July 2008 - Posts
While I could go to wikipedia, look for the definition of money laundering and go search for examples, I've decided to share with you a single, funny, incident to show how simple those tricks are (and people still fall for them).
Consider the following email:
Greetings! Our company is registered in the Careerbuilder company. We have reviewed your resume and are eager to inform you that we are ready to offer you a vacant position
If you are interested in getting the job in our company please reply this email.
We looked through your skills and became sure that you correspond to our requirements.
Job scheme will comprise the following:
1. You receive payments from our customers (By checks, Money orders e.t.c)
2. Than you fill forms with details of received payments in your Internet Office
3. Transfer money to our main office by requested methods.
Your earning will be 8 % of the amount of each completed payment please answer this message with your Contact Information and Attach your Resume to e-mail.
Additionally we are going to effect you $ 1500 as your salary at the end of each month.
This job will allow you to:
-Get additional free time;
-Efficiently work at home;
-Get financial independence working only 3-5 hours per day;
Sounds easy right ? Stay at home, fill some forms, get money, send money, leave 8% with you
Why no going for this job ? a great way to get some extra money ....
So you sign in WITH YOU EMAIL .
You start receiving money, fill the forms, send money back, leave 8% with yourself.
And then, after two week after, you start getting emails about products which didn't reached their destination and you realized you were selling products on the Internet.
Products which didn't exist anywhere.
End of story ...
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users (wikipedia).
The distributed element in this attack means that there is no single attacker which can be blocked or traced but rather an army of attackers who often controlled by a single mastermind.
In a way, DDoS is what brought bots (or botnets) to the headlines the first time.
There are several "common" methods of attack in case of DDoS. Some include sending packets in an order which cause the receiver to spend precious resources (time, memory and CPU) analyzing and dropping them causing a denial of service of other "legitimate" traffic (e.g. SYN flood).
Old motives included fame and glory(such as taking down an entire country)
Or just not "liking" you
"Modern" motives are always around MONEY :
- Take down your competitor web site during product launch
- Extortion of businesses which are based on the internet (such as online gaming)
Anyway, the part I like best is when it comes "bot wars":
"If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source."
I've decided to get back to basics and introduce you to the dirtbags of the Internet. Although I know none of them in person I feel that we ALL suffer from their acts either directly or indirectly.
Note: This post is based on a presentation delivered by Microsoft LCA representative who took part in our roundtable event last week.
Their motives and goals are simple and easy to understand (even by my mother) :
- Wreak havoc/cause trouble. This might be just for fun, ego or any other challenging reason.
- Make money. Like any other scum in the real world. They just use the new and easy techniques suddenly available online.
- Grow infrastructure. While this goal serves the other, this is where our dirtbags spend the most of their days.
Here is a list of favorite Dirtbags activities. I will touch on few of those in coming posts.
Now, raise your hand (or post a comment) on how many of those are recognized (by name) and familiar (more intimate knowledge) ?
This week we've held the second security monitoring and analysis roundtable here at Microsoft Haifa.
It is the second year we're having this event here in Israel, getting bigger and better.
30 professionals attended this year representing 12 different teams and organizations in Microsoft doing security.
During three days of presentations and brainstorming we've discussed security related activities at Microsoft, new threats observed in the field, attack cases and new features planned for Microsoft products.
As always, the most valuable time was spent between sessions in face-to-face meetings. Many follow up sessions are planned, many new ideas were discussed and valuable feedback was delivered to product teams.
I would like to thank those who organized the event for their dedication and efforts.
So long my knights, See you all next year at the third roundtable conference.