DNS Could Fail at Any Time

March 12, 2010

The Internet's critical domain name system is under constant attack and could buckle at any time, according to ICANN president Rod Beckstrom. Without naming names, Beckstrom went on to say that some DNS providers, such as ISPs, in some countries are engaging in destabilising activities, such as “wildcarding” and abusing DNS to send users to incorrect sites for commercial gain. (thinq.co.uk)

Virus Claim may be 'Net Censorship

March 11, 2010

The unusual e-mail sent to Senate staffers this week warning them not to visit The Drudge Report for fear of a virus has some critics crying foul, suggesting the missive is the latest attempt by Democrats to stifle dissent in the media. The Drudge Report, a popular Web site which aggregates news links, often trumpets headlines critical of Democratic leaders. Known for getting insider news, Drudge's scoops on the primitive-looking site commonly show up in mainstream media coverage every day. (foxnews.com)

Cisco unveils ultra-fast Internet technology

March 10, 2010

Cisco unveiled a new Internet technology Tuesday that it says will provide the ultra-fast data speeds necessary to stay ahead of users' rapidly growing online video demands. The new technology, known as "CRS-3," is a network routing system that will be able to offer downloads of up to 322 Terabits per second, according to the company. (cnn.com)

Bogus Web Site Reportedly Trying to Rip Off Madoff Victims

March 9, 2010

A bogus Web site is targeting victims of Bernard Madoff's record Ponzi scheme in an apparent identity-theft scam, the Securities Investor Protection Corp warned today, The New York Post reported. The site claims that $1.3 billion in Madoff money was recently found hidden in Malaysia, and displays photos of huge stacks of cash allegedly stashed by the mega-crook. (foxnews.com)

Being Stalked Through Your Cell Phone

March 8, 2010

Software on cell phones can be used to track the phone's owner. (news.yahoo.com)

Mariposa botnet

March 4, 2010

Authorities have arrested three Spaniards suspected of infecting 13 million computers with a program that allowed them to steal personal and financial data worldwide, Spain's Civil Guard said Wednesday. (cnn.com)

Pentagon Allows Social Networking on Military Computers

March 3, 2010

Reversing a 2007 decision banning social networking on military computers, the Department of Defense announced a new policy allowing users on Pentagon servers to access Facebook, Twitter, YouTube, MySpace, Flickr and other similar sites. (politicsdaily.com)

Stalking: There's an App for That?

March 2, 2010

Smartphone facial recognition software links photos to online personal information. (video.foxnews.com)

US government rescinds 'leave internet alone' policy

March 1, 2010

The US government’s policy of leaving the Internet alone is over, according to Obama’s top official at the Department of Commerce. Instead, an “Internet Policy 3.0” approach will see policy discussions between government agencies, foreign governments, and key Internet constituencies, according to Assistant Secretary Larry Strickling, with those discussions covering issues such as privacy, child protection, cybersecurity, copyright protection, and Internet governance. (theregister.co.uk)

ICANN Ombudsman roughs up Air Canada flight attendant

February 28, 2010

During Flight AC871, Dr. Fowlie did not get his meal choice and he complained to the flight attendant. A dispute between Dr. Fowlie and the flight attendant ensued. The flight attendant reported the problem to the service director. Another dispute resulted from the exchange between the service director and Dr. Fowlie. The service director then reported the incident to the captain and a warning card was issued to Dr. Fowlie for unruly behaviour. Upon arrival in Montréal, the crew of the connecting Flight AC195 was informed of the incident and the captain determined that there was a risk of further disruption and refused to transport Dr. Fowlie. (otc-cta.gc.ca)

Top Five Threats to Data Security

February 27 , 2010

Securing a financial services network environment can be a daunting challenge. At issue is not only meeting the basic business requirement of ensuring that a customer's financial information remains private and secure, but to do so in accordance with the variety of regulations that have been implemented by state and federal governments, and the credit card industry as well. Security breaches can have a far-reaching impact to not only a company's finances, but to their reputation as well. Companies are required to prove their compliance with these regulations and will be held liable for their failure to do so. Offering a wider range of online services alone will not be sufficient to reduce customer churn; it must be accompanied by enhanced security features that provide the customer with confidence and, in turn, results in winning their long-term trust and loyalty. (bankinfosecurity.com)

Mass. Data Privacy Law: Are You Compliant?

February 26, 2010

Monday, March 1, is the current deadline for entities doing business in Massachusetts to comply with a tough new state law designed to safeguard residents' personal information. But given how many times this deadline has been moved, is this one real? "Yes," is the answer from some industry analysts. But how the new law will be enforced - that's the real question. (bankinfosecurity.com)

Law agencies call for tighter domain registration controls

February 25, 2010

Domain registration procedures could be tightened up in a bid to help clamp down on cyber crimes. Following concerns expressed by law enforcement agencies around the world, the Internet Corporation for Assigned Names and Numbers (Icann) investigated the issue of false or incomplete information being used to set up websites. The not-for-profit organisation which oversees internet tasks such as managing the assignment of domain names, commissioned a report, the Draft Report for the Study of the Accuracy of WHOIS Registrant Contact Information. This uncovered the scale of the problem facing the authorities. (computeractive.co.uk)

China Rejects Reports Investigators Traced Hacking Attacks Back to Schools

February 24, 2010

China has rejected a news report that U.S. investigators traced hacking attacks against Google Inc. to two Chinese schools and said suggestions the government might be involved were irresponsible. A foreign ministry spokesman, Ma Zhaoxu, said Chinese law prohibits hacking and the government will take steps to stop it. (foxnews.com)

Oops! KnujOn "Caught"

February 23, 2010

IP Investigator Caught Selling Fake Rolexes! (ipcybercrime.com)

District Spied on Student

February 22, 2010

A suburban Philadelphia school district is accused of secretly spying on a student and his parents at their home using a school-issued computer, MyFoxPhilly.com reported. A law suit filed by a Lower Merion teen and his parents alleges Harriton High School Assistant Principal Lindy Matsko showed the student a picture taken remotely by school software on a Web camera on his laptop. The assistant principal allegedly told the unnamed student the image showed he was doing something wrong inside his house, MyFoxPhilly.com reported. When the boy's father confronted Matsko, the suit claims Matsko acknowledged the school could turn on the Web cam and take pictures whenever it wanted to. The family says the district is violating federal wiretapping laws and as many as 1,800 students could be affected, because every high school student has a district-issued laptop with a Web cam, MyFoxPhilly.com reported. The computers were reportedly paid for with federal and state money. (foxnews.com)

Don't Lose That Web Site

February 20, 2010

Your Web site is a crucial part of your business. How would you like it if it were to disappear overnight, with you having no quick way of getting it back? This is what's happened to many unlucky Web site owners who didn't know the most basic facts about domain name registration. If your domain isn't properly registered to you--if, say, it is in the name of the outfit that developed your Web site--you could be in trouble. Your site may vanish, taking your e-mail with it. Or you might want to switch your Web hosting service only to find you can't. (forbes.com)

77% of domain registrations stuffed with rubbish

February 19, 2010

An incredible 77 per cent of internet domains - nearly 90 million internet addresses - are registered with false, incomplete, or unverifiable information. An extensive review of 1,419 representative domain names conducted by overseeing body ICANN, including direct contact with over 500 individual domain owners, produced some startling results. Example: only 23 per cent of domain registrations display the owner's correct name and physical address. Worse, an extraordinary 29 per cent of domains are registered with patently false or suspicious information - a shady sign of online criminalty. The remaining 48 per cent of faulty registrations are in a grey area where people are either unaware or unwilling to hand over their identifying details. (theregister.co.uk)

Iran Shuts Down Gmail, Announces National E-Mail Service

February 12, 2010

Iran's telecommunications agency announced Wednesday that it has permanently suspended Google's e-mail services and that a national e-mail service for Iranians will be rolled out soon. (foxnews.com)

Google Dumps Illicit Pharmacy Advertisements

February 11, 2010

We understand how important it is for users to be able to purchase pharmaceuticals online for themselves or for loved ones, and we've decided to update our Google AdWords online pharmacy policy. The change will go into effect towards the end of this month. There are two main aspects to this change: Only VIPPS and CIPA certified pharmacies will be allowed to advertise We've made the decision to further restrict the ads we accept for online pharmacy sites in the U.S. and Canada. Starting at the end of this month, Google AdWords will only accept ads from online pharmacies in the U.S. that are accredited by the National Association Boards of Pharmacy VIPPS program, and from online pharmacies in Canada that are accredited by the Canadian International Pharmacy Association (CIPA.) Pharmacies can only target ads within their country These pharmacies may only target ads to users in the country in which they are accredited. This policy change does not affect our online pharmacy policy for countries outside the U.S. and Canada. Accordingly, we'll no longer be using any 3rd party verifier of online pharmacies other than VIPPS and CIPA. AdWords advertisers who aren't accredited by VIPPS or CIPA will no longer see their online pharmacy ads displayed once this policy change comes into effect We'll post to this blog again once the changes go into effect towards the end of this month. For more information on our current pharmacy policy, please see this link: http://adwords.google.com/support/aw/bin/answer.py?hl=en&answer=7463. (adwords.blogspot.com) More...

House Passes Cybersecurity Bill

February 10, 2010

The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online. The bill, which passed 422-5, requires the Obama administration to conduct an agency-by-agency assessment of cybersecurity workforce skills and establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation. (nytimes.com)

Global gov's shrugging lets cybercrims frolic

February 9, 2010

Brian Krebs, investigative journalist and former editor of the Washington Post SecurityFix blog was joined by Joseph Menn, journalist for Financial Times USA and author of the newly released cyber-crime book Fatal System Error to debate the state of internet security. The panel session also included this writer, as a representative of El Reg, as one of a group of ten panelists. Krebs, whose work was instrumental in leading to the takedown of rogue ISP McColo in 2008, and later in illustrating the dangers of corporate ID theft, compared the cybercrime economy to the drug trade during his 15-minute opening presentation. Menn backed up this analysis, adding that the most serious cybercrooks are protected by some of the largest governments in the world. (theregister.co.uk)

11.1 Million IDs Stolen in 2009

February 8, 2010

The number of identity fraud victims increased 12 percent to 11.1 million people in 2009 -- the second consecutive annual increase. At the same time, the total amount of fraud also increased by 12.5 percent to $54 billion. These are the headlines of the newly-released 2010 Identity Fraud Study by Javelin Strategy & Research. (bankinfosecurity.com)

US cyber security tzar gets to work on cloud computing

February 7, 2010

US national cyber security co-ordinator Howard Schmidt is formulating a plan on how best to ensure cloud-based computing is secure. Schmidt resigned from his UK-based role as president of the Information Security Forum (ISF) in December, when he was appointed to the top US cyber security job by US president Barack Obama. Since his appointment, Schmidt has been working with federal chief technology officer Aneesh Chopra and federal chief information officer Vivek Kundra on the requirement for secure cloud computing architectures and other issues, according to US reports. (computerweekly.com)

Utilities, Refineries and Banks Are Victims of Cyber Attacks

February 6, 2010

Companies that run key public infrastructure assets like electric utilities, oil refineries and banks are regularly victims of the kind of cyber attacks that recently penetrated Google Inc., according to a new report by a former top homeland security official. Cyber attacks are often coupled with extortion demands, according to the report commissioned by the computer antivirus company McAfee, which found that 20% of the 601 companies and government agencies surveyed said they had been a victim of such an attack within the past two years. It wasn't clear whether any companies actually paid extortion demands. Stewart Baker, a former senior official at the Department of Homeland Security and the National Security Agency, led a team that surveyed executives at companies responsible for critical infrastructure. One hundred executives were American, and 20 to 50 participated from each of 13 other countries, including China, Russia, and the U.K. The report was funded by the antivirus company, but Mr. Baker said his team at the Center for Strategic and International Studies think tank had a "free hand" in constructing the survey and report. Among the executives surveyed, 54% said their company had been the subject of infiltration, according to the survey, and two thirds of those companies said the attacks had harmed company operations. (wsj.com)

US oil industry hit by cyberattacks: Was China involved?

February 5, 2010

At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show. The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show. (csmonitor.com)

Intel Chief: U.S. at Risk of Crippling Cyber Attack

February 4, 2010

The United States is at risk of a crippling cyber attack that could "wreak havoc" on the country because the "technological balance" makes it much easier to launch a cyber strike than defend against it, Director of National Intelligence Dennis Blair said Wednesday. Blair, speaking to the House Intelligence Committee, said U.S. tools are not yet up to the task to fully protect against such an attack. "What we don't quite understand as seriously as we should is the extent of malicious cyberactivity that grows, that is growing now at unprecedented rates..." (foxnews.com)

Need a job? Cyberthieves are hiring

February 3, 2010

The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online. Two companies that are hiring -- at least on a contractor basis -- advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington on Monday. What they are seeking is people who are willing to take malicious code they provide and link it to something that people will click on -- like a picture of Britney Spears getting out of her car. These people then collect a fee for each 1,000 times that the malware is downloaded. One site, for example, pays $180 for each 1,000 times that malware is downloaded onto a U.S. computer but less for computers elsewhere. It refuses to pay for any downloads to Russian computers, causing Stevens and others to strongly suspect that it, like other similar sites, are based in Russia. (foxnews.com)

Germany to Buy Stolen Swiss Bank Data

February 2, 2010

German Finance Minister Wolfgang Schaeuble said in a newspaper interview that Germany will buy stolen information on Swiss bank accounts, backed by a poll showing majority support among voters if it helps tackle tax evasion. Information on secret Swiss accounts held by German nationals could yield 200 million euros ($278 million) in lost tax revenue to the German government, Handelsblatt reported yesterday. Tax authorities were offered a CD that contained 1,500 names in exchange for 2.5 million euros. (bloomberg.com)

Should a Domain Name Registrar Run from a PO Box?

February 1, 2010

In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location (http://www.knujon.com/news2008.html#06102008). The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. It is difficult enough when registrants conduct illicit commerce and wrap themselves in mystery, for a Registrar to do the same shames the entire industry. Much to our shock, we found that Registrars were not required to publicly disclose their address. Since then the ICANN Registrar directory (http://www.internic.net/alpha.html) has been updated to include all the addresses and the Registrar Accreditation Agreement (http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm) has been amended to include the following language: “3.16 Registrar shall provide on its web site its accurate contact details including a valid email and mailing address.(http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm#3)” But what constitutes a “valid mailing address” other than it can accept mail. This probably would have been better worded as “valid business address” as we recommended (http://www.knujon.com/news2008.html#11022008), but that will have to wait for the next round of RAA changes. In the meantime we ask the question, does it support openness and accountability if the gatekeepers of domain registration run out of public mailboxes? Some may immediately argue that it is an immediacy of running a small business since they may not have to staff or facilities to accept mail. And I would guess this would be the case for companies like Domain Monkeys, LLC who use a P.O. box but have a real brick-and-mortar shop just up the street. The same goes for DomainsToBeSeen.com, DOMERATI and Sundance Group. But we are puzzled by Hosting.com, Inc., which has a P.O. Box in Kentucky when their business is really in Colorado. Honestly, the issue disappears if the Registrar clearly posts its business address where consumers can find it. Enetica Pty Ltd uses a PO box in Australia but clearly states its street address on their website. Contrast this with DomReg Ltd. (AKA LIBRIS.COM), which runs from a PO box in Russia and has no other contact information posted on its website not even a phone number. Now, we have many Registrars using P.O. boxes in the Cayman Islands and other Caribbean locations. DirectNIC, LTD, AKA Intercosmos, used to have an address in New Orleans but now has a PO box in the Caymans. Bargin Register also has a Caymans PO box listed as their address. It has been explained to us multiple times that “all addresses in Caymans are PO boxes,” but this is only partly true. For the purposes of mailing in the Caymans PO Boxes must be used, however, all businesses do in fact have street addresses. Example, The Royal Bank of Canada in the Caymans lists two addresses on its website: 24 Shedden Road, George Town, Grand Cayman (street address) and PO Box 245 Grand Cayman KY1-1104 (mailing address). In this case the Registrar can and should list both addresses but DirectNIC and Bargin Register do not. And then there are “suites.” Suite is a deceptive address term since it could mean a leased space in an office building or hotel, but suite is also the term UPS and other private mailbox services use to refer to their rented postal boxes. There are at least a dozen Registrars with suite numbers in their addresses that need to be clarified. Estdomains ran out of a Delaware proxy address and business registration. This was part of their overall policy of hiding any information concerning the true nature of the Registration business (http://www.informationweek.com/news/services/data/showArticle.jhtml?articleID=212002478). Secrecy and misdirection are primary indications of potential fraud. Of course all of these issues are moot in the face of a falsified address as in the case of Parava Networks, AKA 10-Domains (http://www.knujon.com/news2008.html#07222008). Parava were later de-accredited for other contract violations (http://www.icann.org/correspondence/burnette-to-valdes-27feb09-en.pdf). In the name of accountability and transparency we need to know that the Registrars are legitimate companies and the first step is identification. This brings us to the most extreme case of location obfuscation: OnlineNIC. OnlineNIC claims to be in the U.S. but they are not. The California address they feature on their website and in the ICANN directory is an auto-body shop or barren lot (http://dotsnews.com/domain-name-news/184). There are two other addresses they use and one is a residential address with no apparent business taking place. The second is an office building, but we could not find OnlineNIC there, but we did find a UPS Store. There are actually more red-herring California addresses for OnlineNIC, but the point is made. It is no surprise to many people that documents related to OnlineNIC lead back to Hong Kong and ultimately to mainland China. Does ICANN even know where OnlineNIC really is? Why are they pretending to be in the United States when other Chinese Registrars operate with full location disclosure? This is a shameful charade that has mislead consumers for too long. We’re calling for OnlineNIC to publicly disclose their address and for ICANN to post that real address in the directory. Address disclosure is critical to consumer trust and ICANN’s pledge of transparency and openness. The public should see the same address used in Registrar accreditation applications. (circleid.com)

One More Reason To Avoid Diet Drug Fakes: They're Dangerous

January 23, 2010

The Food and Drug Administration is reporting that some people have gotten fake Alli that contained twice the recommended dose of sibutramine (aka. Meridia), another diet drug. The issue is possible heart problems. The FDA discovered the illegal Alli-Meridia switch when otherwise healthy people reported feeling anxious, shaky, nauseated, and sleepless after taking the bogus Alli. Some even had heart palpitations. No deaths have been reported. (npr.org)

WHOIS Privacy Considered "Material Falsification" by 9th Circuit Court of Appeals

January 22, 2010

(blog.mailermailer.com)
No. 07-10528 and No. 07-10534, U.S. v. Kilbride and Schaffer (ca9.uscourts.gov)
No. 07-10528 and No. 07-10534; U.S. v. Kilbride and Schaffer (scribd.com)
Appeal Rejected
Whois Privacy Is ‘Material Falsification’ (domainnamenews.com)
U.S. v. Kilbride: 9th Circuit's Holding that Internet Obscenity Laws Should Be Governed by a National Standard Rests on Shaky Grounds
US v. Kilbride, No. 07-10528 (blogs.findlaw.com)

MIT Spam Conference: 2010 Call for Papers and Participation

January 21, 2010

I am proud (or disappointed) to announce the 8th annual MIT Spam Conference, March 25th and 26th at MIT in Cambridge, Massachusetts. A regular research competition that brings out the best minds in the fight against unsolicited email. At this point it would be helpful to provide a little background on the conference and remind everyone that the Call For Papers is still open. Just as the spammers have developed new tools, platforms, and tactics to deliver their message we need to match them and push it back. Spam is still the number one threat on the Internet today as it drives illicit commerce, delivers viruses, opens doorways for intrusions, and tricks the savvy and gullible alike to hand over cash and credentials. To this end, the conference has been broadened in the last two years to include a variety of subjects and revolutionary proposals. This top-talent but low-key session was started in 2003 by Paul Graham, the inventor of Bayesian spam filtering, which is the basis for current spam filters, in 1998. After a few years of chairing the Spam Conference Graham moved on to YCombinator, Yahoo’s start-up development project. In 2006, William “Bill” Yerazunis of Mitsubishi Electric Research Labs (MERL) took up the mantle and worked to expand the conference to two days. Yerazunis isn’t just a spam guy, he has worked in a number of technical fields including optics, computer graphics, transplant immunology, artificial intelligence, and other diverse disciplines. Yerazunis, who holds 29 patents, turned the Spam Conference over to University of Akron Computer Science Professor, Kathy Liszka. Last year, Liszka, coordinated and ran one of the most topic diverse conferences yet. Liszka will be accepting research submissions until February 1, 2010. For those who do not have research to submit, but are still interested in the subject, the conference is open to the public and held in the first floor of MIT's building 34. There is always a lively debate and discussion as well as a review of shocking developments in spam and predictions for the coming year. All points of view are welcome as some of the brightest minds take a deep look at this ongoing and troubling technology problem.

ICANN's Weak Accountability Remains a Problem

January 20, 2010

The JPA is dead, and in its place is the Affirmation of Commitments. Much debated, this change is anticipated to bring more global participation into ICANN's governance. Increased globalization may turn out to be beneficial for the Internet community, if it helps to shore up ICANN's institutional weaknesses. But the Affirmation leaves important questions unanswered, beginning with ICANN's fundamentally weak accountability. It remains unclear whether or how the Affirmation makes ICANN more accountable. (circleid.com)

spam(b)log - an experiment in spam

January 19, 2010

Reguarding the Spam(b)log : http://spam.stevenrutledge.com I have set up this blog to automatically receive email at spam@stevenrutledge.com and process those emails into online blog entries; so anything you send there will show up here for all the world to see. Next, I plan to sprinkle the email address liberally around, in hopes of snaring some spam. Why? Well, it is a measure of global zeitgeist in a way, and a measure of ourselves. Kind of like sending up a balloon to see which way the wind is blowing... I could use your help spreading the email around, so feel free to post it anywhere you like. (http://stevenrutledge.com)

Google cyber-attack from China 'an inside job'

January 18, 2010

Google employees may have assisted hackers who launched a cyber-attack from China, prompting the company’s threat to leave the country, it has emerged. The world’s most popular search engine is believed to be investigating whether one or more of its own workers bases in the Chinese offices helped those attempting to break into the e-mail accounts of human rights activists last month. (timesonline.co.uk)

Did Chinese Hackers Attack LA Law Firm?

January 16, 2010

Gibson Hoffman & Pancione, which is representing a company suing China for allegedly stealing its software code, announced its computers have come under a cyber-attack that originated in the China and that the FBI is investigating the attempted intrusion. Click here for the WSJ story; here for the LA Weekly story. (blogs.wsj.com)

Researchers identify command servers behind Google attack

January 15, 2010

VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware. (arstechnica.com)

Google Hack Raises Serious Concerns, US Says

January 14, 2010

A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday. In a statement released late Tuesday night, Clinton said that the U.S. government is taking the attack -- which Google said came from China -- very seriously. "We have been briefed by Google on these allegations, which raise very serious concerns and questions," she said. "We look to the Chinese government for an explanation." (pcworld.com)

Searching for Safety: Addressing Search Engine, Website, and Provider Accountability for Illicit Online Drug Sales

January 13, 2010

Importantly, search engines such as Google, Yahoo, and MSN, although purportedly requiring “verification” of Internet drug sellers using PharmacyChecker.com requirements, actually allow and profit from illicit drug sales from unverified websites. These search engines are not held accountable for facilitating clearly illegal activities. Both website drug seller anonymity and unethical physicians approving or writing prescriptions without seeing the patient contribute to rampant illegal online drug sales. Efforts in this country and around the world to stem the tide of these sales have had extremely limited effectiveness. Unfortunately, current congressional proposals are fractionated and do not address the key issues of demand by vulnerable patient populations, search engine accountability, and the ease with which financial transactions can be consummated to promote illegal online sales (safemedicines.org)

Embezzlement (Part 1): When Everyone Lies, Cheats & Steals

January 12, 2010

Embezzlement has become the nation's favorite financial crime -- and losses attributed to embezzlement are greater than those from all other financial crimes combined. Understanding the crime of embezzlement is critical to every investigator. (govinfosecurity.com)

Online Gambling boss gets three years

January 11, 2010

David Carruthers, the former chief executive of Betonsports, was sentenced to 33 months' prison time last week. Carruthers, a British citizen, was arrested in Dallas in 2006 while changing planes on his way to Costa Rica, where the business was based. His arrest pre-dated the passage of US laws to ban online gambling - tacked onto the Safe Ports Act.
...
Assistant US attorney Steven E Holtshouser said: "The prosecution and conviction of Carruthers is significant to the Government's efforts at enforcement of U.S. laws against offshore Internet and telephone sports wagering businesses, because Carruthers was both a foreign national and a top executive of BetOnSports... Both the conviction of, and sentence handed down against Mr. Carruthers should send a message to any foreign business conducting illegal activities in the United States, that geography does not render it untouchable." (theregister.co.uk)

Google under fire for nuking blogs after spam reports

January 10, 2010

It's frustrating enough when your blog gets taken down because Google thinks it's spam. It's even more frustrating when there seems to be no way to prove you're a human and get it reinstated quickly. (arstechnica.com)

Attackers Buying Own Data Centers for Botnets, Spam

January 9, 2010

The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers. (threatpost.com)

Pharma link spammers invade Live Space

January 8, 2010

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft's web properties. Search engine poisoners are actively making use of Microsoft's Windows Live Spaces blog hosting environment, net security firm eSoft reports. Miscreants are creating accounts which they use only to push links to the pharma-fraud sites. As a result the search engine ranking of these spamvertised sites is pushed up. (theregister.co.uk)

A Scottish translation company has had its website design pirated by a company in China

January 7, 2010

Lingo24, based in Edinburgh, were alerted to the rip-off by a firm called Universecy when a Google alert threw up a reference hidden in code. The Universecy site uses almost identical wording, pictures and links and even has references to staff members and Lingo24's Aberdonian roots. Lingo24 said taking court action would be difficult and expensive. Christian Arno, founder and managing director, said: "The websites are virtually identical. Almost every page has been copied. "Anyone familiar with the Lingo24 site would be fooled into thinking it was ours. "It was the fact that they left the phrase Lingo24 in a meta-tag on one of the pages that notified us of its existence - via a Google Alert for our company name." He said they would be informing Google to ensure the pirated site did not pose a threat to business. "But apart from taking legal action in China, which is difficult and expensive, and complaining to their ISP or hosting company, there's very little we can do," he added. (bbc.co.uk)

Welcome to Krebsonsecurity.com

January 6, 2010

Welcome, everyone, to krebsonsecurity.com. Here’s to new beginnings, and a happy, healthy and prosperous New Year! Some of you may be familiar with my work at The Washington Post and the Security Fix blog. Krebsonsecurity.com will feature similar content: Original reporting and analysis on important security threats and trends. With a few exceptions, I will continue to eschew chasing the security story-of-the day, as there are plenty of sites you can go to for that. My focus will remain on publishing information and reporting that you won’t find anywhere else – and with a minimum of editorializing. Visitors who are unfamiliar with my work can browse through a collection of what I think represents some of my best reporting over the past few years. The About the Author and About this Blog tabs include a bit more detail about who I am and how this blog will be organized. (krebsonsecurity.com)

The World's Most Dangerous Country Code Top-Level Domains (By John Yunker at globalbydesign.com)

January 5, 2010

If you want to know the world's most dangerous country code Top-Level Domains (ccTLDs), ask an anti-virus software company. McAfee ( http://newsroom.mcafee.com/article_display.cfm?article_id=3600) has released its list of most dangerous country codes. Here are the top five: 1. Cameroon (.cm), 2. PR of China (.cn), 3. Samoa (.ws), 4. Philippines (.ph), 5. Former Soviet Union (.su) Why is Camerooon at the top of the list? Because .cm is a common typo by users who intended to type .com.

Internet Drug Traffic, Service Providers and Intellectual Property

January 4, 2010

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being "What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being "Online Drug Traffic and Registrar Policy." There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. Not only is this an Internet abuse issue but it also represents a grave public health risk since the entire chain of doctors, pharmacists, and patient education has been bypassed by criminals. We have also found that the lion's share of phony RX domains and IP hosts are in the U.S.( see Host Exploit's Top 10 Bad Hosts 2009). As we pointed out Registrars and ISPs have the technical ability and legal obligation to terminate these sites, but few of them are unless put under pressure. There is an additional threat, the one to Intellectual Property. Not just a threat to brand-holders, abuse of trademarks is a ticking time bomb for Registrars and ISPs.

Many ISPs and Registrars falsely believe they are protected from their customer's illicit activities by various statues. This is only true for certain types of crimes and lawsuits. Providers have even written in the Terms Of Service or Acceptable Use Policy that their customers are responsible for any legal action stemming from abuse, but this only covers some activities. Registrars and ISPs ARE in fact liable for Intellectual Property violations conducted by their customers. The Communications Decency Act only immunizes defendants from non-intellectual property claims and non-criminal complaints. Illicit pharmacy is both a criminal act as well as an IP violation since most deal in counterfeit or unauthorized sales of trademarked drugs. One critic of our first article was chagrined that we suggested that Registrars should act on abuse reports from the public, but doing just that is in their best interest. Failing to act can be seen as an act of complicity later when lawsuits begin.

We have a new proactive process that monitors IP abuse in the wild and during initial testing we found 85 compromised IP addresses at one provider's ASN that were hosting spam template content. These sites are never advertised themselves but rather provide low-level content delivery to thousands of spammed domains which are advertised, dumped and replaced. We found that many of the domains that used these templates had trademarks in the domain names. Words like Zoloft, Motrin, Norvasc, Celexa, Zyloprim and many others. None, of course, were the real sites controlled by the actual brand-holders.

One thing is for certain, they are making considerable amounts of money by abusing brands. So much so that they have gone beyond common spam, site hijacking, or paid search engine advertisements and are now issuing press releases to announce deployments of new illicit pharmacies. It seems mind-boggling that a completely illegal business would be so brazen as to use a press release but it shows us the lack of fear on their behalf.

So, folks may wonder why if there is an abundance of research data as well as legal authority. Reason is simple: no enforcement. Many IP attorneys have expressed their lack of faith in WIPO and ICANN enforcement. Brand holders feel that chasing IP violators on the Internet is like swatting at gnats. Recently, we got into a spat with a Registrar over an unlicensed pharmacy domain that was impersonating a pharmaceutical manufacture. The Registrar brushed off our concern until we made clear that their position was completely indefensible. They finally suspended the domain after the brief discussion. The pharma brands also share in the blame for not enforcing their marks. Some drug companies may have unfortunately lead to believe that there is no solution. Others fear the public perception of big pharma pursuing lost profits from illicit providers as if the rogue drug traffickers were some kind of Robin Hood. They are not. Illicit drug traffickers are only helping themselves and often replacing active ingredients with poison. Money in their pocket, garbage in your body.

Some Registrars and ISPs welcome the rogue pharmacy traffic because of the revenue generated by thousands of illicit sites that operate with impunity. Others are seemingly helping illicit pharmacies find variations of unclaimed trademark violation domains with "suggestion" utilities.

For those that are not familiar with domain registration, some companies will allow you enter any word, including the name of a trademarked product, and return a massive list of unused variations containing that word. For anyone wondering how the spammers come up with so many different URLs with the names of male enhancers, they actually don't have to because Registrars will make them up on the fly for the spammers to buy in bulk. It is a puzzle to many people how the Registrars can sell off someone's trademark. This is, of course, the fundamental question. Adding a warp-speed engine that generates lists of potentially abused trademarked domains is the injury to the insult.

This is a wake-up call the pharmaceutical brands, I am telling you that something can be done to put the pharmacy fraudsters out of business. The problem can be quantified, minimized and managed. And, honestly, this is the case for any trademarked product or service being abused on the Net. It's a new year, let's move in a new direction. The best solution to the whole abuse problem is a shared solution between government, Internet users, brand-holders and service providers. If everyone lifts their weight we all benefit.

Brian Krebs Leaves the Washington Post

January 3, 2010

This will be the last post for the Security Fix blog. Dec. 31 marks my final day at The Washington Post Company. Over the last 15 years, I've reported hundreds of stories for washingtonpost.com and the paper edition. I have authored more than 1,300 blog posts since we launched Security Fix back in March 2005. Dozens of investigative reports that first appeared online later were "reverse published" in the newspaper, including eight front-page stories and a Post Magazine cover. Through it all, you - the reader - have been my most valuable source, most reliable critic, and most persistent muse. Loyal readers are the reason Security Fix has consistently been among the most-visited blogs on washingtonpost.com. Thank you. (washingtonpost.com)

No, Brian, Thank YOU! His new home: http://www.krebsonsecurity.com/

Top Bad Hosts - From HostExploit.com

January 2, 2010

As a test of its capabilities during BETA development, SiteVet has produced data on the world's worst web hosts (specifically, Autonomous Systems). This data was produced for hostexploit in conjunction with the report released this month. The top bad hosts are shown below; click each one for further details and break down reports brought to you by SiteVet. You can also take the demo tour to find out what Sitevet will be able to do for you. As SiteVet moves out of BETA development, detailed reports will be available for every active AS this will coincide with hostexploit becoming a conclusive source for information on the worst and best hosts globally and the respective reasons. (hostexploit.com)

Last Decade in Spam (by Neil Schwartzman - cauce.org)

January 2, 2010

In 2009, Sanford Wallace was sued under CAN-SPAM by Facebook. The BBC controlled a botnet. Canada introduced serious anti-spam legislation, which didn't make it through the legislative process. Alan Ralsky pled guilty and went to prison with his co-conspirators. ISP Pricewert was taken down by the FTC for hosting botnet controllers, MEGA-D takes a hit as a result. Fireye took down the remnants later in the year. Habitat UK spammed Twitter using Iranian election hash tags. James Gordon lost his case against Virtumundo. Herbal King spammers Lance and Shane Atkinson are fined under New Zealand, Australian and American anti-spam law. Vodafone was fined for spamming for Coca-cola. ASIS lost its CAN-SPAM case against AzoogleAds. (circleid.com)