Saturday, December 31, 2011

Internet Crime Complaint Center's (IC3) Scam Alerts December 29, 2011

This report, which is based upon information from law enforcement and complaints submitted to the IC3, details recent cyber crime trends, new twists to previously-existing cyber scams, and announcements.


An Internet site who manages passwords recently posted an article pertaining to the lack of secure passwords being utilized which may be a factor in data breaches — past, present, and future. One reason for the lack of security is the amount of passwords a user is required to remember to access the many databases, applications, multiple networks, etc., used on a daily basis. Sharing passwords among users in a workplace is becoming a common theme to continue the flow of operations. Users have prioritized convenience over security when establishing passwords.
The article provided a list of millions of stolen passwords posted on-line by hackers and ranked the top 25 common passwords.
  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  1. dragon
  2. baseball
  3. 111111
  4. iloveyou
  5. master
  6. sunshine
  7. ashley
  8. bailey
  9. passw0rd
  1. shadow
  2. 123123
  3. 654321
  4. superman
  5. qazwsx
  6. michael
  7. football

Friday, December 30, 2011

Cameramaker Red claims espionage
In a saga worthy of a Hollywood thriller, allegations of email hacking and industrial espionage have surfaced in the camera industry in a lawsuit filed by digital camera maker Red against rival Arri.
In the suit filed Dec. 21 in federal court in Orange County, Calif., Red accuses Arri of stealing technical details and development plans for Red cameras, giving Arri an unfair advantage.
Much of Red's complaint rests on facts revealed in an August plea deal between federal prosecutors and former Arri executive Michael Bravin, who is also a defendant in the suit. Bravin pleaded guilty to a misdemeanor charge of email hacking, admitting as part of the deal that he accessed the email account of Band Pro chief executive Amnon Band.
Bravin, who according to his LinkedIn profile worked for Band Pro for more than 16 years, resigned as Band Pro's chief technology officer to become Arri's VP of market development for digital camera products in January 2010.
From around December 2009 through June 2010, Bravin had access to Amnon Band's email account, as Bravin has admitted. Under his plea deal, he was to serve two months in jail and pay $20,000 in restitution to Band Pro as well as legal costs. Bravin now lists himself on LinkedIn as principal at the Digital Picture Co.
In its complaint, Red asserts that during the time Bravin was hacking Band's email account, Band Pro and Red were discussing a possible joint venture. Red says Band's emails contained detailed descriptions of the technology used in Red's cameras and Red's plans for introducing new models and features.
Red alleges that Bravin passed that information to Arri, giving Arri an unfair competitive advantage, especially with respect to the launch and marketing of the Arri Alexa camera. The Alexa was released in 2010 and is seen as a direct competitor to Red's Epic.

Wiretap suits OKd against U.S., not telecoms

The nation's telecommunications companies can't be sued for cooperating with the Bush administration's secret surveillance program, but their customers can sue the government for allegedly intercepting their phone calls and e-mails without a warrant, a federal appeals court ruled Thursday.
In a pair of decisions, the Ninth U.S. Circuit Court of Appeals in San Francisco upheld a 2008 law immunizing AT&T and other companies for their roles in wiretapping calls to alleged foreign terrorists, but revived a suit that accused the government of illegally intercepting millions of messages from U.S. residents.
That lawsuit was partly based on testimony in 2003 by former AT&T technician Mark Klein about equipment in the company's office on Folsom Street in San Francisco that allowed Internet traffic to be routed to the government.

'Dragnet' surveillance

The Electronic Frontier Foundation, a privacy-rights organization representing AT&T customers, claimed the company had similar installations in other cities and used them for "dragnet" surveillance of everyday e-mails and phone calls, which the National Security Agency purportedly screened electronically for connections to terrorism.
"We look forward to proving the program is an unconstitutional and illegal violation of the rights of millions of ordinary Americans," said Cindy Cohn, the foundation's legal director.
Justice Department spokesman Dean Boyd declined comment.


Monday, December 26, 2011

U.S. Headed For Cyberwar Showdown With China In 2012

The new year is likely to bring a distinct shift in U.S. national security priorities, as the Obama Administration and Congress sharpen their response to China’s continuous assault on U.S. information networks.  Although intelligence-community analysts believe the most sophisticated intrusions are being executed by a relatively small number of agents linked to the general staff of China’s Peoples Liberation Army, the damage they are inflicting on U.S. security and economic competitiveness is judged to be extensive.

Thus far, China’s cyber campaign consists mainly of espionage aimed at stealing military secrets and intellectual property.  However, Gen. Keith Alexander, head of the Pentagon’s joint Cyber Command established to counter such campaigns, said in November that, “We see a disturbing track from exploitation to disruption to destruction.”  Alexander wasn’t talking just about the Chinese, but there’s little doubt among intelligence analysts that Beijing is the biggest and most persistent perpetrator of cyber crimes.
The question is what to do about it.  To date, U.S. cyber efforts have been focused mainly on defensive measures, seeking to repel network intruders in a fashion that Alexander likens to the famously failed Maginot Line.  The National Security Agency and other U.S. security organizations are known to have developed their own network-attack capabilities, but former White House cyber-security advisor Richard Clarke has warned that it would be dangerous for the U.S. to step up its own campaign against Chinese networks while U.S. safeguards against retaliation are so weak.

2012 Will See Rise in Cyber-Espionage and Malware, Experts Say

The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for this purpose to become increasingly sophisticated.

In the past two years there has been a surge in the number of malware-based attacks that resulted in sensitive data being stolen from government agencies, defense contractors, Fortune 500 companies, human rights organizations and other institutions. (See also "How to Remove Malware From Your Windows PC.")
"I absolutely expect this trend to continue through 2012 and beyond," said Rik Ferguson, director of security research and communication at security firm Trend Micro. "Espionage activities have, for hundreds of years, taken advantage of cutting-edge technologies to carry out covert operations; 2011 was not the beginning of Internet-facilitated espionage, nor will it be the end," he added.
Threats like Stuxnet, which is credited with setting back Iran's nuclear program by several years, or its successor, Duqu, have shocked the security industry with their level of sophistication. Experts believe that they are only the beginning and that more highly advanced malware will be launched in 2012.

Wednesday, December 21, 2011

Chinese Computer Hackers Hit U.S. Chamber of Commerce


A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.
The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 internet addresses, was discovered and quietly shut down in May 2010.
It isn't clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.

It is possible the hackers had access to the network for more than a year before the breach was uncovered, according to two people familiar with the Chamber's internal investigation.
One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government. The Chamber learned of the break-in when the FBI told the group that servers in China were stealing its information, this person said. The FBI declined to comment on the matter.
A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China "lacks proof and evidence and is irresponsible," adding that the hacking issue shouldn't be "politicized."


Chinese hackers hit Boston Scientific
Boston Scientific is one of 760 firms hit by China-based cyber attacks.
Med-tech titan Boston Scientific (NYSE:BSX) was one of 760 companies hit by Chinese cyber attacks that also targeted U.S. government agencies, research universities and Internet providers.
It's not clear whether the Natick, Mass.-based medical device maker lost any sensitive information in the attack.
"We're talking about stealing entire industries," Scott Borg, director of the U.S. Cyber Consequences Unit, told the news service. "This may be the biggest transfer of wealth in a short period of time that the world has ever seen."
The attacks were aimed at the medical device, biotechnology, clean energy, advanced semiconductor, high-end manufacturing and information technology industries, according toBloomberg
Along with BSX, Abbott Laboratories (NYSE:ABT) and pharmaceutical giant Pfizer's (NYSE:PFE) Wyeth subsidiary were victims. The Chinese government is denying responsibility for the attacks.
The cyber-warfare is just the latest item in a string of bad luck for Boston Scientific, which got hit with a half-billion-dollar tax bill from the U.S. Internal Revenue Service last week.
The latest tab, for $581 million plus interest and penalties, comes out of an IRS audit of Boston Scientific's 2006 acquisition of pacemaker firm Guidant Corp.

Sunday, December 18, 2011

The Spy Who Hacked Me

James Bond was more of a jock than a nerd, and he probably wouldn’t have known how to use a computer, says Danny Bradbury. How things have changed…

It was perhaps the first time that evidence had publicly emerged linking the Chinese with specific cyberwarfare and espionage practices. A Chinese documentary, The Internet Storm Is Coming, recently became available online. Buried in the program around 11 minutes in was B-roll footage of a tool enabling users to attack selected websites via a distributed denial-of-service technique. The clip, later pulled by the Chinese government, gave even more credence to the idea that the state was deliberately involved in cyberwarfare and espionage.
We’ve come a long way from Cold War espionage, when microdots, miniature cameras, and drop zones defined the shady world of spying. Today, misappropriating information from your enemies is more often than not an online affair. But the origins of cyber espionage stretch back to the Cold War.
Markus Hess, a German citizen employed by the KGB, was convicted of hacking his way into US government systems to find information about the Strategic Defense Initiative and other nuclear programs. Hess used the ARPANET, a precursor to the modern internet, but was captured after Clifford Stoll, a systems administrator at the Lawrence Berkeley National Laboratory, was asked to investigate a small accounting error in the usage billing for the laboratory’s computer system. Stoll wrote up the resulting investigation, involving a complex honeypot operation designed to trap Hess and reveal his identity, in a book called The Cuckoo’s Egg.

Saturday, December 17, 2011

China ‘Incredibly Aggressive’ in Cyber Theft
China is stealing online information from the United States and feeding the data to homegrown companies for commercial benefit, Michael Hayden, Former Director of the Central Intelligence Agency said at the Black Hat Technical Security Conference in Abu Dhabi on Wednesday.

He pointed out that as an intelligence officer, he was "impressed" with the sophistication of Chinese cyber espionage, although spying in cyber space is an activity that all states, including the United States, take part in.
According to Hayden, "We steal secrets, you bet. But we steal secrets that are essential for American security and safety. We don't steal secrets for American commerce, for American profit. There are many other countries in the world that do not so self limit."
Despite the difficulty in tracing the origins of cyber attacks, Hayden believes China is the culprit behind various incidents of data theft.
"The body of evidence makes me quite comfortable and confident in saying that there's an incredibly large amount of this cyber activity coming from China," he told CNBC on the sidelines of the conference.
The retired general, who also served as the Director of the National Security Agency, added that, "I have come to the conclusion that the Chinese, the Chinese state and others in China are incredibly aggressive in the cyber domain, when it comes to the theft of property: state on state or against commercial targets."

Government Investigates Cellphone Wiretapping
As the government begins an investigation into Carrier IQ's cell phone-tracking software, memories of its own wiretapping scandal resurface

"Spy on unsuspecting Americans? That's our job," you can imagine federal officials indignantly declaring as they investigate cell-phone tracking by the mobile software company, Carrier IQ. The National Security Agency began secret, illegal surveillance of our phone calls and Internet activities in 2001, as we belatedly learned in 2005. Yes, 2005 is a long time ago these days, when yesterday seems like old news; but the NSA scandal deserves to be remembered, especially when the government presumes to be outraged by telecom spying.  

When it began spying on us after 9/11, the Bush Administration enlisted the assistance of telecoms willing to engage in illegal activities at its behest. (Former Qwuest CEO Joseph Nacchio later claimed that after he declined to cooperate with the surveillance program, in 2001, the government retaliated, denying the company lucrative contracts. In 2007, Nacchio was convicted of insider trading.) After the NSA program was exposed, complicit telecoms faced the risks of losing expensive civil suits. AT&T, in particular, was badly exposed, thanks to incriminating documents released by a whistleblower and a lawsuit filed by the Electronic Frontier Foundation. But not surprisingly, Congress intervened. In 2007, it retroactivelyimmunized the companies for illegal activities authorized by the president. As the late, disgraced Richard Nixon explained, prematurely, "when the President does it, it's not illegal." Voting in favor of telecom immunity, then candidate and Senator Obama apparently agreed.