Latest News
From Complex Events Processing and Anomaly Detection
The following articles have been selected from a variety of RSS feeds and is updated once a day. If you would like to suggest an RSS feed to be included here please let us know.
Recent Posts
(updated Fri Feb 19 09:00:02 GMT 2010 )Technology news, comment and analysis | guardian.co.uk : Fri, 19 Feb 2010
Kneber attack resurrects notorious Zeus Trojan, say experts
There's been a lot of noise online about the so-called "Kneber" botnet, which has compromised more than 70,000 computers and stolen thousands of pieces of data. According to reports, around 2,500 companies were hit over the last 18 months as part of a botnet first spotted by NetWitness in January. The subject - cybercrime attacks undertaken by organised gangs of hackers - has become a hot topic in recent months, not least after Google accused Chinese hackers of trying to steal information from it and a string of other companies . In fact, however, is not a brand new attack. According to Symantec, the so-called "Kneber" strike is merely the resurrection of an existing Trojan that has been known about for some time. "Kneber, in reality, is not a new threat at all, but is simply a pseudonym for the infamous and well-known Zeus Trojan," said the company. "The name Kneber simply refers to a particular group, or herd, of zombie computers, a.k.a. bots, being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot, which also goes by the name Zeus, which has been being observed, analyzed and protected against for some time now." "Since Zeus/Zbot toolkits are widely available on the underground economy, it is not uncommon for attackers to create new strings, such as Kneber, of the overall Zeus botnet." We have written about Zeus before - last November two people were arrested in Manchester on suspicion of using Zeus to steal people's bank details , part of a series of systematic strikes that had led experts to claim it was "one of the most notorious pieces of malware to have been seen recently" . To be fair, NetWitness was not claiming that the Kneber attack was a new method. Indeed, in the company's white paper on the strikes (registration required) says prominently that "the format and structure of the logged data indicate a Zeus Trojan botnet". What does this mean? Above all, it would indicate that anyone already protected against Zeus would have been insulated from the Kneber attacks. Secondly, it shows that Zeus isn't just successful at stealing people's banking details (which is what it had largely been used for in the past). According to Netwitness, the attacks were successful in stealing credentials from social networking websites - Facebook, Yahoo and hi5 were all hit, as well as other networks like MetroFlog and Sonico. NetWitness also suggests that a number of government agencies in the US and Europe were hit - though it's not clear whether their systems were successfully breached. More as we find it. Data and computer security Internet Computing Windows Bobbie Johnson guardian.co.uk © Guardian News & Media Limited 2010 | Use of this content is subject to our Terms & Conditions | More Feeds
NYT > Business : Fri, 19 Feb 2010
Rabbi Is Charged With Trying to Extort $4 Million From a Hedge Fund
The rabbi told lawyers for a Connecticut fund that he would instruct a federal inmate to tell prosecutors that the fund had benefited from insider trading.
NYT > Business : Fri, 19 Feb 2010
Task Force Warns Anew on Terrorist Funding From Iran
Iran leads the list of countries that have failed to crack down on money laundering and terrorist financing, a global task force said.
NYT > Business : Fri, 19 Feb 2010
Former UBS Banker Settles Insider Trading Claims
The New York attorney general’s office said that the executive, David Shulman, would pay $2.75 million to settle the claims.
NYT > Business : Fri, 19 Feb 2010
Fraud in Wine Sent to U.S. From France
A dozen producers and traders were found guilty of having supplied an U.S. trader with mislabeled “Pinot Noir” wines.
The Register : Thu, 18 Feb 2010
Industry groups leap to Chip and PIN's defence
Despite research showing signs of terminal weakness
Analysis Banking industry suppliers have lined up to defend Chip and PIN, following the release of research last week from Cambridge University demonstrating how cybercrooks might be able to bypass security controls on credit and debit card transactions in shops.… Case Study: WhatsUp keeps Legoland turnstyles ringing
Technology news, comment and analysis | guardian.co.uk : Thu, 18 Feb 2010
Kneber botnet catches 2,500 companies worldwide
About 75,000 personal computers in almost 2,500 companies and government agencies worldwide have been caught in a botnet based on a new variant of the ZeuS Trojan About 75,000 personal computers in almost 2,500 companies and government agencies across the globe have been caught in a botnet uncovered by a researcher at the US-based NetWitness network forensics firm. Hackers were able to collect logins and passwords for Facebook, Yahoo, Hotmail and other accounts, including online banking sites. They were also able to access some corporate servers used to store confidential data, including one used for processing credit-card payments. Companies reportedly attacked include Paramount Pictures, Merck, Juniper Networks and Cardinal Health in the US, but affected computers in more than 200 countries including Egypt, Mexico, Saudi Arabia, Turkey. The Wall Street Journal reported that Merck and Cardinal Health said they had isolated and contained the problem, and Merck said "no sensitive information was compromised". NetWitness's Alex Cox uncovered the botnet while installing monitoring software to help a large corporation deal with cyberattacks. He found a 75GB cache of data generated by the botnet, which NetWitness has called Kneber after a username linking the infected systems. NetWitness said in a statement: "Disturbingly, the data was only a one-month snapshot of data from a campaign that has been in operation for more than a year." The PCs in question, almost all running Microsoft Windows XP or Vista, had been compromised by a new variant of the well-known ZeuS Trojan, which is one of the "top five" in its class. Cox told the SearchSecurity.com site that the variant used in the latest attacks had a detection rate of less than 10% among antivirus software. The botnet communication was also shielded from detection by existing intrusion detection systems. "This is not about a single piece of malware on 75,000 machines, it's about how bad the security industry is responding to these incidents and how bad the problem is," said Cox. SearchSecurity.com said "the cybercriminals exploited vulnerabilities in Adobe Flash as well as holes in Adobe Reader and Acrobat using malicious PDF applications in spear phishing attacks, according to Cox. They also used exploit kits to set up drive-by attacks to infect victims." The discovery of the Kneber botnet follows publicity about attempts to penetrate Google and other companies, dubbed Operation Aurora. In this case, the botnet command centre appears to have been in Germany, while ZeuS appears to be mainly the work of cybercriminals based in Eastern Europe. ZeuS is often used to collect data from online forms, including names, dates of birth, and account names and passwords, and one special feature is that it can work with the Firefox web browser. Amit Yoran, chief executive of NetWitness and former Director of the National Cyber Security Division, said: "While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet. These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe. Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats." NetWitness also said that "over half the machines infected with Kneber also were infected with Waledac, a peer to peer botnet." This suggests some level of co-existence if not active cooperation between cybercriminals, where a PC could continue to operate in one botnet even if the other was found and removed. Earlier this month, there was a small "botnet war" after the upstart Spy Eye appeared with a feature called Kill Zeus. This aims to remove ZeuS from the victim's PC, giving Spy Eye exclusive access. However, by far the biggest and best botnet is still Conficker, with more than 5m PCs. Data and computer security Internet Facebook Email Computing Windows Jack Schofield guardian.co.uk © Guardian News & Media Limited 2010 | Use of this content is subject to our Terms & Conditions | More Feeds
Technology news, comment and analysis | guardian.co.uk : Wed, 17 Feb 2010
Battle over climate data turned into war between scientists and sceptics
Whether it was democracy in action, or defence against malicious attempts to disrupt research, climate scientists were driven to siege mentality by persistence of sceptics In a unique experiment, The Guardian has published online the full manuscript of its major investigation into the climate science emails stolen from the University of East Anglia, which revealed apparent attempts to cover up flawed data; moves to prevent access to climate data; and to keep research from climate sceptics out of the scientific literature. As well as including new information about the emails, we will allow web users to annotate the manuscript to help us in our aim of creating the definitive account of the controversy. This is an attempt at a collaborative route to getting at the truth. We hope to approach that complete account by harnessing the expertise of people with a special knowledge of, or information about, the emails. We would like the protagonists on all sides of the debate to be involved, as well as people with expertise about the events and the science being described or more generally about the ethics of science. The only conditions are the comments abide by our community guidelines and add to the total knowledge or understanding of the events. The annotations - and the real name of the commenter - will be added to the manuscript, initially in private. The most insightful comments will then be added to a public version of the manuscript. We hope the process will be a form of peer review. If you have a contribution to make, please email climate.emails@guardian.co.uk . The anonymous commenting facility under each article will also be switched on so that anyone can contribute to the debate. This story is dark; there are no heroes. Environmentalists will be distressed at what happens in the labs; many may think we should not publish for fear of wrecking the already battered cause of fighting climate change. But some of it, according to the British government's Information Commissioner , may have been illegal. Remember two other things. First, this was war. The scientists were under intense and prolonged attack, they believed, from politically and commercially motivated people who wanted to prevent them from doing their science and trash their work. And they had, as their most vocal protagonist Professor Michael Mann puts it in one email , "dirty laundry one doesn't want to fall into the hands of those who might potentially try to distort things ..." Meanwhile, their attackers came to believe that the scientists were fraudsters. In many ways, what follows is a Shakespearean tragedy of misunderstood motives. There are two competing analyses of what "climategate" means. One sees it as the mob entering the lab – the story of a malicious attempt to disrupt, cross-question, belittle and trash the work of mainstream scientists. This may or may not have been the motivation for the original hack, but it has certainly been the motive of some who have driven the news agenda since. The second analysis sees it as democracy in action – the outcome of an entirely laudable effort by amateur scientists and others outside the scientific mainstream, headed by Canadian mathematician Steve McIntyre, to gain access to the complex data sets behind some of the climate scientists' conclusions, and to subject them to their own analysis. The interweaving of these two narratives has created the tragedy of climategate. The bunker mentality of climate scientists such as the key email correspondents – headed by the director of the Climatic Research Unit (CRU) at the University of East Anglia, Phil Jones – is exposed in the emails. But so too is the chaos caused in the labs by the efforts of outsiders to question what was going on, without using the established rules of science, like working through publication in peer-reviewed literature. The clash of cultures between the blogosphere and the pages of august journals such as Nature could not be greater. All this happened against the backdrop of a long-term assault by politically motivated, and commercially funded, climate-change deniers against the activities of many of the key scientists featuring in the emails. Indeed it is striking that people with a limited scientific involvement with CRU who have been victims of past attacks – such as Kevin Trenberth of the US government's National Centre for Atmospheric Research (NCAR) and Ben Santer of the Lawrence Livermore National Laboratory – became regular email correspondents with Jones and his colleagues. They were huddling together in the storm. Through the emails we also see that some insiders were always demanding more openness from their colleagues and providing candid criticism of shoddy or mistaken work. One person stands out in this: Tom Wigley. He was Jones's former boss, having preceded him as head of CRU. Now based at the University Corporation for Atmospheric Research, in Boulder, Colorado, Wigley kept up a vigil for honesty and integrity in emails over many years. If there is a hero in this sorry tale, perhaps it is Wigley. The science discussed in the emails is mostly from one small area of climate research — the taking of raw temperature data from thermometers, satellites and proxy measures of historical temperatures such as tree rings and turning it into useable information on temperature trends. The result being iconic graphs like the famous "hockey stick", first published 12 years ago and one of climate science's most famous and controversial products. It shows a long period of natural stable temperatures followed by a sharp, exceptional warming in the late 20th century. In this area of work, CRU has been crucial. Under Jones's management, it has assembled the most comprehensive thermometer data record in the world, much of it under contract to the US Department of Energy. It is also home to some leading tree-ring researchers like the deputy head of the CRU, Dr Keith Briffa. The acerbic correspondence of Jones and Briffa with Michael Mann of Penn State University , the chief creator of the hockey stick graph, is a central feature of the emails. CRU's work is the prime (though not the only) basis for the claim that man-made global warming is happening now and is exceptional in history. But as it comes under assault, it is worth remembering that it does not directly touch on other key issues like the physics of climate change, forecasts of future climate change and so on. Even if all the work of CRU were revealed as entirely phoney, which is far from being true, it would not demonstrate climate change was a hoax, or even much alter predictions of future climate. The emails reveal that Jones, Briffa, Mann and other emailers were the gatekeepers of the science on which they worked. These men (there are virtually no women in the emails) reviewed papers by colleagues and rivals. They held key writing positions with the Intergovernmental Panel on Climate Change (IPCC) in its assessments of the science of climate change. So if they are damaged, then so is the IPCC. Their correspondence reveals that there is some basis to the charge, made in October 2009 by climate contrarian Ross McKitrick, an environmental economist at the University of Guelph in Canada, that that "the IPCC review process is nothing at all like what the public has been told. Conflicts of interest are endemic, critical evidence is systematically ignored and there are no effective checks and balances against bias or distortion." There are more than a thousand leaked files of emails to and from scientists and CRU. The emails are clearly a small subset of all the emails that would have been sent and received by CRU scientists since the first one in 1996. Nobody is yet clear why this set made it into the public domain, but they are overwhelming between CRU scientists and foreign compatriots. They include technical discussions about tree ring chronologies and data analysis, scheming about how to repel Freedom of Information (FoI) requests, and bitching about their enemies among the sceptics – the group the scientists referred to as "the contrarians". Our analysis finds previously undisclosed evidence of slipshod use of data and apparent efforts to cover that up. It also finds persistent efforts to censor work by climatic sceptics regarded as hostile – especially those outside the scientific priesthood of peer review – or those able to generate headlines in media outlets thought unfriendly, like Fox News. We would agree with Judy Curry of the Georgia Institute of Technology, a leading climate scientist who maintains contacts with both camps, who says: "There are two broad issues raised by these emails ... lack of transparency in climate data, and 'tribalism' in some segments of the climate research community." McIntyre's war Climategate would not have happened without one man: a Canadian squash-playing blogger and data obsessive in his 60s called Steve McIntyre. Hero or villain, his data wars with Mann, Jones, Briffa and Santer largely created the siege mentality among the scientists, set them on a path of opposition to freedom of information, and by drawing in scores of data liberationists inside and outside the science community, almost certainly inspired whoever stole and released the emails. McIntyre, a trained mathematician, had a successful career heading small Canadian minerals companies, often using his statistical prowess to analyse mineral prospecting data and out-bet his rivals. In 2002, he took up a new hobby – investigating climate change science. It started with an email from his home in Toronto to Jones at CRU asking for some weather station data. Initially the exchanges, as revealed on McIntyre's website ClimateAudit , were civilised. But as the years passed, and his data demands grew greater, relations soured. From the start, McIntyre deconstructed studies that claim to show evidence of large-s...
Finextra Research Risk channel : Wed, 17 Feb 2010
Diploma Mills Facilitate Identity Theft - community blog from Robert Siciliano
Finextra Research Cards channel : Tue, 16 Feb 2010
Barclaycard unveils mobile phone payment terminal
Barclaycard has unveiled a system that turns smart phones into chip and PIN card payment terminals at the Mobile World Congress in Barcelona.
BBC News | Technology | UK Edition : Tue, 16 Feb 2010
MP's fraud fear over free laptops
Nothing is stopping low-income families from selling laptops given to them for free by the government, a Tory MP says.
Finextra Research Payments channel : Mon, 15 Feb 2010
Chip and PIN - not perfect, but the best we have - community blog from Steve Brunswick
Finextra Research Payments channel : Sun, 14 Feb 2010
Fraud detection and UE: why are Millennials slower? - community blog from Ohad Samet
Finextra Research Cards channel : Fri, 12 Feb 2010
Chip and PIN is broken - community blog from Steven Murdoch
Finextra Research Cards channel : Thu, 11 Feb 2010
Flaws in EMV Chip and PIN - community blog from Matt Scott
Finextra Research Security channel : Wed, 10 Feb 2010
US identity theft continues to rise - Javelin
The number of American identity fraud victims rose 12% last year to 11.1 million, with losses hitting $54 billion, according to an annual report from ...
Finextra Research Risk channel : Thu, 4 Feb 2010
Phishers net EUR3m in carbon markets attack
Fraudsters have hit the international carbon market, using a phishing scam to steal around 250,000 permits worth over EUR3 million.
Search
