Hackers on The Huffington Post

FacebookAgent: A Way To View Private Facebook Profiles Or Dangerous Malware?

2009-12-03T10:19:46Z

There's plenty of buzz lately about a tool called FacebookAgent, which supposedly allows users to view private Facebook profiles after a simple download.

But the FacebookAgent site seems sketchy and is likely worth avoiding.

A number of links on the site including "Learn about Facebook Agent" and "Try the latest BETA version" all lead to the same download page which automatically begins installing the software to your computer. Facebook Agent claims to offer a "fast start-up," "fast using" and a "special bonus" of using the tool at work.

The About page is also strange with a misspelled HTML title tag of "Privacy Poolicy Statement" and this seemingly critical clause:

All actions taken through and in this application are on full responsibility of the user. Facebook Agent is in no condition responsible of any harm, damage or violations done while using this application.

Some blogs have already weighed in on whether or not Facebookagent is truly malware, and one that says yes even provides screenshots of what happens to your comptuer after downloading - unwanted popups and strange computer activity.

The lack of news articles or write-ups from legitimate blog sites adds to the suspicion, and in all likelihood this is a site to avoid.

Malware Causing Windows 7's 'Black Screen Of Death', Microsoft Says

2009-12-02T08:49:06Z

Microsoft's been looking into the black screen of death reports that have popped up in wake of a recent Windows update, and is back with its findings: the darkened screens giving Windows users so much trouble? It's likely down to pesky malware, not Windows itself.

Jane Smiley: Stop The Injustice: Free Gary McKinnon

2009-11-28T08:41:29Z

If you read the Guardian, then you know already that the screaming injustice that is about to be perpetrated on Scottish computer hacker Gary McKinnon has taken another step toward the cruel and unusual. McKinnon is a 43-year-old man from North London who, in 2001 and 2002, hacked into US military computers, looking for evidence of visitors from other planets. He was extremely successful, not only because he was a smart guy, but also because, as he said in messages left on the victim computers, "Your security is crap." McKinnon, as one might assume of a guy who spends his time in his room looking for evidence of space aliens, has been diagnosed with Asperger's syndrome. He is terrified of coming to the US and being thrown into a high security American prison for sixty years. As well he should be. American officials have reassured his mother that he will be taken care of -- but hey, you know how reliable American officials are about taking care of the vulnerable, don't you? No wonder McKinnon is said to be suicidal.

But the mental illness does not belong to Gary McKinnon, it belongs to the US military, which has pursued McKinnon ruthlessly in order to punish and destroy him. They should have pursued him in order to hire him because, guess what? Their security was crap. He cost them $700,000! About one fifth the price of a nice apartment in Manhattan. Nothing! A day's pay for Blackwater! If they had hired McKinnon as a consultant, they might have learned something, and improved both their security and their international relations.

In Britain, the media dogs are barking because the English government has gone along with extraditing McKinnon like the sick puppies they are -- Iraq? Sure! You have no reason to invade? Well, make one up, we'll help ya! So even while the Iraq inquiry is going on, they are allowing the US to drag this guy kicking and screaming to the exact place where he most fears going.

You've got to ask yourself why the US thinks this is a big deal. It's because they don't care as much about security as they do about humiliation and embarrassment. Now that's what I call mental illness! We'll show this helpless little guy what the might of the US feels like! We can't win a war to save our lives, no matter how we try, but we sure can drive a guy with Asperger's to suicide. The US government from Obama on down should being falling over themselves to show this guy some mercy and put him on the payroll (he can work from home). But no. Why do people hate us? Well, take a look.

And do please sign the petition.

Dmitriy Guzner: Teen Sentenced In Scientology Cyber Attack

2009-11-18T16:08:35Z

NEWARK, N.J. — A New Jersey man will serve a 366-day federal prison term for conducting a cyber attack on Church of Scientology Web sites in January 2008.

At a hearing Wednesday in Newark 19-year-old Dmitriy Guzner (duh-MEET'-tree GOOZ'-nuhr) of Verona also was sentenced to two years' probation after his release from prison.

Cyber Attacks: 80 Percent Are Preventable, Senate Panel Told

2009-11-18T13:05:56Z

If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard Tuesday.

The remark was made by Richard Schaeffer, the NSA's information assurance director, who added that simply adhering to already known best practices would sufficiently raise the security bar so that attackers would have to take more risks to breach a network, "thereby raising [their] risk of detection."

Robert Siciliano: Why Is Child Pornography on Your PC?

2009-11-18T10:12:16Z

Anti-virus protection, critical security patches, and a secure wireless connection have always been essential processes on my networks. My main concern has always been to protect my bank account by keeping the bad guy out.

In my presentations, I've always stressed the importance of making sure your wireless connection is secured to prevent skeevy sex offender neighbors or wackos parked in front of your business from surfing for child porn and downloading it to your PC.

Once a predator uses your Internet connection to go to into the bowels of the web, your Internet Protocol address, which is connected to your ISP billing address, is now considered one that is owned by a criminal. If law enforcement happens to be chatting with that a person who is using your Internet connection to trade lurid child porn, then someone may eventually knock on your door at 3 AM with a battering ram. And in another freakish and relatively new twist, hackers can use a virus to crack your network and gain remote control access, and then store child porn on your hard drive.

An AP investigation found plenty of people who have been victimized in this way. Maybe their PCs were being used as a virtual server, or maybe they were being framed by someone with a vendetta against them, but either way, they had child pornography planted on their computers. Once that porn is discovered by a friend, family member, or computer technician, the victim is arrested.

This is the kind of "breach" that can cost you thousands in legal fees, your marriage, relationships, your job, and your standing in society. In one case, a virus changed the default home page on a man's PC, and his seven year old daughter discovered it. The guy was arrested and eventually lost custody of his daughter. And you think you've got problems.

When you click a link in an email or a pop up advertisement in your browser, you may inadvertently download one of these viruses, which can then visit child pornography websites and download files onto your hard drive.

It also important to point out that most criminal investigators will say that "a virus put the child porn on my PC" is a bunch of hooey and a common defense used by the presumed innocent until proven guilty. Simply don't give anyone a chance to doubt by doing the following:

Dont be a scumbag child pornographer. Where there's smoke there's usually fire.

Make sure your anti virus up to date and set to run automatically.

Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

Update your operating systems critical security patches automatically

Lock down your wireless internet connection with the WPA security protocol.

Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what's buzzing out there in regards to YOU. "Disclosures"

Robert Siciliano Identity Theft Speaker discussing viruses on Fox News.

Valerie Frankel: How Family Holidays Feed Body Image Anxiety

2009-11-17T15:13:07Z

In my family, we've had some dramatic Thanksgivings. The year Grandma got drunk, called us "selfish pigs," and then locked herself in her Caddie with a bottle of Scotch springs to mind. Even on the relatively calm holidays, however, drama ensued if only in my head. For most people, Thanksgiving is, literally and figuratively, the day to loosen your belt and relax. You spend time with your family and overeat wonderful food. For me, Thanksgiving was fraught with anxiety and dread.

See, I was the chubby kid in the house. My sister and brother were skinny, and encouraged to eat as much as they wanted. But my portions were skimpy. Like Phineas from Greek mythology, I could get close to the table laden with sumptuous food, but I was forbidden to indulge. My mom, a suburban New Jersey housewife, was obsessed with my extra pounds. When I turned eleven, she started the weekly weigh-ins, monitored my intake, yelling and screaming at me to exercise or eat less. Turkey Day was no exception. Every bite I took, her discouraging eyes were on me. Often, she'd corner me and whisper hotly in my ear that she knew I'd had three pigs-in-a-blanket and sneaked a spoonful of stuffing. Who did I think I was fooling, she asked, when I said I was going to the bathroom, but was really stealing into the kitchen for a sliver of pie?

You get the picture. Thanksgiving = guilt, shame, fear, self-loathing, resentment, anger--as well as torturous, unsatisfied hunger.

Mom hasn't dared make such comments to me since I was in high school. But the residue of feeling watched and judged stuck with me for decades. As a young adult, I would dread the holiday because I knew I couldn't enjoy it. The very smell of roast turkey brought on a flood of conflicted emotion. Some Thanksgivings, depending on my regime du jour--for age 11 to 41, I was either on a diet or planning the next--I'd show up at my parents' house with my own food in plastic bags. Or I'd bring a food scale. Or I would eat only the turkey meat, but not the sides. If the holiday fell during a between-diets period, I'd consciously rebel against my Mom's critical eye and my own desire to lose weight by gorging to the power of ten. I'd go turkey wild. The life of a chronic dieter is one of extremes. Either you are "on" a diet, or "off." When a chronic dieter goes "off," better put a lock on the fridge. Otherwise, I'll be empty by morning.

Since I painstakingly confronted my bad body image and the destructiveness of chronic dieting while writing my memoir, Thin Is the New Happy, I realized the extent dieting and hating my ten extra pounds had had on my life, relationships, daily existence. Once I stopped dieting--and, instead, ate when hungry, stopped when full--could I relax around food holidays. I had my first happy Thanksgiving at age 42. Finally free from obsessing about not eating, eating too much, what I could eat, whether I was being judged for eating, I had the mental space to focus on the people, the joyous collaborative cooking and cleaning, the lively conversations. It's sad, how many holidays I'd mentally absented myself from. I missed so much. Never again.

To all the women who are bracing themselves for holiday weight gain/seeing their critical mothers/breaking their diets this November 26th, I've got a little advice:

1. Anticipate a five pounds of gain. Accept it as the cost of having fun--no guilt, no shame--and then resume healthy eating and exercising afterward. That way, you won't spiral into an "off' period, when a five pound gain will turn into ten.
2. If she gives you the hairy eyeball, tell you mother to mind her own business, STFU, and BTFO. When I confronted my Mom, it was tense and painful, yes, but afterwards, it felt goooood to have expressed my long bottled up feelings. She's a grown woman. She can handle it. And so can you.
3. Instead of worrying about breaking a diet, try breaking up with dieting. Study after study proves that diets don't work/make you fat. Choose to let go of an unrealistic ideal, lift your eyes up from the scale, and look into the eyes of the people who love you exactly the way you are. Oh, and one more thing . . .
4. Life is short. Have pie.

Cyber Attacks Caused Brazil Power Outages

2009-11-07T12:51:56Z

(CBS) -- A series of power outages affecting millions of people in Brazil in 2005 and 2007 were the result of cyber attacks, "60 Minutes" has learned. The two-day event in Espirito Santo State affecting more than three million people in 2007 and another, smaller event in three cities north of Rio de Janeiro in January 2005 were perpetrated by hackers manipulating control systems.

James D. Zirin: Where Is Obama's Cyberczar?

2009-11-02T17:15:13Z

In May, President Barack Obama completed his long-awaited "cyberspace policy review," concluding that cyberspace is a strategic asset that must be safeguarded from attack as a national security priority. He recalled how hackers had gotten into his own campaign servers and worried that crucial infrastructure, public and private, was vulnerable to hackers, cyber terrorists and even other governments.

The president promised to appoint a permanent "cyber czar" who would coordinate the work of federal agencies charged with protecting us. But since "acting cyber-security czar" Melissa Hathaway resigned in August, the post has been unfilled.

Why? Part of the reason may be the nature of the job. The cyber czar would have to coordinate with agencies that engage in constant turf wars, including the CIA, FBI, Department of Defense, National Security Agency and others. That is a daunting task for an outsider -- even a "czar" appointed by the president who has not been confirmed by the Senate.

But the need is great. In August, Twitter was the victim of an attack emanating from Eastern Europe that took down the social network for most of a day. Facebook and LiveJournal were also affected. In 2007, Chinese hackers penetrated American electricity grids. About the same time, unidentified hackers broke into a Pentagon network and briefly brought it down. Defense Secretary Robert M. Gates has said government computers are "under attack all the time -- every day."

The weapons in the hackers' arsenal are easily obtained. International cyber arms dealers regularly sell "malware" and "botnet" programs through online auctions similar to priceline.com or eBay. Malware, in case you aren't a geek, is short for "malicious software," designed to do damage to a computer system. According to a Hoover Institution Policy Review released earlier this year, a botnet is a network of thousands of software robots that run autonomously on compromised, or "zombie," computers. These computers spawn malware under the command of a "bot herder," who can control the group remotely. Because effective cyber attacks involve not just one malicious computer but thousands of computers at a time, with new ones constantly joining the fray, cyber sallies are all the more difficult to deflect. We could not make this up

In the spring of 2007, after the government of Estonia moved a monument to the Red Army from the center of its capital to the outskirts of town, it became the victim of a monthlong cyber attack that the New York Times said "came close to shutting down the country's digital infrastructure." Through the use of botnets, your computer may have been used against Estonia without you even knowing it.

A significant issue is that the government uses the same networking, the same Internet protocols and the same operating systems as the private sector, making cyber security a universal problem as opposed to a governmental problem. Hackers may find a greater payload in targeting critical infrastructure such as power grids, financial or communication networks or air traffic control systems than in attacking the CIA or the Pentagon.

An attack by an adversary nation, much less a cyber extortionist or terrorist, is not so far-fetched. In March 2007, the Department of Energy's Idaho National Laboratory conducted an experiment to determine whether a power plant could be compromised by hacking alone. The researchers were able to cause a generator to shake, smoke and shut down with a few keystrokes. The same year, then-Deputy Undersecretary of Defense Richard P. Lawless told a House committee that ``Chinese capabilities in this area have evolved from defending networks from attack to offensive operations against adversary networks.

Strengthening our software systems will require a deft hand. Security technologist and author Bruce Schneier points out a problem he calls the "equities issue." The good guys and the bad guys all use Windows, Oracle, e-mail and Skype. If we alert the manufacturer and patch vulnerability in the system, are we making it tougher on ourselves when our own government wants to go after the bad guys?

So why hasn't the president appointed a new cyber czar to monitor and, if indicated, secure the electronic highway from attack? His staff said he is looking for just the right person, and that takes time. The problem is that we don't have much time.

James D. Zirin, a New York lawyer and member of the Council on Foreign Relations, co-hosts the cable talk show "Digital Age."

Original version published in the LA Times October 14, 2009

Cyberattacks Traced To North Korea

2009-10-30T08:00:48Z

SEOUL, South Korea — The North Korean government was the source of high-profile cyberattacks in July that caused Web outages in South Korea and the United States, news reports said Friday.

The IP address – the Web equivalent of a street address or phone number – that triggered the Web attacks was traced back to North Korea's Ministry of Post and Telecommunications, the chief of South Korean's main spy agency reportedly told lawmakers.

Chris Weigant: From The Pentagon To Monty Python: The Internet Turns 40

2009-10-28T19:58:37Z

Tomorrow is the internet's fortieth birthday. Its creators are even throwing it a birthday party at the University of California, Los Angeles, the origin of the first message ever transmitted over what we know today as "the internet," on October 29, 1969. If you're wondering what the first message ever transmitted was -- the digital age's "Come here, Watson," statement, as it were -- it consisted of two letters: "LO." It was actually supposed to be "LOG," as in "LOG IN," but the receiving computer crashed after receiving just the first two letters -- not a very auspicious beginning, it must be admitted. Still, for poetic reasons, "LO" seems pretty apt: "Lo! The Internet was created!"

The project, the first linkage of two computers over a distance, was paid for by the Pentagon. Specifically, the Defense Advanced Research Projects Agency, or DARPA. This was a Cold War agency created out of fear -- the fear that the Russians were ahead of us technologically. This fear was not unfounded at the time, since DARPA was a hasty response to the Russians launching the first man-made satellite, Sputnik, in 1957. Americans could tune in their ham radios to a little "beep...beep...beep..." signal that crossed over our skies, and thus know that the Russians had done something we hadn't managed to do yet -- which was not only downright ominous in those days, but also downright inconceivable to many Americans. This was the dawn of the "space race" between the two countries, which culminated with the landing on the moon in 1969 of two Americans. But it also culminated in the same year with what was then called ARPANET.

The internet's birth was in the depths of the Cold War, created for scientists to exchange some very hot data -- the design and testing of nuclear weapons, for instance. Its transformation from its militaristic beginnings to where it stands now should be seen as the greatest "swords into plowshares" story in the history of mankind. Because today, while its origins are at best dimly remembered, what it has morphed into has gone far, far beyond the original intent -- and changed our planet and our way of life as a result.

Technology has grown by such leaps and bounds since 1969 that it's hard to conceive how things were before we all had access to computers. The 1970s saw the dawn of the "personal computer" -- a phrase unthinkable a mere decade earlier, when computers had shrunk from boxcar-sized to merely pickup-truck-sized... but were not expected to shrink much more. But the rapid progress of the microchip ushered in a revolution in such shrinkage. The first small computers were merely hobbyist machines for scientists and tinkerers, but Steve Jobs and Steve Wozniak saw their true potential, and changed the world with the introduction of what became the Apple II. IBM, while much slower to accept such a radical idea, eventually introduced its own version, the "PC," or "Personal Computer." Since then, computers have gotten faster and data storage has gotten much, much better, so that today the machine you are likely reading this on is more powerful than the machines they were designing nuclear weapons on back in 1969. Indeed, the computer in your cell phone may even be more powerful.

The concept of linking computers together grew by leaps and bounds as well. In 1983, DARPA in essence split the net into two parts, the military component (renamed MILNET), and what became the commercial, public internet. Also at this time, TCP/IP protocols were introduced, which also fed the eventual explosive growth. The non-military net was also at this time opened up to much wider use within the universities where it had originated.

Networking was fast growing in the early 1980s on two other fronts -- the Local Area Network (LAN) and the first subscription service for online access. It was the era of TokenRing, Ethernet, and AppleTalk; of AOL and CompuServe. It may stun younger users today, but back then people paid ten bucks per hour to access online services -- which were laughably crude by today's standards. Heavy online users would often pay hundreds of dollars a month to access text-only, non-web data over their phone lines.

It was also the era of the beginnings of information overload. This led to the introduction of "bulletin boards" and automated file searching. The real beginnings of what we call "the internet" today were a message-posting area of the net called UseNet; and the beginnings of the Google-type search engine were the humble "gopher" software of the time.

But the real explosion came about in the early 1990s, with two cornerstone events -- opening up the internet to commerce, and the introduction of the World Wide Web. The internet, now being called "the Internet" (previously the term had not been used -- the inventor of the concept, in an early-1960s paper, called his dream an "Intergalactic Computer Network," which I always thought sounded way, way cooler...) was about to grow beyond all conception.

The World Wide Web, still known to us today in that "www" prefix in web addresses, was dreamed up a Swiss laboratory for (once again) nuclear research -- the Conseil Européen pour la Recherche Nucléaire, or CERN. For the second time, nuclear researchers came up with an idea which quickly outgrew its original scientific data-sharing purposes. The combination of hypertext (clickable links) and a common file format which included graphics (the HyperText Markup Language, or HTML) were soon exploited by the world's first truly effective graphic "browser," Mosaic. From Mosaic, Netscape was born, and the rest is history.

Of course it hasn't all been wine and roses along the way. The internet (the term is now used increasingly without benefit of capitalization, a mark of how common an idea it has become) also gave birth to online fraud and other forms of online crime. Back when the internet originated, the Pentagon was interested in its advanced researchers having the ability to easily talk to each other, to better share information. This information had a goal -- to always always stay one step ahead of our foes. At the time, this was mainly the Soviet Union and, to a lesser extent, China. These days, some of the most prevalent data attacks come from malware (Trojan horses, DDoS attacks, viruses, worms, botnets, and all the rest) which originate all over the world, with an unhealthy portion coming from (you guessed it) Russia and China. Which brings us, in a way, full circle.

But for many of us, the internet will serve one very important function far, far into the future. I speak of the immortalization in digital history of Monty Python's Flying Circus. When contemporaneous comedy troupes will long have been forgotten, centuries hence, Monty Python will still live on in its anti-paean to a Hormel meats product -- the lowly "spiced ham" in a can known as Spam.

Spam was widely consumed in Britain during World War II, due to it not being rationed as most meats were at the time (which alone says something). Spam became prevalent as a civilian wartime staple as a result. Which explains the origins of the Monty Python sketch, where a man and a woman argue over a cafe's breakfast selections which seem to contain far too much spam for the woman's liking (example from the menu: "Spam, egg, Spam, Spam, bacon, and Spam"). The idea that spam is prevalent and unwanted was first applied in the infancy of online gaming, and in the early 1990s was used specifically to describe an unwanted email solicitation for money. Knowing the makeup of online gamers back then, it's easy to see that a Monty Python reference would have caught on quickly, as one thing all geeks unanimously agree upon (both back then and today) is the sheer awesomeness of Monty Python. Because the term spam is now so universally accepted to describe unwanted email (even Hormel has largely given up on trying to stamp such usage out), it follows that the story of its origins -- complete with the original Monty Python "Spam sketch" -- will live forever in the digital world. For which we have the Pentagon to thank.

But in any case, tomorrow when you're reading your email, or deleting spam (90 percent of all email is now spam; an astounding figure, when you think about it), or browsing the web, or checking stock quotes, or doing your banking online, or reading an online news article, or writing a blog post, or researching a topic, or using a search engine, or playing an online game, or playing online poker for money, or even just looking at some porn -- take a moment to stop and raise your glass in a toast. Because the internet you are using to do all of these things is having a birthday, and it's the big four-oh.

Meaning we should all mark the occasion with a hearty: "Happy 40th birthday, internet!"

[Historical Note: For those interested, the very first "web page" is still available online, just to show how far we've come in less than two decades. It's pretty basic by today's standards, but the concept of "links" was brand new back then, keep in mind.]

Chris Weigant blogs at: ChrisWeigant.com

Yahoo: Lap Dancers Star At Company's Hacker Event In Taiwan

2009-10-20T08:07:49Z

One word: Shameful.

So, no surprise that Yahoo (YHOO), which is trying mightily to burnish its image worldwide, quickly apologized for the presence of women lap dancers onstage at its Open Hack Day in Taiwan last weekend.

FBI Busts Cybercrime Ring: Dozens Arrested For Identity Theft Scheme

2009-10-07T12:45:00Z

LOS ANGELES — Authorities said Wednesday they have arrested 33 people in breaking up a crime ring in the U.S. and Egypt in which an elaborate "phishing" scam bilked bank customers out of at least $1 million.

Federal authorities said a total of 53 people were named in an indictment, while authorities in Egypt have charged 47 others in connection with the scheme. The 33 arrests so far in the U.S. were mostly in Southern California but also in Nevada and North Carolina.

Most Common Email Password Revealed

2009-10-07T08:47:06Z

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that "123456" was the most commonly used password, appearing 64 times.

Robert Siciliano: Obama: Cybersecurity Starts at Home

2009-10-06T00:15:30Z

Whether you realize it or not one of the biggest threats to your personal security is your computer. And the Obama administration is bringing to light the fact that they believe, and you should too, that one of the biggest security threats to national security is also your computer.

The message is "Think before you click. Know who's on the other side of that instant message. What you say or do in cyberspace stays in cyberspace -- for many to see, steal and use against you or your government."

The Internet, and the power it has in contrast to the security it doesn't, is incredible. We have never seen something so powerful bring people together, educating, informing and making life easier but it's also used to hurt, scam and debilitate in so many ways.

As reported in the Associated Press, the Pentagon's computer systems are probed 360 million times a day, and one prominent power company has acknowledged that its networks see up to 70,000 scans a day.

Utilities, banks, retailers and just about every computer network are faced with attacks each day. Many of these hacks are insignificant. However many are with intent to commit crimes such as espionage, stealing financial data or destroying information.

The criminal hackers could be cyber terrorists trying to destroy the U.S. or its economy, malfeasance simply trying to wreak havoc for the sake of it, or opportunists looking to make a profit.

The US is a prime target for many reasons. The most obvious is we've made mistakes that have many in the world hating us. Then there is our financial system that's wide open and lends credit to anyone with a Social Security number instantly checking and approving credit. And of course credit card security is an oxymoron because anyone any time can use anyone's credit card present or non present. We have a bull's-eye on us and we put it there.

A growing concern is "Weapons of Mass Disruption." The US and many other countries are electrically/digitally dependent. Our critical infrastructures including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. No electricity, no computers, no gasoline, no refrigeration, no clean water. After a major successful attack we'd be back to the dark ages instantly. Think about when the power goes out in your house for a few hours. We're stymied.

The Pentagon and the Department of Homeland Security, are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Those steps include:

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.

And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

Hotmail Passwords: Thousands Leaked, Could Be Part Of Bigger Hacker Haul

2009-10-05T14:16:33Z

In all, there were 10,028 pairs of user names and passwords posted to multiple pages of public upload website Pastebin.com, some of which remained live at time of writing. The stash is likely only a small sample of a much larger haul, since the alphabetical list begins with the user name ararat973@hoymail.com and concludes with blando2713@hotmail.com.

Robert Siciliano: 8 Ways to Prevent Business Social Media Identity Theft

2009-10-03T17:18:30Z

There are hundreds, or maybe even thousands of social media sites worldwide such as Facebook, MySpace, Twitter, and YouTube. Social media networks are quickly becoming the bane of the IT Manager. Twitter phishing and Facebook jacking are growing rapidly.

Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has increasingly become a big target for attacks. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.

Computerworld reports that "Twitter is dead." Twitter is dead because it is now so popular that the spammers and the scammers have arrived in force, and history tells us that once they sink their teeth into something, they do not let go. Ever.

Implement policies: Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network.

Teach effective use: Provide training on proper use and especially what not do to.

Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Limit social networks: In my own research I've found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are less than appropriate and others even less secure.

Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.

Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Prevent social media identity theft: Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

Russian Hackers: Cybergangs Infect "More And More" Computers

2009-09-25T14:53:58Z

Russian cybergangs have established a robust system for promoting Web sites that sell fake antivirus software, pharmaceuticals and counterfeit luxury products, according to a new report from security vendor Sophos.

Robert Siciliano: Criminal Hackers, Carders, Dumps, and Identity Theft

2009-09-23T16:15:31Z

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided "dumps," a term which refers to stolen credit card data, to "carders." "Carders" are the people who buy, sell, and trade stolen credit card data online. This video provides an example of an online forum where stolen data is bought and sold. Gonzalez pleaded guilty to his crimes and will be serving the next fifteen years in jail. He and his gang used a combination of schemes that have caused a significant increase in counterfeit fraud.

Hackers rely on a variety of techniques to obtain credit card data. One such technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. Phexting or smishing are similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims' PCs. Others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data. Banks should step up to the plate and solve skimming by implementing the ADT Anti-Skim ATM Security Solution, which eliminates skimming on all major ATM makes and models.

Gonzalez and his gang used another, more advanced technique known as an "SQL injection." SQL stands for "Structured Query Language." The term refers to a virus that infects an application by exploiting a security vulnerability. WordPress, a blogging platform, is an example of a commonly used application that has been found vulnerable to these types of attacks. There are hundreds of other applications that can fall victim to an SQL injection.

IBM Internet Security Systems discovered 50% more web pages infected in the last quarter of 2008 than in the entire year of 2007. In 2005, a now defunct third party payment processor called CardSystems suffered an SQL injection, compromising a reported 40 million credit cards.

While Gonzalez has gone down, carders are still very active. A group of white hat hackers that calls itself War Against Cyber Crime recently succeeded in breaking into Pakbugs.com, a Pakistan-based carder forum, and published a list of members' login details and email addresses. Pakbugs.com has since dropped offline.

With 213 million cardholders and 1.2 billion credit cards in the U.S., there's no shortage of opportunity for carders to maintain their current pace. When a carder uses one of your existing credit cards, it's called "account takeover." When they use your personal information to open up new credit accounts in your name, it's called "new account fraud" or "application fraud."

1. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I'm traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won't shut down my card while I'm on the road.

2. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

3. Invest in Intelius Identity Protection and Prevention. Because when all else fails you'll have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

Vinton G. Cerf: Web of the Future: Building a Faster, More Secure and Egalitarian Internet

2009-09-21T10:00:00Z

The origins of the Internet reach back to the 1960s, when exploration of a technology called "packet switching" was pursued by several innovative thinkers. This area of research got a major boost when the US Defense Advanced Projects Agency (DARPA) invested in the development of the ARPANET. This successful experiment in computer resource sharing led directly to the development of radio- and satellite-based systems and to their integration with the ARPANET into what we now call the Internet. Skipping over 40 years of development and inventions (including Tim Berners-Lee's World Wide Web), the Internet has become a global infrastructure for the support of commerce, social interaction, research and governmental services. An estimated 1.6 billion people use the Internet and probably twice that many may be advantaged indirectly by its services. In addition, there are over 4 billion mobiles in use today, of which an estimated 15 to 20 percent have access to Internet-based services. This trend appears to be continuing and highlights the increasing importance of improving the reliability and security of the Internet's infrastructure.

Written large, this means more than securing the underlying network technology (routers, domain name servers, resolvers, network transmission facilities). The prevalence of e-mail spam, denial of service attacks, viruses and worms are in large measure attributable to weaknesses in browser and operating system software. Overly permissive in their ingestion and execution of web pages, many personal computers and laptops have become infected with viruses and worms that allow these resources to be controlled by so-called "botnet generals" who rent these botnet armies out for a variety of nefarious purposes. We need browsers with better ability to resist infections and operating systems that confine browsers to only those resources needed to function properly. The movement toward "cloud computing" introduces strong motivation for these mechanisms.

It seems clear that a resource that is becoming as important as water, power and highways must be made more resistant to the depredations of malware makers. This is not merely a technical matter. Abuses of the Internet occur daily and frequently on an international basis. In consequence of the supra-national nature of the Internet, law enforcement is challenged by the lack of common international agreements as to what constitutes abuse and what international actions can be reliably expected upon identification of a perpetrator. We can anticipate the need for a kind of International Law of the Net in the future. Such concepts can also provide better support for international and domestic electronic commerce.

Of late, there has been considerable attention paid to the notion of accountability in cyber-space. For some, this means requiring that any user be absolutely identifiable before he or she can make use of this global resource. There are reasonable arguments for and against such a requirement, but it seems useful to have available the means to strongly authenticate one's identity when the need arises. Anonymity or pseudonymity can play an important role especially in "whistle-blowing" situations but equally important is the ability to strongly identify oneself when conducting electronic transactions that are intended to have contractual and legal weight. Digital signatures mean little unless the parties are strongly identifiable.

These thoughts suggest that it is timely to explore ways of improving the security and resilience of the Internet and providing strong means for authentication of its various components and users. Efforts along these lines are already under way for the Domain Name system (using digital signatures to validate the Internet addresses associated with them) and to validate the assignment of Internet addresses to users. Similar methods can secure the confidentiality and integrity of all communication on the Internet. While we are considering avenues for improving the Internet we must also consider improving access to it for all users. Increased availability of broadband access will open new opportunities to applications that need low latency or high capacity to move data around. The open nature of the Internet has served to stimulate innovative uses of the Internet and it seems vital to preserve this aspect of the Internet's services. FCC Chairman Julius Genachowski's leadership in this direction serves the interests of all Internet providers and users and deserves support as a key milestone in the evolution of Internet policy in the U.S.

With over 75 percent of the world's population not yet online, we have much work to do to secure the benefits of the Internet's information sharing capacity for ourselves and future generations.

Robert Siciliano: Couple's Online Bank Account Hacked, Leading to Identity Theft

2009-09-15T18:50:00Z

In 2007, a U.S. couple fell victim to identity theft when a criminal accessed their online bank account and stole $26,500 from a home equity credit line. The money was transferred to an Austrian bank that refused to return the funds to Citizens Financial Bank. So Citizens Financial informed the couple that they were liable for the loss. When the couple refused to pay, the bank notified the credit bureaus that their account was delinquent and threatened to foreclose on their home. So the couple sued the bank, claiming violations of the Electronic Funds Transfer Act and the Fair Credit Reporting Act, as well as accusing the bank of negligence.

Who should be held responsible? Well, the jury's out. Literally.

Did the couple accidentally give their data to a phisher? Were they dumb, or was it just bad luck? Was their Internet security software up to date? Does that matter? Should the bank activate their zero liability policies and simply chalk it up to a loss? I'm a big believer in personal responsibility. However, if the bank offered a system that can be easily defeated then maybe they should take some responsibility.

White hat hackers are struggling to stay one step ahead of the criminals. There are more ways to compromise data today than ever before. Viruses quadrupled in one year, from just over 15,000 in 2007 to nearly 60,000 in 2008. Black hat hackers are out in full force.

In 2000, the white hats were supposedly about a year ahead of the black hats in technology, meaning that it should take about a year for the black hats to hack the white hats. Other research shows that by 2004, the black hats were about two weeks behind the white hats. And now here we are in 2009. In many cases, the black hats are years ahead of the white hats. The good guys are losing.

Many new viruses may already be on your hard drive, dormant, waiting for a signal to activate. They may be Trojans, waiting to strike when you log on to your online bank account.

We tend to have numerous viruses in our own bodies, which take control once our immune system is weak, or when they come into contact with one another. Similarly, your PC may have viruses lurking within. It's easy for a PC to catch a virus when we simply visit a website, click on a link or download a program that we believe to be safe.

The technology of the criminal hacker has evolved, and is continuing to evolve faster than that of the white hats. This means you have to be on your game. Stay informed, and don't let your guard down.

1. Get a credit freeze. Go online now and search "credit freeze" or "security freeze" and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what's buzzing out there in regards to YOU.

3. Make sure your McAfee anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano, Identity Theft Speaker, discussing online banking insecurity.

New York Times Malware: Bad Ad On NYTimes.com

2009-09-13T16:39:45Z

Here's a front page story the New York Times (NYT) would rather not be running: The paper is warning readers to be aware of bogus ads running on its Web site.

The paper says "some readers" have seen unauthorized pop-up ads promoting antivirus software on NYTimes.com, and warns visitors who see the ad not to click on it but to restart their browsers instead.

Email Passwords Easy Prey For Hackers

2009-09-07T11:36:54Z

There's not much authorities can do to prevent hackers from determining computer users' e-mail passwords, U.S. experts say.