In the 12 months to March 31 this year, government officials approved 38 notices under Part III of the Regulation of Investigatory Powers Act, compared to 26 in the previous year.

The powers, known as section 49 notices, require suspects to hand over passwords or make files intelligible to investigators on threat of a two-year jail sentence, or five years where national security is concerned.

As well as obtaining more section 49 notices, police also expanded the range of crimes they were used to investigate.

In 2008/09 they were served in relation to counter-terrorism, possiession of indecent images of children and “domestic extremism” (a case involving activist attacks on animal testing labs). In the last 12 months, however, RIPA Part III was used to demand decryption in cases of insider dealing, illegal broadcasting, theft, excise duty evasion and aggravated burglary, the Chief Surveillance Commissioner Sir Christopher Rose said in his annual report.

Investigations into indecent images of children remained the “main reason” section 49 notices were served, he added.

Of the 17 notices obtained this year that have so far been served, six suspects complied and seven did not. The remainder are still being processed. One person suspected of possessing indecent images of children has been convicted for failing to hand over passwords.

The compliance rate was up on last year, the first full year since the powers were activated, when 11 out of 15 suspects served with a section 49 notice did not make their files intelligible to investigators.

Sir Christopher noted the discrepancy between 38 approvals granted by the National Technical Assistance Centre (NTAC) and the number of notices actually served. NTAC is a unit at GCHQ, the Cheltenham code-breaking agency.

“Notices, once approved, should be served without delay,” Sir Christopher said. “If delays continue, I will require an explanation.”

Last year The Register reported the case of the first man known to have been jailed for failing to hand over encryption keys to the police. “JFL” was a schizophrenic software developer initially charged with explosives offences that were later dropped. He was sectioned under the Mental Health Act during his prison sentence.

Source

Analysis of the binaries of malware executables also reveals characteristics about the intent of the attack code that could make for more efficient and effective data defenses, says Greg Hoglund, CEO of HBGary, whose briefing “Malware Attribution: Tracking Cyber Spies and Digital Criminals” is scheduled for the Las Vegas conference.

Hoglund says this analysis uncovers tool marks — signs of the environments in which the code was written — that can help identify code written by a common person or group based on what combination of tools they use.

For example, his research looked under the covers of one malware executable whose fingerprint included use of Back Orifice 2000, Ultra VNC remote desktop support software, and code from a 2002 Microsoft programming guide. Each program was slightly modified, but the information available amounted to a good fingerprint.

The malware was a remote access tool (RAT), and RAT generators such as Poison Ivy could have created unique RAT code for each use, but that’s not the route this attacker chose. tifying this RAT in other instances of malware can link groups of malicious code to a common author or team, Hoglund says.

He has found that these fingerprints last a long time. Once written, the binaries themselves are altered only infrequently, so employing these fingerprints as malware signatures will be more useful for longer periods. “The bad guys don’t change their code that often,” Hoglund says.

A traditional antivirus platform tifies variants of malware. This research can anchor a new form of intrusion detection that analyzes malware deeply to find these fingerprints and to assign it to a threat group based on the intent of the malware, he says.

For instance, if the malware is designed to steal credit card numbers from individuals, a corporation might rank it as a lower threat to the corporation than malware that seeks to steal the company’s intellectual property, he says.

“You are not going to succeed in keeping the bad guys out of your network,” Hoglund says. “But if you can detect them as early as possible, you can prevent losses.”

During his talk, Hoglund says he will exhibit graphs that cluster half a million pieces of malware his team has examined on a graph according to how closely their fingerprints match. He says he hopes to demonstrate that the sources of these 500,000 examples number relatively low — in the hundreds rather than the thousands, he says.

If that’s the case, using these fingerprints as signatures by which malware is detected, intrusion-detection engines could focus on filtering them rather than the wrappers in which they are sent. That would mean a more stable library of signatures since the attackers are slow to change their code. These IDS signatures would work better over a longer period.

To do this the IDS needs to be on endpoints where the code executes and can be seen in the memory of the computer as a human-readable text. At the network layer, a packed executable would not reveal these attributes.

At the conference, Hoglund plans to release a tool called Fingerprint that analyzes and compares the similarities among the underlying artifacts found in different pieces of malware. Businesses could use the tool to determine what identifiable attacker wrote the code and what its intent is.

That in turn can give businesses an idea of whether they are under a concerted assault from a common group rather than being the victim of random attacks. Using this type of analysis, Hoglund says he found that one identifiable attacker was responsible for targeting the Department of Defense as well as a particular military base five years before.

That indicated the attacker was the same, and use of a Chinese-language development environment indicated the attacks came from there. Some of the source code used was exact copies of code traded on China hacker sites.

Source

“We’ve sent detectives out to every gas station within a mile of (U.S.) Interstate (highway) 75,” says Lt. Steve Maynard, spokesman for the Alachua County Sheriff’s Office in Gainesville, Fla., which last Thursday was first notified about a suspicious skimming device discovered by a maintenance worker at a Shell Station. So far, three card-skimming devices hidden in gas pumps at three stations have been discovered by the Alachua County Sheriff’s Office, and the U.S. Secret Service has been notified as part of the gas-pump card-skimming investigation.

The Secret Service may be best known as the U.S. president’s bodyguard, but it is also responsible for investigating fraud and computer crime.

The Alachua County Sheriff’s Office, along with other local police departments, are trying to inspect as many gas stations in the area as possible, especially focusing on those along I-75. But law enforcement is encouraging gas station operators to look for signs of the skimmers at their pumps and contact them if they think they’ve found something. The Secret Service has indicated there’s a crime wave throughout the Southeast involving the gas-station pump card skimmers, and it may be traced back to a single gang that may be working out of Miami, Maynard says.

Nearby St. Johns County in Florida has also been hit by the gas-pump card skimmers. Maynard says criminals wanting to hide the credit-card skimmers in gas pumps have to have a key to the pump, but in some cases a single key will serve to get into many gas pumps. It’s not known if the gas-pump skimming operation involves insiders or not. Law enforcement is encouraging gas-station operators to train video surveillance they may use on the pumps.

The particular card-skimmers seen in Alachua County have put together devices with computer components and in this case, a Bluetooth wireless capability to easily send the card information to the thieves. It’s not yet known how many credit cards may have been stolen by means of the skimmers and fraudulently used. The investigation is “ongoing,” Maynard says. “We’re nowhere near closure. We wish we were.”

Source

In a press release issued Wednesday, the university said its computer experts believe it is “highly unlikely that the virus put any of that information in the hands of unauthorized users.”

However, the release added, “records for many of those employed between 1999 and 2005 contained Social Security numbers as the ‘unique identifier’ in each employee’s record, and the presence of those numbers raises the potential, however remote, of identity theft.”
Jon Dolan, chief information security officer for OSU, said the university doesn’t want to unnecessarily alarm anyone.

“We really found no evidence of (information) being removed,” he said. The notification was the result of extra caution and to comply with the Oregon Consumer Identity Theft Protection Act.

“Since we can’t prove that (the data) wasn’t lost, we felt it was the best thing to do,” he said.

Letters explaining the situation, and what people can do to protect themselves from identity theft, were mailed out to affected employees Tuesday.

OSU was notified of the possible data breach on June 28 after an employee reported the anti-virus software on her computer was alerting her to a virus.

Dolan, who received a notification letter of his own, said Wednesday afternoon that only a few hotline calls had been received.
It is the first time the university has had this type of situation.

“We have never sent notifications on this scale,” Dolan said.

He only knew of two other similar incidents at the university. In one case, the data at risk had been collected by a student, and OSU assisted the student on how to notify affected people. In the other incident, two Social Security numbers were possibly exposed when a laptop was stolen.

Two years ago, hackers breached the computer system of the OSU Bookstore, which is a separate legal entity from OSU, and accessed credit card numbers, names and addresses. The store contacted about 4,700 customers that their information may have been compromised.

Source

The suspects are accused of posing as ordinary citizens, some living together as couples for years.

They were charged with conspiracy to act as unlawful agents of a foreign government, a crime which carries up to five years in prison.

A Russian foreign ministry spokesman said the allegations were contradictory.

“We are studying the information. There are a lot of contradictions,” spokesman Igor Lyakin-Frolov told the AFP news agency, declining further comment.

Russian Foreign Minister Sergei Lavrov later said Moscow expected Washington to provide an explanation over the the spying row, Russia’s Interfax news agency reports.

Nine of the alleged spies also face a charge of conspiracy to launder money, which carries a 20-year prison sentence.

An 11th suspect remains at large, according to the US justice department.

Read More

The FBI and Honolulu Police Department are investigating the breach that was discovered on June 15 during a routine audit. University officials say the unauthorized access to a computer server used by the Manoa parking office occurred on May 30.

Affected are 53,000 records, which included 41,000 Social Security numbers and 200 credit card numbers.

To protect personal information from further unauthorized access, social security numbers are no longer used for parking transactions, and are being purged from all current and past parking office databases, the university said.

The university said the main group of affected people included faculty and staff members employed in 1998; anyone who had business with the parking office between Jan. 1, 1998 to June 30, and who purchased parking permits, including staff of the East-West Center, UH Foundation, and Research Corporation of the University of Hawaii; and any campus visitor who had a vehicle towed or appealed a parking citation.

UH Manoa has also posted a list of frequently asked questions and answers on a website http://www.hawaii.edu/idalert/ . The questions and answers are re-printed below:

1. What happened?

A routine audit conducted on June 15, 2010, discovered unauthorized access to a computer server used by the UH Manoa Parking Office had occurred on May 30, 2010.

2. Am I affected?

Approximately 53,000 records were stored in the database. Of this total, approximately 41,000 Social Security numbers and 200 credit card numbers were exposed. The database contained data on two main groups of individuals:

>>UH Manoa faculty and staff member employed in 1998.

>> Anyone who had business with the UH Manoa Parking Office between January 1, 1998, and June 30, 2009. This includes:

>> Anyone who purchased parking permits, including staff of the East-West Center, UH Foundation and Research Corporation of the University of Hawaii.

>>Any campus visitor who had a vehicle towed or appealed a parking citation.

3. What information was in the compromised database?

The database contained personal information, including names, Social Security numbers, addresses, driver’s license numbers, vehicle information, and credit card information. Information on other individuals included their UH identification numbers, which are not sensitive.

4. Has the data been misused?

At this time, UH Manoa has no evidence that personal information was actually accessed, but we also cannot determine with certainty that it was not accessed.

5. Is there an investigation into this incident?

A forensic computer expert has been retained to further investigate this matter. The Honolulu Police Department and FBI have been notified, and have been asked to investigate any potential criminal activity related to this incident.

6. What is the campus doing to prevent future security breaches?

Social Security numbers are no longer used for parking transactions, and are being purged from all current and historical Parking Office databases. Additional security measures being taken include strengthening internal automated network monitoring practices, and performing extensive evaluations of systems to identify other potential security risks.

7. How will affected individuals be notified?

Letters to affected individuals were mailed on Saturday and should be received starting today. In addition, an e-mail notice will be sent to affected individuals at their most recent e-mail address on record.

8. What should affected individuals know and do?

Carefully monitor your financial information and take protective measures against identity theft, which include:

>>Obtaining and carefully reviewing credit reports. Free credit reports from all three credit agencies may be obtained at http://www.annualcreditreport.com or by calling 877-322-8228.

>>Reviewing bank and credit card statements regularly, and looking for unusual or suspicious activities.

>>Contacting appropriate financial institutions immediately upon noticing any irregularity in a credit report or account.

If your identity or account has been compromised, you may take actions such as requesting refunds, closing accounts, and placing your credit records in a state of fraud alert or freeze. Please know that we are making every effort to ensure that this incident does not recur.

9. If I did not receive a notification letter, does that mean my information was not in the compromised database?

Not necessarily. The campus has been collecting addresses of affected individuals, but not all addresses could be located predominantly visitors to the campus who either appealed parking citations or who had vehicles towed at UH Manoa between January 1, 1998, and June 30, 2009.

10. How can I get more information?

On weekdays between the hours of 8:00 a.m. to 4:30 p.m., call (808) 956-6000, or go to the webpage at http://www.hawaii.edu/idalert/. Updates will be posted as new information becomes available.

Source

While perhaps not surprising that disgruntled workers top the list, it’s noteworthy that 28 percent suspected “human error” as the next most likely cause, followed by falling victim to an external hack or loss of a mobile device/laptop, each at 10 percent. The most popular information shared with competitors was the customer database (26 percent) and R&D plans (13 percent).

There was little year-over-year change in the number of respondents who suspected the loss of intellectual property to a competitor, indicating that more needs to be done to protect companies’ most valued assets.

Additionally, to address vulnerabilities related to human error that could expose a proprietary database or financial information, organizations must employ additional layers of control such as the ability to grant privileges to sensitive data and systems on-demand. This limits “innocent” mistakes by allowing access to information only when users need it to perform a particular task or query.

The research also confirmed that snooping continues to rise within organizations both in the UK and the US. Forty-one percent of respondents confessed to abusing administrative passwords to snoop on sensitive or confidential information – an increase from 33 percent in both 2008 and 2009. When examining the information that people were willing to circumvent the rules to access, US respondents targeted the customer database first (38 percent versus 16 percent in the UK) with HR records most alluring to UK respondents (30 percent versus 28 percent in the US).

Despite the rise, there was also the admission that organizations are trying to better curb snooping and are installing stronger controls to prevent these incidents. Based on this year’s survey, 61 percent responded they could circumvent those controls – a decrease from 77 percent in 2009. Additionally, 88 percent of IT professionals believe their use of these privileged accounts should be monitored, however only 70 percent of organizations actually attempt to do so – with one-third turning a blind eye to what’s happening within their networks and therefore failing to meet regulatory and compliance requirements.

Insider sabotage, unfortunately and rather disconcertingly, has increased from 20 percent last year to 27 percent this year.

The survey found that 67 percent of respondents admitted having accessed information that was not relevant to their role. When asked what department was more likely to snoop and look at confidential information, more than half (54 percent) identified the IT department, likely a natural choice given the group’s power and broad responsibility for managing multiple systems across the organization. Of note, this is an up-tick compared to the 35 percent who identified the IT department as likely suspects in 2009, a number that had decreased from 47 percent in 2008. Respondents identified Human Resources the next curious at 11 percent, followed by administrative assistants.

Source

Steven Jinwoo Kim, 40, of Houston pleaded guilty on Nov. 16, 2009, to one count of intentionally accessing a protected computer without authorization and recklessly causing damage. Kim was ordered to pay $100,000 in restitution to GEXA Energy and to serve three years of supervised release following his prison term.

According to court documents, on Feb. 5, 2008, GEXA Energy terminated Kim from his position as a senior database administrator and revoked all his administrative rights and access to the GEXA Energy computer network.

In pleading guilty, Kim admitted that in the early hours of April 30, 2008, he used his home computer to connect to the GEXA Energy computer network and a database that contained information on approximately 150,000 GEXA Energy customers.

While connected to the computer network, Kim recklessly caused damage to the computer network and the customer database by inputting various Oracle database commands.

Kim also copied and saved to his home computer a database file containing personal information on the GEXA Energy customers, including names, billing addresses, social security numbers, dates of birth and drivers license numbers. According to court documents, Kim’s actions caused a $100,000 loss to GEXA Energy.

Source

Health and Human Services Commissioner Tom Suehs says state health officials notified his office in early May that a hacker was holding the Texas Cancer Registry hostage and demanding a ransom. Suehs says preliminary investigation results from the FBI indicate the threat may be a hoax, and officials with the Department of State Health Services, which oversees the cancer registry, say they don’t believe the names, dates of birth, Social Security numbers and personal medical information contained in it were stolen. But if the FBI determines private records were revealed, Suehs says, health officials will quickly notify the people listed in the registry.

“This is an incident that makes everybody’s antennas go a little bit higher, and I’m using it as an opportunity to elevate our awareness of our responsibility to protect information,” Suehs says. “Nothing is 100-percent secure. But I think [most of] our systems, our processes, worked. And that’s the positive thing.”

The security scare comes at a sensitive time for the state’s health agencies, which are making plans for an electronic superhighway to exchange Texas medical records — and expect an influx of federal dollars to help do it. Privacy advocates are already nervous about whether the state has the technology safeguards to keep these records out of hackers’ hands.

“It should be a wake-up call that security is not up to par,” says Deborah Peel, a national patient privacy advocate based in Austin. “We have terrible infrastructure when we need to have a Fort Knox-level of security. What happened to the cancer registry could happen to any one of the state’s giant databases.”

While it’s common for state agencies and universities to get hit with computer viruses and other data security breaches — there are thousands of incidents reported every month, according to state information technology records — it’s very rare for the FBI to be called in to investigate. Lawmakers, who have left the Health and Human Services Commission’s recent requests for information technology upgrades mostly unfunded, say this latest security incident leaves them with no choice but to foot the bill, even in a tougher-than-tough budget cycle.

“There’s no question we need to fund it,” says state Sen. Bob Deuell, R-Greenville. “There’s nothing more sacred than protecting private information.”

Suehs says that when he first learned of the alleged hacking incident, he was told the cancer registry “was being held hostage, and that there was a ransom involved,” and that the FBI had been notified. He says the system firewalls apparently activated and that the records appeared safe. Still, he dispatched his agency’s inspector general and an internal auditor to review the incident and demanded frequent updates from DSHS and the FBI.

FBI Special Agent Erik Vasys confirmed that federal investigators are “conducting an inquiry within the Department of State Health Services” but declined to comment further.

Carrie Williams, a DSHS spokeswoman, declined to give detailed information on the incident, saying she didn’t want to jeopardize the investigation. But she refuted the theory that there was a ransom involved and said the alleged security breach looks like “an isolated, one-time incident.”

“We expect to receive an analysis of the investigation and additional guidance in coming weeks,” Williams says.

Information technology experts say it’s possible that the message the agency got from a supposed hacker was actually a virus. Indeed, Suehs says, when FBI investigators replied to the threat, they got no response. But Suehs says the FBI informed his office as recently as Thursday that the incident was probably a hoax — and that the message may have been sent from inside the agency.

It’s a crime, regardless of whether it was a hoax, Suehs says. And even if no records were compromised, he says, the incident exposed security holes that need to be addressed. In the last two budget cycles, his agency has requested more than $9 million for information technology improvements, Suehs says. Lawmakers have granted the commission $600,000.

Information technology upgrades are “a difficult thing to ask for, and it’s difficult for the Legislature to prioritize,” Suehs says. “But this is a legitimate concern, and I think state agencies have a responsibility to make it their highest priority.”

Source

The conference was attended by government officials and members of the business fraternity.

A draft policy on cyber security was gazetted on February 19 by Communications Minister Siphiwe Nyanda.

The policy aimed to create an environment which would ensure confidence and trust in the secure use of Information and Communication Technology (ICT).

Delegates discussed and shared their views on various aspects of cyber security, asking whether there were enough skills to deal with cyber crime.

They pointed out that the burden of funding for the CSIRT should not rest only on the government, but the private sector too.

According to the draft policy, South Africa does not have a co-ordinated approach to dealing with cyber security.

While various structures had been established, they had proved inadequate to holistically deal with cyber security issues.

Source