Cougar Alerts

Stay on top of the latest news in IT issues effecting the Columbia College community.  

Obama urged to warn Chinese leader on Cyber-Security

posted May 30, 2013, 5:50 AM by Justi Montague

WASHINGTON--One senior Democratic lawmaker is calling on President Obama to make it clear to China's President Xi Jinping that the United States is ready to "impose real costs" on China if they continue to steal American intellectual property.

Sen. Carl Levin D-Mich., suggested that Obama, who is scheduled to hold two days of meetings with Xi next week in California, underscore to the newly installed Chinese president that the Senate is moving forward with legislation that would create a watch list of foreign countries that engage in economic or industrial espionage in cyberspace.

If passed, the bill, which is co-sponsored by Levin, would require the president to block imports of certain foods from countries, if he determines they benefited from stolen U.S. technologies or intellectual property.

"I though your could refer to this bill in your meeting with President Xi as an example that the U.S. will indeed impose real costs on China should they continue to steal our intellectual property," Levin wrote in a letter to Obama that was released by the Michigan lawmaker's office Wednesday.

Levin's push comes as cyber-security has become a growing source of tension between the two countries. 

This week, The Washington Post published parts of a confidential defense report accusing Chinese hackers of compromising some of the most sensitive and advanced US weapons systems.

In March, Obama's national security adviser, Tom Donilon, called on China's government to take action to stop the theft of data from American computer networks and create global standards for cyber-security. Donilon visited Beijing this week and underscored U.S. concerns about cyber-security during wide-ranging talks with senior Chinese officials, according to the White House.

White House spokesman Jay Carney said Wednesday that cyber-security would be one of several topics Obama would discuss with Xi, when they meet June 7 and 8 at hte Sunnylands estate in Rancho Mirage, Calif.

"We've been clear in our concern about cyber-security, and our concern about the fact that there have been cyber-intrusions emanating from China," Carney said.

The two days of meetings between Obama and Xi will mark the first meeting between the two leaders since Xi took office in March. 

University blocks Google docs to fight phishing

posted Mar 7, 2013, 7:00 AM by Justi Montague

A rise in the number of phishing emails sent to Oxford students' accounts, causing the university to block Google Docs temporarily

Disabling Google Docs, a website for storing documents online, was a measure taken to prevent emails which appear to be from University officials.  Students are increasingly targeted by hackers seeking their account details as university accounts can be used to send spam emails and appear legitimate.

In a blog post on their website, OxCERT (Oxford University Computing Service) explained the decision to block Google Docs, saying, "Over the past few weeks there has been a marked increase in phishing activity against our users. Now, we may be home to some of the brightest minds in the nation. Unfortunately, their expertise in their chosen academic field does not necessarily make them an expert in dealing with such mundane matters as emails...It only takes a small proportion to respond for the attacks to be worthwhile."

The blog post continued, "Almost all the recent attacks have used Google Docs URLs...We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action."

A Google spokesperson defending Google Docs, telling Cherwell, "Google actively works to protect our users from phishing attempts. Using Google Docs, or any of our products, for distribution or coordination of phishing is a violation of our product policies, and we will remove any forms or disable accounts discovered to be used for these purposes."

Phishing through Google Docs is part of a wider increase in the practise within the University. In an email to Oxford students, Professor Paul Jeffreys, Oxford's Director of IT Risk Management, warned, "You may recently have received fraudulent emails asking you to visit a website to supply your username and password, or requesting you send them email...There have been a very large number of such emails sent recently...Don't be tricked into handing over your password as a result of these emails."

Several undergraduates received phishing emails last week which claimed, "You will be unable to send and receive mails and your email account will be deleted from our server. To avoid this problem, you are advised to verify your email account by filling this manual [sic.]  information." A link to a Google Doc for student usernames followed.

The amount of other spam emails reaching Oxford students has also increased. Undergraduates have received three emails from the websites 'Lashzone' and 'Lashxone' with the most recent being sent on Saturday 23rd February. Their website states, "We offer professional assistance on post-secondary homework, assignments, essays, lab reports, assignment revision...etc. You get the idea?"

A University spokesperson commented, "While Oxford University has extensive anti-spam defences in place, spammers are constantly adapting their tactics to evade our countermeasures. IT Services have to balance the risks of spam attacks against the risks of disruption to legitimate email traffic. Unfortunately this means that it is inevitable that some spam will get through the defences--this particular set of messages was just one of hundreds of spam runs that hit the University each day, and often many runs come from the same source. 

Regarding emails from Lashzone, the university stated, "IT Services have been in contact with the Proctors' Office regarding the mails from Lashzone. We are satisfied that reasonable technical countermeasures are in place, but these are continually reviewed in view of evolving threats."

When pressed about criticism from universities, a Lashzone spokesperson commented, "We smile and walk on."


Happy Data Privacy Day!

posted Jan 28, 2013, 6:16 AM by Justi Montague

Data Privacy Day is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone's priority. 

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is a celebration for everyone and held on January 28th every year. 

In our online world, data is free flowing. All of us--from home computer users to the largest corporations--need to be aware of the personal and private data others have entrusted us and remain vigilant and proactive about protecting it. 

Being a good digital citizen means being a good steward of data. Data Privacy Day is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone's priority.

Data Privacy Day is led by the National Cyber Security Alliance, a non-profit, public private partnership focused on cyber security education for all online citizens. 

For more details and tips on keeping your information private, visit: http://www.staysafeonline.org/data-privacy-day/privacy-tips/businesses

McAfee Warns Consumers of the "Twelve Scams of Christmas"

posted Nov 21, 2012, 10:03 AM by Justi Montague   [ updated Nov 21, 2012, 11:50 AM ]

Cyber-Scrooges Work Overtime During Holiday Season and on Black Friday/Cyber Monday, New Threats Hit Mobile, Email and the Web

Santa Clara, Calif. --November 9, 2011 - 'This the season for consumers to spend more time online - shopping for gifts, looking for a great holiday deals on new digital gadgets, e-planning family get-togethers and of course, using online or mobile banking to make sure they can afford it all. But before logging on from a PC, Mac, or mobile device, consumers should look out for the "12 Scams of Christmas," the dozen most dangerous online scams this holiday season, revealed today by McAfee.

"With the increase in malware and other attacks on smartphones, tablets and Macs, users need to stay vigilant and ensure they protect all of their devices, not just their home PC--they can't afford to leave the door open to cyber grinches during the busy holiday season." "Cybercriminals rub their hands with glee when they think of the holidays," said Gary Davis, direct of consumer product marketing at McAfee. "Consumers are making travel plans, shopping for gifts and bargains, updating Facebook and connecting with friends. However, the vast majority have no security protection for their smartphones or tablets, despite using them heavily during the holiday season. Consumers need to stay one step ahead of this season's cyber-scrooges, and make sure they have protection for all of the Internet-enabled devices. Otherwise, they could risk giving the bad guys the biggest gift of all - their own personal and financial information. "

McAfee's 12 Scams of Christmas

1. Mobile Malware: A recent National Retail Federation (NRF) survey, dated October 19, found that 52.6 percent of U.S. consumers who own a smartphone said they will be using their device for holiday-shopping related activities--whether it's to research products, redeem coupons, or purchase holiday gifts. Malware targeted at mobile devices is on the rise, and Android smartphones are most at risk. McAfee cites a 76 percent increase in malware targeted at Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform.

 New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals on Black Friday and Cyber Monday, or just to learn about products they want to buy. 

2. Malicious Mobile Applications - These are mobile apps designed to steal information from smartphones, or send out expensive text messages without a user's consent.  Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. For example, last year, 4.6 million Android smartphone users downloaded a suspicious wallpaper app that collected and transmitted user data to a site in China.

3. Phony Facebook Promotions and Contests- Who doesn't want to win some free prizes or get a great deal around the holidays? Unfortunately, cyberscammers know that these are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information. 
A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information.

4. Scareware, or Fake Antivirus Software: Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk--or already infected--so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, with an estimated one million victims falling for this scam each day. In October 2012, McAfee reported that scareware represented 23% of all dangerous internet links, and it has been resurgent in recent months. 

5. Holiday Screensavers - Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you "fly with Santa in 3D" is malicious. Holiday-themed ringtones and e-cards have been known to be malicious too. 

6. Mac Malware-Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple products, for both businesses and personal use, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee LabsTM, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent month to month.

7. Holiday Phishing Scams- Phishing is the act of tricking consumers in to revealing information or performing actions they wouldn't normally do online using phony e-mail or social media posts. Cyberscammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.
  • A common holiday phishing scam is a phony notice from UPS saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer.
  • Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money--and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.
  • Smishing -SMS Phishing- remains a concern. Scammers send their fake messages via a text alert to a phone,  notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated--and collects the user's personal information including Social Security number, address, and account details. 
8. Online Coupon Scams - An estimated 63 percent of shoppers search for online coupons or deals when they purchase something on the Internet, and recent NRF data (October 19, 2011) shows that consumers are also using their smartphones (17.3 percent) and tablets (21.5 percent) to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information.
  • One popular scam is to lure consumers with the hope of winning a "free" iPad. Consumers click on a "phishing" site, which can result in email spam and possibly dealing with identity theft. 
  • Consumers are offered an online coupon code and once they agree, are asked to provide personal information, including credit card details, passwords and other financial data.

Following Sandy, DHS seeks security 'Cyber Reserve'

posted Nov 2, 2012, 5:33 AM by Justi Montague

Secretary Napolitano says a reserve of security pros is needed because a major cyberattack could make this week's hurricane damage look mild. 

The damage to the electrical grid from Superstorm Sandy is just a taste of what could happen from a major cyberattack, says Department of Homeland Security (DHS) Secretary Janet Napolitano.

And a DHS task force said this week that one way to minimize that kind of risk is to recruit a "Cyber Reserve" of computer security pros that could be deployed throughout the country to help the nation defend and recover from such an attack.

Napolitano and other high government officials have been preaching about the escalating threats, particularly from hostile nation states like Iran, Russia and China, for some time.

The Hill reported that at a cybersecurity event hosted by the Washington Post, Napolitano said while recent news has been about financial institutions being hit with Distributed Denial of Service (DDoS) attacks, the nation's control systems for major infrastructure like utilities and transportation infrastructure were also being targeted.

The Secretary used Hurricane Sandy to make the point. "If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities," Napolitano said. 

Government officials have been invoking the Pearl Harbors image for years. Defense Secretary Leon Panetta did it again just a few weeks ago, saying in a speech in New York that such an attack would, "cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability."

For good measure, he also called it a "pre-9/11 moment."

The security community is divided over the depth of the threat. Most experts say they are real, but not at the level of a catastrophic military attack. 

Bruce Schneier, author and chief security technology officer at BT, told CSO Online this year: "Throughout history, the definition of a 'major war' has involved casualties in the hundreds of thousands. That means dead people."

Panetta did invoke the risk of dead people. "[Attackers could] derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals," he said.  "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country."

Patrick Lambert wrote in a TechRepublic blog post that while the scenarios painted by Panetta are horrifying, "there's no way to accomplish them solely via the Internet. Most things have to be done on site, and any critical systems shouldn't be connected directly to the 'Net in the first place."

John Felker, a retired Coast Guard captain and vice president of cyber programs at SCI Consulting Services, who believes Panetta is right, said: "Those systems were closed--site specific--when they were put in place a long time ago," he said. But now they are Internet facing. "It's cheaper that way, but they are also more vulnerable."

"Absolutely--no question about it. I've seen the ones and zeros, so I know," Felker said. "Depending on the attack, could it be worse than Sandy, not only from the risk to life, but the economy. If there is no electricity, a lot of those things don't get done."

Could a "Cyber Reserve" mitigate the threat? DHS Deputy Secretary Jane Holl Lute believes that until DHS can improve its in-house capabilities, a reserve is the way to go.

Jim Finkle reports at Reuters that the Deputy Secretary hopes to have a working model for a Cyber Reserve within a year, with the first members drawn from retired government employees now working for private companies, but also recruit from Department of Defense contractors, veteran's organizations and outside groups.

The management of such a reserve of security pros could be tricky, however, since it would involve security clearances and allowing people access to confidential information and tools that could leak into the wild unless they were tightly controlled. 

"This has been talked about before," Felker said. "There are a lot of plusses and a lot of minuses. The big question is what authorities do they operate under. How do you get them to do what you want?"

"We know [experts are] out there. But you have to have somebody managing the program that is very comfortable with ambiguity. Gen. [Keith] Alexander [head of the National Security Agency] is probably somebody who could do it."

Felker said the security risks from reservists themselves are probably small. "It depends what kind of access you give them. Some of those [cyber] tools don't go outside unless it's under very controlled conditions," he said.

However, even if the U.S. does get a Cyber Reserve up and running within a year, it will still late to the party. Steve Elwart, writing in WND, noted that Estonia has a "white-hat hacker organization" that supports the country's National Guard; the that the U.K. is developing a program; and that China is, "actively recruiting a vast [cyber] army of up to one-half billion soldiers."

Hacker gets $60,000 from Google for finding flaw in Chrome

posted Oct 11, 2012, 7:56 AM by Justi Montague

An anonymous teen techie who goes by the name Pinkie Pie won a prize at a hacker conference Wednesday by exposing problems in Chrome.

A hacker who found a flaw in Google's Chrome browser was able to make some serious cash from the security breach--paid for by Google itself.

The anonymous teen techie, who goes by the name Pinkie Pie, cracked a problem in Chrome and won a $60,000 prize from Google during a hacker conference Wednesday in Kuala Lumpur.

This is the second successful hack for Pinkie Pie this year, after he took home his first $60,000 prize in March.

"Congrats to Pinkie Pie, returning to the fray with another beautiful piece of work!" Google Chrome engineer Jason Kersey wrote on the company's official blog on Wednesday, adding the team is "delighted at the success" of the hacker conference and looks forward to improving the browser based on new knowledge uncovered during the event.

Google engineer Chris Evans praised the teen's work, and said that Chrome was able to fix the bugs in less than 10 hours after they were discovered.

"We'd like to thank Pinkie Pie for his hard work," Evans wrote on the Chromium Blog on Wednesday, promising a more detailed look at the hack and Chrome's solutions once the issue has been resolved for  most users.

Though his identity has not been revealed to the public, Google officials have said they know who he is. His alias is the name of a popular "My Little Pony" character. 

Google regularly runs contests for hackers who can expose bugs in Chrome, in an effort to make the browser more secure.

In August, the company announced it would give up to $2 million in prizes to engineers who could find holes in their system, following a similar contest in February during which they offered up to $1 million in prizes.

The $60,000 that Pinkie Pie won is given out to those who can find a "Full Chrome exploit"--a flaw that exists exclusively in the Chrome browser.

Microsoft takes down Kelihos botnet

posted Sep 30, 2011, 7:29 AM by Phillip Armstrong   [ updated Sep 30, 2011, 7:32 AM ]

Kelihos, thought to have infected around 41,000 computers across the globe, is dealt with.
 

Microsoft has announced another success in its drive to take down botnets. The company used “legal and technical measures” in “Operation b67” as it was codenamed (hmm, snappy moniker – ed), to take down the Kelihos botnet. Kelihos is not as big as the Rustock botnet, but MS says that its takedown “represents a significant advance” in their fight. This is because it’s the first time that MS has “named a defendant in one of its civil cases involving a botnet”. This, they say, sends a “strong message” to botnet creators and controllers and should they attempt to rebuild the botnet then further action will always be taken.

The civil case alleges that Dominique Piatti and John Does owned a domain which they used to register subdomains in order to operate Kelihos. Whilst MS say that some were used for legitimate reasons, many were being used “for questionable purposes with links to a variety of disreputable online activities.” This includes one which hosted the scareware MacDefender, which infects Apple’s OS with rogue software. However, the main purpose of many of their subdomains was to control the botnet, which was used for a variety of purposes including spam, stealing information, stock scams and “websites promoting the sexual exploitation of children.” MS obtained a restraining order on September 22nd which allowed them to cut the connections between the botnet and the zombie computers it controlled.

They then served Piatti, who lives in the Czech Republic, with notice of the suit and are now attempting to locate the other John Does in order to serve them too. MS says that actually naming a defendant is a “big step forward” as it helps them to protect customers and the MS platform. It also goes some way to making domain providers aware that they should know more about their customers and their activities. They also hope that this will raise the cost of cybercrime to the criminal, making it harder for them to start up and operate, therefore reducing the problem.

MS also point out that more regulation is needed in the industry to ensure that domain owners can be held accountable if subdomains are being used for illegal purposes. Kelihos is thought to have infected around 41,000 computers across the globe, even though it is considered to be a relatively small botnet. MS says that it will work with ISPs and Community Emergency Response Teams (CERTs) to clean up computers which are infected with botnet malware.

They have already added the Win/32 Kelihos family to the latest release of the Malicious Software Removal Tool.

Courtesy of www.techwatch.co.uk

Interesting fact of the week

posted Sep 29, 2010, 11:16 AM by Tara Sharp

Origins of the Word "Phishing"

The word "phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined in the 1996 timeframe by hackers who were stealing America On-Line accounts by scamming passwords from unsuspecting AOL users. The first mention on the Internet of phishing is on the alt.2600 hacker newsgroup in January 1996, however the term may have been used even earlier in the printed edition of the hacker newsletter "2600".

"Ph" is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phreaking". Phreaking was coined by the first hacker, John Draper (aka. "Captain Crunch"). John invented "hacking" by creating the infamous Blue Box, a device that he used to hack telephone systems in the early 1970s.

This first form of hacking was known as "Phone Phreaking". The blue box emitted tones that allowed a user to control the phone switches, thereby making long distance calls for free, or billing calls to someone else's phone number, etc. This is in fact the origin of a lot of the "ph" spelling in many hacker pseudonyms and hacker organizations.

By 1996, hacked accounts were called "phish", and by 1997 phish were actually being traded between hackers as a form of currency. People would routinely trade 10 working AOL phish for a piece of hacking software that they needed.

Over the years, phishing attacks grew from simply stealing AOL dialup accounts into a more sinister criminal enterprise. Phishing attacks now target users of online banking, payment services such as PayPal, and online e-commerce sites. Phishing attacks are growing quickly in number and sophistication. In fact, since August 2003, most major banks in the USA, the UK and Australia have been hit with phishing attacks.

Spammers Target Facebook and Twitter

posted Jun 22, 2010, 7:05 AM by Ken Akers

Thanks to the TrendMicro Blog for this informative article about social networking sites and their dangers:
 

Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabsSM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter.

The mail, which poses as a Facebook notification message, uses adult-themed strings to lure users into opening the attachment. The .ZIP file attachment, Twitter.zip, contains the file twitter.html, which has an embedded malicious script that Trend Micro detects as JS_REDIR.AE.

Read more: http://blog.trendmicro.com/spammers-target-facebook-and-twitter-at-once/#ixzz0rahBsO7L



Read more: http://blog.trendmicro.com/spammers-target-facebook-and-twitter-at-once/#ixzz0rah3Cxdj

Some Good News on the Scareware Front

posted Jun 2, 2010, 5:17 AM by Ken Akers

Thanks to ComputerWorld online for this update.
 
IDG News Service - Three men are facing federal fraud charges for allegedly raking in more than US$100 million while running an illegal "scareware" business that tricked victims into installing bogus software.

Two of the men, Bjorn Sundin and Shaileshkumar Jain, operated an antivirus company called Innovative Marketing, which sold products such as WinFixer, Antivirus 2008, Malware Alarm and VirusRemover 2008. The third man charged, James Reno, ran Byte Hosting Internet Services, the company that operated Innovative Marketing's call centers.

The company's products generated so many consumer complaints that the FTC brought a civil action against Innovative Marketing and Byte Hosting in 2008, effectively putting them out of business.

On Wednesday, a grand jury in Chicago handed down the criminal charges, meaning the three men now face jail time if convicted.

Reno is expected to turn himself in for arraignment, the U.S. Department of Justice said in a press release Thursday. Authorities believe that Jain and Sundin are living in Ukraine and Sweden, respectively.

In a September 2009 e-mail to the IDG News Service, Reno said he was a young and naïve businessmen who was taken advantage of by Innovative Marketing. "I made some mistakes, of course," he said, "however they kept us in the dark on a lot of their operation."

According to prosecutors, Innovative Marketing set up fictitious advertising agencies that would buy online inventory from media companies, pretending to represent legitimate companies. They then pushed out ads with hidden computer code that generated scary-looking pop-up messages, designed to look like operating system errors or antivirus scans.

The end result was always the same. To get rid of the pop-up warnings, users would have to buy Innovative Marketing's worthless software, prosecutors allege.

Byte Hosting's call centers were then used to "deflect complaints from victims who purchased Innovative Marketing software products," the Department of Justice (DoJ) said.

The scheme convinced victims in more than 60 countries to buy more than 1 million bogus programs, the DoJ said.

1-10 of 26