Saturday, August 27, 2005

Air Force Files Hacked

According to an article by Abe Levy (Associated Press) someone hacked into a military database. The database had personnel information (including Social Security Numbers) for about 33,000 Air Force personnel.

Thus far, no identity theft has been reported and all personnel affected have been notified. According to the article, the information was obtained by someone who had a password to the system. It doesn't seem that a lot of skill went into this and probably was the result of an insider gone bad.

In the past year, we have seen a multitude of large data intrusions in the private sector. Here is a link to one of several posts, I've done on this subject.

This is another indicator that these data intrusions, which seem to be rampant recently, need to be paid attention to. Besides threatening the financial stability of the free world, they could even lead to a National Security threat.

To read the article from the AP, click on the title of this post.

Zotob Hackers Caught

The FBI has apprehended two men, who unleashed the Zotob worm. Farid Essebar from Morocco and Attilla Ecici from Turkey will be charged and prosecuted in their homelands for unleashing the Zotob worm.

Allegedly Essebar developed the code and sold it to Ecici.

Microsoft's Internet Crime Investigation Team is being credited for passing on a lot of information to the FBI, which resulted in the quick apprehension of the two suspects. This was accomplished by monitoring the attack in real time, which gave them the ability to follow the electronic trail back to it's source.

It's refreshing to see some quick action. The Microsoft Internet Investigation Team and the FBI deserve to be commended for their quick action and quality investigative work.

For a direct link to my original post and further links to worm removal products from Microsoft and Symantec, click on the title of this post.

Sunday, August 21, 2005

Attack of the Worms

In the past week, the mainstream news media has been awash with speculation that cybergangs are having a turf war by unleashing worms and malware all over the internet. The reason security experts are speculating that a bot war is going on is that some worms are undoing versions of other worms that were previously in place on infected computers.

These worms contain bot code that allows criminals to remotely control a computer. The infected computers are organized into networks, which are rented out to fraudsters. The bot networks are then used in phishing, pharming, and a host of other computer crimes designed to steal financial or personal information (identity theft).

The first worm (Zotob) appeared last Sunday then disappeared. After that several Zotob variants appeared and a another new worm (Bozori) appeared. In addition to this newer versions of already identifed worms began showing up (Rbot, Sdbot, Codbot and IRCbot).

Even CNN, ABC and the New York Times were compromised in this series of attacks, along with computers all over the world.

To protect yourself against this attack (Microsoft 2000 users are the most vulnerable) go to Microsoft's malware removal tool, which is free. Symantec Zotob Removal Tool is another free option to see if there is any damage to your system, along with options for repair/removal.

My theory is that awareness and communication, along with some old fashioned prosecution and political action are cures for the current outburst of financial and cyber crimes. If you want to help, always report any known attempts to law enforcement. Here is a good resource for doing this:

You might also pass on the removal tools to anyone you know that might have been compromised. Perhaps, we can take a bite out of this activity ourselves?

If you are interested in previous posts, I have done on gangs involved in financial and cyber crimes, here are links to them: