A data thief or “data runner” is the new drug runner. Let us face the facts. It is far less dangerous for a hacker to make off with the personal information for X number of people and get paid for that data than it would be to smuggle drugs into the US. These days it is more profitable and it would be harder to prosecute. To say nothing of the fact that it would be extremely difficult for law enforcement to capture the data runner let alone have the necessary legal resources to convict.
From Seattle Times:
While companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.
“More of them are experiencing data breaches, and they’re responding to them in a reactive way, rather than proactively looking at the company’s security and seeing where the holes might be,” said Linda Foley, who founded the San Diego-based Identity Theft Resource Center (ITRC) after becoming an identity-theft victim herself.
Foley’s group lists more than 79 million records reported compromised in the United States through Dec. 18. That’s a nearly fourfold increase from the nearly 20 million records reported in all of 2006.
Damn. That’s a lot of money. Law enforcement is playing catchup with these characters.
Tags: Data Theft, Data Runner, ID Theft, Data Security
The never ending parade of stolen/lost laptops added another to its list today. The Tennessean.com is reporting that a laptop containing voter information for Davidson County residents was stolen over the holidays. How many is that you ask?
337,000+
Ouch.
From the article:
That could persuade potential voters in the upcoming presidential primaries to avoid the process altogether, according to Deborah Narrigan, a member of the watchdog group Common Cause Tennessee.
“If you can’t trust that the commission can safely handle your Social Security number, it would raise doubts for a lot of people about its ability to secure other parts of the voting process,” Narrigan said.
County Election Administrator Ray Barrett said Friday that the commission will mail letters to all registered county voters this week notifying them of the incident. Barrett also said he has asked Metro’s Information Technology Services department to prevent future security breaches.
Tags: Data Loss, Stolen Laptop, Privacy
The holiday has dragged Storm worm back out for some more “smashy, smashy”. If you receive an email like the one above which arrived in our media email this morning do not click on it. That might seem self evident to some but, this malware continues to spread for a reason. A couple of the domains being used to spread the malware are happycards2008.com or newyearcards2008.com. This time around the creators of the storm worm have added a rootkit in an effort to avoid detection and to distribute the workload.
From Computer World:
Fortunately, said Giuliani, the rootkit is relatively old, and thus detectable by at least some security software. Neither is the move by Storm’s makers to hide its components and operations from anti-virus programs a new thing: the Trojan began using rootkits months ago.
Giuliani also wondered why the domains hosting the Trojan had not been taken down. “If the attack is currently known and security companies are updating their software, why are these fake domains still active?” he asked in a post to the Prevx company blog. “If servers behind [these] sites are constantly changing so that it would be impossible to shut them down, these servers are reached by four well-known domains. Why, after four days, hasn’t anyone successfully taken these domains down?”
That’s an easy one to answer. It’s the holiday season. No one home.
I didn’t say it was a good answer.
Tags: Storm Worm, Holiday Email Malware
I spent 20 hours asleep yesterday…beautiful morning. Where’s the coffee?
And now, the news…
- NIST releases final draft of FISMA guidance
- FBI Aims For World’s Largest Biometrics Database
- Locking down financial security
- US.gov paints gloomy picture of overseas threats
- Storm switches tactics third time, adds rootkit
- Google replies to lawmaker’s questions on privacy
- N. J. law restricts some sex offenders on Web
- Germany investigates 12,000 in child porn ring
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Security News
Well, that didn’t take the spammers long at all. No shock there. On the heels of the Bhutto tragedy Websense as issued an alert for malicious sites trying to infect computers. They are by using the attack as a lure for less than cautious web surfers.
From Websense:
Websense Security Labs has discovered malicious Web sites attempting to capitalize on the breaking news of the assassination of Benazir Bhutto. These sites attempt to infect users seeking more information about the event. This activity is similar to past news events, where attackers used malicious sites containing information about the event to infect visitors.
In this case, the first infected site found by Websense Security Labs was the second result in a Google search using a generic and simple keyword. Therefore, the site likely to receive large amounts of traffic. Clicking on the link in the search results did not trigger a warning from Google that the site may be malicious.
Tags: Bhutto, Benazir Bhutto, Bhutto Scripting Attacks, Bhutto Phishing Lure
As the Olympics approach in Beijing the Chinese are diligently preparing for the event. One aspect of it that can never be overlooked is the security of the event. Not only the physical as the world witnessed at the games in Munich in 1972 but, also from a network security aspect. There really is a lack of appreciation by the public with regards to the amount of work that goes into setting up for an event of this magnitude. I have noticed that there has been little press on this angle so far. There are a lot of multinational companies getting into the mix selling physical security solutions. I can only imagine sales folks are jumping in with both feet on the software side as well.
From Herald Tribune:
In preparation for the Beijing Olympics and a series of other international events, some American companies are helping the Chinese government design and install one of the most comprehensive high-tech public surveillance systems in the world.
When told of the companies’ transactions, critics of China’s human rights record said the work violated the spirit of a sanctions law Congress passed after the Tiananmen Square killings.The Commerce Department, however, says the sophisticated systems being installed, by companies like Honeywell, General Electric, United Technologies and I.B.M., do not run afoul of the ban on providing China with “crime control or detection instruments or equipment.” But the department has just opened a 45-day review of its policies on the sale of crime-control gear to China.
The network security will be of paramount importance as well. Especially when you take into account some of the folks who have recently moved into the neighbourhood.
Tags: Olympic Security, Beijing Olympics, Beijing Olympic Security, China Olympics
If at first the pdf spam doesn’t work. Try, try again.
From securitypronews:
It must be legitimate if it’s on video, right? Criminals would like you to think so when touting stocks they have bought for pennies, and hope you will buy and make them a profit.
Security vendor Symantec said these scam artists have embraced video file formats to promote stock symbols. Security researcher Jitender Sarda showed two examples, one shilling for a uranium stock, another for an oil and gas opportunity.
The only opportunity, of course, is to part with your money for a stock that will plummet when the criminals take their profits.
Read on.
Tags: Spam, Video Spam, Stock Scams
Just got word that former Pakistani PM Benazir Bhutto was killed at a rally this morning. She was apparently shot in the neck by an assailant. The attacker was allegedly wearing a suicide vest. Details are sketchy right now.
More to follow.
[UPDATE] 8:24 am Reuters is reporting that she has been been gravely injured but, is in fact still alive.
From Reuters:
Pakistani opposition leader Benazir Bhutto was seriously wounded in an attack after a rally in the city of Rawalpindi, her husband said.
“I was informed that she is badly injured,” Asif Ali Zardari told Ary-One television from Dubai.
CONFIRMED: 8:32 am She has died. A tragic moment in history. Yet again the democratic process has been derailed by fanatics and madmen. Was this a terrorist group or a political assassination by rivals? Only time will tell.
References:
BBC News
CNN
Washington Post
ABC News
CBC News
[UPDATE] OK, after having watched 24 hours (not literally) of CNN’s “breaking news” on this story I’m struck by something. Have we seen this before? Shortly after the attack Pervez Musharraf was saying that it was a terrorist attack. OK, so that would be anyone’s first guess. But, consider the source. He has a lot to gain by having Bhutto leave the playing field as it were. Before you start crying conspiracy nut read this on CNN.
The source of the claim was apparently Italian news agency, Adnkronos International (AKI), which said that al Qaeda Afghanistan commander and spokesman Mustafa Abu Al-Yazid had telephoned the agency to make the claim.
“We terminated the most precious American asset which vowed to defeat [the] mujahadeen,” AKI quoted Al-Yazid as saying.
According to AKI, al Qaeda No. 2 Ayman al-Zawahiri set the wheels in motion for the assassination in October.
One Islamist Web site repeated the claim, but that Web site is not considered a reliable source for Islamist messages by experts in the field.
The DHS official said the claim was “an unconfirmed open source claim of responsibility” and the bulletin was sent out at about 6 p.m. to state and local law enforcement agencies.
Hmm, the other sites aren’t chiming in. This is a group that is more than happy to take credit for bloodshed and mayhem yet, they are strangely quiet even as Bhutto is being laid to rest.
*cough* JFK *cough*
I’m just saying.
Tags: Benazir Bhutto, Bhutto, Pakistan Prime Minister, Assassination
I trust everyone had a good holiday. I for one am off until January 7th as I try to figure out what I want to do next in my career. Queue the New Year resolution sound track.
And now, the news…
- Kaspersky inadvertently quarantines Windows Explorer
- Storm Worm Tempts With Christmas Strip Show
- Instability and Modern Anti-Virus Software
- Inside the Data Encryption Revolution
- Cheney’s ‘remarkable’ Argument
- Poll: Vista gets vote of no confidence
- Christmas Brings Freedom and Hope for Jailed BitTorrent Admin
- Fierce 1.0
Click here to subscribe to Liquidmatrix Security Digest!
Tags: News, Daily Links, Security Blog, Information Security, Security News
Admit it, we are a fortunate lot. In all likelihood if you are reading this then you can afford to use/own a computer. I would hazard that there is a good possibility that you will be spending the holidays with family or maybe jetting off to some island to drink rum from the navel of some obliging young thing.
But, in all seriousness, not everyone has the same situation. One of the projects that I was toying with was setting up a charitable foundation but, Johnny Long has already done that. Rather than reinvent the wheel I thought I would add my voice to the rising tide of folks pushing the “i hack charities” project. Now less menacingly named “Hackers for Charity” I would ask people to have a look at this great project that is being led by Long and others.
From the site:
Picking on charities is just plain rude. Thankfully, that’s not what we’re about. We’re about proving that hackers have amazing skills that can transform charitable organizations. We’re about proving that those skills can be translated into careers, one keystroke and one resume bullet at a time. Got some extra keystrokes? Need some references to get your career rolling? Just want to give back to those in need? You’ve come to the right place.
I know that at the end of the year vendors tend to have old swag lying around. T-shirts, jackets, bags, well you get the idea. The Hackers for Charity could use these to help cloth a child in need or provide school supplies. When I attended RSA Security in 2007 I left there with 27 t-shirts and I wasn’t even trying to gather them. I have since given away most but, if you have anything like this consider providing it to these guys. Or more importantly they even collect donations.
Hint, hint.
So this holiday when you’re chillin’ out with a bottle of 18 year old scotch take a moment to pause and think. You could help someone in need by sending in money, swag or even by donating your skills.
Help support this cause. Thanks for allowing me this moment to climb the podium.
Have a safe and happy holiday!
Tags: Charity, Charitable Donations, Hackers For Charity, Johnny Long
