2.2bn (£1.4bn) lawsuit in the US accusing Beijing of stealing lines of code.
The software was created to stop people looking at “offensive” content such as pornographic or violent websites, however it seems that it also inadvertently blocks sites dealing with sexual health issues. Read more at BBC News.
Data Breach Hit Parade
Keylogging and spyware, backdoor or command/control and SQL injection are the top three cyber attack vectors according to a recent study by the Verizon Business RISK Team. The full “2009 Data Breach Investigations Supplemental Report ” is available here.
Man arrested for stealing in RuneScape – a virtual world
I just love this, the first known case ever, a man has been arrested for stealing virtual artifacts in a virtual world!
He hacked into accounts to steal virtual characters and their possessions on one of the world’s biggest multi-player online games RuneScape, a web-based role playing game with more than ten million members.