http://securityratty.com/tag/unwittingly Wed, 01 Aug 2007 15:20:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss http://securityratty.com/article/34baea094931692a960b8cf85d9586fe http://securityratty.com/article/34baea094931692a960b8cf85d9586fe Tue, 29 Jan 2008 21:00:00 +0000 web sites embassy web sites expedia rhapsody variety malware visitors sources unwittingly Expedia.com, Rhapsody.com serving up malicious code http://securityratty.com/article/18d3a8ba34bcdca1b3614c0946dbb500 http://securityratty.com/article/18d3a8ba34bcdca1b3614c0946dbb500 Security Breach

Date Reported:
12/3/07

Organization:
UT-Battelle, LLC

Contractor/Consultant/Branch:
Oak Ridge National Laboratory (ORNL)*

*Oak Ridge National Laboratory (ORNL) is the Department of Energy's largest science and energy laboratory.  ORNL was established in 1943 as a part of the secret Manhattan Project to pioneer a method for producing and separating plutonium. Today, ORNL is home to the world's largest civilian science project, the $1.4 billion Spallation Neutron Source, and has been selected to build the fastest unclassified scientific computer in the world. - Source State Science and Technology Institute

Victims:
"visitors to the lab between 1990 and 2004"

Number Affected:
"about 12,000"

Types of Data:
Personal information including names, addresses, Social Security numbers and dates of birth.

Breach Description:
More than a dozen Oak Ridge National Laboratory employees were duped into installing unauthorized software consisting of keyloggers and other malicious software through a targeted phishing attack ("spear phishing").  The targeted phishing attack consisted of roughly 1,100 emails and resulted in the compromise of personal information pertaining to lab visitors over a 14 year period.

Reference URL:
eWeek.com Story
SecurityFocus.com Story
MyEyeWitnessNews.com Story
Oak Ridge National Laboratory Potential Identity Theft Page

Report Credit:
Oak Ridge National Laboratory

Response:
From the official breach notification site and sources cited above:

Oak Ridge National Laboratory has been bombarded by a coordinated phishing attack aimed at multiple national labs and may have unwittingly handed over to attackers the personal information of anybody who visited the lab over a 14-year span, including Social Security numbers.

"Oak Ridge National Laboratory (ORNL) recently experienced a sophisticated cyber attack that appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country." - Laboratory Director Thom Mason on December 3rd.

"When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees' computers that enabled the hacker to copy and retrieve information. The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory." - Laboratory Director Thom Mason

The attack comprised approximately 1,100 targeted phishing attempts.

The attackers cooked up seven phishing variations, one of which purportedly advertised a scientific conference, another of which posed as a notification about a complaint on behalf of the Federal Trade Commission.

"No classified information was lost"

"If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information. While there is no evidence that the stolen information has been used, the Laboratory deeply regrets the inconvenience caused by this event."

Mason said reconstructing the crime is tedious and time-consuming and will likely take weeks, if not longer. ORNL is attempting to send letters to every visitor potentially affected but may have difficulties due to out-of-date addresses, management said in its advisory.
[Comfyllama] If the reports about this attack originating (or proxying through) China are true, then it is unlikely that a full "reconstructing" will ever be complete.

"every security system at ORNL was in place and in compliance."
[Comfyllama] Compliant DOES NOT MEAN Secure!  Although we all need to be compliant, this doesn't mean that efforts should stop at that.  Do you want to trust the security of your information to a Senator or other lawmaker?

"If you think you're going to prevent all phishing attempts from [succeeding] in an enterprise, that's probably false. And if you think that with training, not a single employee will [click on phishing attempts and let an attacker] get through, that's probably false," - Application Security Vice President of Marketing and Strategy Ted Julian

"There's a million [conduits to data theft], and now that the attackers have gotten much more professional and focused, they only need one to get at the information. You only need one unsecured avenue and they're off and running."

it's likely that employee training about phishing attempts will be given renewed emphasis in the future in order to attempt to close down this particular avenue of data theft.

"While our hope is that no one would fall for these kinds of tricks from hackers, we believe there is an ongoing benefit to re-emphasizing staff awareness about cyber-security issues," "We must not click on e-mail attachments if we are not absolutely sure who the e-mail is from and we must not click on [URLs] embedded in e-mails unless we are certain of the source." - Laboratory Director Thom Mason

The lab has sent letters to about 12,000 potential victims.

"We continue to put in place new and more sophisticated security systems in an attempt to stop thieves who are equally determined to break into the cyber network." - Laboratory Director Thom Mason

Commentary:
Scary!  Supposedly, there is evidence that points to these attacks originating from servers in China and thus these attacks were sponsored by the Chinese government.  I like a conspiracy theory as much as anyone else, but I don't subscribe to this theory.  IF the Chinese government were attacking ORNL, I think the attacks would be much more covert.  

Think about this for a minute.  If I were going to attack a system in the United States without getting caught.  Why wouldn't I use (proxy through) an insecure server located in a country that will not cooperate with U.S. authorities?  In order to find my true location, investigators will need some level of access to the (proxy) server to look through the evidence.  Do you think China (or Iran, North Korea, Russia, etc.) will allow investigators the access they need?  Highly unlikely.  If I were to guess, I would say that this is a sophisticated attack aimed at gathering information for money and probably orginated by one of the more educated "phishing gangs".

I certainly agree with ORNL Application Security Vice President of Marketing and Strategy Ted Julian in the fact that there is likely no way to prevent all avenues of attack, but the risk of this type of attack can be significantly reduced through regular information security training and awareness.  People will be people, no matter what.

Final note, I am curious why ORNL needs to store Social Security numbers in the first place.

Past Breaches:
Unknown



]]> Tue, 11 Dec 2007 10:45:21 +0000 information personal information security store social security retrieve information regular information security security systems cyber-security issues security breach Oak Ridge National Laboratory visitor information exposed http://securityratty.com/article/03d44c7ac66a62064e230a363f9a3bca http://securityratty.com/article/03d44c7ac66a62064e230a363f9a3bca
We cannot help but be enticed by things that are free. Despite knowing at the back of our heads that nothing comes free, we can't seem to shake off the natural hopeful tendency that tempts us to believe that free items have no strings attached.

This is particularly true with the case of unwanted adware and spyware that some of us unknowingly download and infect our systems with. Adware and spyware are programs that are unwittingly installed into our computers because they come bundled with some freeware and shareware programs that are downloadable from the Internet. Computer and Internet users are usually careful about installing suspicious programs that may contain viruses and worms that can disrupt the computer's system.

This is why spyware and adware use deception to get individuals to downloading them either because they are intricately bundled into legitimate parent programs and sometimes, spyware and adware can even masquerade itself as security or computer optimization software to trick one into installing these unwanted programs.

However, in some cases, one doesn't even have to install anything to get the computer system infected with spyware and adware. Simply browsing and visiting certain sites can launch an attack. These adware and spyware programs can be launched due to vulnerabilities in your Internet browser's security. This way, spyware and adware can automatically infect your system without you having to download anything. This is especially true of earlier versions of Internet Explorer because it is intricately connected to the Windows operating system.

For this reason, it is important to free yourself from security and privacy risks by equipping yourself with adequate spyware and adware protection.Spyware and adware at the very least can cause you annoyance from unwanted pop up advertisements that can erratically appear on your computer monitor. In moderate instances though, your privacy can be greatly compromised since spyware can track your Internet habits. However, severe cases can mean a serious attack on your security against identity theft and fraud.

While you indeed should be wary of free programs, there are some free spyware and adware protection programs that you can use manage your Internet risks properly. There's Ad-Aware SE Personal, Spybot S&D, IE-SPYAD, Spyware Blaster, HiJack This, XP-AntiSpy, and X-Cleaner are some of the more popular free spyware and adware protection programs. Before trying out some other free spyware and adware protection program though, you should make sure of its legitimacy.

There are rogue spyware or malware that are disguised as security software. Before trying these out, you should do your research and ask around for recommendations. Dependable and secure free spyware and adware protection programs however are vital protection needed in every computer. These free spyware and adware programs work in two ways. The first is by providing real time protection by proactively preventing new spyware and adware from infecting your system.

The other type of protection provided by free spyware and adware programs is the detection and eradication of existing spyware and adware that is already installed in your computer. Not all free spyware and adware protection programs are created equal. Some of the free spyware and adware protection programs mentioned above can only do one type or protection and some can do both. It is better to get a free spyware and adware protection program that can do both for better value and risk management.]]> Wed, 01 Aug 2007 15:26:00 +0000 free adware protection adware free items secure free spyware adware protection programs free programs spyware spyware programs The High Price of Things that are Free http://securityratty.com/article/803c01f00e1bafa60d8114d01b055c7e http://securityratty.com/article/803c01f00e1bafa60d8114d01b055c7e
An individual who uses a computer with an Internet connection pretty much practices caution when downloading programs from the Internet and email because of the threat of viruses and worms. These malicious program codes and programs can cause your system to become unstable and worse yet, after it has spread within your system, it further infects other systems connected to yours.

This is why any sensible computer user has anti virus programs installed in one's computer for protection against attacks from viruses and worms that proliferate the Internet. The good thing about viruses and worms is the fact that it is easier to spot them trying to get into your system. For instance, a virus or worm can try to enter your system through a suspicious attachment usually from an unknown source. By now, most Internet users know better than to open suspicious attachments. Also, rigorous anti virus programs can scan attachments before you can open them so that your risk against viruses and worms are properly managed.

However, as an Internet user, you have more to worry about than viruses and worms. Unfortunately, anti virus programs are not designed to detect other types of threats and if you are not careful, you may unwittingly install adware and spyware into your system and once this happens, uninstalling these programs can become problematic. For one thing, most spyware can go undetected in your system. You will continue on your regular computer and Internet habits without realizing that your privacy is immensely violated and your security is greatly hindered.

Since spyware can go undetected and you can continue to use your computer and the Internet as usual, there is no need to worry about uninstalling spyware, right?
Wrong.

Spyware in mild cases infringes on your privacy because it can track and take note of your usage patterns and these information are reported back to the company that created the spyware so that they can build marketing profiles. More than that though, some spyware have the ability to register and take note of key strokes, scan documents within your computer's hard drive, and can steal your passwords and other sensitive information that can make you the victim of identity theft and other situations where your personal information can be used to compromise your security.

On the other hand, adware is used by companies to infect your computer with unsolicited ads. The most problematic kinds are the ones that indiscriminately pop ads on to your screen even if you are not viewing their site or using the parent program that launched the adware. In fact, in some cases, adware continues to work into your system long after you uninstalled the program it came bundled with.

Given the security risks, the invasion of your right to privacy, and the annoying effects of spyware and adware, you will be wise to uninstall these programs from your computer. However, to uninstall adware and spyware from your system is not such a simply task.

For one thing, companies that proliferate the Internet with spyware and adware go to great lengths to ensure that uninstalling them from your system can be difficult. For instance, in most cases, you will be unable to use legitimate software if you attempt to uninstall the adware or spyware it comes bundled with. Adware and spyware are usually bundled with legitimate freeware or shareware and cannot run independently of each other.]]> Wed, 01 Aug 2007 15:23:00 +0000 computer adware adware continues internet internet connection pretty spyware anti virus programs unwittingly install adware regular computer Disable Your Computer's Parasites http://securityratty.com/article/5b2d9fa54b2a64b4a4082b9a3a3108a0 http://securityratty.com/article/5b2d9fa54b2a64b4a4082b9a3a3108a0
The Internet is a powerful tool that provides everyone online a way to be connected to each other, gather a lot of information and enjoy convenient services like online shopping and banking. However, many of us Internet users are at constant risk of adware and spyware downloads that make us extremely vulnerable to malicious acts.

We often unknowingly fall prey to adware and spyware downloads as we innocently use the Internet. These adware and spyware downloads can come bundled with some freeware programs we use and sometimes, simply browsing a site puts us at risk. The business of being infected with unwanted adware and spyware downloads can be very serious. Some adware and spyware or malware proliferate the Web to infect our computer systems which gives us no control over unsolicited pop ups as part of targeted market efforts.

On extreme criminal cases however, spyware called malware, is used to take note of keystrokes, scan our computer's hard drive and steal important passwords and financial information. The information gathered covertly is used for identity theft, which can cause us major headache and at least thousands of dollars to clear our names.

These adware and spyware are unknowingly infect our computers and most of the time, we don't even know that they there. However, you can start becoming suspicious of adware and spyware downloaded into your system when you begin to have uncontrolled pop-ups from unsolicited sources. Sometimes, even without the telltale pop up ads you may notice a suspicious slow down in your computer's processing without any apparent reason. Your system slows down because these adware and spyware parasitically use up your system's resources to be able to perform their functions.

The only way you can be sure if your computer system is infected with adware and spyware downloads is by installing an anti spyware program that will detect and flush out the unwanted programs. The proper anti spyware can also prevent future adware and spyware downloads. You need to choose an anti spyware program that does both.

Be wary of downloading anti spyware on the Net because some spyware are disguised and marketed as a free anti spyware.

One more thing you can do to protect yourself from unwittingly downloading adware and spyware programs is to read the fine print. When installing a new program into your computer, you are asked to tick off an option of whether you agree or disagree with the programs end user license agreement (EULA). Do yourself a favor and read what is written in the agreement before agreeing to proceed in the installation. Many shareware and freeware programs come bundled with spyware and adware programs and in some cases you can learn about them by reading the agreement carefully.

Because adware and spyware come bundled with your download, these programs will not run independently of the spyware it comes with. This means that if you have a good anti-spyware system installed in your computer, you won't be able to install the infected program.

Consequently, if an existing program infected with spyware is in your system, your anti spyware system will attempt to remove the infection. Since most spyware are closely bundled into certain programs, the removal of the spyware may cause the legitimate program it comes with to stop functioning as well.]]> Wed, 01 Aug 2007 15:20:00 +0000 anti spyware program anti spyware free anti spyware proper anti spyware anti spyware system spyware spyware downloads spyware programs anti-spyware system Covert Online Spies