"The CTI Blog"

One-Third of All Malware in Existence Appeared in 2010: “‘More than a third of all malware that has ever existed was created by criminal gangs in 2010 alone according to the latest PandaLabs Annual Report.

To be precise, the company found that 34 percent of all existing malware has been concocted by cybercriminals in the last year, banishing forever the image of the disgruntled geek creating viruses in his bedsit.’

Infected PC Compromises Pentagon Credit Union

January 12, 2011 by skeoseyan

Infected PC Compromises Pentagon Credit Union: “

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.

“

(Via threatpost – The First Stop for Security News.)

Posted in Financial Services, Malware, Military & Defense | Leave a Comment »

Microsoft Plugs Three Windows Security Holes

January 12, 2011 by skeoseyan

Microsoft Plugs Three Windows Security Holes: “

Microsoft today released security updates to fix at least three vulnerabilities in its Windows operating systems, including one labeled ‘critical,’ the company’s most serious rating. However, none of the patches address five zero-day flaws that can be used to attack Windows users.

The critical update targets two weaknesses present in all versions of Windows that Microsoft said hackers could exploit to break into unpatched systems just by getting users to visit a compromised or malicious Web site. A second update fixes a security issue in the Windows backup tool that affects Windows Vista machines.

The vulnerability in the Windows backup tool stems from a weakness that extends to hundreds of third-party, non-Microsoft applications built to run on Windows. I discussed this issue at length in a blog post in September, but the upshot is that Microsoft has made available a FixIt tool to help fortify a number of these applications against a broad swath of security threats that stem from a mix of insecure default behaviors in Windows and poorly-written third party apps. If you haven’t already done so, take a moment to read at least the short version of that post, and apply the supplied FixIt tool from Microsoft.

Microsoft chose not to address a number of outstanding, known vulnerabilities for which exploit code is publicly available. Redmond’s Jonathan Ness explains the company’s thinking in holding off on fixing these flaws in a post to the Microsoft Security Research and Defense blog.

Microsoft has released two separate FixIt tools to help users mitigate the threat from a couple of the more pressing outstanding vulnerabilities. If you use Windows, and especially if you browse the Web with Internet Explorer, you should take a moment to take advantage of these stopgap fixes, available here and here.

The updates are available through Windows Update or via the Automatic Update capability built into all supported Windows versions. As always, if you experience any problems or glitches that appear to be related to applying these updates, please drop a note in the comments section.

“

(Via Krebs on Security.)

Posted in Windows Vulnerabilities | Leave a Comment »

Cyber Security Girl Strikes Again!: Congress Considers Change to ‘Red Flags Rule

December 5, 2010 by Oosnave

Cyber Security Girl Strikes Again!: Congress Considers Change to ‘Red Flags Rule: ” CYBER SECURITY GIRL STRIKES AGAIN! IDENTITY THEFT IS THE #1 FASTEST GROWING WHITE COLLAR CRIME. THE FTC HAS MANDATED A LAW CALLED THE RED FLAGS RULE FOR BUSINESSES TO KEEP CUSTOMER AND EMPLOYEE INFO PROTECTED FROM ID THEFT. THE ENFORCEMENT DATE IS JANUARY 1, 2011. THE FINES FOR NON COMPLIANCE ARE CRIPPLING…

FRIDAY, DECEMBER 3, 2010

Congress Considers Change to ‘Red Flags Rule The American Bar Association has been battling for more than a year to exempt lawyers from new regulations designed to fight identity theft. Now, Congress has decided to step in.

With no fanfare and no recorded vote late Tuesday, the Senate approved legislation that could accomplish what the ABA was hoping to achieve. The bill would narrow the definition of ‘creditor’ under the Fair and Accurate Credit Transition Act of 2003, likely ensuring that lawyers would not meet the new definition.

An ABA spokeswoman said the group is optimistic about House passage, possibly this week.

The regulations over identity”

(Via .)

Posted in Regulations | Leave a Comment »

Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves

April 20, 2010 by skeoseyan

Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves: “

Two Belarusian nationals suspected of operating a rent-a-fraudster service for bank and identity thieves have been arrested overseas, according to New York authorities, who unsealed an indictment for one of the suspects on Monday.

Dmitry Naskovets, 25, and Sergey Semashko, 25, are suspected of creating and operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information. The website displayed an FBI logo Monday and the message, ‘This domain has been seized by the Federal Bureau of Investigation.’

digg_url = ‘http://www.wired.com/threatlevel/2010/04/callservicebiz/’;

Naskovets has been charged in U.S. District Court for Southern New York with one count each of aggravated identity theft and conspiracy to commit wire fraud and credit card fraud. Semashko has been charged by Belarusian authorities.

Naskovets was arrested in the Czech Republic last Thursday, at the request of U.S. authorities who have filed for extradition. Semashko was arrested the same day in Belarus.

According to the indictment (.pdf), the two entrepreneurs launched the site in Lithuania in June 2007 and filled a much-needed niche in the criminal world — providing English- and German-speaking ‘stand-ins’ to help crooks thwart bank security screening measures.

In order to conduct certain transactions — such as initiating wire transfers, unblocking accounts or changing the contact information on an account — some financial institutions require the legitimate account holder to authorize the transaction by phone.

Thieves could provide the stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.

The thieves obtained the information through various means, such as phishing attacks and malware placed on victims’ computers to log their keystrokes.

CallService.biz would then have someone who matched the legitimate account holder’s gender and was proficient in the needed language, pose as the account holder and call the financial institution to authorize the fraudulent transaction.

One client, for example, requested assistance in July 2007 with illegally siphoning $35,000 from a checking account owned by someone in Westchester County, New York. The wire transfer occurred July 17.

The site boasted that its purveyors had served more than 2,000 criminal customers. Authorities wouldn’t say what fees the two allegedly charged or how much they earned from their scheme.

The two advertised their services on other carding sites, such as CardingWorld.cc, which was also operated by Semashko. The ads boasted that their team had conducted more than 5,400 ‘confirmation calls’ to banks.

The FBI seized the domain name pursuant to a seizure warrant.

Additional co-conspirators were also arrested overseas, though authorities didn’t indicate how many.

U.S. Attorney Preet Bharara said in a statement that the site ‘was especially dangerous because it allegedly was specifically designed to bypass the usual security measures that bank and business customers have come to rely on.’

The Department of Justice’s office of international affairs worked with the Belarusian Ministry of Internal Affairs’ high-tech–crime department, the Police Presidium of the Czech Republic and the Lithuanian Criminal Police Bureau Cybercrime Board to coordinate the investigations and arrests.

If convicted on all three counts, Naskovets faces a maximum sentence of 39½ years in prison.

“

(Via Wired: Threat Level.)

Posted in Criminal Techniques, Cyber Criminals | Leave a Comment »

Report: Google Hackers Stole Source Code of Global Password System

April 20, 2010 by skeoseyan

Report: Google Hackers Stole Source Code of Global Password System: “

The hackers who breached Google’s network last year were able to nab the source code for the company’s global password system, according to the New York Times.

The Single Sign-On password system, which Google referred to internally as Gaia, allows users to log into a constellation of services the company offers — GMail, search, business applications and others — using one password.

The hackers, who are still unknown, were able to steal the code after gaining access to the company’s software repository, which stores the crown jewels for its search engine and other programs.

Because the hackers grabbed the software, and do not appear to have grabbed customer passwords, users aren’t directly affected by the theft. But the hackers could study the software for security vulnerabilities to devise ways to breach the system that could later affect users.

Google announced in January that it and numerous other companies had been hacked in a sophisticated attack. The hackers had targeted source code repositories at many of the companies, including Google.

According to the Times, the theft began when an instant message was sent to a Google employee in China who was using Windows Messenger The message included a link to a malicious website. Once the employee clicked on the link, the intruders were able to gain access to the employee’s computer and from there to computers used by software developers at Google’s headquarters in California.

The intruders seemed to know the names of the Gaia software developers, according to the Times. The intruders had access to an internal Google corporate directory known as Moma, which lists the work activities of every Google employee.

They initially tried to access the programmer’s work computers and ‘then used a set of sophisticated techniques to gain access to the repositories where the source code for the program was stored.’

The Times doesn’t elaborate on the set of sophisticated techniques the hackers used to access the source code, but in March, security firm McAfee released a white paper in relation to the Google hack that describes serious security vulnerabilities it found in softeware configuration management systems (SCMs) used by companies that were targeed in the hacks.

‘[The SCMs] were wide open,’ Dmitri Alperovitch, McAfee’s vice president for threat research told Threat Level at the time. ‘No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting.’

Many of the companies that were attacked used the same source-code management system made by Perforce, a California-based company, according to McAfee. The paper didn’t indicate, however, whether Google used Perforce or had another system in place with vulnerabilities.

According to McAfee’s earlier report, the malicious website the hackers used in the Google hack was hosted in Taiwan. Once the victim clicked on a link to the site, the site downloaded and executed a malicious JavaScript, with a zero-day exploit that attacked a vulnerability in the user’s Internet Explorer browser.

A binary disguised as a JPEG file then downloaded to the user’s system and opened a backdoor onto the computer and set up a connection to the attackers’ command-and-control servers, also hosted in Taiwan.

From that initial access point, the attackers obtained access to the source-code management system or burrowed deeper into the corporate network to gain a persistent hold.

According to the paper, the hackers were successful at accessing source code because many SCMs are not secured out of the box and do not maintain sufficient logs to help forensic investigators examining an attack.

‘Additionally, due to the open nature of most SCM systems today, much of the source code it is built to protect can be copied and managed on the endpoint developer system,’ the whie paper states. ‘It is quite common to have developers copy source code files to their local systems, edit them locally, and then check them back into the source code tree…. As a result, attackers often don’t even need to target and hack the backend SCM systems; they can simply target the individual developer systems to harvest large amounts of source code rather quickly.’

Alperovitch told Threat Level his company had seen no evidence to indicate that source code at any of the hacked companies had been altered.