SEARCH CLINIC

Over £6 million has been stolen from UK online banking accounts by a gang of computer hackers using  a virus worm known as “Zeus” to infect computers and capture the passwords and other sensitive details of banking customers.UK police are questioning 19 people suspected of orchestrating a multi million pound attack on British bank accounts.

Their money was then transferred into bogus accounts created by the crooks to help them launder the profits.

Detective Chief Inspector Terry Wilson, of the Metropolitan Police, said the amount of money stolen is likely to “increase considerably” as the investigation continues.

He said: “We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm – which of course banks have had to repay at considerable cost to the economy.

“Online banking customers must make sure their security systems are up to date and be alert to any unusual or additional security features requested which is at variance with their normal log-on experience.

“Greater public awareness and education will make it harder for personal details to be compromised and for this type of fraud to be carried out.”

Officers from the Met’s Central E-Crime Unit arrested 15 men and four women  at addresses across London in dawn raids.

They were questioned on suspicion of fraud, offences under the Computer Misuse Act and money laundering.

Two of those held were also arrested on suspicion of possession of a firearm.

Experts believe thousands of computers have been infected with malicious computer codes including Zeus.

Zeus is a “trojan” virus that hides on machines, bypassing security software before capturing and transmitting login information, passwords and other data.

Last year £59.7 million was lost to online banking fraud, according to Financial Fraud Action UK. Another £440 million was lost to credit card fraud.

Online banking customers can protect yourselves by keeping their anti-virus software up to date and setting firewalls to the highest level.

Dr Search comments- this week we have had several very important reminders that online security is a real and growing problem. Both from a personal and business perspective. Get it wrong and you could lose an awful lot of money.

The controversial legal practice of ACS Law has been hit by another breach of it’s data security as the personal details of a further 8,000 people alleged to have shared music or films illegally have appeared online- prompting it’s main customer Sky to suspend further business.It comes after a database of more than 5,000 people suspected of downloading adult films were leaked on Monday.

The UK’s Information Commissioner said ACS:Law could be fined up to half a million pounds for the breaches.

The two new lists, produced by ACS:Law, contain the names, addresses and IP addresses of users suspected of illegally sharing music as well as in some cases credit card details.

In addition, they contain details of how much compensation infringers paid ACS:Law, along with internal case notes.

The documents appeared online after users of the notorious message board 4chan attacked ACS:Law’s site in retaliation for its anti-piracy efforts, as part of what its users called Operation Payback.

ACS:Law has made a business out of sending thousands of letters to alleged net pirates, asking them to pay compensation of about £500 per infringement or face court.

A BBC investigation in August found a number of people who said they were wrongly accused by ACS:Law of illegal file-sharing. The firm is under investigation by the Solicitors Regulation Authority (SRA) over its role in sending letters to alleged pirates.

The leaks consisted of about 1,000 confidential e-mails and attachments. It is thought documents may have also been acquired from the company’s servers.

The collection was then uploaded to file sharing website The Pirate Bay, where it is being shared by hundreds of users.

The confidential messages include personal correspondence between Andrew Crossley – who runs ACS:Law – and work colleagues detailing a number of cases and how much money the firm had made from the letters.

Campaigners, who have long accused the firm of bullying tactics, have seized on the e-mails.

Meanwhile it has emerged on Wikipedia that the main partner of the company, and its only registered solicitor,^[3] is Andrew Crossley.

Crossley has twice been found guilty of conduct unbefitting a solicitor by the Solicitors Regulation Authority, in 2002 and again in 2006.^[4] In August 2010, the Solicitors Regulation Authority confirmed that Crossley was being summoned to his third disciplinary tribunal, in response to ACS:Law’s action against suspected file sharers.^[5]

Their succes rate when they do get to court is spectacularly unsuccessful.

The only records of successful cases fought by ACS:Law are those which were won by default when the defendants failed to appear,^[9][17][18] and the firm admit that they have yet to successfully prove a case in court.^[19] ACS:Law state that “it has been said that we have no intention of going to court but we have no fear of it”.^[8]

As for Sky’s persecution of it’s own customers- a spokesperson for Sky said that they were investigating the new leaks and said they were “very concerned at the apparent security breach”.

“Like other broadband providers, Sky can be required by court order to disclose information about customers whose accounts are alleged to have been used for illegal downloading. We only ever provide such data in encrypted form.”

Sky said they have “suspended all co-operation with ACS:Law with immediate effect” and that the suspension would “remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information”.

The personal details of thousands of Sky broadband customers have been leaked on to the internet from the website of ACS: Law, alongside a list of pornographic movies they are alleged to have shared online.
The list details the full names and addresses of over 5,300 people thought by law firm ACS:Law to be illegally sharing adult films.

It appeared online following an attack on the ACS:Law website. The UK’s Information Commissioner said it is investigating the leak.

The documents appeared online after users of the message board 4chan attacked ACS:Law’s site in retaliation for its anti-piracy efforts.

The law firm has made a business out of sending thousands of letters to alleged net pirates, asking them to pay compensation of about £500 per infringement or face court.

It uses third party firms to scour the web looking for possible infringements of music and film copyright.

Armed with IP (internet protocol) addresses – which can identify the internet connection used in any copyright infringement – its lawyers can then apply for a court order to get the physical address of the PC from the service provider whose network has allegedly been used for the file-sharing.

A BBC investigation in August found a number of people saying they were wrongly accused by ACS:Law of illegal file-sharing.

UK consumer group Which? says it has also received a number of complaints. Many contest that IP addresses can be spoofed.

ACS:Law is apparently already under investigation by the Solicitors Regulation Authority over its role in sending letters to alleged pirates.

The leak contains around 1,000 confidential e-mails, along with the list, which was an attachment on one of the messages.

The collection was then uploaded to file sharing website, The Pirate Bay, where it is being shared by hundreds of users.

The confidential e-mails include personal correspondence between Andrew Crossley – who runs ACS:Law – and work colleagues, as well as lists of potential file-sharers and information on how much the firm has made through its anti-file-sharing activities.

While some of the emails, detailing the internal workings of the company, may prove embarrassing, the leaking of an unencrypted document – that lists the personal details of more than 5,300 BSkyB Broadband subscribers alongside a list of adult videos they may have downloaded and shared online could be a breach of the Data Protection Act.

Simon Davis, from the watchdog Privacy International, said he would be asking the Information Commissioner to “conduct a full investigation” and hoped it would be “a test case of the Information Commissioner’s new powers”.

“You rarely find an aspect where almost every aspect of the Data Protection Act (DPA) has been breached, but this is one of them,” said Mr Davies.

“It fits perfectly for the term ‘egregious misuse’ of personal data,” he added.

Dr Search warns that any website which has unencrypted customer data on it’s servers and winds up hackers is asking for trouble.

Given the Sky is also well known for it’s aggressive, protective attitude to online content, it’s not particlurly surprising that Sky are already attacking their own broadband customers.

Google’s YouTube has won a significant copyright battle in Spain related to video sharing which meant that the legal ruling represents a “clear victory for the internet and the rules that govern it”.
A federal court in Madrid last week dismissed charges of copyright infringement lodged against the video sharing service by the Spanish broadcaster Telecinco.

The decision has ramifications around Europe and follows a similar win in the US in the summer.

Sources at Google- which owns YouTube said the ruling meant other high profile companies like Facebook, and internet providers BT and Virgin Media, could breathe a sigh of relief.

Telecinco brought its action against YouTube in 2008, saying the website should be held liable when users uploaded clips of TV shows that infringed its intellectual property rights.

YouTube argued that more than 24 hours of video were loaded on to its website every minute and it was unable to monitor everything for potential copyright breaches.

The court, in effect reinforcing the Europe wide E-Commerce Directive, agreed and pointed out that YouTube already offered a system that enabled companies such as Telecinco to identify and report uploaded material that infringed their copyright.

In a statement after the verdict, a spokesman for YouTube said: “This decision reaffirms European law which recognises that content owners, not service providers like YouTube, are in the best position to know whether a specific work is authorised to be on an internet hosting service.

“If internet sites had to screen all videos, photos and text before allowing them on a website, many popular sites – not just YouTube but Facebook, Twitter, MySpace and others – would grind to a halt.”

In June, Viacom’s claim for $1bn damages over alleged copyright abuses was dismissed by a New York judge under US “safe harbour” rules.

In July the first warnings about the ability of the Stuxnet worm to target industrial control systems were aired.The Stuxnet authors stole the digital signatures of two Taiwanese chip makers and used them on the rootkit employed by the worm. Just how they were getting their hands on the private keys needed to steal the signatures remains a missing piece of the Stuxnet puzzle.

The ramifications of the worm are that it can control key production and command safety systems remotely. Not just computer terminals and networks.

Search Clinic continues the warning below from Symantec for your information.

In order to digitally sign a binary you must have a private key. If attackers can gain possession of the key they can steal the key owner’s signature; therefore, the owner of the private key should ensure that it remains private.

Somehow, these private keys were stolen and used by the Stuxnet authors to sign the rootkit in order to ensure that it would be loaded by Windows Vista and Windows 7.

Obtaining a private key for a digital certificate may not be as difficult as one imagines. Infostealer.Nimkey is an example of a threat that steals PKCS#12 public key certificate files. PKCS#12 certificates are different from ordinary public key certificates—they can contain not only public keys but private keys, too.

This threat appears to have been distributed by spam email messages containing links to compromised websites hosting the Trojan in Italy, Hungary, Germany, and the US states of Texas and Florida.

It arrives as a file with a .com filename extension such as irs-pdf-f941.irs.com, report6.com, or details.com. This is a common social engineering tactic used to trick unsuspecting users into running malware by making the filename look as if it is a link to a website.

When Infostealer.Nimkey is executed, it starts by downloading and displaying the “Form 941 for 2010: Employer’s QUARTERLY Federal Tax Return” PDF from the US government’s Internal Revenue Service (http://www.irs.gov/pub/irs-pdf/f941.pdf).

This is another social engineering tactic employed to distract the user while the malware gets to work.

While the user is distracted, the Trojan downloads additional malware files from either a Polish, Moldovan, or Bosnian based website. One of the downloaded files is saved under the name ”alg.exe”. The other is called ”AcroIEHelper.dll” and is a browser helper object. The AcroIEHelper.dll file is activated when you start Internet Explorer. It records the URLs you access with that browser and sends this information to a server in China.

The alg.exe component searches for files called “Cert_*.p12”. (These are the PKCS#12 certificates we mentioned earlier.)

Because the private keys are encrypted with a passphrase, Infostealer.Nimkey comes with a built-in keylogger that captures not only keystrokes but Windows clipboard data as well.

It then posts the stolen certificates, keystrokes, and Windows clipboard data to the server via HTTP.

This threat has everything required to steal private key information.

Anyone who possesses this information can then digitally sign their own files with the signature of a trusted software vendor. Perhaps it’s your company that’s going to digitally sign the next big Trojan!

As more threats steal digital certificate private keys, we are likely going to see more and more signed malware, which is unfortunately going to make digital signatures less reliable. Anyone concerned that their private key may have been compromised should contact their provider for assistance.

From: http://www.symantec.com/connect/blogs/stux-be-you

Cyber crime is “the most dangerous criminal threat we will ever face”, the Interpol chief has warned after criminals stole his identity on Facebook.
Ronald K. Noble said cyber criminals created two fake accounts in his name and used them to obtain information on an operation by the international police agency.

“Just recently Interpol’s Information Security Incident Response Team discovered two Facebook profiles attempting to assume my identity as Interpol’s secretary general,” Mr Noble told the first Interpol Information Security Conference in Hong Kong.

“One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red.”

The operation brought together investigators from 29 member countries to target criminals on the run from justice for crimes including murder, paedophilia, drug trafficking and money laundering, Interpol’s website said.

It led to more than 130 arrests, Mr Noble said.

“This is why we constantly need to share our experience,” he added at Wednesday’s opening ceremony of the conference.

Almost two thirds of all adult web users globally have fallen victim to some sort of cybercrime, according to the 2011 Norton Cybercrime Report.

The German government has called for a voluntary data protection code to be in place by 7 December 2010.
The move follows a meeting with Google, Apple and other companies to discuss how personal data is accessible online. Google has yet to launch its service in Germany, following privacy complaints.

It comes as the German newspaper Der Spiegel reports that “several hundred thousand” people have opted out of Google’s Street View service.

The German Interior Minister, Thomas de Maiziere, said that the proposal to establish a code by 7 December “met with approval” and that it will enable users to obtain information on the gathering and intended user of data “in a user-friendly way”.

Google wants the mapping service of 20 German cities live by November 2010, but extended the deadline for users to opt out of its Street View mapping service until 15 October.

While other countries allow users snapped by Street View cars to have their face blurred, Google Germany is allowing people to have their homes removed before the service launches.

However, the US firm makes the assumption that people consent to the service and then opt out if they have concerns.

This has not gone far enough for opponents, who want the service to be opt in only.

It has been reported that hundreds of thousands of people have contacted Google to opt out of the Street View service.

Google declined to confirm the number, saying that “at this stage it is not possible to give an accurate number of opt-outs” but said it was not surprised at the numbers.

Germany has some of the toughest privacy laws in Europe, a consequence of its citizens suffering under Nazi and East German rule in the past.

In addition, unlike other countries that have a centralised agency responsible for overseeing privacy and data collection legislation, Germany has a data commissioner for each state.

Hamburg’s commissioner for data protection, Dr Johannes Caspar, has been an outspoken critic of Google who has said that his “concerns about implementing these complex opt-out proceedings were unfortunately not respected”.

The government in Berlin has been meeting Google representatives to try to find a way of respecting privacy while also not blocking the whole project.

In May, Google admitted that for the past three years it had wrongly collected information people have sent over unencrypted wi-fi networks.

The issue came to light after German authorities asked to audit the data the company’s Street View cars gathered as they took photos.

The issue quickly snowballed, after it emerged the wi-fi data collection had occurred in more than 30 countries.

Investigations are ongoing in France, Germany and Australia, while in Spain, the firm has been summoned to appear before a judge on 4 October.

In the US, Google faces a class action lawsuit over the data harvesting, as well as a large-scale investigation backed by 38 states.

In the UK, the Information Commissioner recently cleared the company after it found that it had not collected “significant” personal details.

It’s thought this latest meeting between Google and German authorities will focus on privacy issues and the ability of German citizens to opt-out of the Street View service, rather than the issue of wi-fi data collection.

Setting up a copycat website to sell fake goods only takes a few seconds, according to a computer expert.
Some websites are so sophisticated they add counterfeit security certificates to fool shoppers, said David Holman, of First Cyber Security.

He issued the warning as the Trading Standards Institute said many items ordered online have failed to arrive.

There has been a four hundred per cent rise in the number of fake goods seized at UK borders in the last 10 years.

Mr Holman said that it was “extremely simple” for people to clone a legitimate website in order to sell fake products, but there were different levels of sophistication to trick internet users.

Other fraudsters have used links to “bargains” sent via social networking sites, internet forums and in e-mails, which also prove to be fake or are used to fish for people’s banking details.

The number of complaints about counterfeit goods to helpline Consumer Direct have risen sharply in recent times. There were 1,958 complaints in the 2008-09 financial year, rising to 2,801 the following year.

The Trading Standards Institute (TSI), said that many consumers were unwilling participants in the black market, with some unaware that they were ordering fake goods online rather than the real thing.

A small sample of 800 people visiting the TSI website found that 28% of those asked had suffered problems shopping online. A half of those said the items had not been delivered and 19% said the goods were fake.

By definition, people visiting the site were more likely to be aware of these issues or to be looking for advice.

Mr Holman, who said that millions of pounds were lost in unpaid tax on fake goods, urged people to follow a checklist including:

* Choosing shopping websites carefully
* Thinking about the price, where it is bought from and the packaging
* Ensuring the site is secure by looking for a website address starting with https
* Keeping a copy of the order and details of the website

Nokia announced a new lineup of Symbian powered smartphones last week during its annual Nokia World event, along with a new version of its Symbian platform and a new look for the company’s Ovi app store.“Today our fight back to smartphone leadership shifts into high gear,” said Niklas Savander, executive vice president, Markets, Nokia.

“Despite new competition, Symbian remains the most widely used smartphone platform in the world. The new smartphones introduced today feature the latest Symbian OS, which is faster, easier to use, more efficient and developer friendly.”

In addition to Nokia’s already announced N8 smartphone, the company announced the E7, C7 and C6 smartphones.

The E7 is targeted at business users. It comes with Microsoft Exchange ActiveSync for secure, push email access, a 4 inch touchscreen, and a full QWERTY slide-out keyboard. The E7 is expected to sell for about £400.

The C7 is a social networking smartphone for the younger generation. It integrates live updates from Facebook and Twitter and helps you see new email messages, all on the home screen. It has a 3.5 inch AMOLED display and a rounded-edge design. The handset is priced around £250.

The Nokia C6 is a compact touchscreen smartphone for multimedia lovers. The device ships with a 3.2 inch AMOLED display and keeps users in control of their lives with ample social networking, email, and mobile entertainment features. The C6 will sell for around £200.

The new devices come as Nokia faces increasing competition in the smartphone arena.

Nokia’s new family of Symbian handsets is set to start shipping before the end of 2010.

Search Clinic follows on from yesterday’s post Sir Tim Berners-Lee’s view of the future development for the internet.Berners-Lee, who is working with the British government to open up access to data from central and local government, said that the mobile phone network would be key to bringing more people onto the internet.

“At the moment the world wide web reaches about 20% of the world’s population. But 80% have mobile phones. Why is there that gap? That’s why we’ve started the Web Foundation – there are plenty of organisations dedicated to getting people fresh water, and getting them vaccines. But it turns out that the web can be really instrumental in getting healthcare to people.

“Not western-style healthcare, but the sort of thing that people need in developing countries. Sharing information about health, about issues like banana blight, or Aids – getting the message across about how you avoid getting Aids”

“Getting that information shared is something that isn’t happening now. These are all people who have a mobile signal but aren’t part of the information society, to tell the world about the crops they have for sale, or to go to Wikipedia and translate their favourite article into their own language, to blog. Not being part of the information society becomes really important.”

He called on mobile operators to make low-cost connections available in the developing world so that people could get online more easily.

“If you have a mobile signal and you have a phone, and your £10 phone has a web browser, then it’s a shame if you go to your service provider and want a data plan – to connect the phone to the internet – they move you from a plan that costs £5 per month to one that costs £60 per month, because they think that because you want access to data you must be an executive! And there’s no in between. And the government decides that since you must be an executive, it’s going to tax you heavily too.”

The fact is that even small amounts of data traffic are very effective for connecting people.

But he was dismissive of suggestions that text messages, which are widely used in many developing countries for money transfer as well as messaging, could fill the gap left by the lack of data plans. Each SMS contains a maximum of 140 characters, which Berners-Lee denounced: “SMS is the most expensive way of sending bits that’s out there. It’s very constrained. SMS for a developer is really hard, it would be nice to send internet packets. I’d like people enrolled in a low data package by default.”

He also pointed out that the explosion in location based services such as Foursquare and Gowalla could lead to new concerns about privacy and control.

“The whole privacy area is a big one. I think we’re probably going to have to think about privacy from a different point of view. When you work in many different roles, say within a company, you may see somebody’s CV with some information that you use in the human resources department, but you wouldn’t, you mustn’t, share at the office party.”

“But you might find out information for sending me something but not for other use – such as my address, where I might want to receive a package from you, but I don’t want my address used for anything else. I think we’ll build systems to help organisations become accountable and to know what request the user had about how it would be used. We’ll build companies that will respect how it is used. We’ll have to have systems for tracking and passing all sorts of accountable systems.”