Came across an interesting story about the halls of Congress being hacked in October 2006. Although no one knows or is saying, some speculate that the attack can be traced to the Chinese, who seem to get accused of hacking into a lot of government systems (worldwide). Of course, the Chinese officially deny these allegations.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
The article points out that there is a lot of evidence that the Chinese have "penetrated deeply" into both government and corporate systems.
Just hours before the Olympics, Joel Brenner, the top U.S. counterintelligence official, warned Americans to leave their smart phones and other wireless computer devices at home. He told CBS News that the public security services in China can turn on a cell phone and activate its microphone when the owner thinks it's off. In July, Senator Sam Brownback also warned that China was planning to mount a massive espionage operation on guests staying at major hotels during the Olympics.
Last year there was speculation in the press that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Even scarier, rumors abound that Chinese hackers have already attacked power grids and that they are developing a cyber-warfare capability.
The article's conclusion points to a just released Report of the CSIS Commission on Cybersecurity for the 44th Presidency. The study recommends that President Elect Obama establish a Cyber-Security Directorate in the NSC, who would direct a National Office for Cyberspace.
As a mere observer of all of this, I think President Elect Obama needs to take this report seriously. We need to remember (especially while a financial crisis is going on) that besides being a threat to National security, hacking also threatens our financial stability. Although this post points to the Chinese, they certainly aren't the only players in the International hacking game, and the problem it presents isn't going away. Sadly, some believe the problem is getting worse.
There is little doubt that change is needed in the way we address this problem and hopefully this is what will occur.
Showing posts with label U.S. Congress. Show all posts
Showing posts with label U.S. Congress. Show all posts
Sunday, December 21, 2008
Friday, March 02, 2007
Bank's Telephone ID Spoofed in Vishing Scam
People in Jefferson City, Missouri are receiving fraudulent telephone calls soliciting their personal and banking information. Even worse, their caller ID reflects that the call is coming from a bank.
A new term (vishing) is being used to describe this kind of fraudulent activity. Scams over the telephone are nothing new, but many experts believe that VoIP technology is making the problem worse.
Michelle Brooks, of the News Tribune is reporting:
More than 1,000 people in the Jefferson City area received a prerecorded phone message Wednesday that sought customer information and claimed to be from “Central Trust Bank”- a name Central Bank does not go by - and, in fact, showed Central Bank's customer service line on caller ID systems.
News Tribune story, here.
Besides stealing from people, a Washington Post story shows how this technology can be used by stalkers and criminals, who are potentially violent (stalkers).
This technology is a favorite of collection and telemarketing types to get people to answer their telephones. Some of the people marketing this technology, claim their intent is to protect privacy.
Of course, some of us believe, that this technology is violating a lot of people's privacy.
One of the most scary examples of this is spoofcard.com. They sell a calling card that not only spoofs the number being called from, but gives their customers the ability to change their voice. The calls are also recorded (accessible by calling a 800 number).
Besides this company, there are many others, that are hawking Caller-ID spoofing. Collection agencies and telemarketing types use the technology to trick people into answering their telephones.
The FTC (Federal Trade Commission) seems to be taking a look at this problem, a list of their press releases on this matter can be viewed, here.
The FCC (Federal Communications Commission) also has a lot of information about the problem on their site, here.
If you are mad about someone doing this to you, the FCC has a complaint form, here.
Isn't it a shame that we constantly see so-called legitimate businesses profiting from technology that victimizes the general population?
Congress needs to work with the FCC and the FTC to pass a law against this abuse!
A new term (vishing) is being used to describe this kind of fraudulent activity. Scams over the telephone are nothing new, but many experts believe that VoIP technology is making the problem worse.
Michelle Brooks, of the News Tribune is reporting:
More than 1,000 people in the Jefferson City area received a prerecorded phone message Wednesday that sought customer information and claimed to be from “Central Trust Bank”- a name Central Bank does not go by - and, in fact, showed Central Bank's customer service line on caller ID systems.
News Tribune story, here.
Besides stealing from people, a Washington Post story shows how this technology can be used by stalkers and criminals, who are potentially violent (stalkers).
This technology is a favorite of collection and telemarketing types to get people to answer their telephones. Some of the people marketing this technology, claim their intent is to protect privacy.
Of course, some of us believe, that this technology is violating a lot of people's privacy.
One of the most scary examples of this is spoofcard.com. They sell a calling card that not only spoofs the number being called from, but gives their customers the ability to change their voice. The calls are also recorded (accessible by calling a 800 number).
Besides this company, there are many others, that are hawking Caller-ID spoofing. Collection agencies and telemarketing types use the technology to trick people into answering their telephones.
The FTC (Federal Trade Commission) seems to be taking a look at this problem, a list of their press releases on this matter can be viewed, here.
The FCC (Federal Communications Commission) also has a lot of information about the problem on their site, here.
If you are mad about someone doing this to you, the FCC has a complaint form, here.
Isn't it a shame that we constantly see so-called legitimate businesses profiting from technology that victimizes the general population?
Congress needs to work with the FCC and the FTC to pass a law against this abuse!
Sunday, December 17, 2006
Consumers Union Calls for Congress to Protect People's Personal Information
The Consumers Union is calling for voters to let their elected officials know they are concerned about identity theft.
Here are what the Consumers Union considers to be the key issues:
If you are concerned about this issue, you can add your thoughts by sending a message to Congress, here.
The last time this issue came up before the election - a bill was being pushed through. Here is more information on it and what I wrote about it:
Don't Allow HR 3997 to Take Away Rights from Identity Theft Victims
This bill is still pending - and if passed in it's current version - it threatens to mute State laws already enacted to protect people from identity theft.
Here are what the Consumers Union considers to be the key issues:
In every state, you should be able to place a "security freeze" on your credit file so thieves can't open new accounts in your good name. Companies and agencies should be required to notify you when the security of your private information has been breached. If lawmakers are serious about making us more secure, this should be the first thing they do when they return to Washington. Help us send this clear message now to your Congressional Representative and Senators.
If you are concerned about this issue, you can add your thoughts by sending a message to Congress, here.
The last time this issue came up before the election - a bill was being pushed through. Here is more information on it and what I wrote about it:
Don't Allow HR 3997 to Take Away Rights from Identity Theft Victims
This bill is still pending - and if passed in it's current version - it threatens to mute State laws already enacted to protect people from identity theft.
Subscribe to:
Posts (Atom)
