Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Security highlights from around the Web

May 24, 2005 12:00 PM ET

Computerworld - Now it's 'ransom-ware'
Here's another scheme to keep IT security managers up at night: Hackers have come up with another form of extortion to get quick cash from companies, the Associated Press reports via the Detroit News. In the scheme, hackers "lock up" data on a company's computer and leave a ransom note demanding money to get the data back. Experts call the stunt "ransom-ware." In one incident, a security researcher was able to unlock the data without paying the $200 ransom, but the fear is that the attacks will become more difficult as hackers refine their skills. "This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination," said Symantec Corp security manager Oliver Friedrichs.


The story of a cybercrime bust
For a compelling story on how a U.S. cybercrime unit snared 28 members of a worldwide gang of cybercriminals known as the Shadow.crew, check out this article in BusinessWeek. The article gives a detailed account of how Secret Service agents and the FBI investigated the gang, which was reported to be involved in identity theft, bank fraud and other crimes. A raid on the group in October 2004 yielded arrests of Shadowcrew members in eight states and six countries and netted "1.7 million credit-card numbers, access data to more than 18 million e-mail accounts, and identity data for thousands of people including counterfeit British passports and Michigan driver's licenses."
While the arrests were a big disruption of organized crime, the investigators recognize the arrests are a drop in the bucket as more crime moves to the Web.


A socialite and social engineering
The whole exploit involving the posting of celebrity Paris Hilton's cellular phone address book was in part the result of a classic case of social engineering, involving a phone call to a T-Mobile store in Southern California. In this account in The Washington Post, an unidentified hacker, who claimed he was involved in the theft, gave details of the caper to a reporter via "online text conversations." The hacker told how he and a hacker's group duped a T-Mobile sales rep into giving out proprietary information that ultimately enabled the hackers to steal information from the socialite's phone. One of the hackers called the store pretending to be a T-Mobile supervisor, and the employee divulged all the information requested.
The story is a reminder of the importance of instructing employees on security awareness, as Doug Schweitzer pointed out in a recent column. While his article came about from the appearance of variants to the Sober worm on the Internet, he also says, "Procedures for identity verification must be put into everyday practice, and employees need to be aware that no matter who is requesting information, be it a fellow employee or a higher-up in the organization, the requester's identity must be verified."



Jump to comments

Security

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...