Earlier this year, the New Zealand Department of Internal Affairs, the US Federal Trade Commission, and the Australian CMA broke up a large fake drug spam ring known as Herbal Kings, run by New Zealander Lance Atkinson. The NZ government fined him NZ$108,000 (about US$80,000) which, while a substantial fine, seemed pretty small compared to the amount of money he must have made. But today, at the FTC's request a US judge fined Atkinson US$15.5 million, and got his US accomplice Jody Smith to turn over $800,000, including over $500,000 in an Israeli bank. more
ISOTF Critical Internet Infrastructure WG is now open to public participation. The group holds top experts on internet technology, critical infrastructure, and internet governance, from around the globe. Together, we discuss definitions, problems, challenges and solutions in securing and assuring the reliability of the global internet infrastructure, which is critical infrastructure for a growing number of nations, corporations and indeed, individuals -- world wide. more
CBS's 60 Minutes aired a special report last night investigating how hackers can get into the computer systems that run crucial elements of the world's infrastructure, such as the power grids, water works or even a nation's military arsenal. From the report: "At the Sandia National Laboratories, Department of Energy security specialists like John Mulder try to hack into computer systems of power and water companies, and other sensitive targets in order to figure out the best way to sabotage them. It's all done with the companies' permission in order to identify vulnerabilities. In one test, they simulated how they could have destroyed an oil refinery by sending out code that caused a crucial component to overheat." more
A new phishing survey released by the Anti-Phishing Work Group (APWG) reveals that the longevity of phishing Web sites dropped by 25 percent over the last year. The survey has also revealed that a single criminal syndicate dubbed "Avalanche" was responsible for nearly one quarter of all phishing attacks in the first half of 2009. Indications are that the gang is continuing to claim a larger proportion of all detected phishing attacks. more
As readers of CircleID have seen, there has been a lot of activity (for example, Michael Geist's "Canadian Marketing Association Attacks Anti-Spam Bill"), as the final votes of C-27 grow nearer. The history towards getting a spam law passed in Canada has been a long one. For years, CAUCE encouraged legislators to undertake this important work... Fast forward a few years, and a few governments, and suddenly we have a law tabled in the House of Commons... more
Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. On another blog, they were commenting that various experts were claiming that this is the case. more
Solutions to cybersquatting and phishing must target brand customers instead of the trademark infringers, who are in effect liars. This post outlines why online-based traditional solutions fail, and it offers solutions to two types of lying (cybersquatting and phishing). more
Anti-Phishing Working Group (APWG) released its latest Phishing Activity Trends Report today warning that the number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement. "The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June," says the report. more
Security experts at RSA Research Lab have reported the discovery of a new type of phishing attack targeted against online banking customers that combines a typical phishing website with a live change session initiated by fraudsters. The technique dubbed "Chat-in-the-Middle" not only attempts to trick customers into entering their usernames and passwords into a phishing site but obtains further sensitive information (such as answers to secret questions used by banks to authenticate customers). According to the report, this attack is currently targeting a single U.S.-based financial institution, however operators of all online banking websites are cautioned. more
I have to tell you -- I'm not really happy about the fact that the majority of serious cyber crime on the Internet happens without any legal prosecution. I spend an enormous amount of time -- far beyond my "day job" and exceeding what some might consider my professional capacity -- tracking cyber crime. I also work closely with law enforcement (both in the U.S. and abroad) to assist in the intelligence gathering process, putting the pieces of the puzzles together, connecting the dots, and so forth. And most of the major criminal organizations are still operating (pretty much) in the open, with fear of retribution or criminal prosecution, for a number of reasons. more
From MessageLabs' latest report: "Real Host, an ISP based in Riga, Latvia was alleged to be linked to command-and-control servers for infected botnet computers, as well as being linked to malicious websites, phishing websites and 'rogue' anti-virus products. Real Host was disconnected by its upstream providers on 1 August 2009. The impact was immediately felt, where spam volumes dropped briefly by as much as 38% in the subsequent 48-hour period. Much of this spam was linked to the Cutwail botnet, currently one of the largest botnets and responsible for approximately 15-20% of all spam. Its activity levels fell by as much as 90% when Real Host was taken offline, but quickly recovered in a matter of days." more
An apparently legitimate ISP in Tartu, Estonian is reported to have been serving as the operational headquarters of a large cybercrime network since 2005 according to TrendWatch, the security research arm of TrendMicro. "An Estonian company is actively administering a huge number of servers in numerous datacenters, which together form a network to commit cybercrime. It appears that the company from Tartu, Estonia controls everything from trying to lure Internet users to installing DNS changer Trojans by promising them special video content, and finally to exploiting victims' machines for fraud with the help of ads and fake virus infection warnings..." more
Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more
As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more
Security researches report seeing as much unique malware in the first half of 2009 as seen in all of 2008. "This is quite something when you consider that in 2008 we saw the greatest ever growth in malware," says David Marcus of McAfee Avert Labs. More specifically, Marcus in a blog post writes that the numbers add up to an average of 200,000 unique pieces malware monthly or more than 6,000 a day. "Bear in mind these are malware we consider unique (something we had to write a driver for) and does not count all the other malware we detect generically or heuristically... When you add in the generic and heuristic detections the number becomes truly mind boggling," writes Marucs. more