 Wednesday, July 21, 2004 ( 8:47 PM ) Mary Beth Largest ID Theft Case Ever? 45-year old Scott Levine is in big trouble, and so are his pals. A grand jury has indicted him on 144 counts, ranging from money laundering to obstruction of justice for a complex scheme through which he allegedly targeted one of the world's largest data management companies and stole over 8 gigabytes of data. Resulting losses are said to amount to more than $7 million. How did he do it? Read all about it in the 31 page indictment. At first, it sounds like he was just running a big email operation, but it turns out that was just a convenient way for him to gain access to another company's data-rich server. For the how-to, start reading on page 7 of the Indictment. Then, talk about it in your institution. Levine had access to the data management company's ftp server because Levine's company, Snipermail, provided services to one or more of the data company's customers. Levine, or his co-conspirators, would get into the server, then exceed what their authorization was supposed to be, entering areas which they had no authority to enter, and download files which they had no authority to download. They would decrypt encrypted password files to gain access to greater amounts of data. Once they had ftped into the server, they got into a folder called "hosting/pw/" (Gee, could "pw" possibly stand for passwords???) and downloaded a file named ftpsam.txt that contained user names and encrypted passwords for accounts on that server. After cracking approximately 40% of the passwords initially, they logged into the server using 23 separate account names to download 302 different files. Subsequently, they downloaded the file again and ran a decryption program against it, decrypting even more passwords. Reading the indictment is like reading "The Anatomy of a Hack." It should make you take a good hard look at the password composition rules you employ within your institution. If you haven't run a password cracking program against them to test their strength, do it. And if you've been sloppy about setting file permissions, particularly for third-party vendors who need limited access to your servers, correct that now. # ( 6:27 AM ) Andy A few bills you may want to watch, S.2569, H.R.4600 and S.2603 are titled as the "Junk Fax Prevention Act of 2004". What these will do is require an opt-out on junk faxes and it allows anyone with an established business relationship to send faxed messages to their customers. These are meant to counter the FCC's "Do not fax" rules set to take effect next January. H.R.4658 is the Servicemembers Legal Protection Act of 2004 and is meant to amend the SCRA. In one instance a servicemember was released from their lease contract, but the landlord would not release the spouse. This bill is meant to remove any ambiguity and these seemingly erroneous interpretations. It would: Expand the definition of court and administrative judgments and rulings covered by the law; Require that waivers of their rights by servicemembers must be duly executed in separate, clearly written documents; Extend to plaintiffs the same relief granted to defendants in civil court proceedings; Extend the housing and automobile lease termination relief to servicemembers relocated from states or territories outside the contiguous United States (e.g. Hawaii, Alaska); Strengthen the lease termination protections for dependents of servicemembers relocating per military orders; Strengthen the leases termination provisions for servicemembers affected by individual deployments; Prevent double taxation of servicemembers due to differences in state and local excise, use, or other similar taxes. # Sunday, July 18, 2004 ( 2:07 PM ) Andy Microsoft's Internet Explorer market share has fallen by 1.57 percentage points according to WebSideStory, which measures Web metrics. A survey found that 94.16 percent of Web surfers were using IE, down from 95.73 percent. This is the first slippage for Internet Explorer in a very long time. It may well relate to recent security problems noted for the IE browser. Users are opting for alternatives such as Firefox, Mozilla, Netscape and Opera. More information is available in the BOL Tech Advisories. # Thursday, July 15, 2004 ( 8:33 AM ) Andy Want to know why your next exam will have BSA written all over it? Banking regulators are under intense pressure in Washington DC. Congressional hearings see huge cracks that allowed $1 billion to go in and out of foreign accounts at New Jersey's Hudson United Bank with no red flags, $5 billion sent to countries US firms are banned from doing business with via the US arm of Swiss Bank and the recent record penalty from the OCC of Riggs Bank for its continuing failure to report suspicious transactions. Sen. Richard C. Shelby (R-Ala.) has held four hearings on anti-money laundering and related terrorist activities. He has said, "You have a broad failure of regulatory agencies to provide oversight of the banking industry." There is discussion as to creating a new, single anti-money-laundering agency. The banking regulatory agencies have not been enforcing the rules in the hindsight of Congress. The regulatory agencies are opposed to a new agency as are some industry organizations. Do we need better enforcement from an established system or another agency to come in and review financial institutions. With turf at risk, the agencies will exert more pressure and more magnified reviews on BSA and AML activities. Work is being done in Washington to better coordinate activities between similar agencies and FinCEN. But are the cracks still there? Your next exam team will attempt to find out. Financial institutions should be reviewing their efforts. What was once "good enough" may well not be in the future. While this isn't news to many BOL'ers, the emphasis on BSA/AML cannot be over-done in today's climate. # Thursday, July 08, 2004 ( 10:26 AM ) Andy The Costs of an Internet-Based Attack A survey of 162 businesses by the Aberdeen Group found that they suffered from at least one worm, virus, spyware or other security-related attack each year. These disruptions are major and take a system down for an average of 22 hours and cost $2 million dollars. The Internet has become a new delivery channel and is integral for daily operations. They found 75% of businesses are increasing their Web-based customer sales and services, 55% are increasing use of the Internet for negotiating and buying goods and 48% are using the Internet more for distributing products and filling orders. This increase of use demands a comparable ramp-up of security measures because there is more exposure. And watch out for the latest virus. A new variant of the Lovegate worm, Lovgate.AE and Lovgate.AH, email themselves to addresses on your computer. They replace executable files (.exe extension) on the local hard drive with copies of itself, leaving you without the software to see word processing files, spreadsheets and the like. This is downtime and income isn't produced when you can't work with the tools you have become accustomed to. Patch management includes virus control. Consider adding safe-computing to your training calendar as prevention is the best medicine. # |
|