Sunday, November 06, 2005

Deb Radcliff, Cybercrime Educator/Author

Recently, I have had the honor of corresponding with Deb Radcliff (pictured on right), who has an impressive background as an educator/author. What I like about her style is that she has a "no holds barred" approach and doesn't worry about being "politically correct." Deb also seems to hit a key point in her writing, which is the solution to this type of crime cannot only be technical, but that the social issues must be addressed also.

Some of her accomplishments include:

"Winner of several awards, including two Jesse H. Neal Awards, one for best individual feature, Class B sized magazine for cover story, "Hackers, Terrorists and Spies" (Software Magazine, 1998) and for group reporting, best news story, Computerworld, "Wireless LANs: Trouble in the Air," 2003, by the American Business Press.

Annual speaker at West Point Military Academy, Dept. of Computer Science and Engineering.

Launched a "Hack of the Month" column for Computerworld in 1999.

The FBI requested reprint rights to "Barbarians at the Firewall," Byte, 1996, to train its new cyber crime unit investigators.

Her stories are now posted on more than 500 news, business, hacker, government and consumer sites (many on CNN and The Register) and are also used in training materials, guidebooks and college textbooks, including McGraw-Hill's Violence and Terrorism, 2003/2004."

Although Deb writes for a lot of different publications, she recently accepted an assignment with Network Life, which is owned by Network World. She also does several blogs, Security Chief, Security Awareness and Online Crime Bytes.

Deb is a must read for anyone interested in the constantly changing world of computer/internet crime. With these types of crimes constantly mutating, she is also probably one of the best resources for a person to be educated against the perils that face us from this menace today.

To view Deb's personal website, you can click on the title of this post.

Saturday, November 05, 2005

New PayPal Phishing Scam Mutation

My internet friend, Paul Young (author of a blog, which is a great read, prying1), sent me some interesting information of value to anyone doing business with PayPal. PayPal, E-Bay and other auction related sites are continuous targets for all sorts of internet fraud, particularly 419 (Advance fee fraud) and phishing.

Paul is pictured on the right.

Here is his post, which preceded most of the mainstream media reports on this:

"Websense Security Labs has received reports of a new attack that targets users of PayPal. The attack begins with a spoofed email phishing message that provides a link to download the executable "PayPal security tool" file.

The executable, named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for 'paypal.com' will be transparently redirected to a phishing website. This same DNS server could also be used to redirect requests for additional websites, but it currently appears to only redirect 'paypal.com'.

The next time the user attempts to visit the PayPal website, they will instead arrive at a phishing site. The web address shown in the browser's toolbar will appear to be correct. Upon log in, the phishing site will request the user update their account. They are prompted to enter the following information: Name, Credit/ATM Card, Billing Address, Phone Number, Social Security Number, Mother's Maiden Name, Date of Birth, Driver's License, and Bank Account/Routing Numbers.The Trojan Horse is currently not detected by any anti-virus vendors. The malicious DNS server is hosted in Romania while the phishing server is hosted in India. Both were online at the time of this alert."

People become victims daily via internet scams on auction sites and financial service sites. As the post from Paul states, "the DNS server and phishing server for this latest scam mutation are still active." This fact illustrates how vulnerable, we all are with criminals operating in a "borderless" environment. In fact in this "borderless environment," those with the swords often unable to react quickly enough to solve the problem. This isn't their fault as they are also forced to operate in borderless environments, (where red tape and politics hamper their efforts). Paul is using the other weapon that can prevent someone from becoming victimized in the first place.

Paul's weapon of choice is the pen, which might be (currently) the most effective means of dealing with this worldwide problem. Awareness and communication can and will defeat most of these dastardly deeds.

I salute Paul and his efforts!

For the initial alert from Websense on this, click on the title of this post.

Thursday, November 03, 2005

The Impact of Sarbanes Oxley

The Sarbanes-Oxley Act came into play in the wake of a series of scandals that put a few CEO's and company officers behind bars.

I've done a few posts on these fine individuals of "means" that ruined people's employment and bilked their investors of hundreds of millions, if not billions of dollars.

All Criminals are the Same

The Road to Justice is Slow for Aunt Millie

Farewell Mr. Ebbers (Former WorldCom CEO)

Today, I read an interesting press release on how effective Sarbanes Oxley has been.

"Oversight Systems Inc. today announced the findings of the "2005 Oversight Systems Report on Corporate Fraud," a survey of certified fraud examiners. The report explains that most fraud examiners view Sarbanes-Oxley (SOX) as an effective tool in fraud identification, though few think it will change the culture of business leaders."

In the press release fraud examiners were polled on recent cases on whether the defendants were guilty, or not.

"The percentage of respondents who thought the following executives are guilty of the charges against them is listed below:

John Rigas, Adelphia Communications - 95 percent, Jeffrey K. Skilling, Enron - 95 percent, Kenneth L. Lay, Enron - 96 percent, Richard Scrushy, HealthSouth - 93 percent, Martha Stewart Living Omnimedia - 72 percent, L. Dennis Kozlowski, Tyco International - 96 percent and Bernard J. Ebbers, WorldCom - 97 percent."

They also present some interesting statistics on identity theft.

"Identity theft is one of the more prevalent forms of fraud known by the average American. A February 2005 Federal Trade Commission report stated that for the year 2004, the commission received more than 635,000 reports of consumer fraud and identity theft, with identity theft accounting for 246,570 of the complaints (39 percent).


The "2005 Oversight Systems Report on Corporate Fraud" revealed that 22 percent of respondents think the justice system must get tougher on the identification and prosecution of identity thieves. Additionally, 19 percent believe that the federal government needs to pass national identity-theft-protection legislation, and another 19 percent feel regulators and consumers must work together to manage consumer information.

Some respondents believe that individuals are the first and most important line of defense. Taking ownership of one's own personal information was identified by 16 percent of respondents as the best way to reduce identity theft."

The survey was done by 208 certified fraud examiners at a conference for the Association of Certified Fraud Examiners. On one hand, it shows that these issues are very much in the public eye, but I find it concerning that 208 professionals are predicting that the positive changes might only be of a temporary nature.

Of course, being in the business of fraud myself, I would also say that certified fraud examiners make their living off of fraud and this very fact could sway their predictions. After all, it's how they earn a paycheck.

On the other hand, fraud has been on the rise for years and there is still a lot of work to do. Raising awareness and harnessing the collective voice of those, who have, or could be made victims is key to changing laws that will make permanent change.

The full survey can be viewed by clicking on the title of this post.

You can voice your opinion on these statistics by leaving a comment on this post.


Tuesday, November 01, 2005

Consumer Confidence in E-Commerce Declining

Less than a year ago, all the experts were saying that that e-commerce had and was growing at a rapid pace. Based on a survey conducted by Consumer Reports Webwatch, this might be changing and one of the reasons is the fear of identity theft.

Here is some background information on Consumer Reports Webwatch:

"Consumer Reports WebWatch is a project of Consumers Union, the non-profit publisher of Consumer Reports magazine and ConsumerReports.org, and is funded by The Pew Charitable Trusts and the John S. and James L. Knight Foundation and the Open Society Institute. The Consumer Reports WebWatch site is not-for-profit and its content is free."

The survey revealed, the following trends:

"KEY FINDINGS
Consumer Reports WebWatch obtained telephone
interviews with 1,501 U.S.-based adult Internet
users and discovered:

■ Nine out of 10 U.S Internet users over 18
have made changes to their behavior due to
fear of identity theft.

■ Of those changes, 30 percent say they have
reduced their overall use of the Internet.

■ 25 percent say they stopped buying things
online.

■ Among those who shop online, 29 percent say
have cut back on how often they buy things."

Consumer Reports Webwatch has an excellent website, which can be viewed at: http://www.consumerwebwatch.org/index.cfm.

The actual report, which covers a lot more than identity theft concerns can be viewed by clicking on the title of this post.

These statistics indicate to me that fraud on the internet is causing more than direct financial losses. In fact, if it is causing a loss in "sales" to retailers, it is now showing the ability to have a negative effect on the economy in general.

Large corporations are and should continue to increase consumer confidence in the way they protect their customer's information. Should they fail to do this, it is likely to take a toll on their bottom lines.