The Green Sheet Online Edition
July 11, 2011 • Issue 11:07:01
Fraudsters nailed, proactive security initiatives needed
In the wake of the failure of the Global Cyber-Crime Summit in London to agree on solutions to the growing seriousness of data theft, the secure data and online access security company IronKey Inc. is urging security professionals to immediately address the accelerating cyber-crime attacks around the world.
IronKey Chief Executive Officer Arthur Wong called for a new direction for protecting data to get away from a system that only detects threats after they occur. "The industry needs to be proactive, not reactive, and this was the missing message" from the summit, Wong said. He added that the industry needs to develop a software security package that assumes a system is already infected and gives the user "a hardened virtual operating system and browser, built-in malware protection and a trusted network" that together create a separate, protected computer system.
DOJ nails cyber fraud rings
Meanwhile, two Latvians were indicted, and the U.S. Department of Justice and the FBI seized more than 40 computers, servers and bank accounts disrupting two Latvian cyber crime rings that stole more than $74 million from more than 1 million consumers. The criminals allegedly sold customers by telling them they were protecting their computers when, in fact, consumers were buying fake computer security systems.
The law enforcement action, known as Operation Trident Tribunal, puts a halt on two criminal rings operating throughout the United States and Western Europe. In the first action, investigators discovered criminals aggressively marketing and selling fake security software by first getting customers to download a malicious program known as "scareware."
Scareware falsely tells computer users it has done a computer scan and found a variety of viruses, trojans and other forms of malware infecting the computer. A series of pop-up advertisements are then launched that continuously warn users they must buy fraudulent security software in order to repair the non-existent problems. The pop-ups continue to aggressively appear on the screen until the user either manages to end the communication or until the user buys the phony anti-virus software at a cost of up to $129.
The FBI believes more than 960,000 consumers were victims of the scareware fraud. Operation Trident Tribunal successfully located computers, servers and bank accounts for this operation causing a major disruption in the scam.
Operation Trident Tribunal also broke up a second online advertising scheme to sell scareware products. This fraud was run by two Latvian citizens, Peteris Sahurovs, 22, and Marina Maslobojeva, 23, who were arrested in their home country on a warrant from the U.S. District Court of Minnesota.
Sahurovs and Maslobojeva are accused of creating a phony advertising agency and convincing the Minneapolis Star Tribune they represented a hotel chain that wanted to buy online advertising on the paper's website. After the electronic advertisement began running on the website the defendants allegedly changed the code in the ad to infect visitors' computers with a malicious software program that bombarded users with scareware.
The FBI estimates the Latvians got away with at least $2 million. Sahurovs and Maslobojeva face at least 10 years in prison and a $250,000 fine for each of the two counts against them. They will also be asked for restitution and to forfeit any profits from their scam if they are found guilty.
Hacker pleads guilty to AT&T hack
In addition, a 26-year-old San Francisco man pled guilty to writing a malicious code that breached AT&T servers and stole personal information from its iPad subscribers. Daniel Spitler was indicted by the U.S. Attorney's office in Newark, N.J., on one count of conspiracy to gain unauthorized access to computers connected to the Internet and one count of identity theft.
Spitler admitted to being a member of an anarchistic group of Internet hackers and "trolls" (people who intentionally disrupt Internet content and services) calling themselves Goatse Security.
AT&T automatically linked each iPad 3G user's email address to a unique iPad number belonging to the registered user. Spitler and Goatse Security were able to write a program that collected this information by imitating the behavior of the iPad 3G.
The hackers then passed on the email addresses and iPad numbers to the Gawker website where they were published in redacted form.
Spitler was arrested with a co-defendant Andrew Auernheimer, 25, of Fayetteville, Ark. Spitler faces five years in prison and a $250,000 fine. He is scheduled to be sentenced in September 2011. Auernheimer is still awaiting trial.
"In the wake of other recent hacking attacks by loose-knit organizations like Anonymous and LulzSec, Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport," U.S. Attorney Paul Fishman said.
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.