Friday, November 25, 2005

US Military Hacked, Sober Worm Goes Worldwide, What Next?

Military installations being attacked from China in what is being called; The new Trojan war, Chinese hackers breach US military defenses. The worst computer worm of the year is being spread by bogus e-mails from the FBI and CIA, Computer Worm Poses as E-Mail From FBI, CIA. Meanwhile, there are stories of the military removing word documents from the internet after it was discovered that sensitive information had been compromised, US military security defeated by copy and paste CNET

If this were fiction, it would be the makings of a best selling thriller.

Reading all these stories in the past few days and considering the implications made me consider how high the stakes in internet crime really are. At this point, it is unknown, specifically who the attackers are (at least to the general public). Organized criminals, unfriendly governments and even terrorists could theoretically be the culprits.

The Chinese (who seem to be behind the most recent attack on the military) have been suspected of selling technology (including nuclear) to governments, who might be dangerous to world peace. All one has to do is read the story of AQ Khan, who developed nuclear weapons for Pakistan and admitted selling secrets to North Korea, Libya and Iran. There is a lot of speculation that he obtained a lot of his knowledge from the Chinese, who were caught stealing nuclear secrets from us during the Clinton Administration, Online NewsHour: Spies Among Us -- June 9, 1999.

Meanwhile, the worm attack dubbed as "Sober X" has spread so far and fast that both the CIA and FBI have placed prominent warnings on their websites.

Besides attacks throughout the United States, there have been similar attacks in Europe. Bogus e-mails impersonating law enforcement and intelligence agencies are being used to trick unsuspecting users into downloading the virus. Video clips of popular celebrities have been used also.

The Internet Crime Complaint Center received more than 4,000 reports on Monday alone, per the FBI. Symantec stated that this worm has the ability to compromise personal information and McAfee reported 73,000 customers found the worm on their system. A British company (MessageLabs) reported intercepting more than 2.7 million copies of the "Sober X" worm and it's mutations (Sober X, Y, Z).

One security vendor, MXLogic is now reporting that one in every eight e-mails is infected. Thus far, the experts can only speculate what the intent of this massive attack is.

In another shocking revelation, there are reports that the military is removing Word documents off the internet after it discovered that when they obscured parts of documents that were classified on (Word and Adobe documents), they could be recovered and read by simply "cutting and pasting" them on to another document.

This was discovered after classified information about an incident in Iraq was posted on the internet.

Unless the private citizen and our governments take these massive attacks seriously, we could stand to lose more than our identities and bank accounts. National security and financial systems could eventually be at stake! Diplomacy and being politically correct need to be thrown out the window and replaced by swift action that includes severe consequences for individuals and governments found guilty of engaging in this activity.

My best guess is, failure to do so, could have grave implications.

Cyber Criminals Attack Technorati Bloggers

There are some who take bloggers seriously and some who don't. Here is evidence that the murky world of cyber crime does and that they are attempting to profit from Blogs.

Paul Young, who writes prying1, notified me of this activity and has also put a warning on his blog about it.

Posted by Niall Kennedy on November 23, 2005. Tags:

"It recently came to our attention that the Technorati brand name is being used in an attempt to inject a virus onto Windows computers. Although I personally have not received these emails, Technorati takes these false emails seriously.

The email in question states that Technorati has suspended your email account, lists some reasons why this may have happened, and invites you to open an attached file for more details on how to reactivate your Technorati account. The attached file, "," contains the W32.Mytob.MC@mm virus, opening a back door on your computer, lowering security settings, and allowing your computer to be used by the attackers for local access or distributing other content online.

Technorati's support and feedback departments as a rule do not send non-image attachments to its users. We will sometimes include a screenshot to better illustrate instructions. We also address each support request personally and attach our name to the message to let you know there is a real human on the other end.

We recommend investing in anti-virus software for your computers. Two of the most popular home software solutions are Norton AntiVirus and McAfee VirusScan. McAfee also offers a free scan of your computers for viruses."

Currently, there are over 100 variants of Mytob circulating and some are very hard to remove. Once a computer is infected, the computer can be used remotely, primarily to send Spam messages.

Here is a earlier post I did that shows the full spectrum of this type of activity, McAfee Study on Organized Crime and the Internet.

A further recommendation to help you remove any Mytob cyber nasties, you might discover on your system is the malware removal tool from the White Hats (good guys) at Microsoft.

Thursday, November 24, 2005

The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds

The official start of the holiday season is upon us. With the rapid growth of e-commerce and the fraud implications thereof, this post represents the top "free" resources I've found that combat Fraud, Phishing and Financial Misdeeds.

Before I start, when we are confronted by scams, it is imperative that we report them to Law Enforcement. The best resource (most detailed) is the link in the preceding line from the folks at Quatloosia, which is a non-profit organization.

In fact, I suspect there are too many of us, who due to time constraints, simply laugh at the attempts to defraud us. Unfortunately, the people (who commit fraud on the internet) can target (thousands) with a click of the mouse. Reporting this activity protects the innocent, who might have their entire holiday season ruined by one of these fraudulent schemes.

A quick (easy) way to report suspicious activity online is the Internet Fraud Complaint Center.

If you are are victim, I highly recommend Annie McGuire's site, FraudAid, which has been serving the public since 2000. This site is literally full of great information on how to avoid becoming a victim and how to repair the damage that has been done. In fact, I've had the pleasure of chatting with Annie and she is a fine person, who truly does this to help people.

The Federal Trade Commission (FTC) is also a great resource. Recently, they published tips in Spanish, Alerta en Línea. Of course, they also have a lot of fantastic information in English and here are their Holiday Tips, the FTC's Holiday shopping alert [Text] [PDF].

The Better Business Bureau also has a lot of information. On their main page is an article "Shopping Online For The Holidays: "Twelve Tips To Protect Yourself From Cyber Grinches, Scams And Schemes (full story)."

When deciding who to give our business to, a good resource is the Bad Business Bureau, which publishes the Rip-Off Report. This is a consumer driven site, where people write in and share their bad shopping experiences.

Before doing any shopping online, a good (free) resource for research is the TrustWatch Search Engine. "Sites that can be verified receive a green "verified" rating; sites that do not have enough data to be verified, but are not known to be fraudulent, receive a yellow "not verified" rating; and known fraudulent sites display a red "warning" rating. If a site is deemed to be both verified and secure for the exchange of confidential data, it receives a lock icon next to the green verification rating."

For those of us shopping on line, we face having spyware/adware loaded on our systems without our knowledge. Please note, many legitimate businesses load this on your computer in the name of marketing. SpyCop has an interesting e-book for those, who desire to learn how to protect themselves: It points out that besides Spyware and Adware programs being easily accessible, a lot of so-called programs touted as protection are no better than some of the free programs out there. One of the best free programs is Spybot Search and Destroy (S&D).

Here is a link describing the difference between spyware and adware from Webopedia, The Difference Between Adware & Spyware.

Another annoyance this season will be our e-mailboxes filling up with Spam. The worst sort of Spam entails phishing attempts, where one it lured to a fake (faux) website in order to be tricked into giving up personal and financial information to be used in identity theft. With pharming and the use of keyloggers, this activity is becoming more automated and posing a significantly higher risk to all of us. A great resource to learn about this is the Anti-Phishing Working Group (APWG), which has educational resources on how to avoid these scams.

Many of us will use an increasingly popular method of shopping, which are auction sites. A lot of people have become victims on these sites and e-Bay is the largest player. I prefer the warning information on CraigsList. Craig Newmark (allegedly himself) put this together, "cashier check & wire transfer scams and avoid recalled items. Craigslist gets 3 billion page views a month and although they do charge for certain things (rarely), most of it is free. Furthermore, Craigs provides not only an auction site, but a lot of resources to help people, which again are mostly free.

Anyway, the Richardson Family (Ted, Mrs. and Leigh, who is sometimes Ted's personal technical advisor") wish everyone a safe, sane and financially prosperous holiday shopping season. Remember that being AWARE is the best protection against "financial misdeeds" and educating others to be AWARE protects the innocent, which is a kind thing to do.

After all, isn't kindness what the season is supposed to be about?

To share this information with those you care about, click on the envelope (below) and the post can be forwarded via e-mail. It won't bring you bad luck if you don't, but it might make someone else a little luckier.

Wednesday, November 23, 2005

Birmingham Bank UK, Another Faux Site

I signed up for Websense Security Alerts. Here is one of particular interest involving a totally fake financial institution, Birmingham Bank UK.

"Websense® Security Labs(TM) has received several reports of a new phishing attack that does not target any particular financial or ecommerce brand. Users receive an email from the bank welcoming them as a customer, and claiming that they are the beneficiary to funds from the Alliance Security and Finance Company in Amsterdam. The email includes a URL to the bank and a username and password to log into their "account."

Upon accessing the bank website, an option is provided to log in to their account with this bank, using the login information provided in the email. When the user logs in, the account information is displayed, along with a balance of more than 9 (nine) million dollars.

The website then requests that the user transfer the funds to their own bank account and requests that details of that account be entered in order to perform the transfer.

The phishing site is hosted in the UK and was up at the time of this alert."

The use of fake websites is nothing new and I have discussed them extensively on this blog. They are used in charity, e-Bay and PayPal fraud activity and the purpose is normally to steal financial and or personal information to commit identity theft.

If you would like to view the full alert by Websense go to: New Fraudulent Bank / Technique.

Artists Against 419 (US) is a website dedicated to fighting fake bank websites with a humorous twist. If you would like to learn more about these sites, I highly recommend them.

You might even join the Artists in shutting down a few of these sites.

If you are interested in a search engine that helps protect you from fraud (faux) websites, here is a post with a great (free) resource, TrustWatch Search Engine .

Tuesday, November 22, 2005

FTC Publishes Consumer Warnings en Espanol

The Federal Trade Commission is now publishing information in Spanish (Espanol) on internet scams and how to avoid identity theft.

"A recent consumer fraud survey commissioned by the FTC, the nation’s consumer protection agency, found that Hispanics, whether they are Spanish speakers or not, are about twice as likely as non-Hispanic whites to be victims of consumer fraud."

In fact not only Hispanics, but according to this survey, minorities in general are becoming more likely to be victims of internet fraud.

“We found that American Indians and Alaska Natives, African Americans, and Hispanics are more likely to be victims of fraud than non-Hispanic whites,” said Howard Beales, Director of the FTC Bureau of Consumer Protection. "These findings will help us fine-tune our Hispanic Law Enforcement and Outreach Initiative, and explore additional opportunities to target frauds aimed at communities which are at risk."

Could this be because of a lack of communication venues to warn these groups?

The top 10 frauds listed in the report include: "Advance-fee loan scams – 4.55 million victims; Buyers clubs – 4.05 million victims; Credit card insurance – 3.35 million victims;
Credit repair – 2 million victims; Prize promotions – 1.8 million victims; Internet services – 1.75 million victims; Pyramid schemes – 1.55 million victims; Information services – .8 million victims; Government job offers – .65 million victims; and Business opportunities – .45 million victims."

With computer technology and internet services becoming cheaper and more available all the time, the number of potential victims is rising. I think the FTC's actions in making their warnings more accesible (user friendly) is admirable.

After all, internet fraud has become a global problem and is committed in more than one language. Here is a "techie" tool anyone can use to translate text from one language to another, AltaVista Babel Fish.

For the FTC's information in Spanish, go to Alerta en Línea.

For those of us, who want some relevant holiday tips on how to avoid becoming victims of the cyber grinches in English, go to the FTC's Holiday shopping alert [Text] [PDF].

Personal Data and Security Act Moves Forward

I read some great news this morning about the Personal Data and Security Act, modeled after a California law (SB1386). SB1386 is now considered a trend setter in requiring companies to notify people when their personal information has been stolen. It now appears that the Personal Data and Security Act (S1789) is gaining ground in the Senate.

This law will provide the same protection nationally, that SB1386 has provided for California.

In an earlier post, Congress Tries to Silence Identity Theft Initiatives, it appeared that Congress was trying to replace S 1789 with what I consider a far weaker version, HR 4127.

Here is the article, I read written by Grant Gross of the IDG News Service and later published in PCWorld and Yahoo News:

"WASHINGTON-- The Senate Judiciary Committee has approved a bill that would require companies with data breaches to notify affected customers, and would set up rules for the U.S. government's use of private databases.

The Personal Data Privacy and Security Act, sponsored by committee Chairman Arlen Specter, a Pennsylvania Republican, and Senator Patrick Leahy, a Vermont Democrat, would also require data brokers to allow U.S. residents to correct their personal data, and it would require businesses holding the personal data of more than 10,000 U.S. residents to conduct risk assessments and implement data-protection policies.

Businesses that do not implement security plans could be fined up to $35,000 a day if found in violation of the requirement."

The entire article can be viewed by going to the link below:

I would also like to add (because they weren't mentioned in this article) that senators, Dianne Feinstein (D-California) and Russ Feingold (D-Wisconsin) have also actively pushed for S1789.

In the past year, massive amounts of personal and financial data have been stolen (often with little technical expertise). These acts have exposed millions of people to the possibility of having their identities stolen. Big businesses, who have made considerable profits buying and selling our personal information need to ensure that they are diligent in protecting people's personal information. Should they fail to do so, they also need to at least let the people (who will potentially be victimized) know they are at risk.

We deserve and should accept, no less!

Sunday, November 20, 2005

Tis the Season of Stealing

Tis the "Season of Stealing" with the official start of the holiday season less than a week away. All over the world, cyber criminals are getting ready to hide behind the sales volume and take advantage of people trying to make their loved ones happy on limited resources.

As always, most scams start with a common theme, "An offer of something that is too good to be true." When you are approached with something that seems to be too good of a deal, it is best to use extreme caution and take a careful look at it before spending any of your hard earned money.

The Better Business Bureau has issued some excellent tips on what to be AWARE of:

Know who you're dealing with. Check out unfamiliar sellers with the Better Business Bureau and your state or local consumer protection agency. If you're buying gifts on an online auction site that provides a feedback forum, check the track record of the seller before you bid. Don't buy things in response to unsolicited emails from unknown companies, since these may be fraudulent.

Get all the details. Check the name and physical address of the seller; how much the product or service costs; what is included for that price; whether there are shipping charges; the delivery time, if any; the seller's privacy policy; and the cancellation and return policy.

Look for signs that online purchases are secure. At the point that you are providing your payment information, the beginning of the Web site address should change from http to shttp or https, indicating that the information is being encrypted - turned into code that can only be read by the seller. Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes.

Pay the safest way. It's best to use a credit card, especially when you're purchasing something that will be delivered later, because under federal law you can dispute the charges if you don't get what you were promised. You also have dispute rights if there are unauthorized charges on your credit card, and many card issues have "zero liability" policies under which you pay nothing if someone steals your credit card number and uses it.

Never enter your personal information in a pop-up screen. When you visit a company's Web site, an unauthorized pop-up screen created by an identity thief could appear, with blanks for you to provide your personal information. Legitimate companies don't ask for personal information via pop-up screens. Install pop-up blocking software to avoid this type of scam.

Keep documentation of your order. When you've completed the online order process, there may be a final confirmation page and/or you might receive confirmation by email. Print that information and keep it handy in case you need it later.

Know your rights. Federal law requires orders made by mail, phone or online to be shipped by the date promised or, if no delivery time was stated, within 30 days. If the goods aren't shipped on time, you can cancel and demand a refund. There is no general three-day cancellation right, but you do have the right to reject merchandise if it's defective or was misrepresented. Otherwise, it's the company's policies that determine if you can cancel the purchase and whether you can get a refund or credit.

Be suspicious if someone contacts you unexpectedly and asks for your personal information. Identity thieves send out bogus emails about problems with consumers' accounts to lure them into providing their personal information. Legitimate companies don't operate that way.

Check your credit card and bank statements carefully. Notify the bank immediately if there are unauthorized charges or debits, if you were charged more than you should have been, or if there are any other problems.

Keep your computer secure for safe shopping and other online activities. Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. Go to and to learn more about how to keep your computer secure.

Beware of emails offering loans or credit, even if you have credit problems. Con artists take advantage of cash-strapped consumers during the holidays to offer personal loans or credit cards for a fee upfront. These scammers simply take the money and run.

Contact the seller promptly about any problems with your order. Check the company's Web site for a customer service page, "contact us" link, email address, or phone number to get your complaint addressed or questions answered. If you can't resolve the problem, contact the Better Business Bureau or your state or local consumer protection agency for help.

Of course, as always, if you determine someone is trying to scam you, please take the time to report them to the relevant consumer agency and or law enforcement. By doing this, you could very well prevent someone else's holiday season from being ruined and thwart the efforts of the "cyber grinches."

A great place to complain/investigate is the Better Business Bureau. If you want to go to their website, click on the title of this post.

A good place to report internet crime is the Internet Fraud Complaint Center .