As Hacking Hits Home, China Strengthens Cyber Laws

 A year ago, when a time Magazine reporter told Tan Dailin that he'd been identified as someone who may have hacked

 the Pentagon, he gasped and asked, "Will the FBI send 

special agents out to arrest me?" The answer, it turns out, was,

 "No, the Chinese government will." Dailin, better known in Chinese hacker circles as Withered Rose, was reportedly picked up last month in Chengdu, China, by local authorities. He is now facing seven years in prison under a new Chinese cybercrime law that was passed in late February.

Although the Western media has been awash with stories of Chinese hacking for years, cybercrime was until recently governed by three articles added to China's criminal code in 1997. The laws were out-of-date and "failed to correlate proportionately with the tremendous social harm" caused by cybercrime, according to a recent paper on Chinese cyber-law published in the International Journal of Electronic Security and Digital Forensics.

"China has made significant progress in cybercrime legislation and is putting in great efforts to strengthen it," said Man Qi, one of the paper's co-authors, in an e-mail interview.

However, the paper concludes that the country's laws are still in the early stages of development. "Gaps and inadequacies exist in traditional offense provisions," said Qi, a senior lecturer in the Department of Computing at Canterbury Christ Church University in the U.K.

Until the new law was passed in February, computer crimes carried a maximum of three years' jail time. That has now been extended to seven years, and the definition of computer crime has also been broadened.

"These changes to the criminal code are important to crack down [on] cybercrime and also help to strengthen the protection of privacy and personal property," Qi said.

However, the laws are still not as tough as those in the U.S., where perpetrators of computer fraud routinely face 20-year sentences. And many security experts accuse China of sponsoring politically motivated cyber-attacks and turning a blind eye to cybercrime.

Still, China has expressed some willingness to work internationally on crime, Qi said. While preparing for the 2008 Beijing Olympics, "China was praised by Interpol for their 'highest possible standard' work," she noted.

The new law comes as cybercrime is starting to hit home in China, according to Scott Henderson, the author of a blog that covers Chinese hackers.

In the past few years, criminals posing as security experts have begun calling small-business owners, offering their services, Henderson said. If they're not hired, they simply attack the business, typically with distributed denial of service (DDOS) attacks, unless they are paid. "We're starting to see Chinese hackers hacking internally now, too," he said.

Dailin reportedly was arrested after he trained a DDOS attack on rival hacker groups. His victims went to authorities with evidence.

With China's economy struggling, some IT professionals have begun turning to crime in the past two years, Beijing-based security expert Wei Zhao said recently. "They cannot easily find jobs, maybe the security market is too small for them," he said in an interview.

Zhao, the CEO of security consultancy Knownsec, called China "the world's malware factory," saying that the country has become a major source of online attacks and so-called zero-day attacks, which target previously undisclosed software flaws.

In recent months, Chinese hackers have gained fame for launching widespread attacks against programs such as Internet Explorer and Adobe Flash, but they have also targeted popular local programs such as Xunlei, QQ and UUSee.

Source: McMillan, By Robert. "As Hacking Hits Home, China Strengthens Cyber Laws - PCWorld Business Center." Reviews and News on Tech Products, Software and Downloads - PCWorld. 11 May 2009. Web. 22 Aug. 2010.

ARLINGTON SECURITY GUARD, WHO HACKED INTO HOSPITAL’S COMPUTER SYSTEM, PLEADS GUILTY TO FEDERAL CHARGES

http://doc40.blogspot.com

Jesse William McGraw pleaded guilty for felony offences that caused damages to the hospital's computer system, in Dallas. McGraw had access to around 14 computers located in the North Central Medical Plaza, including a nurses's station computer and a heating and ventilation and air conditioning. The nurses station used to track a patient's progress through the Carrell Memorial Clinic.

McGrow used a transmitted program that allowed him or anyone with his account name and password, to access the computers. 

He also weakened the integrity of some of the computer system by removing security supports like: uninstalling anti-virus programs that made the computer network more vulnerable to attack. In addition, he installed malicious code that was associated with theft of data from the compromised computer, using the compromised computer in denial of service attack, and using the computer in order to send spam. 

 he also took advantage of these information and action for his Electronic Tribulation Army and others who interested in computer crimes.   

McGraw had unauthorized physical access to security locked room containing HVAC computer for downloading a password recovery tool from a website also inserted a removable storage device and executed a program which allowed him to emulate a CD/DVD device. 

Although he denied  but by doing that and control on HVAC he was able to interfere with treatment regimes, including the efficiency of all temperature-sensitive drugs and supplies. 

Source:

"Another Pleads Guilty in Botnet Hacking Conspiracy - Silobreaker." Welcome - Silobreaker. Web. 08 Nov. 2010. . 

Malware hiding behind phony Fedex messages

www.sophos.com

Security experts are issuing warnings following the discovery of a malware scam using email attachments.

The attack uses emails claiming to be from delivery service FedEx. The message claims that the user was unable to receive a package due to an address error and instructs users to print out an attached form to claim the package.

The attachment, however, contains a malicious .zip file which when opened triggers the malware attack. Security firm Sunbelt Software identified the malwareas  zbot.

Sophos senior technology consultant Graham Cluley said that the attack shows an interesting twist on the common tactic of hiding malware trojans as e-mail attachments.

"Unlike many of the other Fedex-related malware attacks we have seen in the past, the emails carry the message about the failed delivery in the form of an image rather than text, possibly in an attempt to try and defeat more rudimentary anti-spam filters," Cluley said in a blog post.

Users are being advised to use common security best practices such as avoiding suspicious messages and not loading unknown or suspicious file attachments.

Malware
Malware is software such as viruses or Trojans designed to cause damage or disruption to a computer system.
It is defined as: 
any set of computer instructions that are designed to modify, damage, destroy,record, or transmit information within a computer, computer system, or computer
network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, that are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion the normal operation of the computer, computer system, or computer
network.
Because this is the case in U.S and the punishment for violating this section of the penal code can be a fine of up to $10,000 or imprisonment for up to one year or both.The punishment severity is based on whether there was injury to the victim,or if there were prior offenses of the same nature.

Source:

"Malware Hiding behind Phony Fedex Messages - V3.co.uk - Formerly Vnunet.com." UK Technology News, Reviews and Analysis - V3.co.uk. Web. 27 Aug. 2010. 

'Internet job recruitment website Monster.com has been hacked by cyber criminals, who have stolen the personal details of some of the site's millions of online users.'

www.telegraph.co.uk

On 28 Jan 2009, telegraph.co.uk revealed the information about  

'Internet job recruitment website Monster.com has been hacked by cyber criminals, who have stolen the personal details of some of the site's millions of online users.'

The security breach is thought to have affected users all over the world, including some of the 4.5 million registered Monster.co.uk users.Monster has advised users to change their password when next logging on to the site.

"As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database," said Patrick Manzo, the company's sentior vice-president, in a statement. He warned that hackers could use the email address information they had stolen to "phish" for further personal information through fraudulent email messages.

Monster refused to say how many people had been affected by the data breach, but said the appropriate authorities had been informed and that an investigation was under way.

The company said that no national insurance numbers, personal financial data or CVs had been stolen.

Security experts warned that because many computer users use the same login and password for multiple online service, banking details and other sensitive information could be at risk.

"It's a horrendous breach," said Graham Cluley, a security expert with Sophos. "The information they have can be used to cause all kinds of mischief.

base on the fact, this story is not a new one and this is the second time that the company has allowed to this happen. This simply indicates the lack of security on the website rather than the intelligency of the hackers. the cases like this is involve public low issue that causes distrustfulness between job seekers and online job recruitment websites .Here, many people  might prefer to look for the jobs via newspapers and other resources rather than  doing it online and employers do the same thing. 

Source:

Beaumont, Claudine. "Hackers Steal User Details from Monster.com Jobs Website - Telegraph."Telegraph.co.uk: News, Business, Sport, the Daily Telegraph Newspaper, Sunday Telegraph - Telegraph. 28 Jan. 2009. Web. 11 Aug. 2010. .

Shadows in the Cloud: An investigation into cyber espionage 2.0

The report documents a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries.

Members of the research team held a news conference on April 6, to discuss their latest findings and to answer questions from the media.

The investigation recovered a large quantity of stolen documents -- including sensitive and classified materials -- belonging to government, business, academic, and other computer network systems and other politically sensitive targets. These include documents from agencies of the Indian national security establishment, and the Offices of the Dalai Lama. The stolen data included information voluntarily provided to Indian embassies and consulates by third-party nationals, including Canadian visa applications, as well as those belonging to citizens of other countries. Additionally, sensitive personal, financial, and business information belonging to Indian officials was systematically harvested and exfiltated by the attackers.

The report analyzes the malware ecosystem employed by the Shadows' attackers. The system leveraged multiple redundant cloud computing systems, social networking platforms, and free web hosting services in order to maintain persistent control while operating core servers located in the People's Republic of China (PRC). Although the identity and motivation of the attackers remain unknown, the report provides evidence that the attackers operated or staged their operations from Chengdu, PRC.

Summary of main findings:

·         Complex cyber espionage network -- Documented evidence of a cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Numerous other institutions, including the Embassy of Pakistan in the United States, were also compromised. Some of these institutions can be positively identified, while others cannot.

·         Theft of classified and sensitive documents -- Recovery and analysis of exfiltrated data, including one document that appears to be encrypted diplomatic correspondence, two documents marked "SECRET," six as "RESTRICTED," and five as "CONFIDENTIAL." These documents are identified as belonging to the Indian government. However, we do not have direct evidence that they were stolen from Indian government computers and they may have been compromised as a result of being copied by Indian officials onto personal computers. The recovered documents also include 1,500 letters sent from the Dalai Lama's office between January and November 2009. The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users.

·         Evidence of Collateral Compromise -- A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process. In a context like Afghanistan, this finding points to the complex nature of the information security challenge where risks to individuals (or operational security) can occur as a result of a data compromise on secure systems operated by trusted partners.

·         Command-and-control infrastructure that leverages cloud-based social media services -- Documentation of a complex and tiered command and control infrastructure, designed to maintain persistence. The infrastructure made use of freely available social media systems that include Twitter, Google Groups, Blogspot, Baidu Blogs,blog.com and Yahoo! Mail. This top layer directed compromised computers to accounts on free web hosting services, and as the free hosting servers were disabled, to a stable core of command and control servers located in the PRC.

·         Links to Chinese hacking community -- Evidence of links between the Shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC.

Source:

"Groundbreaking Cyber Espionage Report Released; Identifies Dalai Lama as Target." Science Daily: News & Articles in Science, Health, Environment & Technology. 7 Apr. 2010. Web. 15 Aug. 2010. http://www.sciencedaily.com/releases/2010/04/100406093508.htm>.