[SecurityRatty] tag: scotland

Keeping America Safe from Terrorism by Monitoring Distillery Webcams

Fri, 31 Oct 2008 08:15:49 +0000

We had an email recently from an observer "curious as to why the webcam that was inside the shop/bar is no longer there, or at least, functional". The email was from the Defense Threat Reduction Agency in the United States.
When we replied that it was simply a short term technical problem, we asked why on earth they could be interested in the comings and goings of a small Distillery off the West Coast of Scotland. Were there secret manoeuvres taking place in Loch Indaal, or even a threat of terrorists infiltrating the mainland via Islay?

The answer we received was even more surreal. Evidently the mission of the DTRA is to safeguard the US and its allies from weapons of mass destruction -chemical, biological, radiological, nuclear and high explosives. The department which contacted the Distillery deals with the implementation of the Chemical Weapons Convention, going to sites to verify treaty compliance. Funnily enough chemical weapon processes look very similar to the distilling process and as part of training there is a visit to a brewery for familiarization with reactors, batch processors and evaporators. As they said, it just goes to show how "tweaks" to the process flow or equipment, can create something very pleasant (whisky) or deadly (chemical weapons).

As they say: "In the post-Cold War environment, a unified, consistent approach to deterring, reducing and countering weapons of mass destruction is essential to maintaining our national security. Under DTRA, Department of Defense resources, expertise and capabilities are combined to ensure the United States remains ready and able to address the present and future WMD threat. We perform four essential functions to accomplish our mission: combat support, technology development, threat control and threat reduction. These functions form the basis for how we are organized and our daily activities. Together, they enable us to reduce the physical and psychological terror of weapons of mass destruction, thereby enhancing the security of the world's citizens. At the dawn of the 21st century, no other task is as challenging or demanding".

Global Dispatches

Mon, 01 Sep 2008 03:33:25 +0000

Global Dispatches: Infosys to acquire U.K. SAP services firm; Lost laptop contains data on Royal Bank of Scotland customers.

Bank Details of 1 Million Customers Sold on eBay

Wed, 27 Aug 2008 10:35:34 +0000

Personal details of more than 1 million customers of Royal Bank of Scotland, American Express and NatWest are found on a computer sold on auction site eBay.

Best Western Rebuts Claims of Massive Data Breach

Wed, 27 Aug 2008 09:45:00 +0000

Best Western International and the Sunday Herald newspaper of Scotland are duking it out over a story which reports that a hacker stole the records of 8 million customers from the hotel chain's global network in the "the greatest cyber-heist in world history." Best Western says 10 people were affected at one hotel.

Erase Your Hard Drives Before Selling Them

Wed, 27 Aug 2008 06:48:00 +0000

Sounds like a no-brainer, but it’s a lesson that some large companies still have to learn.

IT manager Andrew Chapman purchased a used drive on eBay, for just 77 British pounds, only to find that it contained the financial history and information for several million people, customers of the Royal Bank of Scotland (RBS) and its subsidiary, Natwest. Luckily for them, Chapman had their best interests at heart and reported the problem, rather than selling or using the information.

According to Evan at the Breach Blog:

The University of Glamorgan conducted research about hard drives bought on eBay that contained sensitive information and published their findings in September 2007. If people don’t think that criminals are buying hard drives on eBay, searching for sensitive information (personal information, health information, corporate secrets, intellectual property, etc.), then they are deluded

Click here to read the full article.

Your 419 Mail Roundup

Wed, 02 Jul 2008 13:11:42 +0000

A handful of scam mails currently in circulation, including one mention of "groundnut oil" that seems so bizarre I had to highlight it in bold text. All this and more, after the jump...
Subject:
FROM THE DESK OF MR. STEVEN JAMES
From:
"Steven James"
Date:
Mon, 30 Jun 2008 19:17:03 +0100
BCC:

FROM THE DESK OF MR. STEVEN JAMES
CHAIRMAN INTERNATIONAL RELATION
FIRST BANK OF NIGERIA PLC
# 1 BANK ROAD WUSE FCT
ABUJA-NIGERIA.
PHONE: +234-80-66520277
Email: stevenjames809@live.co.uk

Very Urgent Attention,

Please permit me to introduce my humble self to you, my name is Mr. Steven James, I am the Manager of International Relation with First Bank of Nigeria Plc, I 'm 38yrs old, and I got your email address from a friend of mine, and my confidence reposed on you. I hope you read this message carefully and reply me immediately. Although we have not met before, but I suggest that this transaction will bring us together.

My dear, we had a customer, a foreigner but base here in Nigeria, his Name was Mr. Hamilton Creek. He is from Atlanta Georgia United State of America, but based here with his wife and his two children, Mr. Hamilton has being banking with us for the past 4yrs and some time in August 2002, Mr. Hamilton was on his way to his house, and unfortunately ran into a Trailer load of Groundnut Oil, and died   immediately, Their car got burnt, no single soul was saved, Mr. Hamilton Creek and His entire family was confirmed dead.

My Board of Directors and the Management of First Bank has mandated and instructed me to look for Mr. Hamilton Creek? Relation(s) and his Next of Kin to come and claim his fund, Since August 2003 till date, I have been looking for his relation's or his next of Kin to come and claim his fund which he Deposited with our bank, I have contacted his Embassy and after 3days, his Ambassador told me that Mr. Hamilton Creek has no relation and no next of Kin, their Ambassador told me that he used his first son as His next of kin, but it is quite unfortunate that Mr. Hamilton Creek Died with all his family members.

The reason why I contacted you is thus, Mr. Hamilton is dead, and his only son who supposed to inherit his properties and money also died with him. As at this moment, nobody or person[s] is coming to   claim this Money from our bank. The Board of Directors and management of our bank told me that if nobody or person[s] apply for the claim of Mr. Hamilton Fund, the bank will return the entire Fund into our Federal reserve. In the Light of the above, I want you to stand as the next of kin to Late Mr. Hamilton Creek; it might interest you to know that he had a Domiciliary Bank Account with our Bank and he has a total sum of US$9.2M Nine Million Two Hundred thousand Dollars, this is the exact amount which he had in his domiciliary account before the ugly incident occurred, and this money is still in his account as unclaimed money.

This transaction is very easy and simple, and it is 100% risk free, I'm the Manager for International Relations with First Bank of Nigeria Plc, and the Management and Board of Directors of the Bank are waiting for me to provide to them the Relation or next of Kin to late Mr. Hamilton Creek, of which I told them that I am still searching the next of kin to the deceased. Finally, if you are interested with this transaction, I will front you to the bank as the only next of kin to late Mr. Hamilton Creek, and I will let the bank know that you are the only right person to inherit Late Mr. Hamilton Funds and properties. If you are interested, just email me or call me on my   direct and private line#: +234-80-27536038 and late Mr. Hamilton's Funds will be credited into your account and all his Properties will be released to you either through Courier Services or the Bank will Cargo all his properties to you in any were you want it.

So reply me immediately and feel free to ask any question with regards to this transaction. You will take 50% of the US$9.2M. Which is? US$4.600, 000.00 Four Million Six Hundred Thousand Dollars, while the Balance of the same amount will be mine.

Your swift response will be highly appreciated.

Thanks and have a nice day.

Friendly Regards

Mr. Steven James

*******************************************************************************************

Subject:
REPRESENTATIVE NEEDED
From:
DFS SALES LTD UK
Date:
Tue, 01 Jul 2008 23:00:55 +0800
To:
undisclosed-recipients: ;

COMPLIMENT OF THE DAY TO YOU.

I am PETER WOODS from DFS SALES LTD UK.(
Website: www.dfs-online.co.uk ) Visit our site

We are into furnitures and we sell shares to people in
Canada,America, Australia and Europe.

We are in need of a book keeper. someone who can represent our company
in his/her country.

Our client in your location will contact you and make the company
payment to you.

You will be entitle to 11% of every payment been made out to you.

This is because most of our officer are from china and they do not

understand english very well.its hard for them to contact our
customers.

Our head office is located in CHINA. But we have a sub-office in the
uk.

If you are interested, Kindly send the entries for more understanding.

NAME IN FULL :.........
COMPANY NAME: .....
POSITION:......
FULL ADDRESS: .......
CITY/TOWN:........
STATE:............
ZIP CODE:........
COUNTRY:.......
MOBILE:.......
HOME TEL: .....
EMAIL ADDRESS: ........
OCCUPATION: ...........
BANK NAME :.......
AGE:............

You are to send the above details to

NAME : PETER WOODS.
EMAIL : dfs_woods@yahoo.co.uk
PHONE NUMBER : +44-704-575-0212

HOPE TO HEAR FROM YOU

*****************************************************************************************

To:
undisclosed-recipients:;

Good day!!!

We have been waiting for you since to contact me for your Confirmable Bank Draft of ?18 Million (Eighteen Million Pounds sterling) but we did not hear from you since for a couple of weeks now. Then we went to the bank to confirm if the draft that expired or getting near to expire and Metropolitan Police Uk told us that before the funds will get to your hand that it will expire.So I told him to cash the ?18 Million (Eighteen Million Pounds sterling) to cash payment to avoid losing this fund under expiration as I will be out of the country for a 6 Months Course.

What you have to do now is to contact FED EX COURIER SERVICES as soon as possible to know when they will deliver of your funds to you because of the expiring date. For your information we have paid for the delivering Charge Insurance premium. The only money you will send to the FED EX COURIER SERVICES to deliver your cheque direct to your postal Address in your country is ?250.00 being Security Keeping Fee of the Courier Company so far. Again don't be deceived by anybody to pay any other money except ?250.00 for the Security Keeping Fee.We would have paid that but they said no because they don't know when you will contact them and in case of demurrage. You have to contact FED EX COURIER SERVICES now for the delivery of your Draft with this
information below:

CONTROLLER: Mrs.Helen Williams
NAME: FED EX COURIER SERVICES
ADDRESS: fedexofficeuk@gmail.com
PHONE NUMBER: +447024080684

IF YOU ARE THE OWENER OF THE FUNDS AND YOU WILL SEND YOUR INFORMATION TO US SO THAT WE CAN DELIVERY YOUR FUNDS TO YOU WITHIN THE NEXT 84HRS TIME.IF YOU DO NOT RECEIVED YOUR FUNDS WITHIN THE NEXT 72HRS TIME AND YOU REPORT US THE UK FBI AND THE METROPOLITAN POLICE (SCOTLAND YARD) or YOU CONTACT YOUR LAWYER TO TAKE UP PROCEDURES AGAINST US.

Let me repeat again try to contact them as soon as you receive this mail to avoid any further delay and remember to pay them their Security keeping fee of ?250.00 for their immediate action. The FED EX COURIER SERVICES don't know the contents of the funds. This is to avoid them delaying with the funds.

Thanks as you contact them today.

Yours Faithfully

Mrs Helen Williams.

(The above actually comes with a nifty graphic that they've thrown in, thinking it makes it all look more legitimate. It doesn't, but here it is anyway):

....altogether now: oooooh. A slightly shorter 419 roundup than usual, but I'm sure I'll have piles of the things next week.

The Continuing Slide Towards Thoughtcrime

Tue, 18 Mar 2008 11:12:43 +0000

A suggestion from the UK of putting primary-school children in a DNA database "exhibit behaviour indicating they may become criminals in later life."

Pugh's call for the government to consider options such as placing primary school children who have not been arrested on the database is supported by elements of criminological theory. A well-established pattern of offending involves relatively trivial offences escalating to more serious crimes. Senior Scotland Yard criminologists are understood to be confident that techniques are able to identify future offenders.
A recent report from the think-tank Institute for Public Policy Research (IPPR) called for children to be targeted between the ages of five and 12 with cognitive behavioural therapy, parenting programmes and intensive support. Prevention should start young, it said, because prolific offenders typically began offending between the ages of 10 and 13. Julia Margo, author of the report, entitled 'Make me a Criminal', said: 'You can carry out a risk factor analysis where you look at the characteristics of an individual child aged five to seven and identify risk factors that make it more likely that they would become an offender.' However, she said that placing young children on a database risked stigmatising them by identifying them in a 'negative' way.

Thankfully, the article contains some reasonable reactions:

Shami Chakrabarti, director of the civil rights group Liberty, denounced any plan to target youngsters. 'Whichever bright spark at Acpo thought this one up should go back to the business of policing or the pastime of science fiction novels,' she said. 'The British public is highly respectful of the police and open even to eccentric debate, but playing politics with our innocent kids is a step too far.'
Chris Davis, of the National Primary Headteachers' Association, said most teachers and parents would find the suggestion an 'anathema' and potentially very dangerous. 'It could be seen as a step towards a police state,' he said. 'It is condemning them at a very young age to something they have not yet done. They may have the potential to do something, but we all have the potential to do things. To label children at that stage and put them on a register is going too far.'

Computer Misuse in Scotland

Thu, 14 Feb 2008 17:25:22 +0000

Last June I explained that the Computer Misuse Act 1990 would not be amended until April 2008 — because the amendments introduced in the Police and Justice Act 2006 were themselves to be amended by the Serious Crime Act 2007, and that was not expected to come into force until then. Also, right at the end of 2007 the CPS published their guidance on how these new offences might be prosecuted.

Now Clive Feather draws my attention to a rather significant difference in the way that the law stands in Scotland.

Although on the face of it, both Acts do not extend to Scotland (Computer Misuse is a devolved matter) in practice the Scottish Parliament has used a Sewel motion (here for the Police and Justice Act, and here for the Serious Crime Act) to keep the law in both jurisdictions the same…

HOWEVER — as Clive points out — for some currently unknown reason the Scots brought the first version of the amendments into force on 1st October 2007 with this statutory instrument.

So North of the Border the law is currently different: you can prosecuted for denial-of-service attacks and locked up for distributing hacking tools… whereas in the rest of the country, it’s 1990 offences only for a few more weeks.

The changes that arrive in April with the Serious Crime Act won’t make much difference to the people of Scotland, all that happens is that one of the new offences stops being computer-specific and is more broadly drawn instead. Still, it makes you wonder why the denial-of-service offence particularly — which has been widely welcomed — has been delayed for over a year; if the Scots can cope with two law changes rather than one.

BTW: Clive has a marked up copy of the Computer Misuse Act on his website, with pretty colours to show the current form of the Act (it’s been amended a number of times now) and how it will soon look.

Mike Rothman - The 419

Fri, 08 Feb 2008 03:31:00 +0000

I do get some random stuff in my email, but this one takes the cake. Evidently, someone calling themselves Mike Rothman is running a 419 scam. Here is the message, then we can decompose it to see the typical "tells" that indicate that there is a REALLY high likelihood the message is bogus.

From: XXXXX
To: mike_rothman@XXXXXX
Subject: RE: Att.
Date: Thu, 7 Feb 2008 22:36:52 +0100

Dear mr Rothman,

I do not know you either, so I will send you some pictures of my estate in Germany, you can look at it at google earth from above. Sended you the adress before.

XXXXXX
Barendorf
Germany

#############

My age is 50, married with a German Lady, having two Sons.

Further, I 'am not interested in the company you are working for, only how to get the money to Germany. BUSINESS ! ! !

Now it's your turn.

Sincerely

XXXXXXXXXXX

From: mike_rothman@XXXXXX
To: XXXXXXXXX
Subject: Att.
Date: Thu, 7 Feb 2008 21:25:38 +0100

Att. XXXXX,
I received your quick response to my proposal. To formally introduce my self to you, I am an old top banker and have worked with Scottish Investment Trust for so many as one of their fund manager. I am an international staff, presently in Scotland office.
Scottish Investment Company is registered in Scotland number 1651. I started work with SIT 2004 and I am responsible for the European Jurisdiction Equity. I was with Abbey National Asset mangers before I moved to SIT, and a member of CFA institute.
I graduated from University of Dundee and Edinburgh where I got my BSc and MBA in civil engineering respectively.
First, I believe it is necessary for me to express my profound gratitude to you for even responding to my email with interest. I am obliged to you for your gracious concern and I hope your assistance is really genuine, although through your email I would know if I could count on you at least to an extent.
I sincerely, appreciate your interest to assist me in this project. I need a reliable foreigner who would be of assistance to me in order to have the funds transferred.
However, I would like to be convinced of your willingness, commitment and most of all your trustworthiness to execute this deal with me. I certainly cannot compromise any of these virtues, you know what I mean, and I have my principles.
Without doubt, you will eventually earn the benefits or our partnership if we are able to work things out and have the funds relocated within couple of weeks or thereabout and thereafter disbursed to your other respective accounts.
Indeed, it is necessary for me to be certain of the person to whom I will be entrusting this deal, my trust will definitely not be given out lightly, I need to be fully convinced that you are a matured person with some integrity, we should at least have respect for each other, this I would say is very essential.

Scottish Investment Trust (SIT) was founded in 1887; The Scottish Investment Trust (SIT) today is one of the world’s oldest and largest independent, self-managed investment trusts with assets of over £45 billion at 30 September 2007.
We have been working to provide solid returns for investors for over 115 years - through a number of bull and bear markets and the most volatile conditions. Our approach has generated real long term growth in both capital and income.
When you invest in SIT you are buying shares in a company that invests in the stocks and shares of companies on the world's major stockmarkets. Your investment has the potential to grow both through incomes from dividends and through capital growth from increases in share price.
SIT has a diversified equity portfolio and invests in a broad spread of international equities. Although there is always an element of risk involved in any stockmarket investment, we aim to lower this by spreading investment over numerous companies and sectors around the world, while actively searching for opportunities to benefit our investors and maximise returns.
We aim to provide steady growth in both capital and income, whilst prudently spreading investment risk. We consider these to be the key requirements for anyone seeking a solid core holding for their investment planning.

However, in my First Email Proposal to you, I stated that the said funds came out as a result of the following:
""I handle all our Investor's Direct Capital Funds and secretly extract 1.3% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the Investor's Magellan Capital Funds.
As an expert, I have made over £27.4m from the Investor's EMRCP and hereby looking
for someone to trust who will stand as an Investor to receive the funds as Annual Investment Proceeds from Scottish Magellan Capital Funds.

EXPLANATION: I have more than 158 Corporate Investors attached to my PORTFOLIO who’s Capital Investment Funds are been managed and administered by me alone.
This Capital Investment Funds has a value of US$5.4Billion FIXED. The $5.4billion is been used for trading in Stock Market, Crude Oil and Lending with Profit Returns.
Every Year, each Corporate Investor is expected to receive 20% interest from his total Investment Capital Funds which is paid to the Investor annually as their Excess Maximum Return Capital Profit (EMRCP). However, I made average of 21.3% from the Investor's Investment Capital Funds annually, which have exceeded our targeted 20% of Total Investment Capital Funds. On this note, I retained the extra 1.3% from the 21.3% as my personal profits for managing the Capital Investment which is this £27.4m. On the other hands, I cannot claim this funds without presenting someone to stand as an Investor otherwise our Establishment will convert the funds into the Company's Treasury. This is why I came to you for the deal to take place.
DURATION: If you are very serious as I am, we will have this transaction concluded with 25 Banking days from the date of start.
However, for such a business of lofty magnitude, I think the most important thing is for us to build a strong association between each other so that I can be able to trust you because I have been betrayed by so many people even by my co workers that I have now decided to play my cards very close to my chest. I will like this deal to be secret and confidential. No third party. Just between you and me. Do not discuss it with any Scottish Investment staff to avoid jeopardizing my work and position.

Before we go into this deal, I will like to know about you.
Following this mail, send me your telephone number so I can call you to discuss on the modalities of the transaction. You may as well call me on my number +4XXXX so that we can discuss on the modalities of the transaction.
Sincerely
Mike Rothman

From: XXXX
To: mike_rothman@XXXXX
Subject:
Date: Thu, 7 Feb 2008 13:09:36 +0100

Dear mr. Rothman,

I'am a businessman, Dutch, living and working in Germany have several companies.

off course I'am interested for the 30%.

When this is phishing I'am not interested and can you better try to find someone else.
I will not pay any money for taxes, transport, lawyers, barristers or others.

Sincerely

XXXXXXX

To be clear, I haven't called the numbers to truly verify it's a phishing scheme. Who has time for that? But this message would have been on the express train to the circular bin for a couple of reasons:

The complicated story - The scammer uses a fairly complicated story, which would really require an investment professional to figure out whether it's kosher or not. But all that complicated vernacular contributes to building a credible front in the form of the Scottish Investment Trust, which is a global and well known investment house.
The request for "confidentiality" - The fact that this guy is claiming that he's got some additional funds because he "out-performed" sound like a hoax to me. Also the fact that he's requested confidentiality, even from other SIT personnel means this is a ruse.
The fact that he needs a "foreigner" to place the money - Again, this just sounds funky. If he outperformed the expectation, I'm sure he'd be due a nice bonus from SIT. Not an illicit $35 million dollar payout that he needs to get out of the country.
Other inconsistencies - You can't see the domain (I removed it), but it's a public email service in Australia. Yet the phone number he provided (I removed that also) is in the UK. These are inconsistencies that you need to catch.

But most of all USE YOUR HEAD. Seriously. Even if you play the lottery, you need to take action to buy the ticket. Beware of strangers offering gifts in the millions of dollars. If it sounds too good to be true, it pretty much is.

Instead the victim shared information about his life and family. He attached pictures of his house and put in addresses and phone numbers (which I removed to protect the idiotic). It's just ridiculous.

As Barnum said, there is a sucker born every minute. Don't you be one of them.

Photo credit: http://www.flickr.com/photos/jepoirrier/2046188221/

Al Qaeda Recruiting Non-Muslims

Thu, 24 Jan 2008 05:55:00 +0000

This is an about non-Muslims being recruited in the UK:

As many as 1,500 white Britons are believed to have converted to Islam for the purpose of funding, planning and carrying out surprise terror attacks inside the UK, according to one MI5 source.

This quote is particularly telling:

One British security source last night told Scotland on Sunday: “There could be anything up to 1,500 converts to the fundamentalist cause across Britain. They pose a real potential danger to our domestic security because, obviously, these people blend in and do not raise any flags.

Because the only "flag" that can possibly identify terrorists is that they're Muslim, right?