While I could go to wikipedia, look for the definition of money laundering and go search for examples, I've decided to share with you a single, funny, incident to show how simple those tricks are (and people still fall for them).
Consider the following email:
Greetings! Our company is registered in the Careerbuilder company. We have reviewed your resume and are eager to inform you that we are ready to offer you a vacant position
If you are interested in getting the job in our company please reply this email.
We looked through your skills and became sure that you correspond to our requirements.
Job scheme will comprise the following:
1. You receive payments from our customers (By checks, Money orders e.t.c)
2. Than you fill forms with details of received payments in your Internet Office
3. Transfer money to our main office by requested methods.
Your earning will be 8 % of the amount of each completed payment please answer this message with your Contact Information and Attach your Resume to e-mail.
Additionally we are going to effect you $ 1500 as your salary at the end of each month.
This job will allow you to:
-Get additional free time;
-Efficiently work at home;
-Get financial independence working only 3-5 hours per day;
Sounds easy right ? Stay at home, fill some forms, get money, send money, leave 8% with you
Why no going for this job ? a great way to get some extra money ....
So you sign in WITH YOU EMAIL .
You start receiving money, fill the forms, send money back, leave 8% with yourself.
And then, after two week after, you start getting emails about products which didn't reached their destination and you realized you were selling products on the Internet.
Products which didn't exist anywhere.
End of story ...
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users (wikipedia).
The distributed element in this attack means that there is no single attacker which can be blocked or traced but rather an army of attackers who often controlled by a single mastermind.
In a way, DDoS is what brought bots (or botnets) to the headlines the first time.
There are several "common" methods of attack in case of DDoS. Some include sending packets in an order which cause the receiver to spend precious resources (time, memory and CPU) analyzing and dropping them causing a denial of service of other "legitimate" traffic (e.g. SYN flood).
Old motives included fame and glory(such as taking down an entire country)
Or just not "liking" you
"Modern" motives are always around MONEY :
- Take down your competitor web site during product launch
- Extortion of businesses which are based on the internet (such as online gaming)
Anyway, the part I like best is when it comes "bot wars":
"If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."
I've decided to get back to basics and introduce you to the dirtbags of the Internet. Although I know none of them in person I feel that we ALL suffer from their acts either directly or indirectly.
Note: This post is based on a presentation delivered by Microsoft LCA representative who took part in our roundtable event last week.
Their motives and goals are simple and easy to understand (even by my mother) :
- Wreak havoc/cause trouble. This might be just for fun, ego or any other challenging reason.
- Make money. Like any other scum in the real world. They just use the new and easy techniques suddenly available online.
- Grow infrastructure. While this goal serves the other, this is where our dirtbags spend the most of their days.
Here is a list of favorite Dirtbags activities. I will touch on few of those in coming posts.
Now, raise your hand (or post a comment) on how many of those are recognized (by name) and familiar (more intimate knowledge) ?
This week we've held the second security monitoring and analysis roundtable here at Microsoft Haifa.
It is the second year we're having this event here in Israel, getting bigger and better.
30 professionals attended this year representing 12 different teams and organizations in Microsoft doing security.
During three days of presentations and brainstorming we've discussed security related activities at Microsoft, new threats observed in the field, attack cases and new features planned for Microsoft products.
As always, the most valuable time was spent between sessions in face-to-face meetings. Many follow up sessions are planned, many new ideas were discussed and valuable feedback was delivered to product teams.
I would like to thank those who organized the event for their dedication and efforts.
So long my knights, See you all next year at the third roundtable conference.
I was interested to read that 5 major vendors are banding together to fight cyber terror by providing faster responses to threats. The vendors: Cisco, Juniper, Intel, IBM and Microsoft have established a non profit organization called: Industry Consortium for Advancement of Security on the Internet or ICASI.
Without knowing much about ICASI activities, I believe this is a step in the right direction since today's attacks target multiple products, OS and protocols creating a wider attack vector.
My only hope is that such initiative will provide some new weapons to fight tomorrow's attacks.
This photo was taken by my colleague, Eric ,in front of building 43 (Microsoft campus, Redmond) .
The tree is sitting on a car in the parking lot (yes, there is a car under there). No one appears to have been injured. The woman in the gray sweater holding her forehead appears to be the car owner. This photo was taken from his office.
Until today, I've always trusted my ISP. First, because I had no reason not to, but it was more than that. My ISP knows a lot about me. Starting from which computers I have at home (media center, windows desktop, Linux servers and mobile devices) all the way to building my browsing habits (hours, homepage, preferred sites, randomly accessed sites etc..). Recent campaigns offered me a trusted Internet provided by my trusted ISP claiming they protect me from many incoming threats.
however, Starting today, I see my ISP in a different light - He is my big brother (well, at least one of them).
Take a look at the following article to see what I mean:
Leaked Report: ISP Secretly Added Spy Code To Web Sessions, Crashing Browsers
An internal British Telecom report documents BT's partnership with U.K. ad company Phorm, which specializes in building profiles of ISP customers, then serving targeted ads on webpages the user visits.
From late September to early October 2006, British Telecom secretly partnered with Phorm to let the company monitor and track 18,000 of the BT's customers. Phorm installed boxes on BT's network that redirected web requests through their proxy server.
Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user. Additionally, Phorm purchased advertising space on prominent web sites, showing a default ad for a charity. But when a user who had previously looked at car sites visited one of those pages, he instead got an advertisement for car insurance.
The users were not informed they were being made guinea pigs for a new revenue system for BT and had no way to opt out of the system, according to the report. The JavaScript caused flickering problems for some users as the script reported back information about the content of the web page to a Phorm server. The script also crashed browsers that loaded a website that relied excessively on anchor tags.
BT's secret test first came to light when one suspicious user contacted The Register about the problem. At the time, BT denied any involvement, though the company later admitted it had run a secret test and planned to expand the monitoring technology to its entire network.
..Neither Phorm nor BT returned calls seeking comment on the document.
I was both amazed and amused to read about a recent incident related to TJX (A retailer which was a victim to a large data theft). This time a low level employee has lost his job for speaking in public about the companies' security vulnerabilities.
The employee, Nick Benson, also known by his hacker name, Crypto Mauler, is a frequent poster to computer security discussion groups such as Full Disclosure and the Sla.ckers.org Web forum, where he criticized the company's password policy, its server security settings, and the competence of the technicians who install firewalls at the company's stores.
Several months ago, when the TJX case went public, people wondered what took TJX so long before they came out with the announcement. The lack of information provided fertile ground for speculation -- for example, one report claimed that as many as 30% of all New Englanders may have been impacted by the credit card theft. A feeling that TJX was covering up by hiding information didn't do much good for their reputation (In the end, TJX only admitted to a problem after the first Wall Street Journal report.). The (natural ?) response was to hire a new chief marketing officer to recover the damage to their reputation.
Actually, this can be a great case study how companies deal with a security breach (or in other words, what not to do):
- Hide the symptoms until someone else publishes them.
- Cover up by not revealing all the data (especially if it deals with your customers)
- Go on with a new campaign to minimize damage to reputation
- Make sure nothing goes out to the press anymore.
I've came across this white paper from Kaspersky labs which describes in simple words the models behind Cybercrime .
It starts with the claim that Cybercrime is like any other business. It behaves according to traditional business principles such as profitability, ease of use, risk management, and emerging markets.
The rest of the paper is a description of each of the business principals in the case of Cybercrime .
What I liked best was a screenshot of a rent-a-botnet business (see below). For example, tariff peruse6 gives you 1000 mail proxies a month for "just" $69.95.
While thinking of this black market activity, I recalled another black market which dealt with the price of a single bullet in Gaza. Several years ago, when Israel tried to minimize the flow of ammunition to the Gaza strip, they used this "bullet-price" index to measure the success of the effort. I recall the news reporters using this index in their reports (strangely, the price was in USD).
A single line in a news item I was reading just made me really angry. Still, after all the published (and unpublished) security breaches, people still don't get it.
" .. The Federal Trade Commission has approved a final consent order that settles charges an online clothing retailer failed to properly secure its customers' personal information.
The agency, in a Friday announcement, said it voted unanimously to issue the final consent order.
This follows a January FTC settlement announcement in which Boston-based Life is Good -- best known for making T-shirts bearing optimistic slogans -- agreed to implement an information security program and be audited biennially for 20 years.
In 2006, hackers stole nearly 10,000 credit card numbers from the company's database, apparently through SQL injection attacks, a common way to penetrate websites.
The FTC said Life is Good took a number of information security missteps, including:
- storing credit card data in clear, readable text,
- failing to address website vulnerabilities and thus opening the site up to attacks, such as SQL injections,
- failing to detect unauthorized credit card data access.
The FTC said the merchant deceived customers by stating on its website that it valued and secured private data. .."
What I see as the biggest vulnerability is "storing credit card data ". Why on earth do they need to STORE my credit card at the first place ? Since I don't buy T-shirts once a week, I am more than willing to retype my credit card each time (as long as I enter the URL of the shop and don't follow some email invitation). Can you imagine a state where your supermarket stores your credit card and ask for your id (and some secret password) each time you go for milk ?
Hence, I call every and each one of you who buys online to AVOID visiting shops which keep your credit card and let you commit a transaction just with your "username and password".
We’re looking for IT administrators who would be willing to participate in a Microsoft usability study, focus group, or interview.
All activities will take place in Israel either in Herzliya or Haifa. If it’s an interview it can take place over the phone or at their workplace (or if they prefer, in our offices).
Who are we looking for?
- IT administrators with at least 3 years experience in medium sized to large (or Enterprise) organizations.
How much time would we be asking for?
- For a usability study or focus group, around 2 hours.
- A phone interview or visit, around 1 hour.
What will they get?
- Satisfaction at helping improve and impact the next wave of Microsoft products produced in Israel.
- Some activities also include a small gratuity from Microsoft.
For specific details about the activities, contact me.
Thx.
As you all know by now, Forefront "Stirling" public beta 1 was announced during RSA2008. I've attended the sessions and served my booth duty presenting the public beta. I must admit that I was somewhat disappointed by the interest from visitors following our effort in putting a running demo (which crashed occasionally during the expo itself).
However, the real momentum was gained somewhere else as Stirling was presented to the press and analysts and their first impression is the important message for now (still, we are just in public beta1).
Some key quotes regarding Stirling :
- Microsoft is raising its game again against the traditional anti-virus vendors with their own substantial Forefront central security console and product suite. – Mitchell Ashley blogging in Network World
- With the release of its Stirling security management platform at the ongoing RSA Conference 2008 in San Francisco on Tuesday, company officials and industry watchers contend that the software giant is rapidly proving itself a force to be reckoned with in the sector. – Matt Hines, writing in InfoWorld
- Forefront is truly an indication that Microsoft is taking security seriously and is looking to build integrated products that the channel can sell into enterprise accounts. – Frank Ohlhorst, writing in eWEEK
- Microsoft released fresh trial code for Stirling, a security tool that will give Windows shops a central dashboard for configuring and managing security tasks from the client to network endpoints. – Christina Torode, writing in TechTarget’s SearchWinIT
- Key to the integration effort is a new Microsoft technology called Dynamic Response, which allows the different security tools to communicate and automate responses to a potential threat, enhancing protection against new threats. – Paula Musich, writing in eWEEK
- "Especially on the client side, they're still functionally deficient compared to competitors. But they are gaining market share already and they're coming in at a price point people can deal with and they offer good-enough technology." – Natalie Lambert, Forrester Research, quoted in eWEEK
- "Our research shows IT departments are demanding integration between individual security technologies. "Products like Forefront 'Stirling' will play a key role in reducing administrative and support costs and, ultimately, reducing the total cost of ownership of managing multiple security technologies." – quote from Chris Christiansen, IDC, picked up in vnunet, mcsolutions.co.uk, and SecurityProPortal.com
Following a very long flight, we've reached San Francisco to attend RSA 2008 conference. It is the second time I'm attending RSA and I already feel like an RSA veteran. Location is the same, concept is the same, even the layout of the expo is the same (can it be that they didn't dismantle it after last year's event ?).
Today Microsoft is going to announce Forefront codename "Stirling". Though the content is not public yet, I was asked several times about it during my tour at the expo yesterday. Vendors are aware of the impact Microsoft announcement can have on their business and therefore very interested in it.
While for the most of smaller vendors, Forefront might seems as an opportunity for collaboration, big players (mainly in end point protection) sees us more of a threat. We've witnessed it when asking questions at the booth of an end point protection vendor who was very nice but told us nothing.
There are two trends which I identify with security vendors: CONSOLIDATION and COLLABORATION. Consolidation is the trend in which vendors (even small players) try to provide an end-to-end solutions. Collaboration is an opposite trend in which vendors try to integrate several technologies (from multiple vendors) in order to construct an end to end solution. TMO, What vendors fail to understand is that customers dream of one dashboard to manage their entire IT infrastructure (security is just one aspect of it) and it will come from a big vendor (like Microsoft).
I'm heading to RSA 2008 in San Francisco where Microsoft is going unveil "Forefront Stirling". Though we were asked not to discuss this in public, I wasn't surprised to see the following headline starting last week :
"The world's largest security conference will kick off next week in San Francisco with the public unveiling of Microsoft's next-generation of security software, code-named Stirling.
Over the past few months, Microsoft has quietly shown the software to a select group of users, but sources familiar with the company's plans said that it will release a beta version of the code to users during the RSA Conference next Tuesday. Microsoft will allow attendees to "see new technologies," including Stirling and the company's next-generation Windows Server 2008 software, according to the conference agenda.
Microsoft's Forefront product line has been playing with more established security products over the past few years, but with Stirling the company will finally be able to offer administrators a single product that manages all of its security offerings."
no comments please ...
In a recent security breach , 4.2 million credit and debit card numbers were exposed and exploited from a grocery chain which were compliant with the PCI security standard :
"The latest exposure of millions of credit and debit card numbers by Hannaford Bros., a grocery chain with 271 locations in New England and Florida, raises new questions about the value of the credit card industry's controversial security rules, known as PCI. The Payment Card Industry Data Security Standard was put in place by major card brands, including Visa and MasterCard, to ensure that retailers take sufficient steps to protect customers' financial data. More than 3,600 U.S. retailers comply with--or are working to come into compliance with--the PCI program.
But retailers and security vendors know that PCI compliance is a slippery concept in terms of determining who is, and is not, up to par. And the Hannaford breach--in which 4.2 million credit and debit card numbers were exposed even as the company's Web site states that it "has been certified as compliant" with PCI--demonstrates to the rest of the world just how fluid this concept really is. .."
I've had a chance to visit a grocery chain in the US with 600 locations and was surprised to see the awareness to security issues. However, being compliant with PCI was their number one goal.
Without picking on a specific industry, I believe security standards (such as PCI) must define more concrete rules and list technologies which are required, supportive or optional to meet them. More important, however, is to define how to use those tools (it is not enough to collect logs where you have no one to inspect them in a timely manner)
Hannaford will need to sell lots of lettuce to mop up this mess:
- 4.2 Million - Account numbers exposed
- 1,800 - Fraud cases connected with breach ... so far
- $197 - Average per-record cost of a breach in 2007
More Posts
Next page »