crime

How terrorists use the Web

From Technology Review‘s “Terror’s Server“:

According to [Gabriel] Weimann [professor of communications at University of Haifa], the number of [terror-related] websites has leapt from only 12 in 1997 to around 4,300 today. …

These sites serve as a means to recruit members, solicit funds, and promote and spread ideology. …

The September 11 hijackers used conventional tools like chat rooms and e-mail to communicate and used the Web to gather basic information on targets, says Philip Zelikow, a historian at the University of Virginia and the former executive director of the 9/11 Commission. …

Finally, terrorists are learning that they can distribute images of atrocities with the help of the Web. … “The Internet allows a small group to publicize such horrific and gruesome acts in seconds, for very little or no cost, worldwide, to huge audiences, in the most powerful way,” says Weimann. …

How terrorists use the Web Read More »

How he liked being tarred & feathered

From Shelby Foote’s The Civil War: Fort Sumter to Perryville (166):

Asked how he enjoyed his office [of President], [Lincoln] told of a tarred and feathered man out West, who, as he was being ridden out of town on a rail, heard one among the crowd call to him, asking how he liked it, high up there on his uncomfortable perch. “If it wasn’t for the honor of the thing,” the man replied, “I’d sooner walk.”

How he liked being tarred & feathered Read More »

The botnet hunters

From The Washington Post‘s “Bringing Botnets Out of the Shadows“:

Nicholas Albright’s first foray into some of the darkest alleys of the Internet came in November 2004, shortly after his father committed suicide. About a month following his father’s death, Albright discovered that online criminals had broken into his dad’s personal computer and programmed it to serve as part of a worldwide, distributed network for storing pirated software and movies. …

From that day forward, Albright poured all of his free time and pent-up anger over his father’s death into assembling “Shadowserver,” a group of individuals dedicated to battling large, remote-controlled herds of hacked personal PCs, also known as “botnets.” …

Each “bot” is a computer on which the controlling hacker has installed specialized software that allows him to commandeer many of its functions. Hackers use bots to further their online schemes or as collection points for users’ personal and financial information.

“I take my [handheld computer] everywhere so I can keep tabs on the botnets when I’m not at home,” Albright said …

On a Sunday afternoon in late February, Albright was lurking in an online channel that a bot herder uses to control a network of more than 1,400 hacked computers running Microsoft Windows software. The hacker controlling this botnet was seeding infected machines with “keyloggers,” …

Albright had already intercepted and dissected a copy of the computer worm that the attacker uses to seize control of computers — an operation that yielded the user name and password the hacker uses to run the control channel. By pretending to be just another freshly hacked bot reporting for duty, Albright passively monitors what the hackers are doing with their botnets and collects information that an Internet service provider would need to get the channel shut down.

Albright spied one infected PC reporting data about the online activities of its oblivious owner — from the detailed information flowing across the wire, it was clear that one of the infected computers belongs to a physician in Michigan.

“The botnet is running a keylogger, and I see patient data,” Albright said. …

“Anything you submit to law enforcement may help later if an investigation occurs,” he said. “Chances are, though, it will just be filed away in a database.”

Botnets are the workhorses of most online criminal enterprises today, allowing hackers to ply their trade anonymously — sending spam, sowing infected PCs with adware from companies that pay for each installation, or hosting fraudulent e-commerce and banking Web sites. …

… in the 13-month period ending in January, more than 13 million PCs around the world were infected with malicious code that turned them into bots.

… Shadowserver locates bot networks by deploying a series of “honeynets” — sensors that mimic computers with known security flaws — in an effort to lure attackers, allowing the group to capture samples of new bot programs. …

Shadowserver submits any new or undetected specimens to the major anti-virus companies. Andrews said he is constantly surprised by the sheer number of bot programs that do not get flagged as malicious by any of the programs. …

In Andrews’s experience, by far the most common reason criminals create botnets these days — other than perhaps to sell or rent them to other criminals — is to install online ad-serving software that earns the attacker a few pennies per install. …

Even after the Shadowserver crew has convinced an ISP to shut down a botmaster’s command-and-control channel, most of the bots will remain infected. Like lost sheep without a shepherd, the drones will continually try to reconnect to the hacker’s control server, unaware that it no longer exists. …

“Bot hunting can really take over your personal life, because to do this right you really have to stay on top of it — it can’t just be something you do on the weekends,” he said. “I guess it takes a special type of person to be able to sustain botnet hunting. … I don’t know anyone who pays people to do this kind of work.” …

Albright said that while federal law enforcement has recently made concerted efforts to reach out to groups like Shadowserver in hopes of building a more effective partnership, they don’t have the bodies, the technology, or the legal leeway to act directly on the information the groups provide. …

“Sadly, without more law enforcement support this will remain a chase-your-tail type game, because we won’t ever really shut these networks down until the bot master goes to jail, and his drones are cleaned.”

The botnet hunters Read More »

Phishing by altering the bank’s server

From Computerworld‘s “Florida banks hacked in new spoofing attack“:

Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.

Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three banks’ Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement’s Computer Crime Center.

Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank and Capital City Bank, all small, regional banks based in Florida.

This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.

… Though Breeden said the scam was operational for only “a matter of hours” and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information.

Phishing by altering the bank’s server Read More »

How much does stolen identity info cost?

From The New York Times‘ “Countless Dens of Uncatchable Thieves“:

In the online world, he operates under the pseudonym Zo0mer, according to American investigators, and he smugly hawks all manner of stolen consumer information alongside dozens of other peddlers at a Web site he helps manage.

“My prices are lowers then most of other vendors have and I will deliver them in real time,” reads a typically fractured Zo0mer post.

At the same forum, another user, “tabbot,” offers “any U.S. bank accounts” for sale.

“Balance from 3K and above: $40,” he writes. “Regular brokerage accounts from 3K and above: $70.”

Tabbot also offers full access to hacked accounts from credit unions. One, with a $31,000 balance, is being sold for $400. “I can try search specific info such as signature, ssn, dob, email access,” tabbot writes. “Account with an extra info will be more expensive.”

How much does stolen identity info cost? Read More »

Thieves use Bluetooth to find laptops in cars

From “Phone pirates in seek and steal mission“:

MOBILE phone technology is being used by thieves to seek out and steal laptops locked in cars in Cambridgeshire.

Up-to-date mobiles often have Bluetooth technology, which allows other compatible devices, including laptops, to link up and exchange information, and log on to the internet.

But thieves in Cambridge have cottoned on to an alternative use for the function, using it as a scanner which will let them know if another Bluetooth device is locked in a car boot.

Det Sgt Al Funge, from Cambridge’s crime investigation unit, said: “There have been a number of instances of this new technology being used to identify cars which have valuable electronics, including laptops, inside.

Thieves use Bluetooth to find laptops in cars Read More »

Water that uniquely identifies its owner

From SmartWater Technology:

SmartWater Security Systems are forensic coding systems which can be applied in several ways:

SmartWater Tracer

An aqueous based solution with a unique forensic code.

SmartWater Tracer uniquely codes your property, whilst being virtually invisible to the naked eye, glows under UV light and is practically impossible to remove entirely. Tracer is used in commercial businesses, schools, hospitals and other organisations. Tracer is also used in our Home Coding System so that you can use it safely on jewellery and other sentimental items.

SmartWater Instant

Forensic Coding combined with microdot technology.

SmartWater has been designed to protect household property and motor vehicles. Each bottle of SmartWater solution contains a unique forensic code, which is assigned to a household or vehicle.

An additional feature of SmartWater Instant is the inclusion of tiny micro-dot particles which enable Police to quickly identify the true owner of the property.

SmartWater SuperLabel

Forensic Coding is embedded into the adhesive of tamper resistant labels – combines effective asset management with the protection of Tracer.

The SuperLabel is designed to be tamper resistant making it extremely difficult to remove. Should the label be removed, ownership of the asset can be established from the smallest speck of adhesive, as it contains the forensic code. As with the other SmartWater products this is also designed to glow under Ultra Violet light. Your company logo can also be incorporated into the adhesive, providing quick identification of the true owner of the property.

Water that uniquely identifies its owner Read More »

How to fake an anthrax scare

From Bruce Schneier’s “White Powder Anthrax Hoaxes“:

Earlier this month, there was an anthrax scare at the Indonesian embassy in Australia. Someone sent them some white powder in an envelope, which was scary enough. Then it tested positive for bacillus. The building was decontaminated, and the staff was quarantined for twelve hours. By then, tests came back negative for anthrax.

A lot of thought went into this false alarm. The attackers obviously knew that their white powder would be quickly tested for the presence of a bacterium of the bacillus family (of which anthrax is a member), but that the bacillus would have to be cultured for a couple of days before a more exact identification could be made. So even without any anthrax, they managed to cause two days of terror.

… In an interesting side note, the media have revealed for the first time that 360 “white powder” incidents have taken place since 11 September 2001. This news had been suppressed by the government, which had issued D notices to the media for all such incidents. So there has been one such incident approximately every four days — an astonishing number, given Australia’s otherwise low crime rate.

How to fake an anthrax scare Read More »

Global secrets are poor security

From Bruce Schneier’s “The Keys to the Sydney Subway“:

Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.

This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them. …

Another problem with global secrets is that it’s expensive to recover from a security failure. …

A final problem with global secrets is that it’s simply too easy to lose control of them.

Global secrets are poor security Read More »

Better technical security increases personal risks

From The New York Times‘ “They Stole $92 Million, but Now What?“:

Just one week ago, Colin Dixon, the manager of a depot where bank notes are stored, was driving home on a quiet Tuesday evening when what he thought was a police car with flashing blue lights pulled him over.

It was the beginning, as it turned out, of Britain’s biggest ever cash caper. Seven days later, a staggering $92 million — around twice the previous record in a country that seems to specialize in mind-boggling robberies — seems simply to have disappeared.

The men who ordered Mr. Dixon, 51, to pull over were not police officers but hoodlums who bundled him into their Volvo and handcuffed him. According to police accounts, he was told that his wife, Lynn, 45, and son Craig, 8, would be shot if he did not cooperate.

Less than two hours later, more bogus police officers called at Mr. Dixon’s home in Herne Bay and told his wife that he had been in an accident. She and her son believed their story and walked into captivity. The family was reunited at a farmhouse, then driven to the depot at Tonbridge, in the county of Kent southeast of London, according to police accounts. Then their ordeal really began. …

The haul was enormous even by the standards of a land that likes to express its criminal landmarks through thefts of industrial proportions — more than twice the $45 million taken in a caper at Northern Bank in Belfast, Northern Ireland, in December 2004, at that time the biggest cash robbery on record. The Irish Republican Army was blamed for that robbery.

But one similarity between the robberies has raised worrisome questions about the way money is protected.

In both cases, employees and families were taken hostage, forcing managers to help the thieves. And so the most vulnerable point in guarding the cash has become the people who know the codes and procedures to bypass sophisticated security systems.

Such tactics “are part and parcel of the shift towards the technologized management of money,” said Tim Newburn, a professor of criminology at the London School of Economics.

According to the BBC, such abductions are known as tiger kidnappings, because the victims are stalked before they are seized. “Tiger kidnapping requires a detailed knowledge of staff — their journeys, their responsibilities and their families — which often comes with the help of a current or former employee.”

In other words, an inside job.

Better technical security increases personal risks Read More »

How a 75-year-old jewel thief did it

From MSNBC’s “75-year-old jewel thief looks back“:

When Doris Payne went to work, she stepped into her fancy dress, high heels and donned a wide-brimmed hat. Her creamy, mocha skin was made up just so, her handbag always designer. Sometimes a pair of plain gold earrings would do. Always, she looked immaculate, well-to-do. …

New York. Colorado. Nevada. California. They all beckoned, and so did Greece and France, England and Switzerland as she plied her trade over five decades. …

There was the February day, eight years ago, when she strolled into the Neiman Marcus store on the Las Vegas Strip and asked to see a pair of diamond earrings. …

Employee Linda Sbrocco showed her several — this one … no, this one … how about that one? Soon Sbrocco was swapping jewelry in and out of cases at a dizzying pace. Payne slipped rings on and off, and had Sbrocco do the same.

Then Payne was gone. And so was a $36,000 marquis cut, 2.48-carat diamond ring.

This was how Doris Payne went about her work as an international jewel thief. …

Every month or every other month — no one knows how many times over more than 50 years — she strolled into a jewelry store and strolled out with a ring worth thousands of dollars.

Occasionally, she was caught. Mostly, she was not. …

She grew up in Slab Fork, W.Va., where her daddy worked in the coal mines and her mother sewed dresses and did alterations for extra money. Payne was the baby, the youngest of six who liked school and loved to show her illiterate father places on the world maps she made out of salt and flour, places she would someday visit. …

“It’s not stealing because I’m only taking what they give me,” Payne said. …

The Jewelers Security Alliance, an industry trade group, got on to Payne in the 1970s. Bulletins went out, warning jewelry stores about a slick, well-dressed black woman who was stealing diamond rings.

Where others might hit a store for several pieces of jewelry, Payne only took one or two expensive rings at a time. But what really made Doris Payne different was that she was so prolific and so good. …

In the early 1970s, Payne tried her skills overseas. First Paris. Then Monte Carlo, where she flew in 1974 and paid a visit to Cartier, coming away with a platinum diamond ring. When she got to the airport in Nice, custom agents suspected she had the ring and stopped her. The ring was never found.

During the investigation, Payne says she was kept in a “fifth-rate motel” by the Mediterranean. One day she asked the woman in charge for nail clippers and for a needle and thread to mend her dress. She used the clippers to pry the ring from its setting, sewed the diamond into her girdle and then tossed the setting into the sea, she says.

She wore her girdle day and night, even when it was wet from washing. Her room was searched every day, but the diamond remained hidden.

She wasn’t always so lucky. She’s been arrested more times than she can remember. One detective said her arrest report is more than 6 feet long — she’s done time in Ohio, Kentucky, West Virginia, Colorado and Wisconsin. …

Through the decades, she has used at least 22 aliases, among them Audrey Davis, Thelma White, Sonya Dowels, Marie Clements, Donna Gilbert.

How a 75-year-old jewel thief did it Read More »

MTBU: Maximum Time to Belly Up

From The Register’s “How ATM fraud nearly brought down British banking“:

And there wasn’t time for the banks to fix the problem if anyone went public with it. Their MTBU was too short. MTBU? That’s “Maximum Time to Belly Up”, as coined by the majestic Donn Parker of Stanford Research Institute. He found that businesses that relied on computers for the control of their cash flow fell into catastrophic collapse if those computers were unavailable or unusable for a period of time. How long? By the late 1980s it had fallen from a month to a few days. That’s not a good thing; it meant that a collapse of the computers that any UK clearing bank relied on would destroy it in less than a week.

MTBU: Maximum Time to Belly Up Read More »

Cybercrime more profitable than drug trafficing

From Reuters’ “Cybercrime yields more cash than drugs: expert“:

Global cybercrime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries, a top expert said on Monday.

No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cybercrime.

“Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion,” McNiven told Reuters.

“Cybercrime is moving at such a high speed that law enforcement cannot catch up with it.”

For example, Web sites used by fraudsters for “phishing” — the practice of tricking computer users into revealing their bank details and other personal data — only stayed on the Internet for a maximum of 48 hours, she said. …

Developing countries which lack the virtual financial systems available elsewhere are easier prey for cybercrime perpetrators, who are often idle youths looking for quick gain.

“When you have identity thefts or corruption and manipulation of information there (developing countries), it becomes almost more important because … their systems start getting compromised from the get-go,” she said.

Cybercrime more profitable than drug trafficing Read More »

Greatest last line ever

From CNN:

Customs officials opened his suitcase and a bird of paradise flew out but that was nothing compared to what they found in his pants — a pair of pygmy monkeys.

Californian Robert Cusack has been sentenced to 57 days in jail for trying to smuggle the monkeys, a total of four exotic birds and 50 rare orchids into Los Angeles Airport after a trip to Thailand, officials said on Thursday.

Assistant U.S. Attorney Joseph Johns said Cusack had been undergoing a routine inspection when he arrived last June until an official opened his suitcase.

“It became non-routine when they opened his luggage and a bird of paradise took off flying in the terminal,” Johns said.

Johns said the agents found three more birds in his bag, tucked into nylon stockings, along with 50 orchids of a threatened species.

Asked by agents if he had anything else to tell them, Cusack responded: “Yes, I’ve got monkeys in my pants.”

Greatest last line ever Read More »