Archive for June 2010

WICS 2010

June 29, 2010

 Recently, there was a two-day World Information and Communication Summit (WCIS) 2010 in South Korea where leaders of the Digital world shared a voice on the theme ‘Expanding Digital Economy and Culture’. Malaysia  was one of 15 countries that attended the WCIS. World Information and Communications Summit (WICS) has come a long way since 2005 when it first gathered ICT ministers and vice ministers under the name, World ICT Summit. Having been once called as IT Ministerial Conference in 2007, WICS has continuously carried on its purpose to create a better information society by collaborating and sharing each country’s experience and visions in ICT. 

 Information, Communication and Culture Minister, Dr Rais, who was the Malaysian representative in the conference, said cyber security was one of the topics which Malaysia touched on at the conference. He added that Malaysia did not enforce prohibitions on or censor the internet but there were rations in cyber laws such as the Communication and Multimedia Act governing individuals who committed cyber crimes.

World Information and Communications Summit is probably significant in terms of collaboration of ICT representatives from around the globe to share their experiences and strategies to analyze success and failure cases. The interesting point is WICS suggested that the nations as a whole  set a digital culture right and through a great partnership and collaborations, make the global economy stronger. I hope this will lead to higher cyber security world-wide that Malaysia can also benefit from.

What’s your take on it?

Advertisements

All in a day’s work!

June 28, 2010

Here is another case of unauthorized access to protected computers and gaining control over them. This time it was 23-year old  Mitchell L. Frost a student at the University of Akron. He used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

He has been arrested and has pleaded guilty to a two-count Information filed on May 14, 2010, which charged Frost with causing damage to a protected computer system and possessing 15 or more unauthorized access devices said Steven M. Dettelbach, United States Attorney for the Northern District of Ohio.

He admitted gaining access to other computers and networks through different methods which were scanning the Internet searching for vulnerable computer networks to attack or intrude by means of obtaining user names and passwords. He also spread malicious programs on the compromised computers for the sole reason of getting personal information, credit card numbers and CVV security codes. In addition, he intentionally set up Distributed Denial of Service (DDoS) to attack the Internet websites. www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others were just some of his victims.

He also initiated Denial of Service against  the University of  Akron’s server computer which knocked off the line for almost 8 ½ hours, causing damages of $10,000. Well, maybe if he’d had a hobby he wouldn’t have caused so much damage! On the serious thought this is nothing new. I’m pretty sure crimes like this are committed all the time around the world but this one manged to make it into the news. Who knows how many go unheard of!  Why are the people in charge not doing anything about this serious problem?!

What’s your take on it? 

Attention all Twitters!!

June 27, 2010

Why such drama! what I really don’t get is although there are masterminds behind the social networks, they are so careless about their users personal information! And if they are going to be so  negligent, why do they mislead the users and put their privacy under risk! After so much talking about Facebook privacy lax now is Twitter’s turn! Recently, allegations have been brought up against Twitter by the U.S. Federal Trade Commission, claiming that Twitter failed its promised user privacy.

The FTC’s complaint focused on two incidents which were in January and April 2009. In both cases Twitter was attacked by different hackers. In January,  a hacker used an automated password-guessing tool to gain administrative control of Twitter, after submitting thousands of guesses into Twitter’s log-in page, the FTC said. The silly thing is the administrative password was a common dictionary word! What a reckless mistake!

In the second case in April 2009,  a hacker compromised a Twitter employee’s personal e-mail account where two passwords similar to the employee’s Twitter administrative password were stored in plain text, the FTC said. Then he was able to reset at least one user’s password and could gain access to personal information and also tweet from the stolen account. It seems there is no end inside! I’m wondering how and when they are really going to consider user privacy and do something about Twitter’s security loopholes.

“When a company promises consumers that their personal information is secure, it must live up to that promise,” David Vladeck, director of the FTC’s Bureau of Consumer Protection, said in a statement. “Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations. Consumers who use social networking sites may choose to share some information with others, but they still have a right to expect that their personal information will be kept private and secure.”

Twitter has agreed to settle the complaint and it is prohibited from misleading clients about protecting their privacy in the coming 20 years and forced to establish a comprehensive security program which will be examine by an outsider every 10 years.  I hope that this settlement will have enough restrictions to make sure Twitter fulfils its moral and lawful obligations.    

What’s your take on it?

Source: Read more from Computerworld.com

Keep your friends close, but your neighbors closer!

June 26, 2010

Have you ever been in a row  with your neighbor?! Well, be careful then! Here is the latest news from the U.S. Department of Justice. 45-year-old Barry Vincent Ardolf   has been indicted in federal court in the District of Minnesota for hacking into his neighbor’s wireless Internet system and allegedly posing as the neighbor to make threats to kill the Vice President of the United States and email child pornography.

Ardolf hacked into his neighbor’s wireless Internet connection and created multiple Yahoo.com email accounts in that person’s name. Then, he used one of those accounts to email the office of the Vice President of the United States. He signed the email with the name of the neighbor from whom he stole Internet access as well as the name of that person’s wife.  Actually he sent the email using the wireless router belonging to the neighbor, intending for the email to be traced back to that person. What a hatred to have for someone!

This isn’t the end of the story. There is much, much more! He posed as the identity-theft victim and used the email accounts he created in the victim’s name to send sexually-themed emails to three of the victim’s co-workers. Again, the he sent the emails through the victim’s wireless Internet connection, intending for them to be traced to the victim’s Internet account. In one of the emails, Ardolf attached an image containing child pornography. Ardolf also  created a MySpace page in the victim’s name, on which he posted the same image of child pornography. What on earth was he thinking?!  

At present he is being prosecuted and if found guilty and I’m sure that he will be, he could face up to 20 years just for child pornography distribution, 10 years for the pornography possession, five years for both the unauthorized access to a computer and the threats to the Vice President, and a mandatory two-year minimum prison sentence on each count of aggravated identity theft. However, all sentences will be determined by a federal district court judge.

The first thing that comes to mind when you read this is that you should always protect your computer from unwanted intrusion. Keep your anti-virus software and firewall up to date. In addition, make sure your wireless router is properly encrypted using the strongest encryption standards possible.

What’s your take on it?

What’s next?!!!

June 25, 2010

The newest of all crimes has become even newer! Cyber criminals are no longer board teenage kids looking to have some fun. Cyber crime is not being committed out of curiosity any more but  has fast become a profession with sophisticated Malvare products to market.  In Microsoft’s latest Security Intelligence Report (SIP) which was conducted on 500 million computers around the globe to raise awareness on online threats world-wide.

The report states that attackers are now mostly prompted by the desire for profit and hardly ever  operate on their own.  For example, malware creators seldom conduct attacks themselves, but instead work with other criminals in online black markets to buy and sell malware kits and botnet access, says Desmond Nair, head of Microsoft South Africa’s Server business. 

Nair also added, “The report provides compelling – and chilling – evidence that cyber criminals are becoming more sophisticated and packaging online threats that are sold on to others. What’s more, we now see clearly that cyber criminals target enterprise and home users differently.” This report raises awareness on online threats to enterprises and individual home users and also provides some remedies on security issues.

What’s your take on it?

Source: Read more from Mybroadband.co.za   

Go Go Go! Ole Ole Ole!

June 24, 2010

The world cup fever is here! Everywhere you turn there is talk of the tournament, so you would think that this is the best time for cyber criminals to take complete advantage of the situation. I was surfing the Internet earlier and I read about an interview that IT PRO made with the senior analyst at Semantec Hosted Services  Paul Wood about a recent report from Semantec MessageLabs Intelligence.

Based on the represented figures, spam and carried virus emails had a downward slope of 0.9 and 0.11 percentage points  from May. Meantime phishing dropped to 0.26 percentage points.

According to Wood although the figures show a fall in different forms of illicit activities, it is not clear that malicious web activity has lessened over the previous month. What is evident is that the world cup related threats sharply increased in the build-up to the tournament. Spam related Football keyword reached a quarter of  global spam since March 2010 to the days leading up to the big event!

Well, the world cup is such a huge event and now it has the world’s undivided attention and of course a base for cyber criminals to attack. To me what this figures show and what happened during the opening days are quite different. Criminals have become more sophisticated in their methods and shouldn’t be underestimated.           

What’s your take on it?

Source: Read more fromIT PRO

What has the world come to?!!

June 20, 2010

There was a time that I used to think that criminals were totally different in appearance from other people but now I realized they don’t have to look like monsters, they maybe the neighbor you say hello to in the morning. The friendly bus driver you smile at or the green grocer you chat with when you go shopping. But never did I think that the person we think is sworn to protect us and is willing to give their life for our freedom would turn out to be the most dangerous of all criminals.

A 42-year-old lieutenant colonel of the Indian Army was arrested by the cyber crime investigation cell (CCIC) of the Mumbai police on Thursday for allegedly posting obscene pictures of children on an international web site. The investigation started in Germany when German police tracked an IP address to India which horrific pictures of child pornography were being uploaded from. Then they alerted Interpol, which through CBI, forwarded the issue to the Mumbai police.

He was caught red-handed, while downloading porn clippings. “Even as we questioned him at his home for four and a half hours, the downloading continued. We have also taken printouts of the pictures so that we can use it as evidence in court,” said an officer. The Mumbai police confiscated hard disks, mobile phones, print outs, etc from the government flat of the Army officer and booked him under the Information Technology Act 2000.

Well, what can I say?! 

What’s your take on it?

Source: Read more from The Times Of India