Friday, August 31, 2007

Were camera systems hacked in the bomb threat hoaxes?


Photo courtesy of elegantmob at Flickr

The bomb hoaxes occurring nationwide are creating a lot of fear and speculation.

When reading a Slashdot entry, I came across one of the more interesting speculations about these bomb threats. The speculation is that hackers are taking control of the camera systems in the affected locations and have the ability to monitor the hysteria they are creating live via CCTV.

Here is the entry, I read on Slashdot, which is based on a news article and the comments of a certain Chief of Police:

The FBI is investigating fifteen store robberies in eleven states, committed via phone and Internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article,

"A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."

Since most camera systems of the digital variety transmit their data (images) via the Internet, I suppose it is (remotely) possible for hackers to get into a not very well protected system and take advantage of it.

The problem is that most of these camera systems, that might have been hacked, belong to major financial institutions or retailers. As far as I know -- most of these systems operate on an intranet, which is also normally protected by a firewall -- and therefore (in theory) would be pretty hard to get into.

A hacker would have to get past the intranet and firewall to access the CCTV systems.

If you are curious about the difference between Internet and intranet, Wikipedia has a good explanation, here.

With numerous companies and institutions being targeted, all of which in theory have different intranets and firewalls, it would take a lot of hacking to take control of all the camera systems involved (my personal speculation).

I suppose it's also possible that hidden cameras were placed in one of the stores and transmitted over the Internet. It could also be possible that a live person is watching and reporting what is going on via telephone.

The problem with these other speculations is that so far, no one is reporting finding any covert camera equipment. My guess is that these places are searched pretty extensively after the threat is made.

Additionally, human beings covertly reporting the "goings on" during one of these hoaxes doesn't seem very practical, once you think about it. This has occurred in eleven States and the amounts requested aren't in the millions of dollars. It wouldn't be very feasible to use human beings over this wide an area, considering the amount of money involved.

I've learned to "never say never," but I suspect a little fast talking, possible knowledge of the victim's layout (most of these places are set up the same) and the use of fear is how this bomb threat scam is being accomplished.

When I first read about this, I reflected that fear is being used in order to get money wired to criminals. Fear is just another method of social engineering (trickery), which seems to be one common denominator in most of the scams involving the wiring of money.

Despite the fact that many of these scams are spreading quickly with the assistance of technology, it still takes a human element to make the whole thing work.

Exploiting wire transfer systems to steal money is nothing new, either. Wire transfer transactions have become a preferred method of stealing money in a lot of Internet type scams. From romance to lottery scams, with a lot of other variations in-between, Internet criminals have been tricking people into wiring money to them for quite awhile now.

When money is wired, once it is picked up (often within minutes), it's very hard to trace. Please note that these other scams involving wire transfers are predicated on tricking human beings, also.

The good news is that the FBI, Secret Service and Western Union are actively going after the people behind this. Rumor has it they are close to making some arrests.

Since the exact details of the case are being kept confidential, which is important to give the good guys an edge in catching these crooks, all the rest of us can do is speculate.

Let's wish them success in their endeavors and look forward to announcement that the people behind this have been caught! After all, this hoax (scam) is NOT very amusing!

Of note, most experts will always strongly recommend to treat a bomb hoax seriously, despite the fact that most of them are hoaxes. It is recommended that all organizations have a plan on how to handle these scenarios. NSI.org has an extensive page with some pretty good advice (my opinion), here.

Slashdot entry by Erris (531066) and posted by samzenpus, here.

The article, they are referring to comes from News 5 in Phoenix, Arizona.

Thursday, August 30, 2007

Fake e-mail from the BBB stating someone complained about you is a scam!

If you get an e-mail from the Better Business Bureau stating that a complaint has been made against you - it might be a good idea to just delete it.

Websense is reporting:

Websense® Security Labs™ has received reports of a new email spam variant similar to an attack launched early this year. The spoofed email purports to be from the Better Business Bureau (BBB). The message claims that a complaint has been filed against the recipient's company. Attached to the message is a Microsoft Word document (Document_for_Case.doc), supposedly containing additional details regarding the complaint. The Word document actually contains a Trojan Downloader that, when opened, attempts to download and install a keylogger. This keylogger uploads stolen data to an IP address in Malaysia.

Keyloggers record the keystokes on a computer and then send them back to the crooks, who installed them.

They are normally interested in your password information, especially if it gives them access to personal financial data. That way they can rob you blind.

In case, you just have to know, whether or not, you've received a complaint at the Better Business Bureau, it might be a good idea to contact them independently to inquire into it.

Their website is here.

The best way to avoid becoming compromised is to have updated security software protecting your system and even better yet -- avoid clicking, or even opening unsolicited e-mails no matter, who they claim to be from!

Websense alert (with screenshots), here.

Wednesday, August 29, 2007

ICE raids two more companies and discovers stolen identities being used by illegal immigrants

Two more food processing companies have been raided by ICE (Immmigration and Customs Enforcement) in the past week. At least some of the illegal immigrants detained were found to be using stolen identities.

In North Carolina, 25 of the illegal immigrants were using the identities of U.S. citizens.

From the ICE press release:

United States Attorney George E. B. Holding announced today that his office has obtained criminal complaints charging 25 individuals with identity theft and various immigration violations. These individuals were arrested on Aug. 22, 2007, U.S. Immigration and Customs Enforcement (ICE) agents as part of an investigation that focused on individuals who were working at the Smithfield Processing plant in Tar Heel, N.C., and who had, as part of the commission of other crimes, transferred, possessed or used the identification of someone else in violation of federal law. The United States Attorney will ask the federal grand jury to consider these cases in the near future.
Meanwhile, in Ohio raids were conducted on Koch Foods and 160 illegal immigrants were detained. While this was going on a search warrant was executed at their corporate office in Chicago.

From the ICE press release:

Special agents from U.S. Immigration and Customs Enforcement (ICE) today executed criminal search warrants at Koch Foods in Fairfield, Ohio. ICE identified more than 180 Koch employees working at the Fairfield plant requiring further questioning and administratively arrested more than 160 as of 4PM for immigration violations. ICE agents simultaneously executed criminal search warrants at Koch's corporate office in Chicago.

There is no disclosure as to whether any of these people were using other people's identities.

In both press releases, ICE outlined the reasons for the raids:

Unlawful employment is one of the key magnets drawing illegal aliens across our borders," said Julie L. Myers, Assistant Secretary of Homeland Security for ICE. "When illegal aliens use fraudulent documents or engage in identity theft, they not only exploit a vulnerability, they also cause real harm to U.S. citizens. We will pursue egregious violators by seeking criminal charges and continue to deploy tools such as the new social security no match guidelines to help businesses comply with the law."

Besides unlawful employment, there is a flourishing trade in counterfeit documents that enables a lot of illegal immigrants to obtain employment.

Suad Leija's Paper Weapons site is a place, where you can get an inside look at how bad this problem is. It also shows how other crimes, besides illegal immigration are tied into the trade.

Suad is currently writing a book, which will go into a lot of detail about the trade in paper weapons.

ICE press release on the North Carolina raid, here.

ICE press release on the Ohio and Illinois raids, here.

Previous posts on how illegal immigration ties into other crimes can be viewed, here.

IRS name used to phish for ID theft victims, again!

Government agencies and trusted brands are often spoofed (impersonated) in phishing attempts, which are social engineering ploys to steal personal and financial information, and or download cybernasties (malware, crimeware) on your system. Please note the cybernasties normally steal information from your computer, also.

The information culled from you, or your computer is then used to make YOU an identity theft statistic.

In the past couple of years, spoofing the IRS has become an old story, but they keep on doing it.

Here are the most recent updates on IRS phishing scams:

Updated Aug. 24, 2007 — The Internal Revenue Service today warned taxpayers of a new phishing scam, in which an e-mail purporting to come from the IRS advises taxpayers they can receive $80 by filling out an online customer satisfaction survey. The IRS urges taxpayers to ignore this solicitation and not provide any requested information. The IRS does not initiate contact with taxpayers through e-mail.

Updated June 19, 2007 — In another recent scam, consumers have received a "Tax Avoidance Investigation" e-mail claiming to come from the IRS' "Fraud Department" in which the recipient is asked to complete an "investigation form," for which there is a link contained in the e-mail, because of possible fraud that the recipient committed. It is believed that clicking on the link may activate a Trojan Horse.

Full IRS press release on this matter, here.

Phishing isn't limited to impersonating the IRS, the APWG (Anti-Phishing Working Group) tracks this ever growing problem and offers advice on how to avoid getting hooked, here.

Previous posts about phishing attempts impersonating the IRS can be seen, here.

Tuesday, August 28, 2007

China caught stealing government information again!

The Chinese, who were recently accused of poisoning pets and selling toxic toothpaste are now being accused of hacking into government computers in Germany.

Roger Boyes of the TIMESONLINE reports:

Der Spiegel, quoting senior officials from the German equivalent of Special Branch, said that the hacking operation was discovered in May. Computers in the Chancellery, the Foreign, Economics and Research ministries had been targeted. The Federal Office for the Protection of the Constitution (BfV) conducted a comprehensive search of government IT installations and prevented a further 160 giga-bytes of information being transferred to China. Commentators described it as “the biggest digital defence ever mounted by the German state”.

The information was being siphoned off almost daily by hackers in Lanzhou, northern China, in Canton province and in Beijing. The scale and the nature of the data being stolen suggest, the investigators say, that the operation must have been steered by the State and, in particular, the People’s Liberation Army.

Naturally, the Chinese are denying involvement, but this isn't the first time we've heard of them hacking into systems, or committing government/corporate espionage.

Here are a couple of posts, I wrote awhile ago where U.S. government computers were the target:

How Dangerous is China

The Hackers from China are at it AGAIN!

Last year, the FBI arrested two men stealing technology secrets and attempting to take them to China. Their press release on this matter can be seen, here.

USA Today (David J. Lynch) also did an excellent article quoting FBI sources about the problem, which can be seen, here.

We need to start considering the consequences of continuing to allow this to go on unchecked.

Roger Boyes story (worth reading), here.

Sunday, August 26, 2007

Apophis - a malware tool that is smart and can steal 30,000 people's personal details

If anyone thinks our personal information is safe, think again. Panda Labs, an International security software company, recently discovered a tool, which appears to be stealing personal and financial details on a global basis.

From Panda's press release:

A version of Apophis, a tool used by cyber-crooks to handle information stolen from users infected by several variants of the Nuklus family of Trojans, stores data belonging to over 30,000 users from more than twenty countries. PandaLabs has been able to access a file with some of the stolen data. This file kept encrypted confidential data belonging to almost 1,500 people from the USA, Canada and the UK.

Surprisingly enough, this data contained, in addition to information about bank and email accounts, information such as the users’ postal address, phone number or their credit card expiry date. With this information, cyber-crooks not only can get the users’ money, but also impersonate them and use their identity to make purchases, bank transfers, etc., in their name.
In more simple terms, this gives criminals the ability to clean out your financial resources, then use your information to get more credit, which you will be hounded for when the bills aren't paid.

Besides that, stolen identities are used by illegal immigrants, criminals and some claim, terrorists to blend into society.

Even worse, this tool is considered smart -- it actively searches out the information criminals desire.

According to Panda, this tool can store over 30,000 records. That is a lot of people that can be victimized by just one of these nasty devices.

More information, including some screen shots from the Panda blog, here.

The press release can be viewed, here.

Panda also offers a free scan to see if your computer might be infected, here.