If you’re a security pro, then you might think the most likely victims of identity fraud are those with the most poorly protected systems and the least knowledge of computer security. Identity thieves are drawn to the easiest targets, right?

Wrong, according to a study issued today by Experian, a company that does both identity fraud protection services and marketing demographics services. In fact, the most likely victims of identity fraud are those with the most money, the study says.

The study — which was created using Experian’s unlikely combination of identity fraud incidence statistics with basic consumer demographics — indicates that identity thieves are successfully targeting the wealthy and affluent, regardless of the systems and software they use.

According to Experian, consumers in the “Affluent Suburbia” category — the wealthiest of the company’s 12 demographic categories — are 43 percent more likely to fall victim to identity fraud as the average credit applicant. Experian describes Affluent Suburbia as “the wealthiest households in the U.S., living in exclusive suburban neighborhoods and enjoying the best everything has to offer.”

Individuals in the “Upscale America” category are 22 percent more likely to fall prey to identity fraud than the average credit applicant, Experian says. Upscale America is defined as “college-educated couples and families living in metropolitan sprawl, earning upscale incomes that provide them with large homes and very comfortable, active lifestyles.”

The study offers a different perspective on identity fraud than more technical studies, which suggest the most likely victims of identity fraud are those who don’t deploy security software or are ignorant of best practices.

In its study, Experian found the median income of identity fraud victims is 11 percent higher than the average credit applicant. The percentage of victims who own luxury vehicles is 26 percent higher, and the percentage of homeowners is 23 percent higher.

The Experian study suggests that identity thieves and fraudsters could be targeting victims by their neighborhoods, rather than by their computer systems or defenses.

For example, the study found that the percentage of victims found in metropolitan communities and other high-population areas is significantly higher than areas where the population is less than 20,000. In fact, consumers who live in rural areas with a population of 2,500 or less were 60 percent less likely to fall victim to identity fraud than the average consumer.

Attackers may also target users by their hobbies and interests, the study suggests. Consumers who displayed an interest in traditionally affluent avocations were much more likely to fall prey to identity thieves, the study says.

For example, users who displayed an interest in tennis were 85 percent more likely to have been victims of identity fraud than users who didn’t, Experian says. Consumers who were interested in foreign travel were 70 percent more likely to be victims. Interests in cultural arts (52 percent) and skiing (50 percent) also set victims apart from nonvictims.

Experian has not yet posted the study for general viewing on the Web, but the company plans to make it available at a future date, a spokeswoman said.

SOURCE: http://darkreading.com/securityservices/security/privacy/showArticle.jhtml?articleID=222600185

Password cracking of iPhone backups has become a point-and-click exercise thanks to software unveiled Thursday by a computer forensics tools provider.

The Elcomsoft iPhone Password Breaker, which was released for free into beta, recovers passwords for iPhones and iPod Touches by trying thousands of phrases per second. It performs wordlist-based attacks only, but the final version will allow dictionary attacks that can be customized.

Apple’s iTunes application allows users to make iPhone and iPod Touch backups that store a wealth of potentially sensitive information, including call logs, address books, SMS archives, calendars, pictures and voice mail. Brought to you by the same company that offers password crackers for wireless networks, Quicken files and many other applications, the iPhone Password Breaker doesn’t require the use of iTunes.

It makes use of multi-core processors, extended CPU instructions and will run faster on certain types of graphics cards.

After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand.

According to researchers at CA Security’s malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim.

“As soon as the application is loaded, this malicious software starts to send premium text messages,” CA warned on Tuesday. “The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent.”

Malware that automatically dials pricey premium numbers was all the rage a decade ago, when dial-up internet services required computers to connect to a phone line. With the growth of broadband connections the frequency of dialers waned.

The explosion of smart phone that can run software made by anyone has given malicious dialers a new lease on life. And as was the case in the days of yore, they mostly tap into porn services.

SOURCE: http://www.theregister.co.uk/2010/01/13/trojan_dialer_comeback/

The plot thickens. According to iDefense Labs, the recent Internet attack that  has so upset Google  affected 33 other US tech and defence firms and is directly related to an Adobe Reader-based attack of last July.

The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.

“Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof,” said the iDefense press statement, confirming what the world already knows.

It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, as a statement on its own website explains.

“Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

The note goes on to say that in Adobe’s case, the attack was not successful in stealing any data.

More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July’s attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.

“Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July,” says iDefense.

In fact, it is also possible that exploits go back further since the flaws used in last summer’s attack pre-date the known attack by some months.

Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.

SOURCE: http://news.techworld.com/security/3210137/google-hack-hit-33-other-companies/

Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system.

The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18, according to a release (PDF) issued Monday. It was discovered on December 24 during an internal security review. In all, credentials 8,378 online accounts were pilfered, a number that represents less than 10 percent of SCNB’s total

“Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server,” the bank, located about an hour east of New York City, stated. “To date, SCNB has found no evidence of any unauthorized access to online banking accounts, nor received any reports of unusual activity or reports of financial loss to its customers.”

The breach represents a variation on more traditional types of attacks on online banking. Cyber crooks typically target customers by surreptitiously planting malware on their computers that log their user name and password. The FBI estimates that online banking losses to small and medium-sized businesses alone have reached $100m.

By contrast, accessing a server that storing online credentials for tens of thousands of customers isn’t the kind of intrusion one hears about every day. Best security practices are clear that passwords should never be stored on servers unless they are encrypted.

The bank began notifying affected customers on Monday evening using first-class mail. The two-week delay “was necessary for making a lot of arrangements so we could come out with an absolutely conclusive statement about what happened,” said Douglas Ian Shaw, the bank’s corporate secretary. Retail customers whose details were lifted will be given two years worth of credit monitoring services at SCNB’s expense.

In the fourth quarter, the bank budgeted $351,000, or about 4 cents per share, to account for expenses related to the intrusion. Additional expenses may be incurred.

Many internet users are at risk of having their personal details stolen and thousands of pounds plundered from their online bank accounts as internet fraudsters increasingly target unsecured wireless networks, security experts warn.

Research by moneysupermarket.com indicates that one wireless customer in five has not, or does not know whether he or she has, protected the network with a password. A quarter of wireless users do not even realise that strangers can log on to an unsecured network.

Last month the internet provider TalkTalk estimated that seven million home wireless connections are left open to hijackers. Stealing a wireless connection — “piggybacking” or “leeching” — is not a new problem. But moneysupermarket.com’s research estimates that four million Britons have accessed the internet on a neighbour’s wireless connection without his or her knowledge.

Tom Beale, a digital security expert at Vigilante Bespoke, believes the problem is growing. He says: “As it becomes more of the norm to get wireless at home, or wireless-enabled mobiles such as the iPhone, there is a greater number of people regularly using wireless technology without fully understanding the importance of securing a network.
“Many consumers trust their internet service provider to configure their router and ensure that it is safe, but help desks often give bad advice. Default security settings on routers are not always good enough, either. Consumers should have WPA2 (wi-fi protected access), the highest level of security that wireless routers support. Some routers come with WEP, which can be cracked by a schoolboy in seconds.”

WEP, or wired equivalent privacy, was replaced with WAP2 in 2004 after serious weaknesses were found in it by researchers, but some wireless equipment has not been updated.

James Parker, broadband expert at moneysupermarket.com, says the consequences of having your wireless hijacked can be severe: “It’s bad enough that your neighbours can use your internet connection freely, but this becomes far more threatening if someone uses your connection for criminal or improper activity. This could be accessing your internet connection to download obscene material, gathering personal information to defraud you or stealing your identity.”

When improper activities are carried out through your wireless router, they are traceable only to your home address. This may mean that you are subject to a fine or cut off by your internet provider for going over a download limit; prosecuted for illegally downloading music, films or more unsavoury material; or, as one Times reader discovered the hard way, unable to prove that you have had your details stolen.

Michael Black, 21, had his laptop stolen from outside his block of flats in Reading. Several days later the thief accessed his wireless connection on the laptop. The thief managed to access Mr Black’s internet banking and transferred £14,000 from his Nationwide savings account to his current account, then to a gambling website.

Mr Black says: “I reported the fraud to Nationwide immediately, but was told that, because someone gained access to my internet banking, I must have written down my security details or told them to someone. This is simply not the case; I have always kept them secret and safe.

“Unfortunately, as the thief has used my personal details to log on to my bank on my laptop through my wireless, there is no way I can prove it wasn’t me. The police say it is impossible to find the perpetrator; Nationwide do not seem to see the seriousness of this issue and are refusing to refund me.”

Although the thief could have been a neighbour, it is also possible that he or she could have accessed the wireless some distance away from the flat.

An attacker who accesses your wireless network can monitor all internet traffic through your router — potentially snooping on every website that you visit, e-mail that you send or user name and password that you type. By monitoring internet activity and a wireless user’s web browser and internet history, it is easy for a cybercriminal to collect personal information about the user: from answers to security questions to credit card numbers, passport numbers or payroll details. Hackers can even watch users book flights or hotels online, recording when a wireless user is likely to have an empty house.

It is more difficult to access internet-banking passwords by monitoring internet usage, as banks have a higher level of encryption than regular websites. However, hackers have developed techniques to bypass even the most secure sites. David Whitelegg, an IT security expert who writes a regular blog to help consumers to avoid digital fraud, explains: “By attacking a wireless router from inside a wi-fi network, hackers can redirect the wireless user invisibly to fake websites.

“It is possible to monitor which bank website you use, then adjust the domain name on the wi-fi router, so the next time the user visits his or her bank website the computer sends them to a fake bank site, which has the correct URL in the address bar. In doing this, the bad guys could harvest your bank account website log-on credentials without your knowledge.”

Fraudsters who steal bank account details in this way often build up a knowledge profile of their target too, then sell these details on an online black market. Mr Whitelegg says: “I have seen cyber-fraudsters selling complete profiles of UK individuals, along with their online bank account user name and password — including one that stated the victim’s pet’s name.”

Case study: ‘You don’t know who is watching online’

Keen to see how easy it is to snoop on someone else’s internet activity, I agree to meet the “ethical hackers” Oliver Crofton and Tom Beale in a coffee shop in the City of London.

The pair, who work for Vigilante Bespoke, a digital security company, have brought a Samsung Netbook, a £250 laptop from PC World.

Mr Beale, who has made some minor technical alterations to the machine, begins by scanning the area for wireless connections. About 40 networks pop up on his screen, including the public wi-fi in the coffee shop. Next to each network we can see its level of security. Many are not protected by a password, many more have WEP security, which he could bypass.

Some of the unprotected networks are BT Business wireless being used in offices near by; if they were not so ethical, the pair could read all the employees’ e-mails. We can also see ten devices being used in the coffee shop, including my iPhone. With my permission they access it, and as I type in hsbc.com on the phone’s internet, hsbc.com appears on their computer screen.

Mr Crofton says: “You wouldn’t have a conversation about your finances with your bank manager in the middle of Sainsbury’s so don’t carry out private activity over public wireless. You don’t know who is listening online.”

Ten easy ways to thwart the online snoopers

Ensure that your router has WPA2 security, the highest level available. It may only have WEP, which is known to be hackable in seconds.

Your security settings should be written in the router manual; if not contact your router or internet provider.

When buying a new router always check that it is WPA2 configured.

High-level network security is all but useless if you have a wireless password that can be guessed easily, such as your name, date of birth or any dictionary word. Use a complex password that includes special characters such as symbols. For example, Cocacola could become C0c4c@la.

Never write your password down or keep it on your computer. If you are likely to forget it write a prompt instead such as “first line of my favourite song”.

Try to change your password every few months; change it immediately if your computer is stolen.

Don’t rename your wireless network something that can be traced back to you or your address.

Avoid wireless when checking internet banking or personal information — plug your computer directly into your router instead.

Encryption software, which jumbles up personal data, can be bought online.

Vigilante Bespoke recommends PGP wholedisk software, or TrueCrypt, which can be downloaded free.

SOURCE: http://www.timesonline.co.uk/tol/money/consumer_affairs/article6944666.ece

A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring.

US District Judge Michael J. Davis said he was meting out the penalty under his “inherent power,” meaning no one in the court case had filed a motion requesting he do so. In an order issued late last month, he said the move was designed to prevent attorney Vincent J. Moccio from repeating the carelessness again.

“The court is deeply concerned with the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents,” he wrote. “Although electronic filing significantly improves the efficiency and accessibility of our court system, it also elevates the likelihood of identity theft and damage to personal privacy when lawyers fail to follow federal and local rules.”

Davis ordered Moccio to send the individuals a letter informing them that their private information had been made public and that unless they objected within seven days, they would automatically begin receiving a year’s worth of credit monitoring services fee of charge. He also ordered the attorney to pay $5,000 to a Saint Paul, Minnesota, food bank.

SOURCE: http://www.theregister.co.uk/2009/11/05/judge_sanctions_attorney/

Journalists and private investigators who illegally obtain and trade in personal information will face jail sentences under planned changes to the Data Protection Act.
Ministers want to replace the current maximum sentence of an unlimited fine next April with a spell of up to two years inside.

(more…)

Peruvian hackers have reacted to the country’s dramatic defeat to Argentina on Saturday by defacing the site of Argentinian manager Diego Maradona and dubbing him a cry-baby.

(more…)

Thousands of Hotmail passwords have been hacked and posted online.

Microsoft, which owns the popular web-based e-mail system, said that it was aware of the claims and that it was “investigating the situation”.

http://news.bbc.co.uk/1/hi/technology/8291268.stm

It’s a quiet Saturday afternoon at a plush apartment block in West London. “Pizza,” announces the delivery boy, standing in front of the building’s ground-floor reception desk. He is at the luxurious entry point to the home of the chief executive of a large multinational, and security is – or should be – watertight. The large, heavily-set man working on the front desk checks down the list of deliveries set in front of him. The fast food order doesn’t seem to be on there.

“Nah, I arranged it with Alice. That’s his assistant,” the pizza boy explains, and after the quickest of wrangles, he is ushered inside. And so, several secrets belonging to a FTSE 100 company are on their way to being compromised. That’s because the delivery boy is an ethical hacker who has gone undercover to expose the everyday security flaws that can cost businesses millions. This residential adventure is all in a day’s work for the security firm Vigilante Bespoke. Its mission is this: to stop the hacking activity that has moved away from offices and into the domestic desktop set-ups of celebrities and successful businessmen.

One example that shook the financial world took place in 2004, when the Japanese bank Sumitomo was the target of a cyber-heist where criminals “bugged” computers in the bank’s London offices with keystroke recorders hoping to unearth high-level passwords to illegally transfer money. The plot was rumbled but it has been a wake-up call to businesses who thought their systems were safe.

Vigilante is just one of the raft of companies that have expanded or sprung up to offer the likes of password protection, file encryption, and “social engineering” (uncovering physical security weaknesses by, er, posing as pizza delivery boys). Us ordinary folk can learn something from them, too.

“The basic premise of our business is to replicate the kind of IT protection you get in the military or big corporations, and provide a service to the high-profile, high-network individuals who are more at target from attacks but don’t have an IT department to protect them,” explains Vigilante co-founder Oliver Crofton. “So, if I’m a celebrity, I’m an entity in my own right, I may be worth millions of pounds.”

Because it’s not just companies that run the risk of cyber crime. More than ever, our information is “compromised”, whether it be through our Twitter feeds or our mobile phone voicemail accounts. It also seems like open season for the famous right now. Whether it’s the mobile phones of Gwyneth Paltrow, George Michael and Alan Shearer or the Twitter accounts of Lily Allen, Alan Davies and Ashton Kutcher, almost no one is safe. Nicolas Sarkozy’s bank account has been cracked, as have the email accounts of Miley Cyrus and Salma Hayek. And any of the methods employed to hack into their databases can be used on ordinary folk (who if anything, are likely to be more vulnerable).

Phone hacking has been making headlines recently. A would-be hacker simply calls the mobile phone number of the victim, and when the call goes through to voicemail the hacker inputs the provider’s default code (if it has not been changed) and listens to that person’s messages. The easy way to avoid it is to reprogramme your pin. But if the hackers were clever enough to get inside Gwyneth Paltrow’s handset, then we should all protect ourselves. Then there’s using the same password for all your accounts (“password”; “mother”; “1234″). Simply don’t do it: Miley Cyrus did, and pictures of her in her scanties were splashed across the internet. “I think the hacker behind it was around 20,” explains Crofton. “He used social engineering to gain access to Cyrus’s MySpace administration, from which he obtained a list of passwords. Then it was easy for him to gain access to her email account, obtaining snaps and personal details.”

To see how a normal, password-conscious consumer could be targeted, I invite Vigilante to The Independent’s offices in London. Shortly after they arrive, I open my MacBook and attempt to log on to the Local Area Network (LAN). Crofton and a colleague show me a system where they can disable all the wireless networks within my area, causing my laptop to become disconnected. When I tried to reconnect, I dialled up a network created from their laptops which they can control. They now had a direct link to my machine and can see what websites I regularly visit and even upload programmes which record the keys I hit so that they can uncover my bank account details.

“There is obviously a market for that information,” says Tom Beale, an ethical hacker and colleague of Crofton’s. In the UK, online security companies recruit the majority of ethical hackers from university computer studies courses. That was the case with Beale, who was approached by security company MWR Info Security after he started ethical hacking while at university.

“A certain amount of credit card details can be sold on the black market, they would have a street value. So someone might have 20,000 people’s credentials which he can flog off to someone that might want to use them.” Vigilante aren’t the only company trying to cope with burgeoning concerns. “We have had more approaches from people wanting protection,” says Alistair Macrae, head of operations at London-based security firm Lynceus. “Big stories bring security to the front of people’s minds; many weren’t aware that such things were happening; they want to respond appropriately.” Last month one of America’s biggest mobile network providers, Verizon, expanded its encryption services to enable small businesses to encrypt their emails; in June, Dave DeWalt, chief executive of security software group McAfee, likened the fear of attack to “the Cold War at its height” in the 1960s and 1970s.

Over the last year there has been a huge increase in “drive-by download” attacks. These involve an attacker scanning the web looking for vulnerable websites – they upload a malicious code on to them which visitors to the site can then download. Vulnerable websites are websites that are more “dynamic and complicated”, says Beale (ie the ones that employ lots of moving images or video). This is because they have more code to be infected. “There has also been a rise recently in the number of attacks where users are sent PDF documents that are essentially compromised,” continues Beale. “These can allow your machine to be taken over or used to do malicious things to other people.” Such indiscretions can be added to the key logging instances already mentioned, as well as vulnerabilities in the iPhone (simply by receiving a text message one could give control of one’s device to a hacker, a problem cured by a patch released earlier this month) as well as the threat of botnets on Facebook, Twitter and Google (botnets can be used to infect millions of machines which then request to access a site at the same time then crash it; Twitter was crashed for two hours earlier this month because of a co-ordinated botnet attack).

So what you can do about it? “You can follow a few simple rules to minimise your chances of attack,” says Crofton [see below], “but the only way you can totally be sure is by leaving your work at the office – if you have the opportunity – and being extremely vigilant. Change your default passwords and be careful what information you reveal on social networking sites. Also, don’t send work to people’s personal email addresses to finish when you get home. This is not a secure platform to work from. If you do want to work from home, speak with your IT department.”

Cyber safety: How to protect yourself online

* Always use a firewall: you can easily download simple firewall packages, or use trusted and known anti-virus protection software. Always make sure that you regularly download updates for them.

* Do not carry out work-sensitive activity on your machine outside work; you never know who might be watching, and what technology they might have at their disposal.

* Make sure your iPhone isn’t hooking up to any old network and asks you before it does; equally expect the same from your trusty laptop.

* Only download software from trusted sources on the internet; if it pops up and is covered in ladies in their scanties, someone is up to no good.

* Don’t set your password as “password” (we’ve heard it before); try to just “pervert” memorable names with different symbols, for example Coca-cola becomes C0c4c@1a.

* Think of your technology in the same way you think of your physical stuff; you wouldn’t leave your keys in the ignition of your car, so don’t leave the door open to the secrets of your hard drive, either.

SOURCE: http://www.independent.co.uk/life-style/gadgets-and-tech/features/ethical-hacking-protect-yourself-online-1780170.html

The US Federal Reserve Board chairman has become the latest high-profile public figure to fall victim to identity theft.

Ben Bernanke, whose day job leaves him in charge of the US money supply, became the victim of fraud after a pick pocket stole his wife’s handbag from a Starbucks shop in Washington’s Eastern Market. Credit cards, cheque books, cash and a driver’s license were taken as a result.

This information was used to pass fraudulent cheques in Bernanke’s name. Despite his status in the banking industry, no immediate alarm bells appear to have rung. The fraud was eventually detected and linked to a wider bank fraud racket that led to the indictment of 22 suspects earlier this week. Mail theft, pickpocketing and corrupt insiders were all allegedly used by the gang in order to build up profiles on prospective marks before establishing fraudulent lines of credit.

Bernanke, via a spokesman at the Federal Reserve, commented on the ID theft, telling CNN: “Our family was but one of 500 separate instances traced to one crime ring.”

Public figures, despite their notoriety, are by no means immune to ID theft. Our favorite example in this category is an attempt by fraudsters to impersonate French president Nicolas Sarkozy. Stolen payment card details in Sarkozy’s name were reportedly used to make mobile phone subscription payments. Six people, including workers at a mobile phone store, were arrested over the alleged scam  in October

SOURCE: http://www.theregister.co.uk/2009/08/28/fed_chair_id_theft_scam/

LOS ANGELES (Reuters) — Actress Jessica Biel has overtaken Brad Pitt as the most dangerous celebrity to search in cyberspace, according to internet security company McAfee Inc.

For the third consecutive year, McAfee surveyed which A-list celebrity was the riskiest to track on the internet after Pitt topped the list last year and Paris Hilton in 2007.

Biel, 27, who shot to fame in the TV show 7th Heaven and most recently starred in Easy Virtue, was deemed the most dangerous, with fans having a one-in-five chance of landing at a website that has tested positive for online threats, such as spyware, adware, spam, phishing and viruses.

“Cybercriminals are star watchers too — they latch onto popular celebrities to encourage the download of malicious software in disguise,” McAfee’s Jeff Green said in a statement. “Consumers’ obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer.

“Every day, cybercriminals use celebrities’ names and images, like Kim Kardashian and Rihanna, to lure surfers searching for the latest stories, screen savers and ringtones to sites offering free downloads laden with malware,” the statement added.

Coming second in the list for the second year running was pop star Beyonce, with McAfee finding that putting “Beyonce ringtones” into a search engine yielded a dangerous website linking to a distributor of adware and spyware.

Actress Jennifer Aniston was third, with more than 40 percent of the Google search results for “Jennifer Aniston screensavers” containing nasty viruses.

Young Hollywood stars Miley Cyrus, Ashley Tisdale and Lindsay Lohan all edged out Heidi Montag and Jessica Alba who appeared on last year’s list.

They also ranked higher than other young personalities including Twilight stars Robert Pattinson who came 30th and Kristen Stewart who was 20th, the Jonas Brothers, Taylor Swift, Lauren Conrad, Vanessa Hudgens and Zac Efron.

Megan Fox and Angelina Jolie tied as the eighth most dangerous celebrities on the web, while newlyweds Tom Brady and Gisele Bundchen came in fourth and sixth respectively.

However, President Barack Obama and First Lady Michelle Obama, who have featured on most celebrity list this year, were not at the top of risky public figures to search.

The Obamas ranked in the bottom third of this year’s results, at No. 34 and No. 39 respectively.

Brad Pitt came 10th in the list this year.

The top 15, according to McAfee, with their annotations:

- Jessica Biel – Major buzz about her figure and high-profile relationship with Justin Timberlake makes Jessica Biel an easy target for spammers and hackers. When “Jessica Biel screensavers” was searched, almost half of the sites were identified as containing malicious downloads with spyware, adware and potential viruses.

- Beyoncé – Beyonce tops the MTV Video Music Award nominee list and McAfee’s results as the most frequent, highly-ranked celebrity. Inputting “Beyoncé ringtones” into a search engine yielded a dangerous Web site linking to a distributor of adware and spyware.

- Jennifer Aniston – Hollywood’s favorite leading lady should be searched with caution. More than 40% of the Google search results for “Jennifer Aniston screensavers” contained nasty viruses, including one called the “FunLove virus.

- Tom Brady – The New England Patriot seems to attract many fans who want a free download of the athlete in action, but not the Trojan that comes with it, as identified by McAfee SiteAdvisor technology.

- Jessica Simpson - Jessica Simpson is as dangerous to search online as she is famous. Searching for “Jessica Simpson videos” can mislead unsuspecting surfers to sites with potentially damaging downloads.

- Gisele Bundchen – The world’s highest-paid supermodel is a popular target for cybercriminals. A search for “Gisele Bundchen photos” can direct users to red-ranked sites that breached browser security in McAfee’s tests.

- Miley Cyrus – Cybercriminals are using Web sites related to Miley Cyrus’ image to link to other harmful sites containing spyware.

- Megan Fox, Angelina Jolie – Both tabloid fixture Megan Fox and American icon Angelina Jolie resulted in an equal number of risky download Web sites, proving cybercriminals are in the business of capitalizing on the world’s most famous faces.

- Ashley Tisdale – The “High School Musical” star is a popular search term when it comes to searching for screensavers. A host of screensaver Web sites contained numerous malware-laden downloads.

- Brad Pitt – Appearing in the top spot last year, Brad Pitt fell towards the bottom of this year’s list, resulting in a few less, but just as dangerous, red and yellow-ranked Web sites.

- Reese Witherspoon – Risky Web sites were identified when searching for “Reese Witherspoon” and “Reese Witherspoon photos” promoting free files with hidden malware.

- Britney Spears - McAfee SiteAdvisor technology found a single site promoting free Britney Spears wallpaper that was embedded with more than 50 potentially infected downloads.

- Rihanna - Free Rihanna ringtones are some of the most sought after, but some shady vendors mislead those who subscribe by gathering and selling their personal information.

- Lindsay Lohan - McAfee SiteAdvisor flagged Lindsay Lohan screen saver sites as offering a combined 50+ free screen savers infected with Trojans, viruses and spyware.

- Kim Kardashian - The biggest reality star in recent months is now susceptible to Internet lurkers too. A search for Kim Kardashian wallpaper and screen savers generated numerous downloads veiled with malware.

SOURCE: http://www.wired.com/epicenter/2009/08/jessica-biel-tops-brad-pitt-as-internets-most-dangerous-search/

A mass compromise that has hit tens of thousands of English-language webpages is probably part of a much larger wave of attacks that’s been under way since June by a sophisticated band of criminals, a security researcher said Wednesday.

As reported Monday, the latest mass infection causes websites operated by health-care organizations, charities, and other groups to silently direct visitors to servers that host a potent cocktail of exploits. Since then, the number of pages has grown from about 57,000 to 70,000, said Mary Landesman, a researcher at ScanSafe, a company that protects end users from malicious websites.

Landesman has also discovered that the exploits and registration information for the domain names used in the attack bear a striking resemblance to two other mass compromises, including one from June that seized more than 3 million Chinese pages and exploited a previously unknown vulnerability in ActiveX components provided by Microsoft.

The revelation means the group behind the attacks is probably much better organized than previously believed.

“The fact that this was a compromise campaign to deliver a zero day, at least originally, certainly is cause for concern,” Landesman told The Register. “It gives an indication that it is possibly a more sophisticated level of criminal activity. That particular vulnerability was not something that had been widely publicized or known about.”

The mass compromise of the Chinese sites remains active, although the number of webpages has fallen to about 100,000.

A separate mass attack in July that compromised about 40,000 webpages of sites, mostly located in India, also bears the hallmarks of the same crew, Landesman said. All of them use SQL injection attacks to plant iframes in pages that, when visited, silently pull down malicious code from websites under the control of the attackers.

While the exploits are frequently different, similarities in the file names and domain names leads Landesman to conclude they have been perpetrated by the same people.

The analysis comes a day after a Google security researcher said the number of compromised websites the search giant tracks has more than doubled in the first seven months of this year.

On January 1, the number of entries in Google’s safe browsing malware list was a little more than 150,000. By the beginning of August, the number had mushroomed to more than 325,000. The list is used to warn users of the Google Chrome, Mozilla Firefox and Apple Safari browsers when they try to visit sites believed to contain malicious exploits.

SOURCE: http://www.theregister.co.uk/2009/08/27/mass_web_infection/

High-profile websites including Google, Facebook and Twitter have been targeted by hackers in what is described as a “massively co-ordinated attack”. Reports suggest the strike may have been aimed at a single user, pro-Georgian blogger known as Cyxymu. Twitter was taken offline for more than two hours whilst Facebook’s service was “degraded”, according to the firms. Google said it had defended its sites and was now working with the other firms to investigate the attack. “Google systems prevented substantive impact to our services,” the company said in a statement. The company has not confirmed which services were targeted in the attack, but it is thought that its e-mail service Gmail and and video site YouTube were under fire. “We are aware that a handful of non-Google sites were impacted by [an]… attack this morning, and are in contact with some affected companies to help investigate this attack,” the company said. Other sites such as blogging platform Live Journal were also reportedly targeted in the attack on Thursday. Twitter co-founder Biz Stone wrote on its own blog: “Twitter has been working closely with other companies and services affected by what appears to be a single, massively co-ordinated attack.”

He said that the motivation for the attack was unclear and that the company would “prefer not to speculate”.

However, Max Kelly, chief security officer at Facebook, told technology website CNET News that the attack was a strike targeted at a Georgian blogger known as Cyxymu.

“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” he told the website.

Friday marks one year since the outbreak of war between Russia and Georgia.

Writing on his blog, Graham Cluley of security firm Sophos said: “This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble, forcing us to ask serious questions about the site’s fragility.”

Spam attack

The popular sites were subject to a so-called denial-of-service (DOS) attacks on Thursday, the companies believe.

DOS attacks take various forms but often involve a company’s servers being flooded with data in an effort to disable them.

“Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users,” wrote Mr Stone.

These often use networks of computers – known as botnets -under the control of hackers.

The strategy is often employed by protestors against, for example, government websites, said Roger Thompson, chief research officer at security firm AVG.

“Those behind this latest attack may be using it as a means of highlighting the vulnerability of the sites we take for granted.

“There is no profit to be made from DOS and those who do carry out an attack like this will lose their botnet, showing there is no gain to be had.”

Some unconfirmed reports have suggested that it was not a DOS attack but the result of a spam campaign containing links to Cyxymu’s web pages on the various affected services.

Archived pages on Cyxymu’s blog claim he was victim to this sort of attack, known as a “Joe Job”.

But Mr Cluley said he didn’t think that was a likely scenario. “Most people wouldn’t have bothered clicking on the link,” he wrote.

“However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn’t responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DOS from their botnet.”

Protest tool

All of the affected services were keen to stress that user’s data had not been put at risk in the attacks.

“Please note that no user data was compromised in this attack,” wrote Twitter’s Biz Stone.

“This activity is about saturating a service with so many requests that it cannot respond to legitimate requests thereby denying service to intended customers or users.”

Twitter has had a meteoric rise since its launch in 2006.

A ComScore study suggests that Twitter had around 45 million users worldwide as of June 2009.

However, as many users interact with the service through mobile phones or third-party software, the actual number of users is likely to be higher.

However, that pales in comparison to Facebook, which claims to have 250m active users worldwide.

Both recently garnered worldwide attention when they were used by Iranians to co-ordinate demonstrations following the election of Mahmoud Ahmadinejad as president.

Many protesters believed there was electoral fraud and opposition leader Mir Hossein Mousavi should have won.

Twitter chose to delay upgrade work during the protests to allow communication to continue.

In a BBC interview, co-founder Evan Williams denied the move had been a response to a US state department request.

SOURCE: http://news.bbc.co.uk/1/hi/technology/8189162.stm

Gangs are stealing taxpayers’ passwords and submitting claims for tax refunds to be paid to them, HM Revenue and Customs has warned.

A series of attempted fraudulent claims through the self-assessment repayments system has been discovered.

No figures have been released outlining the extent of the fraud, but a HMRC spokesman said this was a new method of trying to extract money.

He urged people to ensure passwords sent to them by HMRC were kept secure.

“They should treat these details as carefully as they would a Pin for their bank account,” he said.

Attempt

More than 9.5 million taxpayers are in the self-assessment system, which was changed this year to encourage more people to submit their details via the internet.

Two-thirds of all filings for 2007-08 were submitted via the internet, rather than on paper.

When people apply to use the system they are sent a password through the mail which is then used when the taxpayer logs onto the HMRC website over the following 30 days.

However, fraudsters have been getting hold of these passwords and other personal details. This could have been by stealing the mail, tricking people out of the details or even finding the letters discarded in bins.

They then used these details to make fraudulent repayment claims, requesting funds be sent to other bank accounts.

The HMRC spokesman said this was different from so-called phishing e-mails which pretended to be from the tax authority and aimed to discover taxpayers’ banking details so their accounts could be raided.

Liability for any losses would be judged on a case-by-case basis, he added.

SOURCE: http://news.bbc.co.uk/1/hi/business/8186509.stm

Britons are more willing to cut back on holidays and meals out than on spending on communication technology during the recession, an Ofcom review suggests.

The watchdog’s annual report says spending on mobiles, the internet and TV is regarded as a higher priority than almost anything except food.

In a poll of 862 people, over 40% said they would save on holidays and eating out and 19% chose spending on mobiles.

Ofcom’s Peter Phillips said people were “more canny” about paying for services.

The study also highlights a major rise in the use of social networking websites.

Some 19m people in the UK, 50% of internet users, visit Facebook, spending an average of six hours a month on the site, it says.

This is an increase from four hours in May 2008.

The report said the proportion of 25 to 34-year-olds who said they had a social networking site profile grew by six percentage points in a year to 46%, while the figure also rose among 35 to 54-year-olds to 35%.

But the proportion of 15 to 24-year-olds with such a profile dropped from 55% from the first quarter of 2008 to the first quarter of 2009, the study added.

Ofcom researchers asked consumers where they were most likely to be cutting back on spending during the recession, as part of its communications market report.

Of those asked, 47% said going out for dinner, 41% said DIY and 41% holidays.

This compared with 19% who said they would cut back on mobile phone spending, 16% who said TV subscriptions and 10% who highlighted broadband services.

The report says the trend is supported by the fact communications are costing less, with longer, cheaper mobile phone contracts and the bundling of services such as television and internet at reduced prices.

Ofcom’s Peter Phillips said: “Despite the recession, people are spending more time watching TV, using their mobile phone or accessing the internet.

“They would rather do without meals out or holidays than give up their phone, broadband or pay TV package.

“Meanwhile, we are becoming more canny about the way we pay for these services.

“Almost half of us economise by taking a bundle of communications services from a single supplier, while one-fifth opt for cheaper mobile contracts which don’t include an expensive new phone.”

Catch-up TV boost

The report’s other findings include:

• In May 2009, consumers spent an average of 25 minutes a day online at home – up from nine minutes in 2004
• Average household spending on internet services fell in real terms between 2007 and 2008
• Nearly a quarter of households, 23%, were watching catch-up TV online in 2008, compared with 17% in 2007
• This was driven by the BBC iPlayer, with 15% of internet users, 5.2 million, watching the service in 2008
• Overall take up of broadband across the UK reached 68% of households by the end of the first quarter of 2009, up from 58% on the previous year
• In May of this year there were more than 250,000 new mobile broadband connections, up from 139,000 new connections in May 2008.

Ofcom also published a report into communications in the nations and regions, which showed take up of services was rising rapidly.

Use of broadband in Scotland was up from 53% to 60%, in Northern Ireland take up rose from 52% to 64%, and in Wales from 45% to 58%.

SOURCE: http://news.bbc.co.uk/1/hi/uk/8186127.stm

One of Israel’s main political parties has shut down its website following an attack by Palestinian hackers, according to reports.

Attackers on the official Kadima website posted images of wounded Palestinians and the aftermath of suicide bombings in Israel.

Slogans in both Hebrew and Arabic were also placed on the site, including threats to party leader Tzipi Livni.

The website was back online early Thursday morning.

The Jerusalem Post, quoting an Israel Army Radio report, said the pictures included one of Livni, with the words “We promise you – we’re coming”.

According to AP news agency, the hacked web page was signed Gaza Hacker Team.

The images were removed shortly after the attack and the site was then shut down. It was brought back online at about 0830 BST.

Kadima, a centrist political party that favours a two-state solution to the Middle East conflict, is the largest party in the Israeli parliament.

It was unable to form a government, and is currently in opposition.

SOURCE: http://news.bbc.co.uk/1/hi/technology/8187002.stm

The White House’s acting cyber-security tsar has resigned from her post, according to the Wall Street Journal.

Melissa Hathaway told the paper she was leaving for “personal reasons” and would return to the private sector.

The former strategist was appointed as acting national cyber-adviser in February and was expected to be offered the post of full time.

President Barack Obama has said that cyber-security is a high priority for his administration.

In May, the President announced plans for securing American computer networks against cyber attacks.

In recent years, US government and military bodies have reported attempts to infiltrate systems by hackers.

He announced the creation of a cyber-security office in the White House, and said he would personally appoint a “cyber-tsar”.

Ms Hathaway was widely regarded as the person to fill that post after taking on the role as acting senior director for cyberspace for the National Security and Homeland Security Councils in February.

In April she completed a review of cyber-security for the Obama administration.

At the time, Ms Hathaway said the job ahead was “a marathon, not a sprint.”

Her successor has not yet been named by the White House.

SOURCE: http://news.bbc.co.uk/1/hi/technology/8182931.stm

The buyers and sellers converse cheerfully in the international language of commerce: negotiating prices, swapping samples, issuing quality assurances and loyalty discounts. One vendor, a Russian, offers a Chinese customer free translations of the product’s instruction manual; another promises “friendly technical support”.

It is here, in this polite, super-exclusive online marketplace, that the world’s most dangerous cybervillains plot to make your life a misery and get fabulously rich in the process. This is where your debit card PIN is bought and sold, your e-mail inbox engorged with spam, your identity touted to the highest bidder and the company you work for blackmailed or incapacitated.

From here, a rogue IT engineer can sell access to the tills of 50 high street stores or a Taiwanese factory worker can be bribed to install spy software in a dozen credit card readers. Botnets, trojans, worms — and worse — are fomented here.

Forums such as this, say analysts of cybercrime, have become the hubs of a £30 billion-a-year global industry that in 2008 alone spirited nearly 300 million items of supposedly secure information from the internet.

On one such forum, to which The Times gained access, a seller offers eBay accounts that appear to have impeccable reputations and 100 per cent buyer satisfaction levels — a disguise that could be used to perpetrate multiple frauds across the globe. Another is offering, for $10 (£6), a list of 30,000 “clean” British e-mail addresses that have not yet received spam and would therefore make easy targets. Skype accounts are also available, at a charge of 50 per cent of whatever financial gain the customer is able to make from them.

Over the past 18 months there has been an unprecedented growth not just in the volume of data theft, but in the sophistication of the attacks.

The problem, explained Bryan Sartin, head of the investigative response team at the US-based IT company Verizon Business, is that black-market forums have done their job too well: supply-and-demand economics have imposed themselves with catastrophic success. With the market now saturated with available data on tens of millions of credit card accounts, the online cost of a single credit card has plunged from $16 to 50 cents in a few months.

The glut of credit card information has prompted the hackers to go in quest of more valuable data loot, Mr Sartin said. The big money now is in stealing PINs and mothers’ maiden names along with the associated accounts. This has led to the successful execution of complex attack strategies previously thought only theoretically possible, he said.

The leap in sophistication of cybercrime is clear from the amount of verbal traffic on the forums. Analysts at TrendMicro, a Japanese company specialising in internet security, watched as a vendor sold software that can defeat the “breaker” programs that enable websites to differentiate between a human user and an automated disseminator of spam.

Verizon Business investigators watched an online auction for software that would give access to a particular cash register in a particular US branch of a large fast-food chain. Any time a customer used a debit or credit card to pay for their burgers, the PIN data would be diverted to the criminals. The hacking software eventually sold for $60,000.

Along with the complexity of the data heisting, the profile of the hackers has changed too. The dominance of the Russian Business Network — a much-feared association of cybercriminals rumoured to enjoy official protection in Moscow — has given way to new players, many operating from China.

This trend has accelerated as companies in the developed world have increasingly outsourced elements of their businesses to China. Stuart Witchell, senior vice-president of FTI-International Risk, an Asian-based risk consultancy, said that while hackers represent a significant threat to businesses, many data breaches are carried out by company insiders.

Investigators of one recent spate of PIN thefts believe that the enabling “sleeper” code was inserted into the software of a batch of credit card readers produced in a Chinese electronics factory on behalf of a European company.

Raimund Genes, the chief technical officer of TrendMicro, whose main business is protecting companies against viruses and other forms of online assault, says that since 2007 the average number of new “malware” samples his company has to process each month has risen from 270,000 to more than one million.

Mr Genes fears that the online cybercrime marketplaces have become so sophisticated that it may soon be impossible for the likes of TrendMicro and government agencies to penetrate them effectively.

“In the past, we were able to watch the market extremely closely, but that is getting difficult because the bad guys know we are monitoring them,” he said. “They have developed an eBay of the underground, where the buyers and sellers have reputations. As a seller, you have to prove that your software works, but as a buyer you have to show that you have used the information to commit a crime. Without doing that, you can’t access the higher layers of the forum where the really good stuff is being sold.”

SOURCE: http://www.timesonline.co.uk/tol/news/world/asia/article6735085.ece