Group items tagged

BBC Click's tweet states that they took legal advice following comments on the potential violation of U.K's Computer Misuse Act. There's a slight chance that you may have unknowingly participated in a recent experiment conducted by the BBC. In a bit of an awkward and highly unnecessary move, a team at the BBC's technology program Click has purchased a botnet consisting of 22,000 malware infected PCs, self-spammed themselves on a Gmail account, and later on DDoS-ed a a backup site owned by security company Prevx (with prior agreement), all for the sake of proving that botnets in general do what they're supposed to - facilitate cybercrime. A video of the experiment is already available. Here are more details : Upon finishing the experiment, they claim to have shut down the botnet, and interestingly notified the affected users. Exposing cybercrime or exposing the obvious, the experiment raises a lot of ethical issues. For instance, how did they manage to contact the owners of the infected hosts given that according to the team they didn't access any personal information on them? It appears that they modified the desktop wallpapers of all the infected hosts to include a link notifying them that they've been part of the experiment. Thanks, but no thanks.

The Heartland data breach is an opportunity for the US government to standardise data breach notification laws. Bill Conner, chairman, president and CEO of Entrust, claimed that following the revelation that more than 100 million credit cards could have been compromised, the government needs to continue to move quickly to standardise data breach notification laws and call for technology, such as encryption and stronger authentication, that truly protects consumer information. Conner said: "Cybercrime continues to grow and is increasingly affecting more and more of this country's citizens. To slow the upward trend of cybercrime in this country, all organisations - enterprise, consumer and even governments - need to carefully review current security approaches and identify key gaps within their infrastructures." He further called for Congress to pass a data breach notification law that better protects consumer identities through stronger data security standards with strong encryption. "This is an opportunity to do something about a security issue that impacts all Americans", said Conner.

"This presentation contains statements of a forward-looking nature which represent our management's beliefs and assumptions concerning future events. Forward-looking statements involve risks, uncertainties and assumptions and are based on information currently available to us. Actual results may differ materially from those expressed in the forward-looking statements due to many factors, including without limitation, the impact that the significantly unfavorable economic conditions confronting the United States may have on our business, the results and effects the security breach of our processing system may have on us, including the costs and damages we may incur in connection with the claims arising from such breach that have been made and may in the future be made against us, the extent of cardholder information compromised and the possibility that such security breach could cause us to lose customers or make it difficult for us to obtain new customers, the possibility that we may not be successful in developing and implementing an end to end encryption solution, the possibility that if we are successful in developing and implementing an end to end encryption solution it may not prevent future security breaches of our payment processing system, and additional factors that are contained in the Company's Securities and Exchange Commission filings, including but not limited to, the Company's annual report on Form 10- K for the year ended December 31, 2008. We undertake no obligation to update any forward-looking statements to reflect events or circumstances that may arise after the date of this presentation. Topics / Agenda - The Future of Electronic Payments * What Is The Problem? The Cybercrimes Arms Race * Who Is Heartland Payment Systems? * What Happened and What Has/Will It Cost? * What Did We Do About It and What Are We Doing Now? * Massive Quantity/Quality of Breaches Call for Enhanced Solutions * Our New Solution Called E3 -

Data breaches are running at record levels, according to the San Diego-based Identity Theft Resource Center, a non-profit that tracks cybercrime. ITRC says it recorded 342 data breaches from Jan. 1 through June 24, up 69% from the same period in 2007. But, like the origins and perpetrators of so many individual data breaches, mystery also lies behind the aggregated numbers. "I'm not sure that this says breaches are increasing," ITRC founder Linda Foley tells Digital Transactions News. "What we know is the reporting of breaches is increasing." A handful of states now require some disclosure of data breaches to authorities, Alaska being the most recent. And some companies that have been hacked are starting to report breaches voluntarily, Foley says. While data breaches can compromise all manner of personal and business records, they often involve credit and debit card data and bank-account information. ITRC lists five major categories of breached entities, with the so-called banking/credit/financial sector accounting for 10% of 2008's breaches. Businesses, which include physical and Internet retailers, insurance companies and other private enterprises, accounted for 36.8%. Schools accounted for 21.3%; government and military facilities, 17%; and health-care facilities, 14.9%. IRTC also categorizes breaches by how they happened, such as through hackings-break-ins into computers and related systems, insider thefts, data lost in physical transit, and by other methods. The number of 2008 hackings through late June in the banking/credit/financial category was 10-double the five for all of 2007. The estimated number of records compromised as a result was 227,864. In 2007, the reported number of compromised records at financial institutions through hackings was 83,500. But Foley says not to put too much stock in the records numbers because so many breached organizations don't know or fail to report the number of compromised records when they report a bre

Privacy rights are accepted and, generally, honored in Europe. The wealth - literally and figuratively - of personal information made available through the internet staggers the imagination. Staggering, too, is the prospect of privacy rights being trampled. EC Consumer Protection Commissioner Meglena Kuneva has a bone to pick with internet snooping. And she's launching an investigation into deep data mining. In an official statement (to be released March 31) she will outline concerns of vague and misleading 'term of use' for access to Web sites that can breach EC privacy rules. Commissioner Kuneva was born and raised in Bulgaria during a time when snooping on people was common, legal and nasty. The European Parliament (EuroParl) voted (March 27) overwhelmingly for recommendations in a report linking data surveillance, advertising and cybercrime. The report recommends safeguards for the privacy rights of internet users. The EuroParl called for "making use of existing national, regional, and international law." The MEPs raised the "imbalance of negotiating power between (internet) users and institutions." Internet users, said the MEPs, have the right to "permanently delete" personal details. Facebook's recent change in 'terms of use' allowing it to retain personal information brought a firestorm of criticism and the social networking portal backtracked. And the EC was watching. "It wasn't regulators who spotted the proposed change of terms at Facebook, it was one of the 175 million users," said Commissioner Kuneva's spokesperson Helen Kearns. Collecting and analyzing profile data is big business. It is "the new petroleum of the Internet world," said Ms Kearns, quoted in PC World (March 30). "If you are happy trading your data that's fine, but you should at least know how valuable it is." As Google and Microsoft have learned European Commission rules, unlike American rules, tend to set a low bar for compliance. The former pr

A surprise legal maneuver by the defense in the Sarah Palin hacking case could undermine key charges carrying the stiffest potential penalties. A lawyer for the Tennessee college student charged with hacking into the Alaska governor's Yahoo e-mail account last year says his client couldn't have violated Palin's privacy because a judge had already declared her e-mails a matter of public record. "He's not suggesting that e-mail can't be private," says Mark Rasch, a former Justice Department cybercrime prosecutor. "He's saying this particular e-mail was not private or personal because of who she is and because it wasn't intimate communication. " Additionally, photos that 20-year-old David Kernell allegedly obtained of Palin and her family were not private since the Palins are "the subjects of untold numbers of photo-ops," the lawyer argued last week, in one of a slew of motions and memorandums attacking the government's four-count federal indictment against Kernell.

Creative lawyer. The kid is still stupid. To me, It says more that Palin didn't get in trouble for using a public web mail account for State business. The kid who reads her email is on trial? What a country.

The FBI and Virginia State Police are searching for hackers who demanded that the state pay them a $10 million ransom by Thursday for the return of millions of personal pharmaceutical records they say they stole from the state's prescription drug database. The hackers claim to have accessed 8 million patient records and 35 million prescriptions collected by the Prescription Monitoring Program. "This was an intentional criminal act against the commonwealth by somebody who was trying to harm others," Gov. Timothy M. Kaine (D) said. "There are breaches that happen by accident or glitches that you try to work out. It's difficult to foil every criminal that may want to do something against you." Although the hackers had threatened to sell the data if they did not receive payment by Thursday, the deadline passed with no immediate sign that they followed through. ad_icon State officials say it is unclear whether the hackers were able to view the patient records, as they have claimed. If the theft is real, it would be the most serious cybercrime the state has faced in recent history.

The Nature of the Problem Identity theft has been referred to by some as the crime of the new millennium. It can be accomplished anonymously, easily, with a variety of means, and the impact upon the victim can be devastating. Identity theft is simply the theft of identity information such as a name, date of birth, Social Security number (SSN), or a credit card number. The mundane activities of a typical consumer during the course of a regular day may provide tremendous opportunities for an identity thief: purchasing gasoline, meals, clothes, or tickets to an athletic event; renting a car, a video, or home-improvement tools; purchasing gifts or trading stock on-line; receiving mail; or taking out the garbage or recycling. Any activity in which identity information is shared or made available to others creates an opportunity for identity theft. It is estimated that identity theft has become the fastest-growing financial crime in America and perhaps the fastest-growing crime of any kind in our society. Identity Theft: Is There Another You?: Joint hearing before the House Subcomms. on Telecommunications, Trade and Consumer Protection, and on Finance and Hazardous Materials, of the Comm. on Commerce, 106th Cong. 16 (1999) (testimony of Rep. John B. Shadegg). The illegal use of identity information has increased exponentially in recent years. In fiscal year 1999 alone, the Social Security Administration (SSA) Office of Inspector General (OIG) Fraud Hotline received approximately 62,000 allegations involving SSN misuse. The widespread use of SSNs as identifiers has reduced their security and increased the likelihood that they will be the object of identity theft. The expansion and popularity of the Internet to effect commercial transactions has increased the opportunities to commit crimes involving identity theft. The expansion and popularity of the Internet to post official information for the benefit of citizens and customers has also increased opportunities to obtain

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

Presentation from Peter Swire - Symposium on Enforcement, Compliance, and Remedies in the Information Society, Fordham Law School, New York, May, 2008.

On Friday, Brunswick, Maine-based heating and hardware firm Downeast Energy & Building Supply sent a letter notifying at least 850 customers that the company had suffered a data breach. Downeast sent the notice after discovering that hackers had broken in and stolen more than $200,000 from the company's online bank account. The attack on Downeast Energy bears all the hallmarks of online thieves who have stolen millions from dozens of other businesses, schools and counties over the past several months. In every case, the thieves appeared more interested in quick cash than in pilfering their victims' customer databases. Nevertheless, the intrusions highlight an additional cost for victims of this type of crime: complying with state data breach notification laws. "This is something new to us, fortunately, but we have responsibilities under Maine statute to report these things to our customers and employees," said the company's president, John Peters, in an interview with Security Fix. At least 44 other states and the District of Columbia have similar data breach notification laws. Sometime prior to September, attackers planted keystroke logging malware on Downeast's computer systems, and stole the credentials the company uses to manage its bank accounts online. Then, on or around Sept. 2, the hackers used that access to initiate a series of sub-$10,000 money transfers out of the company's account to at least 20 individuals around the United States who had no prior business with Downeast Energy. This type of crime is impossible without the cooperation of so-called "money mules," willing or unwitting individuals typically hired via Internet job search Web sites to act as "local agents" or "financial agents" responsible for moving money on behalf of a generic-sounding international corporation, legal experts say.The mules are then instructed to withdraw the cash and wire it via Western Union or Moneygram to fraud gangs overseas, typically in Eastern Europe.