A wrap up of some recent interesting information security news
Indian Websites defaced
As per the official information released by CERT-In (the Computer Emergency Response Team operating under the Department of Information Technology, Govt of India), in Feb 2009 47 Indian websites were hacked, while in March 2009 46 Indian websites were hacked.
This figure has jumped to an alarming 852 Indian websites in April 2009.
Refer the report at
Mobile phone location technology to fight credit fraud
Ericsson has launched a security service where mobile phone location technology is used to fight card fraud.
Ericsson is courting major banks with a security service the company thinks could cut down on credit card fraud as well as eliminate an inconvenience for travelers using cards overseas.
Banks are increasingly blocking credit card transactions in certain high-risk countries due to increasingly levels of fraud. A business traveler who lives in the U.K. but goes to Russia can likely have a transaction rejected if the person hasn’t informed the credit card company of their travel plans. It’s embarrassing and inconvenient.
Ericsson’s IPX Country Lookup service uses a person’s mobile phone to provide a confirmation that a person is actually in the country where the transaction is carried out.
Read the full article at
Insider theft in Bank
A former bank employee has been sentenced to more than three years in jail for attempting to steal GBP 1.2 million (US $1.9 million) from his employers. Ansir Khan exploited his position at the Carter Allen Private Bank in Sheffield, UK, to steal customer account information and shared it with his accomplices. In just over one year, between April 2005 and May 2006, the gang stole more than GBP 700,000 (US $1.1 million). A police raid on Khan’s home turned up the stolen information written in code; a detective constable was able to crack the code. Eleven other people were also sentenced for their roles in the scheme.
Read this story at
Administrator rights cause of most security risks
A new study has found that 92% of critical Microsoft vulnerabilities could have been stopped or mitigated by stopping the practice of giving users “Administrator” rights.
Read the full article at www.nist.org/news.php?extend.266
8.3 million patient records stolen
A hacker has allegedly stolen 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse. The hacker also is claiming that all of the backup copies on their system have been destroyed. They’re demanding a $10 million ransom to return the data and agree not to sell it on the open market (where, according to some experts, it may actually command a fee higher than $10 million).
Read the full article at www.nist.org/news.php?extend.270
Insider at Cal Water steals $9M and runs
On the night of April 27, 2009, hours after he had resigned from his job as an auditor at the California Water Services Company, Abdirahman Ismail Abdi used his still active electronic key card to get into the secured facilities where he used to work.
He then allegedly gained access to computers belonging to two senior executives in two separate buildings at the utility to initiate and confirm three wire transfers totaling more than $9 million, to an account in Qatar.
Read the full story at
NZ couple run away with £3.9m bank error
The unnamed couple, believed to have run a Rotorua service station before taking the money and running, applied for a NZ$10,000 loan with Oz bank Westpac, which generously decided to credit them a little extra – just one extra zero at the end !!
Read the full story at
Toolkit for Cybercrime legislation
The International Telecommunications Union (ITU) has published a toolkit for cyber crime legislation to provide guidance to countries when developing cyber crime legislation. The document offers sample legislative language, a matrix of cyber crime laws in a variety of countries around the world, and a list of reference materials.
Read about this at