From: rakesh@sysman.in
To: rakesh@sysman.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 February 10
Date: Wed, 10 Feb 2010 20:46:57 +0530
February 10 , 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
ATTACK : Australian Government websites attacked using DDoS
FRAUD : The Rise of Caller ID Spoofing
NEED : Internet urgently needs more regulations
CYBER DNA : US developing extreme digital forensic wizard
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
February 10, 2010
Today�s edition ��
ATTACK : Australian Government websites attacked using DDoS
FRAUD : The Rise of Caller ID Spoofing
NEED : Internet urgently needs more regulations
CYBER DNA : US developing extreme digital forensic wizard
(Click on heading above to jump to related item. Click on �Top� to be back here)
ATTACK : Australian Government websites attacked using DDoS
Parliament House and Stephen Conroy's sites inaccessible.
By Staff writers
Feb 10, 2010
The websites of Senator Stephen Conroy and the Australian Parliament House were inaccessible this morning after the 'Anonymous' group of hackers claimed credit for a Distributed Denial of Service (DDoS) attack on Australian Government web sites.
It is the second attack the 'Anonymous' group has levelled at the Australian Government in six months. A similar attack brought down the websites of the Prime Minister and the ACMA (Australian Communications and Media Authority) in September 2009.
The Group used the DDoS attacks to protest the inclusion of images of 'small breasted women' and 'female ejaculation' in the Refused Classification category - content that will be banned under Senator Conroy's plans for a mandatory ISP-level internet filter.
According to the Attorney General's Office, the Australian Parliament House website (www.aph.gov.au) was unavailable for approximately 50 minutes due to a distributed denial of service attack by individuals belonging to the "Anonymous" group.
The Parliament House site came back online at 10:53am, Minister Conroy's site by 11:20am.
The Attorney General's Office said that Australian Government agencies "identified as potential targets by 'Anonymous' were briefed in advance and were provided with suggested mitigation strategies."
Critics of the Internet filtering campaign were quick to condemn the attacks.
"Reports that attacks on Federal Government websites are being used to draw attention to the government's plan to introduce a mandatory Internet filter are alarming, and any illegal action of this nature must be condemned," said Nicholas Perkins of Stop Internet Censorship.
"By attempting to bring down or deface government websites, a minority of Internet users have brought negative attention to what is a very important issue for Australians. It would be much more helpful for these people to put their efforts behind legitimate action to stop this ineffective and inefficient attempt at censorship by the Australian government."
The Systems Administrators Guild of Australia (SAGE-AU) also condemned the attacks.
"While SAGE-AU believes that imminent Internet filtering legislation will fail to work, it has condemned DOS attacks as the wrong way to express disagreement with the proposed law," said a release on the organisation's website.
"SAGE-AU points out that the impact of DOS attacks is frequently felt less by government agencies than by System Administrators, many of them SAGE-AU members, who are responsible for managing websites and servers."
Open source advovate Jeff Waugh, another opponent of the Government's filtering plans, wrote Anonymous a note using Twitter. "Dear Anonymous, Go and be nobodies somewhere else."
Internode engineer Mark Newton, who has been a vocal critic of the filtering plan, had another perspective.
"As a sysadmin, I'm distinctly unimpressed with DDoS [attacks]. They don't 'send a message', just make geeks work harder."
FRAUD : The Rise of Caller ID Spoofing
By Andy Jordan
February 5, 2010
http://blogs.wsj.com/digits/2010/02/05/the-rise-of-caller-id-spoofing/
Applications that let users change or �spoof� their Caller ID are gaining in popularity in mobile phone app stores, even as Congress considers stalled legislation to outlaw particular uses of the technology, and criminals use it to engage in nefarious activity.
Caller ID spoofing technology allows a user to change the caller ID to show any desired number on a recipients caller ID display. There are currently a handful of companies that offer this service including SpoofCard (and it�s mobile application called Spoof App) and Spoofem, among others.
Most spoofing apps allow pranksters to mask or change their voice as well, and Spoofem actually allows users to fake texts and email. Popular desktop versions are now becoming available online in Blackberry and Droid app stores.
Spoofem and Spoofcard both claim over a million customers. �People use it as a lifestyle,� says Meir Cohen, President of TelTech Systems, SpoofCard�s parent company. Most services tend to charge $10 an hour. Spoofem�s President Gregory Evans claims more than a million dollars a year in profit.
There are useful and legitimate applications of the software: A doctor who has to call back a patient late at night and doesn�t want them to have his home or cell phone number, for instance; A public relations specialist calling on behalf a client, and wanting the client�s name to pop up on the Caller ID display.
And, of course, there is the cheating issue. Spoofem started marketing its product to women when it found, early on, that 80 percent of its users were women who were trying to catch their boyfriend or girlfriend cheating.
But the same spoofing software lets users hack into other people�s voicemail, by taking advantage of a feature in most mobile phone carriers that allows calls from a person�s own phone to default to voicemail without a password.
Spoofing companies blame the carriers for the security flaw. �It is not the service�. it�s the cell phone companies,� says Gregory Evans, President of Spoofem.com. �The cell phone companies have to take some type of responsibility.�
Some companies, such as T-Mobile have a default setting for voicemail that does not include a password.
�If the customer does not elect to turn the password on during setup, then the default setting is off,� says a spokesman for the company. �Individuals using these spoofing applications risk criminal as well as personal liability for their actions.�
AT&T also does not default its users to a passcode for voicemail. �Our customers strongly prefer to have one touch voicemail,� a spokeswoman says. �However, we make it simple to set your voicemail settings to require a password and encourage customers to do so.�
Amy Storey, A spokeswoman for CTIA, the International Association for Wireless Telecommunications, which represents wireless carriers, believes Caller ID spoofing should be illegal and supports proposed lesiglation that would make certain uses of spoofing software illegal.
Spoofing companies are confident they will survive, in the same way email technology survived spamming, or similar phishing scams. Washington, D.C.-area based Telecom Attorney Mark Del Bianco, who also represents Spoofcard, says Congress cannot legislate against a technology. �They can�t make telling lies illegal,� he says.
Del Bianco recommends setting up and keeping a password prompt on mobile voicemail. �In the end, it�s the responsibility of anyone who has a voicemail box to make sure it�s not easy to hack into that voicemail box,� he says.
And for those thinking of committing a crime with the Caller ID spoofing software, Del Bianco has words of caution. �There are an awful lot of people who believe that if they use Caller ID spoofing, somehow there is no call record, and it can�t be traced. That�s not the case.� He says Spoof Card gets regular subpoena requests from unhappy spouses and the NSA, among others.
NEED : Internet urgently needs more regulations
By A.J. Herrmann
Daily Free Press
February 9, 2010
http://www.dailyfreepress.com/internet-urgently-needs-more-regulations-speaker-says-1.2144870
The Internet poses a greater threat than ever due to lack of content regulation and an increasing number of hackers, speakers said at Harvard University on Monday.
Internet security expert and author Cliff Stoll and Harvard Law School professor Jonathan Zittrain spoke about the growing risks in Internet security to an audience of about 30 people.
In the early days of the Internet, the web was a safe haven for information and research resources, but as the years passed, security issues have come to surface, Stoll said.
�We�re watching the Internet being used to exploit other nations� infrastructures and especially to track down people who are considered bad guys to various agencies,� he said.
In a world that is increasingly reliant on the Internet, online threats present an even greater problem, Zittrain said.
�More and more, if you lost connectivity for a week, your life would be in greater disarray than even a few years ago,� Zittrain said. �We have a grave problem. I don�t think it�s business as usual.�
Stoll said hacking by governments and individuals poses the most significant threat to web users today.
�The Internet may become an excuse for doing mean things and spreading paranoia,� he said.
Stoll said since the birth of the Internet, U.S. government agencies such as the FBI, the CIA and the NSA began paying more attention to political dissidents and hacker networks from around the globe, who attempted to steal or hijack important military documents.
Today, Internet security officials face a predicament in distinguishing between hackers fueled by their own patriotic motivations and networks of national cyber espionage, the speakers said.
Stoll also emphasized the difficulty of differentiating between individuals and government hackers, citing the need to separate the �freedom-fighters from the terrorists.�
Zittrain said that precautions to protect the web and improve Internet safety should be taken now before it�s too late � otherwise a far-reaching change is needed.
2009 Boston University graduate alumna Ruha Devanesan said she thought Stoll was �entertaining,� although she �didn�t understand a lot of the technical language.�
Discussions about the potential future of information war are undoubtedly �very scary,� Devanesan said.
Harvard John F. Kennedy School of Government student Tim Naurer said he �liked the mix between the physics professor and the law professor.�
Naurer said he was not sure what direction the nation was heading in the world�s struggle against information warfare, but the biggest obstacle impeding progress toward increasing safety and security is the �lack of a coordinated approach in the government.�
Peter Cassidy, Secretary General of the Anti-Phishing Working Group, summarized the matter simply.
�It�s a big problem,� he said.
Cassidy also noted the disparate nature of cyber crimes, which occur both on small day-to-day levels and on more complex levels of a national scale.
�If we get a handle on [smaller] crimes, it�ll help us get a handle on national security issues,� Cassidy said.
CYBER DNA : US developing extreme digital forensic wizard
DARPA�s Cyber Genome Program could collect, trace and identify all things digital
By Layer 8
Feb 04, 2010
http://www.networkworld.com/community/node/57141?source=NWWNLE_nlt_security_2010-02-08
Can anything you create digitally - software code, e-mail or documents - be traced back to you like so much DNA from a crime scene?� Research scientists at the Defense Advanced Research Projects Agency (DARPA) seem to think so as they announced this week the $43 million Cyber Genome Program it hopes will develop technologies that will help law enforcement types collect, analyze and identify all manner of digital artifacts.
The objective of the four-year program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from software, data, and/or users to support law enforcement, counter intelligence, and cyber defense teams, DARPA stated. Such digital artifacts may be collected from computers, personal digital assistants, and/or distributed information systems such as cloud computers, from wired or wireless networks, or collected storage media.� The format may include electronic documents or software to include malware, DARPA stated.
"A challenge in the cyber community is the ability to identify, analyze, and classify users, software, and digital artifacts.� The traditional approach has been to develop custom solutions addressing individual threats for individual systems.� However, it is not a viable approach to enumerate all possible combinations of solutions for each network threat for every sensor, weapon, and command-and-control platform," DARPA stated.� "The result has been a continuous and rapid proliferation of cyber attacks, malicious software and 'spam' email.� These challenges provide an asymmetric advantage to adversaries who can develop inexpensive, evolutionary cyber exploits that bypass or defeat intrusion detection and protection systems, host-based defenses, and forensic analysis."
As with most DARPA projects, this one has a number of advanced requirements.� For example, according to DARPA the new system must:
� Identify and/or validate users from their host and/or network behavior. "Something you do" may augment existing identification and/or authentication technologies to discover "insiders" with malicious goals or objectives.
� Handle automated analysis and visualization of computer binary (machine language) features and behaviors (reverse engineering) to help assist analysts understand the software's function and intent.
� Create lineage trees for a class of digital artifacts to gain a better understanding of software evolution. In other words trace what DARPA calls the ancestors or descendants of digital artifacts and determine the author and development environment of digital artifacts
� Identify and categorize of new variants of previously seen digital artifacts to reduce the threat of zero-day attacks that are variants of previously seen attacks.
� Determine or characterization of digital artifact developers or development environments to aid in software and/or malware attribution.
This isn't the only cyber systems DARPA is working on as you might imagine.� It also has in the pipe-line an avant-garde artificial intelligence (AI) software system known as a Machine Reading Program (MRP) that can capture knowledge from naturally occurring text and transform it into the formal representations used by AI reasoning systems.
The idea is that such an intelligent learning system would unleash a wide variety of new AI applications - military and civilian -- ranging from intelligent bots to personal tutors DARPA said.
For example, all of the text in the World Wide Web will become available for automating the monitoring and analysis of technological and political activities of nations; plans, rhetoric, and activities of transnational organizations; and scientific discovery within various disciplines, DARPA stated.
As digitized text from library books world wide becomes available, new avenues of cultural awareness and historical research will be enabled. With truly general techniques for effectively handling the incompatibilities between natural language and the language of formal inference, a system could, in principal, be constructed that maps between natural and formal languages in any subject domain, DARPA said.
DARPA also recently awarded almost $56 million to two contractors it expects will develop the second phase of technologies that it promises will be revolutionary and bolster current cyber security technology by orders of magnitude. DARPA spent $30 million to develop Phase 1.
The contracts are part of DARPA's ambitious National Cyber Range program the agency says will develop revolutionary cyber research and development technologies.� DARPA says that the NCR will advance myriad security technologies and "conduct unbiased, quantitative and qualitative assessment of information assurance and survivability tools in a network environment."
New IT Term of the day
social routing
A slang term used to describe networked shopping. In electronic commerce it refers to consumers who use social networking services and sites to share their latest purchases, deals, coupons, product reviews, want lists, and other shopping finds. Some people may use affiliate links when they write about shopping and products on social spaces including MySpace, Facebook, Twitter and other networking services.
The secret of contentment is knowing how to enjoy what you have, and to be able to lose all desire for things beyond your reach.
Yutang Lin
1895-1976
Chinese writer and philologist
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
Hotmail: Trusted email with powerful SPAM protection. Sign up now.
No comments:
Post a Comment