Monday, January 30, 2006

Nurses Are the Most Honest Professionals AND my Mom is One

All too often, I spend too much time pondering and taking ACTION against slime ball people (cyber scum), who rip off innocent people to further their financial resources.

Once in awhile, it's nice to get away from focusing on people with no morals and remember those, who make a difference and demonstrate that daily. Society recognizes professions and people by the contributions they make. It appears that Nurses are at the top of the list AND my Mom (Carole Dickson) is one.

Miranda Hitti of WebMD wrote this telling story based on a Gallup poll:

Nurses are America's most honest and ethical professionals, according to a new Gallup survey. Nearly 80% of the annual poll's participants ranked nurses "very high" or "high" for honesty and ethics.

More than 1,000 adults took part in the November phone survey. They were asked to rate the honesty and ethical standards of various professions as "very high," "high," "average," "low," or "very low."

Nurses have been in the winner's circle before. They've traditionally ranked at or near the top of the list of professionals that the public holds in high regard. Each year the list rotates approximately 20 professions, and nurses have held their high position in the listing since they were added to the poll in 1999, except for one year. In 2001, firefighters were rated No. 1 after their heroic acts during the Sept. 11 terrorist attacks.

Interestingly, in her retirement, Mom does volunteer nursing duties at local fire stations. Her sister (Marylou) told me her motivation is because they are "cute." Marylou is another kind soul, who has dedicated her life to the rights of animals and works for the Doris Day Animal Foundation.

Mom also helps Marylou (sometimes coast to coast) in her efforts to promote the ethical treatment of other living beings. She is also a published author on this subject and trains law enforcement and (social welfare types) on the implications of abusive behavior towards animals.

Here is what Marylou does and MOM tirelessly supports in her retirement:

Mary Lou Randour's Bio Page

Here is a link to Marylou's most recent novel/video:

Animal Grace by Mary Lou Randour - All Creatures Book and Video ...

Since retiring, Mom has not only dedicated a lot of her time to supporting Marylou's causes, but has become an outspoken advocate against the war in Iraq and made her political views known by becoming actively involved in the political process.

I could go on and on about things Mom did before she retired, but I don't have time to write a novel.

In the early eighties (after us children left) Mom took two years to run refugee camps on the Thai/Cambodian border. During this time, she met and collaborated with Haing S. Ngor, who starred in the movie the The Killing Fields (1984).

In one of our not frequent enough conversations, Mom told me a train ride she made with Dr. Ngor from the border to Bangkok, where he predicted his death. Sadly enough, he predicted the criminal gangs prevalent in Southeast Asia would reach him no matter where he went. Sadly enough, this later proved to be Los Angleles.

Before that, Mom was an Officer with the U.S. Public Health Service and a housewife (who volunteered a lot of time to the poor) in the Pakistan.

I don't need a "Gallup Poll" to tell me that Nurse are #1. In my book, they are some of the finest people to grace this planet, we call Earth.

Here is the story from Ms. Hitti: Nurses Are America's Most Honest Professionals

Target Taking a Bite Out of Crime

Yesterday, I wrote about eBay and the problems they seem to have with organized fraud. My thought was that in order for them to remain viable in the long run, they needed to address the issues that were causing a lot of their customers to become victims.

In fact, should they fail to do so, I fear their business model could be at stake.

Today, I came across an interesting article in the Washington Post by Sarah Bridges about Target Corporation and their efforts to stem organized fraud. The story deals with the Target forensics lab solving a case, which no one else was able to.

"Besides running its forensics lab in Minneapolis, Target has helped coordinate national undercover investigations and worked with customs agencies on ways to make sure imported cargo is coming from reputable sources or hasn't been tampered with. It has contributed money for prosecutor positions to combat repeat criminals, provided local police with remote-controlled video surveillance systems, and linked police and business radio systems to beef up neighborhood foot patrols in parts of several major cities. It has given management training to FBI and police leaders, and linked city, county and state databases to keep track of repeat offenders."

Here is the full story from the Washington Post: Retailer Target Branches Out Into Police Work.

Besides giving back to the community (something Target Corporation has always done) it started addressing organized criminal efforts in about 1995. Target realized back then that professional criminals were responsible for a large share of their losses and dedicated resources to go after the people responsible.

In doing this, Target not only assists the community, but makes their environment a better one for the general public, a.k.a. the customer.

Microsoft is initiating similar efforts and putting their money into going after cyber criminals around the world.

I recently wrote a post about that:

Bill and Microsoft are Impacting Cyber Crime

I've often written about how jurisdictional boundaries hamper investigative efforts and the need to organize the fight against fraud.

People make fortunes designing security measures against fraud in all it's forms, but the truth is (history proves this) that every countermeasure has a shelf life of it's own. Eventually, the criminals seem to find a way around it, or attack from a different angle. Catching those responsible is probably more effective than a thousand countermeasures.

We should realize that technology is a tool and in the long run, the human mind is capable of defeating AND creating new and better technology. Unfortunately, the mind can be put to both good and bad uses.

I've often written about how jurisdictional boundaries hamper investigative boundaries. It's amazing that Microsoft and Target are leading the efforts in this (but after all) they have some pretty large jurisdictions.

Sunday, January 29, 2006

How Much Fraud Can eBay's Customers Endure

Fraud on eBay is making news again, this time for upset customers being sold counterfeit goods. Here is an article by Katie Hafner of the New York Times:

"A year ago Jacqui Rogers, a retiree in southern Oregon who dabbles in vintage costume jewelry, went on eBay and bought 10 butterfly brooches made by Weiss, a well-known maker of high-quality costume jewelry in the 1950s and 1960s.

Rogers thought she had snagged a great deal. But when the jewelry arrived from a seller in Rhode Island, her well-trained eye told her all the pieces were knockoffs. Even though Rogers received a refund after she confronted the seller, eBay refused to remove hundreds of listings for identical "Weiss" pieces. It said it had no responsibility for the fakes because it was nothing more than a marketplace that links buyers and sellers.

That stance — the heart of eBay's business model — is being challenged by eBay users such as Rogers who are starting to notify other unsuspecting buyers of fakes on the site. And it is being tested by a jewelry seller with far greater resources than Rogers: Tiffany & Co., which has sued eBay for facilitating the trade of counterfeit Tiffany items on the site.

If Tiffany wins, other lawsuits would follow and eBay's business model would be threatened because it would be nearly impossible for the company to police a site that has 180 million members and 60 million items for sale at any time."

For the full story, read: eBay users fed up with fakes.

eBay hasn't only been in the news recently for being a marketplace for counterfeit goods. In a recent post, I covered the problem of stolen goods being sold and merchandise being purchased with fraudulent financial instruments.

Also covered in this post is the growing problem of buyer/seller accounts being hijacked. This normally occurs when a seller becomes a victim of phishing, or is tricked into giving up their account information to a seemingly legitimate eBay request via e-mail. The e-mail links them to an official looking eBay site, where they are asked to "validate" their account information. Should someone fall for this, the criminal has all the information necessary to hijack the account and use it (the account) to conduct fraudulent business.

Although, eBay's official policy is to support law enforcement requests without a subpoena, it takes them 10-20 days to honor these requests. If criminals have access to multiple accounts and fraudulent financial tools, the trail is likely to be pretty cold in 10-20 days.

Here is my post on that activity: Better Teamwork is an Opportunity.

eBay is also getting a reputation for Advance fee fraud (419) activity. On auction sites, fraudulent buyers offer to buy something and send a financial instrument to the seller for more than the asking price. They then dupe the seller into negotiating the instrument, which is counterfeit and wiring the excess money (less a commission for the seller) overseas. When the instrument is discovered to be fraudulent (often much later), the seller is held accountable and could even be charged with a crime.

Counterfeit Postal Money Orders, Cashiers Checks and a new type of instrument, OChex (checks ordered electronically over the internet) have all been used in these frauds, which are becoming collectively known as auction scams.

Over the Christmas season, we saw another scam, where XBox packaging was being sold as the real thing: XBox Latest Lure in Auction Scams.

I wrote this in a recent post, eBay Needs to Protect Those that Line it's Pockets:

"My message to the folks at eBay is that they better take a look at upgrading their "authentication systems" and hire some extra security staff. Blogs like mine and many others are trying to educate the very people, who are making them billions and they blame for allowing themselves to be scammed. eBay is no longer the only the only game out there and if they fail to protect those who line their pockets, they are likely to go elsewhere."

Perhaps a few legal actions will wake eBay up?

Saturday, January 28, 2006

Government Warns Corporate America to Protect Customer Data

There have been a record amount of data breaches in the past couple of years. Millions of people have had their personal information compromised. It only makes sense that the government (who are supposed to protect the people) are looking into the reasons why it occurred.

The FTC has determined that Consumer data broker (Choice Point) failed to protect the information of 163,000 people.

In the FTC press release it states:

"At Least 800 Cases of Identity Theft Arose From Company’s Data Breach.

Consumer data broker ChoicePoint, Inc., which last year acknowledged that the personal financial records of more than 163,000 consumers in its database had been compromised, will pay $10 million in civil penalties and $5 million in consumer redress to settle Federal Trade Commission charges that its security and record-handling procedures violated consumers’ privacy rights and federal laws. The settlement requires ChoicePoint to implement new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes, to establish and maintain a comprehensive information security program, and to obtain audits by an independent third-party security professional every other year until 2026."

“The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves,” said Deborah Platt Majoras, Chairman of the FTC. “Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America.”

Here is the full press release, Choicepoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 ....

For years, corporations (notably the credit bureaus) have made billions off of selling our information. Here is a message that failing to take security seriously in their quest for profit may cost them dearly at a later date.

For all of us little people, you can now stop (slow down) information brokers from getting your personal information at By "opting out" the credit bureaus can no longer sell your personal data.

Chase Customers Being Phished?

This e-mail was discovered floating around yesterday. When I reported it to Chase, a person in their security department admitted to me that they already knew about it.

If you read below the mail directs you to a site, which asks for your login information and password. This is something no bank will do.

This appears to be a phishing attack directed towards Chase customers to steal their personal and financial information. Phishing is becoming one of the main ways personal and financial information is stolen, which makes people victims of identity theft.

Here is a copy of the e-mail, note I have disabled the link and I wouldn't recommend trying to look at it. There is no telling what malicious software (malware), also know as scumware someone could get if they weren't properly protected.

From: "Chase Team"

Date: Fri, 27 Jan 2006 10:13:10 -0600 (CST)

Dear Chase Member,

Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your Chase account and to ensure a safe Chase experience. We require all flagged accounts to v erify their information on file with us. To verify your Information at this time, please visit our secure server webform by clicking the hyperlink below:

xxxx// login

(https disabled for safety reasons)

Thank you for using Chase Manhattan Bank!The Chase Manhattan Bank Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.

Chase Email ID PP478

This e-mail also made it past the Spam Filter of the person, who received it.

I've sent this into a couple of the security labs for analysis. Since Chase confirmed to me they knew about it and no one will ever solicit anyone for their log in information and password via a e-mail, I decided to send this out.

My question is if Chase knows about it, what are they doing to warn their customers?

Here is an excellent resource from the Anti Phishing Working Group (APWG) on how to avoid being phished: How to Avoid Phishing Scams.

Thursday, January 26, 2006

Borderless is the Future of Fighting Cyber Crime

Robert S. Mueller, III Director, Federal Bureau of Investigation gave a speech at the U.S. Chamber of Commerce in Washington, D.C. on January 19, 2006.

He made some interesting comments, which make a lot of sense to me.

"Turning from the transformation of the FBI in the wake of September 11 to threats to our national security and partnerships. When the FBI was established 97 years ago, it was because crime had begun to cross state lines. Today, criminal activity not only crosses state lines, it traverses international boundaries with the click of a mouse.

"Like your businesses, law enforcement has also been affected by globalization. While technology and travel have made the world smaller, crime is more diverse than ever before—from terrorism to telemarketing fraud to the trafficking of human beings."

Here is the entire speech: Director Mueller’s speech.

Here are some great resources found on the Federal Bureau of Investigation (FBI)'s site for corporations and good citizens to share information in the fight against borderless criminal activity.

Submit tips about crimes that may impact your company and report cyber attacks and scams through the Internet Crime Complaint Center;

Learn how to join
InfraGard, a joint FBI and private sector initiative that battles cyber crimes and other threats through information sharing;

Get details on how to protect your business from
economic espionage and receive unclassified national security threat information through our Awareness of National Security Issues and Response program;

Browse our
Be Crime Smart website, which has a full range of tips and suggestions for protecting your business from fraud, workplace violence, and other threats;

Read about how our
Anti-Piracy Warning Seal can help prevent copyright theft on music recordings, movies, software, and more;

Learn about our
criminal history checks for employment and licensing; and

Find out
how to do business with the FBI.

There is no doubt that with borderless crime, the solution is teamwork and breaking down barriers. This is a good example of how this is happening AND the result will be a better society for us all.

Hatch Fails to Survive Court

This just came out from the Associated Press (Ray Henry):

"Richard Hatch, who won $1 million in the debut season of the reality show "Survivor," was found guilty Wednesday of failing to pay taxes on his winnings and taken straight to jail.
Hatch remained calm as the court clerk read the verdict. He waved goodbye to family members, then was handcuffed and taken into custody after U.S. District Judge Ernest Torres said he was a potential flight risk.

The charges carry up to 13 years in prison. Torres said he expected a sentence of between 33 months and 41 months, but it could be longer because prosecutors accuse Hatch of committing perjury during his testimony. Sentencing was scheduled for April 28.

Hatch, 44, was also convicted of evading taxes on $327,000 he earned as co-host of a Boston radio show and $28,000 in rent on property he owned."

It never ceases to amaze me when someone, who comes into, or already has a lot of money is caught cheating. Perhaps, Money is the "root of all evil."

What a shame for someone, who seemed to have a good thing going.

For another version of the story on E Online, go to:

Jurors Extinguish Richard Hatch's Torch

You can also view the story from the AP by clicking on the title of this post.

Wednesday, January 25, 2006

Porn Virus Hits Over a Half Million Users

Surfing porn sites has an added danger lately. Over a half a million computers have already picked up some Malware (malicious software) a.k.a. the "Kama Sutra" worm.

Malware is also sometime referred to as scumware.

According to

"A new email worm that spreads under the guise of pornographic content has jumped to the top of the worldwide virus charts.

When run on a Windows PC, the worm copies itself to shared network locations and sends itself to email addresses found on the target computer. The pest includes a timed attack that attempts to disable antivirus and firewall software and delete certain files - including Office documents - on the third day of the month, according to antivirus software vendor F-Secure.

The worm, dubbed W32/Nyxem-E by F-Secure, arrives attached to an email message. It uses a variety of subject lines, including "School girl fantasies gone bad". The body text also varies but it can include references to the Kama Sutra, the ancient Sanskrit book with pictures and explanations about different sexual positions."

For the full alert from read:

'Porn' virus worms its way into 510,000 systems

With the potential of having your address book compromised, this worm might cause some embarasment depending on what is mailed out from your ID.

Porn sites are notorious for downloading scumware on systems. Should one to choose to view these sites, it is highly recommended you have the best protection available.

Tuesday, January 24, 2006

Tax Season Brings Out the Low Tech Fraudsters

The news is awash with high tech types of crime. With tax season here, less sophisticated criminals will be out stealing mail in their quest for tax refund checks to steal.

I might term them as less "sophisticated" in a technical sense, but they can do a lot of damage.

With counterfeit identification and assumed identities (many criminals assume someone else's identity and get legitimate ID), cashing some of these items is easier than most people think.

You may now report suspected mail theft or a false change of address directly to the Postal Inspectors.

Although, the tax season brings these criminals out in ever greater numbers, tax refunds aren't the only thing they are looking for in their quest to commit financial misdeeds.

Stealing mail has been around since the postal service started doing business. One of the ways criminals use checks that are already written out is to "wash" them chemically and change the information on them.

Here is an excerpt from a warning published on the Better Business Bureau's site:

"Using a process known as check washing, mail snatchers erase the ink on a check with chemicals found in common household cleaning products or on the shelves of your local stores and then rewrite the checks to themselves, increasing the amount payable by hundreds and even thousands of dollars."

According to the National Check Fraud Center, check washing in the United States is a 815 million dollar a year business.

To view their site:

Facts from the National Check Fraud Center

If you want to view the entire warning, read: Welcome to the Better Business Bureau.

With all the offers of credit people receive, stolen mail is also a lucrative means of committing credit card and loan fraud. All of these tie into identity theft, which creates 9 million victims and costs us 53 billion dollars a year in the United States, alone.

Here are some helpful tips from the Better Business Bureau to protect yourself from mail theft:

Don't leave outgoing mail in an unlocked box. Take it to work, drop it in a collection box, hand it to a letter carrier or take it directly to the post office.

If you have to leave outgoing mail in your box, do it immediately before the letter carrier comes, and don't raise the mailbox flag.

Avoid leaving mail in a box on Sundays and holidays, when letter carriers don't work.

Install a lock on your box. This can be done by placing the lock on your mailbox and then cutting a small slit in the mailbox that is large enough to slide mail through, but which is not big enough for a hand to fit in. Residents also can purchase a mailbox with a lock already on it for roughly $20 at a hardware store. In both cases, you will not be able to have outgoing mail picked up.

Criminals use other means than computers to commit their crimes. In fact, although the news blames technology for recent increases in fraud, it is the human mind and the creative resources of such that commits wrongdoing.

It also the human mind that will find the means to defeat those who choose to victimize the innocent.

In closing, I've worked around fraud for years and trust me, the Postal Inspectors (who are sometimes underrated) are some of the best minds in the war against Fraud, Phishing and Financial Misdeeds.

Monday, January 23, 2006

Yahoo IM Users Phished/Websense Announces Blog and Crimeware Threat Map

Websense reported today that Yahoo users are being targeted in the latest phishing scam. Customers are being sent instant messages instructing them to go to the website (pictured above) and give up their Yahoo ID and password.

Anyone doing this will receive error message and their information is transmitted to the criminals behind this.

In another announcement: Websense Security Labs Launches Global Phishing and Crimeware Threat Map and Security Blog. The information on the map will be updated within 15 minutes of discovery. Here is more information on this from Websense:

"In conjunction with the availability of the Threat Map on the map will also be viewable through the Anti-phishing Working Group (APWG) at"

"The APWG is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

Starting in June 2005, Websense Security Labs, in conjunction with the APWG, started Project Crimeware. The APWG defines crimeware as a genus of technology distinguished from adware, spyware and malware by the fact that it is, by design, developed for the single purpose of facilitating a financial or business crime."

To read the alert on Yahoo from Websense:

Yahoo! Account Compromise through Yahoo! Messenger

In case you, or someone you care about would like to know how to avoid being phished. The APWG has an excellent document on their site:

How to Avoid Phishing Scams

Websense not only develops products for sale, but endeavors to protect all of us through communication. In my opinion, their actions model what "corporate responsibility" is all about. In the age of massive information theft via the internet, we can be thankful for their efforts and if you are in the market for security products, I highly recommend them because of this.

Sunday, January 22, 2006

Wells Fargo Phishing Scam

Not sure if this is going to turn into something big, but with the internet a phishing scam can travel across borders with a click of a mouse. The current attack is against Wells Fargo customers. Since Wells Fargo is major player in the banking industry, there is the potential for this to spread.

The Huron Plainsman in South Dakota reported:

"Computer users are being warned by Huron police to be wary of a legitimate-looking e-mail request by Wells Fargo to update their bank accounts.The so-called “phishing scam” asks account holders to update their online information to reduce the instance of fraud on the bank’s Web site. But the e-mail itself is fraudulent. Wells Fargo never contacts account holders by e-mail, but by phone or mail, police said."

For the full story, please read:

Scam warning issued

In case you want to learn more about how to avoid a phishing scam, the Anti Phishing Working Group has an excellent page on their site: How to Avoid Phishing Scams.

The APWG has consistently reported phishing activity to be on the rise and getting more sophisticated all the time.

The APWG (Anti Phishing Working Group) home page can be viewed by clicking on the title of this post.

Saturday, January 21, 2006

Bill and Microsoft are Impacting Cyber Crime

(Bill in 1983)

There are many out there, who like to bash Microsoft relevant to security. While no one is perfect, Bill and company are actually doing quite a bit to apprehend those who would commit fraud, phishing and financial misdeeds.

Perhaps some of their peers should take notice and join in.

Bill and his better half are also doing a lot of activities designed to make the world a better place. Time recognized this by naming him and Melinda as "persons" of the year. Persons of the Year -- Dec. 26, 2005 -- Page 1

I found this on Phishspot (click on title of this post), courtesy of the Wilmington Star:

"To date Microsoft has supported more than 325 phishing and spam enforcement actions worldwide, including civil lawsuits by the company as well as actions taken by law enforcement or government agencies for which Microsoft provided substantial support or referrals. The company also has released a new Microsoft Phishing Filter Add-in for MSN Search Toolbar and the upcoming Windows Vista and Internet Explorer 7 to help protect customers from dangerous Web sites. In addition, the company blocks more than 3.4 billion spam messages per day from reaching the inboxes of MSN Hotmail customers."

To me, that's an example of taking some pretty direct action in the war against cyber fraudsters. Let's face it, apprehending and holding people accountable is the most effective deterrent against this activity.

In fact, Bill and company (in my opinion) and attacking the root of the problem, which is that crime on the internet is borderless. Politics, jurisdictions and the egos that go along with it hinder the efforts against the cyber-criminals. In fact, in their highly organized hierarchies, they use this (social reality) to defeat efforts to stop and prosecute their activities.

Microsoft is taking the efforts to apprehend and prosecute across borders.

Most recently (in the news), they helped the authorities in Bulgaria squash a phishing gang that I'm certain wasn't targeting Bulgarians.

Here is the press release from Microsoft:

Microsoft Praises Bulgarian Authorities on Investigation and Arrest of ...

Does Fraud Impact the Economy

(Osama at Oxford circa 1971, far left)

Militant attacks on oil facilities in Nigeria and a message from Osama Bin Laden caused oil prices to go up. As a result, the stock market is going down. Here is a story from the LA Times:

Stocks Dive on Fears of a Faltering Economy

Of course, disappointing earnings also contributed, but what I thought was interesting was a report that the Japanese Stock Market is hurting because of alleged fraud at a popular internet company.

In a story from MediaCorp:

"Japanese prosecutors will question the whiz-kid founder of major Internet firm Livedoor in the coming week in connection with a fraud scandal that has sparked market chaos, a news report said.

The reported decision came after investigators questioned chief associates of Livedoor president Takafumi Horie, 33, over alleged violations of securities laws. "Horie is suspected of having been involved in the alleged disclosure of false information regarding corporate acquisitions, as well as falsification of financial statements," the Nihon Keizai Shimbun said."

Apparently, this revelation caused the Tokyo Stock Exchange to close early as the was a massive rush to sell, which threatened to shut down it's computer systems.

Here is the full story from MediaCorp:

Japanese prosecutors to grill Livedoor president over alleged fraud

Recently, when we get bad economic news there seems to be two consistent reasons, dishonest corporate activity and oil prices going up.

Remember the recent reports of gas gouging in the wake of Katrina and a call for investigations? Prices shot up before the hurricane even hit land. Here is a story from the AP on that issue:

BREITBART.COM - Thousands Complain to Feds on Gas Gouging

Not that I'm an expert, but it seems that energy costs skyrocket with any excuse, whether there is any actual damage, or not. It also seems that there are a lot of companies out there with less than honest intentions being caught.

The oil companies and their OPEC partners seem to be raking in the dough. No one has attacked anyone and before this Osama hadn't spoken since the U.S. election. So far as Nigeria, there have been problems there for a long time and the oil companies doing business there invest heavily in security.

In other words, the risk and activity over there is nothing new.

My personal opinion is that we should have been working harder on alternative energy sources since the 70's and OPEC drove up prices the first time.

In fact, what is sad is that Osama is from one of the OPEC countries and the Bin Laden fortune (although it came from construction) was financed by oil. In actuality, his recent tape probably will bolster the economy of his homeland, Saudi Arabia and those fortunate enough to have their money invested in the oil industry.

Bin Laden needs to be caught, brought to justice AND maybe someone should take a strong look at where he got and probably continues to get his financing.

A prudent man once said, if you want to discover the truth follow the money.

Until then, I guess the rest of us will just have to keep tightening our belts.

Friday, January 20, 2006

FBI Computer Crime Survey

The FBI released it's Computer Crime Survey today. Here are the key findings:

"Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year's time; 20% of them indicated they had experienced 20 or more attacks.

Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.

Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.

Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.

Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement's response. And 81% said they'd report future incidents to the FBI or other law enforcement agencies. Many also said they were unaware of
InfraGard, a joint FBI/private sector initiative that battles computer crimes and other threats through information sharing."

This is a pretty interesting study and illustrates (to me anyway) that stealing information is often the motivation for these attacks.

Here is a relevant story that occurred earlier in the year, where a major industrial espionage ring was discovered in Israel:

Industrial Trojan Fraud (Espionage) Discovered

For the full survey, courtesy of the FBI, click on the title of this post.

San Francisco's Cable Car Woes

San Francisco's famous cable cars seem to be having some issues from within. Here is a story I read in the San Francisco Chronicle:

"San Francisco Mayor Gavin Newsom said Wednesday he is convinced some cable car conductors are stealing fare money -- and that the Municipal Railway needs to change the way it collects cash to stop the thefts.

Newsom said he believes conductors are skimming fares from cash-paying riders because on three occasions he rode the cable cars and handed over his $5 cash fare but never received the required receipt."

For the full story from the Chronicle:

S.F. MAYOR: CABLE CAR FARE THEFTS / He thinks some conductors are pocketing cash from riders

Last year, two of the conductors were fired for stealing fares. This resulted in a strike by the employees and the conductors were reinstated. They have since retired with full benefits.

If the activity is so blatant that Mayor Newsom is seeing it, why is there no effort to conduct an investigation and apprehend those responsible for doing it? How much payroll does Muni spend protecting their assets and where are those resources when he needs them?

According to Irwin Lum, who is the president of the union representing the workers, "failure to provide a receipt isn't proof of theft and that the problem of stealing is, at most, sporadic."

Everyone blames the potential on an antiquated fare system, where their cash flow can't be tracked. Last year, Muni had to cut service and raise fares and they still are facing a $4.1 million dollar deficit.

If these guys were in the private sector and ran their business this way, they would go bankrupt. Additionally, if people are stealing why does there appear to be no effort other than the Mayor's observations and statements to stop it?

After all (even with their antiquated system) it would be rather easy (with the technology available today) to install hidden cameras and catch the dishonest red handed. Even without technology, I would imagine money could be marked and tracked through their accounting system to establish theft.

Trust me, people are caught this way stealing money all the time.

Let me see, they're losing money, people might be stealing, we have a lot of excuses about antiquated accounting systems and even when two people are caught nothing comes of it.

If I were Mayor Newsom, who was elected to represent the people that are ultimately paying for all this incompetence, I would be looking at holding some senior people and the people charged with protecting their assets accountable.

Even sadder is Muni's statement that if they actually do catch someone, the only consequence is that they will be fired. They deserve to go to jail!

Perhaps that would be a much more effective deterrent.

I admire the Mayor's courage in taking this obvious issue on.

Thursday, January 19, 2006

India Takes Action to Improve Security in Outsourcing

I recently wrote a post on: What are the Security Implications of Outsourcing.

To sum my thoughts up, fraud is growing all around the world. With the rapid growth of the IT industry in India, the corporations (making record profits from it all) have a moral obligation to their customers and even the workers in India to ensure their security standards are up to par.

Failure to do so would only make India a target for criminals to perform their misdeeds. With the personal and financial information of people from all over the world, we can expect no less.

Secondary victims of this would also be the honest workers in India, who could lose employment due to bad press.

Many in India realize that these "security breaches" could be deadly to the industry and here is an example that they are taking proactive measures to address it (courtesy of ZDNet):

With worker database, India aims to fight fraud

Tuesday, January 17, 2006

Phishing for a Mac

John Leyden of the Register reported:

"Email fraudsters are targeting Apple fans in a change of tactic from standard phishing attacks. Commonly bogus emails that form the basis of phishing attacks pose as security messages from online banks in an attempt to dupe a tiny proportion of recipients, who happen to be customers of the bank, into visiting a bogus site on handing over account information.

eBay account details are also often targeted in a similar way but the latest scam emails, sent out last weekend, target Apple IDs. Armed with an Apple ID and password, fraudsters have access to user's iTunes Music Store account and their AppleStore account, information that might allow them to buy computers, software, peripherals under a false identity."

For the full story, read: Phishing fraudsters target Apple.

It appears Apple is the latest victim of being popular, which is what these scams seem to target.

In case you want to learn more about how to avoid a phishing scam, the Anti Phishing Working Group has an excellent page on their site: How to Avoid Phishing Scams.

The APWG (Anti Phishing Working Group) home page can be viewed by clicking on the title of this post.

Monday, January 16, 2006

Hurricane Audits

In the wake of Katrina, Rita and Wilma hurricanes, we saw a lot of instances of fraud being committed against the government and charitable organizations.

Apparently, the government (President's Council) is looking into some of the potential fraud and to quote Scott Amey, General Counsel of the Project for Government Oversight (POGO), “Some of the audit findings confirm our worst fears -- agencies were ill-prepared to meet the country’s contracting needs. These audits ensure that contractors did not exploit mistakes that may have been made in the chaotic rush following the hurricanes.”

Here is the report from Pogo: Investigations into Katrina Waste and Fraud Detailed.

In the rash of disasters (especially these and the Tsunami) fraud seem to occur from individuals making false claims to organized phishing scams and fake charity sites being set up.

I wrote a lot of posts regarding fraud at the time of Katrina. In case anyone is interested:

Being Prudent in Donating Money (Katrina)

Katrina Fraud Status

Fraud Relating to Katrina in Full Swing

Status of Fraud in Katrina

Advance Fee Scams with Katrina

Katrina Fraud Far and Wide

Katrina Commission

Identity Theft/Check Fraud in Katrina

FBI Reports Fraudulent Activity on Internet Related to Hurricane ...

With all the evidence of people lacking any morals taking advantage of the hardships these disasters created, it is a prudent move to investigate and (hopefully) prosecute these actions.

It's a rotten thing to take advantage of people's hardships and undermine efforts to help them. They deserve whatever punishment is handed down to them.

Here is POGO's website: Beth Daley - Government Oversight.

From Russia With Cash?

Advance fee fraud (419) scams never seem to go away. They mutate into another form and move forward. The news media and internet trace these scams to shady internet cafes in Lagos (Nigeria), but there is a lot of evidence that Nigeria isn't the only place they comes from.

The latest version is a solicitation to make a "cool" $45 million for helping a jailed Russian Billionaire invest some money. Of course, the end result for anyone who gets involved in this is having your account cleaned out.

Here is the latest twist as reported by Alex Nicholson from the Associated Press:

"Russia has more in common with Nigeria these days than just oil. Following up on the politically charged jailing of oil tycoon Mikhail Khodorkovsky, a wave of scam e-mails in the style of Nigeria's notorious spammers have been popping up in inboxes from Moscow to Kentucky."

Here is the full story: Russian Tycoon Is Spammers' New Target.

We can't even blame Nigeria for inventing the scam. The evolution of Advance Fee started with letters from (allegedly) rich merchants during the middle ages AND "a rash of Russian Letters that appeared in the 1920s, with money supposedly needed to rescue people held by the Bolsheviks."

Here is another mutation of the scam that stereotypically, we blame on Russians:

The internet is full of stories of Russian Romance Scams, where men and women are duped into sending money to someone they meet in a chatroom, or dating site. If you were to talk to the people at Romance Scam 419 Yahoo Group (US), my guess is that they would tell you that the scams not only originate from Nigeria and Russia, but several other places, also.

With the evolution of the internet, scams inducing people to send money in advance of a promise (which never materializes) are becoming epidemic. The original letter scam has led to romance, lottery, auction, check cashing and job scams. Undoubtedly, it will continue to mutate into different varieties as new events occur and different things become popular.

They are also no longer exclusively from Nigeria and Russia, but can come from anywhere. Recently, Canada and the Netherlands seems to be fertile breeding grounds AND in the future, who knows?

The internet with it's borderless environment has caused an explosion in this activity. Furthermore, with computers and internet access becoming cheaper all the time, more are more potential victims are getting on-line daily.

The reason why this scam continues to work is that it plays on human emotion and recognizing that is key to teaching people how to avoid being victims.

"If it seems to good to be true, it isn't."

For a good resource on definitions on all the various mutations of Advance Fee, Wikipedia does a pretty good job in their Internet fraud section.

Here is another well put together page on Advance fee activity from Caslon Analytics (Australia): the 419 Scam: basis, statistics, regulation.

Sunday, January 15, 2006

What are the Security Implications of Outsourcing

Let's face it, many corporations are now outsourcing work to India and in doing so are making available personal and financial information that can be stolen.

BBC News (Zubair Ahmed) reported that employees from a outsourcing firm (Mphasis) were recently implicated in a $400,000 fraud in which four Americans were the victims. Mr. Ahmed brought up other concerns in the article, such as the lack of screening of personnel working at some of these firms (10-25 percent submit fake information) to obtain employment. This "fake information" includes, phony credentials and diplomas; which can be bought in India.

He also cited a source that 80 percent of the companies don't use integrated security management tools in India, which allowed the most recent fraud to occur. For the entire story, please read: BBC NEWS Business Outsourcing exposes firms to fraud.

According to the article, there are fears that if too many of these episodes come to light, it could hurt the industry as a whole.

BUT what if all the fraud isn't being reported? After all, in most (individual) cases of identity theft, the point of compromise is never found. With the borderless aspects of internet crime, information is transmitted with a click of the mouse.

There are also cultural considerations to consider. Having lived in Pakistan and traveled in India, I learned very quickly that one needs to pay money (baksheesh) to get a lot of things done.

"Baksheesh" (roughly translated as bribe money) is a cultural aspect of South Asian society. Although written in a humorous vein, here is an article written by Melvin Durai (who is himself of Indian descent): Humor: Corruption in India.

Mr. Durai writes in his satirical essay:

"Yes, corruption is a serious problem, but despite what some believe, India is not the most corrupt country in the world. That distinction belongs to Bangladesh, which finished dead last among 91 countries surveyed for the 2002 Corruption Perceptions Index of Transparency International. India ranked 71st, while Pakistan was 79th, allowing Indian politicians to brag that they're more honest than their neighbors. "If you want to see real corruption, just cross the border. Even husbands have to bribe wives just to have children."

For a more serious look at (not only India), but corruption everywhere, here is the Global Corruption Report 2005 by Transparency International.

A little "baksheesh" in South Asia can go a long way and can open a lot of doors. I've heard this can even be true with law enforcement, who like many underpaid South Asians view it as a means of survival.

In another vein, since there is a perceived lack of security procedures at these firms, could they become greater targets for criminal activity? There is growing evidence that a lot of this sort of crime is being done by organized "international gangs." It would seem logical that if it is easier and safer to steal the information in India, we are going to see them take their activity there.

BUT should we blame corruption (AND the potential for information theft) in India on the Indians, or the corporations themselves? My guess would be the corporations, who in their quest for profit are exposing our personal information without ensuring it is properly protected. After all, India is a poor country, where we have been told (for years) that some don't even get enough to eat. The corporations, who enjoy the vastly reduced payroll costs, are making record profits by outsourcing work to India.

From a different perspective, these jobs have helped created a new and more prosperous middle-class within India. I cannot and will not argue against bringing up the standard of a people that historically have gone without some of the things we enjoy and in fact (my opinion) sometimes take for granted. There is no shortage of corrupt people in the West, either.

Internal plants, fake documents and fraud aren't only a problem in India. There is plenty of this activity to go around and with technology, it seems to be getting worse throughout the world.

The goal needs to be to protecting people from becoming victims, EVERYWHERE! If we are going to be business partners with these firms, it is imperative, we assist them in bringing their security infastructures up to par with ours. Otherwise, we expose them as easy targets.

With the Sarbanes-Oxley act in full swing (United States), outsourcing to far-away places might become more attractive. Compliance costs money and to some, it might be counterproductive to their primary focus, which is profit. After all, Sarbanes-Oxley and similar legislation ensures the very due diligence, I refer to. Perhaps, the answer is to enact further legislation forcing corporations to adhere to the same standards that have to be in place here, as well as, India.

In a perfect world, corporations would do this on their own, but sometimes laws are necessary for the good of all.

In fact, it seems to me that the international corporation of the future will need to consider security as more of a "customer service" and "profit protection" entity rather than a necessary evil. In the long run, should they fail to do so, they will lose the trust of their customer (who in the end) is the one who dictates their future.

Last, but not least, I would like to acknowledge my friend, Paul Young (author of prying1), who sent me a note with an article on this that inspired me to write this post.

Friday, January 13, 2006

Dear Mr. Lay........Sincerely Aunt Millie and the Other Victims

Dear Mr. Lay (Ken),

Sincerely enjoy this attempt (your new website) to claim your innocence in inflicting financial harm against your investors, your employees and the millions of energy consumers Enron ripped off. Now you say that you just didn't know what was really going on. However the bottom line is that while Enron burned you privately sold off 300 million in over-valued stock; while encouraging others (even your employees) to keep buying.

You certainly knew enough to ensure your personal finances before the crash.

The government, who represents the people is charging you with eleven counts of 11 counts of securities fraud, wire fraud, and making false and misleading statements. If you are convicted, you face 175 years in prison. Don't be too dismayed, I'm sure with all the accomplishments listed on your web page that "time off for good behavior" isn't out of the question.

Then there are the people of California and our Aunt Millie, who your company suggested use candles when she could no longer afford the electric bills Enron was raising at record rates via deceptive actions. I'm sure if our Aunt Millie had 300 million in personal assets, she wouldn't have needed candles as was "jokingly" suggested in one of your board rooms.

Perhaps, I shouldn't mention Aunt Millie, it seems you and your defense team have ensured most of this evidence can't be heard at your trial, Enron Jury Won't Hear Tapes of Co. Traders. I'm sure this will help your case, but some of it will still filter in, such as testimony that your former counsel, Richard Sanders briefed you on schemes like making uncongested transmission lines seem congested so Enron could profit by being paid for problems that didn't exist.

I did mention Aunt Millie, because Aunt Millie represents the human suffering Enron caused for millions of people and this is what on a personal level you should be ashamed of.

Let's face it Ken (can I call you that now), NO ONE, but you and your "friends" have profited from this. The fact that many of the victims were poor and ordinary people makes Enron's actions "shameful" considering how rich you and the "fellas" already were. Even if the civil portion of all of this is settled, it is unlikely any of the individual victims will receive a penny.

In your own words, you state:

"As CEO of the company, I accept responsibility for Enron's collapse. ... However, that does not mean I knew everything that happened at Enron, and I firmly reject the notion that I engaged in any wrongful or criminal activity."

In the words of Aunt Millie and the people:


Here are the formal charges against Ken:

U.S. v. Kenneth L. Lay

Here is Ken's site, protesting his innocence:

Ken Lay Information

Maybe some ads for candles would be a nice touch on your site.

Thanks to the good people of Wikipedia for the links used in this post.

Accounting Firm Estimates Fraud Losses at 66 Billion Yearly

Goldstein Lewin and Company (a Florida accounting firm) released an interesting study putting fraud losses in the U.S. at $66 billion yearly. In their study, they state that reported fraud has risen 22 percent and 6 percent of annual revenues are lost to fraud.

The study also states that most of the people caught committing fraud have no previous record of doing so and that companies rarely recover their losses.

The Sarbanes-Oxley act (Section 404) requires public companies to implement controls to prevent, identify and detect fraud. As a result of this, most publicly held companies have been tightening their controls and the news seems to awash with stories of corporate scandals.

Here is the full presentation from Goldstein and Lewin:

$66 billion (if accurate) is a tremendous amount of money. Recent stories in the media of senior executives being caught committing fraud would seem to validate this. Although, these are the stories that make headlines, in reality fraud can and does occur at all levels of the food chain.

In today's business environment, a prudent company needs to consider fraud prevention, detection and apprehension (if necessary) as a element of their continued growth and profitability.

Wednesday, January 11, 2006

Protect Yourself by Being Careful Who Protects Your Computer

We've all seen those nasty pop-ups offering to test our systems for spyware. In many cases all you got from these was a lot of spy and adware loaded on your system. Websense is reporting that they are detecting crimeware being downloaded via these ploys, either directly by clicking on the pop-up, or on the site it directs you to.

Websense has also detected the use of Zero Day vulnerabilities used in these attempts.

Here is the alert from Websense:

"Throughout December, Websense Security Labs™ reported a number of cases where browser and Operating System vulnerabilities were being used to install Potentially Unwanted Software onto end-users machines without user-intervention. In several cases, dozens of pieces of code were installed, and often report false information in order to entice the end-user to clean their machine from spyware.

We are now seeing some of those same entities using their exploit code to install more reprehensible crimeware, such as key loggers and phishing traffic redirectors. This code is designed to steal information in addition to the installation of potentially unwanted software.

Users are typically infected through an IFRAME, loaded silently from a compromised website or an advertisement network pop-up. The exploit code loaded through these IFRAME tags attempts to use several dozen vulnerabilities, including the two recent zero-day vulnerabilities: MS05-054 and MS06-001. Users who are patched against these vulnerabilities are displayed an ActiveX prompt to install the exploit code."

For the full story, please read: When Greyhats turn to Blackhats.

Here is a story from Brian Krebs that is relevant to this issue: Fake Anti-Spyware Makers Settle Fraud Charges.

As always, protecting your computer and your identity is important. It is highly recommended that one carefully investigates "unknown" providers of computer security before using them.

Sunday, January 08, 2006

Write a Bad Check at Walmart and the DA will Getcha

Most District Attorney's Offices in the United States have a bad check program. The way it works is a business (or individual) turns over their bad paper to a program established by them and they collect the item, plus fees.

The difference between them and a collection agency is that if you don't pay, they will prosecute you.

Apparently Walmart, who had been using a lot of these DA programs -- wanted to consolidate their collection efforts -- and when they did; many DA's offices were not very happy. Apparently (for some of them) this is a significant source of revenue.

In the United States, it's necessary to prove "intent" to charge someone with a crime. That's (unless) you utilize the DA's check collection service.

Many larger corporations seem to prefer using collection agencies versus the local programs. Large corporations do business over wide geographic areas and it can be cumbersome to deal with check issues, County by County.

Kevin Murphy of the Kansas City Star did an article on this:

“Wal-Mart is the second-largest client that we serve in the prosecutor’s office.”Mike Sanders, Jackson County prosecutor

"When retail giant Wal-Mart decided recently to refer all deadbeat check writers to a collection agency, county prosecutors in Missouri and some other states winced.

Bad checks, it seems, are good business for some prosecutors and district attorneys, who collect fees from the check writers. Fees usually exceed the collection costs, meaning money is left over for all sorts of prosecution expenses.

Wal-Mart, the nation’s top retailer, is a top producer of bad-check cases. Its stores represent one-third to one-half of fees collected in some Missouri counties, and each case can bring fees of at least $25 to $75 to county tills. Such cases are less lucrative in Kansas because state law limits fees to $10 per check.

“Wal-Mart is the second-largest client that we serve in the prosecutor’s office,” said Mike Sanders, Jackson County prosecutor. The county collected about $43,481 in fees from Wal-Mart check writers in the first 11 months of 2005, Sanders said.

Wal-Mart’s decision not to refer cases to prosecutors has created so much opposition nationally that the company is re-evaluating its November decision to go entirely with a collection agency.
“In some states, prosecutors have come to rely on that type of income to fund a significant portion of their budgets,” said Paul Logli, an Illinois prosecutor who is president of the National District Attorneys Association. The money also funds educational programs to reduce check fraud, he said.

For the full story please read: Retailer will review policy.

In the past, I've dealt with some of these local programs and they are a great service for small businesses and small companies. Of course, they are only as efficient as the information they are given to collect. Unfortunately, with 9 million victims of identity theft a year, checks are often cashed with assumed identities and counterfeit identification.

Businesses that take checks are well advised to protect their assets by knowing who they are accepting checks from and training their employees to detect check fraud. Collection and or prosecution efforts are only effective if you can identify the person who passed the item.

The Federal Reserve System has an excellent training document for anyone unfamiliar with how to identify bad checks.

Walmart has been in the news lately regarding a lot of fraud issues. Here is a previous post, I wrote on that matter:

Walmart's Many Woes With Fraud Issues

Saturday, January 07, 2006

How the SEC Views Civil Penalties

There has been a lot of "buzz" in the media recently about the SEC imposing civil penalties, along with speculation on how this might hurt investors.

On January 4th, they issued a press release regarding this:

"Today the Commission announced the filing of two settled actions against corporate issuers, SEC v. McAfee, Inc. and In the Matter of Applix, Inc. In one, the company will pay a civil money penalty; in the other, a penalty is not part of the settlement.

The question of whether, and if so to what extent, to impose civil penalties against a corporation raises significant questions for our mission of investor protection. The authority to impose such penalties is relatively recent in the Commission's history, and the use of very large corporate penalties is more recent still. Recent cases have not produced a clear public view of when and how the Commission will use corporate penalties, and within the Commission itself a variety of views have heretofore been expressed, but not reconciled."

For the full statement, go to: SEC Statement Concerning Financial Penalties.

So far as to where the money goes, it appears they could be using it in certain instances to repay victims.

"The Sarbanes-Oxley Act of 2002 changed the ultimate disposition of penalties. Section 308 of Sarbanes-Oxley (the Fair Funds provision) allows the Commission to take penalties paid by individuals and entities in enforcement actions and add them to disgorgement funds for the benefit of victims. Penalty moneys no longer always go to the Treasury."

As I posted earlier in the week, McAfee has agreed to pay a $50 million dollar fine. Recent history has seen Adelphia fined $715 million, Worldcom $750 million and Time Warner $300 million.

Part of the contreversy, even at the SEC is (whether or not) these fines will impact investors. In fact, it appears that investors, who were damaged could benefit from some of these actions. The other fear seems to be the weakening of the "deterrent" factor since corporations are allowed to pay without admitting wrongdoing.

Time will tell, but if victims are compensated, some of this could be extremely positive for those who lost money as a result of some of these wrongdoings. So far as the "deterrent" factor, there seems to be a lot of individuals (executives) going to jail and in many of these cases, they are being prosecuted separately from the civil actions.

Friday, January 06, 2006

Get a Quick $20.00 and GO BROKE!

For the last year, I've noticed an increase in "ATM Skimming." ATM Skimming was big a few years ago when criminals would plant a fake ATM Automatic teller machine (portable type) in a public place. The fake machine would electronically take your card information and a hidden camera would record your Personal identification number (PIN).

The crooks would then "copy" your card and then since the hidden camera had recorded your PIN abruptly clean out your account.

This activity seemed to disappear, then reappear (mutate) in a much more dangerous form. With wireless technology, criminals are now attaching hardware to existing ATM's at banks and doing the same thing. The difference being that you are going to your regular ATM (which you trust) and they are capturing the information from a distance.

They often do this over a weekend, or holiday, then remove the devices before anyone notices that the ATM machine has been compromised.

Recently, I've noticed reports of this activity on the rise in Europe, Asia and South America. The activity is increasing in frequency and showing up in North America, also.

Here is a post, I did several months ago, which includes photographs of the hardware and what to be on the look out for: ATM Machines That Clone Your Card. Please note that included in this post are (descriptive photographs) for the average person to learn what to be AWARE OF!

Here is one of many stories from the mainstream media on the latest scam, which hit in New York City, courtesy of the fine people at FOX News:

"A team of clever crooks ripped off more than $100,000 from at least 50 unsuspecting ATM users in Chinatown and on Staten Island in one of the largest ever info-heists from city banks, police said yesterday."

For the full story by FOX, please read, ATM Scam Nets Thieves Over $100G.

Thursday, January 05, 2006

Microsoft Releases WMF Patch

It appears that Microsoft has released a patch before it was anticipated next Tuesday. Here it is in Websense's latest bulletin. It appears they (Websense) assisted Microsoft in getting this out!

"This is an informational alert that Microsoft has just released a patch for the WMF vulnerability. Websense® Security Labs™ was acknowledged as a contributor in the bulletin from Microsoft.

At this time more than 1100 URLs are still actively attempting to exploit users who have not installed the patch. Most attacks are Trojan horse downloaders which update over HTTP and install and run other pieces of malicious code.

Depending on your patch rollout procedures, we still recommend that customers block all URLs that end in .WMF. Customers who have Websense Real-Time Security Updates (RTSU) will be protected automatically with frequent updates to the Security categories throughout the day. Customers who have the Websense Security Premium Group without RTSU will receive updates to these categories once per day.

Additional recommendations are provided in the Detection Methods and Prevention Methods sections of this article."

To view the alert directly from the Websense site, go to: WMF Patch Available from Microsoft.

Looks like we still need to exercise caution (more to come on this), but we can now see the light at the end of the tunnel.

Wednesday, January 04, 2006

McAfee Charged with Fraud by the SEC

Here is an interesting release by the SEC:

"Washington, D.C., Jan. 4, 2006 — The Securities and Exchange Commission today filed securities fraud charges against McAfee, Inc., formerly known as Network Associates, Inc., a Santa Clara, California-based manufacturer and supplier of computer security and antivirus tools. The Commission’s complaint alleges that, from the second quarter of 1998 through 2000, McAfee misled investors when it engaged in a fraudulent scheme to overstate its revenue and earnings by hundreds of millions of dollars. The complaint specifically alleges that, during the period 1998 through 2000, McAfee inflated its cumulative net revenues by $622 million and that, for 1998 alone, McAfee overstated revenues by $562 million, a misstatement of 131 percent. When the scheme began to unravel and McAfee announced, in December 2000, that it would miss its quarterly revenue projection by $190 million, the news slashed over $1 billion from McAfee’s market capitalization."

For the full release: SEC Charges McAfee, Inc. with Accounting Fraud; McAfee Agrees to Settle and Pay a $50 Million Penalty.

Note that:

"Previously, the Commission has sued former McAfee chief financial officer Prabhat Goyal and former McAfee controller Terry Davis for their roles in the fraudulent accounting at McAfee. Both of those actions have been stayed by the Court pending the resolution of criminal proceedings that have been brought by the United States Attorney’s Office for the Northern District of California against Goyal and Davis."

There has been a lot of settling of fraud charges against corporations lately. This one could very well cost McAfee 50 million. Private individuals (Company Officers) haven't fared so well and many have, or are going to jail for their misdeeds. It will be interesting to see what the outcome of this one is.

Here is a previous post about someone, who didn't fare so well after his trial: Farewell Mr. Ebbers (Former WorldCom CEO).

Undercover Fraudster

It's been a rough month with fraud running rampant and the WMF exploit (Zero Day) upon us. The crooks seem to be running rampant and with tax season starting, it appears the IRS has it own woes.

By Terrie Morgan-Besecker of wrote:

"An IRS agent who was accused of dressing as a woman and using his daughter's name to obtain credit is facing up to five years in federal prison following his guilty plea to misuse of a Social Security number.

The plea agreement for Edward Snarski II, filed Tuesday in federal court, comes one year after a judge denied his motion seeking to dismiss his case based on his claim he was unfairly targeted for prosecution because he is a cross-dresser who was preparing to undergo a sex change."

For the full story, go to: Cross-dressing IRS agent pleads guilty to fraud.

In this country, we all have the right to cross dress and even obtain a sex change if we so desire. What bothers me the most is that a (I hope) former federal agent tries to have his case dismissed based on the assumption he is being targeted for his preferences. The article does state that the reason his attorney tried to argue this was because all the debts were paid for. It doesn't specify whether the payments were timely, or made after charges were filed.

Nonetheless, I would hope that a sworn federal agent would see that (at a minimum) he sets an extremely poor example to the public by engaging in the behavior that he was sworn to protect the rest of us against.

Fortunately, U.S. District Judge A. Richard Caputo dismissed the motion and Agent Snarsky will get a maximum of five years behind bars and a $250,000.00 fine.

Last year, there was a lot in the news about tax fraud from behind bars. Here is a recent story from the Arizona Republic: Inmates scam IRS big time.

Perhaps, Agent Snarsky can now preach to his fellow roommates on the dangers of committing fraud.

Monday, January 02, 2006

Zero Day is Upon Us!

The bad guys seem to be busy as the year starts. Here are two alerts from Websense on what they are seeing. Zero Day is here!

"Since mid-December, Websense Security Labs has been tracking a new type of exploit which allows attackers to run malicious code without end-user intervention. Over the last week there have been several reports on our blog, on our alerts page, and on several other sites on the Internet in regards to this attack. This alert is out attempt at plotting the last week activity in a timeline, update the current situation, and provide recommendations to our customers.

The attack is a vulnerability within Windows Operating Systems which currently has no patch available. Because there is no patch from Microsoft available, there is exploit code published on the web, its trivial to create and attack, and there are multiple vectors which allow you to use this attack, we believe that there will continue to be exploits through the Web, Instant Messaging, Email, and other technologies over the next week."

To view the timeline, go to: WMF Attack Update / Timeline.

The only way to avoid these attacks is not to expose yourself. Here are some examples in another Websense alert on how to identify bad sites.

"Websense Security Labs (TM) is actively tracking websites that attempt to infect machines without any end-user intervention by simply visiting a site. Currently there are two types of sites. The first are sites that have been setup by the attackers in order to infect users. In most cases these sites require a lure (such as an email or Instant Message) in order to attract users.

These are mostly registered with fraudulent registration detail.

The second are sites which have been compromised. The below examples screenshots are of sites that appear to have been compromised and that by simply visiting them with a computer running the Windows you can be infected.

As you can see the sites are geographically diverse. We have discovered sites in the United States, Russia, Netherlands, the United Kingdom, China, and Japan.

We have also included a screenshot of the behavior of a Unix machine (running Knoppix) and Firefox."

To view some examples of the bad sites, go to: WMF Infected Site Examples.

The infected sites appear to be showing up all across the world. Hopefully, the good guys at Microsoft are coming up with a patch that works in the near term!

For the short term, there is an unofficial patch as mentioned in the Sunbelt Blog, WMF Vulnerability checker.

There are no guarantees, but a lot of experts are saying it works!