Switzerland Keeping the Secrets of Alleged Tax Evaders
The Swiss Bank UBS in the Bahnhofstrasse in Zurich
"Hey Alice, look at the pics I took of us last weekend at the picnic. Bob"
That Facebook message, sent last fall between co-workers at a large U.S. financial firm, rang true enough. Alice had, in fact, attended a picnic with Bob, who mentioned the outing on his Facebook profile page.
So Alice clicked on the accompanying Web link, expecting to see Bob's photos. But the message had come from thieves who had hijacked Bob's Facebook account. And the link carried an infection. With a click of her mouse, Alice let the attackers usurp control of her Facebook account and company laptop. Later, they used Alice's company logon to slip deep inside the financial firm's network, where they roamed for weeks. They had managed to grab control of two servers, and were probing deeper, when they were detected.
Intrusions like this one — investigated by network infrastructure provider Terremark — can expose a company to theft of its most sensitive data. Such attacks illustrate a dramatic shift underway in the Internet underground. Cybercriminals are moving aggressively to take advantage of an unanticipated chink in corporate defenses: the use of social networks in workplace settings. They are taking tricks honed in the spamming world and adapting them to what's driving the growth of social networks: speed and openness of individuals communicating on the Internet.
"Social networks provide a rich repository of information cybercriminals can use to refine their phishing attacks," says Chris Day, Terremark's chief security architect.
This shift is gathering steam, tech security analysts say. One sign: The volume of spam and phishing scams — like the "LOL is this you?" viral messages sweeping through Twitter— more than doubled in the fourth quarter of 2009 compared with the same period in 2008, according to IBM's X-Force security research team. Such "phishing" lures — designed to trick you into clicking on an infectious Web link — are flooding e-mail inboxes, as well as social-network messages and postings, at unprecedented levels.
An infected PC, referred to as a "bot," gets slotted into a network of thousands of other bots. These "botnets" then are directed to execute all forms of cybercrime, from petty scams to cyberespionage. On Tuesday, authorities in Spain announced the breakup of a massive botnet, called Mariposa, comprising more than 12 million infected PCs in 190 countries.
Three Spanish citizens with no prior criminal records were arrested. Panda Security, of Bilbao, Spain, helped track down the alleged ringleader, who authorities say has been spreading infected links for about a year, mainly via Microsoft's free MSN instant messenger service.
"It became too big and too noticeable," says Pedro Bustamante, senior researcher at Panda Security. "They would have been smarter to stay under the radar."
What happened to Bob and Alice, the picnickers at the financial firm, illustrates how social networks help facilitate targeted attacks. As a rule, tech-security firms investigate breaches under non-disclosure agreements. Honoring such a policy, Terremark used pseudonyms for the affected employees in supplying USA TODAY with details of what happened at the financial institution.
Investigators increasingly find large botnets running inside corporate networks, where they can be particularly difficult to root out or disable. "Social networks represent a vehicle to distribute malicious programs in ways that are not easily blocked," says Tom Cross, IBM X-Force Manager.
Koobface gold mine
The attacks run the gamut. In just four weeks earlier this year, one band of low-level cyberthieves, known in security circles as the Kneber gang, pilfered 68,000 account logons from 2,411 companies, including user names and passwords for 3,644 Facebook accounts. Active since late 2008, the Kneber gang has probably cracked into "a much higher number" of companies, says Tim Belcher, CTO of security firm NetWitness, which rooted out one of the gang's storage computers.
"Every network we see today has a significant problem with some form of organized threat," Belcher says. The Kneber gang "happened to focus on collecting as many network-access credentials as possible."
Stolen credentials flow into eBay-like hacking forums where a batch of 1,000 Facebook user name and password pairs, guaranteed valid, sells for $75 to $200, depending on the number of friends tied to the accounts, says Sean-Paul Correll, researcher at Panda Security. From each account, cyberscammers can scoop up e-mail addresses, contact lists, birth dates, hometowns, mothers' maiden names, photos and recent gossip — all useful for targeting specific victims and turning his or her PC into an obedient bot, Correll says.
On the high end, the Koobface worm, initially set loose 19 months ago, continues to increase in sophistication as it spreads through Facebook, Twitter, MySpace and other social networks. At its peak last August, more than 1 million Koobface-infected PCs inside North American companies were taking instructions from criminal controllers to carry out typical botnet criminal activities, says Gunter Ollmann, vice president of research at security firm Damballa.
In another measure of Koobface's ubiquity, Kaspersky Labs estimates that there are 500,000 Koobface-controlled PCs active on the Internet on an average day, 40% of which are in the U.S., 15% in Germany and the rest scattered through 31 other nations. "The personal information employees post day-by-day on Facebook is turning out to be a real gold mine," says Stefan Tanase, a Kaspersky Lab senior researcher.
Facebook, the dominant social network, with 400 million members and therefore the biggest target, says recent partnerships with Microsoft and security firm McAfee to filter malicious programs help keep compromised accounts to a small percentage. "We are constantly working to improve complex systems that quickly detect and block suspicious activity, delete malicious links and help people restore access to their accounts," says spokesman Simon Axten.
Still, social networks have grown popular because they foster open communication among friends and acquaintances, which plays into the bad guys' hands, says Eva Chen, CEO of anti-virus firm Trend Micro.
"These new communication platforms are where people go, so that's where the hackers are going," Chen says.
Meanwhile, discussions about restricting workplace use of social networks and training employees to be more circumspect are just beginning to percolate at venues like the big tech security trade show here this week sponsored by RSA, the security division of EMC. "Most larger businesses simply ask employees to watch their time spent on social-networking sites," Ollmann says.
A noisy attack
Each infected PC in a corporate network represents a potential path to valuable intellectual property, such as customer lists, patents or strategic documents. That's what the attackers who breached Google and 30 other tech, media, defense and financial companies in January were after. Those attacks — referred to in security circles as Operation Aurora — very likely were initiated by faked friendly messages sent to specific senior employees at the targeted companies, says George Kurtz, McAfee's chief technology officer.
The attack on the picnicking co-workers at the financial firm illustrates how targeted attacks work. Last fall, attackers somehow got access to Bob's Facebook account, logged into it, grabbed his contact list of 50 to 60 friends and began manually reviewing messages and postings on his profile page. Noting discussions about a recent picnic, the attackers next sent individual messages, purporting to carry a link to picnic photos, to about a dozen of Bob's closest Facebook friends, including Alice. The link in each message led to a malicious executable file, a small computer program.
Upon clicking on the bad file, Alice unknowingly downloaded a rudimentary keystroke logger, a program designed to save everything she typed at her keyboard and, once an hour, send a text file of her keystrokes to a free Gmail account controlled by the attacker. The keystroke logger was of a type that is widely available for free on the Internet.
The attackers reviewed the hourly keystroke reports from Alice's laptop and took note when she logged into a virtual private network account to access her company's network. With her username and password, the attackers logged on to the financial firm's network and roamed around it for two weeks.
First they ran a program, called a port scan, to map out key network connection points. Next they systematically scanned all of the company's computer servers looking for any that were not current on Windows security patches. Companies often leave servers unpatched, relying on perimeter firewalls to keep intruders at bay. The attackers eventually found a vulnerable server, and breached it, gaining a foothold to go deeper.
A short time later, the attackers were discovered and cut off. One of Bob's Facebook friends mentioned to Bob that the picnic photos he had sent had failed to render. That raised suspicions. A technician took a closer look at daily logs of data traffic on the company's network and spotted the vulnerability scans.
Terremark's Day says two or three collaborators, each with different skill sets, most likely worked together to pull off the attack. "They were noisy about how they went about this," Day says. "Had they been quieter they would've gotten much further."
| USER SAFETY TIPS | |
 |
|
|
Twitter and Facebook offer similar advice for dealing with bad links and compromised social-networking accounts. Twitter warns: If you receive a message with a phrase like "This you??" or "LOL is this you" followed by a link, do not click through; there's a phishing site on the other side. Suspicious links can show up in spam messages or via faked status updates. What to do if you've been hit:  Run anti-virus software, and be sure to use the most current version of your Web browser, which contains the most up-to-date protection features. Reset your password. Never click suspicious links, even if they appear to come from a friend. Do not run any ".exe" files on your computer without knowing what they are.For more information: help.twitter.com; www.facebook.com/help. Or try www.antiphishing.org/consumer_recs.html and onguardonline.gov/phishing.html.
|
It's fun to brag when you're at a great bar or going off on vacation. Social networking sites and location-based apps have made it easy to broadcast that kind of information to your friends. The problem is that you may not just be making your friends jealous, but supplying criminals with useful information as well.
A new Web site called PleaseRobMe.com has drawn attention to the issue by repurposing posts from foursquare, a social networking site that lets people share the latest about their whereabouts. PleaseRobMe demonstrates that it's easy for anyone to find out you're not at home — and therefore, are presenting an "opportunity" for burglary.
"There are physical and economic safety risks when you're publicizing to the world where you are," says Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation. "It's obviously a treasure trove of information for criminals. PleaseRobMe is a good demonstration of how easy it is."
In a post on its Web site, foursquare notes that access to user information is limited to select universes of friends, but cautions users from pushing their status updates on more easily searchable sites, such as Twitter.
"We definitely 'get' the larger issue here — location is sensitive data and people should be careful about with whom and when they share it," writes "team foursquare."
That really is the larger issue, privacy experts say. There's no evidence that many criminals are using the Internet to pick out robbery locations, but it's likely to be a growing problem.
"We are seeing issues arising from Web sites, not only with reference to criminal acts against property, but also [gathering] intelligence about people," says an official with the California attorney general's office.
And most people are not thinking about how readily accessible to criminals their personal information is on the Internet.
"What seems like an innocent pass-off of information to a small number of friends can be useful for bad guys to exploit," says Lee Rainie, director of the Pew Internet & American Life Project."
Last year, a "bling ring" of four teenage girls and a man were arrested for allegedly carrying out a string of burglaries targeting celebrities including Lindsay Lohan and Orlando Bloom. They were accused of using Internet mapping and gossip sites to case the stars' homes.
These days, you don't have to be a celebrity for criminals to connect the dots about your location. Posts and pictures give away all the information criminals need for learning when you're on vacation, whether you have a big dog and whether you own cars or flat-screen TVs worth stealing, says Nick Newman, a computer crimes specialist with the National White Collar Crime Center.
Rainie calls it the 21st-century equivalent of reading the obituaries. Burglars have been known to read obits to find out when funerals are taking place, knowing that the homes of loved ones are left unoccupied and unprotected.
That kind of thing still happens, but technology has made the job a lot easier. "Like any useful tool, the bad ends to which it could be put is limited only by the human imagination," Bankston says.
"People should think very carefully before they broadcast personal information to the world, because they don't know who is on the other end of that line."
Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.
The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.
Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.
Spanish authorities have planned a news conference for Wednesday in Madrid.
The arrests are significant because the masterminds behind the biggest botnets aren't often taken down. And the story of investigators' hunt for them offers a rare glimpse at the tactics used to trace the origin of computer crimes.
Also, the suspects go against the stereotype of genius programmers often associated with cyber crime. The suspects weren't brilliant hackers but had underworld contacts who helped them build and operate the botnet, Cesar Lorenza, a captain with Spain's Guardia Civil, which is investigating the case, told The Associated Press.
Investigators were examining bank records and seized computers to determine how much money the criminals made.
"They're not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits — the most frightening thing is they are normal people who are earning a lot of money with cybercrime," Lorenza said.
The three suspects were described as Spanish citizens with no criminal records. They weren't named and their mug shots weren't released, which Lorenza said is standard in Spain to protect the privacy of defendants. They face up to six years in prison if convicted of hacking charges.
Authorities identified them by their Internet handles and their ages: "netkairo," 31; "jonyloleante," 30; and "ostiator," 25.
Botnets are networks of infected PCs that have been hijacked from their owners, often without their knowledge, and put into the control of criminals. Linked together, the machines supply an enormous amount of computing power to spammers, identity thieves, and Internet attackers.
The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.
The researchers that helped take down Mariposa first started looking at it in the spring of 2009.
Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks.
It wasn't until several months later that he realized the infections were part of something much bigger.
After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain.
The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.
Critically, one suspect also made direct connections from his own computer to try and reclaim control of his botnet after authorities took it down around Christmas. Investigators were able to identify him based on that traffic. They were able to back up their claims with records from domains he registered where he would eventually host malicious content.
It turned out that the botnet runners had infected computers by instant-messaging malicious links to contacts on infected computers. They also got viruses onto removable thumb drives and through peer-to-peer networks. The program used to create the botnet was known as Mariposa, from the Spanish word for "butterfly."
"I don't think there's anything about this guy that makes him smarter than any of the other botnet guys, but the (Mariposa) software, it's very professional, it's very effective," said Pedro Bustamante, senior research adviser with Panda Security. "It came alive and started spreading and it got bigger than him."
While arrests of people accused of running smaller botnets are fairly common, the biggest botnet leaders are rarely nabbed. That's partly because it's easy for criminals to hide their identities by disguising the source of their Internet traffic. Often, every computing resource they use is stolen.
For instance, there have been no busts yet in the spread of the Conficker worm, which infected 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and caused widespread fear that it could be used as a kind of Internet super weapon. The Conficker botnet is still active, but is closely watched by security researchers. The infected computers have so far been used to make money in ordinary ways, pumping out spam and spreading fake antivirus software.
An Italian court convicted three Google executives of privacy violations Wednesday because they did not act quickly enough to remove an online video that showed sadistic teen bullies pummeling and mocking an autistic boy.
The case was being closely watched around the world due to its implications for Internet freedom.
In the first such criminal trial of its kind, Judge Oscar Magi sentenced the three in absentia to a six-month suspended sentence and absolved them of defamation charges. A fourth defendant, charged only with defamation, was acquitted.
Google called the decision "astonishing."
"We will appeal this astonishing decision," Google spokesman Bill Echikson said at the courthouse. "We are deeply troubled by this decision. It attacks the principles of freedom on which the Internet was built."
Those convicted were Google's global privacy counsel Peter Fleischer, its senior vice president and chief legal officer David Drummond and retired chief financial officer George Reyes. Senior product marketing manager Arvind Desikan, based in London, was acquitted. All four had denied wrongdoing.
"The judge has decided I'm primarily responsible for the actions of some teenagers who uploaded a reprehensible video to Google video," Fleischer, who is based in Paris, said in a statement.
He noted with irony that he was convicted for privacy violations despite devoting his career to "preserving and protecting personal privacy rights."
Drummond said he was "outraged" that he was found criminally responsible for the video, noting that both European Union and Italian law recognized that Internet service providers like Google are not required to monitor content that they host.
"This verdict sets a dangerous precedent," Drummond said in a statement. "(It also) imperils the powerful tool that an open and free Internet has become for social advocacy and change."
In the United States, the Communications Decency Act of 1996 generally gives Internet service providers immunity in cases like this, but no such protections exist in Europe.
The verdict could help define whether the Internet in Italy - and perhaps beyond - is an open, self-regulating platform or if content must be better monitored for abusive material. It comes as Google already is facing regulatory challenges in Italy, where a draft bill would require Internet sites to control content the same way television stations do. Google has lobbied for changes to the bill.
Google, based in Mountain View, California, had called the trial a threat to freedom on the Internet because it could force providers to attempt an impossible task - prescreening the thousands of hours of footage uploaded every day onto sites like YouTube.
Prosecutors had insisted the case wasn't about censorship but about balancing the freedom of expression with the rights of an individual.
Prosecutor Alfredo Robledo said he was satisfied with the decision because it upheld the principal of privacy and put the rights of the individual ahead of those of a business. It could force Google, and any other hosting platform, to better monitor its video, he added.
"This is the big principal affirmed by this verdict," Robledo said. "It is fundamental, because identity is a primary good. If we give that up, anything can happen and that is not OK."
The charges were sought by Vivi Down, an advocacy group for people with Down syndrome, even though the boy does not have the syndrome. The group alerted prosecutors to the 2006 video showing an autistic student in Turin being pushed, pummeled with items, and insulted by bullies at school, who called him a "mongoloid" in a mock telephone call to Vivi Down.
"Unfortunately, in Italy, the term 'mongoloid' is used as an insult, which we don't like," Edoardo Censi, president of Vivi Down, said outside the courtroom. "Our problem is the defense of our children, of the disabled ... when we learned of the video, our first concern was to remove it."
Google Italy, which is based in Milan, said it took down the video two hours after being notified by police, as is required by law. Prosecutors argued that viewers had flagged it well before police contacted Google, and the fact that it shot to the top of a "most entertaining videos" list on the Italian site, had 5,500 views and 800 comments during the two months it was online meant it should have been noticed sooner.
Thanks to the footage and Google's cooperation, the four bullies were identified and sentenced by a juvenile court to community service. The events shortly preceded Google's 2006 acquisition of YouTube.
In another setback Wednesday for Google, the European Commission in Brussels said it had asked Google to comment on allegations by rivals that it demotes their sites in its search rankings.
EU spokeswoman Amelia Torres declined to name the three rivals and stressed that the EU hadn't yet opened a formal investigation.
Google said it would provide "feedback and additional information on these complaints," but stressed it was not violating any EU antitrust rules. It said those complaining were Foundem, a British price comparison site, the French legal search engine ejustice.fr and Microsoft Corp's Ciao! from Bing.
The low rankings complaint is significant because high rankings in Google searches drive higher volumes of traffic to Web sites.
Former NBA star Jayson Williams was sentenced to five years in prison Tuesday for fatally shooting a hired driver in 2002, ending an eight-year legal odyssey by tearfully apologizing to the victim's family. He will be eligible for parole in 18 months.
Williams, avoiding a retrial on a reckless manslaughter count that deadlocked the jury at his 2004 trial, pleaded guilty last month to aggravated assault in the death of Costas Christofi in February 2002. At the same 2004 trial, he was acquitted of aggravated manslaughter but convicted on four counts of covering up the shooting.
The sentences on the assault and cover-up counts will run concurrently. State Superior Court Judge Edward Coleman went along with a plea agreement that spelled out the five-year prison sentence and the potential for Williams to be released as early as summer 2011.
In court Tuesday, a tearful Williams turned and apologized to Andrea Adams, Christofi's sister, saying "there's not a day I wake up that I don't feel sorry for what I did to Mr. Christofi and that I put you through this."
Adams wrote in a letter read by a court employee that the punishment "didn't fit the crime" and spoke of "eight years of agony watching Jayson Williams prance around and live his life and acting like nothing happened."
Williams paid Christofi's family more than $2 million in 2003 to settle a wrongful death lawsuit.
He had been free on bail since being charged in 2002, but was taken from the courtroom in handcuffs to begin serving his sentence.
Most of the facts of the shooting are not in dispute. Christofi had driven Williams and several of the basketball player's friends to Williams' mansion after taking them to a local restaurant.
Williams admitted at his plea hearing last month that he gave the group a tour of the house and showed them his gun collection in his bedroom. While showing off a double-barreled 12-gauge shotgun, Williams admitted, he failed to check the safety mechanism and inspected only one of the two barrels before snapping it shut.
The gun fired, striking Christofi once in the chest and killing him. Witnesses testified that Williams tried to cover up his involvement by initially placing the gun in Christofi's hands and instructing those present in the bedroom to lie about what happened.
"Had the defendant exercised one ounce of caution that night, Gus Christofi would still be alive and we wouldn't be here," Deputy Attorney General Steven Farman said Tuesday.
The legal wrangling in the case eventually took on a life of its own, beginning with a change of venue for the trial from Hunterdon County, the site of the shooting, to Somerset County.
In 2007, defense attorneys tried to get the case tossed out after Hunterdon County Prosecutor J. Patrick Barnes divulged that a white investigator in his office had used a racial slur to describe Williams, who is black, in a 2002 meeting.
Williams, who turned 42 on Monday, played nine seasons with the Philadelphia 76ers and New Jersey Nets before a leg injury forced him to retire in 2000. He was in the second year of a six-year, $86 million contract.
He became an NBA analyst for NBC but was suspended after Christofi's shooting. He attempted a short-lived comeback in the minor league Continental Basketball Association in 2005.
Williams has suffered several recent personal setbacks.
His wife filed for divorce last year, but has attended some of his recent court appearances.
Police used a stun gun on him in a New York hotel last year after a female friend said he was acting suicidal. He was charged with assault in May after allegedly punching a man in the face outside a North Carolina bar, but charges were dropped. His father, E.J., with whom he owned a construction business, died in South Carolina in November.
Last month he was charged with drunken driving after he crashed his SUV in Manhattan. Prosecutors said his blood alcohol level was more than twice the legal limit.
"To my family, please forgive me for the pain I've caused you," Williams said Tuesday as he read from a statement. "You deserve a better father, a better brother and son than I have been. I am not a bad man, but I acted badly on Feb. 14. I will work endlessly to improve myself and make positive contributions to society."
Former New York City police Commissioner Bernard Kerik, who was hailed as a hero alongside former Mayor Rudy Giuliani after the Sept. 11 terror attacks and nearly became chief of the U.S. Department of Homeland Security, was sentenced to four years behind bars Thursday for eight felonies.
Kerik admitted in November that he lied to the White House, filed false taxes and committed other crimes.
"The fact that Mr. Kerik would use that event (9/11) for personal gain and aggrandizement is a dark place in the soul for me," said federal Judge Stephen Robinson.
An apologetic Kerik said before the sentence was pronounced: "Allow me to return to my wife and two little girls as soon as possible."
Federal guidelines indicated Kerik's sentence should be between 27 and 33 months in prison. Robinson said he went beyond the guidelines because they could not account for certain factors.
Kerik was "the chief law enforcement law enforcement officer for the biggest and grandest city this nation has," Robinson said. The crimes were committed "in the process of attempting to become a cabinet level position in the government of the United States."
Kerik, 54, has already been ordered to pay $188,000 in restitution and to pay past-due taxes and penalties on six years of tax returns.
Just before pleading guilty, Kerik spent three weeks in the Westchester County Jail for releasing secret pretrial information. While there, he was voluntarily admitted to the psychiatric ward for observation because of stress. Doctors concluded he did not need mental care.
After admitting his crimes, Kerik was freed pending sentencing. He had to post a $1.5 million bond, wear an electronic monitor and generally stay inside his home in Franklin Lakes, N.J.
In presentencing memos to the judge, the defense and prosecution painted sharply different portraits of Kerik.
The defense spoke of his bleak upbringing, his steely leadership after the terror attacks, his remorse and the debt he has incurred to defend himself. It supplied letters of support from his son, fellow police officers, a priest and a man who lost two sons on Sept. 11.
There was no letter from Giuliani.
The prosecution memo said Kerik had "shamelessly exploited" the terror attack, had shamed his gold shield and might flee if he weren't sent to prison right away.
Kerik was Giuliani's police commissioner when New York City was attacked, and he was praised worldwide for his leadership. At Giuliani's urging, he was nominated to the top Homeland Security post in 2004. It was the peak of his fast-rising career - as corruption allegations began to mount.
Kerik said in court that while being vetted for that position, he falsely denied that he had any financial dealings with anyone doing business with New York City. He said he also lied when he claimed he had specifically refused payments that were offered.
In truth, he said, he had accepted renovations of his Bronx apartment from a company seeking city work.
Those apartment renovations were the focus of the original corruption charge, which alleged that Kerik accepted the renovations in exchange for vouching for the company. Kerik did not admit that.
A band of hackers who were recently discovered hoarding a trove of account logons pilfered from thousands of companies worldwide are garden-variety cyberthieves, security experts say.The gang most likely began by hiring spam specialists to send out e-mail and social-networking posts to lure recipients into clicking on a tainted Web link, says Don Jackson, senior researcher at SecureWorks.
They then used a dated free version of a hacking tool called ZeuS and did nothing to hide their tracks, indicating that "they're probably amateurs," Jackson says.
That disclosure underscores how deeply cybercriminals — from novices to elite gangs — have now saturated the Internet with infections that allow them to take full control of Windows PCs. Cybergangs slot newly infected PCs, called bots, into networks called botnets. On any given day, 12% to 15% of the 1.6 billion computers connected to the Internet are bots, according to security firm Damballa.
Botnets are the engines that drive cybercrime, ranging from petty scams to espionage. "We've become desensitized to botnet infestation," says Tim Belcher, NetWitness chief technology officer.
In late January, NetWitness began tracking data exchanges between a bot in one of its client's networks and a remote server. Investigators accessed the server and found some 68,000 user name and password pairs for an array of online accounts. The data were stolen from 75,000 botted PCs in 2,411 organizations from 196 countries.
These included government agencies and schools, as well as drug, health, energy, tech, financial and media companies.
Gunter Ollmann, Damballa's vice president of research, has tracked this particular gang since late 2008. He says the hackers, now being referred to as the Kneber gang, are responsible for infecting at least 97,100 PCs in corporate networks in North America, in what's considered a "small" botnet. There are some 2,000 botnet gangs that together control 5% to 7% of PCs in corporate settings in North America. "Large enterprises have multiple layers of security defenses," Ollmann says. "Yet the criminal botnet operators are uniformly successful in breaching these well-defended networks."
Most of Facebook's 400 million members use the social-networking site to reconnect with long-lost pals and keep in touch with friends and family. But dozens of prisoners in Britain have found a more sinister and predatory use for Facebook: after being locked up for offenses such as murder and assault, inmates are taunting and terrorizing their victims through status updates and group wall posts.
Barry Mizen, whose 16-year-old son Jimmy was murdered in 2008, says his family endured months of personal attacks on a Facebook page that was created after Jimmy's killer, Jake Fahri, was convicted and sentenced to life in prison last March. "The words going back and forth were getting really nasty — it was just so undignified," says Mizen, who lives in southeast England. "My children were taking it very personally." Around the same time, taunting messages also started to come from Fahri's Twitter account, including one that said, "Jimmy Mizen was a pathetic loser." "There's got to be more control over this," Barry Mizen says. "Facebook and Twitter have to take responsibility for what goes on their sites."
British prisons ban inmates from accessing the Internet except for educational purposes, and then only under staff supervision. But prisoners are still finding ways to update their Facebook pages from behind bars, sometimes using smart phones they've smuggled into jail. More than 3,800 illicit cell phones were seized in British prisons in 2008, prompting authorities to start using mobile-phone signal blockers and body-orifice security scanners in some jails. Nevertheless, officials admit there's not much they can do to stop prisoners from having friends or family update their Facebook pages for them.
Facebook officials in the U.S. and Europe say they don't know whether this harassment problem extends beyond Britain, the only place where such cases have been made public. "We believe this is really a case of first impression," says Tim Sparapani, Facebook's director of public policy in Washington. "We've searched far and wide within the company and, among the collective memories of staff, we think this has no precedent."
In an effort to solve the problem, British Justice Secretary Jack Straw recently called on Facebook to shut down the profile pages of more than 30 prisoners who were known to have used the site to target their victims. "The abuse of social-networking sites by prisoners is offensive to public morality and decency," he said. "Updating their profiles within prison is an offense under prison rules, and using them to abuse victims is deplorable." Facebook obliged with the request to remove the pages on Feb. 11, and company officials met with representatives from the Justice Ministry and victims' advocates this week to formulate more concrete guidelines for reporting abuse. Straw said officials would discuss extending the Facebook restrictions to released prisoners as well.
The sheer number of people using social-networking sites makes it difficult to monitor misuse, both for law-enforcement officials and site administrators. Sparapani estimates that Facebook users spend 18 billion minutes on the site each day. "We have 400 million active users and a tiny, tiny staff. We need to find novel ways to handle that kind of crushing amount of activity. It's the burden of being so immensely popular," he says. Richard Allan, the Dublin-based director of policy for Facebook Europe, says an open dialogue between social-networking sites and police is key to stopping abuse. "The Ministry of Justice brought to our attention people who have been abusing the site," he says. "We want to have a regular channel of communication so we can deal with these cases."
But for some, punishing abusers after they torment victims isn't enough. Gary Trowsdale, founder of a group called Families Utd, a British advocacy group for relatives of young murder victims, says people should automatically lose their cyberliberties in addition to their civil liberties if they're found guilty of a crime. Although Facebook bans sex offenders from using the site, it has no specific policy for people convicted of other crimes. "Until they serve their time, they should lose the ability to have their profile on any of these social-networking sites," Trowsdale says. "Their information should be given to Facebook and Twitter by the relevant justice authorities, and on that basis [the sites] should then self-police."
For the time being, Facebook will continue to rely on its system of user-based abuse reporting, although Sparapani says the company is fully prepared to cooperate with law-enforcement officials when specific harassment cases come up. "We let users police the site, then we take action based on their reports and we review the reports," he says. "We triage based on the seriousness of the incident."
That is little consolation to Mizen, who is still waiting for Facebook to take down the page he reported as offensive months ago. Allan wouldn't comment specifically on Mizen's case but said that in general, all complaints are reviewed within 36 hours. Not in his case, Mizen says. "You don't get any acknowledgement," he says. "Nothing happens."
BoingBoing reports that a recent case filing in Robbins vs. Lower Merion School District, a Pennsylvania school, is a class action suit on behalf of students with school-issued laptops whose webcams have been used to watch the students and their families at home.
It was discovered that the laptops issued by the high school contained software allowing administrators to covertly activate the on-board webcam. The plaintiff, Blake J. Robbins, was disciplined by the school for “improper behavior in his home.” The evidence of said impropriety was brought forth by the school vice principal, who displayed a photo of Robbins taken by the laptop’s webcam.
According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins's child was disciplined for "improper behavior in his home" and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.If true, these allegations are about as creepy as they come. I don't know about you, but I often have the laptop in the room while I'm getting dressed, having private discussions with my family, and so on. The idea that a school district would not only spy on its students' clickstreams and emails (bad enough), but also use these machines as AV bugs is purely horrifying.
Schools are in an absolute panic about kids divulging too much online, worried about pedos and marketers and embarrassing photos that will haunt you when you run for office or apply for a job in 10 years. They tell kids to treat their personal details as though they were precious.
your privacy is worthless and you shouldn't try to protect it.
Update: The school district admits that student laptops were shipped with software for covertly activating their webcams, but denies wrongdoing.
Watch the Video Here:
