This is a feel good story. It’s not about cyber crime but the internet undoubtedly helped to spread the word. The story involves one Col. Van T. Barfoot. He is a 90 year old retired Army Colonel who served in WWII, Korea and Vietnam. He is also one of a handful of living Medal of Honor winners from WWII. His resume speaks for itself. The above video and article provide the beginning and end of the story but I will give you a brief summary here. Everyday upon retiring from the military he has raised and lowered the American flag. Now, the homeowners association in the community he is living in told him that he had to have the flagpole removed or face legal action; this was on or around December 3rd 2009. They are saying the flagpole takes away from the aesthetic view of the community. On December 8th 2009, after receiving support from 2 senators and a whole slew of bloggers and even a Facebook following, the homeowners association realized their error and decided to let the flagpole fly the flag of the country they enjoy so many freedoms under. Another good thing that might come from this (The following statement is taken from the American Legion): Because of the controversy involving the 90-year-old Medal of Honor recipient, Rep. Howard P. “Buck” Mckeon (R-CA) and Republican Whip Eric Cantor (R-VA) introduced a resolution, H. Res. 952, allowing Congressional Medal of Honor recipients to properly display the United States flag on their property at all times. This is one of the things that democracy is founded on; the ability and freedom to say that you want to take down a structure that flies the American flag and than having the resulting pressure from the media that reports it change your mind.
We have seen how the internet can be used in so many ways. From financing the Bali bombings in 2002 to getting the word out about the above story, it can be used for harm and for good. As we become more technologically advanced more and more reliance will be placed on computers and other similar technologies in an attempt to make life “better” for the human race. This blog was focused on raising public awareness of the danger of cyber crime and also how they could do their part in combating it. The public plays a major role in how effective criminal actions on the net can be and any little diligence on their part to combat this growing threat benefits not only the rest of the world but themselves as well.
Twitter, the popular micro-blogging service, was hacked early Friday morning (December 18th 2009) by a group calling itself the “Iranian Cyber Army.”
Dec. 18: A screenshot of Twitter.com shows the site defaced by a group calling itself the ‘Iranian Cyber Army.’
Twitter, the popular micro-blogging service, was hacked early Friday morning by a group calling itself the “Iranian Cyber Army.”
Users hoping to find their latest tweets were instead greeted by a black screen with a green flag.
Above the flag, in Arabic, read: “Hezbollah is victorious.”
On the flag, in red Arabic writing: “Yassin” (an Arabic name written in bold) then in smaller Arabic print “the feast of peace.”
Below the flag was more written in Farsi.
In English, the hackers wrote: “This site has been hacked by Iranian Cyber Army. U.S.A think they controlling [sic] and managing internet by their access, but they don’t, we control and manage internet by our power so do not try to stimulation (sic) Iranian People To…..
Now Which Country is embargo list? Iran? Usa?
We push them in embargo list ; )
Take care.”
Israeli Prime Minister Benjamin Netanyahu last week was quoted by a senior official as saying, “Using the Internet and Twitter against the Iranian regime is something extraordinary that the U.S. can do.”
There is no evidence at this time that Iran or Hezbollah is behind the attack.
The 2002 Bali bombings were funded by cyber crime. This was over 7 years ago. Back in Nov 2008 $9 million USD was stolen in one single day. Just think of the type of attack that amount of funds could finance. The Internet has become a huge cash cow for terrorists. They use it, amongst other things, to finance operations, pay their fighters and raise funds from those sympathetic to their cause. They can do this through identity theft all the way down to people selling black market goods. You never know where your money is going when you buy that fake bag or suspect item of clothing. The article below discusses just how sophisticated terrorist and criminal cyber elements have become and how we are responding.
Internet Fraud Finances Terrorism
A Q&A with Tom Kellermann on how terrorists are using the Internet for money laundering, fundraising, and identify theft.
Terrorist groups and organized crime syndicates are resorting to cybercrime to finance their activities. iStockphoto
If your credit card number has been stolen recently, that may not be the work of a petty criminal. It could be a terrorist cell, according to cyber security consultant Tom Kellermann. Increasingly, Kellermann says, terrorist groups and organized crime syndicates are resorting to cyber crime to finance their activities. From 1999 to 2005, Kellermann was a member of the Treasury Security Team at the World Bank, where he advised central banks on monitoring illicit online activity. He’s currently vice president of security awareness at Core Security Technologies, in Boston. Robert N. Charette, IEEE Spectrum contributing editor, spoke with Kellermann in August.
SPECTRUM: Can you tell us how terrorists and others are using the Internet to coordinate activities, to learn, or to recruit?
KELLERMANN: Nonstate actors like al-Qaeda use the Internet as a means to acquire funds and lines of credit so they can support their physical initiatives. The most notorious al-Qaeda hacker and user of the Internet was Imam Samudra, the Bali bomber. He funded that attack, which cost more than [US] $150 000, by hacking American bank accounts and credit lines. In addition, he wrote a book on hacking, to teach his followers how to get the resources they needed. The traditional ”silk road” avenues of getting money weren’t working because of the squeeze by Western governments on money-laundering activities.
In the last five years it has been well documented that organized crime syndicates and nonstate actors alike have realized the importance of utilizing the Internet, particularly alternative payment outlets like E-gold, to move money outside the financial sector. They also have been using the Internet to create lines of credit through identity theft. What you’re seeing is the financing of terrorists and other nonstate actors through the use of cybercrime.
The underground economy is going through a real metamorphosis. There is a complete community now where you essentially can hire mercenaries to build code to attack a targeted system and to data mine that system for your own use.
These cyber criminals have moved away from using Internet relay chat rooms, because they are so heavily monitored. Now they’re using Skype and voice-over-IP chat rooms. They’ve also moved away from conducting widespread attacks, because those generate signatures and thus can be thwarted. So the attacks have become largely targeted at individual systems. Oftentimes they are attacking remote users so they can tunnel into their VPN [virtual private network], which can lead to the very bowels of the network.
Usually they work in crews. So you get one person who creates the exploit code, one person who launches the code, one person who mines the data, one person who launders the funds or sells what was found and, lastly, one person who organizes the group and reaps the benefits. These groups never really meet, they just interact on various chat rooms or through encrypted channels. They may come from different backgrounds and ideologies. They are merely trading in services.
Nonstate actors are actually watching us as we watch them. If they don’t have the technical capacity, they hire it in the various underground chat rooms. The malicious code being developed today is highly targeted. The Trojan horses of today are not keystroke loggers; they are session-based so they can defeat most of the multifactor authentication mechanisms that the various organizations are using. They’re using automated penetration testing tools, like Metasploit, or password-recovery programs, like Cain & Able, to break into systems.
They know it is far better to keep a system alive and suck any of the valuable information out of it than it is to take it down. This is a huge paradigm shift. The digital Pearl Harbor that Richard Clarke [the former White House counterterrorism advisor] referred to is a myth. The reality is that we have more of a cyber-Fallujah going on—a war of attrition where the sniping and the IEDs are virtual, and the nature of the attack is simplistic. The Robin Hood mentality exists: steal and take what you can or barter what you find so that you can support your efforts in the real world.
SPECTRUM: Sounds like a parasitic approach. How quickly do nonstate actors learn and react to countermeasures taken against them?
KELLERMANN: They react very quickly. They are more intelligent than we are, because we are not playing a real game of chess with them. What we are doing is being reactive.
The information sharing in the underground community is 10 times better than the information sharing by the domain name and various entities that control the networks of today.
Their tactics of attack are far more insidious and devious than our defenses. We are far too reliant on perimeter-based defenses and far too reliant on scanner-based technology and encryption. They know full well that they don’t need to break the firewalls anymore. Instead, they can ride the application that’s moving through the open port. They know full well they no longer need to defeat the encryption, because they can compromise the private key by compromising the client machine on either end. And they know full well that they shouldn’t be breaking into systems using malicious code that has their signature.
Once they’re inside the system, the first thing they do is egress as much information as possible, including the keys for authentication—the keys to the castle. Then they set up as many back doors as possible by setting up rootkits. As most people will tell you, once they have penetrated in that deep, you basically have to rebuild the system to get rid of them.
SPECTRUM: So what can people do to protect themselves?
KELLERMANN: Fundamentally we need to appreciate the sophistication, the organization, and the capabilities of our adversaries. The only way to do that, and most organizations don’t, is to scrimmage our defenses and to play those games like our adversaries do. We currently do not conduct penetration tests or perform risk assessments with the latest attack vectors, with the latest exploit codes, with the latest configuration-based or phased attacks that we see today.
We need to attack ourselves like they attack us so we can understand how we are weak and how we can develop better responses.
For more on how on how terrorist and insurgent groups are leveraging information technology to organize, recruit, and learn see Open-Source Warfare
This is an excellent article on how terrorists use the internet from the Council on Foreign Relations (http://www.cfr.org/publication/10005/). It gives a good basic understanding of the nuances of the web that terrorists look to exploit to not only raise funds but also reach a worldwide audience which can swell their ranks and also provide a voice for their cause for the world to hear. Since terrorists groups like Al-Qaeda have become more decentralized the use of the internet has allowed their beliefs to spread to people who begin to become sympathetic to their cause and can and have acted on their own. Its important to remember that many articles discussing online terrorists sometimes refer to people that are out for strictly financial gain. When we discuss online terrorists we are referring to hows terrorists groups use the Internet.
Terrorists and the Internet
Author: Eben Kaplan
Updated: January 8, 2009
Introduction
Terrorists increasingly are using the Internet as a means of communication both with each other and the rest of the world. By now, nearly everyone has seen at least some images from propaganda videos published on terrorist sites and rebroadcast on the world’s news networks. Western governments have intensified surveillance of such sites but their prosecution of site operators is hampered by concerns over civil liberties, the Internet’s inherent anonymity, and other factors.
How do terrorist organizations use the Internet?
The Internet is a powerful tool for terrorists, who use online message boards and chat rooms to share information, coordinate attacks, spread propaganda, raise funds, and recruit, experts say. According to Haifa University’s Gabriel Weimann, whose research on the subject is widely cited, the number of terrorist sites increased exponentially over the last decade–from less than 100 to more than 4,800 two years ago. The numbers can be somewhat misleading, however. In the case of al-Qaeda, hundreds of sister sites have been promulgated but only a handful are considered active, experts say. Nonetheless, analysts do see a clear proliferation trend.
Terrorist websites can serve as virtual training grounds, offering tutorials on building bombs, firing surface-to-air missiles, shooting at U.S. soldiers, and sneaking into Iraq from abroad. Terrorist sites also host messages and propaganda videos which help to raise morale and further the expansion of recruitment and fundraising networks. Al-Qaeda’s media arm, As-Sahab, is among the most visible. But an entire network of jihadist media outfits has sprung up in recent years, according to a March 2008 study by Daniel Kimmage of Radio Free Europe/Radio Liberty. “The ‘original’ al-Qaeda led by Osama bin Laden accounts for a mere fraction of jihadist media production,” Kimmage writes.
What constitutes a ‘terrorist website’?
Defining a terrorist website is as contentious as defining terrorism. Pentagon analysts testifying before Congress have said that they monitor some five thousand jihadi websites, though they closely watch a small number of these—less than one hundred—that are deemed the most hostile.
Terrorist sites include the official sites of designated terrorist organizations, as well as the sites of supporters, sympathizers, and fans, says Weimann. But when websites with no formal terrorist affiliation contain sympathetic sentiments to the political aims of a terrorist group, the definition becomes murky. Hoax sites can also prove a troublesome red herring for monitors of terrorist sites. For instance, in recent years a number of sites sympathetic to the Taliban have proliferated on the web. Frequent site outages, however, make it difficult to track their content and sentiment.
How effective is online terrorist propaganda?
Perhaps the most effective way in which terrorists use the Internet is the spread of propaganda. Abu Musab al-Zarqawi’s al-Qaeda cell in Iraq has proven particularly adept in its use of the web, garnering attention by posting footage of roadside bombings, the decapitation of American hostage Nick Berg, and kidnapped Egyptian and Algerian diplomats prior to their execution.
In Iraq, experts say terrorist propaganda videos are viewed by a large portion of society, not just those who sympathize with terrorists and insurgents. In addition to being posted online, the videos are said to be sold in Baghdad video shops, hidden behind the counter along with pornography. Evan Kohlmann, an expert in terrorists’ use of the Internet, points out that propaganda films are not exclusively made in the Middle East; groups from Bosnia, Afghanistan, and Chechnya have also produced videos. Nor are videos the only form of propaganda. Some jihadi websites have even offered video games in which users as young as seven can pretend to be holy warriors killing U.S. soldiers.
What advantages does the Internet offer terrorists?
“The greatest advantage [of the Internet] is stealth,” says John Arquilla, professor of defense analysis at the Naval Postgraduate School. “[Terrorists] swim in an ocean of bits and bytes.” Terrorists have developed sophisticated encryption tools and creative techniques that make the Internet an efficient and relatively secure means of correspondence. These include steganography, a technique used to hide messages in graphic files, and “dead dropping”: transmitting information through saved email drafts in an online email account accessible to anyone with the password.
The Internet also provides a global pool of potential recruits and donors. Online terrorist fundraising has become so commonplace that some organizations are able to accept donations via the popular online payment service PayPal.
Yet some terrorism experts say while the Internet has proven effective at spreading ideology, its use as a planning and tool operational tool is minimal. For instance, the terrorists who attacked Mumbai in November 2008 could never have carried out their strike if they hadn’t received actual training in a physical camp, says terrorism expert Peter Bergen. “We talk about the Internet being important for terrorism, which I think is ridiculous. The people who did the Mumbai attack didn’t sit around reading about how to do attacks on the Internet. They actually went to a training camp in Muzaffarabad for several months.”
What is cyberterrorism?
Cyberterrorism is typically defined as the use of the Internet as a vehicle through which to launch an attack. Terrorists could conceivably hack into electrical grids and security systems, or perhaps distribute a powerful computer virus. “Al-Qaeda operatives are known to have taken training in hacking techniques,” Arquilla says, but the likelihood of such a cyber attack seems fairly remote. That said, Western governments have accused state and nonstate actors of infiltrating secure networks, including an alleged breach of a Pentagon system by Chinese hackers in June 2007.
Kohlmann suggests the established definition of cyberterrorism needs to be broadened. He says any application of terrorism on the Internet should be considered cyberterrorism. “There’s no distinction between the online [terrorist] community and the real [terrorist] community.” As evidence, Kohlmann recounts one extreme instance in which the Iraqi insurgent group Army of the Victorious Sect held a contest to help design the group’s new website. According to Kohlmann, the prize for the winning designer was the opportunity to, with the click of a mouse, remotely fire three rockets at a U.S. military base in Iraq.
Are there any prominent online terrorists?
Among the most infamous figures to emerge from the world of online terrorism in recent years is “Irhaby 007″ (“Terrorist 007″). As a SITE Institute profile explains, Irhaby 007 was celebrated by other online terrorists for his hacking prowess and his ability to securely distribute information. With his assistance, terrorist organizations around the globe were able to expand the reach of their message. Irhaby 007 passed this knowledge along to other online jihadis through web postings such as his “Seminar for Hacking Websites,” creating a network of technology-savvy terrorist disciples. In October 2005, Scotland Yard officers in West London arrested 22-year-old Younis Tsouli, whom they later identified as Irhaby 007. Tsouli is awaiting trial on charges that include conspiracy to murder and terrorist fundraising.
Another prominent online terrorist is Abu Maysarah al-Iraqi, who has served as the media representative for al-Qaeda in Iraq leader Zarqawi. Al-Iraqi goes online to claim responsibility for acts of terrorism, post propaganda videos, and issue statements on behalf of Zarqawi, though experts say it is unclear whether al-Iraqi is just one person or several using the same name. Al-Iraqi’s current whereabouts are unclear; a March 2007 report from the Iraqi news agency Quds Press, translated by the BBC, indicated that the al-Qaeda spokesman had been released from a Mosul prison.
In November 2008, Ali Hamza Ahmad Suleiman al-Bahlul, al-Qaeda’s digital media director, was convicted by a U.S. military tribunal. He is serving a life sentence at Guantanamo Bay.
How do governments respond to terrorists’ online activities?
There is some debate within the counterterrorism community about how to combat terrorist sites. “The knee-jerk reaction is if you see a terrorist site you shut it down,” Kohlmann says, but doing so can cause investigators to miss out on a wealth of valuable information. “You can see who’s posting what and who’s paying for it,” says Michael Kern, formerly a senior analyst at the SITE Institute, a Washington-based terrorist-tracking group. For instance, German officials monitoring online chatter issued early warnings prior to the Madrid train bombings in March 2004.
Shutting down a terrorist website is just a temporary disruption. To truly stop a terrorist site, experts say, the webmaster must be stopped. The ability of the U.S. National Security Agency to monitor such individuals inside the United States has been the subject of a heated political and legal debate. The United States has tried to prosecute webmasters who run terrorist websites in the West, but has run into opposition from advocates of free speech. “Sites that tell the terrorist side of the story go right up to the brink of civil liberties,” Arquilla says. Sami Omar al-Hussayen, a Saudi Arabian graduate student at the University of Idaho, was charged by U.S. officials with supporting terrorism because he served as a webmaster for several Islamic groups whose sites linked to organizations praising terrorist attacks in Chechnya and Israel. Al-Hussayen was acquitted of all terrorism charges by a federal court in June 2004 under the First Amendment. Two months later, Babar Ahmad, a 31-year-old, British-born son of Pakistani immigrants, was arrested in London under a U.S. warrant.
Another approach officials have taken is to create phony terrorist websites. These can spread disinformation, such as instructions for building a bomb that will explode prematurely and kill its maker or false intelligence about the location of U.S. forces in Iraq, intended to lead terrorist fighters into a trap. This tactic must be used sparingly, says Kohlmann, or else officials risk “poisoning a golden pot [of information]” about how terrorists operate.
Phising is one of the most common forms of identity theft. It can manifest itself in the form of emails and their attachments, bogus links, pop up screens and also by phone. The list of recommendations that I attached from fraud.org are simple and what will likely seem too many as common sense. However, the number of novice computer users continues to grow as more and more people begin using computers as our reliance on technology grows exponentially. By simply following the recommendations listed below identity theft will not cease to exist but criminals that rely on phising to fund their activities will undoubtedly feel the effects. Basically, if you’re unaware where the email, link or any other medium that is requesting your personal information originated from and cannot 100% verify the source just don’t enter any personal information. I believe that it is a simple, yet effective, rule to follow.
Watch out for “phishy” emails. The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to “confirm” your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts.
Don’t click on links within emails that ask for your personal information. Fraudsters use these links to lure people to phony Web sites that looks just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
Beware of “pharming.” In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you’re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
Never enter your personal information in a pop-up screen. Sometimes a phisher will direct you to a real company’s, organization’s, or agency’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.onguardonline.gov and www.staysafeonline.org to learn more about how to keep your computer secure.
Only open email attachments if you’re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
Know that phishing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.
If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Get the main number from the phone book, the Internet, or directory assistance, then call to find out if the person is legitimate.
Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.
Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.
Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338, TDD 202-326-2502.
Report phishing, whether you’re a victim or not. Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through NCL’s Fraud Center, www.fraud.org. The information you provide helps to stop identity theft.
This article discusses the effects of one of the most common forms of identity theft; phishing. A good one sentence definition of phishing is that it’s unsolicited requests for personal information (http://onecare.live.com/site/en-Us/article/phishing_what.htm). Operation Phish Phry is another example of international cyber crime involving 50 individuals in the US and 50 from Egypt which netted about $1.5 million. With cooperation from various US law enforcement offices along with Egyptian elements perpetrators of the fraud were charged with various crimes including aggravated identify theft. These last two postings are example of two of the biggest cyber crime related incidents that the US has been involved in to date.
Major Cyber Fraud Takedown 10/07/09
Nearly 100 people were charged today in the U.S. and Egypt as part of Operation Phish Phry, one the largest cyber fraud phishing cases to date. It’s the latest action in what Director Robert Mueller described in a major address today as a “cyber arms race,” where law enforcement and criminals compete to stay one step ahead of each other on the ever-expanding virtual frontier.
Cyber thieves “phish” for personal information such as usernames, passwords, and financial account details by tricking users into thinking their sensitive information is being given to trusted websites when, in fact, the sites are traps.
The defendants in Operation Phish Phry targeted U.S. banks and victimized hundreds and possibly thousands of account holders by stealing their financial information and using it to transfer about $1.5 million to bogus accounts they controlled. More than 50 individuals in California, Nevada, and North Carolina, and nearly 50 Egyptian citizens have been charged with crimes including computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft.
During the two-year investigation led by our Los Angeles office, we worked closely with the Secret Service, the Electronics Crimes Task Force in Los Angeles, state and local law enforcement, and our Egyptian counterparts—the first joint cyber investigation between Egypt and the United States. Such a cooperative effort illustrates “the power of our global partnerships,” Mueller said during his speech in San Francisco to address the criminal cyber threat and what we’re doing to combat it.
While Phish Phry defendants were being rounded up, Mueller told his audience, “The FBI is both a law enforcement and national security agency, which means we can and must address every angle of a cyber case. This is critical, because what may start as a criminal investigation may lead to a national security threat. … At the start of a cyber investigation, we do not know whether we are dealing with a spy, a company insider, or an organized criminal group.” In the case of Operation Phish Phry, money appears to be the driving motive. But as Mueller pointed out, “Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation.”
Mueller’s remarks came during National Cybersecurity Awareness Month, an annual event sponsored by the Department of Homeland Security to help educate the public on the shared responsibility of protecting cyberspace.
“Cyber crime might not seem real until it hits you,” Mueller said. “But every personal, academic, corporate, and government network plays a role in national security.” To help battle the cyber threat, the Bureau relies on strong partnerships—with law enforcement and intelligence communities worldwide, and with universities, corporations, small businesses, and citizens.
Within the government, we have established the National Cyber Investigative Joint Task Force, which brings together law enforcement, intelligence, and defense agencies to focus on high-priority cyber threats. Within the private sector we run InfraGard, where we exchange information with 32,000 partners from private industry.
But even with all our partnerships, Mueller added, “we are still outnumbered by cyber criminals.” Which is why it’s so important for people to do their fair share. That means protecting your home computer with firewalls, anti-virus software, and strong passwords.
“We all have a responsibility to protect the infrastructure that protects the world,” Mueller said.
This article ties in with the posting that discusses globalization. It is an excellent example of the global reach and sophistication of skilled everyday computer users and the damage that they could enact.
HIGH-TECH HEIST
2,100 ATMs Worldwide Hit at Once 11/16/09
It was a highly sophisticated and cleverly orchestrated crime plot. And one unlike any we’ve (the FBI) ever seen before.
It culminated a year ago this month—on November 8, 2008—when a wave of thieves fanned out across the globe nearly simultaneously. With cloned or stolen debit cards in hand—and the PINs to go with them—they hit more than 2,100 money machines in at least 280 cities on three continents, in such countries as the U.S., Canada, Italy, Hong Kong, Japan, Estonia, Russia, and the Ukraine.
When it was all over—incredibly within 12 hours—the thieves walked off with a total of more than $9 million in cash. And that figure would’ve been more, had the targeted ATMs not been drained of all their money.
The alleged masterminds of this slick scheme—prosecutors charged earlier this month following an extensive FBI investigation assisted by other federal agencies and our partners around the globe—were three 20-something Eastern Europeans and an unnamed person called simply “Hacker 3.”
Working together, the four hackers cooked up “perhaps the most sophisticated and organized computer fraud attack ever conducted,” according to Acting U.S. Attorney Sally Quillian Yates of the Northern District of Georgia.
It started when a 28-year-old Moldovan man learned of a vulnerability in the computer network of a major credit card processing company based in Atlanta. With an eye toward exploiting it, he passed that information to a hacker living in Estonia.
The Estonian conducted “reconnaissance” on the network vulnerability and shared what he learned with a hacker in Russia.
With the help of the three other hackers at varying times, the Russian busted into the electronic network, reverse-engineered the PIN codes from the encrypted system, and raised the limits on the amount of money that could be withdrawn from the prepaid payroll debit cards. (These cards, used by many companies, enable employees to withdrawal their salaries from an ATM.)
In addition to providing computer support, Hacker 3 managed the network of thieves around the world—called “cashers”—who used a total of 44 counterfeit cards to withdrawal the $9 million. The Estonian also managed his own cashing group.
As the cashers went to work, the Russian took the lead in monitoring the victim company’s database to track the illegal withdrawals. With the Estonian, he later deleted or tried to delete files on the computer network to cover their tracks.
When the ATM thefts were complete, Hacker 3—with the help of the Estonian—gathered and divvied up the proceeds. The cashers got to keep 30 to 50 percent of the money they stole; the rest went to the four hackers.
Fortunately, the company reported the breach immediately, and quickly got to work. Our ensuing case was made with a great deal of international cooperation and even led to joint investigations overseas. Suspected cashers, for example, have also been identified and arrested in Estonia and Hong Kong.
The case is a testament to both the globalized nature of crime in today’s world and the international reach of the FBI, which depends more and more on a network of 61 overseas offices worldwide to protect the U.S. from a range of national security and criminal threats.
Identity theft is defined as the process of using someone else’s personal information for your own personal gain. The Javelin Strategy & Research Center has been studying identity theft closely since 2004. Each year, they release their findings. Their 2009 study reveals that:
Victims are spending less money out of pocket to correct the damage from ID theft. The mean cost per victim is $500, and most victims pay nothing due to zero-liability fraud protection programs offered by their financial institutions.
71% of fraud happens within a week of stealing a victim’s personal data.
Low-tech methods for stealing personal information are still the most popular for identity thieves. Stolen wallets and physical documents accounted for 43% of all identity theft, while online methods accounted for only 11%.
Types of Identity Theft
ID theft can happen to anyone, and it can come in all shapes and sizes. For example, your credit card digits could be stolen and used to make online purchases; a thief could impersonate you to open up a loan in your name; a felon could commit a crime and pretend to be you when caught; or someone could use your personal information to apply for a job.
Here’s a brief overview and description of each type of identity theft, based on Federal Trade Commission complaint data:
Credit Card fraud (26%): Credit card fraud can occur when someone acquires your credit card number and uses it to make a purchase.
Utilities fraud (18%): Utilities are opened using the name of a child or someone who does not live at the residence. Parents desperate for water, gas, and electricity will use their child’s clean credit report to be approved for utilities.
Bank fraud (17%): There are many forms of bank fraud, including check theft, changing the amount on a check, and ATM pass code theft.
Employment fraud (12%): Employment fraud occurs when someone without a valid Social Security number borrows someone else’s to obtain a job.
Loan fraud (5%): Loan fraud occurs when someone applies for a loan in your name. This can occur even if the Social Security number does not match the name exactly.
Government fraud (9%): This type of fraud includes tax, Social Security, and driver license fraud.
A Brief History taken from the United States Department of Justice Website.
In one notorious case of identity theft, the criminal, a convicted felon, not only incurred more than $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and handguns in the victim’s name, but called his victim to taunt him — saying that he could continue to pose as the victim for as long as he wanted because identity theft was not a federal crime at that time — before filing for bankruptcy, also in the victim’s name. While the victim and his wife spent more than four years and more than $15,000 of their own money to restore their credit and reputation, the criminal served a brief sentence for making a false statement to procure a firearm, but made no restitution to his victim for any of the harm he had caused. This case, and others like it, prompted Congress in 1998 to create a new federal offense of identity theft.
You can see from the above excerpt that I’ve used from the DOJ the severity of Identity Theft and the damage that it can cause; and that was circa 1998!! It was not a federal crime back then but became one in 1998 due to the increasing number of incidents. The number of people experiencing Identity theft has risen dramatically in recent years. In 2000 the number of reported cases was 31,000 while in 2008 that number spiked to over 313,000. One of the main reasons for this is the spread of the internet not only in the US but throughout the world. The term Globalization is often used to describe this spread of technology. It enhances not only communication but also allows such a thing as small businesses to able to have a much broader clientele base.
Credit has become a much more frequently used form of currency than in the past. For most purchases one can rely solely on a credit card or other form of electronic identification. What this exposes is the risk of having your personal information acquired by people that can utilize it to commit any number of crimes. One popular method of acquiring such information is the use of Phishing. Phishing is a “scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims”. It seems though, that regardless of the potential risk, people still answer emails and use their personal information to respond to inquiries sent from unreliable sources. Phishing is popular due to the increased use of the internet as we have mentioned. A little more awareness on where the email originated, why your information is needed and how secure the senders website is can go a long way in defeating something that has experienced a 22% increase from 2007-2008 and only expects to get worse based on our inevitably increased reliance on technology to make things easier on ourselves.
This map shows the location and intensity of precipitation in your area. The color of the precipitation corresponds to the rate at which it is falling. This map is updated every 15 minutes.
The Drudge Report
The site consists mainly of links to stories from the United States and international mainstream media about politics, entertainment, and current events as well as links to many columnists.
0
It’s been two months since we launched Netvibes Premium, our powerful analytics solution for brand managers and social media professionals, and we’re constantly listening to our users remarks and suggestions to make it an even better product. This week we’ll launch new features and improvements for both our Premium and Basic dashboards. Soc […]
Every month with Netvibes Insights we take a look at what’s really on with today’s top brands: a free live breakdown analysis to showcase our Netvibes Premium powerful analytics tools. This month, we’ll put Kraft Foods, the American confectionery, food and beverage conglomerate, under the microscope. A Social Snack Stragegy Analysts call Kr […]
Like last year we’ll be covering the annual CES (Consumer Electronics Show) through one of our now famous Live Dashboards. The CES is one of the biggest gathering about technology and this year, it will take place between the 10th and 13th of January in Las Vegas. To make sure you won’t miss a thing, Netvibes is setting up a new Live Dashboard dedicate […]
This holiday season, we wanted to thank all of our users around the world for making Netvibes and Netvibes Premium such a wonderful success. What better way than by celebrating with a cool new Essential App: Google Analytics for Netvibes! It’s a great way to track your blog or site traffic and visitor metrics – right from your Netvibes dashboard. You can eve […]
It’s a girl! We’re all very happy to welcome little Albane to the Netvibes family. She was born a couple of days ago and is in perfect health, ready to take on the world. Our warmest congratulations to Baptiste from our EMEA Sales Team and, of course, to Albane’s mother. Best of luck in life, Albane! Related posts: Netvibes welcomes a new m […]
No doubt that by now, you know all about our Live Dashboards, a practical use of our Netvibes Premium Dashboards to cover an event and gather all relevant information in one single place. We did it again last week for LeWeb 11 and now it’s time to look behind the curtain and see what we can learn from the analytics we collected. The reason we decided t […]
LeWeb 11 may be over but our Live Dashboard is still very much alive, offering unique insights and analytics about the event, using our very own Netvibes Premium Dashboard. Check it out at: http://leweb11.netvibesbusiness.com/#Analytics Related posts: Netvibes Live Dashboard: LeWeb 2010 LeWeb 11 Deconstructed (Opening) Netvibes Live Dashboard: LeWeb 2010
A few weeks ago, Netvibes launched Insights, a new series of webinars where you can see all the Netvibes Premium features in action, as we perform a live breakdown analysis of a new brand each month. If you didn’t sign up for the last one, here’s what we have cooking for the next one. And remember: it’s free! Groupon IPO Deconstructed For our next session, w […]
To ensure an ever better service, we’re gonna need to patch our databases and do some maintenance work on our servers. And to do so, we’re gonna have to shut down Netvibes. Don’t worry though: the downtime will happen this Saturday, early morning, at 2:00am CET and shouldn’t exceed a couple of hours. Thanks for your understanding. Related p […]
Once again, like we did last year, we will offer extensive coverage of LeWeb 2011:SOLOMO (SOcial-LOcal-MObile) through a dedicated Live Dashboard, to gather all the relevant info you need in one single place. Head right now to leweb11.netvibesbusiness.com/ and take advantage of all the comprehensive information we’ve gathered for you on the conference, inclu […]
Terrorist groups and organized crime syndicates are resorting to cybercrime to finance their activities.
