Cyber Crime – As a service?

$400 will allow you to go into the malware business.  As discussed yesterday at the Vasco Banking Summit in Sydney, cybercrime is another business one can outsource to those with core competency on the subject.  For an additional $50, the organization will host the malware software form their platform, allowing you to run a completely outsourced cybercrime operation.

Click here for further information:

Source for Estonian cyber attack revealed

Two years ago a well documented attack on Estonia that paralyzed its Internet network occurred.  It was well thought that the attack was sponsored by the Russian government.  Instead it was revealed that the attack was conducted by an pro-Kremlin activist and his friends.

The basis of the attack was based upon protesting what was seen as an apartheid-type policy that culminated with the removal of dismantling of the Red Army monument in the Estonian capital city of Tallinn.  The removal prompted two nights of rioting by Russian-speaking protesters.  While Estonian’s viewed Soviet rule as brutal and repressive.  Soviets viewed removal of the monument as a snub.

The “attack” was a protest of the dismantling of the monument, thus a legal act of civil disobedience, not a “cyber attack”.

Click here for further information.

Worldwide cybercrime police network grows

Under the Convention of Cybercrime, an international treaty that sets a legal model for other countries to follow when writing anticybercrime legislation, becoming part of an international 24/7 network fighting cybercrime is a requirement.

Starting with the G8 nations in 1997, the network, today, consists of 56 nations.  Of the 47 countries that are part of the Council of Europe, 24 have ratified the treaty, and 23 others have signed it but are awaiting their national legislatures to ratify it.

Known as the “24/7 Network”, it is intended to improve coordination between law enforcement, as Internet scams and frauds are often executed using networks of hacked computers located around the world.

Last Wednesday at the International Conference on Cybercrime in Strasbourg, France, a meeting was held to discuss the status of the network.  The closed door meeting was attended by law enforcement, government officials and security professionals.  The “harmonizing of contact lists” and working on the protocol and procedures for the requesting of data to be preserved were among the topics.

Click here for further information.

BBC exposes cyber crime risk

Close to 22,000 hijack computers were controlled by the technology programme, Click.  Through visiting Internet chatrooms, Click picked up a low-value botnet.  The BBC acquired the software and turned a potential cyber crime launching pad into a large-scale educational effort.

The BBC has warned users of their PC’s infection and how to secure their systems.

Utilizing the collective power of the botnet, Click illustrated the power by working in concert with a security company by targeting a backup site owned by the security company.  It took only 60 PCs to overload the site’s bandwidth with a DDoS attack.

Click here for further information.

Cyberwarfare mapped

Last week at Harvard University, Sandia Lab researches unveiled a map that depicts cyber warfare as a series of colored dots, cryptic graphs and lines.  The map was derived through complex simulations of a large botnet attack against a large-scale network.

The simulations were developed as a means of understanding how cyber attacks can be anticipated, mitigated and defended against.  The goal is, with the understanding of this information, to create a way for networks to become self defending against malicious agents through the inclusion of topological mapping.  One item that may slow attacks is to present malicious agents with complex algorithmic problems to solve, thus allowing networks time to increase its defenses and thus guard against take over.  Such defense mechanisms would allow time for network nodes to notify other network nodes of an attack in progress, this increasing its defenses.

Click here for further information.

Browser wars continue with new releases

Browsers continue progressions with head-to-head releases.  Mozilla Firefox’s next release (version 3.1 or 3.5 – not known yet due to Mozilla’s versioning system) out this week with Microsoft’s IE, version 8 due out next week.

One of the most widely talked about features is the Private Browsing Mode (Firefox) or the InPrivate Browsing (IE 8 ) which allows users to enter into a browser session whereby the user will be allowed to remove any trace of a session while in such mode.  Removal of information from such a session includes records of pages visited, form entries, passwords, downloads, cookies and cache files.  IE 8 goes one step further in that the InPrivate Browsing feature prevents 3rd party sites from tracking your activities on sites visited.

Aside from InPrivate Browsing, IE 8 also adds additional security features in the form of SmartScreen Filtering, Cross-site XSS script blocking and Clickjack protection.  SmartScreen filtering blocks both phishing and malware-distribution sites.  When landing on either the user will receive a red page with a warning as an indication of landing on such sites.  Cross-site XSS scripting is blocked to prevent your keystrokes from being redirected to a malware writer.  Clickjacking protection whereby third party sites are prevented from overlaying a legitimate button with an imposter button frame.

Click here for further information.