28 December 2006 - Coast Guard Personnel Required to Complete Anti-Phishing Training
All Coast Guard personnel who use its computer network will be required
to take training on how to avoid being victims of phishing attacks. The
requirement follows the Defense Department's mandate that all personnel
take spear phishing awareness training by January 17, 2007.
http://www.fcw.com/article97216-12-28-06-Web&printLayout
27 December 2006 - Utah Valley State College Data Breach
The names, SSNs and other personally identifiable information of
approximately 15,000 Utah Valley State College (UVSC) students and
faculty were inadvertently made available on Yahoo for about six weeks
in November and December of this year. The data belong to students and
faculty who participated in the college's distance education program
between January 2002 and January 2005. UVSC removed the files from its
servers as soon as it became aware of the situation. The school plans
to notify all individuals affected by the data security breach.
http://www.sltrib.com/news/ci_4906175
27 December 2006 - Man Fired After Seeking Help to Change College Grades
A man who worked as communications director for US representative Denny
Rehberg (R-Mont.) has been fired after trying to hire people to break
into the computer system of his alma mater, Texas Christian University
(TCU), and change his grades. Todd Shriber was concerned that his
school records were not strong enough to ensure his acceptance to
graduate school. Shriber's online request was met with responses from
individuals who never intended to conduct the attack and warned him
repeatedly that what he was asking them to do was in violation of
federal law. The pair warned Shriber that the scheme had been detected
and advised him to "duck and run" though they never attempted to
infiltrate TCU's computer system.
http://www.dfw.com/mld/dfw/news/16327059.htm?template=contentModules/printstory.jsp
27 December 2006 - Indiana Hospital Notifies Patients of Data Theft
Deaconess Hospital in Indiana has sent letters to 128 patients,
notifying them that their personal information was contained in a laptop
computer that has been missing since late November. There is no
evidence the information has been misused; the data include Social
Security numbers (SSNs). The hospital is mulling over security
improvements, including encryption software and providing places to lock
up computers.
http://www.courierpress.com/news/2006/dec/27/patients-warned-of-possible-identity-theft/
26 December 2006 - Phishing Likely Behind Theft of Michigan County Funds
The theft of funds from Oceana County (Michigan) bank accounts is
believed to be the result of a county employee responding to a phishing
email and providing information needed to access the county's accounts.
The theft was detected on November 7, 2006; within two days, affected
accounts were closed and reopened with new numbers. The FBI is
investigating and the Oceana county clerk and treasurer are implementing
new security procedures. County Board members have expressed their
displeasure with the situation, and listed examples of careless work
behavior, including personnel leaving computers on when they leave the
office during the day and using work computers for personal matters.
The county staff was warned twice about phishing attacks earlier in the
fall.
http://www.mlive.com/news/muchronicle/index.ssf?/base/news-0/116714610359880.xml&coll=8
23 December 2006 - Stolen Computer Tapes Hold Insurance Records
Computer tapes stolen during a burglary in Massachusetts are believed
to hold personally identifiable information of approximately 42,000 New
York City employees. The data include names and SSNs. The burglary
took place at the offices of Concentra Preferred Systems, a vendor
working with Group Health Insurance, Inc. Concentra also provides
auditing for Aetna, who acknowledged approximately 130,000 customers
across the country were affected by the breach as well.
- Link removed -
22 December 2006 - Data Security Breaches Top Execs' List of Concerns
According to a Harris Interactive poll conducted in September, corporate
executives at large companies place data security breaches and terrorism
at the top of their list of concerns. Just nine percent of the 197
senior executives surveyed said they are not concerned about data
security. Executives say they are also worried about corporate
malfeasance.
http://www.techweb.com/wire/196701706
22 December 2006 - Prison Sentences for Two Malware Gang Members
Two German men have received prison sentences for their roles in a
scheme to manipulate PCs into dialing premium rate telephone numbers.
The two are part of a larger gang that netted approximately 12 million
Euros (US$15.75 million) in a 14-month period between 2002 and 2003 by
infecting more than 100,000 computers with malware that dialed the
numbers.
http://www.theregister.co.uk/2006/12/22/german_porn_trojan_duo_jailed/print.html
21 December 2006 - Boeing Taking Steps to Improve Data Security
Following the November 2005 theft of a laptop computer containing
information on 161,000 current and former Boeing employees, the company
instructed workers to remove sensitive data from laptop hard drives;
managers were instructed to check that this was done. Employees were
also told that if sensitive data are on a laptop, they should be
encrypted. Boeing is moving away from using Social Security numbers
(SSNs) as unique personal identifiers and has begun deploying software
that will automatically encrypt data saved to company laptops' hard
drives. Another Boeing laptop containing information of 382,000 current
and former employees was stolen in early December; the employee from
whom that computer was stolen was fired for violating company policy.
http://www.techweb.com/showArticle.jhtml?articleID=196701493
21 December 2006 - Nissan Customer Database Leak
Nissan has acknowledged that information from its customer database may
have been leaked. The auto manufacturer plans to notify the
approximately 5.38 million affected customers. Nissan plans to
implement additional security measures in 2007, including physical
security monitoring of secure areas and software to monitor databases
and track all access to the databases.
http://www.forbes.com/markets/feeds/afx/2006/12/21/afx3276888.html
18 December 2006 - Government Agencies to Test Employees with Phishing Attacks
US military services and several agencies will use penetration testing
software to "launch diagnostic phishing attacks against their own
workers." The goal is to see how well government employees follow email
security policies. The software can be used for general phishing
attacks as well as spear phishing attacks, which are aimed at specific
targets. Agencies planning on using the software include the National
Institute of Standards and Technology, the Department of Homeland
Security, the Department of Veterans Affairs, and the Departments of
Labor, Energy and Agriculture.
http://www.fcw.com/article97147-12-18-06-Web&printLayout
15 December 2006 - Microsoft Wins Summary Judgment Against Man for Selling Spam Lists
A UK court granted a summary judgment against a man who was selling
lists of email addresses for use in spamming schemes. A lawsuit filed
by Microsoft alleged that Paul Martin McDonald's sale of the lists
violated the Privacy and Electronic Communications Regulations. A
summary of the case indicates the judge found that "the evidence plainly
established that the business of [McDonald's company] was supplying
email lists of persons who had not consented to receive direct marketing
mail and that it had encouraged purchasers of the lists to send emails
to those people."
http://www.out-law.com/page-7580
15 December 2006 - Florida Motorists Win US$50 Million Class Action Settlement
A US District Court judge has approved a class action settlement
granting US$50 million to compensate Florida motorists whose personally
identifiable data were sold by the state to Fidelity Federal Bank and
Trust. The bank used the data to send information about loans to people
who had recently purchased cars. Each affected motorist will receive
US$160. The sale of the data violated federal anti-stalking laws.
http://www.insurancejournal.com/news/southeast/2006/12/15/74964.htm?print=1
14 December 2006 - Stolen Laptop Case Held Papers with Sensitive Student Data
Papers in the case of a laptop computer stolen from the car of a school
nurse contain personally identifiable information of as many as 600 St.
Vrain Valley (CO) School District students. The data include names,
birthdates, parents' names, Medicaid numbers, the school each student
attends and each student's grade level. The school district indicated
the affected students would be notified by Friday, December 15. The
computer itself holds no information, as it is used only to access the
school computer network. School district IT staff accessed the computer
remotely and changed its password.
http://www.longmontfyi.com/Local-Story.asp?id=12861
13 December 2006 - Stolen Laptop Holds Boeing Employee Data
A laptop computer stolen from a Boeing Co. employee's car holds
personally identifiable information of approximately 382,000 current and
former employees of the aerospace company. Boeing plans to inform
current employees of the theft by email; former employees will receive
letters. The data on the computer include home addresses, dates of
birth and SSNs. Boeing has experienced several other data security
breaches in recent years, including three other laptop thefts that
compromised information belonging to more than 160,000 employees.
Boeing says approximately 250 of the company's more than 75,000 laptop
computers were stolen last year.
http://seattlepi.nwsource.com/local/295769_boeing13.html
13 December 2006 - Phishing Up 8,000 Percent in Two Years
The UK's Financial Services Authority (FSA) says the number of detected
phishing schemes targeting bank customers has increased 8,000 percent
over the last two years. Apacs security chief Philip Whitaker says the
startling increase can in part be attributed to better detection.
Losses from phishing schemes were estimated at GBP 4.5 million (US$8.82
million) for the year preceding October 2004; the estimated loss for
2006 is GBP 45.7 million (US$89.6 million). http://news.bbc.co.uk/2/hi/uk_news/politics/6177555.stm
http://www.theregister.co.uk/2006/12/14/phishing_fraud_uk/print.html
13 December 2006 - Florida Teen Arrested for Altering Grades in School Computer
A Florida high school senior and class president has been arrested for
allegedly breaking into his school's computer system and altering
students' grades. Ryan C. Shrouder allegedly used a school board
employee's password to gain access to the system. He will be suspended
and recommended for expulsion. Two other students have been suspended
in connection with the case.
http://www.allheadlinenews.com/articles/7005847659
12 December 2006 - UCLA Database Breach Affects 800,000
The University of California, Los Angeles (UCLA) has begun notifying
more than 800,000 individuals that their personal information has been
compromised. UCLA computer security technicians became aware of the
problem on November 21 after they noticed an "exceptionally high volume
of suspicious database queries." A subsequent investigation revealed
that attackers had been trying to access the information since October
2005 and that they were targeting SSNs. The FBI has been notified.
UCLA CIO and associate vice chancellor says the database has been"reconstructed and protected" but did not provide details. Those
affected include current and former students, faculty and staff, some
applicants, and parents of students and applicants who applied for
financial aid. The data include names, SSNs, dates of birth and
addresses. http://www.msnbc.msn.com/id/16169453/?GT1=8816
7 & 6 December 2006 -
Complaint Alleges Site Downloads Malware Surreptitiously
The Center for Democracy and Technology (CDT) and StopBadware.org plan
to file a complaint with the Federal Trade Commission (FTC) alleging
that FastMP3Search.com.ar installs malware on people's computers when
they believe they are installing a plug-in to download MP3 files. The
complaint alleges the download disables the Windows Firewall, changes
homepage settings and otherwise affects users' computers. The downloads
are made without users' consent and are difficult to remove.
http://www.scmagazine.com/uk/news/article/608841/anti-spyware-groups-target-sham-music-website/
http://news.com.com/2102-7348_3-6141621.html?tag=st.util.print
6 December 2006 - Sailor Draws 12 Years for Passing Classified Data to Foreign Governments
Naval Petty Officer 3rd Class Ariel J. Weinmann was sentenced to 12
years in prison for stealing a laptop computer and providing classified
data to a foreign government. Weinmann was also dishonorably
discharged; it was only through a plea agreement that he avoided life
in prison without parole
http://www.msnbc.msn.com/id/16081717/
5 December 2006 - Student Charged with Stealing Data from Staff Computers
University of Wisconsin-Whitewater student Michael W. Mraz Jr. has been
charged with two felony computer crimes and burglary for allegedly
breaking into four university staff members' computers as well as
installing keystroke logging software and gaining access to sensitive
data. Mraz allegedly downloaded the software onto the computers from
his flash drive. The data were allegedly collected between March 20 and
May 10 of this year and include answers to an exam, discussions of
student disciplinary situations and information about a police
investigation. Mraz will be arraigned on December 15; he faces up to
19 years in prison if he is convicted on all charges.
http://www.gazetteextra.com/mraz120506.asp
5 December 2006 - Stolen Computer Holds WV Army Nat'l Guard Data
All members of West Virginia's Army National Guard 130th Airlift Wing
have been notified that their personal information, including names,
Social Security numbers (SSNs) and birthdates, was on a laptop computer
stolen from a unit member. The FBI, the Office of Special
Investigations and the Naval Criminal Investigative Service have been
notified of the theft.
http://wowktv.com/story.cfm?func=viewstory&storyid=17093
4 December 2006 - Some websites reporting common error code contain adware
W
eb surfers are accustomed to seeing a 404 error message when they try to reach a website that is not available. But now hackers are using that common occurrence to their advantage by creating fake sites containing the error message to load spyware and adware, security researchers said today. http://haymarket.ec-messenger.com/re?l=1hmcv1Ifvlxf5Ie
30 November 2006 - Stolen Computers Hold PA Driver's License Data
State officials in Pennsylvania acknowledged that two computers stolen
from a driver's license office hold personally identifiable information
of 11,384 individuals. The thieves also made away with a camera, a
printer and card stock and laminate to manufacture as many as 750 phony
licenses. The compromised data include names, addresses, birth dates,
driver's license numbers and some Social Security numbers (SSNs). The
State plans to notify affected license holders by mail.
http://www.msnbc.msn.com/id/15974532/
30 November 2006 - TransUnion Credit Bureau Data Compromised
Someone managed to get login information for the TransUnion Credit
Bureau and steal personally identifiable credit information, including
SSNs, of more than 1,700 individuals. TransUnion is notifying the
people whose information was stolen.
http://www.kxan.com/Global/story.asp?S=5752352&nav=menu73_2
30 November 2006 - McAfee: Top 2007 threats will be money-makers
Researchers at McAfee Avert Labs predicted this week that the top security threats in 2007 will revolve around increased production of malware by organized criminals for monetary gain.
http://haymarket.ec-messenger.com/re?l=1hmc68Ifvlxf5Id
29 November 2006 - Attackers target teenagers through fake IM profiles
Malicious users are targeting young instant messaging (IM) aficionados through bogus profiles that redirect them to adult websites, where adware is installed on their PCs.
http://haymarket.ec-messenger.com/re?l=1hmc68Ifvlxf5Ig
22 November 2006 - Chinese malware stealing game usernames, passwords
More than half of all Chinese malware used last month was designed to steal usernames and passwords, according to new analysis.
http://haymarket.ec-messenger.com/re?l=1hmai7Ifvlxf5Id
21 November 2006 - Study: Almost half of firms late in patching laptops
Organizations, already knee-deep protecting the data in laptops are patching critical vulnerabilities in the mobile devices too slowly, a new study has suggested.
http://haymarket.ec-messenger.com/re?l=1hmai7Ifvlxf5If
15 November 2006 - Human error, zero-day targeted attacks make up latest SANS Top 20
Few would dispute the powerful link between social engineering and the success of a cyberattack in today's financially-driven threat landscape. So now, for the first time, the SANS Institute has named human error to its twice-annual Top 20 Internet Security Attack Targets list, a line-up that, until now, was reserved solely for technology. http://haymarket.ec-messenger.com/re?l=1hm90sIfvlxf5Il
14 November 2006 - Symantec opens phishing-reporting site to home users
Symantec's worldwide phishing-reporting network, previously restricted to member companies, will now be open to home consumers. http://haymarket.ec-messenger.com/re?l=1hm876Ifvlxf5Ih
14 November 2006 - Firms to spend more on data security, privacy, says Ernst & Young study
Three of four respondents to a recent survey said data security and privacy concerns will require further investment on their part. http://haymarket.ec-messenger.com/re?l=1hm876Ifvlxf5Ij
13 November 2006 - Security-related helpdesk calls and IT Security spending up - Cisco poll
Security-related helpdesk calls are rising sharply, with organizations planning to boost security spending next year to protect workers, new research shows.
http://haymarket.ec-messenger.com/re?l=1hm876Ifvlxf5Im
19 October 2006 - Spoofed Microsoft site promises Internet Explorer 7, but spreads trojan
Microsoft Internet Explorer users are being warned that one site claiming to host a new version of the web browser is not what it looks like.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061023/599722/
18 October 2006 - IFPI Files 8,000 More Filesharing Lawsuits Worldwide
The International Federation of the Phonographic Industry (IFPI) has
brought 8,000 lawsuits against alleged illegal filesharers around the
world, including the first such lawsuits ever in Brazil, Mexico and
Poland. Many of the people facing lawsuits are parents of minors who
have shared files in violation of copyright law. This brings the total
number of lawsuits brought by IFPI outside the US to 13,000.
http://news.bbc.co.uk/2/hi/technology/6058912.stm
12 October 2006 - Cyber Thief Steals Data on Brock University Donors
A cyber thief broke into the Brock University computer system and
accessed the personal data of approximately 70,000 individuals who have
made donations to the Ontario, Canada school. The intruder had the
passwords necessary to access the information. The intrusion occurred
on September 22 and took just four minutes, according to Brock
vice-president academic Terry Boak. The data include names, addresses,
email addresses and in some cases, bank account and credit card numbers.
Individuals whose financial account numbers were taken received phone
calls within 24 hours of the school learning of the data theft; the
others were sent letters notifying them of the breach. Boak said the
school did not see the need to make a public statement about the breach,
as those affected had been notified.
http://www.cbc.ca/technology/story/2006/10/12/tech-brock.html
12 October 2006 - Stolen Computers Hold UTA Student Information
Two computers stolen from the home of a University of Texas at Arlington
faculty member hold personally identifiable information of approximately
2,500 university students. The data include names, Social Security
numbers (SSNs), grades and email addresses of students who were enrolled
in computer science and engineering classes between fall 2000 and fall
2006. A school spokesman said they are notifying affected students of
the data security breach. The theft occurred on September 29th; the
university has created a web page with more information for students. http://www.chron.com/disp/story.mpl/metropolitan/4253257.html
12 October 2006 - Vietnamese Authorities Fine Company for Software Piracy
A Daewoo Corp. affiliate in Vietnam has been fined for using pirated
software. Daewoo Hanel Electronic Corp. was ordered to pay 15 million
dong (US$934) for using pirated copies of Microsoft Windows, Microsoft
office, Auto CAD and other software. According to the chief inspector
of Vietnam's Ministry of Culture and Information, the pirated software
was found in a raid on the company last week. A Daewoo Hanel executive
said the software was already installed on the computers when they were
purchased and the company did not know it was pirated. Vietnam hopes
to join the WTO and has committed to cracking down on piracy. http://www.smh.com.au/news/Technology/Vietnam-fines-South-Korean-Daewoos-affiliate-for-software-piracy/2006/10/12/1160246221290.html
11 October 2006 - Data Stolen From 2,300 British Computers Found in The United States
The Metropolitan Policy (Scotland Yard) are investigating the theft of
credit card data and passwords from thousands of personal computers in
the United Kingdom and potentially tens of thousands more around the
world. The stolen data were discovered on computers in the United
States. Police are informing the people whose data were stolen.
http://www.guardian.co.uk/uklatest/story/0,,-6139406,00.html
10 October 2006 - More Than Half of Higher Education Institutions had Security
Breaches Last Yr
The Higher Education IT Security Report Card, which this year surveyed
182 higher education IT directors and managers across the US, found that
58 percent said they had experienced at least one security incident
within the past year. Thirty-three percent said they had experienced
data loss or theft; nine percent said student data was lost or stolen.
The biggest roadblocks to effective security, according to respondents,
are inadequate staff resources and funding.
http://www.fcw.com/article96412-10-10-06-Web&printLayout
8 October 2006 - UK TV Documentary Focuses on Data Theft in Indian Call Centers
Channel 4 in the UK ran a documentary showing stolen credit card
information from Indian call centers. The National Association of
Software and Services Companies (NASSCON) in India disputes the claims
of the TV sting. http://www.forbes.com/business/feeds/afx/2006/10/08/afx3074649.html
7 October 2006 - Missing Laptop Holds Marine Base Resident Information
An investigation has been launched into the disappearance of a laptop
computer containing personal information of 2,400 residents of the Camp
Pendleton Marine Corps base. Lincoln B.P. Management Inc., the company
that manages housing on the base, reported the missing computer.
Lincoln P.B. is notifying individuals affected by the data security
breach.
http://news.yahoo.com/s/ap/20061007/ap_on_hi_te/missing_laptop
6 October 2006 - Missing Hard Drive Holds Air Traffic Controllers' Personal Data
A hard drive missing from the Cleveland Air Route Traffic Control center
in Oberlin, Ohio contains the names and Social Security numbers (SSNs)
of at least 400 air traffic controllers. A Federal Aviation
Administration (FAA) spokesperson says the agency believes the drive was
encrypted; the FAA is investigating the incident to determine if the
drive was stolen. The president of the facility's National Air Traffic
Controllers Association says he believes the thief was after the
information and not the hardware, which is ten years old.
http://www.cleveland.com/news/plaindealer/index.ssf?/base/lorain/1160124449197870.xml&coll=2
5 October 2006 - Woman's Identity Stolen from Marriage License on County Web Site
A Florida woman discovered that her marriage license was viewable on the
Orange County (FL) controller's web site after someone applied for a
loan in her name, according to a local television report. The license
revealed the woman's name, date of birth and SSN, as well as those of
her husband. The Orange County comptroller is reportedly paying a
vendor US$500,000 to black out all SSNs on the web site by January 2008.
http://www.local6.com/problemsolvers/10003689/detail.html
4 October 2006 - Customer data stolen at Indian call centres
Employees in outsourced call centres are stealing sensitive customer data and selling it on the black market, an investigation has found.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061009/596745/
3 October 2006 - SANS Top 10: Laptop encryption, targeted attacks to become more common
Laptop encryption will be made mandatory at a number of government agencies and private organizations, predicts the latest installment of the SANS Institute's Top 10.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061004/596502/
29 September 2006 - Attacks on IM networks continue to rise
Researchers with Akonix Systems' Security Center said that they tracked the highest number of attacks on instant messenger (IM) networks in September than in any month of the year.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061002/596092
28 September 2006 - Six charged for phishing, spamming AOL users
Six men have been indicted on charges they spearheaded a phishing and spamming operation that targeted thousands of AOL users by installing malicious software and requesting private information, the U.S. Attorney's Office in Connecticut announced Wednesday.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061002/595597/
27 September 2006 - Laptop with personal info of 55,000 GE workers stolen
A laptop containing the names and Social Security numbers of about 50,000 General Electric (GE) employees was stolen from a locked hotel room earlier this month.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061002/595224/
25 September 2006 - Scammers adding layers to image spam
Email users should be on the lookout for an advanced type of image spam featuring a new technical wrinkle, researchers said today. http://www.scmagazine.com/us/newsletter/dailyupdate/article/20060927/594610/
20 September 2006 - Life is Good Customer Data Compromised
A database containing the names, addresses and credit card data of more
than 9,000 Life is Good customers has been compromised. The company
acknowledged the intrusion on September 19, but did not say when it had
occurred. A company spokesperson said affected customers were notified"within days" after the head of the company's customer service
department detected the intrusion. Soon after that, access to the web
site was shut down and security measures implemented. The incident is
being investigated.
http://business.bostonherald.com/businessNews/view.bg?articleid=158367
19 September 2006 - Computers Stolen from Virginia Medical Center
Two computers stolen from the Radiation Therapy Department at DePaul
Medical Center in Norfolk, Virginia contain data belonging to
approximately 100 patients. The computers were stolen on August 28 and
September 11. The hospital is notifying those affected by the breach. http://www.wtkr.com/global/story.asp?S=5423927&nav=ZolHbyvj
15 September 2006 - Gun Permit Holders' Personal Data Exposed
The names, addresses, Social Security numbers (SSNs) and other personal
data belonging to approximately 25,000 gun permit holders in Berks
County, Pennsylvania were inadvertently exposed on the Internet. The
Berks County sheriff was attempting to make the list of gun permit
holders more secure to comply with a court order. An outside contractor
apparently failed to take steps to protect the information over the
Labor Day weekend. County Solicitor Alan L. Miller says state law
requires they notify all individuals whose data were exposed.
http://www.tmcnet.com/usubmit/2006/09/15/1898313.htm
18 September 2006 - Computer Stolen From Auditor's Car Holds Law Firm Pension Data
A laptop computer stolen from an employee of auditor Morris, Davis &
Chan held unencrypted, personally identifiable pension plan data,
including names and Social Security numbers (SSNs) of employees from San
Francisco law firm Howard, Rice, Nemerovski, Canady, Falk & Rabkin. The
breach affects approximately 500 individuals. All current and former
partners, associates and employees of the firm have been informed of the
breach, according to the firm's executive director.
http://www.law.com/jsp/legaltechnology/PubArticleFriendlyLT.jsp?id=1158311123646
18 September 2006 - DHS to Announce Appointment of Cyber Security Chief
There are reports that Greg Garcia will be appointed assistant secretary
for cybersecurity and telecommunications at the Department of Homeland
Security (DHS). The position has remained vacant since its creation in
July 2005; the DHS has had a difficult time finding qualified candidates
who were willing to take a cut in pay and perks to work in the public
sector. Garcia is currently vice president for information security
policy and programs at the Information Technology Association of
America. Donald "Andy" Purdy Jr. is currently serving as acting
cybersecurity director.
http://www.foxnews.com/story/0,2933,214364,00.html
http://news.com.com/2061-10789_3-6116920.html
15 September 2006 - Authorities Recover Stolen Computer Holding VA Data
A desktop computer stolen from a Unisys Corp. in Reston, Virginia in
August has been recovered; the computer held unencrypted insurance claim
forms with names, addresses and personal identifiers that belong to
approximately 16,000 patients treated by Veterans Affairs Department
(VA) medical centers in Philadelphia and Pittsburgh. A man, Khalil
Abdullah-Raheem, who worked as a temporary employee at Unisys, has been
arrested in connection with the theft of the computer and charged with
theft of government property. He was released after posting a US$50,000
personal recognizance bond. The FBI is analyzing the computer to see
if the data were compromised; VA Secretary Jim Nicholson says the
computer was not targeted because of the information it contained.
http://www.gcn.com/online/vol1_no1/42012-1.html?topic=security
15 September 2006 - US Judge Orders Spamhaus to Pay US$11.7M Damages and Post Apology
A federal judge has ordered Spamhaus to pay US$11.7 million in damages
to a company that the spam-fighting organization had blacklisted. The
judge also ordered Spamhaus to stop blocking email from e360 Insight LLC
in any way and to post an apology on its web site indicating e360
Insight is not a spammer. Spamhaus, which is based in the UK, has posted
a statement on its website that says "default judgments obtained in US
county, state or federal courts have no validity in the UK and cannot
be enforced under the British legal system." Spamhaus says e360 Insight
violates UK antispam laws and that it has no intention of removing that
company from its blacklist.
http://www.msnbc.msn.com/id/14855085/
14 September 2006 - Nikon World Magazine Subscribers' Data Exposed
The names, addresses and credit card numbers of 3,235 subscribers to
Nikon World magazine were accessible on the Internet for approximately
nine hours last week. The problem was discovered on September 13 when
an Alabama camera store employee attempted to subscribe to the magazine
on line. The sensitive subscriber data were accessible from a link in
an email from Nikon World. Nikon says it has contacted everyone whose
data were compromised. The breach affects people who subscribed to the
magazine after January 1, 2006.
http://www.ledger-enquirer.com/mld/ledgerenquirer/news/local/15519104.htm
13 September 2006 - Microsoft Wins Civil Suit Against UK Spammer
Microsoft has won a civil suit against a spammer in the UK. A court has
ordered Paul Fox to pay GBP45,000 (US$85,000) for violations of the
terms and conditions of use of Microsoft's Hotmail service, which
prohibit anyone from delivering spam to Hotmail customers. The case was
not pursued under UK spam laws because they are limited in scope.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39283259-39020375t-10000025c
13 September 2006 - Earthlink Awarded US$11 Million Judgment in CAN-SPAM Case
Nevada-based bulk emailer KSTM LLC has been ordered to pay Earthlink
US$11 million for sending spam to Earthlink customers. The judgment
from a federal court in Atlanta also prohibits the firm from spoofing
the "from" fields in email, hiding the sender's identity, selling email
addresses and accessing or obtaining Earthlink accounts. The suit was
brought under the CAN-SPAM Act. Earthlink has won more than US$200
million in judgments against spammers over the last 10 years.
http://www.theregister.com/2006/09/13/earthlink_nevada_spammer_judgment/print.html
12 September 2006 - Missing Tapes Hold Data on British Columbian Citizens
Thirty-one computer tapes holding information about hundreds of
thousands of British Columbia citizens are missing from a government
facility in Victoria. The data on the tapes could be used to commit
identity fraud. A confidential government report about the incident
obtained by the Vancouver Sun recommends not making the tapes'
disappearance public knowledge. Canadian law does not require that
individuals be notified in the event of a possible data breach. The
government became aware the tapes were missing in August 2005.
http://www.canada.com/victoriatimescolonist/news/story.html?id=e1b03e3e-d043-4e64-9a09-415a24636751&k=71796
11 September 2006 - Employee Files Found in Dumpster
Following the buyout of a telemarketing company, employees found
personnel files and files containing consumer data dumped in the trash.
The employee files included photocopies of driver's licenses and Social
Security cards. The state attorney general's office plans to examine
the discarded files. Federal law requires businesses to take measures
to destroy personal data beyond simply tossing it in the trash.
http://www.theindychannel.com/news/9818472/detail.html
http://www.theindychannel.com/call6/9824917/detail.html
9 September 2006 - Pair Indicted for Filing Phony Claims with Stolen Patient Information
Isis Machado and Fernando Ferrer, Jr. were indicted on charges of
conspiracy to commit computer fraud, conspiracy to commit identity theft
and conspiracy to wrongfully disclose individually identifiable health
information as well as charges related to fraud in connection with
computers and violations of the Health Insurance Portability and
Accountability Act (HIPAA). Machado and Ferrer allegedly conspired to
steal personal medical information belonging to more than 1,100
Cleveland Clinic Florida patients and using it to make more than US$2.8
million in phony Medicare claims. The Cleveland Clinic has sent letters
to patients whose data were stolen. If convicted of charges against
them, Machado and Ferrer could each face up to 10 years in prison and
fines of up to US$250,000.
http://www.sun-sentinel.com/news/local/southflorida/sfl-dfraud09sep09,0,2612716,print.story?coll=sfla-home-headlines
8 September 2006 - Stolen Univ. of Minnesota Laptops Hold Student Data
On August 14 or 15, two laptop computers were stolen from a campus
office at the University of Minnesota. The computers hold data
belonging to 13,064 current and former students who entered the
university as freshmen between 1992 and 2006. The data include names,
birthdates, high schools attended, test scores and academic probation
information. The computers also contain the Social Security numbers
(SSNs) of 603 of the students. The school is making efforts to contact
affected individuals to inform them of the data breach. The data were
stored on a hard drive, which is "not standard operating procedure,"
according to a university spokesperson.
http://www.twincities.com/mld/pioneerpress/news/local/15475291.htm
8 September 2006 - Bank of Montreal Laptop Stolen
A laptop computer stolen from an Ottawa branch of BMO Bank of Montreal
holds personally identifiable data belonging to approximately 900 bank
clients. The computer was stolen in May; police were notified of the
theft on May 18. A bank spokesperson said there has been no evidence
that the information has been used fraudulently. BMO Bank of Montreal
has advised the affected customers to monitor their accounts for
suspicious activity.
http://ottsun.canoe.ca/News/OttawaAndRegion/2006/09/08/pf-1814249.html
7 September 2006 - Missing Laptop Prompts Security Review
A laptop computer stolen from the car of a Florida National Guard
soldier contained no classified information, but did hold personally
identifiable information belonging to as many as 100 Florida National
Guard soldiers. The computer was stolen on September 5. The incident
has prompted the Florida National Guard to conduct a security review.
http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20060907/BREAKINGNEWS/60907027/1086
6 September 2006 - Subliminal messages sent by spammers in latest pump-and-dump scams
Spammers are using an animated graphic to display a "subliminal" message
to potential stock investors. Find out about more, and view the graphic for
yourself.
http://s592.link.sophos.com/subliminal?pl_id=9
6 September 2006 - Top ten malware threats and hoaxes reported to Sophos in August 2006
Which malware made the top of the charts in the last month? Find out how
many new threats the experts at SophosLabs analyzed last month, which
threats are trying to clog up firms' email inboxes, and ensure that your
computers are properly defended.
http://s592.link.sophos.com/topaug06?pl_id=9
2 September 2006 - Stolen Laptop Holds Chicago City Employees' Data
A laptop computer stolen from the home of a contractor for the city of
Chicago holds personally identifiable information, including names and
Social Security numbers (SSNs), belonging to thousands of city
employees. Nationwide Retirement Solutions (NRS) is notifying people
whose data were on the computer by mail and will offer them one year of
free credit monitoring along with US$25,000 of identity theft insurance.
The computer was stolen in April 2005; local police and the company were
notified promptly. However, the division of NRS that investigates
computer thefts did not learn of it until July 2006. Since the theft,
NRS has deployed encryption on all laptop computers.
http://www.wbbm780.com/pages/77513.php?contentType=4&contentId=198758
2 September 2006 - Indian Call Center Employee Arrested on Charges of Fraud
Sulagna Ray, a call center employee in eastern India, has been arrested
for allegedly using credit card information she obtained though her work
to buy goods for herself over the Internet. Ray worked for Jaishree
Infotech selling Dish TV to people in the US.
http://timesofindia.indiatimes.com/articleshow/1950763.cms
1 September 2006 - GAO Report Finds Security Problems at FDIC
A report from the Government Accountability Office (GAO) says that while
the Federal Deposit Insurance Corp. (FDIC) has addressed 18 of 24
security weaknesses found in a previous audit, the agency still "has not
consistently implemented information security controls to properly
protect the confidentiality, integrity and availability of its financial
and sensitive information systems." The report also identifies 20
additional security problems FDIC needs to fix.
http://www.fcw.com/article95904-09-01-06-Web
23 August 2006 - Hundreds of Workers Punished for Data Privacy Breaches
Nineteen Centrelink staff members were fired; ninety-two resigned and
more than 300 face salary reductions, after allegations of privacy
breaches, including looking at records of neighbors and friends,
surfaced. Centrelink is an agency of Australia's Department of Human
Services. A two-year investigation uncovered nearly 800 instances in
which Centrelink employees gained "inappropriate access" to welfare
records since 2004. Nearly 600 staff members are believed to have
performed the inappropriate searches. Employees were warned twice last
year that an investigation into inappropriate access to records was
underway.
http://australianit.news.com.au/articles/0,7204,20224186%5E15306%5E%5Enbv%5E,00.html
23/22 August 2006 - Beaumont Hospital's Home Care Patients Data on Stolen Computer
A laptop computer stolen on August 5 from the car of a nurse in Detroit
holds personally identifiable information, including names, Social
Security numbers (SSNs) and medical insurance information of more than
28,000 Home Care patients of Beaumont Hospitals. There is no evidence
that the data on the computer have been misused. Although the laptop
was encrypted and password-protected, the nurse's access code and
password were stolen along with the computer. Authorities have disabled
the login connection for the computer. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002685
http://www.clickondetroit.com/news/9716061/detail.html
22 August 2006 - Stolen Laptop Holds Info on 612 Aflac Policyholders
A laptop computer containing personally identifiable information
belonging to 612 American Family Life Assurance Co. (Aflac)
policyholders was stolen from an agent's car. The company notified
those affected by the data security breach in a letter dated August 11,
2006. The stolen laptop is equipped with tracking technology. Aflac
has established a call line for affected customers with questions about
the theft. Local law enforcement is investigating.
http://www.charleston.net/assets/webPages/departmental/news/default_pf.aspx?NEWSID=103737
22 August 2006 - US Army Plans to Encrypt Data on Notebook Computers
The US Army is following the lead of the Veterans Affairs department
(VA) by piloting a program to encrypt data held on notebook computers.
Army CIO Lt. General Steven Boutelle said a forthcoming policy would
require Army personnel to provide an accounting of mobile devices,
including notebook computers. Each device will be labeled, identifying
it as mobile or non-mobile. Personnel will also be instructed not to
remove mobile devices from secure areas unless the data on the devices
are encrypted.
http://www.gcn.com/online/vol1_no1/41759-1.html?topic=security
21 August 2006 - SEC Suing Couple for Alleged Stock "Pump-and-Dump" Scheme
The US Securities and Exchange Commission (SEC) is suing a Connecticut
husband and wife for using spam to artificially inflate the price of
stock they had purchased; they then allegedly sold the stock when its
value temporarily shot up. Jeffrey Stone and Janette Diller Stone
allegedly made US$1 million with their scheme, typically called a"pump-and-dump" scheme.
http://www.theregister.co.uk/2006/08/21/sec_spam_scam_suit/print.html
16 August 2006 - Microsoft Reports Organized Crime Groups Targeting On Line Gaming
Microsoft's Dave Weinstein, a security engineer, says, "Those of you who
are working on massively multiplayer online games, organized crime is
already looking at you." They make money by hacking into computers,
stealing account information, and then selling off virtual gold and
weapons.
http://www.foxnews.com/story/0,2933,208392,00.html
14 August 2006 - Personal Bank Account Data For Sale in Nigeria, Cheap!
Personal financial information belonging to thousands of UK residents
is being sold in Nigeria; the information was gleaned from the hard
drives of used PCs sent from the UK. People in West Africa are
reportedly buying Internet banking account details for under GBP20
(US$37.75). The UK television program Real Story found PCs containing
sensitive information from all over the world in Nigeria's capital,
Lagos. People are still being encouraged to give away their used PCs,
but also to make sure the hard disks are wiped of personal data or
removed from the computers altogether. The UK's Information
Commissioner's office says companies are legally obligated by the Data
Protection Act to remove customer data from their computers when they
no longer require the information.
http://news.bbc.co.uk/2/hi/business/4790293.stm
14 August 2006 - Dollar Tree Customers Report Debit and Check Card Fraud
The US Secret Service and Visa are investigating reports that ATM card
information and PINs were stolen from people who shopped at Dollar Tree
stores in states on the US's west coast. The stolen information was
apparently used to create phony cards that were used to steal hundreds
of thousands of dollars from victims. The data were apparently stolen
in March and April, but were not used until several months later. When
debit cards are used, the money is immediately deducted from accounts.
Customers have just 60 days to call their banks and straighten out the
situation, or lose their money. Credit card fraud presents less
financial risk for consumers.
http://redtape.msnbc.com/2006/08/there_is_a_new_.html
10 August 2006 - IG Report Finds eMail Security Problems at IRS
A recent report from the Treasury Inspector General (IG) for Tax
Administration indicated that nearly 75 percent of 96 IRS employee email
inboxes reviewed contained messages that violated the department's
personal use policy. The IG's report recommends that the IRS monitor
email content. The audit also examined 28 of the IRS's 228 email
servers and found a total of 687 vulnerabilities. The report recommends
reducing the number of email servers. There was also evidence that
devices had been configured to act as unauthorized email servers. The
report says system administrators should be responsible for ensuring
that only authorized email servers are used.
http://www.fcw.com/article95629-08-10-06-Web&printLayout
24 July 2006 - IRS Warns Taxpayers of E-Mail Scam Using US Treasury Payment Systems
Fake e-mail messages containing several misspellings and purporting to
be from a fictitious IRS organization are circulating. They claim that
someone has enrolled the recipient's credit card in the US Treasury's
Electronic Federal Tax Payment System and has tried to use the credit
card to pay taxes. The messages instruct recipients to click on a link
to recover the money, but the link takes them to a malicious Web page
that tries to gather sensitive personal information. This scam is one
of more than 100 since last November. in which perpetrators have tried
to impersonate the IRS in attempts to fool victims into divulging
personal and/or financial information or into downloading malicious
code.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001961
22 July 2006 - Fake Google Web Site Hides Trojan Horse
A fake Google Tool Bar can turn victims' machines into zombies if it is
downloaded. E-mails direct users to the Web site that perfectly mimics
the real Google download page where the victim is offered the fake tool.
http://www.cio.com/blog_view.html?CID=23222
20 July 2006 - The State Of Spam
Nearly five billion pieces of spam are blocked every day between the
efforts of AOL and Microsoft which represents 95 percent of SPAM
traffic, but that still leaves about 5 percent that gets through. The
Messaging Anti-Abuse Working Group says spam accounted for about 80
percent of all the e-mail traffic on the Internet during the first three
months of 2006. IBM is reporting that phishing now accounts for one in
every three hundred email messages. The article includes lots more
information about spam and phishing and what can and cannot be done to
fight back.
http://www.informationweek.com/security/showArticle.jhtml?articleID=190600156
19 July 2006 - Hackers Striking Databases In Record Numbers
A firm that monitors security at 1,300 client organizations reports its
clients' databases are experiencing more than 8,000 SQL Injection
attacks per day. That is nearly a six-fold increase from earlier in
2006. Attacks were detected coming from computers in Russia, China,
Brazil, Hungary and Korea. These attacks are specifically crafted for
the target organizations.
http://www.infoworld.com/article/06/07/19/HNsqlattacks_1.html
15 July 2006 - FBI: Cybercrime losses down last year
The financial losses related to cybercrime are going down, and the number of businesses willing to report these crimes is going up, according to a new survey co-sponsored by the FBI.
http://www.scmagazine.com/us/news/article/569885/fbi+cybercrime+losses+down+last+year/
13 July 2006 - CIO Resigns After Security Breaches at Ohio University
Citing the need for "a new energy level and skill set," the CIO of Ohio
University has submitted his resignation. William Sams will remain at
Ohio University until a replacement has been hired. Two IT staffers
were recently placed on administrative leave following the disclosure
of several data security breaches that exposed the personal information
of 137,000 students and alumni.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001777
13 July 2006 - VA IG Report Critical of Department Data Security Policies
A report from the US Department of Veterans Affairs office of the
inspector general says VA officials acted "with indifference and little
sense of urgency" in the wake of the theft of a computer and storage
device containing data belonging to millions of veterans. The report
is critical of employees at all levels within the VA; it also says VA
policies in place at the time of the theft did not adequately protect
sensitive data. The report says notification of the theft was passed
from one desk to another, delaying the Department's response; the report
also indicates that a VA official wanted to rewrite the theft
notification to make the possibility of data misuse seem less likely
than it actually was.
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39374813-39000005c
12 July 2006 - IT Spending to Grow Significantly
Analyst firm Accenture reports IT security spending will grow significantly this year. http://www.scmagazine.com/us/news/article/568708/it+security+spending+set+grow+significantly/
12 July 2006 - Vladimir Putin death spam helps spread Trojan horse
Sophos experts have warned of a spam campaign that poses as a breaking news
report about the death of Russian President Vladimir Putin, but is really an
attempt by hackers to infect computer users with a Trojan horse. http://s573.link.sophos.com/putin?pl_id=9
12 July 2006 - Gmail Phishing Scam
A recently detected phishing scam targeting Gmail users pretends to
offer a US$500 cash prize. Recipients are directed to a web site where
they are asked to register to receive the prize. They are also asked
to pay a membership fee of less than US$10. The phony registration site
actually hosts malware.
http://www.theregister.co.uk/2006/07/12/gmail_phish/print.html
11 July 2006 - Gmail phishing email lures the unwary with $500 cash prize
A widespread phishing email campaign that tries to trick users out of money
by pretending to be a random cash prize from Gmail, Google's popular free
email service, has been spammed out to internet users.. http://s573.link.sophos.com/gmailphish?pl_id=9
5 July 2006 - Sophos Security Threat Management Report 2006
Sophos's new in-depth report explores the year's most pressing security
issues, and reveals Trojans are now the internet criminal's weapon of choice.
If you're a security professional, protecting your company from malicious
attack, or just responsible for looking after the data on your own PC, then
you need to read this detailed report into the latest virus, spyware
and spam trends.
http://s573.link.sophos.com/secrepmid06?pl_id=9
27 June 2006 - Unlucky 13 sacked by Merrill Lynch over porn
U.S. financial giant Merrill Lynch dismissed 13 staff members at its
Dublin office after they had sent pornographic material through the
company email system. This followed the suspension of 20 staffers the
previous week following an internal investigation.
http://www.scmagazine.com/us/newsletter/dailyupdate/article/20060628/566397/
27 June 2006 - Police bust M00P international virus-writing gang
Authorities in the UK and Finland have arrested three men in connection
with an international malware crime ring. Find out more about the malware
they are alleged to have written, how hackers abuse zombie computers, and
why the gang may have christened themselves "M00P".
http://s562.link.sophos.com/m00pgang?pl_id=9
26 June 2006 - DVLA Employees Disciplined and/or Fired Over Porn E-mail
More than 100 employees of the
Driver and Vehicle Licensing Agency (DVLA) were disciplined for sending
pornographic email; fourteen were fired for "gross misconduct." The
sending of such email violates DVLA's code of conduct.
http://www.theregister.co.uk/2006/06/26/dvla_email_smut_affair/print.html
26 June 2006 - USB Drives Pose Insider Threat; SecurityFocus
Workers have become more wary of putting giveaway CDs in their company's computers, but USB flash drives are another story.
http://ses.symantec.com/jp/symes1474.cfm?JID=8&PID=898884
26 June 2006 - Lost Memory Stick Holds Phishing Investigation Dossier
A police officer with the Australian High Tech Crime Centre (AHTCC) lost
a memory stick that contains sensitive financial data belonging to
thousands of Australians. The lost memory stick holds a dossier on
Russian phishing scams. The data on the stick were being used in an
investigation; several arrests were made with the help of the data, but
since the loss of the stick, no arrests have been made. While officials
searched fruitlessly for the memory stick, the people whose data were
compromised were not informed of the loss. The officer who lost the
device violated AHTCC rules regarding data transport.
http://australianit.news.com.au/common/print/0,7208,19588463%5E15306%5E%5Enbv%5E,00.html
26 June 2006 - Cosmetic company's stock price rises sharply following pump-and-dump spam
A spam campaign is attempting to make money for criminals by inflating the
stock price of a cosmetics company. Find out more about the spammers are
trying to influence the share price, and be aware of the risks of falling
for unsolicited stock market advice. http://s562.link.sophos.com/stockspam?pl_id=9
23 June 2006 - Personal info of 26,000 Agriculture Department employees compromised
The U.S. Department of Agriculture (USDA) announced this week that the
identities of about 26,000 employees and contractors may have been
compromised by the illegal hijacking of the agency’s computer systems earlier
this month.
http://www.scmagazine.com/us/newsletter/dailyupdate/article/20060626/566300/
24 June 2006 - Audit Indicates Security Didn't Top List of Concerns at Ohio University
An independent audit has turned up evidence that Ohio University's
Computer Services department failed to take appropriate security
precautions to protect the data on its systems despite a generous budget
and average annual surpluses in excess of US$1 million. Ohio University
has been in the news lately because of no fewer than five security
breaches of its systems that exposed personal data belonging to
thousands of students and alumni. Last week, university trustees voted
to spend up to US$4 million to improve the school's computer systems.
http://www.smh.com.au/news/Technology/Audit-Ohio-U-Cyber-Security-Low-Priority/2006/06/24/1150845411386.html
23 June 2006 - FTC Says Laptops Stolen from Car
The US Federal Trade Commission (FTC) has acknowledged that two laptop
computers containing names, Social Security numbers (SSNs) and some
financial account data belonging to approximately 110 individuals, were
stolen from a locked vehicle. The computers are those of staff
attorneys and are password protected. The agency "is developing a new
information security policy that would require an employee to remove any
personal identifying data in the machine before it leaves an agency
office. If the personal data were needed for an investigation, an FTC
manager would have to approve allowing the laptop to leave the
building."
http://news.com.com/2102-1029_3-6087218.html?tag=st.util.print
23 June 2006 - Stolen Laptop Holds Student Data
A laptop computer stolen from the car of a San Francisco State
University faculty member held data, including some SSNs, belonging to
nearly 3,000 current and former students. A university spokesperson
declined to elaborate on the disciplinary measures taken, and said it
is "very common" for faculty to have student data on their computers.
The school stopped using SSNs as personal identifiers one year ago.
http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2006/06/23/BAGQLJJ2LB1.DTL&type=printable
23 June 2006 - Man Sentenced to 21 Months for Running Phishing Site
Jayson Harris has been sentenced to 21 months in jail for operating a
phishing site that pretended to be an MSN billing web site. Harris, who
will also pay about US$57,000 in restitution, pleaded guilty to two
counts of wire fraud and fraud. He will also be subject to three years
of supervised release following completion of his jail time. http://www.vnunet.com/vnunet/news/2158925/phishing-site-operator-gets-21
23 May 2006 - CSIA study: Less than a fifth feel protected on internet
Fewer than one in five Americans feel that existing laws are enough to protect them on the internet, a new survey revealed.
http://www.scmagazine.com/us/news/article/560588/csia+study+less+fifth+feel+protected+internet/
22 May 2006 - Personal info of 26.5 million veterans lost
Electronic data containing the personal information of as many as 26.5 million veterans and some spouses has been stolen from the home of a Department of Veterans Affairs (VA) employee who violated agency policy by leaving the office with the information.
http://www.scmagazine.com/us/news/article/560359/personal+info+265+million+veterans+lost/
22 May 2006 - Iowa Phisher Gets 21 Months in Jail
An Iowa man, guilty of using phishing schemes to dupe as many as 250 MSN customers into giving up their personal information, was sentenced Friday to 21 months in prison.
http://www.scmagazine.com/us/news/article/560357/iowa+phisher+gets+21+months+jail/
18 May 2006 - Zombie king suspect alleged to have sent 18 million spams per day
South Korean authorities have arrested a man suspected of running a 16,000-strong network of zombie computers. http://www.sophos.com/pressoffice/news/articles/2006/05/krzombie.html
17 May 2006 - Spyware Infections Up 50 Percent Over Last Year
According to the annual Websense Web@Work survey, the number of
organizations reporting their systems have been infected with spyware
is up nearly 50 percent. Seventeen percent of companies with more than
100 employees reported their networks have been infiltrated by spyware,
such as keystroke loggers. One likely reason for the increase in
spyware infestations is the increasing availability of spyware toolkits
on the Internet. The study also says that 44 percent of IT decision
makers do not believe their employees can distinguish phishing sites
from legitimate ones.
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39360278-39000005c
17 May 2006 - People Selling Pirated Software on eBay Sued
Three lawsuits filed in Los Angeles federal court target five
individuals who allegedly offered pirated software for sale on eBay.
The Software & Information Industry Association (SIIA) is spearheading
an effort to crack down on people selling pirated software by purchasing
their goods in on line auctions and suing them without warning. http://www.smh.com.au/news/breaking/companies-crack-down-on-ebay-pirates/2006/05/17/1147545358529.html
17 May 2006 - New York's Anti-Phishing Act Heads to Governor
The New York State legislature has approved the Anti-Phishing Act of
2006. If Governor George Pataki signs the bill into law, it would allow
the New York attorney general, industries and non-profit groups to bring
civil actions against phishers.
http://www.bizjournals.com/albany/stories/2006/05/15/daily32.html?from_rss=1
16 May 2006 - Malware displays fake virus warnings to sell software
The FakeVir-O Trojan horse displays a message, encouraging computer users to visit a website selling software which claims to protect against spyware.
http://www.sophos.com/pressoffice/news/articles/2006/05/fakeviro.html
13 May 2006 - DISA Offers Free Anti-Spyware Software to All Gov Employees
The Defense Information Systems Agency (DISA) has licensed anti-spyware
software for all US government employees and armed forces personnel to
use on their home computers. The free software is seen as, one measure
to protect government systems from malware as many employees bring work
home. The employees can download the software directly to their home
computers, or they can take home a CD containing the software; it will
update automatically.
http://www.news.navy.mil/search/display.asp?story_id=23639
12 May 2006 - Former Dept. of Education Employee Gets Five Months in Prison for
Accessing Supervisor's Computer
Kenneth Kwak has been sentenced to five months in prison for using
remote control software to access his former supervisor's computer
without authorization. Kwak read his supervisor's email and kept an eye
on his surfing habits; Kwak shared what he discovered with other
employees. Kwak was at the time a computer security specialist at the
Department of Education. Kwak will serve five months of home
confinement once he has completed his prison sentence. He has also been
ordered to pay US$40,000 in restitution to the US government and will
be on parole for three years.
http://news.com.com/2102-7350_3-6071928.html?tag=st.util.print
10 May 2006 - Hong Kong Court Says ISPs Must Divulge Names of Suspected Movie Downloaders
A Hong Kong court has ordered four Internet service providers (ISPs) to
reveal the identities of 49 people who are suspected of illegally
downloading several movies. While last year a man was sentenced to
three months in jail for making movies available on the Internet with
BitTorrent technology, this is the first legal action taken by film
companies in Hong Kong against suspected downloaders.
http://australianit.news.com.au/articles/0,7204,19088317%5E15319%5E%5Enbv%5E,00.html
8 May 2006 - Trojan Goes After Online Game Account Information
The PWS.Win32.WOW.x Trojan horse program seeks user names and passwords
for the online game "World of Warcraft." Once attackers have the means
to access an account, they have the ability to transfer virtual goods
to another account. Although the game's publisher has forbidden the
sale of virtual goods for money there is a black market for them on the
Internet. The program spreads through peer-to-peer file sharing,
pop-ups and email attachments and tries to disable security software on
computers it infects.
http://www.informationweek.com/news/showArticle.jhtml?articleID=187002835
4 May 2006 - Idaho Power Drives Sold on eBay Not Adequately Scrubbed
Idaho Power Co. is trying to track down old company hard drives that
were sold on eBay without going through prescribed scrubbing procedures.
The data on the drives includes memos, customer correspondence and
confidential employee data. Idaho Power recycles old drives through a
salvage vendor. The power company has launched a private investigation
into why scrubbing procedures were not followed. Idaho Power requires
that their discarded drives be destroyed or scrubbed to US Department
of Defense standards. Companies that do not properly scrub memory
devices risk violating regulations in addition to the embarrassment of
exposing confidential data. According to a Gartner survey,
approximately 30 percent of organizations use third party companies to
dispose of PCs and servers they are no longer using. Idaho Power says
it will now destroy old drives rather than recycle them.
http://www.computerworld.com/securitytopics/security/story/0,10801,111148,00.html
27 April 2006 - Stolen Aetna Laptop Contains Data on 38,000 Members
Aetna Insurance has acknowledged that a laptop computer stolen from an
employee's car contains personal data belonging to approximately 38,000
members. Those affected are employees of two companies who asked not
to be named until all of their affected employees are informed of the
laptop's theft and its implications. Aetna plans to send letters to
inform all those affected. Aetna said the employee who left the
computer in the car was not following company policy.
http://news.zdnet.com/2102-1009_22-6066078.html?tag=printthis
27 April 2006 - BSA Ups Maximum Reward for Tips About Unlicensed Software at UK Businesses
The Business Software Alliance (BSA) has increased its maximum reward
for information regarding the use of illegal or unlicensed software in
UK businesses. The BSA has launched 420 investigations from tips
received on its hotline. People providing the BSA with tips about
unlicensed software could receive as much as GBP20,000 (US$36,513)
through the end of June.
http://management.silicon.com/itdirector/0,39024855,39158440,00.htm
27 April 2006 - RIAA and MPAA Ask University Presidents for Help in Fighting Piracy
The Recording Industry Association of America (RIAA) and the Motion
Picture Association of America (MPAA) have sent letters to 40 US
university presidents informing them of problems with pirated digital
content on their schools' local area networks (LANs) and asking they
take action to halt the copyright violations. The RIAA and the MPAA say
students are trading files across school LANs rather than sending them
over the Internet. LANs in universities often serve tens of thousands
of people.
http://news.com.com/2102-1025_3-6066118.html?tag=st.util.print
19 April 2006 - Studies Say HIPAA Privacy Rule Compliance Not Improving
According to a survey from the American Health Information Management
Association (AHIMA), compliance with the Health Insurance Portability
and Accountability Act (HIPAA) patient privacy rules appears to be on
the wane. Of 1,117 hospitals and health systems responding to the
survey, 91 reported HIPAA compliance last year while 85 percent said
they were in compliance this year. The top reasons given for declining
compliance were "lack of resources and diminished management support."
However, 75 percent of respondents said they were "fully or mostly
compliant" with HIPAA's information security rules, marking a 60 percent
improvement over last year's figure.
http://govhealthit.com/article94120-04-19-06-Web
18 April 2006 - FTC Reaches Settlement With Spammers
The US Federal Trade Commission (FTC) has arrived at a settlement with
two people who sent millions of unsolicited commercial email messages
in violation of the CAN-SPAM Act. Washington state residents Matthew
Olson and Jennifer LeRoy sent spam with false "from" data, misleading
subject lines; they also failed to provide a means for recipients to opt
out of receiving future emails. Among the products Olson and LeRoy
pushed included mortgage plans and a device for improving automobile gas
mileage. Olson and LeRoy have agreed they will not violate the law in
the future. A suspended US$45,000 judgment against the pair will be
reinstated if evidence emerges to indicate they have misrepresented
their financial condition. http://www.internetnews.com/xSP/print.php/3599796
13 April 2006 - Texas Governor Issues Executive Order Limiting P2P Use on State Systems
Texas Governor Rick Perry has issued an executive order that prohibits
the unauthorized or illegal use of peer-to-peer (P2P) software on state
computer systems. Perry's order says the file-sharing software poses a
potential threat to network resources. In addition, P2P networks are
often used to share pirated copies of digital content. The policy would
not apply to the legislative nor judicial branches of Texas government
or to Constitutional state officers.
http://www.fcw.com/article94067-04-13-06-Web
7 April 2006 - Five Arrested in Huge DVD Piracy Scheme
Law enforcement officers have arrested five people in London following
a raid of what is being called the largest manufacturing facility of
pirated DVDs ever discovered in the UK. The facility was equipped to
create 2,700 pirated disks an hour.
http://www.theregister.co.uk/2006/04/07/dvd_piracy_factory_raid/print.html
6 April 2006 - CISOs Reasons for Investing in IT Security
A Merrill Lynch & Co. Inc. survey of 50 chief information security
officers (CISOs) found regulatory compliance tops the list of "reasons
driving demand for security software." Seventy-eight percent of the
CISOs said less than 10 percent of their IT budgets are given over to
security software and infrastructure. That figure is expected to
increase an average of 11.4 percent over the next 18 months.
http://www.informationweek.com/story/showArticle.jhtml?articleID=184429550
29 March 2006 - Twenty-one Arrested in On-Line Cyber Crime Crackdown
Seven people in the US were arrested as part of Operation Rolling Stone, which is targeting on-line criminal activity in the financial sector.
The seven join 14 others arrested in the US and the UK over the last three months. The people are allegedly involved with on-line groups that trade financial and other consumer data.
(Site requires free registration)
http://www.nytimes.com/2006/03/29/technology/29theft.html?_r=1&oref=slogin&pagewanted=print
29 March 2006 - Phishers Take New Tack With Three Florida Banks
Attackers broke into servers belonging to an Internet service provider
(ISP) that hosts web sites for three small Florida banks. They then redirected traffic from those sites to a phony server designed to mimic the real banking sites where they attempted to gather sensitive customer account data. The attack is believed to be the first of its kind.
http://www.computerworld.com/printthis/2006/0,4814,110046,00.html
27 March 2006 - Four Indicted on Charges Related to Nigerian 419 Scam
A grand jury in Brooklyn, NY has indicted four people on charges of conspiracy, wire fraud and mail fraud for their alleged roles in an email 419 scam that cost victims more than US$1.2 million. If convicted of all charges against them, the men face decades of prison time.
http://zdnet.com.au/news/security/print.htm?TYPE=story&AT=39247806-2000061744t-10000005c
26 March 2006 - Florida State Employee Data Compromised
People who worked for the state of Florida between January 1, 2003 and June 30, 2004, are being notified that the privacy of their personal data may have been compromised. Florida's Department of Management Services was using an outsourcing service provider, Convergys, that outsourced the data to GDXData, that, in turn, outsourced the contract to a subcontractor in India. Convergys maintains the offshore work was done without its knowledge and has cancelled its contract with GDXData.
One Florida state public employee union wants the contract with Convergys cancelled.
http://www.computerworld.com/printthis/2006/0,4814,109938,00.html
24 March 2006 - Stolen Laptop Contained Personal Data from Vermont State Colleges
A laptop computer stolen from a car parked on a Montreal street contained personal data belonging to thousands of Vermont State Colleges students, faculty and staff. Security precautions were taken as soon as the school learned of the theft, which occurred on February 28, but people whose data were stored on the computer were notified just last week.
http://www.timesargus.com/apps/pbcs.dll/article?AID=/20060324/NEWS/603240363/1002
24 March 2006 - German Anti-Piracy Law Imposes Stiff Penalties
Under new legislation in Germany, people convicted of downloading movies and music for private use could face penalties of up to two years imprisonment; those who download movies for commercial use could face up to five years. The new law takes effect January 1, 2007.
http://technology.timesonline.co.uk/article/0,,20409-2100973,00.html
24 March 2006 - Man Fined and Sentenced for Wireless Piggybacking
David M. Kauchak has been fined US$250 and sentenced to one year of court supervision for accessing another person's wireless network without permission. Kauchak was arrested after he was seen sitting in his parked car with his computer.
http://www.techweb.com/wire/183702832
23 March 2006 - Fidelity Informs HP Employees Their Data is on Stolen Laptop
Fidelity Investments is notifying nearly 200,000 Hewlett-Packard (HP) employees that their account information is on a laptop that has been stolen. Fidelity serves as record keeper for HP's retirement plans.
The data include names, addresses and Social Security numbers. Fidelity has set up a web site and a call center to help those affected take steps to protect their data and have questions answered. A Fidelity spokesperson said "the application was running on a temporary license ... [that has since] expired." The company has also "taken steps to implement extra security processes requiring additional authentication for access to those HP accounts as well as other measures to prevent unauthorized use."
http://www.theregister.co.uk/2006/03/22/fidelity_laptop_hp/print.html
23 March 2006 - HHS System Security Problems Place Medical Data at Risk, Says GAO
A forthcoming Government Accountability Office (GAO) review of the Department of Health and Human Services (HHS) says that "significant weaknesses in information security controls" could place at risk the privacy and security of sensitive data gathered about millions of Americans through Medicare, Medicaid and other government programs. GAO investigators examined 2004 and 2005 management and audit reports of security practices at 13 HHS divisions. Among their findings:
anti-virus software was either not installed or not current; passwords were not adequately controlled; and physical controls were lacking.
Among the data retained by the systems are Social Security numbers, names, addresses and medical conditions.
http://www.usatoday.com/tech/news/computersecurity/2006-03-23-medical-data_x.htm
22 March 2006 - Trojan Filches Financial Account Details
Variants of a sophisticated Trojan horse program have been infecting vulnerable computers for months; an estimated one million machines have been compromised. The Trojan, called MetaFisher and known alternately as Spy-Agent and PWS, exploits the Windows Metafile flaw to download itself onto vulnerable machines and uses HTML injection to harvest financial account information. Users become infected after being tricked into visiting a maliciously constructed web site from an email link.
The Trojan is currently aimed at customers of Spanish, British and German banks.
http://www.informationweek.com/story/showArticle.jhtml?articleID=183701982
19 March 2006 - French Legislators Address Internet Piracy Penalties
French legislators have passed a bill defining the penalties for people convicted of Internet piracy. Those convicted of "supplying software enabling users to break copyright protection on DVDs or CDs" could face up to six months in jail and a fine of 30,000 Euros (US$36,500). People convicted of possessing and/or using the software will face lesser fines of between 750 - 3,750 Euros (US$913 - 4555). Amendments to the bill could require companies that use digital rights management (DRM) to publish details to allow the development of interoperable systems. The bill would also make the development and use of peer-to-peer (P2P) software illegal.
http://australianit.news.com.au/articles/0,7204,18498096%5E15306%5E%5Enbv%5E,00.html
16 March 2006 - Pennsylvania AG Seized Newspaper's Hard Drives in Probe
of Lancaster Coroner
In an attempt to gather evidence in a grand jury probe into whether or not Lancaster (PA) coroner G. Gary Kirchner provided journalists with his "password to a secure law-enforcement web site," the Pennsylvania Attorney General's office has seized four computer hard drives from the Lancaster Intelligencer Journal newsroom. The state supreme court had earlier in the week upheld a lower court ruling that rejected the newspaper's attempts to withhold the information. The attorney general's office says it will limit its examination of the computer hard drives to that particular web site.
http://www.yorkdispatch.com/pennsylvania/ci_3608667
8 March 2006 - Attackers Sidestepping Phishing Site Closures
Phishers have begun using a new technique to ensure a higher rate of victims reaching fraudulently constructed web sites. Because anti-phishing vendors are taking more aggressive steps to close phishing sites, some phishing email now directs recipients to one IP address that hosts a "smart redirector" that checks to see which web sites are still live before deciding where to send the intended victim. Smart redirector attacks have been detected at two banks.
http://www.theregister.co.uk/2006/03/08/smart_redirect_phish_attack/print.html
8 March 2006 - Debit Card Fraud May be Linked to OfficeMax-Related Breach
Investigators say that debit card fraud affecting members of credit unions in Leominster and Fitchburg, Massachusetts may have been linked to a security breach related to OfficeMax; all affected customers had used Visa debit cards at OfficeMax. Fraudulent account withdrawals have been made in Spain, Turkey, Greece, Switzerland, the UK, as well as in the US and Canada, suggesting that the information is being sold on the Internet. The thieves used cloned debit cards constructed with the use of stolen PIN numbers, either from OfficeMax or from a transaction processor. An OfficeMax spokesperson said there is no evidence of a security breach of their network.
http://www.eweek.com/print_article2/0,1217,a=173073,00.asp
7 March 2006 - Security and Privacy Top Federal CIO's List of IT Concerns
The IT Association of America's 16th Annual Federal CIO Survey found that federal CIOs rate IT security and privacy as their most pressing concerns. Though they believe they have made progress in these areas, they also say protecting information and allowing people access to that information is a stressful balancing act that consumes their budgets.
ITAA interviewed 36 CIOs and assistant CIOs and three government oversight officials during the last five months of 2005.
http://www.fcw.com/article92517-03-07-06-Web
23 February 2006 - Korean online gamers victims of ID theft
Around 2,000 South Koreans have had their names and national identity
numbers stolen from a popular online role-playing game to play the game
for free.http://www.scmagazine.com/us/news/article/542791/?n=us
23 February 2006 - Deloitte & Touche Loses Disk with McAfee Employee Data
A McAfee spokesperson said that an external auditing firm lost a CD
containing the unencrypted names, Social Security numbers and McAfee
stock holdings of an unspecified number of current and former employees.
Deloitte & Touche acknowledged that an employee left the unlabelled CD
in the seat back pocket on an airplane. The missing disk was reported
to McAfee on January 11, 2006. The affected employees have been
notified.
http://news.com.com/2102-1029_3-6042544.html?tag=st.util.print
23 February 2006 - Acxiom Data Thief Draws Eight-Year Sentence
A Florida man has been sentenced to eight years in prison for breaking
into Acxiom Corp.'s database of consumer information and stealing more
than one billion records. Scott Levine was convicted in August 2005 of
120 counts of unauthorized access to a computer connected to the
Internet, two counts of device fraud and one count of obstruction of
justice. There is no evidence that Levine used the data to commit
identity fraud. Levine will also pay a fine of US$12,300; the amount
of restitution has not yet been decided. Levine is the former CEO of
Snipermail.com, a bulk emailing company.
http://news.com.com/2102-7348_3-6042290.html?tag=st.util.print
17 February 2006 - Man Arrested for Allegedly Uploading Oscar-Nominated Film
A California man has been arrested for allegedly uploading an Academy
Award nominated film to the Internet. Luis Ochoa was caught in a sting
operation that was set up after somebody informed the Motion Picture
Association of America (MPAA) that Ochoa had mentioned in a chat room
that he wanted to upload the film. The film's watermark indicated that
it was a "screener" copy intended for viewing by someone with Academy
voting privileges; the copy in question was allegedly obtained "before
it reached the intended recipient." If he is convicted of all charges
against him, Ochoa could face penalties of a one-year prison sentence
and a fine.
http://news.bbc.co.uk/1/hi/entertainment/4724584.stm
15 February 2006 - New Hampshire State Computer System Data Breach
New Hampshire Governor John Lynch said the security of the state's
computer system has been breached. The attackers may have been seeking
credit card account information belonging to New Hampshire residents.
The security breach involved computer and in-person transactions at
motor vehicle offices, state liquor stores and other locations. People
who have used credit cards for transactions with the state over the last
six months are advised to scrutinize their statements for unauthorized
transactions. The breach came to light when state technology experts
found monitoring software installed on the system.
http://www.washingtonpost.com/wp-dyn/content/article/2006/02/15/AR2006021502764_pf.html
15 February 2006 - Judge Dismisses Data Negligence Case
A US District Judge has thrown out a lawsuit brought by an individual
against a student loan company for not encrypting a customer database
that was on a laptop computer stolen from the home of a financial
analyst. Stacy Lawton Guin maintained that the company was required to
encrypt the data under the Gramm-Leach-Bliley Act, but the judge
determined that GLB does not require data encryption and that the
company "had a written security policy and other 'proper safeguards' for
customers' information."
http://software.silicon.com/security/0,39024655,39156463,00.htm
15 February 2006 - Brazilian Police Arrest 41 in Connection with Cyber Theft
Brazilian federal police arrested 41 people who allegedly used an
emailed Trojan horse program to steal BRL10 million (US$4.74 million)
from 200 accounts in six banks. Twenty-four other suspects are still
being sought. http://www.theage.com.au/news/breaking/brazilian-police-bust-hacker-gang/2006/02/15/1139890794432.html
14 February 2006 - Olympic Torch virus warning is really a hoax
A new email hoax is spreading as the Winter Olympics are held in
Turin. The email warning claims that "the most destructive virus
ever" has been discovered, but the warning is completely bogus.
Find out more now.http://s502.link.sophos.com/torch?pl_id=9
14 February 2006 - Australian Man to Pay Fine and Restitution for Computer Intrusion
An Australian man, Stephen Sussich, has been fined AU$2,000 (US$1476)
and ordered to pay AU$3,000 (US$2214) in compensation for placing a
rootkit on a server of Webcentral, a Brisbane-based company. Sussich
pleaded guilty to two charges of unauthorized modification of data to
cause impairment. There is no evidence that Sussich accessed credit
card data or that his motivation was financial.
http://www.theage.com.au/news/national/teen-hacker-fined-for-server-attack/2006/02/13/1139679536471.html
13 February 2006 - Additional Information Emerges Regarding Compromised Debit Cards
Sources are now indicating that the compromised debit cards reported
earlier this week are related to two security breaches involving
Wal-Mart and OfficeMax. Bank of America, Washington Mutual and a credit
union cancelled 200,000 customer debit cards. The FBI and the Secret
Service are investigating. Neither store has commented on their
connections to the data breach although Wal-Mart did point to their
December 2, 2005 announcement that customer credit card security had
been breached at some Sams' Club gas pumps in late September and early
October. The FBI also believes that the breach may be connected to an
ongoing investigation in Sacramento, CA; that case involves the
cancellation of about 1,500 debit cards at the Golden 1 Credit Union.
http://news.com.com/2102-1029_3-6038405.html?tag=st.util.print
8 February 2006 - Spanish Man Jailed and Fined for Denial-of-Service Attack
A Spanish man who used a computer worm in 2003 to launch a
denial-of-service attack has been sentenced to two years in jail and
ordered to pay a fine of EUR1.4 million (US$1.67 million). Santiago
Garrido carried out the attack, which disrupted Internet service for
approximately 3 million people across Spain, in retaliation for having
been banned from an IRC chat room.
http://www.theregister.co.uk/2006/02/08/spanish_hacker_jailed/print.html
6 February 2006 - Phishing Scam Pretends to Provide Information About Tax Refunds
A recently detected phishing scam purports to be a message from the US
Internal Revenue Service (IRS) regarding a tax refund. The email
provides a link to a web site that claims to be able to tell taxpayers
the status of their refunds and asks for visitors' names, Social
Security numbers and credit card data.
http://www.computerworld.com/printthis/2006/0,4814,108430,00.html
30 January 2006 - ISPs Ordered to Divulge Identities of Alleged File Sharers
The British High Court has ordered ten Internet service providers (ISPs)
to provide the names, addresses and other personal details of 150
alleged illegal file sharers in the UK to the Federation Against
Software Theft. http://news.bbc.co.uk/2/hi/technology/4663388.stm
27 January 2006 - Canadian Record Label Will Fund Family's Defense in File Sharing
Nettwerk Music Group, Canada's largest record label, says it will fund
the defense of David Gruebel, who was sued by the Recording Industry
Association of America (RIAA) for allegedly having music on his family
computer that was downloaded in violation of copyright law. Nettwerk
chief executive terry McBride said "The current actions of the RIAA are
not in my artists' best interests. Litigation is a deterrent to
creativity ... and it is hurting the business I love." Nettwerk has
hired a Chicago-based law office to defend Greubel and has said it will
pay any fines if the family loses the case. The RIAA is asking for a
US$9,000 penalty, but will accept US$4,500 if it is paid within a
specified time period.
http://www.theregister.co.uk/2006/01/27/nettwerk_sues_riaa/print.html
http://www.techweb.com/wire/177104841
27 January 2006 - Men Ordered to Pay Penalties in File Sharing Case
The British High Court has ordered two UK men to pay penalties totaling
GBP 6,500 (US$11,488) for making nearly 9,000 songs available for
downloading though peer-to-peer file sharing networks. Cases are
pending against the other three people. The cases were brought by the
British Phonographic Industry (BPI); the defendants have also been
ordered to pay the BPI's costs, pushing the total to more than GBP
20,000 (US$35,348).
http://news.bbc.co.uk/1/hi/entertainment/4653662.stm
27 January 2006 - Man Gets Two Years in Prison for Selling Windows Source Code
William Genovese Jr. has been sentenced to two years in prison for
selling source code for Windows 4.0 and 2000. Genovese pleaded guilty
last year to one count of unlawful distribution of trade secrets.
Genovese has a dozen prior criminal convictions, including three for
computer-related crime. Following completion of his prison term Genovese
will serve three years of supervised release and will have programs
installed on his computer to monitor his Internet activity.
http://www.computerworld.com/printthis/2006/0,4814,108144,00.html
27 January 2006 - Alleged AOL Phisher Arrested
The US Attorney's Office in Los Angeles has announced the arrest of
Jeffrey Brett Goodin, who allegedly used a phishing scheme to trick
America Online (AOL) users into divulging their credit card details.
The phony email messages asked AOL users to update their billing
information and directed them to fraudulently constructed sites where
the financial data were harvested. Goodin then used the information he
stole to make fraudulent charges on credit and debit cards. Goodin
faces charges of wire fraud and unauthorized use of an access device.
If convicted, he could face up to 30 years in federal prison.
http://news.com.com/2102-7349_3-6031924.html?tag=st.util.print
27 January 2006 - Japanese Police Arrest Man on Spyware Charges
Police in Japan have arrested Atsushi Takewaka, who is suspected of
developing spyware that he and an alleged co-conspirator used to steal
Internet banking passwords. Takewaka allegedly developed the spyware
at the request of Kiichi Hirayama, who sent CD-ROMs to targeted
companies that installed the spyware on their computers. Takewaka and
Kiichi Hirayama allegedly used the stolen passwords to withdraw money
from bank accounts. The pair is also believed to be responsible for the
theft of an online banking password belonging to a Kawasaki, Japan
jewelry store.
http://www.computerworld.com/printthis/2006/0,4814,108130,00.html
27 January 2006 - Credit Card Details Allegedly Stolen from RI State Government Site
A Rhode Island government web site, www.RI.gov, was reportedly the
target of cyber thieves, who stole credit card information belonging to
people who had conducted online business with Rhode Island state
agencies. Cyber criminals bragged of their exploits several weeks ago
on a Russian-language web site. Attackers breached the security of a
server database and stole encrypted credit card data. A pokesperson
for the web site said they comply with the payment card Industry's Data
Security Standards, meaning they do not store complete credit card
information. The breach was discovered through routine security
procedures; measures have been taken to close the hole the thieves
exploited.
http://www.fcw.com/article92132-01-27-06-Web
26 January 2006 - Ameriprise Notifies Customers Affected by Computer Theft
Ameriprise Financial Inc. has sent letters to 158,000 customers
informing them their personal account data were held in a laptop stolen
from an employee's car. The customer data do not include customer
Social Security numbers (SSNs), but the computer also held a file that
contained the names and SSNs of 68,000 current and former financial
advisers.
http://twincities.bizjournals.com/twincities/stories/2006/01/23/daily39.html
26 January 2006 - Spammer Fined US$5 Million
A federal judge has ordered Christopher William Smith to pay America
Online (AOL) more than US$5 million in damages and legal fees for
sending billions of spam messages. AOL filed a lawsuit against Smith
in 2004 under the CAN-SPAM Act. Smith is also awaiting trial on
criminal charges of violating federal drug laws.
http://www.usatoday.com/tech/news/computersecurity/2006-01-26-aol-spam-case_x.htm
19 January 2006 - Former Medical Office Manager Indicted for Patient Record Theft
Joseph Nathaniel Harris, who formerly worked as the manager of the San
Jose (California) Medical Group, has been indicted by a federal grand
jury on charges stemming from the theft of computers and DVDs that
contained patient records. Harris allegedly broke into the office after
resigning his position. If convicted of all charges against him, Harris
faces a maximum prison sentence of ten years and a fine of up to
US $250,000. http://www.eweek.com/print_article2/0,1217,a=169608,00.asp
18 January 2006 - Obscene Kama Sutra worm spreads via email
Experts at SophosLabs, Sophos's global network of virus,
spyware and spam analysis centers, have warned users to
be wary of unsolicited emails claiming to contain
obscene pictures and sex movies. Find out more about
the W32/Nyxem-D worm now.http://s489.link.sophos.com/nyxemd?pl_id=9
17 January 2006 - Beware bogus business deal from US military in Iraq
-In a message reminiscent of the George Clooney Gulf War
movie "Three Kings", an email claiming to come from a US
military sergeant in Iraq looks for assistance in moving
money out of the war-torn country. Make sure you don't fall
for the scam.http://s489.link.sophos.com/iraq?pl_id=9
17 January 2006 - Privacy Rights Clearinghouse List of Data Security Breaches
The Privacy Rights Clearing house has compiled a list of known data
security breaches that have occurred since ChoicePoint's data breach
acknowledgment on February 15, 2005. The list includes the dates the
breaches were reported, the names of the institutions, the types of
breach and the number of individuals affected in each breach. http://www.privacyrights.org/ar/ChronDataBreaches.htm
16 January 2006 - Imprisoned Russian billionaire's fortune offered by 419 scammers
Mikhail Khodorkovsky's name is being used by spammers hell bent
on stealing money from innocent computer users. Find out about
this email scam, and make sure your users are protected at the
email gateway.http://s489.link.sophos.com/khodorkovsky?pl_id=9
16 January 2006 - Spanish Civil Guard Arrests Suspected Cyber Intruder
The Spanish Civil Guard says that a man has been arrested in Malaga for
allegedly breaking into a computer with sensitive information at a US
Navy base in San Diego. The Spanish Civil Guard searched the man's home
and seized a computer and other effects. The Civil Guard says the
suspect is allegedly part of a group that has broken into more than 100
computer systems and caused damages exceeding US$500,000. http://www.cnn.com/2006/WORLD/europe/01/16/spain.us/index.html
13 January 2006 - Alleged Spammer Reportedly Reaches Plea Deal
Alleged spammer Daniel Lin is expected to enter a guilty plea in court
on January 17, 2005 after he admitted using corporate and government
computer networks to send unsolicited commercial email. Lin's deal with
prosecutors will send him to jail for between two years and 57 months;
if he had not agreed to the deal, Lin would face a much lengthier
sentence. Lin is one of four people charged in April 2005 with using
compromised computers to send spam. The group allegedly sent spam
through proxies with phony return-path addresses in violation of the
CAN-SPAM Act.
http://www.theregister.co.uk/2006/01/13/detroit_spam_case/print.html
12 January 2006 - Connecticut Bank Says Lost Tape Contains Customer Data
Connecticut-based People's Bank has acknowledged that a tape containing
sensitive data belonging to approximately 90,000 customers was lost en
route to a credit-reporting bureau. The data on the tape ncludes
Social Security numbers, names and bank account numbers. The bank said
there is no evidence that the data have been misused and made no comment
about whether or not it was encrypted. Affected customers will be
provided with one year of free credit monitoring service.
http://news.com.com/2102-1029_3-6026692.html?tag=st.util.print
11 January 2006 - Singapore Student Jailed for Selling Pirated Software
Ang Chiong Teck, a student at Singapore's Nanyang Technological
University, has been sentenced to four months in prison for selling
pirated copies of Microsoft software. The phony copies of software
included forged certificates of authenticity. Ang's scheme was
discovered when those who had purchased the software found they lacked
the codes required to register the software online and download updates.
When Ang was arrested, authorities confiscated S$20,000 (US$12,270)
worth of pirated software in his possession. Ang was arrested in
September, but his sentencing was delayed until December to allow him
to finish his university examinations.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39246559-39020651t-10000022csa
11 January 2006 - New 419 spam promising Volkswagen
Security experts today warned internet users of a spam campaign that
pretends the recipient has won a lottery sponsored by the Volkswagen
motor company.http://www.scmagazine.com/us/news/article/534992/?n=us
10 January 2006 - Audit of Military User Accounts Finds Problems
An audit of US military computer user accounts found that as many as 20
percent of all accounts are unauthorized or inactive, with 3,000 in the
Defense Information Systems Agency (DISA) alone. Inactive accounts are
those abandoned when those to whom they were issued moved on to other
positions; unauthorized accounts are those that were created with"unnecessary or unauthorized permissions." The existence of these
accounts together with the fact that military systems experience slow
patch distribution presents opportunities for malicious attackers to
infiltrate military computer systems.
http://www.eweek.com/print_article2/0,1217,a=168898,00.asp
10 January 2006 - Resort Acknowledges Security Breach Compromised Customer Data
Kerzner International, owner of the Atlantis resort in the Bahamas,
filed a document with the Bahamas Securities and Exchange Commission
that included information about a data theft; personal data belonging
to approximately 55,000 resort customers was among the information
compromised in a database security breach. Atlantis hotel management
is notifying those affected in writing and is offering them one year of
credit monitoring service. The compromised information includes Social
Security numbers and credit card and bank account details.
http://news.com.com/2102-7348_3-6025591.html?tag=st.util.print
11 January 2006 - 2005 FBI Computer Crime Survey
According to the 2005 FBI Computer Crime Survey, 87 percent of those
responding said their organizations had experienced a security incident.
Ninety-eight percent of respondents said they used antivirus software;
ninety percent said they used firewalls. The report found a "positive
correlation between the number of security measures employed and the
number of denial-of-service attacks" experienced. More than 79 percent
of respondents said their organizations experienced problems with
spyware. Some security incidents went unreported due to beliefs that
there was no criminal activity involved in the incident, that the
incident was too small to report and that law enforcement would not be
interested in the incidents. The survey asked 23 questions of 2,066
organizations in New York, Iowa, Texas and Nebraska.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1157706,00.html?track=sy160
10 January 2006 - Parents and enterprises warned of ‘Podporn’ problem
Security experts issued a warning about the fast growing problem of
pornography being accessed via devices such the new video-enabled Apple
iPod or Sony PSP.
http://www.scmagazine.com/us/news/article/534636/?n=us
9 January 2006 - Amended Qwest Subscriber Agreement Describes Fines for Sending Spam
Qwest has added a clause to its subscriber agreement, indicating that
customers will be charged US$5 for each spam message sent from their
computers if the spam sent results in damages awarded against Qwest.
The fine would stand regardless of whether or not the customers are
aware of the spam being sent, according to the new clause. However, a
Qwest spokesperson said that the company would be unlikely to impose
fines if a customer or end-user were the victim of malware that caused
the computer to send out spam. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5116
9 January 2006 - IM and P2P threats reach 'critical levels'
The number of security threats propagating via instant messenger and
peer-to-peer networks increased last year by more than 2,200 percent
over 2004, newly published research has claimed.
http://www.scmagazine.com/us/news/article/534588/?n=us
6 January 2006 - Sophos Security Threat Management Report 2005
Sophos's free in-depth report explores the year's most
pressing security issues. If you're a security professional,
protecting your company from malicious attack, or just
responsible for looking after the data on your own PC,
then you need to read this detailed report into the
latest virus, spyware and spam trends. http://s484.link.sophos.com/secrep2005?pl_id=9
6 January 2006 - eBay Account Hijacker Indicted
Sean Galvez of Boston, Massachusetts has been indicted on one count of
larceny and 10 counts of unauthorized access to a computer and identity
fraud for breaking into more than 40 eBay accounts and accumulating
charges totaling US$32,000. The Massachusetts Attorney General's office
is still trying to determine how Galvez obtained access to the accounts.
Galvez allegedly changed the passwords and gathered credit card
information. Galvez is scheduled to be arraigned on January 18, 2006 and
faces up to five years in state prison if convicted of the charges
against him.
http://www.eweek.com/print_article2/0,1217,a=168683,00.asp
5 January 2006 - Top ten viruses and hoaxes reported to Sophos in December 2005
Which virus topped the chart in December 2005? Find out which
viruses and worms were spreading the most across internet
email systems in the last last month in this hall of shame.
http://s484.link.sophos.com/topdec05?pl_id=9
5 January 2006 - Spammer hit by $11.2 billion fine in US judgment
An Iowa-based ISP has been awarded $11.2 billion in a judgment
against a Florida man who sent millions of unsolicited spam
emails. http://s484.link.sophos.com/11bill?pl_id=9
2 January 2006 - Trojan Horse Displays Phony Google Ads on Web Sites
A Trojan horse program is replacing legitimate Google AdSense
advertisements with counterfeit ads. The Trojan targets small
publishers. Normally AdSense advertisements are relevant to the web
site's content; however, the ads generated by the Trojan promote
products Google stays away from, including gambling and adult
entertainment products. AdSense works by paying web site publishers to
place relevant advertisements on their sites. When users click on the
illegitimate ads, they are reportedly taken to three other sites and
finally to a page of advertisements with links to more advertisements.
http://www.eweek.com/print_article2/0,1217,a=168268,00.asp
1 January 2006 - Pennsylvania Medical Office Informs 700 People Whose Data Were on
Stolen Computer
Squirrel Hill Family Medicine in Pennsylvania is taking steps to inform
approximately 700 patients that one of six computers stolen from their
office over the December 17-18 weekend contains a file with their names,
Social Security numbers and birth dates. The University of Pittsburgh
Medical Center, which owns Squirrel Hill Family Medicine, will pay for
one year of credit monitoring services for those affected.
http://www.philly.com/mld/philly/news/13530545.htm
29 December 2005 - Trojan targets Spanish-speaking bank customers
A new trojan blending spyware and phishing techniques is threatening
Spanish-speaking bank customers, a European security firm warned this
week. http://www.scmagazine.com/us/news/article/533796/?n=us
29 December 2005 - Alleged ChoicePoint Data Thief Pleads Guilty
A man allegedly responsible for the ChoicePoint consumer record database
security breach has pleaded guilty to charges of conspiracy and grand
theft. Olatunji Oluwatosin is the only person charged in the massive
data theft that compromised the personal data of 145,000 people.
Oluwatosin will be sentenced on February 10, 2006; he is already serving
a 16-month prison term for an earlier felony count of identity theft. http://www.consumeraffairs.com/news04/2005/choicepoint_guilty.html
