The long-running case of computer hacker Gary McKinnon could finally be settled later at the High Court.

Authorities in the US are seeking his extradition to face trial for breaking into American military computers.

Mr McKinnon admits hacking, but denies it was malicious or that he caused damage costing $800,000 (£487,000).

The 43-year-old, from north London, is challenging refusals by the home secretary and director of public prosecutions to try him in the UK.

Mr McKinnon faces up to 70 years in prison if he is convicted in the US of what prosecutors have called “the biggest military computer hack of all time”.

In total, he accessed 97 government computers belonging to organisations including the US Navy and Nasa.

He has always insisted he was looking for classified documents on UFOs which he believed the US authorities had suppressed.

Asperger’s Syndrome

In February, the Crown Prosecution Service refused to bring charges against Mr McKinnon in the UK.

The decision followed a ruling last October by then Home Secretary Jacqui Smith to allow his extradition.

Mr McKinnon has already appealed unsuccessfully to the House of Lords and the European Court of Human Rights and his latest judicial reviews in the High Court are likely to be his last chance.

His lawyers say the authorities have not given proper consideration to his Asperger’s Syndrome, which could have “disastrous consequences,” including suicide, if he was to be extradited.

They argue he is “eccentric” rather than malicious and should be tried on lesser charges in the UK to protect his mental health.

http://news.bbc.co.uk/1/hi/uk/8177561.stm

Hackers posted a Chinese flag on the website of an Australian film festival in an escalation of protests against the planned appearance by an exiled Uighur activist whom Beijing blames for deadly ethnic riots in China’s west, an official said yesterday.

The cyber attack on the Melbourne International Film Festival, which also received a flurry of critical emails, came after four Chinese films pulled out of the event and a Chinese diplomat protested over the screening of a documentary about activist Rebiya Kadeer, whom Beijing says incited the violence this month between Muslim Uighurs and Han Chinese that left nearly 200 dead.

China’s Foreign Ministry spokesman Qin Gang criticised the screening and Kadeer’s appearance earlier this month, saying: “Everyone knows the kind of person that Rebiya is. We are firmly opposed to any foreign country providing her with a stage for her anti-China separatist activities.”

Kadeer, who lives in exile in the United States and will attend the festival on August 8, denies any role in the ethnic violence.

Festival spokeswoman Louise Heseltine said a hacker put a Chinese flag on the website for 45 minutes on Saturday as well as English-language messages demanding organisers apologise to all Chinese for including Kadeer.

The website host discovered hundreds of other attempts to hack into it, Heseltine said.

The Kadeer documentary, 10 Conditions of Love, premiered on Sunday.

ABC television news said it had contacted a Chinese citizen in China who claimed responsibility for the hacking. The hacker denied any link to the Government, saying he was motivated by anger at the screening of the documentary.

Festival director Richard Moore said the site had been slowed by the hacking, and online ticket sales had suffered: “We have received over the last two weeks virtually a mini tsunami of emails that I can only describe as being vile.”

Moore said a Chinese diplomat at the Melbourne consulate two weeks before the festival opened told him to withdraw the Kadeer film.

The documentary’s director, Jeff Daniels, blamed the Chinese Government for the protests: “I personally find it appalling that the Chinese Government has put the film festival and filmgoers in the position where they need police escort and private security to see a film.”

An underground cybercrime economy driven by profit-seeking criminal networks has led to stealing of personal information from compromised networks and PCs, according to a security report.

Data-stealing malware has been in the limelight in Q1 2009, according to the latest data from TrendLabs, security company Trend Micro’s global network of research, service and support.

Online banking credentials, credit card numbers, social security numbers and passwords are at risk. Trojans are the fastest-growing category of data-stealing malware that pose a serious threat to computer security. True to their name, they typically arrive disguised as something benign such as a screen saver, game or joke.

Based on TrendLabs research in 2007, 52 per cent of data-stealing malware were Trojans; in 2008, that number increased to 87 per cent; and as of Q1 2009, 93 per cent of data-stealing malware were Trojans.

As one of the most dangerous categories of web threats today, data-stealing malware showed tremendous growth in 2008 and is, therefore, an area of concern for consumer and business audiences alike.

According to Anti-Phishing Working Group statistics, the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008 – an 827 per cent increase from January 1.

Data-stealing malware is usually the second or third component of a sequential multi-pronged web attack and encompasses malware such as keyloggers, screen scrapers, spyware, adware, backdoors or bots.

Trojans and Trojan spyware are the predominant type of data-stealing malware in all regions monitored by TrendLabs, including Australia, Asia, Africa, South America, North America and Europe.

Trojan infections are on the rise and according to Trend Micro data, the Trojan threat category has grown exponentially in every country across the globe over the past three years.

“As a threat category, data-stealing malware is experiencing tremendous growth because it serves the needs of financially motivated criminals who leverage the internet for what it does best – provides valuable information,” said Jamz Yaneza, Threat Research Manager for Trend Micro.

Politics and cybercrime have finally intersected in news headlines; understandably so. In the US alone, the number of known breaches of government computers with malware more than doubled between 2006 and 2008, according to the Department of Homeland Security. Paul Ferguson, Advanced Threat Researcher at Trend Micro, said it is possible that cyber terrorists may have already planted malware within the US electrical grid that would allow them to remotely disrupt service.

Cybercrime has gained significant international mobility. In 2007, Estonian computer networks were crippled when serious distributed denial of service (DDoS) attacks against government and civilian sites were reputedly linked back to Russian operatives. At the time, Russia and Estonia were involved in a dispute over the Estonians’ removal of a Soviet war memorial.

The French embassy’s website in Beijing was inaccessible for several days after a full-scale cyber attack following President Nicolas Sarkozy’s meeting with Tibetan spiritual leader, the Dalai Lama. Experts now widely believe instead that a Chinese hacking group staged the attack for nationalistic purposes.

“Virtually anyone with a computer and internet access can wreak havoc. In the US, hacker attacks have been documented on county or state government sites,” said Ferguson. “Smaller organisations have a limited IT budget and few staff so they hire a third party to build a website. Over time, the site fails to be maintained or upgraded, exposing vulnerabilities that ‘hacktivists’ then leverage to express political views.”

Ferguson also cited the recent example of data-stealing malware is the Conficker worm, which was recently in the news. Conficker, also known as Downup, Downadup, and Kido, is a worm that targets the Windows operating system and was first detected in November 2008. Once a machine is infected, the worm can download and instal additional malware from attacker-controlled websites.

This could include a password stealer or software to remotely control computers.

Ferguson said: “The worm was apparently designed to propagate as part of a botnet and can thus transmit data remotely if needed.” Cyber espionage is also grabbing headlines. Every year, corporations suffer billions of dollars in intellectual property losses when trade secrets are illegally copied and sold to competitors on the black market for profit, or used for extortion. Business networks provide the perfect medium for cybercriminals capable of breaching their defences.

“Cybercriminals are using malware for financial gain and for geopolitical purposes,” said Ferguson.

“We have even seen data-stealing malware attacks against US defence contractors – believed to be Chinese – launched to steal trade secrets. However, it’s hard to connect the dots back to the people really pulling the strings because of the anonymous nature of the internet.”

For years, security protections have been focused on protecting the endpoints– where most people access data. In today’s multi-threat environment, a new strategy is needed.

A correlated approach is used to address the tendency for cybercriminals today to launch multi-pronged, combined attacks composed of a number of different web threats. It analyses e-mail, embedded links, file attachments, and hosted web files to identify new IPs, domains, URLs, and files that can be instantly added to reputation databases to quickly block new threats.

In other cases, criminals or disgruntled employees sneak data-stealing malware onto corporate networks and then customer data or confidential company information is silently transmitted outside the network – a new twist on industrial espionage.

Criminals have become adept at exploiting open entry points that are critical to employee’s productivity – like port 80 used for web surfing and web mail. Instances of data stealing range from a single user losing personal data from a PC to thousands of records stolen in large-scale data breaches.

According to Gartner, 7.5 percent of US adults lost money as a result of financial fraud last year, mostly due to data breaches. The most recent large-scale data breach occurred last year involving Heartland Payment Systems, one of the five largest payment processors in the US. The breach occurred when hackers believed to be linked to a cybercrime syndicate managed to sneak a keystroke logger onto the company’s credit card processing system. Although Heartland has provided no information about how the software penetrated the network or how many card numbers were stolen, at least 160 banks in the US, Canada, Guam and elsewhere are reported to have been affected. Heartland serves 250,000 business locations and conducts more than four billion business transactions per year.

Processing companies such as Heartland will continue to be a target for cybercriminals due to the value of the data they handle.

According to the 2009 Verizon Data Breach Investigations Report, 93 per cent of all electronic records breaches occurred in the financial services industry and 90 per cent had ties to organised crime.

In July 2007, a Pfizer employee removed files from the company exposing 34,000 people to potential identity fraud and was the third data breach to occur at the company in three months. The breach disclosed the names and social security numbers of affected employees and also included home addresses, telephone numbers, fax numbers, e-mail addresses, credit card and bank account numbers, and other information.

In some instances, data breaches occur because security protections are either too lax or are missing entirely.

Randal Vaughn, Professor of Information Systems at Baylor University, said: “Amazingly, companies that run their own web server do not always know what is running on it. An unskilled developer can easily write a web application with a vulnerability that exposes the company’s entire network to malware.”

David Cameron was forced to defend his director of communications, Andy Coulson, this morning following calls for his resignation in the wake of the News of the World phone-hacking affair.

http://www.guardian.co.uk/media/2009/jul/09/newsoftheworld-newsinternational

The wife of the new head of MI6 has caused a major security breach and left his family exposed after publishing photographs and personal details on Facebook.

http://www.timesonline.co.uk/tol/news/uk/article6639521.ece

Al Qaida is intent on using the internet to launch a cyber-warfare campaign against the UK, ministers revealed today.

http://www.metro.co.uk/news/article.html?Al_Qaida_to_launch_cyber-warfare_on_the_UK&in_article_id=691853&in_page_id=34

Kate Moss is alleged to have destroyed several new Kills songs after a blazing row with her rocker boyfriend Jamie Hince.

The supermodel threw an all mighty strop while on holiday with the Kills guitarist at her countryside mansion and ended up hurling Hince’s bag into a swimming pool.

http://www.metro.co.uk/metrolife/music/article.html?Kate_Moss_destroys_new_Kills_songs&in_article_id=689509&in_page_id=25

Britons face a growing online threat from criminals, terrorists and hostile states, according to the UK’s first cyber security strategy.

http://news.bbc.co.uk/1/hi/uk_politics/8118348.stm

The Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country’s power stations, telecommunications and aviation systems, or freeze the financial markets — in an effort to build better defenses against such attacks, as well as a new generation of online weapons.

http://www.nytimes.com/2009/04/28/us/28cyber.html?_r=2&pagewanted=1&hp

Have you ever wondered whether that unfamiliar face in the office is actually an intruder about to steal your data? Probably not, but maybe it is time to think again.

At one FTSE-listed financial institution the managing director himself opened the door to a stranger who, within 20 minutes of gaining entry to the building, had found a highly sensitive document outlining a half a billion pound merger lying on a desk.

http://news.bbc.co.uk/2/hi/technology/7843206.stm

The Olympic Games in London could suffer a severe “cyber attack” unless urgent action is taken, according to former home secretary David Blunkett.

The Labour MP said such an attack would be “devastating” but systems existed to block it. He is urging a co-ordinated approach between government, security experts and business to ensure Britain is safe.

http://news.bbc.co.uk/1/hi/england/london/8019948.stm

A BRITISH agent has thrown the war against drug traffickers into chaos by leaving top secret information about covert operations on a bus in South America.

In a blunder that has cost taxpayers millions of pounds and put scores of lives at risk, the drugs liaison officer lost a computer memory stick said to contain a list of undercover agents’ names and details of more than five years of intelligence work.

http://www.timesonline.co.uk/tol/news/politics/article6169077.ece?Submitted=true

The worm hacks into Twitter profiles and automatically sends unauthorized Twitter status updates to contacts from the hacked accounts. Users who look at infected profiles are then automatically infected, and unauthorized posts are automatically sent to their contacts.

http://www.networkworld.com/news/2009/041809-new-twitter-worm-targets.html

The website of junior transport minister Paul Clarke was hacked over the weekend by apparently motiveless mischief-makers.

Defacers scrawled digital graffiti on labourisworking.com, which is run by the Under-Secretary of State at the Department of Transport.

http://www.theregister.co.uk/2009/04/06/transport_min_web_hack/

The FBI are investigating the online leak of an almost finished copy of X-Men Origins: Wolverine, a month before the film’s cinema release.

The Hugh Jackman film was downloaded an estimated 100,000 times from file-sharing websites on Tuesday.

http://news.bbc.co.uk/2/hi/entertainment/7978379.stm

Actor is latest celebrity victim of online impostors, with nearly 20,000 subscribers signing up to phoney feed of his every move.

http://www.guardian.co.uk/film/2009/mar/09/ewan-mcgregor-fake-twitter-feed

Internet browser security took a beating during Day 1 of an annual hacking competition, with Apple’s Safari, Microsoft’s Internet Explorer and Mozilla’s Firefox all being felled in a matter of hours.

The uncontested champion of the contest was a University of Oldenburg, master’s candidate, who managed to fell Safari, IE 8 and Firefox at the Pwn2Own contest at the CanSecWest security conference in Vancouver, British Columbia. He joined security researcher Charlie Miller, who was able to successfully hack Safari with a separate remote-execution exploit.

http://www.theregister.co.uk/2009/03/19/pwn2own_day1

A survey of London commuters suggests that 4.2m Britons store data on their mobiles that could be used in identity theft in the event they are stolen.

Only six in 10 use a password to limit entry into the phones, according to the survey by security firm Credant.

The survey found that 99% of people use their phones for business in some way, despite 26% of them being told not to.

http://news.bbc.co.uk/2/hi/technology/7950263.stm

Software allowing fraudsters to track what you type led to the level of online banking fraud more than doubling in 2008, according to a banking body.

Fraudsters use a device called keylogging – when keystrokes on a computer are tracked to gather passwords and credit card numbers.

http://news.bbc.co.uk/2/hi/business/7952598.stm

An unpatched flaw in Adobe Acrobat and Reader might be exploited without even needing to trick a surfer into opening a maliciously constructed file.

http://www.theregister.co.uk/2009/03/05/click_free_pdf_peril/