20 April 2009 - MySpace Employee Stole Co-Workers' Personal Information
A MySpace employee allegedly stole personal information, including Social Security numbers (SSNs), of his co-workers. The individual has been identified and fired, but MySpace headquarters remained closed last Thursday; employees were instructed to work from home. The reason given was that MySpace needed conduct analysis of its computer systems "to reduce the possibility of any future breaches." Employees were notified of the breach and assured that the compromised data do not include bank account or medical information.http://www.siliconrepublic.com/news/article/12780/digital-life/myspace-insider-data-breach-leads-to-hq-shutdown
17 April 2009 - Guilty Plea in Pirated Software Case
Gregory William Fair has pleaded guilty to charges of criminal copyright infringement and mail fraud stemming from the sale of pirated software on eBay. Fair sold counterfeit copies of Adobe software through the online auction site using multiple user IDs; the retail market value of the products he sold is estimated to be US $1 million. Fair will forfeit his earnings from the transactions. Fair faces up to 20 years in prison and a fine of up to US $500,000; his sentencing is scheduled for July 8.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&
articleId=9131736&taxonomyId=17&intsrc=kc_top
15 April 2009 - Trojan in Pirated Mac Software Helped Create First Mac Botnet
Malware embedded in pirated versions of Apple's iWork and Adobe Photoshop CS4 for Mac that were available over a peer-to-peer network in January is responsible for what appears to be the first known Mac botnet. The zombie network attempted to launch a distributed denial-of-service (DDoS) attack against an unidentified website. The malware had spread to several thousand computers before it was identified.
http://www.cbc.ca/technology/story/2009/04/15/ibotnet-trojan.html
13 April 2009 - Missing Laptop Holds Sensitive Ministry of Defence Information
The UK Ministry of Defence (MoD) has admitted that a laptop computer containing sensitive SAS (Special Air Service) information is missing. The unclassified data include names of SAS soldiers as well as information about the Signals Regiment's training exercises; MoD said it does not hold information about missions. The data on the computer were not encrypted.
http://www.telegraph.co.uk/news/newstopics/politics/defence/5146702/Laptop-with-names-of-SAS-men-is-missing.html
13 April 2009 - NC Hospital Patient Data on Computer Stolen in Georgia
Officials at Moses Cone Health System in Greensboro, NC have begun notifying more than 14,000 patients that their personal information was on a laptop computer stolen while in the possession of consulting firm VHA. The computer was stolen on March 9 from the vehicle of a VHA employee in Georgia. The hospital learned of the theft four days later, but waited until this week to make the theft public. VHA had the information on the computer because it was conducting analysis to help the hospital improve patient care and reduce costs. The data were not encrypted. The theft affects cardiology and orthopedic patients treated at Moses Cone Memorial Hospital or Wesley Long Community Hospital
between February 2004 and February 2009. The data include confidential patient information and some Social Security numbers (SSNs).
http://www.news-record.com/content/2009/04/13/article/laptop_stolen_contains
_information_from_14000_moses_cone_patients
7 April 2009 - Stolen Laptop Contains Commercial Driver's License Holder Data
A laptop computer stolen from a state office building in Kapolei, Oahu, Hawaii contains personally identifiable information of nearly 1,900 state commercial driver's license holders. The compromised information includes names, addresses and Social Security numbers (SSNs). The computer was stolen on March 18, although the drivers were not notified until April 6.
http://www.honoluluadvertiser.com/article/20090407/BREAKING01/90407109/-1
30 March 2009 - Romanian National Sentenced to 50 Months for Phishing Scheme
A Romanian man has been sentenced to 50 months in prison for his role in a phishing scheme. A January 2008 indictment alleged that Ovidio-Ionut Nicola-Roman and six accomplices ran the phishing scheme that tricked users into providing their payment card and other financial information; Nicola-Roman pleaded guilty to one felony count of conspiracy to commit fraud in July 2008. The group then allegedly used the information to make fraudulent withdrawals from the users' accounts or buy items with their debit card numbers. Nicola-Roman was apprehended on an Interpol warrant in Bulgaria in 2007 and was extradited to the US in November 2007. http://www.theregister.co.uk/2009/03/30/romainian_phisher_sentenced/
30 March 2009 - Former IRS Employee Charged With Unauthorized Computer Access
Former US Internal Revenue Service (IRS) contract employee Andrea Bennett has been charged with illegally accessing IRS computers and filing false claims. Bennett allegedly accessed the IRS's Integrated Data Retrieval System 285 times to view tax accounts of a dozen individuals and prepare six fraudulent tax returns. Bennett allegedly received more than US $13,000 in refunds from the fraudulent returns.
The people who had false claims filed in their names were unaware of her activity. If convicted, Bennett could face 10 years in prison and a US $500,000 fine. A spokesperson for the Treasury Inspector General for Tax Administration (TIGTA) declined to comment, as the investigation is ongoing.
http://www.nextgov.com/nextgov/ng_20090330_4956.php
27 March 2009 - Man Arrested, Charged with Stealing Trade Secret
David Yen Lee, a naturalized US citizen, has been arrested by federal agents in Arlington Heights, IL, and charged with theft of a trade secret. Lee was employed as Technical Director of New Product Development at Valspar, a paint and industrial coating manufacturer, until he abruptly resigned from his job earlier this month. Lee surrendered his company laptop and Blackberry when he resigned. An examination of the computer found that all the temporary files had been deleted, suggesting that the computer's history had been cleared; investigators also discovered a hidden file containing unauthorized software, including a copying program. The examination also revealed that 44 gigabytes of data had been downloaded to the computer; the data included Valspar trade secrets. Agents found a thumb drive in Lee's home that contained paint formula trade secrets that were not related to Lee's work projects. The thumb drive was discovered in a packed bag; Lee had purchased a one-way ticket to China.
http://chicago.fbi.gov/pressrel/2009/cg032709.htm
23 March 2009 -Symantec Study Shows Most Companies Have Experienced Loss
Research from Symantec shows that 98 percent of the 1,000 IT managers from companies in the US and Europe said their companies experienced tangible loss from a cyber attack of some sort over the last two years. Forty-six percent of respondents said that cyber attacks resulted in downtime for their companies; 31 percent said customer and/or employee data were stolen; and 25 percent said corporate data were taken.
Three-quarters of the European respondents said their companies are outsourcing some portion of their security operations.
http://www.networkworld.com/news/2009/032309-study-most-organizations-hit-by.html
16 March 2009 - Iowa Company Agrees to Pay Undisclosed Sum For Unlicensed Software Use
An Iowa company has agreed to pay the Software & Information Industry Association a six figure settlement for using copies of software without valid licenses. Creative Edge Master Shop in Fairfield and an affiliate, Flex kits, admitted to using unlicensed copies of software from Adobe, Apple, Symantec and other companies; Creative Edge has agreed to implement internal controls to ensure that only properly licensed software is used. The amount of the settlement was not disclosed.
http://www.informationweek.com/news/global-cio/legal/showArticle.jhtml?articleID=215900445
14 March 2009 - Man Who Deleted Australian Government Computer Accounts to be Sentenced
David Anthony McIntosh, a former IT consultant for the government in Australia's Northern Territories, will be sentenced this week for damage he caused to a government computer system. McIntosh maintains he was drunk and upset over a broken engagement when he broke into the system a month after leaving his position. McIntosh deleted more than 10,000 Health Department, hospital, prison and Supreme Court employee user accounts, causing AU $1.2 million (US $793,000) in damages. McIntosh pleaded guilty to unlawfully accessing and modifying data in court in January. He has written a letter of apology to the court and plans to pursue another line of work when he completes his prison term.
http://www.theregister.co.uk/2009/03/13/nt_hack_convict/
14 March 2009 - Finnish President Ratifies Law Allowing Employers to Monitor Employees' eMail Activity
A newly ratified law in Finland allows employers to monitor employees'
email messages when they suspect misconduct. Employers would not be permitted to read the content of messages, but would be permitted to monitor the sizes of attachments and to whom they were being sent. The law also allows schools, libraries and telecommunications operators to snoop on users' activity. The law has met with harsh criticism from legal experts and privacy rights groups. The bill passed Parliament earlier this month by a vote of 96-56; the president ratified it on March 13.http://www.ioltechnology.co.za/article_page.php?iSectionId=2883&iArticleId=4889373
9 March 2009 - Lost Memory Stick Holds Police Investigation Data
A memory stick containing unencrypted details about hundreds of Scottish police investigations is missing. The device was lost at the end of last year at Lothian and Borders Police headquarters. The memory stick was believed to have been being moved within a secure area when it was lost, but the incident serves to demonstrate the need to encrypt sensitive data at all times. http://www.scmagazineuk.com/Unencrypted-police-memory-stick-lost/article/128429/
7 March 2009 - Swedish Police Seize Server in Illegal Filesharing Bust
Police in Brandbergen, Sweden, near Stockholm, raided an apartment and seized a server containing 65 terabytes of allegedly pirated files. The raid was part of an effort to crack down on illegal filesharing.
Sixty-five terabytes translates to approximately 16,000 full-length films. The raid was conducted on February 9 but made public only last week. The equipment's alleged owner has been questioned and released, but remains the subject of an investigation. http://www.msnbc.msn.com/id/29566891/
http://news.cnet.com/8301-1023_3-10190977-93.html?part=rss&subj=news&tag=2547-1009_3-0-20
2 March 2009 - Detectives "Photos" Prove to be Malicious Trojan
A malicious email campaign claiming to contain "interesting photos" from a private detective, but really carrying a dangerous Trojan horse.
http://www.sophos.com/blogs/gc/g/2009/03/02/danger-lurks-private-dick-interesting-photos
27 February 2009 - Surveys Find Employees Stealing Data to Help Economic Prospects
A Cyber-Ark Software survey of 600 office workers in London, New York and Amsterdam found that theft of proprietary information is on the rise; many of the thieves are not outsiders, but insiders concerned about losing their jobs. A study from Symark found that 40 percent of companies do not know whether employees' user accounts remain active after the employee no longer works for the company. According to UK Director of Cyber-Ark Mark Fullbrook, cyber criminals feel they are reaping benefits from the current economic crisis. Reductions in budgets have led to increased outsourcing and decreased focus on security.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=operating_
systems&articleId=333732&taxonomyId=89&intsrc=kc_feat
http://www.scmagazineuk.com/Hackers-claim-that-economic-situation-is-helping-them-to-thrive/article/127994/
25 February 2009 - Phishing Scheme Spreads Through IM Services
Phishers have been targeting people who use Internet chat services with an attack aimed at stealing account login information. The attack comes in the form of instant messages asking recipients to click on a TinyURL link to watch a video. The link leads users to a site that asks for login credentials. The messages appear to come from trusted friends.
Users of Gmail, Yahoo, Microsoft and MySpace instant messaging programs have reportedly received the phony messages.
http://www.vnunet.com/vnunet/news/2237230/multi-platform-im-phishing
23 February 2009 - Rogue Facebook application bombards users with bogus messages
Sophos has issued a warning about a third-party Facebook application that has been spreading in a "viral" manner via the social network. The "Error Check System" application sends misleading notifications to users' friends and family telling them there is a problem with their profile, in an attempt to gain more users. Learn more about the threat, and make sure that your users are taking care over what they do on Facebook.
http://www.sophos.com/blogs/gc/g/2009/02/23/beware-error-check-system-facebook-application
23 February 2009 - More Than Half of Former Employees Took Company Data
The Ponemon Institute interviewed 945 US adults who had been laid-off, fired, or changed jobs within the last year and found that more than half took company information with them when they left their former positions. The rationales for taking the data included help getting another job, help starting their own business, or simple revenge. All of the participants in the survey had access to proprietary information, including customer data, employee information, financial reports, software tools and confidential business documents. The survey also found that just 15 percent of the companies examined the paper and/or electronic documents their former employees took with them when they left.
http://news.bbc.co.uk/2/hi/technology/7902989.stm
http://www.theregister.co.uk/2009/02/23/insider_threat_survey/
23 February 2009 - Starbucks Facing Lawsuit Over Laptop Theft
A Starbucks employee has filed a class action lawsuit against the company in response to a data security breach that occurred on October 2008. A laptop containing the names, addresses and Social Security numbers (SSNs) of approximately 97,000 Starbucks employees was stolen last fall; the suit alleges fraud and negligence, and seeks an extension of the one year of credit monitoring the company offered as well as unspecified damages and assurances that Starbucks will be required to undergo regular third party security audits. http://www.networkworld.com/news/2009/022309-starbucks-sued-after-laptop-data.html
20 February 2009 - Proposed Legislation Would Require Retention of Internet Use Data for Two Years
US legislators have introduced a bill that would require extensive logging of Internet use. The proposed legislation aims to help police with investigations. All ISPs and wireless access point operators would be required to retain logs of users' activity for a minimum of two years. The law would apply not only to large ISPs, but also to private homes that have wireless access points or wired routers that use the Dynamic Host Configuration Protocol as well as small businesses, libraries, schools and government agencies.
http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html?eref=rss_tech
12 February 2009 - Number of Banks Affected By Heartland Breach: 160 and Growing
According to the Bank Information Security website, nearly 160 financial institutions have acknowledged that they were affected by the Heartland Payment Systems data security breach. Banks in 40 US states as well as in Canada, Bermuda and Guam have reported that some of their customers' cards were exposed. It is not known how many card accounts were compromised; Heartland says it processes 100 million transactions a month. http://www.bankinfosecurity.com/articles.php?art_id=1200&opg=1
9 February 2009 - Phishers Lure Users with Offer of Economic Stimulus Payments
The US Computer Emergency Readiness Team (US-CERT) has warned that phishers are sending email messages that appear to come from the Internal Revenue Service (IRS). The messages tell the recipients that they can receive economic stimulus payments by visiting a certain website or filling out an attached document, both of which ask for personal information.
https://isc.sans.org/diary.html?storyid=5815
7 February 2009 - Houston Municipal Court Shutdown Due to Malware Infestation
A malware infection of some computers in the Houston, Texas city network resulted in the shutdown of part of the city's municipal court system late last week. Offices were still open for people to pay parking tickets and other fines, but the court dockets had to be reset. Due to the infection, Houston police temporarily stopped making some minor offense arrests. Officials believe the malware has spread to 475 of the city's more than 16,000 computers, an infection level of about three percent. On Friday afternoon, city officials brought in a cyber security company to help clean the computers. Houston's deputy director of information technology says the primary malware suspect in the case is Conficker, also Downadup. As of Monday morning, the courts were still closed. http://www.chron.com/disp/story.mpl/front/6250411.html
6 February 2009 - Kaiser Permanente Personnel Data Found in Suspect's Home
Kaiser Permanente employees in Northern California have been notified that a recently arrested criminal suspect was found to be in possession of their personal data. A computer file containing the data was discovered in the home of Mia Garza, who is not a Kaiser employee.
Approximately 29,500 people are believed to be affected by the breach.
The data are from the employees' personnel files and do not include medical records. Kaiser has initiated an internal investigation to determine the source of the breach. A Kaiser human resources executive says that "only a handful of employees have reported identity theft."
Garza faces half a dozen felony charges, including receiving stolen property, identity theft and forgery.
http://www.mercurynews.com/ci_11647109
2 February 2009 - Former Microsoft Employee Says Suit Filed Against Him is Retaliatory
A former Microsoft employee being sued by the company says that the lawsuit is retaliation for a patent infringement lawsuit he brought against Microsoft. Microsoft's suit alleges that Miki Mullor took a job at the company to gather information that would help his lawsuit. When Mullor applied for the position at Microsoft, he said that his company, Ancora, was no longer in business even though it still was and he was its CEO. Mullor allegedly downloaded documents that were not related to his job, but were related to the content of his patent infringement case against the software giant. Mullor filed his suit in June 2008 against Dell, Toshiba and Hewlett-Packard, because their products use the technology the ownership of which is in dispute; Microsoft became a party to the case at a later date. Mullor was fired from Microsoft in September 2008.
http://seattlepi.nwsource.com/business/398089_msftsuit30.html
30 January 2009 - DoJ Employee Security Test Fools Thrift Investment Board
The Justice Department tested its employees' susceptibility to phishing attacks with an email that appeared to come from the Thrift Savings Plan, but neglected to inform the Federal Retirement Thrift Investment Board. The phony phishing message told recipients that they could recoup losses if the value of their Thrift Savings Plan has fallen more than 30 percent. They were given a January 31 deadline to provide personal information to participate in the non-existent program. The TSP board learned of the test on January 28, nearly two weeks after the message was sent out; by that time, it had already put anti-fraud efforts into place.
http://www.google.com/hostednews/ap/article/ALeqM5iOgj0IuXeQR5XWjevDZu4qS-tWOQD9613O6O0
26 January 2009 - Former Web Host Employee Sentenced for Unauthorized Access and Damage
Former Hostgator.com employee Cliff L. Wade has been sentenced to eight months in prison for accessing the web hosting company's systems without authorization and deliberately causing problems in its customer support network. The intrusion occurred after Wade moved to another state and took a job with a different web hosting company. Wade was also sentenced to three years of supervised release following completion of his prison term, and has been ordered to pay a US $100 special assessment.
http://www.cybercrime.gov/wadeSent.pdf
26 January 2009 - Thrift Shop MP3 Player Contains US Military Data
An MP3 player purchased at an Oklahoma thrift store was found to contain US Army files. The man who bought the device, who is from New Zealand, paid NZ $18 (US $9.50) for the device. When he connected it to his computer, he found it contained 60 files that include names and personal information of US soldiers, information about equipment at various bases and a mission briefing. The files containing a warning that the release of the information they hold is prohibited by federal law. In November, the US Department of defense banned the use of portable data storage devices.
http://news.theage.com.au/breaking-news-world/nz-man-finds-us-army-files-on-mp3-player-20090126-7pxt.html
26 January 2009 - Former Employee Admits Deleting Information From Government Computer System
Anthony McIntosh has admitted he caused AU $1 million (US $661,360) worth of damage by breaking in to the Northern Territory Government computer systems and deleting information. McIntosh had worked as a contractor on the government systems before leaving his position last April under less than ideal circumstances. Last May, McIntosh admits, he broke into several government computer systems and deleted profiles of more than 10,000 public servants. McIntosh accessed the system with a former colleague's password.
http://www.theregister.co.uk/2009/01/26/rogue_contractor_nt_gov_hacking/
22 January 2009 - Pirated Copies of iWork 09 Contain Trojan
Illegal copies of Apple's iWork 09 have been appearing on filesharing websites. The pirated software is believed to contain a Trojan horse program known as iServices.A. The Trojan has root access to infected computers. Once in place, it connects to a remote server and downloads additional software that makes the infected computer part of a botnet.
The Trojan has already been inadvertently downloaded by an estimated 20,000 users.
http://www.heise-online.co.uk/security/Copies-of-iWork-09-from-BitTorrent-may-contain-trojan--/news/112470
21 January 2009 - Millions Infected by Sophisticated Worm Conficker
The Conficker worm, also known as Downadup, is still troubling computer systems around the globe. The malware crashed the computer system at New Zealand's Ministry of Health; the computers are running again, but staff members are not permitted to access the Internet. IT staff at five hospitals in Sheffield, UK are still in the process of cleaning the worm from more than 800 of the hospitals' 7,000 PCs, three weeks after they became infected. The Sheffield hospital computers became infected after managers turned off Windows update late last year.
http://www.theregister.co.uk/2009/01/20/sheffield_conficker/
20 January 2009 - NZ Telecoms Want More Time to Develop Piracy Plan with Film/Music Companies
New Zealand telecommunications companies want to extend the February
28 deadline set for a law that would require them to take action against customers who are suspected of copyright violations.
The telecommunications Carriers Forum says the deadline does not allow enough time to work out a plan with film and music companies.
Among the problems is the requirement that ISPs terminate Internet accounts of customers who are allegedly downloading content in violation of copyright law; ISPs could face legal action from their customers as a result.
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10552598
18 January 2009 - Downadup Infection Count Up to 9 Million
The cyber virus that has been spreading quickly on Windows machines has now infected nearly 9 million PCs worldwide, according to one company's estimate. The virus appears to be spreading scareware, malware that pops up phony alerts about infections on machines in an attempt to get users to purchase phony security software.
The malware, which is known as Downadup, Conficker and Kido, exploits a vulnerability that Microsoft addressed with an out-of-cycle patch in October. The malware has been added to the most recent version of Microsoft's Malicious Software Removal Tool, which was released on January 13. The malware can also spread through network shares.
http://www.washingtonpost.com/wp-dyn/content/article/2009/01/17/AR2009011701778.html
16 January 2009 - Store Owner Draws 33-Month Sentence for Card Skimming
A Redmond, Washington tobacco store owner has been sentenced to nearly three years in prison for skimming payment card information.
Hrant "Mike" Aslanyan admitted that he used a card skimmer in his shop to steal information from more than 300 customers. He then used the stolen information to make fraudulent transactions totaling approximately US $300,000. Aslanyan received a 33 month prison sentence to be followed by five years of supervised release. He was also ordered to pay more than US $214,000 in restitution.
http://blog.seattletimes.nwsource.com/crime/2009/01/16/skimming_sends_redmond_tobacco.html
15 January 2009 - Man Indicted for Selling Pirated Software
An Arizona man has been indicted for selling phony software in online auctions. Kurt Kunselman faces charges of wire fraud, criminal copyright infringement and destruction of records with intent to obstruct a federal investigation. Kunselman allegedly offered for sale on eBay illegal copies of software, the copyrights of which are owned by an Oregon company. He is scheduled to appear before a US Magistrate next week.
http://phoenix.fbi.gov/dojpressrel/2009/ph011509.htm
15 January 2009 - Former Help Desk Employee Admits Cyber Sabotage
A man who used to work at the help desk at Eden Prairie, Minnesota-based
Wand Corp. has admitted he placed malware on his former employer's
computer system. David Ernest Everett Jr. put the malicious programs
on the system after losing his job in March 2008. Wand Corp. provides
IT systems and point-of-sale systems for fast food restaurants. The
attack caused problems on 25 servers at a variety of locations; cleaning
up the mess cost approximately US $49,000. Everett faces up to 10 years
in prison when he is sentenced.
http://www.theregister.co.uk/2009/01/15/malware_revenge_attack/
14 January 2009 - NY Police Sergeant Admits Accessing FBI Database Without Authorization
A New York City police sergeant is facing a year in prison and a fine
of at least US $100,000 for illegally obtaining information from the
FBI's National Crime Information Center (NCIC) database and giving it
to an acquaintance for use in a custody battle. Haytham Khalil pleaded
guilty to one misdemeanor charge. He does not have authorization to
access the NCIC database, but a colleague who does have authorization
left his login credentials available so co-workers could access the
information while he was not there. The incident occurred in December
2007.
http://www.theregister.co.uk/2009/01/14/ny_cop_gilty_plea/
14 January 2009 - Angie's List Files Lawsuit Alleging Industrial Espionage
Angie's List, the Indianapolis-based consumer rating website has filed
a lawsuit in Indiana state court accusing Christopher "Kit" Cody of
industrial espionage. The suit alleges that while he was a paying
member of the site, Cody used a bot to scrape 9,278 service provider
files from the Angie's List site and used the information to start a
competing site. Cody's attorney disputes the allegations. Angie's List
members share information about various services.
http://www.theregister.co.uk/2009/01/15/angies_list_lawsuit/
8 January 2009 - Attackers Use Cloak of Breaking News Stories to Spread Trojan
Attackers have been sending messages that purport to be CNN news updates about the situation in Gaza, but that could lead to recipients'
computers becoming infected with malware. The messages direct recipients to what appears to be a CNN website where they are told they
need to update to Adobe Acrobat 10. What actually gets downloaded is
an "SSL stealer" Trojan horse program that listens for traffic to and from financial services' systems.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125422&
source=rss_topic17
7 January 2009 - Senator Feinstein Introduces Consumer Data Protection Legislation
Senator Dianne Feinstein (D-Calif.) has introduced two pieces of legislation aimed at protecting consumer data. The first bill would require companies to notify consumers promptly of breaches involving their personal data. The companies would also be required to report breaches to the US Secret Service in certain instances, including breaches of databases that belong to the federal government or that involve national security or law enforcement. The second bill would make it illegal for organizations to sell, or display in public, individuals' Social Security numbers (SSNs) or to print them on government checks without their consent. Organizations would also face restrictions on when they can ask for customers' SSNs.
http://www.nextgov.com/nextgov/ng_20090107_1108.php
7 January 2009 - Database Admin Sentenced for Breaking into Former Employer's System
A man who worked as a database administrator for an unnamed British company has been sentenced to three months in jail, suspended for two years, and fined GBP 3,200 (US $4,858) for breaking into his former employer's computer system to install spyware and delete messages.
Julius Oladiran worked for the company for just three weeks before being asked to leave after it became apparent to management that his resume contained false information. Oladiran admitted he made a false statement and gained unauthorized access to computer information.
http://www.theregister.co.uk/2009/01/07/it_admin_sentenced/
6 January 2009 - UK HMRC Warns of Phishing Scheme
UK's HM Revenue & Customs (HMRC) is warning UK taxpayers of a phishing scheme targeting people who are scrambling to meet an end-of-the month tax deadline. The fraudulent messages, which are spoofed so they appear to come from HMRC, tell recipients that they are due a tax refund and request bank or credit card account information so the refund can be paid. Several sites associated with the scheme have already been taken down. Some scammers are phoning taxpayers with similar claims. HMRC will contact taxpayers by letter only.
http://www.theregister.co.uk/2009/01/08/hmrc_tax_refund_scam/
http://www.vnunet.com/vnunet/news/2233380/uk-tax-office-hit-phishers
6 January 2009 - CheckFree to Notify 6 Million Potentially Affected by DNS Attack
CheckFree has begun notifying more than 5 million people that they may have been redirected to a site hosting malware if they used CheckFree's services between 12:35 am and 10:10 am on December 2, 2008. CheckFree is an electronic bill paying service that is used by some banks. In some cases, people would not know they were using CheckFree; it would seem to them as though they were using a service provided by their own banks. People who used the service during that period were redirected to a server in the Ukraine that attempted to install password-stealing malware on their computers. The attackers managed to log into Network Solutions, CheckFree's Internet domain registrar, and change the DNS settings to conduct the redirect attack.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=
security&articleId
=9125078
6 January 2009 - Reported Breaches Up Nearly 50 Percent
According to statistics gathered by the Identity Theft Resource Center, there were 656 data breaches reported by businesses, schools and governments in 2008, up from 446 in 2007, an increase of nearly 50 percent. Breaches at businesses accounted for 37 percent of the total, while breaches at schools accounted for 20 percent. The percentage of breaches involving current and former employees more than doubled to 16 percent in 2008. The top cause of breaches was human error, which includes lost or stolen laptops and data storage devices, and inadvertent exposure of data.
http://www.washingtonpost.com/wp-dyn/content/article/2009/01/05/AR2009010503046_pf.html
|
