Emergency.Blog

BusinessWeek: The New E-spionage Threat

The New E-spionage Threat

Cover Story April 10, 2008, 5:00PM EST
Appears in BusinessWeek, April 21, 2008 Print Edition, Pg. 33-41

A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps

by Brian Grow, Keith Epstein and Chi-Chu Tschang

The e-mail message addressed to a Booz Allen Hamilton executive was mundane?a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the message traveled through Korea on its way to Booz Allen. Its authors knew enough about the "sender" and "recipient" to craft a message unlikely to arouse suspicion. Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org, which is registered through an obscure company headquartered on the banks of China's Yangtze River.

The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. "It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations.

Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. "They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands," Croom says. Cyber attackers "are not denying, disrupting, or destroying operations?yet. But that doesn't mean they don't have the capability..."

-- Source/continues: http://www.businessweek.com/magazine/content/08_16/
b4080032218430.htm

NATO: Cyber terrorism "as dangerous as missile attack"

Date: March 10, 2008

NATO: Cyber terrorism "as dangerous as missile attack"

Source: Software.silicon.com, by Nick Heath

NATO's cyber defence chief has warned that computer-based terrorism poses the same threat to national security as a missile attack. Suleyman Anil, head of NATO Computer Incident Response Capability Co-ordination Center, said a determined cyber attack on a country's online infrastructure would be "practically impossible to stop".

Nations need to focus on improving their ability to quickly recover and get systems back online, an area in which nearly all countries were currently "weak", he told delegates at the e-crime congress in London.

Anil said the cyber attacks on Estonia last year which brought down key financial and state systems had demonstrated how cyber terrorism could take down national infrastructure with "very serious consequences". He said: "It stands together with air missile defence and the global fight against terrorism."

NATO will set out an action plan for dealing with a similar infrastructure attack on one of its members at a state summit in Bucharest next month.

-- Source/continues: http://www.crime-research.org/news/03.10.2008/3241/

Chinese hackers: No site is safe

LEAD STORY -- March 7, 2008 -- Updated 1635 GMT (0035 HKT)

Chinese hackers: No site is safe
['Know about both yourself and the enemy, and you will be invincible.']

By John Vause, CNN

HOUSHAN, CHINA(CNN): They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world's most sensitive sites, including the Pentagon.

The leader of these Chinese hackers says there "is always a weakness" on networks that allows cyber break-ins.

In fact, they say they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies.

"No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness," says Xiao Chen, the leader of this group.

"Xiao Chen" is his online name. Along with his two colleagues, he does not want to reveal his true identity. The three belong to what some Western experts say is a civilian cyber militia in China, launching attacks on government and private Web sites around the world.

If there is a profile of a cyber hacker, these three are straight from central casting -- young and thin, with skin pale from spending too many long nights in front of a computer.

One hacker says he is a former computer operator in the People's Liberation Army; another is a marketing graduate; and Xiao Chen says he is a self-taught programmer.

"First, you must know about the Web site you want to attack. You must know what program it is written with," says Xiao Chen. "There is a saying, 'Know about both yourself and the enemy, and you will be invincible...'"

-- Source/continues: http://edition.cnn.com/2008/TECH/03/07/china.hackers/index.html

(Includes Video: Watch hackers' clandestine Chinese operation)

Emergency.Com References:

• "China; The Emerging Threat?" (Friend or Peer Competitor...) Flash Briefing, can be found at:
  http://www.emergency.com/2006/emerging_china_flash.htm
  
  
• Tuesday, September 11, 2007 --"Cyber attacks: a new weapon in the state arsenal" can be found at:
  http://www.emergency.com/archive/2007/09/entry_252.htm
  
  
• "Series of EmergencyNet News Reports Concerning A Cyber-Conflict Between Chinese and USA Hackers: 13 Apr 2001 to 05 May 2001," Can be found at: http://www.emergency.com/2001/chinese-cyberwar2001.htm
  
  
• 20 Mar 2000 -- Recent DoS Attacks Point Out Already Known Vulnerability of U.S. Infrastructure,"
  Section: 'CHINA: The Re-Emerging Dragon'
  By: C. L. Staten, CEO and Sr. National Security Analyst, Emergency Response & Research Institute (ERRI)
  Can be found on the internet at: http://www.emergency.com/2000/cybersec2000.htm

Cyber Assassination; Perception and Deception

04 Feb 2008

Cyber Assassination

By Kevin Coleman

"Cyber assassination" is when an individual is unaware that he or she is the subject of a cyber attack designed to discredit them and to call into question his or her credibility or loyalty.

Here's a possible scenario: A senior person in the CIA is working on a case and is disrupting the enemy's activities or getting closer to uncover covert enemy operatives. A smart enemy might attack the leader or others involved in the investigation in an effort to slow down or derail the efforts to expose them. They may choose to hack the individual?s laptop and place damaging emails that allude to a pay-off on their hard drive. Then all that is required is a subtle leak that gets back to the CIA and you can imagine the rest.

A second example could be a politician who is pushing for sanctions against a country and they hack their computer and put pornography on the hard drive. A covert leak of this information results in an investigation and public disclosure of the porn on the hard drive. This individual?s ability to gain or maintain support for their interest in sanctions would be undoubtedly damaged.

You can prove a computer has been compromised (hacked). However, it is virtually impossible to say definitively that a computer has not been hacked. Our ability to defend against this type of assault on individuals in the political, academic, business or industrial spotlight is very limited...

-- Source/continues: http://www.defensetech.org/archives/003980.html

ERRI Analysis:

Perception and Deception; Reputation Management & Cyber-Assassination

By C. L. Staten, Sr. National Security Analyst

"It takes many good deeds to build a good reputation, and only one bad one to lose it," -- Benjamin Franklin, statesman and inventor(1706-1790)

The implications of this kind of "cyber assassination" may go well beyond that which is described in the excellent article above by Kevin Coleman. How about the same thing happening to not just an individual, but an entire company? Is it possible that an a business competitor might distribute pornography, ads for erectile dysfunction or other [illegal?] drugs, or links to illegal gambling sites...and make it appear that it came from an otherwise reputable individual or business?

Our preliminary research in this matter would suggest that this sort of scurrilous 'cyber-attack' on individual or corporate reputation is already going on.

In fact, we have copies of e-mails engaging in the distribution of questionable materials and appearing to come from reputable defense contractors, consulting companies, banks, and insurance companies. The truth about these e-mails is far different. The e-mails, as best we could ascertain it through IP tracing (and other tracking techniques), were coming from individuals, countries, and possibly governments that might be considered "unfriendly to the United States" and/or toward corporate America.

Our very preliminary research would seem to indicate that:

1. At least some major corporations' computer systems are compromised by spam-bots and are being used to distribute some very unsavory e-mails

2. Misdirection is being used to make it appear that otherwise reputable individuals and companies are distributing illegal spamming, spy-ware and viruses

3. The spam, spy-ware, and bot-net problems have increased exponentially in the past few years...almost to the point of becoming unmanageable, and thus, now pose "a significant threat" to the credibility of the entire internet.

4. It is now possible, in our current estimation, to hire someone to "smear" an individual or company by 'spoofing' and distribution of illicit or questionable materials that will surely and negatively affect the reputation of the victim worldwide.

5. After a sufficient distribution of these illicit materials by "reputation assassins," otherwise legitimate websites and e-mails may be blocked by firewalls, anti-spam devices, and other systems designed to prevent problems...thus disrupting legitimate business activities by the victims

6. And we haven't even addressed the whole issue of Identity theft and the various kinds of malicious misuse of victims' information

Watch EmergencyNet News and Emergency.Blog for more on this still emerging story...

Bush Order Expands Computer Network Monitoring

Saturday, January 26, 2008; Page A03

Bush Order Expands Network Monitoring
Intelligence Agencies to Track Intrusions

By Ellen Nakashima, Washington Post Staff Writer

WASHINGTON, DC: President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems.

The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies -- including ones they have not previously monitored.

Until now, the government's efforts to protect itself from cyber-attacks -- which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data -- have been piecemeal. Under the new initiative, a task force headed by the Office of the Director of National Intelligence (ODNI) will coordinate efforts to identify the source of cyber-attacks against government computer systems. As part of that effort, the Department of Homeland Security will work to protect the systems and the Pentagon will devise strategies for counterattacks against the intruders.

There has been a string of attacks on networks at the State, Commerce, Defense and Homeland Security departments in the past year and a half. U.S. officials and cyber-security experts have said Chinese Web sites were involved in several of the biggest attacks back to 2005, including some at the country's nuclear-energy labs and large defense contractors.

The NSA has particular expertise in monitoring a vast, complex array of communications systems -- traditionally overseas. The prospect of aiming that power at domestic networks is raising concerns, just as the NSA's role in the government's warrantless domestic-surveillance program has been controversial.

"Agencies designed to gather intelligence on foreign entities should not be in charge of monitoring our computer systems here at home," said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. Lawmakers with oversight of homeland security and intelligence matters say they have pressed the administration for months for details.

The classified joint directive, signed Jan. 8 and called the National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has not been previously disclosed...

-- Source/continues at: http://www.washingtonpost.com/wp-dyn/content/article/2008/01/25/AR2008012503261.html

Utilities threatened by cyber attacks

22 January 2008

CIA: Utilities threatened by cyber attacks

CIA says U.S. utilities are at risk for cyber attack; security experts said the CIA's acknowledgment of the problem indicates how seriously they are taking it, as CIA policy had been not to disclose such things

The nation's utilities are at risk for cyber attack, the CIA's top cybersecurity expert, Tom Donahue, told a gathering of utility security experts, the Washington Post reported. Attackers have hacked into utility companies' computer systems overseas, in one case causing a power outage that affected multiple cities. "We do not know who executed these attacks or why, but all involved intrusions through the Internet," Donahue said at a trade conference in New Orleans. "We suspect, but cannot confirm, that some of the attackers had the benefit of inside knowledge." The hackers are using the attacks to demand money from utilities.

Security experts said the CIA's acknowledgment of the problem indicates how seriously they are taking it. CIA policy had been not to disclose such things. "The CIA wouldn't have changed its policy on disclosure if it wasn't important," Alan Paller, research director at the SANS Institute, told the Post. "Donahue wouldn't have said it publicly if he didn't think the threat was very large and that companies needed to fix things right now." Andrew Storms, director of security operations for nCircle Network Security, said that "these statements of threats and risks to the nation's infrastructure are not new. In private meetings with the CIA and FBI, information-security personnel have heard time and time again that the nation's utility systems are at risk and are a likely target by cyber attackers," he said.

-- Source/continues:http://hsdailywire.com/single.php?id=5385

International computer hackers threatening to hold cities ransom

January 18, 2008

CIA says hackers pulled plug on overseas power grid

Overseas attacks recently declassified, but some details obscure

By Robert McMillan

(IDG News Service) -- Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a Central Intelligence Agency analyst said this week.

Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.

Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said in a statement posted to the Web on Friday by the conference's organizers, the SANS Institute. "In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

"According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure," SANS said in the statement.

One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. "It appeared that there were a lot of people who didn't know this already," said the attendee, who asked not to be identified because he is not authorized to speak with the press...

-- Source/continues at: http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9057999

Last updated at 23:33pm on 18th January 2008

CIA launches hunt for international computer hackers threatening to hold cities ransom by shutting off power

By WILLIAM LOWTHER

The CIA has launched a major hunt for international computer hackers who are threatening to throw cities into chaos by sabotaging their electricity supplies. In a shock announcement last night the American spy agency said that the hackers were running a massive extortion plot. They are threatening to cut off city lighting and power supplies unless they are paid huge sums of ransom money...

-- Source/continues: http://www.dailymail.co.uk/pages/live/articles/news/worldnews.html
?in_article_id=509186&in_page_id=1811&ito=1490

Cyber attacks: a new weapon in the state arsenal

September 11, 2007 - 17:08PM

Cyber attacks: a new weapon in the state arsenal

AUSTRALIA: Cyber-attacks against government networks in recent months illustrate how states like China are discovering the power of a new weapon that is less expensive and more discreet than battalions of tanks or spies.

Cyber assaults blamed on China have struck sensitive government sites in Britain, France, Germany and the United States -- including the Pentagon and the French defense ministry, officials recently confirmed to major media. China denies the accusations.

"A state can use these tools to exert its power. States are beginning to understand that, and in a lot of ways the Chinese are taking the lead, and the Russians as well," said Ned Moran of the Terrorism Research Center. "A country like China is realizing that instead of building a robust espionage network, based on people in a country and recruiting spies, they can do the same thing at a very low cost by executing cyber attacks," Moran said.

The expert at the Virginia-based Terrorism Research Center, a branch of Total Intelligence Solutions -- a firm founded by former CIA officials -- said it was clear the recent spate of hacking came from China.

"You can detect patterns, coming from the same country, the same network, with the same type of techniques," he said. "That gives you a sense that it's probably coming from the Chinese, based on what I've seen. The Chinese government either is doing it, or is looking the other way as Chinese citizens are doing it." This article continues at: http://news.brisbanetimes.com.au/cyber-attacks-a-new-weapon-in-the-state-arsenal/20072011-yfl.html

ERRI/Emergency.com References:

20 Mar 2000 -- Recent DoS Attacks Point Out Already Known Vulnerability of U.S. Infrastructure,"
Section: 'CHINA: The Re-Emerging Dragon'
By: C. L. Staten, CEO and Sr. National Security Analyst
Emergency Response & Research Institute (ERRI)
Can be found on the internet at: http://www.emergency.com/2000/cybersec2000.htm

10 July 2000 -- "The 'Love Bug,' Asymmetric Warfare, and Other Computer Attacks; Future National Security Implications..."
Section: China, Unrestricted Warfare, and Multi-Dimensional Conflict
by C. L. Staten, CEO and Sr. Analyst
Emergency Response & Research Institute (ERRI)
Can be found on the internet at: http://www.emergency.com/2000/compdefnse-implc.htm

Outside Reference:

DOD: China fielding cyberattack units
BY Josh Rogin
Published on May 25, 2006
URL: http://www.fcw.com/article94650-05-25-06-Web

First Nation-State Cyberwar Underway in Estonia?

Thursday May 17, 2007

Russia accused of "unleashing cyberwar" to disable Estonia

* Parliament, ministries, banks, media targeted
* NATO experts sent in to strengthen defenses

By Ian Traynor in Brussels
The Guardian (U.K.)

EUROPEAN UNION/NATO: A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with NATO urgently examining the offensive and its implications.

While Russia and Estonia are embroiled in their worst dispute since the collapse of the Soviet Union, a row that erupted at the end of last month over the Estonians' removal of the Bronze Soldier Soviet war memorial in central Tallinn, the country has been subjected to a barrage of cyber warfare, disabling the websites of government ministries, political parties, newspapers, banks, and companies.

NATO has dispatched some of its top cyber-terrorism experts to Tallinn to investigate and to help the Estonians beef up their electronic defenses.

"This is an operational security issue, something we're taking very seriously," said an official at NATO headquarters in Brussels. "It goes to the heart of the alliance's modus operandi."

Alarm over the unprecedented scale of cyber-warfare is to be raised tomorrow at a summit between Russian and European leaders outside Samara on the Volga.

While planning to raise the issue with the Russian authorities, EU and NATO officials have been careful not to accuse the Russians directly.

If it were established that Russia is behind the attacks, it would be the first known case of one state targeting another by cyber-warfare...

-- Article continues on the net at: http://www.guardian.co.uk/russia/article/0,,2081438,00.html

DDoS Attacks Reported on DNS Servers Overnight

Hackers attack key Net traffic computers

Posted 2/7/2007 7:41 AM ET
By Ted Bridis, The Associated Press

WASHINGTON, DC; USAToday/The Associated Press are reporting that hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet's most vital pipelines.

The Homeland Security Department confirmed it was monitoring what it called "anomalous" Internet traffic.

"There is no credible intelligence to suggest an imminent threat to the homeland or our computing systems at this time," the department said in a statement.

The motive for the attacks was unclear, said Duane Wessels, a researcher at the Cooperative Association for Internet Data Analysis at the San Diego Supercomputing Center. "Maybe to show off or just be disruptive; it doesn't seem to be extortion or anything like that," Wessels said.

Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.

The attacks appeared to target UltraDNS, the company that operates servers managing traffic for websites ending in "org" and some other suffixes, experts said. Officials with NeuStar, which owns UltraDNS, confirmed only that it had observed an unusual increase in traffic.

Among the targeted "root" servers that manage global Internet traffic were ones operated by the Defense Department and the Internet's primary oversight body.

"There was what appears to be some form of attack during the night hours here in California and into the morning," said John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers. He said the attack was continuing and so was the hunt for its origin. Article continues at: http://www.usatoday.com/tech/news/computersecurity/2007-02-07-hacker-attack_x.htm?csp=34

ERRI References:

"Series of "Real-time" EmergencyNet News Reports Concerning Denial of Service Attacks on Leading Web Sites on the Internet - 08 Feb 2000 to 16 Feb 2000," (includes diagram of "controller and zombie" computers), can be found at: http://www.emergency.com/2000/dos2000.htm

22 Oct 2002 -- Warnings and Indications: Attack Reported on Root DNS System of Internet

By C. L. Staten, Senior National Security Analyst, Emergency Response & Research Institute (ERRI)

CHICAGO, IL (EmergencyNet News) -- According to various reports from reputable sources, the internet suffered one of it's most extensive attacks on the servers that route traffic through the rest of the network at about 17:00EDT on Monday. The incident reportedly affected as many as 7 of the 13 world-wide DNS servers. According to federal officials the National Infrastructure Protection Center (NIPC) is conducting an inquiry into the incident that lasted about one hour.

The method of attack is called a "distributed denial of service" or "DDOS." It is carried out by commanding multiple computers, that have been previously compromised via a "trojan" or "worm," or other virus and using them to attempt to overwhelm the target server. In the case on Monday, the attacker (s) attempted to compromise the main servers that translate names and numbers into usable references for all computers to locate resources on the internet.

In February 2000, CNN, Amazon.com, eBay, Yahoo, and a number of other commercial and news websites were severely disrupted for several hours due to DDOS attacks. Click here to learn more about DDOS attacks in a: Series of "Real-time" EmergencyNet News Reports Concerning Denial of Service Attacks on Leading Web Sites on the Internet - 08 Feb 2000 to 16 Feb 2000

ERRI computer analysts said that while Monday's attack was serious, that what could be more ominous is a possibility that it may have only been a "probe" or "test of concept" in a larger plan that might occur in the future. The attacks could also have been carried out in an attempt to further undermine confidence in computer systems upon which the U.S. and her allies have grown dependant for their overall military and economic superiority. To achieve the greatest effect, the likelihood is that a more wide-spread or attack of longer duration would be carried out on important infrastructure sites during some sort of other military, terrorist, or political crisis...in an concerted attempt to degrade communications, reduce interoperability, and lessen the cyberspace capabilities of the United States.

http://www.emergency.com/2000/compdefnse-implc.htm

http://www.emergency.com/techthrt.htm

http://www.emergency.com/2000/cybersec2000.htm

Islamic Terrorists using Google Map and GPS systems to locate, track and monitor India's IT and call center outsourcing hubs

Original article date: Jan. 6, 2007 -- Posted here 10 Jan 2007

Islamic Terrorists using Google Map and GPS systems to locate, track and monitor India's IT and call center outsourcing hubs

INDIA: They want to hit at the core profit center of India Inc. They want to hit at the outsourcing centers all over the nation. They have placed moles in Infosys, TCS, IBM India, Wipro and other companies all over the countries. They are recruiting non-Islamic people to cause confusion. With these field intelligence operatives, they are using Google Map and Global Positioning Systems to track each and every outsourcing installations of India.

Pakistan's ISI provides them with logistics and guidance. They are spread out ready to take on India.

The suspected Pakistan-trained militant, who was arrested on Bangalore outskirts, had visited Infosys and Wipro to find out the security arrangements there for a possible terror strike as per instructions of top insurgents in Pakistan with alleged LeT links, his questioning revealed.

Sources say he was visiting the moles already in place in those companies.

Police recovered one AK-56 rifle, 200 rounds of ammunition, five hand grenades, two magazines of AK-56 and one charger for satellite phone from his rented house at Ranipet in Bellary district, City Police Commissioner Neelam Achyut Rao said.

Rao said the 34-year-old terrorist, Bilal Ahmed Kota alias Imran Jalal alias Salim, was asked by his 'bosses' (top insurgents in Pakistan with alleged LeT links) to visit the offices of Wipro and Infosys and Bangalore airport to find out the security arrangements at these places and to report back.

-- Source: India Daily, Kiran Chaube, 06 Jan 2006 -- http://www.indiadaily.com/editorial/15046.asp

ERRI analyst note: This notice is posted on the OP/ED page of and probably should be considered more an allegation than confirmation of a given threat. That said, ERRI analysts previously predicted potential attacks on IT resources in India. Please see: 08 March, 2005 Threats of Terror Attacks on High-Tech Firms in India, can be found at: http://www.emergency.com/2005/bangalore_threat_030805.mht

2006: "The Year of Computing Dangerously"

Cybercrooks Deliver Trouble
With Spam Filters Working Overtime, Security Experts See No Letup in '07

By Brian Krebs
washingtonpost.com staff writer

Wednesday, December 27, 2006; Page D01

It was the year of computing dangerously, and next year could be worse. That is the assessment of computer security experts, who said 2006 was marked by an unprecedented spike in junk e-mail and more sophisticated Internet attacks by cybercrooks.

Few believe 2007 will be any brighter for consumers, who already are struggling to avoid the clever scams they encounter while banking, shopping or just surfing online. Experts say online criminals are growing smarter about hiding personal data they have stolen on the Internet and are using new methods for attacking computers that are harder to detect.

"Criminals have gone from trying to hit as many machines as possible to focusing on techniques that allow them to remain undetected on infected machines longer," said Vincent Weafer, director of security response at Symantec, an Internet security firm in Cuptertino, Calif.

One of the best measures of the rise in cybercrime is junk e-mail, or spam, because much of it is relayed by computers controlled by Internet criminals, experts said. More than 90 percent of all e-mail sent online in October was unsolicited junk mail, according to Postini, an e-mail security firm in San Carlos, Calif. Spam volumes monitored by Postini rose 73 percent in the past two months as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. In November, Postini's spam filters, used by many large companies, blocked 22 billion junk-mail messages, up from about 12 billion in September.

The result is putting pressure on network administrators and corporate technology departments, because junk mail laden with images typically requires three times as much storage space and Internet bandwidth as a text message, said Daniel Druker, Postini's vice president for marketing.

"We're getting an unprecedented amount of calls from people whose e-mail systems are melting down under this onslaught," Druker said. Read all about it at: http://www.washingtonpost.com/wp-dyn/content/article/2006/12/26/AR2006122600922.html

Previous reference from this author: http://www.washingtonpost.com/wp-dyn/content/article/2006/12/22/AR2006122200367.html

Analysis and Commentary

The View From One Small Company in Chicago
By Paul Anderson

CHICAGO, IL: ERRI computer security analysts say that despite adding a Barracuda? Spam/Anti-Virus firewall box, and using updated firewall protection on each workstation in the Emergency.com network, the battle goes on with the spammers, crackers, and other cybercriminals. One ERRI network consultant said that the firewall appliance is being overwhelmed with an unprecedented number of spoof e-mails, "409" schemes, misdirections, and links to fake webpages that pretend to be those of banks, credit unions, and other financial institutions. He said, "We recently found over 2,000,000 fraudulent e-mails of one kind or another in the "quarantine archive" of our firewall...among them were 59 files containing various viruses."

ERRI CEO and senior analyst, Clark Staten, said today that the plague of spam and fradulent internet schemes has the greatest likelihood of "bring down the net," by diminishing confidence in it and clogging various chokepoints by the use of "bots" of various kinds. "It will not be a lack of ideas, a lack of innovation, or a lack of technology that could 'kill the net' as we know it...the net has proven itself terribly resilient in the face of various kinds of assaults," Staten said. "It will likely be the scourge of malicious intent and illegal commerce that will damage or even kill the internet," Staten added. "Much like the rest of society, if the internet is not globally governed in a fair and appropriate manner, and on-line users don't continually make their displeasure known about emerging (or long-time) nuisances on the net ...the cybercriminals will win," the long-time net enthusiast said.

Staten, who has been using the e-mail and the internet since the mid/late 80's, said that it continues to increasingly appear that many of the "nightmares" of early internet pioneers have materialized and that "the commercialization of the net" may be damaging it, both in intent and function. "However, please don't misunderstand my comments," Staten added. "Many, if not most, of the companies on the internet are using the net in a responsible and community-spirited manner...in fact, many have contributed both content and technical capability to the operation of the net and added a great deal to end-user satisfaction."

"But, there are 1-2% of internet businesses, who are engaging in fraudulent practices of some kind...there is also a segment of adolescents who seem to want to engage in graffiti and distribution of various kinds of malware...and finally, there are small groups or individuals stealing personal data and selling it to the highest bidder," Staten added. "At the risk of stating the obvious, the net community MUST make it clear to malcontents that the 'Wild-West days' of the internet are over and that real action will be taken to stop those who are exploiting (and ruining) this valuable resource," he continued. "Unless and until internet users, as a whole, condemn and actively combat fraudulent use of the internet...it will continue and even increase," Staten added.

"There can no longer be 'a wink and a nod' of understanding and acquiescence by regular internet users when it comes to spam, fraud schemes, and cybercrime...if end-users don't contribute to the solution...then, they are part of the problem," the veteran 'sysop' (system operator) concluded.

Cyber Crime Hits the Big Time in 2006; 2007 May Be Even Worse

24 Dec 2006

Cyber Crime Hits the Big Time in 2006
Experts Say 2007 Will Be Even More Treacherous...

By Brian Krebs, washingtonpost.com

Call it the "year of computing dangerously." Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products.

Internet users witnessed yet another wave of spam, worms, viruses and other online attacks in 2005, and experts predict the online world will grow even more dangerous this year.

Thieves are no longer only after your wallet, jewels or other precious belongings. Instead, they want you. Learn how to protect yourself and what to do if you're a victim.

Few Internet security watchers believe 2007 will be any brighter for the millions of fraud-weary consumers already struggling to stay abreast of new computer security threats and avoiding clever scams when banking, shopping or just surfing online.

One of the best measures of the rise in cyber crime this year is spam. More than 90 percent of all e-mail sent online in October was unsolicited junk mail messages, according to Postini, a San Carlos, Calif.-based e-mail security firm. The volume of spam shot up 60 percent in the past two months alone as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. Get the whole story on anticipated cybercrime, visit the Washington Post website at: http://www.washingtonpost.com/wp-dyn/content/article/2006/12/22/AR2006122200367.html

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes. read more >>

File a Complaint >> Go to: http://www.ic3.gov/

Protect Your Workplace; Report Suspicious Cyber-Activity Poster

We encourage you to report any activities that you feel meet these criteria for an incident. Note that our policy is to keep any information specific to your site and system confidential unless we receive your permission to release that information. US-CERT has partnered with law enforcement agencies such as the U.S. Secret Service and the Federal Bureau of Investigation to investigate cyber incidents and prosecute cyber criminals. Download the .PDF poster at: http://www.us-cert.gov/reading_room/poster_2.pdf

Report an incident to the U.S. Computer Emergency Readiness Team

Incident Hotline: 1-888-282-08700

www.US-CERT.gov