Friday, November 9, 2007
• CBS and the Associated Press report that 23 illegal immigrants employed by Ideal Staffing Solutions Inc., were arrested Wednesday, after being accused of using fake security badges to work in critical areas of O’Hare International Airport, Illinois, including the tarmac. The arrested workers, 21 from Mexico and two from Guatemala, face state criminal charges and deportation. (See items 13)
• Fox News reports that radical Islamists, who have failed in efforts to hit traditional military and diplomatic targets, are increasingly eyeing so-called “soft targets,” and could be moving toward greater use of chemical and biological weapons, according to “Terrorism 2002-2005.” (See item 38)
31. November 8, Computerworld – (National) Survey: With data breaches, less is more (dangerous). A report released this week by the risk management firm ID Analytics Inc. found that, when it comes to security incidents involving the compromise of identity data, big breaches may actually be better than smaller ones -- at least from a consumer standpoint. Researchers studied the fallout from 12 security breaches involving the loss of Social Security numbers and other personally identifiable data. In all, the fate of over 10 million records containing identity data was analyzed. Out of the breaches studied, the research found that the highest rate of organized misuse of data occurred with the smaller breaches. On average, about one in 200 identities were misused in breaches involving 5,000 identities or less. In comparison, the misuse rate was less than 1 in 10,000 for security incidents involving 100,000 or more individuals. What that means is that a consumer whose identity was exposed in a massive data breach is likely to be less at risk than someone who lost theirs in a small breach, said the chief privacy officer at ID Analytics. Even in cases where large data files are compromised, he explained, ID thieves rarely have the resources, the time, or the knowledge needed to misuse more than just a fraction of the data they acquire. The study also found no evidence to suggest that those who had the breached data were broadly disseminating it into the Internet black market, he said -- indicating that the extent to which stolen data is being made to criminal elements is probably less widespread than most assume. In most cases, the stolen identity data tended to be used by small clusters of people for making applications for new credit cards, he said.
32. November 7, SC Magazine – (National) SecureWorks: Anti-spyware solution scam steals personal financial information. A complex plot involving fake anti-spyware products has scammed thousands of victims out of money and personal information, according to SecureWorks. Hackers in Russia and other Eastern European countries are using the Russian Business Network (RBN) internet service provider (ISP) and other hosting outlets to lure victims into clicking on malicious ads on high-traffic websites, the company reported this week. Clicking on a malicious advertisement opens a pop-up warning about a suspicious problem on the victim’s computer, initiating a “sales process” for a bogus anti-spyware solution that costs $19.95 to $79.95. The rogue websites collect credit card numbers, names and other personal information in the process, according to the SecureWorks. Finally, the “anti-spyware solution” downloads a trojan, such as Zlob, which retrieves other personal information from the victim’s computer over time, or a rootkit, which gives the attacker remote control of the victim’s computer. The names of the bogus anti-spyware found in this offer include Spyshredder, AntiVirGear, MalwareAlarm and about 40 others. The scammers make money not only from the sale of the “solution,” but also from the sale of credit card numbers and access to the trojan- and rootkit-infected computers. According to SecureWorks, the scam thrives on collaboration among a number of internet criminals who randomly inject the ads with the malicious code, making it difficult for the website owner to predict which ads are malicious, said SecureWorks chief technology officer. “This type of scam will be around for a while because it’s showing success,” he said.
33. November 7, Computerworld – (International) Russian hacker gang goes dark to relocate; may be moving to China. The Russian Business Network (RBN), a notorious hacker and malware hosting organization that operates out of St. Petersburg, Russia, has gone off the air, security researchers said today. According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. “The routing information for their IP addresses has been withdrawn,” said a network architect at Trend Micro. “That’s significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they’ve been voluntarily withdrawn,” he said. “This is not the result of someone, such as their ISP, blackholing their traffic,” he continued. Another report, however, on The Washington Post’s Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October. By relinquishing control of the IP blocks it had been allocated, RBN essentially cut ties to the Internet and made it impossible for its domains, which number in the thousands, to access the Web or for users to reach those domains. He speculated that RBN is simply shifting to new digs, diversifying its considerable back-end infrastructure, trying to lay low or all of the above. “No one knows why they’ve done this, but I think they’re down, not out,” he said. A Trend Micro research project manager, agreed. “We’re seeing signs of RBN-like activity elsewhere, in Turkey, Taiwan and China. RBN may be moving to places even more inaccessible to the law [than Russia]. Everyone knows they were in St. Petersburg, but now they’re changing houses, changing addresses.”
34. November 7, UPI – (National) Emergency response computer system created. U.S. scientists have created a computer architecture that enables the secure transmission of information to first responders during emergencies. Princeton University researchers said the architecture allows the transmission of sensitive information during such instances as natural disasters, fires or terrorist attacks. The system, called a transient trust, prevents the information from being intercepted by others and access stops as soon as the recipient no longer has need for it. Data provided on a transient-trust basis might include floor plans of a building, medical information about occupants or satellite maps of a given area. The study was presented in Alexandria, Virginia, during a conference last month held by the Association for Computing Machinery Computer and Communications Security.