Cybercrime

Cybercrime / Most Commented

Intelligence Exchange in a Free Market Economy

The U.S. Government is causing a huge disservice to protection and defense in the private sector (80%+ of CIKR) by creating an ECS that contains monetary incentive for a few large players to exert undue control over the availability, distribution, and cost of security threat indicators. While there may be a legitimate need for the federal government to share classified indicators to entities for protecting critical infrastructure, the over-classification of indicator data is a widely recognized issue that presents real problems for the private sector. ECS as currently construed creates monetary incentives for continued or even expanded over-classification. more

Microsoft’s Takedown of 3322.org - A Gigantic Self Goal?

I will first begin this post by emphasizing that this article is entirely my personal viewpoint and not to be considered as endorsed by or a viewpoint of my employer or any other organization that I am affiliated with. Neither is this to be considered an indictment of the sterling work (which I personally value very highly) that several people in Microsoft are doing against cybercrime. Microsoft's takedown of 3322.org to disrupt the Nitol botnet is partial and will, at best, have a temporary effect on the botnet itself... more

Phish or Fair?

It shouldn't be a big surprise to hear that phishing is a big problem for banks. Criminals send email pretending to be a bank, and set up web sites that look a lot like a bank. One reason that phishing is possible is that e-mail has no built in security, so that if a mail message comes in purporting to be from, say, [email protected], there's no easy way to tell whether the message is really from bankofamerica.com, or from a crook. more

Reducing Unreachable ICANN Registrations

Recently ICANN published a report on inaccurate registration data in her own databases. Now the question is presented to the world how can we mitigate this problem? There seems to be a very easy solution. ... The question to this answer seems simple. To know who has registered with an organisation. This makes it possible to contact the registered person or organisation, to send bills and to discuss policy with the members. more

Automated Theft of Intellectual Property

A few days ago I wrote about a piece of my intellectual property, an article I wrote and posted on DaileyMuse.com, being stolen, plagiarized, and posted on another web site under a different authors name. I hadn't been looking for my work elsewhere, I was simply browsing the access logs and visiting other websites that stood out. As a result of finding my work posted elsewhere without my permission, I contacted the owner of the website by email and provided 24 hours to remove the content before I pursued legal action. more

Using Domain Filtering To Effect IP Address Filtering

In Taking Back The DNS I described new technology in ISC BIND as of Version 9.8.0 that allows a recursive server operator to import DNS filtering rules in what ISC hopes will become the standard interchange format for DNS policy information. Later I had to decry the possible use of this technology for mandated content blocking such as might soon be the law of the land in my country. I'm a guest at MAAWG this week in San Francisco and one of the most useful hallway discussions I've been in so far was about the Spamhaus DROP list. more

Experts Urge Congress to Reject DNS Filtering from PROTECT IP Act, Serious Technical Concerns Raised

A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet. more

Policy Failure Enables Mass Malware: Part I (Rx-Partners/VIPMEDS)

This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more

Ensuring Maximum Resilience to the DNS?

Yesterday CommunityDNS noticed a sudden, heavy spike in traffic through its Anycast node in Hong Kong. While comfortably processing queries at 863,000 queries per second for close to 2 hours the occurrence was undeniable. While we can't say the increase in traffic was specifically due to DDoS, its sudden increase is suspicious and reminds us that DDoS is still a popular tool used by the malicious community. more

Three Things Registrars Must Do to Enhance Security

If the rise of phishing has taught us anything, it's that on the Internet, if a digital asset has value, there's somebody out there who wants to steal it. Whether it's a bank account password, a credit card number, a PayPal login, or even a magic sword in an online game, there's a fraudster somewhere trying to misappropriate it for his or her own nefarious purposes. Domain names have always been a target for such criminals. more

DNS RPZ, Malicious Domains… Bring Your Own Policy. Dress Casual.

Paul observed that most new domain names are malicious. Are they? Since the "dawn of tasting", some 30 million domain names have been created for the purposes of interposition on existing name to resource mappings. That is a third of the .COM historical growth, and mostly in the last five years. ... It is difficult not to conclude that interposition on persistent, public referents is without malice, and that the malicious parties are advertisers seeking to transform public referents into private property, as promotional devices... more

Was the ClimateGate Hacker Justified? Join the Debate!

A few days ago a story broke where someone hacked into a global warming research institute and stole all emails from the past 10 years, proving a conspiracy. In the vast amount of emails stolen, some emails were also found with clear-cut lies, showing how some scientists conspired to deceive in scientific research about data that did not fit their agenda of proving global warming. I am opening the subject for debate... more

Gary Warner: We Are Well Past Time to Declare a Spam Crisis in China

In a blog post last week, Gary Warner, director of research in computer forensics at the University of Alabama's (UAB) computer and information sciences department, wrote that it is well past time for someone to declare a "Spam Crisis in China". The warning comes along with UAB's reports that most of the spam they receive has ties to China. "It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China to host their web pages." more

Do We Need Two Internets?

Jonathan Zittrain's recent book, The Future of the Internet -- And How to Stop It, has spurred a lot of discussion both online and offline, with blog posts lauding his insights or criticising his over-apocalyptic imagination. The book itself makes fascinating reading for those who have watched the network grow from its roots in the research community into today's global channel for communications, commerce and cultural expression... One of the reasons that Zittrain puts forward for the growing popularity of closed or, as he prefers 'tethered', devices, is that they are less vulnerable to hacking, security flaws, malware and all the other perils that face any internet-enabled system. more

If the Number ‘5’ License Plate is Worth $6.8 Million, What is Your Domain Name Worth?

The number "5" license plate sold for $6.8 million dollars in Saudi Arabia and another 300 vanity plates sold for another $56 million at last week's auction. It is estimated that the number "1" will be auctioned next month for up to $20 million dollars. Domain names and license plates share some common characteristics. Both allow only one person to own a particular word or number. Of course, the exact same license plate 'word' or 'number' can be registered in every country and, in the USA, every state... more