[SecurityRatty] tag: week

Russian Hackers To Lithuania: All Your Base Are Belong To Us

Sat, 05 Jul 2008 14:36:26 +0000

Hundreds of Lithuanian government and corporate Web sites were hacked and plastered with Soviet-era symbols and other digital graffiti this week in what appears to be a coordinated cyber attack launched by Russian hacker groups.

Daily Mail publisher admits to stolen laptop

Sat, 05 Jul 2008 08:55:49 +0000

Technorati Tag: Security Breach

Date Reported:
7/4/08

Organization:
Daily Mail and General Trust plc

Contractor/Consultant/Branch:
Northcliffe Media
Associated Newspapers Ltd

Victims:
Staff, suppliers and contributors

Number Affected:
"thousands"

Types of Data:
"name, address, bank account number and bank sort code"

Breach Description:
"Daily Mail publisher Associated Newspapers has admitted that a laptop containing financial and personal details of thousands of staff, suppliers and contributors has been stolen."

Reference URL:
ComputerWorldUK
Guardian News (UK)
Guardian News (UK) additional info

Report Credit:
Guardian Newspaper

Response:
From the online sources cited above:

Daily Mail publisher Associated Newspapers has admitted that a laptop containing financial and personal details of thousands of staff, suppliers and contributors has been stolen.

A Daily Mail & General Trust spokeswoman said: "DMGT confirms that a laptop company computer containing certain confidential information was stolen last week.

After months of criticising "criminally careless" government departments for losing confidential records, the company has been forced to send out an embarrassing letter telling journalists they may now be at risk of identity theft
[Evan] This is the same Daily Mail managed by Associated Newspapers that according to The Guardian "has been at the forefront of coverage of the recent bank and government department missing data scandals". It would be very difficult for Associated Newspapers to claim that they didn't know any better than to store confidential information on a poorly protected laptop.

Details such as names, addresses, bank account numbers and sort codes were on the laptop

the laptop was "password protected" but tell recipients to contact their banks and also "consult the government website ... for advice on avoiding or dealing with identity theft"
[Evan] The mention of password protection is nothing more than an effort to minimize the effect of the breach. It does very little (if anything) to protect the personal information.

In a letter to those who details were affected, Simon Dyson, finance director at Daily Mail publisher Associated Newspapers, and Martyn Hindley, his counterpart at sister company Northcliffe, said it was likely that the details had been erased by the thief.
[Evan] How is the conclusion drawn? I don't see how there could be enough information to determine what the thief was likely to do.

From the letter to affected persons from the Associated Newspapers group finance director, Simon Dyson, and his Northcliffe counterpart, Martyn Hindley:

"Unfortunately one of the company's laptops has been stolen."

"The contents included personal data, some of which related to you."

"The laptop was password-protected. "
[Evan] So what? This won't adequately protect the information on the laptop, so why mention it?

"We are writing to you as quickly as possible to alert you to the fact that the theft has happened and to inform you of the data types lost, so that you can take appropriate action."
[Evan] I guess we should give some credit for the quick notification, if nothing else.

"In your case, your name, address, bank account number and bank sort code were the sensitive information lost."

"The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen."
[Evan] This is nothing more than speculation. I can't imagine that there are any specific facts for which this conclusion is based on.

"We have, of course, notified the police of the theft of the laptop and are talking to the Office of the Information Commissioner about what has happened."

"On behalf of the company, I would like to offer my sincere apologies for any annoyance and inconvenience to you that this breach of security may cause."

"I can assure you that we take security of personal data very seriously and have, since this incident, which was inadvertently caused by a technical issue, already further strengthened procedures."
[Evan] This breach was caused by a "technical issue"? Like what? I presume that the technical aspects surrounding this breach were working exactly as they were designed to in the manner of which that they were implemented. Without further elaboration, "strengthened procedures" is subjective and means little. Organizations should offer details, instead of general statements in order to bolster some sense of confidence.

Commentary:
This breach must be embarrassing for Associated Newspapers. A breach like this should be embarrassing for any organizations. Unencrypted lost of stolen laptops storing personal (or other confidential) information is a pretty well-known risk nowadays. An unacceptable risk for most.

Past Breaches:
Unknown

Lithuania: Attacks focused on hosting company

Fri, 04 Jul 2008 09:00:00 +0000

A vulnerability in a Web server contributed to attacks on some 300 Web sites in Lithuania earlier this week, a ...

Hundreds of Thousands of Laptops Lost at U.S. Airports Annually

Fri, 04 Jul 2008 04:20:38 +0000

This is a weird statistic:

Some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday. Laptops are most commonly lost at security checkpoints, according to the survey. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65 percent of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-sized airports, and 69 percent are not reclaimed. Travelers seem to lack confidence that they will recover lost laptops. About 77 percent of people surveyed said they had no hope of recovering a lost laptop at the airport, with 16 percent saying they wouldn't do anything if they lost their laptop during business travel. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information.

I don't know how to generalize that to a total number of lost laptops in the U.S.; let's call it 750,000. At $1,000 per laptop -- a very conservative estimate -- that's $750 million in lost laptops annually. Most are lost at security checkpoints, and I'm sure the numbers went up considerably since those checkpoints got more annoying after 9/11. There aren't a lot of real numbers about the costs of increased airport security. We pay in time, in anxiety, in inconvenience. But we also pay in goods. TSA employees steal out of suitcases. And opportunists steal hundreds of millions of dollars of laptops annually.

Lithuania: Attacks focused on hosting company

Thu, 03 Jul 2008 20:00:00 +0000

A vulnerability in a Web server contributed to attacks on some 300 Web sites in Lithuania earlier this week, a computer security expert said on Friday.

Visualized Storm fireworks for your 4th of July

Thu, 03 Jul 2008 16:54:00 +0000

As expected, the Storm botnet maestros have queued up some pwnage for your 4th of July.
See the SANS diary for all the details.
Upon receipt of my first fireworks.exe sample this evening, I went through the standard routine and ran it through the analysis mill. Like the ISC said, not much new here, but if you'd like the nitty-gritty, I've put the analysis report here, the peers config list here, and the pcap here.
However, what I was really inspired to do this evening was visualize the pcap with Raffael Marty's AfterGlow. His new book, Applied Security Visualization, is coming out next month, so we can turn old Storm news into a celebration of the 4th and the pending release of Applied Security Visualization. By the way, Raffael's visualization workshop slides from the 20th Annual FIRST Conference in Vancouver, B.C. last week are here, and mine regarding Malcode Analysis for Incident Handlers are here.
So, a little AfterGlow magic,
tcpdump -vttttnnelr /home/rmcree/pcap/fireworks.pcap | ./tcpdump2csv.pl "sip dip ttl" | perl ../graph/afterglow.pl -c /home/rmcree/afterglow/src/perl/graph/color.properties -p 2 | neato -Tgif -o fireworks.gif, and the results look just like the fireworks we hoped they would.
Happy 4th of July everyone!
Except you Storm a$$hat$. ;-)

del.icio.us | digg

Why I welcome the Hannigan Report

Thu, 03 Jul 2008 14:00:00 +0000

As an RSA 'Evangelist' with pan-EMEA responsibilities, I obviously take a special interest in what's happening in the information security world that pertains to this region. Last week saw the publication in the UK of the long-awaited Hannigan Report -- detailing the steps that UK Government departments have taken -- and are expected to take -- to mitigate recent data leakage events which have occurred, most notably in the instance of HMRC.

It's a cracking read and one I'd recommend to all insomniacs with an penchant for such topics, but I have to say, I'm actually pretty encouraged by what I read...

Expect iPhone, Fourth of July scams, security firm says

Thu, 03 Jul 2008 09:00:00 +0000

Next week's launch of Apple's new iPhone, coupled with the Fourth of July holiday in the U.S. on Friday, is likely to lead to more malware spam over the coming days.

Your 419 Mail Roundup

Wed, 02 Jul 2008 13:11:42 +0000

A handful of scam mails currently in circulation, including one mention of "groundnut oil" that seems so bizarre I had to highlight it in bold text. All this and more, after the jump...
Subject:
FROM THE DESK OF MR. STEVEN JAMES
From:
"Steven James"
Date:
Mon, 30 Jun 2008 19:17:03 +0100
BCC:

FROM THE DESK OF MR. STEVEN JAMES
CHAIRMAN INTERNATIONAL RELATION
FIRST BANK OF NIGERIA PLC
# 1 BANK ROAD WUSE FCT
ABUJA-NIGERIA.
PHONE: +234-80-66520277
Email: stevenjames809@live.co.uk

Very Urgent Attention,

Please permit me to introduce my humble self to you, my name is Mr. Steven James, I am the Manager of International Relation with First Bank of Nigeria Plc, I 'm 38yrs old, and I got your email address from a friend of mine, and my confidence reposed on you. I hope you read this message carefully and reply me immediately. Although we have not met before, but I suggest that this transaction will bring us together.

My dear, we had a customer, a foreigner but base here in Nigeria, his Name was Mr. Hamilton Creek. He is from Atlanta Georgia United State of America, but based here with his wife and his two children, Mr. Hamilton has being banking with us for the past 4yrs and some time in August 2002, Mr. Hamilton was on his way to his house, and unfortunately ran into a Trailer load of Groundnut Oil, and died   immediately, Their car got burnt, no single soul was saved, Mr. Hamilton Creek and His entire family was confirmed dead.

My Board of Directors and the Management of First Bank has mandated and instructed me to look for Mr. Hamilton Creek? Relation(s) and his Next of Kin to come and claim his fund, Since August 2003 till date, I have been looking for his relation's or his next of Kin to come and claim his fund which he Deposited with our bank, I have contacted his Embassy and after 3days, his Ambassador told me that Mr. Hamilton Creek has no relation and no next of Kin, their Ambassador told me that he used his first son as His next of kin, but it is quite unfortunate that Mr. Hamilton Creek Died with all his family members.

The reason why I contacted you is thus, Mr. Hamilton is dead, and his only son who supposed to inherit his properties and money also died with him. As at this moment, nobody or person[s] is coming to   claim this Money from our bank. The Board of Directors and management of our bank told me that if nobody or person[s] apply for the claim of Mr. Hamilton Fund, the bank will return the entire Fund into our Federal reserve. In the Light of the above, I want you to stand as the next of kin to Late Mr. Hamilton Creek; it might interest you to know that he had a Domiciliary Bank Account with our Bank and he has a total sum of US$9.2M Nine Million Two Hundred thousand Dollars, this is the exact amount which he had in his domiciliary account before the ugly incident occurred, and this money is still in his account as unclaimed money.

This transaction is very easy and simple, and it is 100% risk free, I'm the Manager for International Relations with First Bank of Nigeria Plc, and the Management and Board of Directors of the Bank are waiting for me to provide to them the Relation or next of Kin to late Mr. Hamilton Creek, of which I told them that I am still searching the next of kin to the deceased. Finally, if you are interested with this transaction, I will front you to the bank as the only next of kin to late Mr. Hamilton Creek, and I will let the bank know that you are the only right person to inherit Late Mr. Hamilton Funds and properties. If you are interested, just email me or call me on my   direct and private line#: +234-80-27536038 and late Mr. Hamilton's Funds will be credited into your account and all his Properties will be released to you either through Courier Services or the Bank will Cargo all his properties to you in any were you want it.

So reply me immediately and feel free to ask any question with regards to this transaction. You will take 50% of the US$9.2M. Which is? US$4.600, 000.00 Four Million Six Hundred Thousand Dollars, while the Balance of the same amount will be mine.

Your swift response will be highly appreciated.

Thanks and have a nice day.

Friendly Regards

Mr. Steven James

*******************************************************************************************

Subject:
REPRESENTATIVE NEEDED
From:
DFS SALES LTD UK
Date:
Tue, 01 Jul 2008 23:00:55 +0800
To:
undisclosed-recipients: ;

COMPLIMENT OF THE DAY TO YOU.

I am PETER WOODS from DFS SALES LTD UK.(
Website: www.dfs-online.co.uk ) Visit our site

We are into furnitures and we sell shares to people in
Canada,America, Australia and Europe.

We are in need of a book keeper. someone who can represent our company
in his/her country.

Our client in your location will contact you and make the company
payment to you.

You will be entitle to 11% of every payment been made out to you.

This is because most of our officer are from china and they do not

understand english very well.its hard for them to contact our
customers.

Our head office is located in CHINA. But we have a sub-office in the
uk.

If you are interested, Kindly send the entries for more understanding.

NAME IN FULL :.........
COMPANY NAME: .....
POSITION:......
FULL ADDRESS: .......
CITY/TOWN:........
STATE:............
ZIP CODE:........
COUNTRY:.......
MOBILE:.......
HOME TEL: .....
EMAIL ADDRESS: ........
OCCUPATION: ...........
BANK NAME :.......
AGE:............

You are to send the above details to

NAME : PETER WOODS.
EMAIL : dfs_woods@yahoo.co.uk
PHONE NUMBER : +44-704-575-0212

HOPE TO HEAR FROM YOU

*****************************************************************************************

To:
undisclosed-recipients:;

Good day!!!

We have been waiting for you since to contact me for your Confirmable Bank Draft of ?18 Million (Eighteen Million Pounds sterling) but we did not hear from you since for a couple of weeks now. Then we went to the bank to confirm if the draft that expired or getting near to expire and Metropolitan Police Uk told us that before the funds will get to your hand that it will expire.So I told him to cash the ?18 Million (Eighteen Million Pounds sterling) to cash payment to avoid losing this fund under expiration as I will be out of the country for a 6 Months Course.

What you have to do now is to contact FED EX COURIER SERVICES as soon as possible to know when they will deliver of your funds to you because of the expiring date. For your information we have paid for the delivering Charge Insurance premium. The only money you will send to the FED EX COURIER SERVICES to deliver your cheque direct to your postal Address in your country is ?250.00 being Security Keeping Fee of the Courier Company so far. Again don't be deceived by anybody to pay any other money except ?250.00 for the Security Keeping Fee.We would have paid that but they said no because they don't know when you will contact them and in case of demurrage. You have to contact FED EX COURIER SERVICES now for the delivery of your Draft with this
information below:

CONTROLLER: Mrs.Helen Williams
NAME: FED EX COURIER SERVICES
ADDRESS: fedexofficeuk@gmail.com
PHONE NUMBER: +447024080684

IF YOU ARE THE OWENER OF THE FUNDS AND YOU WILL SEND YOUR INFORMATION TO US SO THAT WE CAN DELIVERY YOUR FUNDS TO YOU WITHIN THE NEXT 84HRS TIME.IF YOU DO NOT RECEIVED YOUR FUNDS WITHIN THE NEXT 72HRS TIME AND YOU REPORT US THE UK FBI AND THE METROPOLITAN POLICE (SCOTLAND YARD) or YOU CONTACT YOUR LAWYER TO TAKE UP PROCEDURES AGAINST US.

Let me repeat again try to contact them as soon as you receive this mail to avoid any further delay and remember to pay them their Security keeping fee of ?250.00 for their immediate action. The FED EX COURIER SERVICES don't know the contents of the funds. This is to avoid them delaying with the funds.

Thanks as you contact them today.

Yours Faithfully

Mrs Helen Williams.

(The above actually comes with a nifty graphic that they've thrown in, thinking it makes it all look more legitimate. It doesn't, but here it is anyway):

....altogether now: oooooh. A slightly shorter 419 roundup than usual, but I'm sure I'll have piles of the things next week.

Security Briefing: July 2nd

Wed, 02 Jul 2008 09:20:43 +0000

Back in the saddle again. It’s a short week for both sides of the border here in North America. Happy post Canada Day to my brethren and a Happy (and approaching) July 4th to our cousins to the south.

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

2600 HOPE conference bringing hacking to New York City (and we’ll see you there) | CNET
FBI Investigating Major ATM Hacking Ring | Las Vegas Now
Study: Unpatched Web Browsers Prevalent on the Internet | PC World
Netherlands man arrested for hacking 50,000 credit cards | Security Pro Portal
Vint Cerf Says Government Needs To Encourage Internet Competition | Information Week
The Government’s Top Hackers? | Veracode
HSBC sites vulnerable to XSS flaws, could aid phishing attacks | ZDNet
HMRC goes cap-in-hand to Americans for help with fraud | The Independent

Tags: News, Daily Links, Security Blog, Information Security, Security News