Network Security March 20054

NEWS

Fine for Frenchman's exploit A Paris court found Harvard Universityresearcher Guillaume Tena guilty of publish-ing a vulnerability and a proof of conceptvirus for Tegam's Viguard anti-virus producton his website. He received a Euro 5,000 sus-pended fine. French-born Tena highlighted holes in the French anti-virus product and justifiedhis actions in an online diary. Tegam is now pursuing a Euro 900,000 civil caseagainst Tena.

T-Mobile admit hackabilityIt is possible to access and download a person'svoicemail messages or change their voicemailsettings with a simple hack, T-Mobile haveacknowledged. The hack can be done simply if the hackerknows the phone number of the account. It issimple to avoid - simply put a password on thevoicemail account. At the moment this is nota requirement for customers.

No patch is good news?After last month's mammoth security bulletin,Microsoft announced that there would be nosecurity update or patches this month. This is the first time since December 2003that a month has passed without an updatesupplied to users of Windows.

Nuclear security suppliers say noTwo producers of digital systems used innuclear power plants have denounced a USGovernment proposal to enforce security stan-dards to plant safety systems. The proposal, by the US Nuclear RegulatoryCommission, rewrites existing criteria whichdate from 1996. The two firms, CapriTechnology and Framatone claim that the newproposal is too premature and broad to betruly comprehensive for the nature of theirwork.

Massive point drop for ChoicepointShares in Choicepoint dropped by 20% afterit was revealed that identity thieves had stoleninformation from the data vendor. A class action lawsuit against the company andits lead executives has now been filed inCalifornia on behalf of those shareownersaffected by the drop in price.

Security build up for BlackBerryThe Canadian military and US security agencies are working together on a year longtrial to make BlackBerry devices more secure,with a view for using them in top secret communications.The devices have been incredibly popular inthe business community, enabling the user to

be contactable at all times and earning thenickname 'CrackBerry' due to their addictivenature. However, hacking of the devices hasrecently become more common and the mainfocus of the trial is to improve security oftransmissions.

ID theft gang caughtTwenty-eight people have been charged with perpetrating an online fraud scam that is responsible for the theft of £2 million. Scottish police raided over 40 addresses after months of investigations. It is thoughtthat the gang used simple tricks such as steal-ing thrown away documents and watchingpeople type in PIN numbers as well as phishing.

Bank loses tapes for 1.2m workersUS senators and federal workers could havetheir identities stolen following the allegedtheft from the Bank of America of computerdata tapes with the personal information of1.2 million government staff. The lost datainclude social security numbers and accountinformation for a government credit card pro-gramme.Patrick Leahy, one of the senators whose data was on the tapes, has led calls for aSenate inquiry into the need for more regula-tion of companies that buy and sell personaldata.

Gumshoes track shoe shopper ID thievesThe US Secret Service is hunting hackerswho stole the credit card and sales data ofcustomers at 103 of 175 DSW ShoeWarehouse stores owned by Columbus,Ohio-based, Retail Ventures. The firm saidthe data was stolen over the past threemonths, but didn't know how many cus-tomers were affected.

Singapore to spend $23m on cyberdefenceThe Singapore Government is to spend S$38million (US$23.2 million) on a three-year scheme to make the island state safefrom cyber attacks. One in two Singaporeansuses the Internet, and the World EconomicForum rates the island as the world's top ITnation.Singapore's deputy prime minister, Tony Tan,said the Infocomm Security Masterplan willdevelop the manpower to manage risingonline threats and set up an early warning sys-tem for cyber attacks. The plan is to go live in 18 months, providing24x7 tracking and analysis of threats such ascomputer worms and viruses, phishing scamsand hacking attempts.

In brief Close shave for JapanesebankBrian McKenna

Israeli police have foiled an attempt todefraud Sumitomo’s City offices of

£13.9m. They arrested a man who triedto benefit from information got fromkeylogging software. Yeron Bolondi,32, is charged with money launderingand deception.

Meanwhile, the UK payments bodyAPACS has released online fraud figures for the first time. These showthat losses due to phishing and key-log-ging trojans in 2004 amounted to £12m— less than the Israeli's alleged attempt-ed fund transfer.

The Financial Times broke theSumitomo story on 17 March, reporting that rumours of an £220mattempted theft have been circulating in police and corporate circles since latelast year.

Takashi Morita, head of communica-tions at Sumitomo in Tokyo, said thecompany had not suffered any financialloss as a consequence of the robberyattempt.

He said: "The case is still in the middleof investigation so we cannot commentfurther.

The UK’s National Hi-Tech CrimeUnit, which works closely with the Israelipolice, has been credited by the BBCwith the original discovery of a widerplot.

The IT security supplier communitywas fast to comment.

Symantec’s Richard Archdeacon said:“We have seen a meteoric rise in cyberfraud that specifically targets confidentialdata. It’s information warfare”.

Computer Associates’ Simon Perrysaid: "The use of keystroke logging software in this case, sends a strong message to all companies that anti-spy-ware technology is now a first linedefence against cyber-crime”. CA said,in a statement, that this was 'the firstrecorded instance in the UK of key-logging being used for large-scale onlinetheft'.