Showing posts sorted by relevance for query identity theft. Sort by date Show all posts
Showing posts sorted by relevance for query identity theft. Sort by date Show all posts

AVG Premium Security

Posted by Avik Sarkar On 7/28/2011 04:14:00 pm

 
AVG Technologies today announced AVG Premium Security, the all-new and only Internet security solution that actively surveys the Web for incidents of stolen identity. Available now for US$69.99, the product includes AVG Identity Alert, AVG Internet Security and AVG Quick Tune.
Placing identity protection at the center of the new offering, AVG Identity Alert scours criminal web pages, chat rooms and bulletin boards to determine whether a customer's personal information has been used, traded or sold online. By monitoring a user's e-mail address and debit and credit card numbers—the three primary elements of an online identity—the system notifies the user if personal details appear somewhere they shouldn't.

AVG Identity Alert also provides an Identity Theft Risk Score, which evaluates online theft risk based on behavioral characteristics, and an Identity Theft Restoration Kit, which provides documentation, sample letters and other tools for restoring an identity should it be compromised.
AVG Premium Security is also comprised of the award-winning AVG Internet Security, which offers signature anti-virus, anti-spyware, AVG Protective Cloud Technology and the AVG Community Protection Network. Finally, AVG Quick Tune contains four of the 16 features available in the company's popular PC Tuneup, including the disk defragmenter, junk file removal, registry cleaner and broken shortcut removal.

“When you combine the shocking security lapses we have seen out of very high profile and respected brands such as Sony, Epsilon and Citigroup in the past few months with the liability shift toward consumers, it is clear that identity theft protection tools are no longer a nice to have,” said J.R Smith, CEO, AVG Technologies. “Banks and corporations are at an important tipping point, showing strong indications that they will no longer simply cover losses, and expecting the online users to share equal responsibility in taking appropriate security measures that ultimately protect each other from malicious attacks.”

In 2010 alone, IC3, the FBI/National White Collar Crime Center partnership, reported more than 300,000 individual complaints of Internet crime. Identity theft was one of the top three complaints, next to non-delivery of payment or merchandise and scams using the FBI's name.
“The key to combating internet crime is real-time intelligence and protection,” Smith added. “Our identity-theft tools offer consumers access to the kind of timely intelligence they need to more effectively monitor and protect their personal information. Credit report-driven tools are much slower and therefore give thieves a massive head start, making clean-up and recovery of identity theft under those circumstances very difficult for the average consumer.”

“To protect our 110 million active customers around the globe, AVG will now extend beyond local Internet security and anti-virus protection to provide customers with a digital bodyguard dedicated to protecting their names and identities online,” said Tony Anscombe, AVG's Ambassador of Free Products. “Even if an identity is compromised outside a user's home network, AVG Premium Security can still discover it. Bottom line: we offer vital peace of mind, virtually eliminating the perils often associated with surfing the Web.”
 
For more information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

In Australia One out of Six are Affected By ID Theft

Posted by Avik Sarkar On 7/04/2011 04:04:00 pm

 
Nearly one in six Australians have been a victim or known somebody who has been a victim of identity theft or misuse in the past six months, new research shows.
An independent online survey of 1200 people, which will be used to help develop a new National Identity Security Strategy, also revealed nine in 10 people were concerned or very concerned about identity theft and misuse. "It's clear from these results that there is real concern in the Australian community about identity theft and misuse," Federal Attorney-General Robert McClelland said on Sunday.
"In the last six months alone, Australia's Computer Emergency Response Team has alerted Australian businesses to more than a quarter of a million pieces of stolen information such as passwords and account details, allowing them to take steps to protect their systems and their customers." As technology evolved and people undertook more business and transactions online, the risk of identity theft increased, he said. The survey also revealed the majority of identity theft or misuse occurred over the internet (58 per cent), or through the loss of a credit or debit card (30 per cent). Stolen identify information was primarily used to purchase goods or services (55 per cent) or to obtain finance, credit or a loan (26 per cent). Information from the survey, conducted by Di Marzio Research, will be used to help develop a new national identity security strategy, McClelland said.
The government has introduced legislation to parliament aimed at strengthening cybersecurity laws and Australia's ability to combat international cybercrime.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Data Theft' A Serious Issue! Be Watch Full, Be Safe

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Hidden Costs of 'Data Theft' A Serious Issue! What You Need to Know to Be Safe 

Sitting at the edge of technology, we the people of this century are blessed with all the required equipment  which makes our work so easy that one could have even imagined three hundred years ago. Along with these positive sides, we must have to keep in mind that, these technologies not only elaborating our effort  making life easier, but also posing  high level of threat. As the main concern of VOGH is cyber domain, so here w would like to share a fact which will make you think and even make your cyber life and your personal life too uncanny. Yes, I am talking about the rising cyber threats; the more we are shedding with technologies, the more we are involving our lives with some dangerous threats and challenges. Now a days cyber criminals are every where, you don't even know, what trap has already been set for you, that can ruin your happy life. One of the big example is "Data Theft" which becoming boomerang for us. In an age of fully digitized data, consumers and businesses can lose thousands of dollars in the blink of a hacker’s eye. The costs of data theft are well known to anyone who has ever found themselves victim to financial identity or medical record fraud. What few of us realize is that the procedures required to right a financial wrong are often costlier than the crimes themselves. Lets share some interesting statistic, which will surely put terror in your mind - the economy loses an average of $22,346 for every time an identity is stolen. And to fully recuperate losses, repair credit and prosecute fraudsters, consumers, accountants, lawyers and IRS officials can spend up to 5,000 hours, the equivalent of two years of full-time work on a single case. Even so, 60% of medical record fraud victims admit that they don’t monitor their medical statements for inconsistencies. 

Shocking!! Why not?

For one, most consumers don’t have time every month to file through complex medical or financial statements and check for accuracy. And secondly, the image of thousands of evil savants working around the clock to hack BOA databases sure makes a consumer feel helpless. Identity theft seems random and unpreventable–a stroke of bad luck like getting struck by lightning. If we are struck, we tell ourselves, banks, credit agencies and insurance companies are legally bound to recover our funds and correct our records. 

Now lets check out a fascinating video in our Hidden Costs Series to get a deeper look at how our high-cost, high-risk data management systems really work.



Hidden Costs of Data Theft (Statistic At a Glance):-


Data theft includes financial identity theft, identity cloning, and medical identity theft. The average cost per victim was $22,346 in 2012. And the total national cost of just medical identity fraud was $41 billion in 2012. The worst part – nearly 60% of reported victims say they don’t ever check their medical records for fraud. Depending on the severity of the case, it can take over 5,000 hours (the equivalent of working a full-time job for two years) to correct the damage.
Since 1935, over 435 million social security cards have been issued. That’s over 2,175 tons of paper issued as cards, or 52,200 trees and 5 million new cards are issued every year. 
Worldwide, digital warehouses storing private information, like banking and personal history, use about 30 billion watts of electricity, which equals roughly the output of 30 nuclear power plants. Data centers in the US make up almost a third of that usage, and waste 90% of the electricity they pull off the grid.
On average, 47% of victims encounter problems qualifying for a new loan and 70% have difficulty removing the negative information from their credit reports.
Over the next five years, the IRS stands to lose as much as $21 billion in revenue due to identity theft, and worldwide, businesses lose close to $221 billion a year with the US, UK, Canada and Australia ranking the highest in reported fraudulent activity.


After reading the above story carefully, many of you will feel insecure and panic. But I would like to inform you that the main purpose of sharing such important information, is to enhance carefulness, to rise cyber awareness. Many people became victim, not because of less knowledge, but of less information, less awareness. So from now onward before connecting your self into the digital world make sure that the significant & the emergent knowledge and information you have gathered from the article, should remain intact inside your brain. Trust me, if you became a bit cautious, you can easily get rid of all those cyber threats, and can enjoy the bless of technologies to make your life prosperous and happy. 

So stay tuned with VOGH and also be canny, be attentive and be safe inside the digital world. 

We the Team VOGH heartily thanks one of our invaluable reader and friend Emily Stewart of Insurance Quotes for the statistic and the awesome video. We love you Emily :) 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony CEO Stringer apologizes for hacked services & also promises ID theft protection

Posted by Avik Sarkar On 5/07/2011 12:10:00 am


Sony has promised that its hacked services will be back up “in the coming days”and has joined with Debix for an identity theft protection program that will insure users against identity theft for up to $ 1 million each.
The company said Thursday that it has started internal testing on its networks, something it calls an “important step” toward restoring its affected services.
On April 26, Sony announced that a Cyber attack on its system was large-scale, and had compromised millions of customers’ personal information. It cautioned that credit card information might have also been stolen. On May 2, Sony Online Entertainment, another Sony division, announced that credit card data had been stolen from its servers as part of an attack.
An apology letter from Sony CEO and president Howard Stringer was posted on the company’s blog Thursday night. The letter said that while Sony has not heard any confirmed reports of personal or credit card information being misused, it will offer a free identity protection plan to any affected user who registers for the program by June 18.
The Sony program offers identity theft protection for one year from the registration date. It includes cyber monitoring with monthly identity status reports, access to privacy and identity theft specialists and a $1 million theft insurance policy per user. Sony will e-mail users eligible for the program with more details. The program is currently only for U.S. users; Sony is working on offering similar programs worldwide.
Stringer also acknowledged customer complaints over Sony’s decisions to delay notifying customers. “I know some believe we should have notified our customers earlier than we did. It’s a fair question,” Stringer wrote, going on to say that, “...it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.”
This is the first time Stringer has issued a comment on the breach. Spokesman Patrick Seybold has been issuing most of the company’s announcements, while Sony’s popular second-in-command, Kazuo Hirai, has been the public face of Sony at press conferences.
Even as Sony moves to heal its relationship with customers, however, a report from CNET warns that the company may soon face another attack. Citing a source who’s seen chatter from a hacker internet relay chat channel, the report says that a group announced they will attack Sony again and publicize customer names, credit card numbers and addresses taken from the company’s servers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

ZoneAlarm Free Firewall 2012 !!

Posted by Avik Sarkar On 11/16/2011 07:35:00 pm

Several months after releasing 2012 product-line, Check Point has released an upgrade to its free firewall. This new version, i.e. ZoneAlarm free firewall 2012 comes with few new features and some much needed fixes.

Features of ZoneAlarm free firewall 2012:-
  • 2-Way Firewall - monitors inbound outbound traffic and kills malicious processes.
  • Full Stealth Mode - makes you invisible to hackers
  • DefenseNet - This community powered cloud-based service eliminates overwhelming alerts and pop ups.
  • Identity Theft Protection
  • New revamped interface makes it easy to customize settings etc.

2-Way Firewall (Inbound & Outbound):-
Stops Internet attacks at the front door and even catches thieves on their way out. Our 2-way firewall proactively protects against inbound and outbound attacks while making you invisible to hackers.

DefenseNet:-
Leverages real-time threat data from the community of millions of ZoneAlarm firewall users, providing quick response to breaking threats that protect your PC from the latest attacks.

Identity Theft Protection:-
Identity theft can happen to anyone, anywhere. ZoneAlarm delivers superior PC based protection and exclusive data encryption, and also offers offline identity protection services.
Anti-phishing / Site Status Toolbar:-
Blocks spyware distribution sites and fraudulent “phishing” websites that trick you into revealing personal data.

So, if you’ve tried ZoneAlarm Free Firewall previously and been less than impressed, perhaps now might be a good time to take another look. Reports are predominantly favorable; and with a brand new interface, faster boot times, less popup alerts and powerful features like DefenseNet, ZoneAlarm Free Firewall 2012 certainly sounds promising.

To Download ZoneAlarm Firewall Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline

Posted by Avik Sarkar On 7/24/2012 01:36:00 am

Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline

A twenty five years old hacker from Russia get arrested for allegedly perforimg two massive DDoS (Denial-of-Service) attacks on one of the most popular online shopping site Amazon.com and eBay in 2008. Dmitry Olegovich Zubakha also known as "Cyber bandit" in most of the hacker's underground community was indicted in 2011, but he was just arrested in Cyprus on Wednesday. The arrest of Zubakha took place under an international warrant and  currently he is in custody pending extradition to the United States. According to the indictment unsealed on Thursday said- Zubakha, with the help of another Russian hacker planned and executed DDoS attacks against Amazon.com, eBay, and Priceline in the middle of 2008. Zubakha and his co-conspirator launched the attack with the help of a DDoS botnet to generate a large number of traffic which interrupts the normal service of those online shopping sites. According to a press release by the U.S. Department of Justice (DOJ), the attacks made it "difficult for Amazon customers to complete their business on line."
He has been charged by law enforcement for stealing more than 28,000 credit cards in 2009 for that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person. At present the charges in the indictment conspiracy, intentionally causing damage toa protected computer resulting in a loss of more than $5000, possession of more than 15 unauthorized access devices (credit card numbers), and aggravated identity theft are just allegations. Zubakha faces up to five years in prison for conspiracy, up to teh years in prison and a $250,000 fine for intentionally causing damage to a protected computer, up to ten years in prison and a $250,000 fine for possessing unauthorized access devices, and an additional two years in prison for aggravated identity theft. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Application For iOS & Android Have Security-Hole Which Allows Identity Theft

Posted by Avik Sarkar On 4/09/2012 12:38:00 pm

Facebook Application For iOS & Android Have Security Hole Which Allows Identity Theft 
Facebook users again under risk.  Recently a new security vulnerability found in Facbook application for iOS & Facebook application for Android. Researcher app developer Gareth Wright, who discovered the issue, said it comes down to Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only applies to compromised or jailbroken devices. Means if you are using a jailbroken iOS device or a rooted Android device then your identity can easily be theft. Wright copied the hash and tested a few FQL queries. "Sure enough, I could pull back pretty much any information from my Facebook account. As of the 1st of May 2012 these tokens run out after 60 days but aside from that a simple .Net tool could easily snaffle this info and grab a fair whack of confirmed email addresses and marketing info.
“Not good, but then I had to wonder what the Facebook app stored. Popping into the Facebook application directory I quickly discovered a whole bunch of cached images and the com.Facebook.plist. “What was contained within was shocking. Not an access token but full oAuth key and secret in plain text. Surely though, these are encrypted or salted with the device ID. Worryingly, the expiry in the plist is set to 1 Jan 4001!" 
“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device,” a Facebook spokesperson said in a statement. “We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”
As for the USB connection scenario, Facebook says there’s no way to fix this problem. Note that in this case it doesn’t matter if your device is jailbroken or not, because whoever is doing the deed has physical access to your phone or tablet.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Phishing: E-Mail Needs Authentication

Posted by Avik Sarkar On 4/25/2011 11:06:00 pm

In the wake of the Epsilon breach, organizations have taken the lead to notify consumers, telling them their e-mail addresses have been exposed and linked to information that could subject them to phishing attacks.
The breach highlights the increasing sensitivity of e-mail. "E-mail addresses have been vulnerable since e-mail addresses were created," says Rohrbaugh, vice president of information security for Intersections Inc.
Rohrbaugh says phishing attacks are increasing and provide the best means for fraudsters to get their hands on consumers' identities -- which inevitably leads to fraud. "Social engineering is a very successful tool for the criminal," he says. "Phishing is more sophisticated." It's come a long way since the early days of "shotgun" phishing. Today's attacks are targeted.
In this interview [transcript below], Rohrbaugh discusses:
  • Online security;
  • Consumer responsibility for online safety and the protection of personal information;
  • E-mail server authentication.
Rohrbaugh is a technologist with more than 20 years of government and private sector experience. Rohrbaugh's security career started in the military and continued under government projects for CSC at NATO, DISA, NMRC as an architect; and ST&E team lead and instructor for information security. After entering the private world and working for Metamor WW, Rohrbaugh started an e-business consulting firm that served the U.S. and Europe. Rohrbaugh then brought his information security experience to the financial sector and joined Intersections, which provides identity theft solutions to financial institutions in North America. Rohrbaugh's main focus is anti-fraud, ID verification (U.S. Patent holder) and security architecture.

Phishing: Social Engineering

TRACY KITTEN: Phishing attack concerns have been heighted by the Epsilon e-mail breach, which is believed to have exposed countless consumer e-mail addresses affiliated with loyalty programs and marketing campaigns. How vulnerable are we to phishing and subsequently ID theft when fraudsters have access to e-mail addresses and affiliations that link those addresses to other information? I'm here today with Tim Rohrbaugh, vice president of Information Security for Intersections Inc. which provides the recovery service for the Identity Theft Assistance Center. Tim, can you give our audience just a general idea about the state of phishing generally?
TIM ROHRBAUGH: Phishing is simply a form of social engineering. Humans have been manipulating other humans for the purposes of gaining confidential information since we first started to communicate. The job of social engineering today is made a little bit easier, because of a lot of our evolved defenses are rendered useless. You can look at a person and make a characterization about whether they are a male or a female if they're in front of you, or maybe you know if they look confident or desperate, and those things are not available to you when you're dealing with e-mail. So, now we have to respond to an e-mail or a text and react in the same way if facing somebody in person. With e-mail, as a communication medium, all we have to look for is a sender's name. The links, which can be covertly hidden within the mail message itself, have to be recognized as legitimate or not -- whether they are leading off some place that you didn't suspect. The other thing to look for is the e-mail time link. Is it in context? Did we just recently read from our financial institution or local government that they would never send an e-mail asking for this information. These are all things that we're trying to evaluate when the e-mail comes in and determine what we're going to do. Today there is still not a good indication that the e-mail is from a verified source. The mail servers in between are trying to do authentication, but it's not fully implemented around the network. The junk mail filters work part of the time, but phishing attacks have changed a little bit.
KITTEN: How have phishing attacks advanced? And when I talk about the advancement of phishing attacks, I'm talking about beyond just phishing links. What other types of techniques are fraudsters using to hijack personal information?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Criminals Targeting Smaller Companies

Posted by Avik Sarkar On 5/02/2011 05:57:00 pm


Last week Sony announced that its PlayStation Network fell victim to hackers. This was embarrassing for the company, worrisome for gamers and just proved that big companies remain targets. But last week Verizon also released its annual Data Breach Investigation and there was good news and bad news.
The good was that cyber criminals were far less successful in 2010, with the amount of data that was obtained or compromised falling dramatically last year. One reason cited is that law enforcement has begun to crack down on cyber crime, with one individual receiving a 20-year prison sentence last year. In total the Secret Service arrested more than 1,200 suspects last year for cyber crime violations.
So what’s the bad news? Instead of targeting large companies, it seems the new breed of cyber criminals is going after smaller companies that tend to be less well-guarded. According to reports, about 40 percent of the breaches were in the hospitality industry, 25 percent in retail and 22 percent in financial services.
Attacks against small business have been on the rise since 2008, and in according to a recent report from KnowBe4 in 2009 cyber criminals extracted nearly $400,000 from a Florida dentist’s account! Talk about a painful extraction.
But it was also a savvy style of attack, where Robert Thousand Jr. received thousands of calls to his business, home and mobile phones. These calls consisted of 30-second long recorded messages from a sex hotline – and these were done to keep Thousand’s phone lines tied up while cyber criminals made five transfers totaling $399,000 from a TD Ameritrade retirement account.
Cyber criminals also targeted lawyer Kimberly Graus, bypassing her anti-virus software to initiate $35,000 in wire transfers from a trust fund she managed. She was likely the victim of a phishing attempt, which installed malware that allowed hackers to capture her account passwords.
Both Graus and Thousand had virus protection in place, but today’s savvy hackers are finding inventive ways around it.
Part of the issue for small business is that identity theft is often a large component of the cyber crime. When fraud strikes it reportedly costs the average consumer $631 and take on average 130 hours to recover from identity theft
The good news is that help may be on the way. Last month President Barack Obama stated that he is looking to create an “identity ecosystem” that could include unique software that creates one-time digital passwords. This is part of the National Strategy for Trusted Identities in Cyberspace (NSTIC).
The most important thing to do is to always be on guard, and not to be the low hanging fruit for cyber crimina

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cybercrime can ruin the entire economies

Posted by Avik Sarkar On 5/22/2011 12:51:00 pm



Russian anti-virus guru Eugene Kaspersky does a quick calculation in his head as he blinks at the ceiling.Satisfied, he announces: "About 200000."

That's the number of virus-infected computers in a targeted attack on SA's internet infrastructure that would shut it off from the rest of the world. No e-mail. No electronic transactions. No web searches. No e-government. No Skype, Twitter or Facebook. Nothing.

He's not being alarmist - it happened in Estonia in 2007.
And 200000 rogue computers is not a huge number. Organised syndicates or loners with modest technical know-how and resources can harness millions of virus-infected machines they effectively control to add muscle to their efforts - from stealing money and identities to managing online corporate espionage or collapsing the infrastructure and function of a country's economy and government.
Kaspersky is CEO and founder of Kaspersky Lab, one of the world's top four anti-virus software companies and Europe's biggest. Worldwide, the software anti-virus industry is worth about $7-billion a year in profit for firms in the sector. His fortune is estimated at $800-million and Forbes rates him as Russia's 125th-richest person. He was in SA to talk to business executives and security experts about the rising cybercrime threat to business, governments and organisations of all types.
"There are literally millions of computer viruses in the wild," he says. "Last year alone we collected 20million of them. Most are variations on a theme and can be dealt with automatically in our labs. However, there are teams of experts at anti-virus organisations around the world that work against new threats round the clock. Once a virus is discovered, it can be reverse-engineered and countered with an antidote pretty quickly," says Kaspersky.
He worries about the ability of viruses, or malware (malicious software) to perform increasingly sophisticated and sinister attacks. Typically, these are denial of service (DOS) assaults using networks of computers infected by malware to bring down websites or online services by bombarding them with data. People who control these botnets can trigger a destructive payload at will.
The 2007 Estonian attack showed a botnet with enough resources could shut down banks, government departments, education networks, the media - just about any organisation with an online presence.
DOS attacks are just one aspect of the destructiveness of modern malware. Malware can also help with identity theft and data theft. The damage can be devastating.
"Estimates put the cost to business of cybercrime at anything between $100-billion to $1-trillion," he says . "One of the reasons it's so hard to put a figure on it is organisations that have been compromised are reluctant to talk about it."
Another is they don't know about it. Data theft is big business but differs from other forms of pilfering in that the original data stays where it is while a copy is spirited away, often undetected, via the ether.
"Some businesses are aware and active in countering virus attacks. Banks, for example, now build losses from cybercrime into the cost of doing business - they have a budget for it which includes defending against it and compensating for it when breaches occur. Computer viruses have permeated every part of society," he says.
In August 2008, a Spanair airliner crashed just after taking off from Madrid. It was that year's deadliest aviation accident and 154 people died.
Kaspersky says the airline found the computer system used to monitor aircraft technical problems was infected with malware that probably prevented detection of a system failure.
Last year marked the appearance of the Stuxnet virus, a virus so complicated to produce and dispatch it was probably at least partly the work of, or funded by, a nation state. Speculation is Stuxnet's purpose was to sabotage an Iranian nuclear reactor, although it can damage a variety of industrial systems.
Computer viruses have come a long way since the first, written in 1982 by US schoolboy Rich Skrenta, 15. Called Elk Cloner and written for early Apple II systems, it replicated itself on floppy disks and displayed a poem, sometimes corrupting disks it infected.
Brain was the first virus to infect IBM PCs and was released in 1986. It was written by two Pakistani brothers and distributed with their medical software to prevent piracy. It replicated itself and slowed systems.
The advent of the commercial internet in the early 1990s provided the ideal vehicle to spread viruses.
More advanced techniques used by virus writers meant they could be used to do anything from data theft and identity fraud to corporate espionage, blackmail and extortion.
Kaspersky says a Swedish bank was attacked in February and the remote access Trojan fooled operators into thinking that the screens they were monitoring had been frozen by a Windows blue screen computer error.
"The first rule when this happens is don't touch anything. They didn't. But the machine wasn't frozen, the virus had generated the blue screen and was diverting funds in the background from a perfectly functioning system that the operators thought wasn't working.
"Now malware writers are using social networks like Facebook and Twitter to spread their work." Organisations were threatened from within by disgruntled staff or criminals as shown by malware found on organisations' computers not connected to the internet.
Kaspersky says the computer virus threat is on the rise and inadequately protected businesses are vulnerable.
"Cybercrime is an industry now. Governments are finding it difficult to fight it because any laws they make regarding cybercrime are difficult if not impossible to enforce in the online world where attacks may come from networks made up of computers in different countries.
"Even on home soil, laws are difficult to keep relevant as the nature of attacks change. And in Japan, for example, there's simply no law against writing computer viruses.
"Lack of understanding the real threat of viruses is a dangerous game for businesses and organisations of all sizes to play," he says.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Obama Proposes Cybersecurity Strategy to Replace Passwords

Posted by Avik Sarkar On 4/25/2011 01:18:00 pm


A new cybersecurity strategy will do away with traditional passwords and replace them with an “IdentityEcosystem.”

The new project, The National Strategy for Trusted Identities in Cyberspace (NSTIC), was released by the Obama Administration on April 15. It aims to protect users from identity theft, online fraud, and cybercriminals.

The Identity Ecosystem will offer “interoperable, secure, and reliable credentials” to anyone who wants them. These “credentials” can range from smartphone software, a password-generating token, or a smart card, according to a White House fact sheet on the program.

“We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” states the fact sheet. “Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them.”

The proposed strategy is not without its concerns, however, as it could make the government a one-stop-shop for online identity. Jim Fenton, a Distinguished Engineer for Cisco, addressed some of the main concerns in Cisco’s official blog.

According to Fenton, “There is concern that this will lead to a Government-run identity system with extensive surveillance power,” yet the system “should” allow users to have more than one identity “just as they might do business with more than one bank or have more than one credit card or brokerage account.”
The system should also remain secure, despite being centrally-located. He states, “It is true that identity providers are going to need very high security. But this is a risk that we can insure against ...”

He does add, however, that NSTIC leaves some questions unanswered, including details on the system’s business model and how it fits into the government structure.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The EU is Launching "European Cybercrime Centre" To Fight Against Cyber Threats

Posted by Avik Sarkar On 4/07/2012 10:51:00 pm

The European Commission is Launching "European Cybercrime Centre" To Fight Against Cyber Threats
The rise of cyber-crime and cyber-crminals are on the high node. According to a statistic more than 1m people are victims of cybercrime across the globe each day. It says the cost of cybercrime could reach US$388bn worldwide. To fight against rising cyber-crime The European Commission is proposing to set up a European Cybercrime Centre in the Hague to focus on online fraud, e-crime and identity theft. As for the European Cybercrime Centre, the commission is proposing to set it up within the European Police Office, Europol in The Hague in The Netherlands. According to the official release of European Commission - The EU plans to tackle this with a new European Cybercrime Centre , which would warn EU countries of major threats and alert them to weaknesses in their online defences. It would also identify criminal networks and prominent offenders, and provide support during investigations. The centre will use information from the public domain, industry, the police and academia to assist cybercrime investigators, prosecutors and judges.
Anyone can be a victim of cybercrime – it includes:
  •   Online identity theft
  •   Computer fraud
  •   Credit card scams
  •   Sexual exploitation of children
  •   Hijacking of web accounts
  •   Attacks on public or private IT systems
And this type of crime is increasing. Around 600,000 Facebook accounts need blocking every day after hacking attempts. In Belgium alone, internet fraud rose from just over 4,000 cases in 2008 to over 7,000 in 2010. And in the UK, bank account takeovers shot up by 207% between 2008 and 2009. A crackdown on cybercrime will help to increase confidence in e-banking and online booking, and will save millions of euros – a 2011 study put the global cost of cybercrime at €85-291bn. Unfortunately, very few of the perpetrators are currently caught. The pan-EU nature of the centre would ensure that threats are passed on quickly to other EU countries. If someone in Lithuania reports that their bank account has been accessed illegally, it could be linked quickly to similar incidents anywhere from Greece to Ireland, allowing the centre to immediately alert all EU countries to the threat.
Cybercrime Statistics (European Commission analysis):-  
  • By 2011, nearly 73pc of European households had internet access at home.
  • In 2010, more than 36pc of EU citizens were banking online.
  • 80pc of young Europeans connect through online social networks.
  • Circa US$8trn exchanges hands globally each year in e-commerce.
  • Credit card details can be sold between organised crime groups for as little as €1 per card, a counterfeited physical credit card for around €140 and bank credentials for as little as €60.
  • Up to 600,000 Facebook accounts are blocked every day, after hacking attempts.
The commission said the centre will fuse information from open sources, private industry, police and academia, as well as serving as a platform for European cybercrime investigators, where they can have a collective voice in discussions with the IT industry, private-sector companies, academia, users' associations and civil society organisations.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

27 Years Old Hacker From Washington Fined & Jailed For Hacking Several Facebook Accounts & Pages

Posted by Avik Sarkar On 7/15/2012 04:45:00 pm

27 Years Old Hacker (Timothy Noirjean) From Washington Fined & Jailed For Hacking Several Facebook Accounts & Pages

Washington County district court judge sentenced Woodbury resident Timothy Noirjean to 150 days in jail, five years on probation and more than $15,000 in fines.
27 year old Noirjean pleaded guilty to 13 counts of electronic identity theft. He was accused of posing as a Facebook friend to an Oakdale woman and hacking her information – and information belonging to her friends. Washington County Attorney Pete Orput said his prosecutors never budged from his assertion in 2011 that the case would not be plea-bargained. “I’m not willing to tell one or several (of the victims) that we dismissed one or several of the counts in return for guilty pleas for the others,” Orput said.
He said he was committed to getting convictions on the 13 counts – all felonies – due to the harm caused by Noirjean’s actions. After hacking the women’s information, Noirjean posted photos of several of the women on an adult website.
Orput said that while his office could prosecute Noirjean, it couldn’t legally make the website take down the photos. “That harm goes on forever,” he said.
Orput said Internet users must be critical when it comes to sharing information, adding that identity theft has emerged as perhaps the most common crime in Washington County. “This case illustrates the need to be very, very safe and vigilant online,” he said. “I hope people just won’t share passwords with anybody.”
According to a criminal complaint, the woman reported having a Facebook chat with someone she thought was a friend. When the woman logged off Facebook, then attempted to log back in, she learned her password had been changed.
After gaining access to her Facebook page, she found a link on her page that appeared to have been posted by the friend she had been chatting with earlier. That link led to a sexually explicit website that contained three of the woman’s photos and identified her by first and last name and city of residence. Those photos had been stored in her email account, according to the complaint.
The woman then realized that she had unwittingly disclosed account information to her chat correspondent, later identified as Noirjean. The friend Noirjean had been posing as also learned her account information had been hacked.
Police closed in on Noirjean using Internet records. In an interview with police, Noirjean admitted to hacking into or attempting to hack more than 100 accounts. More victims were discovered after a search of Noirjean’s computer.
As part of the sentence, Tenth District Court Judge Elizabeth Martin ordered Noirjean to pay $1,000 to each of the 13 victims. She also required him to pay more than $2,000 to two women to cover computer expenses.


-Source (Woodbury Bulletin)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

An army of techies waging war on spam

Posted by Avik Sarkar On 5/09/2011 03:27:00 pm




It's a vast, invisible battle, going on all the time - and, unbeknownst to you, your computer may be one of the battlegrounds.
The struggle pits thousands of smart, evil folks, who send out trillions of pieces of spam e-mail, against the people in law enforcement and business guarding against them and trying to shut them down.
On the front lines against spam and cybercrime, some analyze malicious computer code (malware), and others - in the young science of cyberforensics - examine computers and drives confiscated in investigations.
Spam - hated word - is again in the news. A May 3 FBI alert warned of e-mail carrying purported images or videos of Osama bin Laden. "This will leave you speechless)," the spam says. "See picture of bin laden dead!"
Don't even open it, warned the alert. "This malicious software or malware can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends, and family members."
Pumped out by networks (botnets) of malware-enslaved personal computers, unwanted e-mail - random junk, ads, porn, viruses, Trojan horses, get-rich-quick offers from Nigerian nobility - makes up most of all e-mail sent in the world. By far. Estimates range around 80 percent - but a 2007 Microsoft security report in October put it at 97 percent. It ranges from crud to criminal. As for malware, the United States has about 2.2 million computers (more than any other country) infected, according to Microsoft numbers (likely to be low).
"I guarantee," says FBI Special Agent Brian Herrick, director of the FBI Cyber Crime Squad in Philadelphia, "that thousands of Inquirer readers probably have computers infected with spam or malware, part of a botnet just pumping out spam."
The cyberthugs have an advantage, says Special Agent Cerena Coughlin, also of the Cyber Crime Squad. "We can stop them for a while, but they always come up with ways to circumvent it. And we're more restricted. We have to follow the letter of the law - they don't."
The extent of it is staggering. Before U.S. marshals took it down in March, the Rustock botnet was pumping out an estimated 30 billion spam e-mails a day. The botnets - big names include ZeuS, SpyEye, Dogma, Koobface, and Alureon - are run by criminal groups that use servers and supercomputers in several countries. Tracing their activity is extremely difficult and calls for highly skilled technical workers.
One of 16 such FBI squads in the country, the Philadelphia Cyber Crime Squad has 15 agents working full-time on cybercrime; the national program began in 1996. Working with national and international agencies, the squad studies and traces viruses, junk, and spam. Cases involve computer intrusions (everything from local hackers to international cyberespionage and terrorism), child exploitation (as in pornography), intellectual-property rights (copyright infringement, movies, music, software, proprietary business secrets), Internet fraud, and identity theft.
Coughlin says, "We are insanely busy. This is the third-busiest squad in the country, because of where it is and all the affected business and government concerns nearby. We don't have enough bodies for all the work there is."
In the Philadelphia area, the FBI joins hands with local businesses such as banks, agribusiness, and utilities (enterprises often attacked by spam and cybercrime) in a group called InfraGard. There are more than 1,400 local members - "So many people want to be part of it that we don't even need to solicit members," Coughlin says.
At monthly meetings, members share information, news, and tips. The FBI gives presentations and talks, and individual members speak about the cases they face. "It's a communication channel," Herrick says, "between the U.S. government and people in industry down in the trenches, looking to protect critical infrastructure."
Current president of the local chapter of InfraGard is Brian Schaeffer, chief information officer of Liberty Bell Bank in Marlton. He says, "I get thousands of cyberattacks a day. A lot of them are idiots just wanting to show what they can do. But a lot of them are looking to access banking information."
Like most banks, Liberty Bell has a strong firewall, "so hackers take a back-door approach," sending bank clients "phishing" e-mails - which pretend to be trustworthy communications but hide nasty intentions. "If a client even opens such an e-mail, they can get into their account information, their contacts, the keys to the kingdom."
Such attacks mean that "not only do I have to defend my own system, but also I try to help the customers with theirs. If their computers get infected, their account and credit information could get sold to strangers, and that could hurt us all." Schaeffer tells of an elderly couple who came to his bank one day, and just by coincidence, a bank clerk brought him a suspicious request "to withdraw a huge amount of money from their account - but there they were, sitting with us, so we knew some hackers had got at their information through e-mail."
He says InfraGard "has given me a network of people I can go to if I see things I never saw before. If I have a question, there's likely to be someone with an answer."
The other side of the battle is cyberforensics. Think of it as CSI with computers. It's happening right now, with the cache of computers, flash drives, and other cyberstuff taken from Osama bin Laden's compound in Abbottabad, Pakistan. U.S. agents instantly began to analyze this precious trove for criminal evidence - and links to other al-Qaeda operatives.
Work much like this goes on in Radnor at the FBI's Regional Computer Forensics Laboratory, one of 16 such labs in the country. As with InfraGard, the flavor is distinctly federal/local. Law enforcement agencies - such as the police departments of Philadelphia, Lancaster, Lower Merion, and Lower Providence - send officers to guest-work at the lab and receive training and experience in fighting computer crime.
Supervisory Special Agent J.P. McDonald directs the lab, which has been involved in some of the highest-profile local investigations of recent years, including the 2007 Fort Dix attack plot, the manhunt for the Coatesville arsonists, the case of former State Sen. Vincent J. Fumo, and the 2007-08 "Bonnie and Clyde" case of Jocelyn Kirsch and Edward Anderton, now in prison for fraud and identity theft.
"You can track the growth of cyberforensics along the same timeline as computers," McDonald says. "The FBI's program began in 1999, and, as of the mid-2000s, cyberevidence now has recognition and a firm track record in courts."
The lab is a techie's paradise, with gadgets and screens galore, racks of digital evidence sealed in antistatic wrap, sophisticated hard-drive readers, radiofrequency-shielded spaces, and kiosks for quick analysis of cell phones and thumb drives. "The majority of what we do," McDonald says, "is analysis of what's in a machine, how it got there, and then making a timeline of the history of what got there when."
"People's electronic devices are really an extension of their thoughts," says Philadelphia Police Lt. Edward Monaghan, deputy director of the lab. "If you're into NASCAR, you're likely to have NASCAR stuff in your computer. Thugs who are into drugs and money like to have their pictures taken with drugs, guns, and money. It sounds dumb, but they love it. That's what cyberevidence is all about."
The FBI's Herrick is resigned to a long battle: "There's probably some high school kid someplace in the Midwest - or maybe Europe or Asia someplace - who's cooking up something nobody's ever seen before. You really have to stay on your game with these guys."



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Star Wars Galaxies Fan Site Hacked (21,000 Email-id & 23,000 Passwords Stolen)

Posted by Avik Sarkar On 9/01/2011 05:02:00 pm


A Star Wars Galaxies fan site got hacked today and thieves stole 21,000 email addresses and 23,000 passwords. And judging from an analysis of the passwords, most of them were weak. The site SWGalaxies.net is a fan site owned by LFNetwork, an independently owned network of LucasArts fan sites. Hackers from the group ObSec, a small hacking collective with apparent sympathies for the LulzSec and AntiSec hacktivist groups, broke into the site’s security and posted the addresses and passwords on the web. While a compromised forum login isn’t itself a big deal, the threat from this kind of smaller breach is that it can lead to further identity theft that could be devastating for individuals — particularly if they’re reusing the same passwords at other, more critical websites.
Jeff Moeller, editor of LFNetwork, said that the site that got hacked is not actively maintained any more. The fan site targets males 18 to 34 years old, and evidently none of the other UGO or IGN sites were targeted.

According to the identifier Report:-

“It’s unfortunate,” said Todd Feinman, chief executive of Identity Finder, in an interview. “It must be so frustrating for someone to see their passwords online, given the amount of online sign-ups we have to do.”

Of the 23,389 passwords stolen, 71 percent were weak. Only 13 percent of the passwords were strong. The average password length was 7.6 characters. About 4.3 percent of the passwords were less than 5 characters, and only 4.7 percent of the passwords were more than 10 characters long.
Hacking a game web site password isn’t too big a deal. But the problem is that users often reuse their passwords on more important sites, like online banks. Studies show that 50 percent of passwords are reused.
Feinman said, “Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud.”
One of the users had a password that was 42 characters long. That person took trouble to protect himself or herself. But since the web site stored the passwords in an unencrypted format, the password is out there for everyone to see now.

-News Source (Games Beat & Star Galaxy)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Two Young Researchers Found Vulnerability in Microsoft Windows Live Which Could Lead ID-Theft

Posted by Avik Sarkar On 7/15/2012 04:45:00 pm

Two Young Researchers Found Security Flaws in Microsoft Windows Live Which Could Lead Identity Theft
Recently two young security researchers of Morocco named Abdeljalil S'hit and Yasser Aboukir discovered a serious vulnerability in Microsoft's Windows Live service. The vulnerability has been reported to Microsoft, but unfortunately the software giant neither gave compastion nor  did any comment about the said topic. In a report ZDNet said the vulnerability in question leveraged Cross-Site Scripting (XSS) to execute a malicious script. 

More specifically, the two researchers managed to cause an error on the Windows Live login page (as you can see above), and once the victim clicked on the "Continue" button, their malicious script would be executed. XSS flaw means that an attacker could impersonate a Windows Live user by gaining full control of the victim's cookies. Combined with social engineering, this technique could be used to steal a victim's Windows Live identity with ease. 

The last update we got from Microsoft is saying - "We quickly addressed the vulnerability in question to help keep customers protected and appreciate the researchers using Coordinated Vulnerability Disclosure to assist in us working toward a fix in a coordinated manner"






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers plan third attack on Sony

Posted by Avik Sarkar On 5/07/2011 01:15:00 am


Hackers are planning a third attack on Sony in retaliation for its handling of the PlayStation Network and Online Entertainment services data breaches, according to US reports.
The attack on Sony's website is planned for this weekend, says a CNet report, citing an unnamed observer of the Internet Relay Chat (IRC) channel used by the hackers.
According to the source, the hackers claim to have access to some of Sony's servers and plan to publish information they are able to copy from those servers.
Although Sony has stopped short of blaming the hacker group known as Anonymous for the latest breaches, it said in a letter to a Congressional hearing that it had found a file named "Anonymous" containing a fragment of the group's slogan, "We are Legion".
Anonymous has a history of denial-of-service attacks against Sony websites in retaliation for Sony's legal action against hacker George Hotz, but the group has denied responsibility.
Anonymous has never been known to have engaged in credit card theft, the group said in a statement.
According to the group, whoever broke into Sony's servers to steal the credit card information and left a document blaming Anonymous clearly wanted Anonymous to be blamed.
"No one who is actually associated with our movement would do something that would prompt a massive law enforcement response. On the other hand, a group of standard online thieves would have every reason to frame Anonymous in order to put law enforcement off the track," the statement says.
In an attempt to tackle criticism for its handling of the breach, Sony has issued a letter to customers in which it blames forensic analysis for delays in notifying customers that their personal data may have been stolen.
The company has also promised to help protect customers from identity theft around the world and offer a "Welcome Back" package, including free subscriptions, once its networks are restored.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search