Friday, January 30, 2009

Eeyore's News and View

This is third day and a row that this topic has come up, time to pay attention.
Data scams have kicked into high gear as markets tumble
By Byron Acohido and Jon Swartz, USA TODAY
Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say.
The schemes — often involving online promotions touting fake computer virus protection, get-rich scams and funny or lurid videos — already were rising last fall when financial markets took a dive. With consumers around the world panicking, the number of scams on the Web soared.
The number of malicious programs circulating on the Internet tripled to more than 31,000 a day in mid-September, coinciding with the sudden collapse of the U.S. financial sector, according to Panda Security, an Internet security firm.
It wasn't a coincidence, says Ryan Sherstobitoff, chief corporate evangelist at Panda.
"The criminal economy is closely interrelated with our own economy," he says. "Criminal organizations closely watch market performance and adapt as needed to ensure maximum profit."
Among those caught in the most recent barrage of scams was Justin Terrazas, 27, a beverage merchandiser from Seattle. He clicked on a Web link that infected his MacBook Pro laptop with a data-stealing program. Not realizing the laptop was compromised, Terrazas later typed his Bank of America debit card number and PIN to pay his Verizon cellphone bill online. The data-stealer swiftly siphoned his information.
A few days later, someone used Terrazas' debit card account to make a $501.41 online purchase from Modabrand.com, a designer clothing store. The merchandise was shipped to London, leaving Terrazas to unravel a big mess.
"This is definitely something you don't need in your life," he says.
The boom in cyberthreats that occurred during the last three months of 2008 could accelerate, especially if the economy continues to falter, security specialists say. Organized cybercrime groups have become increasingly efficient at assembling massive networks of infected computers, called botnets, and deploying them to amass large caches of stolen data, according to several surveys and dozens of interviews with security and privacy analysts. Meanwhile, scammers have honed the trickery used to turn stolen data into cash.
"There is a well-funded, well-educated horde continually probing for cracks and finding their way in" to consumers' financial information, says Roger Thornton, chief technology officer of security firm Fortify Software.
"They are breaching … the highest levels of the global finance infrastructure and a majority of our home computers."
Last fall, virulent programs called Trojans began to circulate more widely in e-mail and instant-message spam, got embedded in tens of thousands popular Web pages and spread in a widening barrage of online ads. Click on the wrong thing, and you would download an invisible Trojan crafted to steal sensitive data and allow the attacker to control your computer.
All types of con games — from e-mail phishing scams, which try to trick you into typing sensitive data at fake websites, to cyberhijacking, in which crooks use stolen user names and passwords to pilfer online accounts — increased, according to security firms, government regulators and law enforcement officials.
Targeting data storehouses
Hackers also are intensifying attacks on data storehouses.
Last week, Heartland Payment Systems disclosed that intruders cracked into the system it uses to process 100 million payment card transactions a month.
And Tuesday, Monster.com announced it would impose a mandatory password change for all North American and Western European users of its popular employment website. Thieves recently broke into Monster's databases to steal user IDs, passwords and other data that could be useful in a variety of scams.
"There are limitless opportunities in data of this quality," says Robert Sandilands, anti-virus director at the security firm Authentium.
To cybergangs, the implosion of the financial markets and widespread job cuts have translated into more opportunities.
Not long after banking giant Wachovia failed, phishing e-mail began circulating asking current and former customers to type in personal information to a website to complete mandatory installation of a new Internet security certificate. The website was a counterfeit, and some users who fell for the scam had their computers infected with the Gozi Trojan, which funnels stolen data to a computer server equipped to instantly sell the data to other criminals, according to the security firm SecureWorks.
Some thieves have stuck to the path of least resistance, snaring account user names, passwords and Social Security numbers. Cybercrime groups have gone further, sending tainted links in e-mail and instant messages, and spreading viruses via the direct messaging systems used on the social-networking websites Facebook, MySpace and Twitter.
Facebook encourages users to report any suspicious messages, but there's only so much it — and the other networking sites — can do to stop cybercriminals.
"We'll investigate and take appropriate action, which may include disabling the sender's account and blocking certain links from being posted," says Facebook spokesman Barry Schnitt.
But cybergangs now routinely activate hundreds of accounts by the minute, dedicating them to criminal pursuits.
Tainted links also are increasingly turning up in routine search queries on Google, Yahoo search and Windows Live search. The search companies also say they can do little to stem the rising tide of cybercrime. Google spokesman Jay Nancarrow says only that the search giant has "strict policies" against fraudulent practices, which it takes pains to enforce.
The FBI and Secret Service have created partnerships with police agencies around the world to combat cybercrimes. U.S. agents have been able to infiltrate several organized crime groups to make dozens of arrests, says Shawn Henry, assistant director of the FBI Cyber Division. Even so, "The offense tends to outpace the defense," Henry says. "The cyberthieves are extremely creative."
The threat from insiders
Some cybercriminals have begun to spread malicious programs by corrupting online banner ads. Security firm Finjan reports that new tools being sold on criminal forums can be used to infect online ads that use Adobe's popular Flash player.
The wide availability of such tools — and the fact that thousands of tech-savvy workers are being laid off in today's economy — is raising concerns that some of the jobless might see cybercrime as a way to survive.
"Unemployed IT personnel potentially can find easy income by purchasing and using crimeware," says Finjan CTO Yuval Ben-Itzhak. "We expect a rising number of people will try."
Some novice cybercrooks won't need anything fancier than a Web browser to get rolling. M. Eric Johnson, director of the Center for Digital Strategies at the Tuck School of Business at Dartmouth College, recently tried typing simple search queries, such as "insurance record," in Google and on file-sharing networks Gnutella and LimeWire.
He collected 3,328 files with potentially sensitive medical information; about 5% held data that could be used to fraudulently buy drugs or bill treatments. Data thieves are using such simple steps, too, he says.
Data-stealing gangs could begin reaching out to laid-off or disgruntled employees who know their employers' tech systems, security experts warn. Database security firm Application Security's recent audits of 179 organizations found 56% had suffered at least one data breach in the past 12 months. The survey does not reveal how any particular breach happened.
"It's a three-legged beast," says Pat Clawson, CEO of Lumension Security. "There is an absolute crunch in IT spending, there are more profit-minded hackers, and employees with access to valuable data" are willing to sell access to criminals.
About 75% of the 1,400 tech operations and information management professionals recently surveyed by Lumension and Ponemon Institute said cybercrime remains a major concern, despite efforts to thwart hackers.
"In the next year or two, these challenges will increase in both breadth and depth of threats," says Larry Ponemon, chairman of Ponemon Institute.
'It's so easy'
In a recent episode that reflected the complexity of leading-edge attacks, three different thieves collaborated to steal $99,000 from a credit union, says Tom Miltonberger, CEO of security firm Guardian Analytics.
The first thief pilfered a credit union member's online account user ID and password, and gave it to a second thief. That person then logged on several times to see images of cleared checks and to monitor the balance available on a pre-approved home equity line of credit, says Miltonberger, who investigated the case.
That information went to a third thief, who drew up a forged fax request with instructions to transfer funds from the home equity line of credit into the checking account, and then to wire those funds to another account. Because the forged signature was so good, the credit union carried out the transfer.
No one has been arrested in the case.
In another recent attack, someone acquired the user name and password for a system administrator at CheckFree.com, the nation's largest e-bill payment system. Using those log-in credentials, an intruder gained access to CheckFree's domain name service account — an account that permits the administrator to redirect traffic trying to access CheckFree's home page to other legitimate company pages.
For several hours, the intruder redirected anyone typing www.mycheckfree.com to a Web server in the Ukraine that tried to install a password-stealing Trojan. Although as many as 160,000 customers may have been affected, none had any of his or her data stolen, says Lori Stafford-Thomas, a spokeswoman for Fiserv, the parent company of CheckFree. "CheckFree sites are all up and running properly and securely," she says.
But the attempt was a sign of things to come, says Amit Klein, CTO of security firm Trusteer.
"The moral of this attack is that it's so easy to take over your (website)," Klein says. "I just need to get ahold of your user name and password once. And we all know how easy it is to get your credentials."
Beverage merchandiser Terrazas knows all too well the downside of having one's sensitive data stolen. He says Bank of America covered the illicit charge to his debit card and gave him a new card account number. But he had to alter several other financial accounts to reflect the change, and he no longer trusts using his debit card to pay bills or make purchases online.
"It's a bummer that somebody took my information," he says. "But if I don't want this to happen again, this is what I have to do."
http://www.usatoday.com/tech/news/computersecurity/2009-01-28-hackers-data-scams_N.htm

Here are a couple of back to the usual business, no change regular DC politics.
At least half of Obama's Cabinet chiefs are millionaires
WASHINGTON — At least eight of President Obama's 14 Cabinet secretaries appointed so far are millionaires, most own homes worth far more than the national average, and at least half already spend much of their time in the nation's capital, financial disclosure reports and property records show.
Most of the Cabinet members and nominees own real estate worth more than $1 million and some, like Secretary of State Hillary Rodham Clinton, own more than one million-dollar home, according to public property records.
Federal ethics laws require top presidential appointees to file disclosure reports listing assets and debts in broad ranges. The Office of Government Ethics released Cabinet appointees' reports this week. (You can read the rest at)
http://www.usatoday.com/news/washington/2009-01-28-cabinetfinances_N.htm

'Buy American' Rider Sparks Trade Debate

Proviso Limits Steel, Iron From Abroad
The stimulus bill passed by the House last night contains a controversial provision that would mostly bar foreign steel and iron from the infrastructure projects laid out by the $819 billion economic package.
A Senate version, yet to be acted upon, goes further, requiring, with few exceptions, that all stimulus-funded projects use only American-made equipment and goods.
Proponents of expanding the "Buy American" provisions enacted during the Great Depression, including steel and iron manufacturers and labor unions, argue that it is the only way to ensure that the stimulus creates jobs at home and not overseas.
Opponents, including some of the biggest blue-chip names in American industry, say it amounts to a declaration of war against free trade. That, they say, could spark retaliation from abroad against U.S. companies and exacerbate the global financial crisis. (you can read the rest at)
http://www.washingtonpost.com/wp-dyn/content/article/2009/01/28/AR2009012804002.html?hpid=topnews

Verizon to shut down Internet phone service
January 28, 2009 - 5:25pm
By PETER SVENSSON
AP Technology Writer
NEW YORK (AP) - Verizon Communications Inc. has told customers it is shutting down its VoiceWing Internet-based phone service to focus on other technologies.
VoiceWing will be permanently shuttered on March 31, the phone company told customers in a letter last week. Those who want to keep their phone numbers can move them to other services, but the process may take up to three weeks, so there's not much time to find an alternative.
As with AT&T's CallVantage and the phone services of Vonage Holdings Corp., VoiceWing subscribers got a small adapter that allowed them to place calls by connecting a phone to a broadband Internet line.
Such Voice over Internet Protocol, or VoIP, services sprouted up in the early years of the decade, but have lost steam amid persistent problems with audio quality and a patent litigation offensive from phone companies, including Verizon, against market leader Vonage. Cable companies, meanwhile, have used similar technology to successfully introduce their own phone services.
Deltathree Inc., the VoIP company that ran the back-end services for VoiceWing, is running out of money and has seen its stock delisted from the Nasdaq Stock Market.
The shutdown of VoiceWing "was a business decision based on a number of factors including the strategic fit of the service in our evolving digital voice portfolio," said Verizon spokeswoman Bobbi Henson.
The New York-based company recently announced "The Hub," a multifunction touch-screen home phone that connects to a broadband line. It is also planning to introduce a VoIP service for customers on Verizon's own fiber-optic connections. VoiceWing was available to anyone with an Internet connection.
Henson said VoiceWing was "a niche service that was never mass marketed." The company does not disclose how many customers VoiceWing has, but Henson said it was not material.
AT&T Inc. stopped signing up new subscribers for CallVantage last summer.
http://wtop.com/?nid=108&sid=1587294

Russia, China Blame Woes on Capitalism
Speeches Criticize Inappropriate Policies, Focus on Dollar's Role; Yet Putin Sends Obama Conciliatory Signal
The premiers of Russia and China slammed the U.S. economic system in speeches Wednesday, holding it responsible for the global economic crisis.
Both focused on the role of the U.S. dollar, with China's Premier Wen Jiabao calling for better regulation of major reserve currencies and Russia's Prime Minister Vladimir Putin calling over-reliance on the dollar "dangerous."
Wen Jiabao and Vladimir Putin address the World Economic Forum in Davos.
Speaking on the opening day of the World Economic Forum in Davos, Switzerland, they both urged more international cooperation to escape the downturn. They also talked up the abilities of their own economies to ride out the recession. Mr. Wen said he was "confident" China would hit its 8% growth target for this year even though that was "a tall order."
The Russian and Chinese leaders also called for cooperation with U.S. President Barack Obama, but it was a chilly reception for the new administration that reflected growing anger in economies that are now getting hit hard by a financial crisis that began with subprime mortgages sold in the U.S.
Mr. Putin was characteristically blunt. He called for the development of multiple, regional reserve currencies in addition to the dollar. "Excessive dependence on a single reserve currency is dangerous for the global economy," Mr. Putin said.
The Russian leader mocked U.S. businessmen who he said had boasted at last year's Davos meeting of the U.S. economy's fundamental strength and "cloudless" prospects. "Today, investment banks, the pride of Wall Street, have virtually ceased to exist," he said.
Earlier, Mr. Wen called for an expansion of regulatory "coverage of the international financial system, with particular emphasis on strengthening the supervision on major reserve currencies."
While Mr. Wen never named the U.S., his critique of its failings was as sweeping as Mr. Putin's. The financial crisis, he said, was "attributable to inappropriate macroeconomic policies of some economies and their unsustainable model of development characterized by prolonged low savings and high consumption; excessive expansion of financial institutions in blind pursuit of profit" -- and other excesses.
"The entire economic growth system, where one regional center prints money without respite and consumes material wealth, while another regional centre manufactures inexpensive goods … has suffered a major setback," Mr. Putin said.
Mr. Wen's comments came just days after U.S. Treasury Secretary Timothy Geithner accused China of manipulating its currency for economic gain. The Chinese premier gently, but firmly warned that if Washington and Beijing chose confrontation, both would be losers.
But the different tones of the two speeches, and the fact that Mr. Wen didn't call for replacing the dollar's role as the world's reserve currency but regulating it, reflect crucial differences in the important emerging economies.
A spokeswoman for the U.S. Treasury Department declined to comment on the remarks in the speeches. The White House did not respond to requests for comment.
Many of the attendees at Davos took the remarks from Mr. Putin and Mr. Wen in stride. "The sad thing is is that we might have scoffed at this a while ago. But we really dragged the world down" economically, Alan Blinder, former vice chairman of the U.S. Federal Reserve, said in an interview after the speeches.
The rapid collapse of oil and commodities prices has hit Russia hard on top of the ripples of the financial crisis. The government now forecasts the economy will shrink for the first time in a decade this year, after growing 6% last year.
"In a very real sense Russia has been kicked to the margins, while China has become pivotal to any resolution of the financial crisis," says Bob Lo, Director of the Russia and China programs at the Center for European Reform in London.
Mr. Putin's government has spent $200 billion of hard currency reserves to defend the Russian currency, the ruble. It has spent as much again in a bailout package that amounts to 15% of gross domestic product, one of the largest responses to the financial crisis in the world. Unlike China, Russia's economy is too dependent on commodities exports and too small to play a significant role in any global recovery, says Mr. Lo.
Russia also has negligible trade with the U.S., while Chinese exports are heavily dependent on U.S. consumers and Beijing holds $2 trillion in U.S. debt, prompting a much more cautious approach towards Washington and the dollar in Beijing.
The net effect of falling oil prices and the downturn, however, has been to make Russia more vulnerable and the Kremlin weaker, analysts say. Russian officials have begun to send out more conciliatory signals to the new U.S. administration.
"We wish the new team success," Mr Putin said Wednesday, calling on it to cooperate.
China, too, is suffering from the downturn. Many independent economists, including economists at the International Monetary Fund, question whether Beijing will be able to meet its 8% growth target this year.
Developed nations are increasingly calling for China to do more to stimulate its own economy. On Wednesday, Mr. Wen gave a detailed account of the four trillion yuan ($585 billion) investment program China announced in November. "As a big responsible country" China was actively boosting domestic, and particularly consumer demand, said Mr. Wen.
The headline sum in the program would likely be equivalent to around 3% of gross domestic product in 2009 and 2010. But even government officials aren't promising that much of a boost to the economy. Zhang Ping, the head of the National Development and Reform Commission, in November estimated it would add about one percentage point to GDP growth this year and next.
That may have seemed like a lot at the time, but expectations for global and Chinese growth have rapidly deteriorated since then. Mr. Wen said growth slowed to 6.8% in the fourth quarter from the same period a year earlier. That's a little more than half the 13% gain in 2007, at the height of the boom. Some economists believe China could grow by as little as 5% this year, too little to provide jobs for the graduates flooding into the labor market from Chinese universities and schools each year and a further drag on the global economy.
Less noticed in Mr. Geithner's repetition of Mr. Obama's campaign-trail assertion that China "manipulates" its currency last week was his argument that the long U.S.-Chinese dispute over currency didn't matter as much as getting China to do more to boost its economic growth.
"Given the crisis the immediate focus needs to be on the broader issue of stabilizing domestic demand in China and the U.S.," Mr. Geithner said in his written response to questions during his Senate confirmation process. "A further slowdown in China would lead to a substantial fall in world growth (and demand for U.S. exports) and delay recovery from the crisis."
http://online.wsj.com/article/SB123315961511224575.html

No comments: