Saturday, December 10, 2005

Should We Consider Nazis Potential Terrorists?

The Sober Worm, which was attached to phony e-mails from the FBI and CIA is making a comeback. According to the Washington Post-"The junk traffic generated by Sober has bogged down e-mail systems at some of the nation's largest Internet service providers. For several days last week, subscribers of Microsoft Corp.'s Hotmail and MSN e-mail services experienced long delays in receiving new messages as the company struggled to filter out Sober-generated traffic."

The article also reports that the Sober Worm is the most extensive attack to date and has generated twice the number of quarantined e-mails as the Mydoom Worm (it's closest competitor) did. For the full story by the Washington Post, please read, Sober.X worm makes return.

Meanwhile, "iDefense, cyber security intelligence provider and VeriSign company (Nasdaq: VRSN), reports that the next planned attack of 2005's most prolific e-mail worm family, Sober, is scheduled to start on Jan. 5, 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the founding of the Nazi party. Additionally, the attack could have a significantly detrimental effect on Internet traffic, as e-mail servers are flooded with politically motivated spam e-mails from potentially tens of millions of e-mail addresses.

In addition to the Nazi party anniversary, the Jan. 5 trigger on the Sober variant appears to also be timed to coincide with a major German political convention meeting the next day, Jan. 6. In the past, VeriSign iDefense Security Intelligence Services has seen mass distribution of propaganda timed with political events to increase the worm's notoriety, and help to further circulate it.

In another interesting story this week, the FBI (Louis Reigel, Assistant Director, Cybercrime) is reassuring the public that they believe the originator(s) of the Sober Worm will be caught and that he isn't aware of any major risk by cyberattack from terrorists. Here is the press release on the FBI website, FBI Exec on Cyber Crime.

Meanwhile, Valerie McNiven (who advises the U.S. Treasury in cybercrime) made the statement that the profits from cybercrime have exceeded those of the drug trade. Here is CNet's version of the story, Cybercrime yields more cash than drugs. I hear that other experts are disputing this, but then again, hows does one come to an exact figure? Pretty sure, the people involved in these criminal enterprises don't publish their financial portfolios and make every attempt to conceal where the money is coming from.

Terrorists, organized criminals and now possibly Neo-Nazis seem to be in the mix and according to the FBI, all is well. To my knowledge, the CIA hasn't commented, but they normally don't, at least to the general public. My question is should we Neo-Nazis consider Terrorists?

If Neo Nazis might be terrorists, Sober is the most prolific attack to date and the person(s) behind it are openly mocking both the CIA and FBI (among others) by impersonating them, I fear everything isn't is as well as is being stated.

Terrorism, according to Wikipedia, is the unconventional use of violence for political gain. It is a strategy of using coordinated attacks that fall outside the laws of war commonly understood to represent the bounds of conventional warfare (see also unconventional warfare).

"Terrorist attacks" are usually characterized as "indiscriminate," "targeting of civilians," or executed "with disregard" for human life. The term "terrorism" is often used to assert that the political violence of an enemy is immoral, wanton, and unjustified.

According to definition of terrorism typically used by states, academics, counter-terrorism experts, and non-governmental organizations, "terrorists" are actors who don't belong to any recognized armed forces, or who don't adhere to their rules, and who are therefore regarded as "rogue actors".

Could Neo Nazis be the culprits behind the Sober Worm? To meet the definition of terrorisim (above) there needs to be violence. Sending out malware doesn't meet this standard. On the other hand, Neo Nazis have been associated with violence and often preach it against anyone, who doesn't subscribe to their warped ideals. All one would have to remember is the horror their forefathers (Nazis) unleashed upon the world during the Holocaust.

All things considered, Neo Nazis could be terrorists and probably are capable of committing terrorist acts. According to CourtTV, Timothy McVeigh: The Oklahoma Bomber was a fan of: "The Turner Diaries written by former American Nazi Party honcho William L. Pierce, under the pen name Andrew Macdonald. Its hero responds to gun control by making a truck bomb and blowing up the Washington FBI Building."

According to an article in Wikipedia: "Some investigators contend that Timothy McVeigh and his accomplice Terry Nichols had ties to Islamic terrorism through Ramzi Yousef, a militant who planned the 1993 WTC Bombing, and through a series of meetings with Islamic terror group Abu Sayyaf members in the Philippines. Others suggest he had ties to a radical Christian Identity group call Elohim City near Muldrow, Oklahoma."

I'm certain not everyone will agree with me, but cyber attacks seem to be steadily increasing in scope and technological sophistication. There is mounting evidence that organized criminals, terrorists and now Neo Nazis are using computer technology to further their political and financial agendas. In my humble opinion, we can no longer afford to ignore a problem that threatens the entire world.

Whether we call them fanatics, terrorists, or common criminals, these people threaten the well being of society at large and in the end, our freedom. The time to decide we won't tolerate this is now!

Thursday, December 08, 2005

Seventy Percent of the Population Unable to Recognize a Phishing Scam

Twenty five percent of us will receive a phishing attack aimed at stealing our identity and or financial information every month, according to the AOL/National Cyber Security Alliance (NCSA) Online Safety Study. Also discovered in this survey is that about seventy percent of us, who receive these phishing e-mails won't be able to identify them as a scam.

According to my friends at Wikipedia, "phishing is a form of social engineering, characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords."

The activity is also becoming more sophisticated and these e-mails often inject malware (malicious software) on systems, which can automatically capture personal information via Keyloggers. Keyloggers automatically record "keystrokes" (including passwords, account information etc.) and sends them back to the cyber criminal responsible for putting the software on someone's system.

For those of us, who are unfamiliar with phishing scams, which are getting more sophisticated all the time, a great place to learn how to protect yourself is Stay Safe Online, or the National Cyber Security Alliance.

Phishing designed to steal personal information is a rapidly growing enterprise and with internet access and computers becoming more readily available (cheaper), there are a growing number of victims. Nine million people in the United States fall victim to having their identities stolen (every year) according to the government!

There is also a lot of information on this blog designed to provide resources (often free) on how to avoid becoming a victim of internet scams. Phishing is a subject, I have covered extensively and the blog can be "searched" by "keyword" at the top.

Another great resource to learn about the dangers of identity theft and what to do if one becomes a victim is the Federal Trade Commission: ID Theft website, courtesy of the FTC.

With the holiday season upon us, it is traditional to share goodwill. If seventy percent of us are unaware of the potential dangers of phishing, take a moment and help educate someone you care about. Think about it, if everyone in the world did this, we would protect the innocent and deal a severe blow against the immoral cyberscum, who ruin people's lives for their own gain.

Wednesday, December 07, 2005

Russian Gang Members Busted at Circuit City

In my last post, High Tech Theft Not the Only Loss Category Rising, I discussed a retail theft survey, which deducted that an increase in shoplifting losses was attributable to organized gang activity. I noted that the loss categories mentioned in the press release from the survey failed to include fraud (check and credit) and e-commerce fraud. These are also areas that seemed to be consistently targeted by organized activity and have the ability to impact the profitability of the retail industry.

Here is an interesting story from WOOD TV in Grand Rapids Michigan, which shows how organized activity is impacting retailers in other ways besides shoplifting.

WOOD TV reported, "It appears the suspects were hitting stores across the state, particularly Circuit City and Best Buy. The Muskegon County prosecutor tells 24 Hour News 8 two men were arrested with more than $10,000 worth of electronics in their possession after providing stolen identification at a local home electronics store."

When arrested, the alleged low level Russian gang members were in possession of $10,000.00 worth of merchandise and there are ties to numerous other thefts from Best Buy and Circuit City.

In this scam, high-end electronic merchandise would be ordered over the internet using fraudulent credit cards. Individuals would then appear at the stores to pick up the merchandise using fake identification.

I'm assuming that when arrested they merely had the merchandise from one haul. According to the local authorities the merchandise was going to be shipped overseas to Holland. WOOD TV also reported, there were other indicators that this is a very organized operation.

"Authorities confiscated a global positioning device to help navigate fast getaways and map out the next hit.

Authorities believe the two men are part of a sophisticated Russian organized crime ring after discovering high-tech items and cell phones in their van. The high-tech devices are capable of altering magnetic strips on credit cards.

The phone was ringing throughout our proceedings from a variety of individuals speaking Russian, also with code names including Godfather.

The investigation is now spreading to other sites after authorities traced stolen credit cards "including Illinois, Indiana, Arizona, Colorado," Tague says. "So we're certainly seeing contacts throughout the country in terms of ID theft and contacts with this organization."

For the full story from WOOD TV go to: Nationwide identity theft ring busted in Muskegon. County.

It would be pretty hard to shoplift a van full of big screen televisions.

My recommendation to those implementing security strategy for the retail industry is that while they need to continue to monitor employee theft, shoplifting, vendor theft and administrative errors; ignoring the increases in fraud fueled by technology and the internet could be deadly to the profitability of the industry as a whole.

For my previous post regarding the retail survey, click on the title of this one.

High Tech Theft Not the Only Loss Category Rising

Internet Fraud has been increasing substantially, however more old-fashioned means of theft, such as "shoplifting" seem to be on the rise, also.

A press release from ADT Security Services reports that a survey conducted by Richard Hollinger Ph.D (University of Florida) is showing increases in theft from retailers.

Here is a comment from ADT on the survey, "Rex Gillette, vice president of retail national accounts for ADT, said the survey shows retailers are spending more to combat retail theft." ADT, who sponsored the grant to conduct this study, is one the major vendors that provides technology based solutions to combat retail theft.

The survey states that although employee theft is down, it is still the number one retail theft category. Other categories mentioned in the survey include, "shoplifting, vendor fraud and administrative error -- cost the nation's retailers close to $31 billion last year."

According to the survey, the increase in shoplifting activity is due to organized gang activity. To quote the survey, "Hollinger attributed the increase to a new form of shoplifting called organized retail crime, which involves shoplifting gangs working as a team to steal large quantities of merchandise quickly."

I was involved in taking a look at this new phenomenon about ten years ago for a major retailer and organized shoplifting gangs were pretty prevalent then. If it was prevalent ten years ago, either the activity has substantially increased, or organized activity isn't as new as some might think.

The press release on the survey doesn't seem to mention losses in fraud categories, such as check and credit, nor does it seem to address mention in the e-commerce sector. The e-commerce sector is growing rapidly and many traditional retailers are becoming heavily involved in it. There is no doubt that money lost in these categories impact retailers, also.

I have been unable to view this survey. There was some mention of fraud in the last one, although it was only covered briefly. Nonetheless, the press release for this one fails to mention it at all and with the increases in crime fueled by technology, it seems logical the financial impact on retailers should be going up.

Although, I'm sure the survey is based on statistical analysis, there are difficulties in assigning dollar lost to theft (by category) in the retail industry. Most retailers conduct physical inventory once, or twice a year. It is extremely difficult six months to a year later to determine how inventory disappeared and it would be interesting to see how the survey assigned the dollar amounts to a specific loss category.

So far as measuring the amount of money lost in the fraud categories, many companies only measure known fraud (verified). The rest of the monetary amount is sometimes buried in another accounting category, which is known as "bad debt." For instance, a fraudster opens a credit account with a dead person's identification (or someone who is never reached by a collections department), charges the account to it's maximum potential and then disappears. Because the activity was unable to be verified as fraud, it is written off as bad debt. This problem can be extended to all types of financial fraud categories. The amount of fraud buried on credit reports and company accounts classified as "bad debt" cannot be accurately calculated and is probably substantial.

I have no doubt (given current theft trends) that this activity is on the rise. Retail theft, whether high, or low tech impacts us all (via higher prices) and any analysis of how to prevent it is valuable. The retail industry is taking these problems seriously and attempting to deal with them because of the negative effect it has on their overall profitability.

On a personal level, I am a advocate of a more holistic approach to fighting losses that are prevalent in the world of business. In my opinion, there is an opportunity for loss prevention, computer security and fraud experts to combine forces against organized activity in general.

In fact, I highly suspect that many of the organized gangs are involved in all of the categories mentioned and don't discriminate on types of activity. They simply go where they can steal the most money.

For the full press release, go to: Annual Retail Security Survey Shows Shoplifting on the Rise.

I have written other posts on organized criminal activity, should anyone be interested:

The Consolidation of Organized Criminal Activity
Organized Fraud Gangs
Fraud Gangs Plant Insiders

Monday, December 05, 2005

Malicious Code Used to Redirect Banking Customers to Fraud Sites

Here is an interesting, but scary scam being reported by the good folks at Websense. Malicious code is being put on systems that appends to the "Window hosts file" and redirects users from their financial institution to a phishing site where their log information is stolen.

"Websense® Security Labs™ has observed an increase in phishing attacks that use modifications to the Windows hosts file to deceive users. Various exploits and social engineering tricks are used to execute malicious code that appends several entries to the Windows hosts file. These entries redirect traffic from the legitimate web addresses of several banks to the IP address of a phishing site created by the attacker. The next time the user attempts to visit one of the targeted banks, they are instead redirected to arrive at a phishing site. However, the web address shown in the browser's address bar appears to be the correct address. The logon information of the unsuspecting user is captured, as they attempt to access the site.

The example shown below targets four banks: HSBC Brazil, Banco Itau, Banco Banespa, and Bradesco. The phishing sites used in this attack are hosted in California and were online at the time of this alert."

For the full alert, along with screen shots, please read, Traffic Redirection on the Websense home page.

The alert isn't specific how the malicious code is being executed, but my guess would be via e-mail attachments. This is a new (pretty scary) twist, especially if the web address appears to be correct. Watching web addresses is a basic for those of us, who are on the look out for phishing scams. I plan to follow this carefully and will publish any additional information as it becomes available.

Until then, this is a testament to keeping your protection software up to date!

Sunday, December 04, 2005

XBox Latest Lure in Auction Scams

When anything is hot, such as Microsoft's new XBox, it is best to "let the buyer beware." Todd Bishop of the Seattle Post-Intelligencer is reporting is auction customers on eBay are being tricked into buying empty boxes that once contained the XBox and even pictures of the XBox.

According to the article:

"Capitalizing on shortages of Microsoft's new video-game console, several people have attracted bids as high as $600 or more on eBay this week by offering Xbox 360 boxes -- just empty boxes -- in ways that made it seem, without reading closely, that the items for sale were actually consoles.

The common approach: Acknowledging that the item was merely a box, but surrounding that disclosure with so many pictures and descriptions of the real console and accessories that someone merely skimming the listings might not notice."

For the full story by Todd Bishop go to, Xbox bidders warned to beware Phony auctions are offering the box -- no console, just the box.

In a recent post, I did I wrote, "Many of us will use an increasingly popular method of shopping, which are auction sites. A lot of people have become victims on these sites and e-Bay is the largest player. I prefer the warning information on CraigsList. Craig Newmark (allegedly himself) put this together, "cashier check & wire transfer scams and avoid recalled items. Craigslist gets 3 billion page views a month and although they do charge for certain things (rarely), most of it is free. Furthermore, Craigs provides not only an auction site, but a lot of resources to help people, which again are mostly free."

To read this post, which I put together as a "best practices" resource to avoid fraud during the holiday season, go to, The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds.

The bottom line is that auction sites, although immensely popular, have attracted a lot of fraud and many a person has become a victim. With more and more people gaining access to the internet, we can expect a this to be a growing trend. These scams always start with, "something that is too good to be true" and the best defense is to "let the buyer beware."

I've received a lot of information on auction scams via readers. If you happen to see something new, please feel free to drop me a line at

You can also read more on auction fraud by searching keyword "auction fraud" in the search box at the top of this page.