Essential Computer Security

“Identity Theft Soars in 2009”

“Cyber Crime at Record Highs”

“Online Scammers Work Overtime in the Downturn”

These are the types of headlines that we see time and time again in the security news, reminders of the extent to which sophisticated online scammers are taking a toll on the safety and security of computer users around the world.

But, there is another side of the spectrum that many users may not be completely aware; law enforcement agencies around the world are working diligently to track the online scams and schemes plaguing the Internet, in order to find those responsible and bring them to justice.

Unfortunately, the Internet has made it easier for criminals to scam victims, as they work across borders, separated from those they are stealing from by countries or even continents. While investigators of cyber crimes do have additional challenges in tracking down criminals and bringing about positive change, progress is being made, both by regular law enforcement and by organizations – like the Computer Crime & Intellectual Property Section of the U.S. Department of Justice and the Department of Defense’s Cyber Crime Center – that work with other government agencies, the private sector, academic institutions and foreign governments to prevent, investigate and prosecute cyber crimes.

One of the most well-known law enforcement agencies in a full-fledged battle to track cyber criminals and bring them to justice is the U.S. Federal Bureau of Investigation (FBI). According to its website, the FBI’s cyber mission is “first and foremost, to stop those behind the most serious computer intrusions and the spread of malicious code.”

The FBI has several cyber operations, including a Cyber Division at FBI headquarters, specially trained cyber squads at 56 field offices across the United States, Cyber Action Teams that travel the world to assist in computer intrusion cases, 93 Computer Crimes Task Forces around the country, and growing partnerships with other federal agencies.

The FBI also established the Internet Crime Complaint Center (IC3), a joint effort with the National White Collar Crime Center, to serve as a clearinghouse to triage cyber complaints – then sending leads to federal or international law enforcement for further investigation. In any given month, the IC3 has an intake of roughly 20,000 complaints that are waded through to uncover patterns and go after the scammers.

“Bots. Worms. Viruses. Spyware. Hacking….Every day, criminals are invading countless homes and offices…not by breaking down windows and doors, but by breaking into laptops, personal computers, and wireless devices via hacks and bits of malicious code. The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services…” according to the FBI’s website.

While investigators are experiencing an onslaught of cyber crime, justice does get served, and some of the “bad guys” of online crime are held responsible for their actions. One such accomplishment cited by the FBI was the guilty plea of John Schiefer, a California man who was prosecuted in 2008, in the first case of its kind in the nation, on federal charges related to his use of botnets. And, there have been other similar successes, shown in the compilation of news in the FBI’s Cyber Crime Headline Archives.

A major break came in late 2008, when the FBI, together with its global partners, wrapped up a two-year undercover cybercrime investigation of “Dark Market,” a message forum for online criminals where stolen information, as well as tools to facilitate online fraud, were bought and sold. The operation resulted in nearly 60 arrests worldwide, the prevention of $70 million in potential losses, and the FBI said, the confirmation that “while there might be honor among thieves, in the end, they are still just thieves.”

“It showed that we can get you no matter where you live. We were able to make internal relationships and work cases jointly with law enforcement in other countries. In the future there will be other joint cases in Europe and around the world. You don’t necessarily have to be in the U.S. for us to bring you to justice,” said FBI Special Agent J. Keith Mularski, whose undercover work was central to the sting operation, in an interview with CNET News.[1]

While there are undoubtedly positive steps being taken, cyber crime continues to be pervasive, as well as lucrative for online criminals. Working across borders to track the web of crime rings and finding global solutions to combat scams remains challenging for those trying to bring the perpetrators to justice.

“The bottom line is to make sure there are consequences for criminal cyber actions and similar consequences everywhere,” said Christopher Painter, Deputy Assistant Director of the FBI’s Cyber Division, at the International Conference on Cyber Security. The event was sponsored by the FBI in January 2009 to find global solutions to emerging threats, and brought in cyber experts and law enforcement officials from over 35 countries.[2]

“The bad guys need to know there is no free ride,” Painter said.

Contributed by Erin Earley at Lavasoft

[2] http://www.fbi.gov/page2/jan09/fordham_011409.html

Tags: Blog 6 Comments »

If you have ever tried to copy and paste a URL from a web site to share with a friend in an email you may have noticed that some of those suckers are LONG! They’re filled with coded gibberish that only make sense or matters to the web server delivering the content to you. The explosion of Twitter– which limits messages to a maximum of 140 characters, URL included– has made the length of URL’s an even more relevant issue.

Fear not! Services like Bit.ly and TinyURL have sprung up to solve the problem. These services take whatever URL you throw at them and convert it to a much shorter alias URL. For example, I entered ‘http://www.tonybradley.com’ into Bit.ly and got the shortened URL ‘http://bit.ly/A5RCi‘.

That works great for fitting the URL into Twitter, but it poses an issue from a security perspective. One of the simplest deterrents to malicious websites and phishing attacks is to simply look at the URL you are clicking on and apply an ounce of common sense. You can’t do that when the URL you are clicking on is a shortened alias of gibberish that has nothing to do with the actual destination web site.

For instance, if you receive an email allegedly from Customer Service at Bank of America and you actually have an account at Bank of America you might actually be tempted for a second to click on the link. But, when you see that the link in the email goes to ‘http://www.bankofamerica.com.sadisticattacker.is/Iplantotakeyourmoney’ you realize that the request is not legitimate.

But, when I take that exact same URL and enter it into Bit.ly I get ‘http://bit.ly/3nR6gq’. With a shortened URL like this one there is no way to tell just by looking at it whether it is legitimate or malicious.

Twitter users who use Tweetdeck have a security control to help out. Tweetdeck has a setting to ’show preview information for short URL’s’. When you click on a short URL a pop-up window appears which displays the short URL, the real URL it leads to, and the title of the destination web page so you can make an informed decision about whether or not to follow through and visit the site.

That is great for Twitter users….at least those who use Tweetdeck. The rest of you on your own though. Make sure you keep your system patched and updated and that you are running some type of antimalware protection on your PC just in case you click on the wrong URL. Think twice about the source of shortended URL’s and always remember Step #1 of the 5 Steps to Protect Yourself From Phishing Scams: BE SKEPTICAL!

Tags: Blog 2 Comments »

I created a page on Facebook as a sort of clearinghouse for my writing.

Rather than following my personal blog, and my TechTarget blogs, and my PC World blog, and my various other web and print media contributions wherever they may be found, you can simply follow this one Facebook page and stay up to date with links to all of the other resources as well as announcements about radio/TV appearances, or upcoming speaking events like webcasts.

You can click on the button on the left side of the screen here to ‘Become a Fan’, or just click this link and join the page.

Tags: Blog 2 Comments »

What do you do if you’ve spotted an online scam or fraudulent activity, like a phishing message? Online security company, Lavasoft, has put together the list, below, of initial steps you can take to report the scam, in order to warn others and keep the unwary from getting duped. Take a look – your report might help someone else from becoming the next victim. 

• First, report phishing ploys to the companies or organizations that are being imitated. Many organizations have details on their website on how to report these kinds of problems.
• You have the option to report phishing to the Anti-Phishing Working Group by sending a message to reportphishing@antiphishing.org; it’s a global pan-industrial and law enforcement association which focuses on eliminating the fraud and identity theft that results from phishing, pharming, and e-mail spoofing. You can also report phishing to the U.S. Computer Emergency Readiness Team by sending a message to phishing-report@us-cert.gov; it works with state and local government in the U.S. as well as industry and international partners to address key cyber security issues and to distribute information to the public.
• If you believe a charity or business is fraudulent, you can file a complaint with local authorities and notify watchdog organizations, like the Better Business Bureau (BBB), of a potential scam. While the BBB does not have legal or policing powers, it does provide information about marketplace fraud through scam reports to the public, media releases and alerts.
•  You can report criminal issues to the Internet Crime Complaint Center (IC3), a partnership with the U.S. Federal Bureau of Investigation, where complaints are reported, reviewed, and then referred to an appropriate federal, state, local or international law enforcement agency. More information is available on the IC3 website.
  
• If you’re located in the United States, file a complaint with the Federal Trade Commission, the country’s consumer protection agency. If you think that the ploy that you’ve encountered is being distributed internationally, you can report it to eConsumer.gov, a portal for consumers to report cross-border scams and complaints of online transactions with foreign companies. If you’re located within the European Union, you can check the InSafe website, a network of national nodes that coordinates Internet safety awareness in Europe, for points of contact within your country.

Please keep in mind: depending on the part of the world that you are located in and the type of online crime involved, there are more specific methods available to you; just like real-world crime, cyber crimes should be reported to local, federal or international authorities, depending on the scope of the fraud or crime involved. Find out in advance where to report cyber crimes in your area or in your language so that you’re prepared for what you may encounter online. For example, U.S. citizens can find cyber crime reporting resources on the U.S. Department of Justice website and can find additional information on filing various Internet-related complaints on the OnGuardOnline website.

Contributed by Erin Earley at Lavasoft

Tags: Blog, Protect Against Malicious Software 5 Comments »

If you are the only one using your computer and your computer is not connected to any sort of network domain, then perhaps you don’t need to worry too much about configuring the Windows Password Policy settings. You can simply make sure you choose a secure password all on your own.

On the other hand, if you are sharing the computer with others, or you are administering security for Windows computers in a network domain, you will want to set the Password Policy configuration up to enforce secure passwords.

It would be nice if people knew enough not to use ‘password’ as their password, but history has shown that many users lack that basic common sense. Rather than trusting your Windows PC or network to faith or (non-existent) common sense, configure the Password Policy settings to make sure the passwords used are secure passwords.

Tags: Blog 1 Comment »

Have you ever had your computer infected by malware? In the best of cases its a pain in the ass. In some cases the malware can be quite tenacious and virtually impossible to extricate from the system.

What would be cool is if, instead of scanning and identifying and removing the threat the hard way, you could just go back in time to a point before the computer was compromised and either implement some form of protection against the threat or avoid the site or application that infected the computer. That would be awesome!

Good news! You have such a time machine. It is called System Restore. Windows saves restore points prior to events that could have an adverse affect on the system, like installing new applications. It also save restore points periodically- just.in.case.

Check out Undo Malware With System Restore for more details. Next time your system starts acting wonky- try going back in time before you spend hours banging your head against the wall doing things the hard way.

Tags: Blog Comments Off

I should say Vista users…and Windows 7 RC users. Apparently Microsoft resolved the issue in question somewhere between the release candidate (RC) and release to manufacturing (RTM) versions of Windows 7. But, I digress…

This past Tuesday was Patch Tuesday for September. Microsoft released 5 new Security Bulletins, all of them rated as Critical. Obviously, you should be aware of these Critical Security Bulletins and apply any patches or updates necessary to protect your PC. The bigger news though was the Security Advisory Microsoft released in the immediate wake of the Patch Tuesday Security Bulletins.

The Security Advisory warns of a serious security issue with the SMB protocol in Windows Vista (and the aforementioned Windows 7 RC). Initial reports suggested that attempts to exploit the flaw would only crash the vulnerable system, but that was later amended to suggest that the vulnerability could allow an attacker to execute malicious code on the vulnerable system…without user intervention.

Now the race is on for attackers to develop a worm that exploits the flaw before Microsoft can patch it. In the meantime, there are some things you can do to protect yourself in case the hackers win the race. Check out Race is On to Patch Critical Windows Flaw for more details.

Tags: Blog Comments Off

If you are one of the 10 lucky people who already won BitDefender Internet Security 2010 in last week’s contest, you can skip the rest of this post. For the rest of you, if you still want a copy of BitDefender Internet Security 2010 its not too late.

Call it a consolation prize. This one you have to earn though. Essential Computer Security readers can read my review of BitDefender Internet Security 2010 and get my opinion, but a more diverse collection of opinions provides added credibility and gives users a broader sense of the pros and cons of the software. So, I want you to share your opinion.

Click on the link below (choose the 32-bit version of the 64-bit version- whichever you need) to download the evaluation version of the software. Install it and run it. Use it for a few days or week. Dig into the configuration settings. Work the software out to figure out what you like or to identify any weaknesses or pet peaves. Then, write your own review and post it as a comment on my original review of the software.

• BitDefender Internet Security 2010 32bit: http://bit.ly/ZMGkF
• BitDefender Internet Security 2010 64bit: http://bit.ly/1ommJb

Be honest. Readers don’t get any value from fluffy praise. Tell us what you think of it. Try to be specific about the features you like and the features you don’t. Share you experience and post your review and you can earn a copy of BitDefender Internet Security 2010.

The first 50 people to post a review of BitDefender Internet Security 2010 by September 30 will receive a 1-year license for the software. To clarify- there is no prescribed format and you don’t have to like the software (although- iif you don’t, why would you post a review to win a free copy?), but just saying “it rocks!”, or “it sucks” does not qualify as a “review”. Share the kind of information you would want to read if you were trying to make a decision on whether or not to spend your hard-earned money to buy the software.

Tags: Blog 19 Comments »

Are you running IIS? If so, you should be aware of an exploit currently being used by attackers in the wild.

The exploit primarily affects older versions of IIS. The initial exploit code targets IIS 5.0 running on Windows 2000 and could allow the attacker to take complete control of the IIS server. Newer exploit code was subsequently released which affects IIS 5.0, 5.1, 6.0 and 7.0, and could affect users running IIS on Windows XP and Windows Server 2003. The newer exploit code results in a DoS (denial-of-service).

Both attacks rely on IIS also running FTP and that the attacker has some access to be able to write to the server. Microsoft will be releasing the September Security Bulletins this coming Tuesday, but this threat is just emerging and is not expected to be included as one of the regularly scheduled patches this month.

Microsoft has issued a Security Advisory related to these attacks which includes mitigating factors and workarounds you can use to protect your IIS server pending a more permanent fix from Microsoft.

Tags: Blog 6 Comments »

Symantec reports the discovery of the first ‘wiretap Trojan’, dubbed Trojan.PeskySpy. You know those times when you think you hear breathing or strange noises and wonder if someone is listening in on your phone call? They probably are.

OK. That’s not really true. First, from a pure realism standpoint, an eavesdropping ‘listening Tom’ who takes advantage of Trojan.PeskySpy to listen to your conversation would be doing so digitally, so there would be no possibility of hearing any sounds or breathing.

That part aside though, this isn’ a pervasive threat and according to the blog post Symantec doesn’t feel it will be. Symantec says “In terms of impact, we don’t see this threat gaining much of a foothold out in the wild. What we’ve seen is largely proof-of-concept and does not contain any method to spread from one computer to another.”

Symantec explains that the Trojan “listens in the data traveling between the Skype process and the audio device, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level. Essentially, it sits below these security measures, recording the audio at the Windows level—before outbound audio from the microphone gets to Skype and after incoming audio leaves Skype and reaches the speakers.”

Bear in mind that this is not a Skype issue though. Skype was probably targeted because they are one of the most popular VoIP services, but its not a weakness in the Skype code or security controls.

Assuming Symantec is right, you won’t see any worm spreading this code across the Internet, but the malicious code can still be used for more surgical attacks such as listening in on spouses or lovers, or for corporate espionage.

Bottom line, you may have more parties listening in on your call than the two of you…and the NSA. Stay alert and keep your systems patched and antivirus updated.

Tags: Blog 1 Comment »