After Hours

General discussion

Locked

Bill's Computer Crime Watch List

By Bill Detwiler Editor ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

CardSystems Solutions security breach endangers 40 million credit cards

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

On Friday, June 17<sup>th</sup> MasterCard International
<a href="http://www.mastercardinternational.com/cgi-bin/newsroom.cgi?id=1038">announced</a> that CardSystems Solutions, a Tuscon-based possessor of payment card
information, suffered a security breach that potentially exposed information on
more than 40 million credit cards. MasterCard-branded cards make up approximately
13.9 million of the affected cards. According to multiple news reports, CardSystems
Solutions detected the breach on May 22 and notified the FBI the following day.
Authorities believe the exposed information includes account-holder names, bank
names, and credit card numbers. Criminals could use this information for credit
card fraud, but not for identity theft. Multiple news agencies are covering
this story, including: <a href="http://news.com.com/Credit+card+breach+exposes+40+million+accounts/2100-1029_3-5751886.html">CNET's News.com</a>, <a href="http://www.cbsnews.com/stories/2005/06/18/national/main702830.shtml">CBS News</a>, <a href="http://www.foxnews.com/story/0,2933,159943,00.html">Fox News</a>, <a href="http://www.cnn.com/2005/BUSINESS/06/18/us.credit.ap/index.html">CNN</a>, <a href="http://abcnews.go.com/Business/wireStory?id=860175">ABC News</a>, and
<a href="http://www.msnbc.msn.com/id/8286132/">MSNBC</a>--many news agencies are using the original AP report.

Collapse -

CardSystems Solutions security breach endangers 40 million credit cards

by tapan In reply to CardSystems Solutions sec ...

<p>Do you know that the agencies reported that the threat is now only on 68000 instead of the original 40 mill ? How does that happen ?</p>
<p>Jones</p>

Collapse -

CardSystems Solutions security breach endangers 40 million credit cards

by Bill Detwiler Editor In reply to CardSystems Solutions sec ...

According to published reports, information on 40 million accounts was
exposed to the CardSystems security breach.  Of that total,
information on 200,000 cards was transferred outside CardSystems'
network. 68,000 of those 200,000 were MasterCard accounts.<br />

Collapse -

Tougher cybercrime sentences will be needed

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

According to a <a href="http://techrepublic.com.com/2100-1009_11-5778774.html">CNET News.com report</a>, a German judge issued a
21-month suspended sentence the teenager who admitted creating the Sasser
computer worm. The 19-year-old Jaschan was put on probation for three years and
must complete 30 hours of community service.<o><br />
<br />
</o>While I don't believe Jaschan's crime warrants a lengthy prison
term, the court should have issued a stronger sentence and required him to
spend at least 6 months in jail. Although not an issue in the Sasser case, cybercrime
has shifted from the realm of social activists and academics, to the world of
organized crime. Future sentences should reflect that shift.<br />
<br />
Though this shift increases the risk cybercrime posses, it
also lets us combat cybercrime with techniques likely to work against financially
motivated perpetrators. Here's an example:<br />
<br />
"The Sasser case is the only success so far for <a href="http://www.microsoft.com/security/antivirus/default.mspx">Microsoft's Anti-Virus Reward Program</a>, which was launched
in November 2003. The program has offered a total of $1 million to informants
who help close official investigations into four major viruses and worms,
including Sasser, and has another $4 million earmarked for future rewards."
CNET News.com.
<p class="MsoNormal">Financial incentives are more effective when used against individuals
motivated by financial gain. Reward programs haven't been overly successful in
the past, but they will likely produce better results in the future.</p>

Collapse -

Tougher cybercrime sentences will be needed

by HutchTech In reply to Tougher cybercrime senten ...

<p>Bill,</p>
<p>I've got to respectfully disagree with your statement that <em>"...Jaschan's crime [doesn't] warrant a lengthy prision term."</em>  If we don't take this case seriously, then why should anyone with the skills necessary, not continue to use the Internet as their own personal playground?  He caused billions of dollars in losses for business.  If he'd stolen this money outright, we'd be calling for his head, but since he merely started the snowball rolling, and happened to be a minor, we should slap him on the hand?  I don't think so.</p>
<p>While he may not have personally profited from his actions, he is one of the most prolific vandals in history.  The damage Kevin Mitnick did pales in comparison to this hooligan.</p>
<p>- Hutch</p>

Collapse -

Tougher cybercrime sentences will be needed

by Jaqui In reply to Tougher cybercrime senten ...

nope, he shouldn't have gotten a lengthy prison term<br />
just long enough to bild a gallows and hang him untiul dead!!!<br />
<br />
no mercy for people like that..<br />
<br />
oh, heck, no mercy !!!<br />
kill em all thet the gods sort em out!!<br />

Collapse -

U.S. Department of Homeland Security creates Assistant Secretary for Cyber S

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

On Wednesday, Secretary <a href="http://www.dhs.gov/dhspublic/interapp/biography/biography_0116.xml">Michael
Chertoff</a> announced a six-point agenda for the Department of Homeland
Security designed "to ensure that the Department?s policies, operations,
and structures are aligned in the best way to address the potential threats ?
both present and future ? that face our nation," according a department <a href="http://www.dhs.gov/dhspublic/interapp/press_release/press_release_0703.xml">press
release</a>.


<p>DHS will release details of Chertoff's new agenda in the
coming weeks and months, but several outlined several changes in Wednesday's
press release. Among these changes is the creation of a new Assistant Secretary
for Cyber Security and Telecommunications. This person will be responsible for "identifying
and assessing the vulnerability of critical telecommunications infrastructure
and assets; providing timely, actionable and valuable threat information; and
leading the national response to cyber and telecommunications attacks,"
according to DHS.</p>


<p>The new Assistant Secretary position is a much needed boost
to the formerly director-level post. Hopefully DHS will have more luck keeping
the new position filled, as the department went through a string of directors
for the National Cyber Security Division, including Richard Clarke, Howard
Schmidt, Amit Yoran and Robert Liscouski.</p>

Collapse -

WSJ Outlines current cybersecurity threats

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

<p class="MsoNormal"></p>


<p class="MsoNormal">Last week, <a href="http://online.wsj.com/public/article/0,,SB112128442038984802-w4qR772hjUeqGT2W0FIcA3_FNjE_20060717,00.html">The
Wall Street Journal</a> published a great cybersecurity piece that's definitely
worth a read. The authors provide detail explanations of common threats such targeted
attacks, botnets, adware, spyware, and more. While the article's information
won't be news to computer security professionals and seasoned network administrators,
it's worth a quick look and could serve as a reference the next time senior
management asks you to describe the latest network security threats.</p>

Collapse -

?500 fine appropriate for UK man who stole wireless bandwidth

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

<p>According to The Register, a British court sentenced
24-year-old Gregory Straszkiewicz to 12 months conditional discharge and a ?500
fine for "dishonestly obtaining a communications service and related
offences." Straszkiewicz accessed the wireless broadband connections of
multiple residents with the intention of obtaining stealing bandwidth.</p><p>Because authorities provided "no evidence he
[Straszkiewicz] had any hostile motive beyond" a free Internet connection,
John Leyden, the article's author, categorized Straszkiewicz's sentence as
"harsh". A point with which I respectfully disagree. Leyden used the
term "borrow" to describe Straszkiewicz's actions. As Straszkiewicz
had no intention of repaying victims for their bandwidth, I contend that
Straszkiewicz stole, not borrowed, the bandwidth.</p>


<p>"It's unclear whether anyone who accidentally jumped
onto another party's net connection (easy to do if a host is using an unsecured
connection with no encryption) might also risk prosecution," Leyden wrote
in closing. Here Leyden appears to liken <a>Straszkiewicz</a>'s
premeditated theft to the inadvertent intrusion on an unsecured wireless
network. Despite any technical similarity these two actions have, they are
diametric opposites with respect to motivation and outcome. Straszkiewicz
purposely and repeatedly used someone else's paid Internet connection without
permission.</p>


<p>Consider an individual I'll call John. John works in a large
office building that houses several businesses. On day the company's copier malfunctions.
Needing to copy several documents, John asks his boss for instructions. John's
boss arranges for John to make copies at ABC corporation, another business in
the building. John leaves to make the copies. Unfortunately, John mistakenly
enters the office's of BAC company. The BAC's office door is open and the reception
area is empty. John, who believes this to be the right office, walks beyond the
reception area to the copier. While making his copies, John is confronted by a
employee and asked to explain his presence and copier use. Realizing his
mistake, John apologizes and explains the situation. Later, John's company reimburses
BAC for the cost of the copies. BAC company understands John's mistake, accepts
his apology, and agrees to the reimbursement.</p>


<p>Now consider Jane, who also works in the same office
building. Each day during lunch, when most offices are empty, she leaves her workplace
and secretly enters BAC company. Without permission she copies dozens of
documents. Jane's actions are recorded by BAC surveillance cameras. When BAC
employees confront her with the evidence, Jane acknowledges her actions but
refuses to reimburse BAC company.</p>


<p>Both John and Jane entered BAC company offices without
permission. They each made unauthorized copies. But the similarities end there.
John made an honest mistake and offered a suitable reparation. Jane knowingly
and repeatedly used BAC's copier without permission and refused to make
repayment. Jane is guilty of both trespass and theft.</p>


<p>These two scenarios illustrate the difference between
someone who accidentally wonders onto and then off of an unsecured wireless
network and someone who purposefully and repeatedly seeks out and uses unsecured
wireless networks without permission.</p>
<p>While current statutory and case law on Wi-Fi access leaves
many questions unanswered, there are guidelines that business and consumers can
follow. Check out this <a href="http://techrepublic.com.com/2100-1035_11-5778822.html">News.com article on
TechRepublic</a> for more information.</p>

Collapse -

?500 fine appropriate for UK man who stole wireless bandwidth

by LAMPman55 In reply to ?500 fine appropriate for ...

Right On!  Steeling is steeling, period.  To borrow is to
request access and offer, if necessary, a payment in leu of service or
use.  The penalty levied against <font><font class="qdesc">Straszkiewicz was just, if not light.<br />
<br />
I hope the US will consider the same offense as the responsibility of
the thief, not of the company who 'didn't secure their WiFi
adequately.'.  Am I responsible for someone breaking into my house
because I left the front door open?<br />
<br />
Great Article!<br />
<br />
Vic.<br />
<br />
</font></font>

Related Discussions

Related Forums