Saturday, January 07, 2006

How the SEC Views Civil Penalties

There has been a lot of "buzz" in the media recently about the SEC imposing civil penalties, along with speculation on how this might hurt investors.

On January 4th, they issued a press release regarding this:

"Today the Commission announced the filing of two settled actions against corporate issuers, SEC v. McAfee, Inc. and In the Matter of Applix, Inc. In one, the company will pay a civil money penalty; in the other, a penalty is not part of the settlement.

The question of whether, and if so to what extent, to impose civil penalties against a corporation raises significant questions for our mission of investor protection. The authority to impose such penalties is relatively recent in the Commission's history, and the use of very large corporate penalties is more recent still. Recent cases have not produced a clear public view of when and how the Commission will use corporate penalties, and within the Commission itself a variety of views have heretofore been expressed, but not reconciled."

For the full statement, go to: SEC Statement Concerning Financial Penalties.

So far as to where the money goes, it appears they could be using it in certain instances to repay victims.

"The Sarbanes-Oxley Act of 2002 changed the ultimate disposition of penalties. Section 308 of Sarbanes-Oxley (the Fair Funds provision) allows the Commission to take penalties paid by individuals and entities in enforcement actions and add them to disgorgement funds for the benefit of victims. Penalty moneys no longer always go to the Treasury."

As I posted earlier in the week, McAfee has agreed to pay a $50 million dollar fine. Recent history has seen Adelphia fined $715 million, Worldcom $750 million and Time Warner $300 million.

Part of the contreversy, even at the SEC is (whether or not) these fines will impact investors. In fact, it appears that investors, who were damaged could benefit from some of these actions. The other fear seems to be the weakening of the "deterrent" factor since corporations are allowed to pay without admitting wrongdoing.

Time will tell, but if victims are compensated, some of this could be extremely positive for those who lost money as a result of some of these wrongdoings. So far as the "deterrent" factor, there seems to be a lot of individuals (executives) going to jail and in many of these cases, they are being prosecuted separately from the civil actions.

Friday, January 06, 2006

Get a Quick $20.00 and GO BROKE!

For the last year, I've noticed an increase in "ATM Skimming." ATM Skimming was big a few years ago when criminals would plant a fake ATM Automatic teller machine (portable type) in a public place. The fake machine would electronically take your card information and a hidden camera would record your Personal identification number (PIN).

The crooks would then "copy" your card and then since the hidden camera had recorded your PIN abruptly clean out your account.

This activity seemed to disappear, then reappear (mutate) in a much more dangerous form. With wireless technology, criminals are now attaching hardware to existing ATM's at banks and doing the same thing. The difference being that you are going to your regular ATM (which you trust) and they are capturing the information from a distance.

They often do this over a weekend, or holiday, then remove the devices before anyone notices that the ATM machine has been compromised.

Recently, I've noticed reports of this activity on the rise in Europe, Asia and South America. The activity is increasing in frequency and showing up in North America, also.

Here is a post, I did several months ago, which includes photographs of the hardware and what to be on the look out for: ATM Machines That Clone Your Card. Please note that included in this post are (descriptive photographs) for the average person to learn what to be AWARE OF!

Here is one of many stories from the mainstream media on the latest scam, which hit in New York City, courtesy of the fine people at FOX News:

"A team of clever crooks ripped off more than $100,000 from at least 50 unsuspecting ATM users in Chinatown and on Staten Island in one of the largest ever info-heists from city banks, police said yesterday."

For the full story by FOX, please read, ATM Scam Nets Thieves Over $100G.

Thursday, January 05, 2006

Microsoft Releases WMF Patch

It appears that Microsoft has released a patch before it was anticipated next Tuesday. Here it is in Websense's latest bulletin. It appears they (Websense) assisted Microsoft in getting this out!

"This is an informational alert that Microsoft has just released a patch for the WMF vulnerability. Websense® Security Labs™ was acknowledged as a contributor in the bulletin from Microsoft.

At this time more than 1100 URLs are still actively attempting to exploit users who have not installed the patch. Most attacks are Trojan horse downloaders which update over HTTP and install and run other pieces of malicious code.

Depending on your patch rollout procedures, we still recommend that customers block all URLs that end in .WMF. Customers who have Websense Real-Time Security Updates (RTSU) will be protected automatically with frequent updates to the Security categories throughout the day. Customers who have the Websense Security Premium Group without RTSU will receive updates to these categories once per day.

Additional recommendations are provided in the Detection Methods and Prevention Methods sections of this article."

To view the alert directly from the Websense site, go to: WMF Patch Available from Microsoft.

Looks like we still need to exercise caution (more to come on this), but we can now see the light at the end of the tunnel.

Wednesday, January 04, 2006

McAfee Charged with Fraud by the SEC

Here is an interesting release by the SEC:

"Washington, D.C., Jan. 4, 2006 — The Securities and Exchange Commission today filed securities fraud charges against McAfee, Inc., formerly known as Network Associates, Inc., a Santa Clara, California-based manufacturer and supplier of computer security and antivirus tools. The Commission’s complaint alleges that, from the second quarter of 1998 through 2000, McAfee misled investors when it engaged in a fraudulent scheme to overstate its revenue and earnings by hundreds of millions of dollars. The complaint specifically alleges that, during the period 1998 through 2000, McAfee inflated its cumulative net revenues by $622 million and that, for 1998 alone, McAfee overstated revenues by $562 million, a misstatement of 131 percent. When the scheme began to unravel and McAfee announced, in December 2000, that it would miss its quarterly revenue projection by $190 million, the news slashed over $1 billion from McAfee’s market capitalization."

For the full release: SEC Charges McAfee, Inc. with Accounting Fraud; McAfee Agrees to Settle and Pay a $50 Million Penalty.

Note that:

"Previously, the Commission has sued former McAfee chief financial officer Prabhat Goyal and former McAfee controller Terry Davis for their roles in the fraudulent accounting at McAfee. Both of those actions have been stayed by the Court pending the resolution of criminal proceedings that have been brought by the United States Attorney’s Office for the Northern District of California against Goyal and Davis."

There has been a lot of settling of fraud charges against corporations lately. This one could very well cost McAfee 50 million. Private individuals (Company Officers) haven't fared so well and many have, or are going to jail for their misdeeds. It will be interesting to see what the outcome of this one is.

Here is a previous post about someone, who didn't fare so well after his trial: Farewell Mr. Ebbers (Former WorldCom CEO).

Undercover Fraudster

It's been a rough month with fraud running rampant and the WMF exploit (Zero Day) upon us. The crooks seem to be running rampant and with tax season starting, it appears the IRS has it own woes.

By Terrie Morgan-Besecker of wrote:

"An IRS agent who was accused of dressing as a woman and using his daughter's name to obtain credit is facing up to five years in federal prison following his guilty plea to misuse of a Social Security number.

The plea agreement for Edward Snarski II, filed Tuesday in federal court, comes one year after a judge denied his motion seeking to dismiss his case based on his claim he was unfairly targeted for prosecution because he is a cross-dresser who was preparing to undergo a sex change."

For the full story, go to: Cross-dressing IRS agent pleads guilty to fraud.

In this country, we all have the right to cross dress and even obtain a sex change if we so desire. What bothers me the most is that a (I hope) former federal agent tries to have his case dismissed based on the assumption he is being targeted for his preferences. The article does state that the reason his attorney tried to argue this was because all the debts were paid for. It doesn't specify whether the payments were timely, or made after charges were filed.

Nonetheless, I would hope that a sworn federal agent would see that (at a minimum) he sets an extremely poor example to the public by engaging in the behavior that he was sworn to protect the rest of us against.

Fortunately, U.S. District Judge A. Richard Caputo dismissed the motion and Agent Snarsky will get a maximum of five years behind bars and a $250,000.00 fine.

Last year, there was a lot in the news about tax fraud from behind bars. Here is a recent story from the Arizona Republic: Inmates scam IRS big time.

Perhaps, Agent Snarsky can now preach to his fellow roommates on the dangers of committing fraud.

Monday, January 02, 2006

Zero Day is Upon Us!

The bad guys seem to be busy as the year starts. Here are two alerts from Websense on what they are seeing. Zero Day is here!

"Since mid-December, Websense Security Labs has been tracking a new type of exploit which allows attackers to run malicious code without end-user intervention. Over the last week there have been several reports on our blog, on our alerts page, and on several other sites on the Internet in regards to this attack. This alert is out attempt at plotting the last week activity in a timeline, update the current situation, and provide recommendations to our customers.

The attack is a vulnerability within Windows Operating Systems which currently has no patch available. Because there is no patch from Microsoft available, there is exploit code published on the web, its trivial to create and attack, and there are multiple vectors which allow you to use this attack, we believe that there will continue to be exploits through the Web, Instant Messaging, Email, and other technologies over the next week."

To view the timeline, go to: WMF Attack Update / Timeline.

The only way to avoid these attacks is not to expose yourself. Here are some examples in another Websense alert on how to identify bad sites.

"Websense Security Labs (TM) is actively tracking websites that attempt to infect machines without any end-user intervention by simply visiting a site. Currently there are two types of sites. The first are sites that have been setup by the attackers in order to infect users. In most cases these sites require a lure (such as an email or Instant Message) in order to attract users.

These are mostly registered with fraudulent registration detail.

The second are sites which have been compromised. The below examples screenshots are of sites that appear to have been compromised and that by simply visiting them with a computer running the Windows you can be infected.

As you can see the sites are geographically diverse. We have discovered sites in the United States, Russia, Netherlands, the United Kingdom, China, and Japan.

We have also included a screenshot of the behavior of a Unix machine (running Knoppix) and Firefox."

To view some examples of the bad sites, go to: WMF Infected Site Examples.

The infected sites appear to be showing up all across the world. Hopefully, the good guys at Microsoft are coming up with a patch that works in the near term!

For the short term, there is an unofficial patch as mentioned in the Sunbelt Blog, WMF Vulnerability checker.

There are no guarantees, but a lot of experts are saying it works!