Once again we learn about a credit card processor being hacked and millions of credit card numbers being stolen.  The latest incident involved Global Payments Inc (NYSE: GPN) who detected and reported that less than 1.5 million credit card numbers have been stolen.  The fact that they detected this and reported it is good news.  The fact that they were prepared is better.  According to GPN’s press release of April 1, 2012 the criminals were not able to obtain the cardholders names, addresses and social security numbers.  This limits the amount of future identity fraud that could occur.

Why do hackers go after credit card processors?  They do so because there are millions of credit card numbers in one place.  This underlines a critical issue about the Internet.  It is unsafe!  Individuals and organizations can make themselves safer but never safe.  Once you put anything on the Internet it becomes available to the entire world. The reason why we keep hearing about and will continue to hear about major break-ins.

This incident isn't as big of a problem as you might think at first because of the prevent steps taken by GPN.  GPN is contacting credit card holders so you might get a letter in the mail with a new card.  I would not expect an email but you might get a phone call.

While this incident is unpleasant other crooks are attempting to make money from the publicity of this problem by sending out scam emails pretending to be GPN or a bank.  In the lower left of the GPN website is a small note that, “Global Payments never sends e-mails requesting customer passwords or login credentials”.  Protect your personal information and never click on unsolicited web links provide in an e-mail or other correspondence.

If you need to follow a link provided in an email then enter it by hand and always be aware that the link that is shown and the underlying address can be different.  Even the address shown might be a slight misspelling to throw you off the course!
It is fairly easy for you to protect yourself against credit card fraud.  First, call the telephone number on the back of your card and ask if your number was stolen.  Secondly, read all of the charges on your statements.  You should be doing this every month because there are a lot of things that can cost you money on your statement that you didn’t authorize.  If you find any problem use the phone number on the back of the card to question or deny any suspected charges.

In an article by Devlin Barrett in the Wall Street Journal, 28 Mar 2012, the FBI's top cyber expert Mr. Shawn Henry provided a negative opinion of the United State's ability to keep computer hackers from stealing.  He is quoted as stating that the current public and private approach of defending against cyber attacks is "unsustainable".

Meanwhile the Whitehouse website posted on 23 March 2012 a blog entry from Howard A. Schmidt, Cyber security Coordinator and Special Assistant to the President, stating that his office is coordinating with cyber security experts from DHS, DOD, NIST and OMB.  These efforts benefit the Federal Government.

In a July 2011 speech by Deputy Secretary of Defense William J. Lynn III, he addressed the need for stronger cyber defense.  He feels that the DOD Cyber Strategy should mirror their position in the real world and work toward preventing wars.
That is all very nice but who is taking care of us? If the statement by Mr Shawn Henry is accurate that the current defense against cyber attacks is “unsustainable” then I would suggest that small business look to CyberSoft’s VSTK product because of the innovative features that are constantly evolving to address the various types of cyber attacks. The FBI seems to be the only agency that is helping us little people.  They are arresting international crime syndicates, picking up spies and generally doing their best at an impossible job. 

Who has the responsibility to protect us?  It's a shared responsibility with Congress.  They have to provide authority and funding to the FBI, DOD and other agencies.  Business need to change their behavior in using computer networks and improving the technology will go a long way in providing protection. Products such as VSTK can contribute to providing the protection companies need against cyber attacks.

Federal agencies are doing what they can but Congress hasn’t given them the funding necessary to adaquately protect our infra structure. The FBI is trying to protect us, the DOD is trying to protect the Federal Government and prepare for a cyber war, the Whitehouse is trying to coordinate efforts within the Federal Agencies to protect themselves but not protecting the general public is leaving the biggest loaded gun anyone ever saw lying around. There are paths to improving the situation:1- we improve the technology and change our behavior in operating vulnerable networks; 2- we support american companies that are developing innovative products such VSTK and 3- we support providing the resources to protect our government. The longer we delay the less our ability to address these issues before its too late.

What can you do?  Write a letter to your Congressmen telling them you want to see action on this issue. The FBI and DOD are doing a great job with the resources they have and should be allowed to continue but with the money and tools needed to defend not just the government but also the general population before its too late.  After that your best course of actions is to keep your computer fully patched, have a good antivirus product installed.  If you find yourself caught in a cyber war unplug your computer from the Internet or just turn it off.
 
 

I was recently asked to investigate a computer that was sending out spam email. This is a common problem and is usually a trojan infection. In this case there was no infection!  In fact, everything looked normal so this became a challenge. How did the attacker gain control of this computer without a backdoor? A firewall, antivirus, up-to-date patches and full security protected the computer.  I started to investigate the email system, which is Yahoo.  I checked the web browser and there was nothing wrong.  The password on the email account was random words and numbers and would not be guessed.

Finally, I logged on to the Yahoo Email service and investigated the settings.  Eureka!  The setting had a referral email address for a smart phone! I knew this was fake.  After investigation it was clear that the smart phone address was set to another email address on Yahoo.  This address was very similar to the real email address with only one character out of place.  When I investigated where this account was sending messages from it showed countries all over the world.  Clearly was just an attempt at stealth.  I deleted the settings, changed the account password and reported the fraud.  The problem went away and has not returned.

I believe it was a drive-by attack from a hacked website.  My guess is all the major email services have similar attacks.  If you find that your friends are reporting spam from your email address and you have already checked everything else then check the settings on your account and change the password.   What made this attack so clever is that there was nothing on the computer for a virus scanner to detect!  Thankfully, it is easy to get rid of.

The next attack was a phishing attack that I received that appeared to be from American Express.  It stated that the email address on my account was changed.  This might panic people into clicking on the link provided.  Their words were, “If the new e-mail address is not correct or you did not request this change, please click here.”  If you hover your cursor over the link you find it is a website in Jakarta, Indonesia.   Other link in the email went to the country of Uzbekistani.  You cannot trust the “from” address in the email since that can be made to appear as if it is from anyone.  If you clicked on the link, you got infected.

Your best method of detecting these types of attacks is to use the hovering cursor to see the actual link.  If you still think the message is real then call on the phone or enter the company’s website address by hand.  If you don’t know the real website address use a search engine.  In this case I would go to www.americanexpress.com.

Peter Radatti is the CEO of the CyberSoft Operating Corporation and has been dealing with computer security for governments for over 24 years. Contact him at www.cybersoft.com.

The anti virus industry is all excited about a new remote control worm and its gaining press coverage.  If you are an average home computer user you don’t have to worry too much about it.  If you use remote desktop help than you need to worry.  The Microsoft Remote Desktop Protocol (RDP) is often used by help desks to provide off site system administration and repairs.  The RDP feature defaults to off on most systems so unless you turned it on it will not be a problem.  The good news is that Microsoft fixed the problem in patch release MS12-020.  Run the Windows Update service and you won’t have to worry.

As my readers already know the Chinese Army is the world leader in cyber war and has been successfully attacking the United States for many years.  According to the US Government the Chinese have managed to steal many military and government secrets along with commercial secrets that can be used to give their industry a competitive edge against us.  This is in addition to their research in how to take over our electrical grid and other services.   The Chinese are also concentrating on stealing the source code secrets of many computer security products and have been successful.  Having the source code makes it easier to bypass the security.  Companies have made it easy for them in many cases by either contracting the work out to Chinese companies or by allowing the source code on networks with a connection to the Internet.  There is a new unsubstantiated rumor that the Chinese Army has moved into a new phase in their attacks against the United States.  Smaller computer security companies tend to be more secure than larger companies and generally their products are 100% made in the USA.   This is very hard for them to steal.  These products also tend to be very specialized and used by the government. The one weapon the Chinese Army has that is hard to defend against is a lot of US money.  The rumor is that the Chinese Army is spreading around money to try and put these smaller computer security companies out of business.  If this rumor is true then you can expect to see a lot of not well known but critical smaller companies go out of business.

A report on the Chinese Capabilities for Computer Network Operations and Cyber Espionage concludes “Chinese computer network operations reflect a nation fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace”.  Computer technology is strategic for the Chinese beyond military applications and is applied to long-term national development. The Chinese People’s Liberation Army considers the ability to seize information dominance as prerequisite for achieving victory.   Their Army considers that it is critical to protect their own networks while attacking an enemy’s network.   Meanwhile the United States is being left in the dust for our ability to defend or attack.

Peter Radatti is the CEO of the CyberSoft Operating Corporation and has been dealing with computer security for governments for over 24 years. Contact him at www.cybersoft.com.

The Internet is full of scammers. Every thief that thinks they can trick people out of money has some scam on the Internet and unfortunately many of them are successful.  Scams are designed to appeal to our basic natures. Either they are pleas for help or appeal to our need for money or greed. Any strong emotion can be used to control us as part of a scam. According to the FBI and the Internet Crime Complaint Center the latest scams are all new twists to old crimes.  The first is the Mystery Shopper scam.  The thieves contact people who either respond to online advertisements for jobs or have their resumes posted on a jobs site.  These are unemployed people who need jobs and that make them susceptible to this scam.  They are offered a job as a mystery shopper evaluating banking services.  The victim is mailed a cashier’s check or money order with instructions to cash the check, keep their fee and wire transfer the rest back to the crooks.  They then fill in a survey with how they liked the transfer process at that bank.  Of course the check is fake and victim has to make up the loss in thousands of dollars.  If you sign up for this deal but don’t follow through the crooks send you threatening emails.  Do not fall for this scam but if you do get involved with this or any similar scam don’t ever transfer money to someone you don’t know.  Ask the bank for help before you try to cash the check to make sure it is real or fake.  It is never real.

The next scam is by thieves who claim to be military contractors doing construction in Libya.  The hook comes in the form of unsolicited email sent to thousands of individuals.   They have mystery boxes of money, guns, drugs and other valuables found in Muammar Gaddafi’s homes.  They want help transferring the money out of the country and you lucky person you are their chosen victim.  Of course they need your bank account number and personal information for the deal to work.  It is a scam.

My last warning for today is an Internet version of the Pox Party that some parents send their children to in order to contract the Chicken Pox while still a child.  The parents think they are doing their children a service since the pox is easier to weather as a child but dangerous as an adult.  These Internet advertisements offer to sell you candy, rags and other material infected by a child with the pox.  Not only is deliberately spreading infectious diseases a federal crime but it is very dangerous!  The Center for Disease Control warns that pox infected material may also carry other diseases including hepatitis A and strep.  Stay safe and don’t fall for this scam.

Peter Radatti is the CEO of the CyberSoft Operating Corporation and has been dealing with computer security for governments for over 24 years. Contact him at www.cybersoft.com.

Facebook is popular and a lot of fun and it is good for businesses that want to communicate directly with customers.  That makes it a prime target for crooks that want your money.  Unlike the Trojan horses and viruses that directly steal your bank account access Facebook attacks are usually more of an indirect attack.  This is true for all of the social networks.

According to the Microsoft Malware Protection Center the Ramnit Worm has begun to target Facebook users.  In fact, assigning the term worm to Ramnit is miss leading.  It infects Windows executables and html documents, which makes it a virus; it has the ability to send itself to other computers, which makes it a worm.  It steals Internet cookies, banking information, Facebook and other login information.  Seculert’s research lab found an Internet site with over 45,000 stolen Facebook login passwords.  Symantec reports an estimate that Ramnit accounts for 17.3 percent of all new infections while Microsoft estimates about 800,000 infected systems existed by the end of December 2011.

You might be thinking that since you don’t store money in your Facebook account it doesn’t matter if someone is able to steal your account.  Wrong!  Remember all the scammers that play confidence games?  These scammers are a low class of scum.  They discovered the magic of technology.  Instead of running one or two confidence games at a time they now run thousands.  Facebook, LinkedIn and other social networks are some of their targets.  In addition, if you use Facebook Credits there is financial information about you in Facebook.

One of the most common scams is known as the London Scam.  A crook takes over your account and changes your password so you can’t get in.  They then post an emergency message to the extent that you are traveling in London and have been robbed.  You need money to get home.  Many people, friends and family, have been caught in this trap and it is common for people to send money to help a friend get home.

Facebook has been trying to automatically detect and disable scams of this type but Facebook is not known for quick response.  Here are some things you can do assuming you can’t login to your account:

1. Click on the Report-this-Page link in the bottom left corner of every Facebook page.
2. Report this to the local police and the Internet Computer Crime Complaint Center www.ic3.gov
3. Send an email to everyone.
4. Create a new Facebook page using REAL-yourname and friend everyone with the message that the other account was hacked.

If you see a friend’s account that is running this scam do the following:

1. Report the page to Facebook, as above.
2. Call or email your friend and let them know what is happening.
3. Never send money.

Peter Radatti is the CEO of the CyberSoft Operating Corporation and has been dealing with computer security for governments for over 24 years. Contact him at www.cybersoft.com.

There is a new Zeus Trojan horse program that is designed to steal money from your online bank account.  This version of Zeus is called Gameover.  There is nothing new about Zeus or the Gameover version of Zeus.  In fact the FBI estimates that 4 million computers are infected with Zeus.  Think of that as 4 million bank accounts that can be robbed.

As software companies like Microsoft and antivirus companies fight this scourge the thieves adopt new methods of finding victims.  The hundreds of millions of dollars involved insure that the thieves and the good guys have access to some of the smartest people available.  Every time an antivirus company identifies a version of Zeus the thieves change the program so new versions can no longer be detected.  The game moves back and forth between the two warring sides, hence the name Game Over.

What you need to know is that the Game Over Trojan attempts to find victims by email.  If you receive an email that states it is from the NACHA, FDIC, Federal Reserve bank,those institutions don't send out unsolicited emails. In general you should never trust any unsolicited email and you should never click on any attachment or website in one.

Generally these fake emails attempt to scare you into clicking on them.  The message will be something like there is a problem with your bank account or an ACH payment.  I receive a lot of these messages and really enjoy the fact that they are from banks that I don’t have accounts at, banks I never heard of or a government agency that doesn’t send out messages of this type.  Now that you are clued in you can laugh at them too and not get caught.

Here is what you need to do if you do get infected.  First call the bank and change the password to your online account.  Do not change it online unless the bank is closed then use a different uninfected computer.  Verify that your account was not robbed; again do this on the phone or in person.  Ask the bank for help.  If this is a personal account they may replace your stolen money.  If this is a business account you may be out of luck.  If you were robbed you need to make it a matter of record.  File a local police report.   You should also file a complaint with the Internet Crime Complaint Center, which is jointly operated by the FBI and the NW3C.  Their website address is http://www.ic3.gov.  You will need to give them as much information as possible including a copy of the email if you still have it.

You can help avoid these problems by making sure your antivirus program and operating system is up to date and the auto-update feature is on.  Then don’t click on anything that doesn’t look right, like messages from a bank you don’t deal with.

Peter Radatti is the CEO of the CyberSoft Operating Corporation and has been dealing with computer security for governments for over 24 years. Contact him at www.cybersoft.com.

The next BIG thing to be sold to us is something called cloud computing.  Basically, cloud computing means that the services you are using are somewhere else, not on your local computer.  In fact one of the more extreme views is that you won’t even have a computer just an access point into the Internet where everything you could ever want is waiting for you, at a price.

This is a great idea and a horrible idea all at the same time!  It is a great idea because you won’t have to figure out what to do when something goes wrong.  The service provider is responsible.  It’s a bad idea because you loose control.  If you used a computer, you know where your stuff is; it’s in the computer.  Turn off your computer and your protected from unwanted access to your information.   You can’t turn off the cloud.  Your stuff is available to you and to crooks 24 hours a day, 7 days a week.

Having given you a small taste of the benefits and dangers of cloud computing you should also know that there is a great deal of confusion in what is considered cloud computing.  It has become a buzzword and every salesman wants to be buzzword compliant.  In fact, you need to be certain of what is being offered to you before you buy in to a service.  You will need to know what is happening where you can’t see.  How are your files stored?  Are they encrypted?  Can hackers access them?  What country are they stored in?  If you have a problem and your files are stored in another country what are your legal rights?  Do they use antivirus and do they stay up with the latest patches to the software?  It is hard to know and some of the less honorable cloud suppliers were caught lying.

Like all computer security issues cloud computing is a trade-off.  Less secure for some, more secure for others.  It will be less overhead and headaches for some and more overhead and headaches for other.  While you will be able to use a cheaper computer you will need better Internet service.  The loss of control of critical resources will be an issue and will require more investigation.

All of this leads to a joke that is actually a great synopsis of cloud computer and the computer security issues that come with it.  In 2010 Marine Brigadier General Kevin Nally was tired of the term cloud computing and all of the ambiguities that came with it.  He coined the phrase fog computing to describe what he saw and made the joke that fog computing is like cloud computing but like fog is close to the ground.  Unfortunately for Brigadier General Nally the term was adopted and there are now requests for fog computing briefings.

To read more CyberSoft Computer Crime Reports by Pete Radatti visit www.cybersoft.com/Blog

I stay up late at night watching TV and I see a lot of advertisements for computer security products.  As far as I know all of these products are legitimate but some of them may not be such a good deal price wise.  Then there are the fake scareware programs.   My definition of scareware is simple.  Scareware is any program  that temps the user to buy it by scaring them and could have criminal potential.  The least that can happen to you when you buy or test a scareware program is that you lose the price of the product.  The worst thing is that it installs a Trojan horse or back door program that is used to empty your online financial accounts. The programs on late night TV are not presumed to be so dangerous but you might do better with a do it yourself approach.  A lot of what these programs state as threats are tracking cookies.  Yes, tracking cookies are an invasion of privacy but to call them a threat is overboard.  Microsoft Windows provides all kinds of tools that allow you to tune the system.  Disk Cleanup and Disk Defragmentation are two of the most important.  Windows 7 Professional runs the Disk Defragmentation when it is not busy doing something else so with that version of Windows you don’t even need to run it.  Save yourself $35 and do it yourself.  It is easy to find instructions for your specific version of Windows on the Internet using any search engine with the keywords “Windows Tuneup Instructions”.  Don’t download any programs.

Scareware is an international problem.  Last year I wrote about a multinational effort lead in this country by the FBI called Operating Trident Tribunal.  The FBI and other national police arrested many scareware operators.  One group of crooks conned 960,000 victims into paying them $72 million dollars.  They got a 10-year sentence.  Others diverted a legitimate advertisement to install a scareware program without permission.  They got a 20-year sentence.

The FBI provides the following hints on how to spot scareware on your computer:

1. Scareware pop-ups may look like actual warnings from you system but upon closer inspection, some elements aren’t fully functional.  For instance, to appear authentic, you may see a list of reputable icons, like software companies or security publications, but you can’t click through to go to those actual sites.
2. Scareware pop-ups are hard to close, even after clicking on the Close or the X button.
3. Fake antivirus products are designed to appear legitimate, with names such as Virus Shield, Antivirus or VirusRemover.

To help not become a victim make sure that you have a real antivirus program installed on your computer and it is kept up to date.  You also need to make sure your operating system auto update feature is turned on and is up to date.  These two things together will help to protect you when these scam artists try to get to you.  Of course nothing is 100% so keep your eyes open and stay skeptical of claims from unknown sources.

CyberSoft Computer Crime Report – Issue February 20, 2012

By Peter V. Radatti CEO CyberSoft Operating Corporation www.cybersoft.com

Subtitle:  Congress, Thanks for Nothing!

I don’t know if I am angry with the Federal Government for skirting their responsibility to protect us on the Internet or happy that they are not messing it up.  It seems lately that most of the laws Congress has been trying to pass “for our protection” are aimed at protecting special interests such as the music industry and Hollywood.  Can’t say I will lose any tears for either of those guys.

The Federal Government has a responsibility to protect us and they are failing.  The Internet was invented by the Federal Government and given to the world.  A point for them, the Internet has been a world changer.  The bad part is that it has let criminals’ world wide into our homes, businesses and defense facilities.  It doesn’t require big resources to steal, only brains, an old computer and access to even the slowest of Internet connections.  Brains are in good supply in countries where the morals don’t match ours, where people are desperately poor and feel justified in stealing, where people just hate us and where the Wild West mentality has taken hold.

Having said the Federal Government has failed us there is one Federal organization that is working hard to protect us and that is the FBI.  The problem is that it is too big of a job and the FBI is under funded to tackle something of that size.  They can police it but they can’t fix it.  Congress is totally to blame for what is happening and the longer the problem festers the worse it will get.  It is like a cancer, take care of it while it is small and survive, ignore it until it is a big problem and the results may not be good.  In any case a small problem has less pain.  We are already past the small level and are rapidly moving into serious.  It is hurting our banking industry, defense industry and high technology industries.  The fact that we are ineffective is encouraging more attacks and more brazen attacks.  What is Congress doing about the real issues?  Nothing.

What could Congress do?  A great deal.  Congress could give authority to NIST or the FBI or any other Federal agency to create technical standards that protect us then use the power of the Federal Dollar to make sure that anyone who does business with the government implements them.  Of course it may not work out.  Look at the War on Cancer, the War on Hunger, and the War on Drugs!  The result is wasted money, wasted food and wasted lives.  That is why I am not sure if I am happy or not about the government’s failure to protect us.

If not the government then who will protect us?  First, if you have been reading these articles you know that in my opinion the first level of protect has to be yourself.  You have to develop the skills to be street smart in the Internet. I have been giving you those tools.  After that I believe in the power of the free market.  Business is getting tired of being ripped off and they are concerned that the Internet could become such a dangerous place that people will avoid it.  These are legitimate concerns.   Recently Google, Microsoft, AOL, Bank of America, American Greetings, Facebook, LinkedIn, Fidelity Investments and others have joined together to do the job that needs doing.  They created a new organization called Domain Based Message Authentication, Reporting and Conformance that is going after one of the most common and nastiest attacks on the Internet, phishing.  Phishing is an identity theft problem and affects everyone.  It drives up costs and damages trust.  DMARC believes that by creating and implementing standards on how email systems perform authentication and using common mechanisms already in place anyone will be able to tell a real message from a fake one sent by a criminal.   Not only will this mean that crooks will have to find a different way to scam the public but also it should help reduce unsolicited bulk email.   Expect DMARC to be implemented soon.  To learn more about DMARC visit their website at dmarc.org.  Now why couldn’t Congress have done that?

To read more CyberSoft Computer Crime Reports by Pete Radatti visit www.cybersoft.com/Blog