Archive for October, 2008

Alarm raised on teenage hackers

Increasing numbers of teenagers are starting to dabble in hi-tech crime, say experts.

Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.

The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.

Youth workers added that any teenager getting a criminal record would be putting their future at risk.

Many teenagers got into low level crime by looking for exploits and cracks for their favourite computer games.

Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data.   For a kid, getting a criminal record is the worst possible move

Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way.

Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager.

From such virus and nuisance programs, he said, many progress to outright criminal practices such as using phishing kits to create and run their own scams.

“Some are quite crude, some are clever and some are stupid,” he said.

The teenagers’ attempts to make money from their life of cyber crime usually came unstuck because of their poor technical skills.

“They do not even know enough to get a simple phishing or attack tool right,” said Kevin Hogan, a senior manager Symantec Security Response.

“We have seen phishing sites that have broken images because the link, rather than reference the original webpage, is referencing a file on the C: drive that is not there,” he said.

Symantec researchers have collected many examples of teenagers who have managed to cripple their own PCs by infecting them with viruses they have written.

Chris Boyd from FaceTime said many of the young criminal hackers were undermined by their desire to win recognition for their exploits. 
Many teenage hackers publicise their exploits on YouTube

“They are obsessed with making videos of what they are doing,” he said.

Many post videos of what they have done to sites such as YouTube and sign on with the same alias used to hack a site, run a phishing attack or write a web exploit.

Many share photos or other details of their life on other sites making it easy for computer security experts to track them down and get them shut down.

Mr Boyd’s action to shut down one wannabe hacker, using the name YoGangsta50, was so comprehensive that it wrung a pledge from the teenager in question to never to get involved in petty hi-tech crime again.

Mathew Bevan, a reformed hacker who was arrested as a teenager and then acquitted for his online exploits, said it was no surprise that young people were indulging in online crime.

“It’s about the thrill and power to prove they are somebody,” he said. That also explains why they stuck with an alias or online identity even though it was compromised, he added.

“The aim of what they are doing is to get the fame within their peer group,” he said. “They spend months or years developing who they are and their status. They do not want to give that up freely.”

Graham Robb, a board member of the Youth Justice Board, said teenagers needed to appreciate the risks they took by falling into hi-tech crime.

“If they get a criminal record it stays with them,” he said. “A Criminal Record Bureau check will throw that up and it could prevent access to jobs.”

Anyone arrested and charged for the most serious crimes would carry their criminal record with them throughout their life.

Also, he added, young people needed to appreciate the impact of actions carried out via the net and a computer.

“Are they going to be able to live with the fact that they caused harm to other people?” he said. “They do not think there is someone losing their money or their savings from what they are doing.

“For a kid, getting a criminal record is the worst possible move.”


Source – BBC




Internet watchdog issues reporting rallying call

More than 75% of internet users who have stumbled across pictures of online child sex abuse had no idea of where to report it, a new survey reveals
The poll for the Internet Watch Foundation, a charity that shuts down illegal content, found 77% of people were unaware that it ran a “hotline” for reporting abusive material.

“The UK has a very proactive approach to tackling child sexual abuse content online but we could do even more with the public’s help,” says IWF chief executive Peter Robbins.

“Internet consumers should know that if they do stumble across these images then it’s vital to report them to the IWF.”

People who report illegal content through the IWF website are protected by law, he says. Users of the site can also report anonymously, or leave their contact details should they wish to be informed of what’s happening to the site they reported.

The IWF website received nearly 35,000 reports in 2007, but the organisation wants to raise awareness further and is rolling out an advertising campaign including banner adverts to educate people about the site.


Source – PC Pro

E-voting vetoed for 2009 election

The Government says it has no plans to roll out e-voting for the next election, potentially signalling an end to its interest in the technology.
The Government’s stance was revealed in a written statement to parliament, in which Michael Wills, minister of state for the Ministry of Justice wrote: “The Government does not plan to introduce e-voting for the 2009 European or local elections.

“The way forward more generally on e-voting will be informed by the valuable experience gained from earlier pilots, analysis of the responses to the election day consultation, and further development work including the possible further testing of e-voting solutions in non-statutory elections.”

Trials of the technology have already drawn heavy criticism, with its use in London’s 2008 mayoral election described by the Open Rights Group as “weak in design and testing.”

The Electoral Commission has also admitted to reservations about the technology, arguing that security around e-voting needs to be beefed up before further large scale trials go ahead.

Microsoft posts rise in profits

Microsoft’s profits rose 2% to hit $4.37 billion in the first quarter, bolstered by its licensing agreements with larger companies.
In the months to September, the Redmond Giant saw sales rise 9% to $15.1 billion, driven by its computer server software. According to the company, sales in its server division rose 18%, with Windows Server 2008 and SQL Server 2008 the two stars of the show.

Despite a $300m advertising campaign, however, it appears customers are still wary of Vista. The Client division, which is responsible for selling XP and Vista, saw a rise of just 1.9%, with earnings dropping 3.6% to $3.3 billion.

Microsoft’s chief financial officer Chris Liddell says the company expects the current soft demand for products to continue, as large manufacturers switch to selling netbooks.

The company also reported a slowdown in demanded from small to medium sized businesses, worried about the impact of the credit crunch.

Microsoft now plans to cut costs by $500 million in the current financial year, with hiring, travel and marketing costs all expected to come under the microscope.

Virgin fumes as staff slate 747 safety on Facebook

Virgin Atlantic is instigating disciplinary proceedings against staff who criticised the airline’s safety record on Facebook.
The staff reportedly made derogatory comments about Virgin’s fleet of five Boeing 747s that are based at Gatwick airport. Comments were also made about Virgin customers, according to a report on the BBC.

In a statement published on Virgin’s official Facebook site, the company says it plans to deal with the dissenters.

“Virgin Atlantic has been made aware of some malicious comments that have been made on a social networking site by a small number of its staff,” the statement reads.

“The airline has started an immediate disciplinary investigation. We do not tolerate any criticism of our passengers or industry-leading safety standards and we are taking this matter very seriously.”

The company has also strenuously denied allegations of poor safety and on-board hygiene. “Safety is our top priority and we operate our fleet of aircraft in strict compliance with all manufacturers’ and safety authorities’ recommendations and regulations,” Virgin claims.

The case will once again highlight the problems of staff discussing company business on public social-networking sites, although it’s not clear whether the employees were posting in work time or in a personal capacity.

Boffins sniff passwords from wired keyboards 65 feet away

Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards. At least 11 models using a wide range of connection types are vulnerable.

The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They’ve outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.

In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that’s about 20 to 30 feet away in an adjacent room.

“We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design),” they write here. “Hence they are not safe to transmit sensitive information.”

No doubt, electromagnetic eavesdropping dates back to the mid 1980s, if not earlier. But Vuagnoux says many of today’s keyboards have been adapted to prevent those attacks from working. The research shows that even these keyboards are vulnerable to electromagnetic sniffing.

The video demonstrations show a computer that reads input from antennas that monitor a specified frequency. In both cases, the computer was able to determine the keystrokes typed on keyboards connected to a laptop and power supply and LCD monitors were disconnected to prevent potential power transmissions or wireless communications. Vuagnous said in an email that the attacks would still work even if the power supplies and monitors were plugged in.

The demonstration has already gotten the attention of other security researchers.

“It’s definitely believable that this is possible,” Charlie Miller, principal security analyst for Independent Security Evaluators. “It is very James Bond.”

The idea would be for an attacker to sniff passwords and other sensitive data using equipment located in an adjacent hotel room, office, or home.

Even still, it’s easy to see the limitations of such attacks. Interference from other televisions, lights, or other devices seems likely, although the video demonstrations suggest that the attacks work even when there are nearby computer monitors. The other thing that makes the attack unfeasible is the amount of sophisticated equipment required. Given all the fuss and expense, why not just sneak a keylogger onto the target’s machine?

Home Secretary puts her arm around Big Brother

The Government is pressing ahead with plans to create a giant database of mobile phone and internet activity.
The proposed database will provide police and intelligence services with details of mobile phone calls, emails and internet sites visited. The actual content of the phone calls and messages won’t be recorded, just the dates, duration and location/IP address of messages sent.

The Home Secretary claims the database is vital to combat crimes as wide ranging as terrorism and paedophilia. “Our ability to intercept communications and obtain communications data is vital to fighting terrorism and combating serious crime, including child sex abuse, murder and drugs trafficking,” Jacqui Smith claims.

“Communications data – that is, data about calls, such as the location and identity of the caller, not the content of the calls themselves – is used as important evidence in 95% of serious crime cases and in almost all security service operations since 2004.”

She even suggested that child murderers such as Ian Huntley could escape detection without such a scheme. “We will lose this vital capability that we currently have and that, to a certain extent, we all take for granted.

“The capability that enabled us to convict Ian Huntley for the Soham murders and that enabled us to achieve the convictions of those responsible for the 21/7 terrorist plots against London.”

Opposition parties have labelled the plans oppressive. “The Government’s Orwellian plans for a vast database of our private communications are deeply worrying,” Liberal Democrat Home Affairs spokesman, Chris Huhne, told the BBC.

“I hope that this consultation is not just a sham exercise to soft-soap an unsuspecting public.”

The scope of the Government’s plans could extend beyond mobile phone networks and ISPs. A Whitehall spokesman quoted in The Guardian said the Government is increasingly concerned about webmail services and social networks, where people can communicate in relative anonymity.

“People have many accounts and sign up as Mickey Mouse and no one knows who they are,” the spokesman claims. “We have to do something.”

Microsoft sneaks Vista SP2 out to manufacturers

Microsoft is hoping to release SP2 for Vista and Server 2008 before it releases a Windows 7 beta later this year, reports claim.
The company has created a Knowledge Base article documenting the new updates, although details of expected features and release dates are currently thin on the ground.

It is thought, however, that several hardware manufacturers have already received advance copies of the software, expected to include Hyper-V and several security fixes.

“This article discusses a beta release of a Microsoft product. Currently, the product release notes and related information about Windows Server 2008 SP2 and Windows Vista SP2 are not available,” explains the article.

The company is expected to release a public beta of Windows 7 towards the end of this year, and many current Windows XP users are expected to wait for the new version, without upgrading to Vista in the interim. This leaves little time to rollout the updates to Vista and Server 2008 if they are to precede Windows 7.

Microsoft has recently launched a $300 million marketing campaign designed to improve disappointing Vista sales, featuring comedian Jerry Seinfeld.

“What the brand stands for, particularly in the case of Windows Vista, has been defined by the competitors. The time is now for us to get in and start telling our story,” claimed Brad Brooks, a corporate vice president at Microsoft, last month.

Microsoft was unavailable to comment on an expected release date at the time of writing.

Google admits Android “kill switch”

Google has a remote “kill switch” that can be used to disable any application running on Android devices, it has emerged.
Within a terms and service document released by the company is an admission that it has the ability to stop any instance of a program running, a feature intended for use to protect users against malicious code.

“Google may discover a product that violates the developer distribution agreement… in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion,” explains the document.

Google has said that if it has to use the switch it will attempt to refund customers who have purchased the application in question, and recoup the money from the develop.

However, despite the fact that the company has been open about the feature, it may cost it potential customers.

“I for one would never purchase or support a device that had a kill switch,” complains one poster on the Google Android discussion forum.

Earlier this year it emerged that Apple had also installed such a mechanism in version 2.0 onwards of the iPhone firmware.

“Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull,” says Steve Jobs, CEO of Apple, at the time.

Office 14 to appear next week

Microsoft will offer attendees at its Professional Developers’ Conference a sneak peek at its latest Office suite, according to reports.
Little has been heard about Microsoft’s successor to Office 2007, currently titled Office 14, beyond a potential release date of late 2009 or early 2010, which appeared as part of a Powerpoint presentation leaked onto the internet.

However, according to ZDNet, the company will be offering a glimpse at the suite next week, despite the fact that current listings for the event suggest talks about Office will be restricted to the OOXML document format.

Microsoft, as with most of its major releases, has been tight-lipped about what to expect from the new Office, though back in February Bill Gates hinted that it would feature a greater online presence.

“Outlook Web Access is not the full version of Office, but if you want to go into a kiosk or an internet café and browse and connect, it gives you plenty of functionality,” said Gates. “As we look at all the modules [in Office 14] we have in mind the equivalent of Outlook Web Access.”

This was backed by Steve Ballmer, who admitted recently: “If you are in an internet café and you want to do some light editing we need to provide for that. That’s all I’m going to say about that otherwise there’ll be no drum roll in four weeks [at the Professional Developers Conference].”

The PDC kicks off October 27, and is looking to be a jam-packed event with Microsoft set to unveil Windows 7 and Windows Cloud.