Friday, February 20, 2009

RSA Report Points to an Increase in Cyber Crime

According to a recent report from RSA Security, phishing attacks increased 66 percent last year when compared to 2007. One reason cited for this are the increased availability of DIY (do-it-yourself) phishing kits, which are available for sale on the Internet.

Some of these kits even come with tech support. In the past few years, these kits have enabled a lot more people to get into the phishing game.

The statistics compiled in the Anti-Fraud Command Center Phishing Trends Report recorded 135,426 phishing attacks compared to 90,000 detected in 2007. Despite these ominous numbers, the report showed a marked decrease in the number of attacks between June and July. The amount of attacks then increased steadily until the end of the year and then dropped again in December. The RSA team attributed this to a drop in activity by a notorious gang of phishermen, known as the Rock Phish.

Although, no one seems to be exactly sure, the Rock Phish are a phishing gang that are allegedly of Romanian origin. Experts believe they are responsible for up to 50 percent of the phishing seen in the wild (on the Internet) today. To avoid detection, Rock Phishing attacks often update DNS records during an attack and change URLs, which confuse take-down efforts and allow them to bypass spam filters. They also use images in their spam e-mails, which make their work harder to be detected by spam filters. A lot of spam filters do not use OCR (optical character recognition) because it slows down the filtering process.

The (temporary?) reduction in attacks was attributed to the Rock Phish upgrading their infrastructure and switching to the use of a new botnet, called the "Asprox botnet."

A lot of the newer botnets — which spew out spam in the millions using zombies (compromised computers) — are using what is known are using fast flux technology. Fast flux is a DNS technique used to hide spam e-mails behind a constantly changing network of compromised computers (zombies), which have been taken over using malicious software to send out spam. Since these spam e-mails recruit new zombies all the time, it makes shutting down this type of activity pretty difficult. According to the report, fast flux attacks now comprise about half of all the activity out there.

From a global perspective, the United Kingdom (40 percent) was the most attacked country followed by the United States (37 percent). This was attributed to a focused attack on a number of financial institutions in the UK in 2008. The report also acknowledges increased activity in Latin America and the Pacific. A lot of experts believe we will see increased activity in other parts of the world as more people from these regions are introduced to the Internet. As this takes place, more computers will be compromised (become zombies) in these countries and the statistics will shift.

It should be noted that despite the increased activity in the United Kingdom, the United States still holds the dubious honor of being number one in hosting phishing attacks. They are also number one in brand names being attacked.

Of no surprise is the statistic that financial instituions are the favorite target in these attacks. It makes sense that the phishermen will continue to go where the money is and with the sour economy, there are a lot of social engineering lures that are ripe for exploitation. Fear is a time-honored social engineering lure, which gets people to click on links they should not have.

The conclusion of the report is that online crime continues to evolve, is becoming more dangerous, and new tools are being used to further the effort. My guess is that it will continue to grow as long as we focus on defending against it instead of going after the source of it! Of course, this is merely the opinion of this observer.

Sunday, February 15, 2009

Sending Children to the Slammer for Profit

On February 12, 2009, two judges appeared in federal court to plead guilty to $2.6 million in income tax and wire fraud. The crimes they were charged with resulted from locking up teenagers for profit in Scranton, PA.

Judge Michael T. Conahan and Judge Mark A. Ciavarella Jr. were the two barristers, who received kickbacks to send teens to privately run detention centers. Apparently, Conahan secured the contracts and Civarella kept them filled with fresh prisoners (victims?) from his docket (court calendar). The privately run centers in questions were PA Childcare and its sister organization, Western PA Childcare.

A press release on January 28th from the Administrative Office of the Pennsylvania Courts announced the two judges' removal from the bench. The release goes into detail about the charges that were brought against them.

In one example cited by the NY Times, a teenager was given three months for setting up a MySpace page mocking her assistant principal at a Wilkes Barre, PA high school. The student in question, Hillary Transue, was a stellar student and had never been in trouble before. At the end of the hearing, with her parents watching, she was handcuffed and taken away. In another case, a teenager got three months for giving another teenager a black eye.

This is scary in a society where Paris Hilton and Lindsay Lohan get a few days for doing a lot more than putting up a MySpace page or giving someone a black eye!

Senior Judge Arthur Grim has been appointed by the State Supreme Court to figure out what to do with the estimated 5,000 juveniles who have been sentenced by Judge Ciavarelli since the scheme started in 2003. A lot of these children were first time offenders and some of them are still locked up.

The case has shocked local residents, already strained by recent losses of a lot of industrial jobs and the shutting down of coal mines. It has also brought up a debate about how children are represented in the legal system when they face charges.

Just last year, a motion was filed by the Philadelphia-based Juvenile Law Center in behalf of 500 juveniles who had appeared in front of Ciavarelli without representation. The motion was originally denied, but it has now been reopened. Statistics show that about 50 percent of the children who waived their right to counsel in front of Ciavarelli went to the slammer. The Supreme Court ruled in 1967 that juveniles have a right to counsel, but in some states, including Pennsylvania, they are allowed to waive it.

Given the reduced tax base in the area, the money stolen in this instance could certainly have been put to better use, too.

Even worse, although Judge Ciavarella admitted to the kickbacks, he is contending that the juveniles in question deserved what they got. This is pretty arrogant, especially considering that the facts show that he sentenced a lot more of his cases (25%) to these privately run detention facilities than the state average of of 1 in 10.

I'm frequently amazed how people who have obviously done something terribly wrong rationalize their behavior.

If Ciavarella and Conahan (Judge titles intentionally removed) accept the plea bargain being offered by the government, they will get 87 months in the slammer, lose their pensions, and be disbarred. The executives running the privately run detention centers haven't been charged yet, but are expected to be.

I first saw a mention of this story on Alex Eckelberry's Sunbelt blog. His comment was "how sick." In closing, "I second that motion."