Top 10 Cybercrimes in 2008/2009

Twelve US based cyber security veterans, with significant knowledge about emerging attack patterns, worked together to compile a list of the attacks most likely to cause substantial damage during 2008 and 2009.

 Participants included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Alan Paller.

 Here’s their consensus list in ranked order:

1.  Increasingly Sophisticated Web Site Attacks That Exploit Browser Vulnerabilities – Especially On Trusted Web SitesWeb site attacks on browsers are increasingly targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. At the same time, web site attacks have migrated from simple ones based one or two exploits posted on a web site to more sophisticated attacks based on scripts that cycle through multiple exploits to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads. One of the latest such modules, mpack, produces a claimed 10-25% success rate in exploiting browsers that visit sites infected with the module. While all this is happening, attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of effective security. Placing better attack tools on trusted sites is giving attackers a huge advantage over the unwary public.

   Read more

Underground Dark Market – International Triumph or the Tip of the Iceberg?

In October 2008, an internationally coordinated crime operation saw the arrests of 56 members of a transnational criminal network used to buy and sell stolen financial information. The “carder” forum hosted on the Dark Market website had attracted more than 2,500 registered members before its closure. 

In addition to the arrests, police seized compromised victim accounts to prevent $70 million in economic loss through identity fraud.The FBI conducted the two-year operation with the assistance of the Computer Crime and Intellectual Property Section of the US Department of Justice, the UK’s Serious Organized Crime Agency (SOCA), Turkish National Police – KOM Department, Bundeskriminalamt (German Federal Criminal Police) and the Landeskriminalamt Baden (State Police of Baden-Württemberg).

FBI Cyberdivision Assistant Director Shawn Henry said: “In today’s world of rapidly expanding technology, where cybercrimes are perpetrated instantly from anywhere in the world, law enforcement needs to be flexible and creative in our efforts to target these criminals. By joining forces with our international law enforcement counterparts, we have been, and will continue to be, successful in arresting those individuals and dismantling these forums.”

Myanmar Attacks – Political Protection

In July 2008, the websites of the Oslo-based Democratic Voice of Burma (DVB) and New Delhi-based Mizzima News were hit by DDoS attacks that shut down their websites for several days. In August two community forums, Mystery Zillion and Planet Myanmar, were disabled and shut down and on September 17, The Irrawaddy, DVB and the Bangkok-based New Era Journal also experienced similar attacks.

It is thought that these concerted attacks were coordinated by the Burmese government in anticipation of the first anniversary of The Saffron Uprising – a peaceful protest by Buddhist monks, nuns, and students against an oppressive military regime. The websites were all known to support the monks. The attacks all appeared to mainly originate from China and Russia, the main diplomatic backers of the junta (military-led government) and where it has been suggested the junta have been receiving technical training.

The Growing Evidence of Cyberespionage and National Attacks

In May 2008, Belgium and India joined the growing force of countries claiming to be victims of attacks, believed to be originating from China. Thought to be a target because it houses the headquarters of both the EU and NATO in Brussels, Belgium has had emails containing spyware sent to State departments. Similarly, India claims its government and private sector networks are under constant cyberattack. 

In August 2008, a coordinated cyberattack was launched against Georgia’s infrastructure, compromising Georgian government websites including the Ministry of Foreign Affairs. The Georgian government said the disruption was caused by attacks carried out by Russia in connection with the conflict between the two States over the province of South Ossetia.

The Gold Rush

E-gold is a digital gold currency that allows for the instant transfer of gold ownership. Unlike in the case of credit cards, all payments are final and irreversible. There are currently more than five million e-gold accounts worldwide. Due to the anonymity provided to account holders it became a popular method for cybercriminals to turn illgotten proceeds into clean cash.

In July 2008, the brother of Joseph Yobo (the vice captain of the Nigerian national soccer team and one of the English Premier League Club Everton’s top soccer players), was kidnapped and a ransom of $10,000 was demanded in e-gold. This was clearly a new digital twist on an old crime. 

Also in July 2008, e-gold Ltd. and its three directors pleaded guilty to money laundering charges and the “operation of an unlicensed money transmitting business.” While e-gold’s executives are still to be sentenced, the company is confident that the business can reinvigorate itself.

In October 2008, e-gold made moves towards becoming fully legal by registering with the Financial Crimes Enforcement Network (FinCEN), one of the US Department of Treasury’s lead agencies in the fight against money laundering.

Microsoft becomes high priest of secure software development

Posted by Elinor Mills

Historically, Microsoft was bashed for security holes in its software that led to worm outbreaks on desktops and servers around the globe and other problems. In 2002, the company saw the light and launched its Trustworthy Computing initiative, elevating security to the top priority, and began designing and building products with security in mind.

Six years later, the company’s conversion seems to have worked with vulnerabilities dropping by about half from Windows XP to Windows Vista by 90 percent between SQL Server 2000 and SQL Server 2005.

 

But the environment has changed–Web applications have eclipsed desktop applications as people move more and more of their computing online. Now, 60 percent of new vulnerabilities are in Web apps, and only 14 percent of them are from the top five independent software vendors, like Microsoft and its ilk, according to research from IBM’s X-Force.

Microsoft has gone from being the vendor responsible for the greatest proportion of vulnerabilities to being third, with 2.5 percent share, the research shows. The lion’s share of the vulnerabilities come from start-ups racing to get their products to market. And 70 percent of them are doing the security testing and review after they release the product, Microsoft said.

So now Microsoft is trying to convert others to the cause, offering free tools that outside developers can use to assess their software development security practices and analyze their software designs to look for security weaknesses and threats.

“By helping other companies build more secure software, especially companies that develop on the Microsoft platform, we make the Internet more trustworthy,” said Steve Lipner, senior director of Trustworthy Computing at Microsoft. “That’s good for our business.”

Microsoft will offer free downloads in November of its Security Development Lifecycle (SDL) Optimization Model and its SDL Threat Modeling Tool 3.0, the company announced Tuesday. Also, Microsoft formed the SDL Pro Network composed of nine security consultants to help developers implement the SDL.

The SDL Optimization Model serves as a sort of blueprint for changing processes and strategy related to building secure software. The SDL Threat Modeling Tool, which Microsoft has used internally for about a year, is designed to help analyze the security of software designs and to figure out how to mitigate threats in the development process.

The companies in the SDL Pro Network, which include IOActive, Cigital, and Verizon Business, will serve as contractors and set their own fees. The one-year pilot program begins in November.

Microsoft isn’t getting into the security consulting market–it’s just trying to help companies improve their software so computer users are protected and feel confident online, Lipner said.

“We’re not claiming we’re perfect,” he said. “But we have a lot of experience in this domain.”

Chris Wysopal, chief technology officer of security firm Veracode, praised the announcements but wondered if Microsoft’s success can be duplicated at companies with very small developer teams.

“The SDL is working for them, but the question is, will it work for the majority of the companies writing software?” he said.

What is a firewall and why should I use one?

A firewall is a software program or hardware device that filters the inbound and outbound traffic between your network or computer and the Internet. Firewalls add a layer of protection by blocking unauthorized and potentially dangerous data from entering your computer or network. Firewalls are especially critical for users who have an “always on” connection to the Internet.

Some users may think that data residing on their computer is not valuable and therefore a firewall is not necessary. However, even small pieces of information can be obtained by the hacker and used to steal identities and other personal data. In addition, hackers may be interested in taking over your computer to store illegal materials or launch other attacks that can   leave a trail back to your computer. Once a hacker gets access to your computer, the intruder may have access to resources and data stored on your machine.

What does a firewall protect me from?

Firewalls can help protect your data and computer by blocking the following:

• unsolicited traffic/malware from coming into your computer or network
• traffic from known malicious computers
• specific traffic you don’t want leaving your computer or network
• programs, protocols and ports that you specify
• attempts to access or attack your computer

Firewalls can also log activity, and these logs should be reviewed periodically to identify any anomalous or unexpected activity.

What type of firewall should I use?

There are two types of firewalls: hardware and software. A hardware firewall is usually an external device that sits between your computer and your connection to the Internet. A software firewall (also known as a personal firewall) runs directly on your computer. This firewall is the most common type for home users.

The selection of a firewall is dependent on what is being protected. The value of the assets, the complexity of the computers or networks, and their usage of the Internet will dictate the type and size of firewall that should be used.

Make sure you have a firewall–selected based on your business or personal needs– and that it is enabled.

Before enabling a firewall, read the documentation carefully to ensure proper configuration. A properly configured firewall can save you hours of recovery or rebuilding of data.

Below are some areas for consideration when installing a firewall:

• allow only the traffic that you need
• enable the “automatic update” feature if one exists and also periodically check the firewall vendor’s website for the latest software updates
• enable the logging feature and review the logs regularly
• change the default “administrator” account (if available) and password
• disable the remote management option (if available)

A firewall is a very valuable tool to protect your data and your computers, but it must be selected, installed, configured, monitored, and maintained effectively to do its job. It’s also important to note that although firewalls can block intruders, viruses or unwanted traffic from getting into your computer, using a firewall is not a complete solution to security. Firewalls should be used along with anti-virus, anti-spyware, and anti-spam software, as part of a defense-in-depth strategy for protecting your computer from various forms of malware (viruses, worms, trojans, etc.), hackers, and others who want your data or your computer for illegal or malicious purposes.

Remember: Cyber Security is Your Responsibility. Always apply safe cyber security practices to protect the data on your computer or network.

References

To learn more about firewalls, please visit the following sites:

MS-ISAC – Beginners Guide to Firewalls. http://www.cscic.state.ny.us/localgov/#download

US-CERT. http://www.us-cert.gov/cas/tips/ST04-004.html

How Stuff Works – Firewalls. http://computer.howstuffworks.com/firewall.htm

Firewalls for Dummies. http://www.dummies.com/WileyCDA/DummiesTitle/Firewalls-For-Dummies-2nd-Edition.productCd-0764540483.html

Courtesy: http://www.office.gov/cybersecurity

Protecting Portable Computing Devices

Many computer users, especially those who travel for business, rely on laptops and PDAs because they are small and easily transported. But while these characteristics make them popular and convenient, they are also easily lost or ideal target for thieves. Therefore, it is important to make sure you secure your portable devices to protect both the device and the information contained on the device.

What is at risk?

If your laptop or PDA is lost or stolen, the most obvious loss is the device itself. However, all of the information stored on it is at risk, as well. The data is often far more valuable than the portable device itself.

We’ve all read about lost or stolen portable devices containing confidential or sensitive information. Even if there isn’t any sensitive or confidential customer information on your portable device, think of the other proprietary information that could be at risk: passwords, emails, contact information, etc.

Below are tips to help you secure and protect your portable device.

Steps to take before you leave the office

1. Password-protect your portable device – Make sure that you have to enter a strong password to log in to your device. If possible use a “power-on” password. This prevents someone from booting up your laptop with a different Operating System on a CD, floppy disk, or flash drive.
2. Have your laptop configured to boot from the hard drive first – By forcing your laptop to boot from the hard drive first, it prevents someone from rebooting your laptop from another drive e.g. floppy drive, CD, flash drive.
3. Install and maintain firewall and anti-virus software – Protect portable devices from unauthorized access and malicious code the same way you protect your computer when at work. Install antivirus and firewall software and keep them updated.
4. Be sure all critical information is backed up – Portable devices should not be the only place important information is stored.
5. Remove information that is not needed – Don’t carry around sensitive and personal information on your laptop or other portable device that is not necessary to you or your work.
6. Store your portable devices securely – When not in use, store portable devices out of sight and, whenever possible, in a locked drawer or file cabinet.
7. Record identifying information and mark your equipment – Record the make, model and serial number of the equipment in a separate location so that if your portable device is stolen the information will be available to the authorities. Label your portable device with an asset tag or other identifying label.

Steps to protect data

1. Encrypt files or the full disk – By encrypting files or using full disk encryption, you reduce the risk of unauthorized individuals viewing sensitive data. We have taken this step in Office to employ full disk encryption on all office owned laptop computers.
2. Consider storing important data separately – By saving your data on removable media and storing it in a different location (e.g., on a lanyard around your neck instead of in your laptop bag), you can protect your data even if your laptop is stolen. If you store data separately you should also encrypt any confidential or sensitive data on that removable media.

Steps to take when traveling

1. When traveling by car – If it is necessary to leave a portable device in a car, lock it in the trunk or other location where it is out of sight. Never leave electronic devices in cars for extended periods during either very hot or very cold weather. Never leave the vehicle unlocked when unattended, even for a minute. Do not leave the portable device in the vehicle overnight.
2. When traveling by air or rail – Always keep your portable device with you or as carry-on luggage. Watch your device carefully as it goes through the screening process – this is an opportune time for a thief to take it. Make sure you have your portable device with you each time you board or disembark.
3. In the hotel room – If a room safe is available, lock the device with other valuables in the safe. If it does not fit in the room safe, ask the hotel staff for the use of the hotel safe. If this is not practicable, store the portable device out of sight when you leave the room.
4. At conferences and trade shows – Be especially wary at conferences, large meetings and trade shows. These are common venues for thieves. Downplay your laptop or PDA – There is no need to advertise to thieves that you have a laptop or PDA or that you have the latest, greatest features. This is the type of language thieves look for, to identify potential targets. Avoid using your portable device in public areas, and consider non-traditional bags for carrying your laptop.

Steps to take at home

1. Keep the portable device out of sight when not in use – If it is not in plain sight, a thief may not find it.
2. Treat it as if it were cash – Think of the laptop as $1,500 in cash and protect it accordingly.

What should you do if your laptop or other portable device is lost or stolen? Report the loss or theft to the appropriate authorities as soon as possible. These parties may include representatives from the following:

• Local law enforcement agencies
• Hotel or conference staff
• Airport or other transportation security offices
• Your organization’s security office or Help Desk. 

They can then inform the appropriate parties to help protect any services that may be at risk.

Sources:

Washington State Department of Information Services.  http://www.dis.wa.gov/technews/2006_02/20060209.aspx

State of Iowa Information Security Office.  http://www.secureonline.iowa.gov/newsletters/index.html

Office of the California State ISO. http://www.infosecurity.ca.gov/Library/Awareness/Information_Security-Awareness.asp

US-CERT – http://www.uscert.gov/cas/tips/ST04-017.html

« Previous Page