Tag Archives: cyber crime

TSA Worker Tried to Sabotage Terror Database

0
Posted by Tech Paranoia on March 12, 2010 – 9:53 am
Filed under Hacks
Tagged as , ,

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on Oct. 15, he was given two weeks’ notice that his job would be terminated.

About a week later, on Oct. 22, Duchak allegedly transmitted the malicious code onto a CSOC server that stored data from the U.S. Marshal’s Service, according to the indictment. The next day, he allegedly loaded malicious code to a server containing the Terrorist Screening Database. The source involved in the case said the servers “are part of the system that contains the no-fly list” and added that the code, if it had gone undetected, could have traveled to a facility in another state that uses a similar computer system.

Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.

Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

Source: Wired

Cybercriminals target school districts

1
Posted by Tech Paranoia on January 13, 2010 – 1:00 pm
Filed under Hacks
Tagged as

Local school districts across the United States have emerged as a prime target for cybercriminals. In the fall of 2009, districts in Colorado, Illinois, Oklahoma and Pennsylvania all reported thefts of tens of thousands of dollars.

The threat continues: on January 5, 2010, the Duanesburg, New York Central School District disclosed an attempted theft of $3.8 million, about a quarter of the district’s operating budget.

These crimes have been driven by malicious software infecting central office PC’s containing the district’s electronic banking details. These details were subsequently used by cybercriminals to access the district’s online bank account and illegally transfer money out of the account to money-mules, who subsequently transfer the funds to the criminal ringleaders.

Comodo CEO Melih Abdulhayoglu points out the soft-target characteristics of school districts and similar organizations including local governments, not-for-profit-organizations, and small businesses that make them attractive to cybercriminals. Abdulhayoglu further points out the need for much stronger “Default Deny” PC endpoint security to be deployed by organizations that will always appear to be soft targets relative to larger organizations with the personnel and financial resources to mount stronger cyber-defenses.

Source: Help Net Security

Windows 7 Could Create Cybercrime ‘Ghettos’

1
Posted by Tech Paranoia on December 16, 2009 – 12:00 pm
Filed under Security
Tagged as , ,

A researcher warns that the transition from Windows XP could leave the developing world vulnerable.

Cybercriminals are lazy. Given the choice between adapting their malicious software to a new operating system or focusing on users who haven’t made the switch, they’ll inevitably choose the path of least resistance, according to a new report from Finnish security firm F-Secure.

This could spell trouble for the developing world. According to F-Secure’s report on 2010 cybercrime trends, the shift from Windows XP to Windows 7 could give rise to malicious software “ghettos” in emerging markets that are slow to upgrade to the more secure operating system. “Cybercriminals will always look for the easy targets,” says F-Secure Chief Research Officer Mikko Hypponen. “And that means they’ll focus on these developing countries.”

Unlike Windows Vista, Windows 7 will eventually replace Windows XP as the primary operating system globally, Hypponen says. But over the next year, there will be pockets of computers around the world that haven’t made the switch. “They don’t have the expertise from the users, they don’t have the firewalls, and now they’ll be running older versions of the operating system with less built-in security,” Hypponen says.

Source: Forbes

Social media a playground for cybercriminals

0
Posted by Tech Paranoia on December 8, 2009 – 9:00 am
Filed under Security
Tagged as ,

Cisco issued its Annual Security Report for 2009, which highlights the impact of social media, particularly social networking, on network security and explores the critical role that people, not technology, play in creating opportunities for cybercriminals. It also discusses trends in cloud computing, spam and overall global cybercrime activities that information technology professionals continue to face.

Social media experienced explosive growth in 2009. Facebook alone tripled its active user base to 350 million over the course of the year. Social media adoption is expected to continue growing into 2010, especially as more organizations realize the value of social networks as an absolute business requirement.

Social networks have quickly become a playground for cybercriminals because members of these sites put an inordinate amount of trust in the other members of their communities and often fail to take precautions to prevent the spread of malware and computer viruses. The report also provides more information on the potentially devastating combination of minor vulnerabilities, poor user behavior, and outdated security software that can dramatically increase risks to network security.

Full article at: Help Net Security

Staying ahead of the cybercriminal

1
Posted by Tech Paranoia on November 30, 2009 – 4:00 pm
Filed under Security
Tagged as ,

There has been a lot of talk this year about the increasing sophistication of cybercrime threat – even going so far as to claim that virus creation has moved into the “Web 2.0” era. However, as is often the case in the security industry, hyperbole and drama garner all the attention, while gentle reminders of continued good practice can easily be forgotten.

Many in the security industry continually stress the importance of implementing the ‘latest prevention trend’ – a recent example being behavioral analysis – or debate the danger of the latest Conficker-esque “zero-day exploits”. However, approaching security policy in this manner encourages a reactive standpoint and leaves organizations constantly attempting to play catch-up with the cyber criminals.

A lot of the talk is designed to make the security industry seem ever more enthralling, but it seems fair to say that the software being used now to create viruses isn’t much more sophisticated than it was ten years ago. Certainly, there are more threats now than there ever have been, and it’s likely that the rate at which viruses are created is accelerating every year. But the make-up and threat level of the individual viruses themselves hasn’t changed enough to mean entirely new prevention processes are required. It’s effectively the same virus creation software that’s being used – just re-invented and re-monetized for phishing and key-logging purposes.

Article at: Net-Security