 | |
 | |
Volume 4, Issue 3 |
January 2007 |
 |
|
CORPORATE OFFICE Per Mar Security Services
|
Cybercrime Hits the Big Time in 2006 iPods Being Used for Data Theft Disaster Preparedness Information |
Cybercrime Hits the Big Time in 2006Call it the "year of computing dangerously." Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products. Few Internet security watchers believe 2007 will be any brighter for the millions of fraud-weary consumers already struggling to stay abreast of new computer security threats and avoiding clever scams when banking, shopping or just surfing online. One of the best measures of the rise in cyber crime this year is spam. More than 90 percent of all e-mail sent online in October was unsolicited junk mail messages, according to Postini, a San Carlos, Calif.-based e-mail security firm. The volume of spam shot up 60 percent in the past two months alone as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. As a result, network administrators are not only having to deal with considerably more junk mail, but the image-laden messages also require roughly three times more storage space and Internet bandwidth for companies to process than text-based e-mail, said Daniel Druker, Postini's vice president of marketing. "We're getting an unprecedented amount of calls from people whose e-mail systems are melting down under this onslaught," Druker said. Spam volumes are often viewed as a barometer for the relative security of the Internet community at large, in part because most spam is relayed via "bots," a term used to describe home computers that online criminals have compromised surreptitiously with a computer virus or worm. The more compromised computers that the bad guys control and link together in networks, or "botnets," the greater volume of spam they can blast onto the Internet. At any given time, there are between three and four million bots active on the Internet, according to Gadi Evron, a botnet expert who managed Internet security for the Israeli government before joining Beyond Security, an Israeli firm that consults with companies on security. And that estimate only counts spam bots. Evron said there are millions of other bots that are typically used to launch "distributed denial-of-service" attacks -- online shakedowns wherein attackers overwhelm Web sites with useless data if the targets refuse to pay protection money. "Botnets have become the moving force behind organized crime online, with a low-risk, high-profit calculation," Evron said. He estimated that organized criminals would earn about $2 billion this year through phishing scams, which involve the use of spam and fake Web sites to trick computer users into disclosing financial and other personal data. Criminals also seed bots with programs that can record and steal usernames and passwords from compromised computers. "With botnets we have reached a level where it is unclear today what parts of the Internet are not compromised to an extent," he said. Source: |
|
iPods Being Used for Data TheftPune, Dec 17 Three months ago a large chemical company in Mumbai lost a multi-crore tender by a slender margin. Investigations revealed that the tender documents, blueprints and formula was leaked out. Computer forensics showed that somebody was accessing the USB drive and an employee was carrying an iPod and had used it to down load data. He used the iPod as a USB storage device to steal data and pass it on to the competitor. To evade detection, the file was deleted from the iPod and retrieved later using data recovery tools. Six months ago, an overseas company that had been working on banking software and was launching the product into the market. They were told by a potential client that they had been offered a similar software by another company but at much lower prices. The overseas company, had worked on this project for three years and had outsourced the project to a Bangalore-based IT company. The entire project team was under suspicion. The man heading the project had used his iPod with an 80 GB capacity to copy the entire software and sold it to a foreign company with whom he started a new company. These two cases were investigated by the Asian School of Cyber Laws (ASCL) but because of NDAs with these companies they are not revealing the names. “Data theft has always been happening but this is a new modus operandi in India. The iPod here was not just used to download and listen to songs but as an external storage device holding any file type,” says R Narayanan, head of Cyber Crime Investigation team at ASCL in Pune. The iPods or other MP3 players have capacity from one GB to 80 GB that is more than many desk top processors and could be misused. Companies prohibit employees and visitors from carrying personal laptops, palmtops, electronic notebooks and internet or Bluetooth enabled mobile phones into sensitive areas. However, people are not stopped from carrying iPods and other MP3 players into such places. Explains Narayanan, when an USB drive was inserted a log sheet was created of when it was inserted and removed which left a trail. “We first thought it was being used to download songs. But an analysis of the iPod showed all documents. The Mumbai employee, being a system administrator, had access to all confidential data. He was bribed by competition to get out the tender documents,” says Narayanan. Vishal Kumar, faculty at the Asian School of Cyber Laws, says the cyber crime cell of the Mumbai police are investigating the case and the employee could be charged under Section 43 and Section 66 of the IT Act. “The civil liability offers compensation of Rs one crore while criminal liability under the act would attract three year imprisonment or fine up to Rs two lakh or both,’ Kumar said. The way out is to either restrict usage of iPods in the office or restrict access to USB drives but companies have to be aware of this new security risk, says Kumar. Source: financialexpress.com, article posted by Geeta Nair 12/18/06 top |
|
Disaster Preparedness InformationYou should keep enough supplies in your home to meet the needs of you and your family for at least three days. Build an emergency supply kit to take with you in an evacuation. The basics to stock in your portable kit include: water, food, battery-powered radio and flashlight with extra batteries, first aid supplies, change of clothing, blanket or sleeping bag, wrench or pliers, whistle, dust mask, plastic sheeting and duct tape, trash bags, map, a manual can opener for canned food and special items for infants, elderly, the sick or people with disabilities. Keep these items in an easy to carry container such as a covered trash container, a large backpack, or a duffle bag. Information provided by the Department of Homeland Security top |
|
Violent Crime Up For Second Straight YearA surge in violent crime that began last year accelerated in the first half of 2006, the FBI reported this week, providing the clearest signal yet that the historic drop in the U.S. crime rate has ended and is being reversed. Reports of homicides, assaults and other violent offenses surged by nearly 4 percent in the first six months of the year; compared to the same time period in 2005, according to the FBI's latest Uniform Crime Report. The numbers included an increase of nearly 10 percent for robberies, which many criminologists consider a leading indicator of coming trends, The Washington Post reports. While no one is certain of the causes, experts cited an increase in the number of young men in their crime-prone years, diminished crime-fighting assistance from the federal government, fewer jobs for people with marginal skills and the ongoing growth in methamphetamine use in some places. Source: Security Beat top Anti-Fraud Services a $900 Million IndustryAnti-fraud credit-monitoring services offered by banks, direct marketers, and credit bureaus such as Equifax, Experian, and TransUnion have turned the fear of identity theft into a $900 million industry that is expanding by at least 20 percent every year. "Identity theft has essentially become a business-- not just for bad guys but for good guys, too," said privacy consultant Robert Gellman. "A lot of the people that are involved in profiting legally from identity theft are direct participants in the whole credit system that doesn't have the protections in place to prevent identity theft in the first place." More than 12 million Americans subscribe to these services, which alert the consumer whenever a lender requests their credit file and cost anywhere from $3 to $16 a month. Though credit monitoring can provide a consumer with peace of mind, it often fails to protect against identity theft cases wherein a fraudster uses another person's social security number in conjunction with their own name. Additionally, zero liability policies and federal laws granting consumers access to one free credit report a year from the three biggest credit card bureaus allow consumers to obtain the same information at no cost. Source: New York Times (12/12/06) P. A1 ; Dash, Eric |
|
|
Quote of the Month: | |
| Copyright © 2007 Per Mar Security - All rights reserved. | |
| Duplication and distribution for commercial purposes is strictly prohibited. |