Issue no. 387 - 12 May 2008

• Thieves set up data supermarkets (BBC News)
  Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price. Speaking at InfoSecurity Europe, security firm Finjan said it had seen thousands of such online services. Experts at the conference said web fraud was skyrocketing and called for police to urgently address the problem. Security guru Bruce Schneier said anti-cyber crime efforts needed to be closely allied to the scale of threats. See also Economist article.

Issue no. 386 - 20 April 2008

• UK - 'Illegal' ad system scrutinised (BBC)
  Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal". The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge. What Dr Clayton learned while quizzing Phorm about its system only convinced him that it breaks laws designed to limit unwarranted interception of data.

• UK - People are mugs over identity theft (Silicon News)
  Social network data makes life too easy for fraudsters. Identity theft is rife. Perhaps it's time individuals took a leaf out of business's book and adopted a personal information policy that will make life harder for criminals.

• Paypal to block 'unsafe browsers' (BBC)
  Web payment firm Paypal has said it will block "unsafe browsers" from using its service as part of wider anti-phishing efforts. Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it. Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4".

Issue no. 384 - 24 February 2008

• EE - Estonia fines man for 'cyber war' (BBC)
  A 20-year-old ethnic Russian man is the first person to be convicted for taking part in a "cyber war" against Estonia. Dmitri Galushkevich was fined 17,500 kroons (£830) for an attack which blocked the website of the Reform Party of Prime Minister Andrus Ansip. The assault, between 25 April and 4 May 2007, was one of a series by hackers on Estonian institutions and businesses. At the time, Estonia accused the Russian government of orchestrating the attacks. Moscow denied any involvement. Kremlin spokesman Dmitry Peskov told the BBC in May 2007 that the allegations were "completely untrue".

• Hackers Rig Google to Deliver Malware (PC World)
  Hackers loaded up more than 40,000 Web pages with malicious software and thousands of common search terms. They then employed an automated network of malware-infected computers--known as a botnet--to link to those sites in blog-comment spam and other places. The mentions elevated the position of the poisoned sites in search results, often to the first page.

• RU - Russia edges China as top malware source (Techworld.com)
  For the second time in a week, Russia has been named and shamed for its rising profile as a global malware hub. Last week, Sophos ranked Russia as number 2 on its league table of spam-relaying countries, behind the U.S., but well ahead of the usual suspect, China. Now Australian security company PC Tools reckons that Russia has overtaken China again, but this time as a producer of active malware such as viruses, Trojans and spyware.

Issue no. 383 - 27 January 2008

• Web vigilantes attack Scientology website (Times)
  A shadowy internet group has succeeded in taking down a Scientology website after effectively declaring war on the Church and calling for it to be destroyed. The group, which goes by the name of Anonymous, is a disparate collection of hackers and activists. It called for a wave of attacks against Scientology after accusing the Church of "campaigns of misinformation" and "suppression of dissent."

Issue no. 382 - 6 January 2008

• EU - Commission welcome intervention by Dutch regulator OPTA against spyware and malware (RAPID)
  The Dutch Telecom Regulator OPTA has imposed a fine totalling 1 million euro on three Dutch enterprises for illegally installing software - so called spyware and adware - on more than 22 million computers in the Netherlands and elsewhere. The companies fined now by OPTA operated together under the name DollarRevenue, which was considered to be among the 10 largest spyware distributors in the world. They managed to install the software on personal computers via downloads from the Internet and by exploiting security loopholes in computer programmes. The illegally installed software allowed the companies to spy on the consumer's on line behaviour and triggered pop-up windows containing specific advertising material. Unlawful access to a personal computer to stall information such as spyware and adware is prohibited under European law, namely article 5(3) of the EU's ePrivacy Directive of 2002. National regulators are called upon to enforce this prohibition by deterrent measures. Yesterday's decision by OPTA is the first time that a national regulator has resorted to drastic fines against a company acting in violation of the EU ban.

Issue no. 381 - 8 December 2007

• UK - Campaigners hit by decryption law (BBC)
  Animal rights activists are thought to be the first Britons to be asked to hand over to the police keys to data encrypted on their computers. The request for the keys is being made under the controversial Regulation of Investigatory Powers Act (RIPA). Police analysing machines seized during raids on activist's homes carried out in May have asked for the keys. The activists could face jail if they do not comply and snub a further formal request to hand over the keys.

• UK - Law requiring disclosure of decryption keys in force (OUT-LAW)
  Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect yesterday. The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term. The measure has been criticised by civil liberties activists and security experts who say that the move erodes privacy and could lead a person to be forced to incriminate themselves.

Issue no. 380 - 30 September 2007

• Virtually clean (Economist)
  Hacking used to be done by kids for kicks or bragging rights. Nowadays, it's big business for organised crime, often out of reach of the law, on the far side of the world. Connect an unprotected personal computer to the internet for more than 15 seconds and it will almost certainly be attacked by a virus or worse. That's how ruthlessly effective the army of malicious robots, dispatched by criminals to scour the net for vulnerable computers, has become.

Issue no. 379 - 2 September 2007

• EU - Information security awareness raising activities. (ENISA)
  ENISA presents the 1st European report on current practices on measuring successful awareness raising initiatives in information security across the EU, with responses from 67 European organisations headquartered in 9 different countries. The main areas studied are: The importance of information security awareness, Techniques to raise information security awareness, and Mechanisms to measure the effectiveness of awareness programmes.

• Facebook's code leak raises fears of fraud (Guardian)
  Experts are warning internet users to be more careful with their private information after secret code from the popular social-networking site Facebook was published on the internet. This is the first time that some of the site's secret operational code has been made public. Although it does not allow hackers to access private information directly, it could help criminals close in on personal data, according to one expert.

Issue no. 378 - 5 August 2007

• Net criminals shun virus attacks (BBC)
  Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts. Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets.

• The bounty hunters (Economist)
  Suppose you are a computer hacker and you discover a bug in a piece of software that, if it were known to the bad guys, would enable them to steal money or even a person's identity. How might you sell your discovery for the highest price? A service has been launched intended to make the whole process of selling bugs more transparent while giving greater rewards to hackers who do the right thing.

• US - Identity theft? What identity theft? (Infoworld)
  The GAO reports that identity theft really isn't a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks.

• US - Peer-to-peer networks can pose a "national security threat" (CNET News)
  The US Congress really doesn't get tech. Politicians charged that peer-to-peer networks can pose a "national security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers.

• Warning of webmail wi-fi hijack (BBC)
  Using public wi-fi hotspots has got much riskier as security experts unveil tools that nab login data over the air. Demonstrated at the Black Hat hacker conference in Las Vegas, the tools make it far easier to steal account details, said Robert Graham of Errata Security. Identifying files called cookies are stolen in the attack which let hackers pose as their victim. This gives attackers access to mail messages or the page someone maintains on sites such as MySpace or Facebook.

Issue no. 377 - 5 July 2007

• ENISA and ITU launching Security Standards Portal (Euroap)
  ENISA, the European Network and Information Security Agency together with the International Telecommunication Union (ITU), is launching a new portal for IT security standards, for the first time giving Europe one, single access point for IT security standards. The project, called 'ICT Security Standards Roadmap', was initiated by the ITU Telecommunication Standardisation Sector (ITU-T). From the beginning of 2007, it became a collaborative effort between ENISA, ITU-T, and the Network and Information Security Steering Group (NISSG). One of the objectives of this security standards portal is to provide a central tracking facility for NIS standards. It facilitates identification of standards and standardization activities, as well as coordination among standardization bodies, reduction of duplicate work and easier identification of existing gaps.

• EU - Evaluation of the European Network and Information Security Agency (ENISA) (Europa)
  A public consultation has started on the future of ENISA, the European Network and Information Security Agency. This public consultation was announced on 1 June in a Commission Communication on the evaluation of ENISA. ENISA was established in order to enhance the capability of the Community, the Member States and consequently the business community to prevent, to address and to respond to major network and information security risks, from 14 March 2004 for an initial period of five years.

• NATO says addressing cyberattacks is urgent (Reuters)
  NATO defense ministers agreed that fast action is needed to tackle the threat of cyberattacks on key Internet sites. Estonia suffered an onslaught of cyberattacks on private and government Internet sites, peaking in May after a decision to move a Soviet-era statue from a square in Tallinn prompted outrage from Russian nationals in Estonia and a diplomatic row with Moscow.

• US - Hacker attack on Pentagon e-mail (BBC)
  A hacker has managed to penetrate one of the Pentagon's e-mail systems, leading officials to take up to 1,500 accounts offline. The e-mail system did not contain classified information relating to military operations, a spokesman said.

Issue no. 376 - 10 June 2007

• Cyberattack in Estonia--what it really means (CNET News)
  On April 27, officials in Estonia relocated a Soviet-era war memorial. The move incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a large and sustained distributed denial-of-service attack on several Estonian national Web sites, including those of government ministries and the prime minister's Reform Party. A distributed denial-of-service, or DDoS, attack occurs when hundreds or thousands of compromised computers are enlisted.

• Google searches web's dark side (BBC)
  One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis". About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code.

• RU - Russia accused of unleashing cyberwar to disable Estonia (Guardian)
  A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with Nato urgently examining the offensive and its implications.

Issue no. 373 - 11 March 2007

• EU - What role for government, security providers and users? (Europa)
  Viviane Reding, Member of the European Commission responsible for Information Society and Media, Enhanced information security in software and services. European Information Security Awareness Day, Brussels, 27 February 2007.

• New shield foiled Internet backbone attack (CNET News.com)
  An attack in early February on key parts of the backbone of the Internet had little effect, thanks to new protection technology. The distributed denial-of-service attack on the Domain Name System proved the effectiveness of the Anycast load-balancing system, the Internet Corporation for Assigned Names and Numbers(ICANN) said. see also: ICANN has released a factsheet concerning the recent attack on the root server system on 6 February 2007. The factsheet is intended to provide an explanation of the attack for a non-technical audience in the hope of enlarging public understanding surrounding this and related issues. [Ed: it does - very clearly written]

Issue no. 372 - 25 February 2007

• EU - Is a communications collapse possible in Europe? (RAPID)
  The European Commission is seeking feedback on how best to safeguard our electronic networks against disruption from attack or natural hazards. This follows a public presentation of the findings of a study which identifies a range of important issues for ensuring that our future networks are sufficiently protected and resilient. As the services and processes that they support become increasingly interconnected and interdependent, the consequences of the failure of or criminal attack on a single network or sub-system could potentially be propagated more widely and faster than ever before. Protective measures need to be put in place to ensure that critical services and infrastructure are not vulnerable to such failures, and that there can be no 'domino effect' that might otherwise result in a major technological collapse of communications and the many services they support.

more items

QuickLinks consists of

• a free newsletter appearing approximately every two to three weeks. The newsletter is distributed by electronic mail through an "announcement only" mailing list.
• a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.