Cybersquatting plummits to an all-time low

Analysis done by blog Domain Name Wire shows that cybersquatting is at an all-time low.

The site took a look at the number of Uniform Domain Name Dispute Resolution Policy (UDRP) filings for .com domains. It found that despite an increase in the quantity of registrations, the number of disputes filed has decreased from 1 out of every 7,000 .com names in 2000 to 1 in 20,000 in 2008.

Cybersquatting has become less prevalent for a number of reasons. Companies have been more diligent about registering domains containing their trademarks in a timely manner. Increased awareness about cybercrime and its penalties have also made cybersquatting less attractive.

It will be interesting to see what effect the introduction of gTLDs has on cybersquatting. Personally, I expect to see an increase in the number of cases. More extensions will provide more opportunities for trademark infringement.

Photo | Flickr

FTC: Company Tried to Trick UK Customers

The Federal Trade Commission (FTC) is pursuing litigation against a California-based company called Balls of Kryptonite for allegedly using using websites on two .co.uk country domains to trick UK customers into thinking the company was local. According to the charges, the company had two domains, bestpricebrands.co.uk and bitesizedeals.co.uk, and used the websites to sell electronics such as cameras and video games.

UK customers saw no indications that the company was international and purchased goods from them. But when the items arrived, they received unexpected import charges, invalid warranties, and huge cancellation fees. Customers sent complaints to the Office of Fair Trading (OFT) which in turn collaborated with the US-based FTC.

This is not the first time that foreign companies have used UK domain names to appear local. Reports estimate that there could be as many as 480,000 sites with co.uk country domains that are not based in the UK. Most of them are based in China. Customers should therefore use caution when ordering from unfamiliar companies, and if they are not sure, they can use Whois lookup to determine the location of the domain’s owner.

Source: The Independent
Photo: Flickr

Latvian Hosting Company Shut Down After Botnet

The infamous botnet named Zeus has been called the world’s biggest cybercrime botnet. It infected 3.6 million PCs that were used the computers to launch phishing attacks, stealing credit card and banking information all over the world.

The botnet was linked to Rock Phish, a Russian gang. After an investigation, authorities traced the malware to its source: a web hosting company in Latvia called Real Host. Now, the Swedish service provider Telia Sonera, which provided service to Real Host, has shut down their Internet connections. There was no report about what legal action will be taken on the owners of the company.

Malware has become an underground leg of the software industry. Gangs like Rock Phish can purchase botnets like Zeus for about $1000 on the black market. It does not take them long to make up the difference when they can launch attacks on millions of computers, stealing hundreds or even thousands of credit card numbers and banking information.

Source: ComputerWeekly.com
Photo: Flickr

Korean cyberattack may be wild goose chase

U.S. and South Korean agencies are still scratching their heads trying to track down the perpetrators of widely publicized July 4 attacks. South Koreans were quick to point the finger at North Korea or “North Korean sympathizers”, but as of yet, no concrete proof has emerged. The botnet infected 50,000 computers and then sent a DDoS (dedicated denial of service) attack on government web servers in South Korea and the United States, crippling them.

Because of the nature of the attacks, analysts say they could have originated anywhere in the world.

“The truth is, we may never know the true origin of the attack unless the attacker made some colossal blunder,” said Joe Stewart, a director in the Counter Threat Unit at SecureWorks, a computer security consulting organization.

What researchers have determined is that the code of the attacking program was not very sophisticated and could have been written by an amateur. They are hoping that the creators of the botnet left a fingerprint trail that will lead investigators to them. Even if they are able to determine the country of origin, however, even that could have been masked. Ultimately, they may have to rely on arrogance that typically characterizes villains: that they will boast about their accomplishments.

Source: New York Times
Photo: Flickr

What's in a password?

Phishing is on the rise, and with more services moving online, web fraud is a serious concern. Most people are pretty confident that their passwords are safe from cybercrime, but are they really? For your Twitter account, maybe you are not that concerned if your password is your daughter’s name, but when it comes to your website, possibly your source of income, you might want to consider something a little more sophisticated.

Identity thieves and other cyber criminals typical have password sniffing software and a lot of practice guessing passwords of people they want to exploit. There are a few easy steps you can take to make sure your password is rock solid. First, make sure you use a combination of letters and numbers. Using all of one or the other just makes it easier to hack. You can also consider using mixed case letters. Next, make sure that you avoid common words or number combinations. It should look totally random, even if it is not.

Finally, you should consider rotating your password, trying different combinations. If you have used the same password for the past two years, you could be asking for trouble. There are a plethora of password generators on the web and for PCs that can make the process a little easier. Some of them will check the strength of your passwords. This feature is also built into many operating systems like Linux. Knowing your password is safe makes your job and your web host’s job a lot easier.

U.S. to team with Italy in fight against cyber crime

The U.S. Secret Service has signed an agreement to join forces with the Italian Police and Postal Service to fight cyber crime. The new team will be called The European Electronic Cime Task Force and will specialize in fighting identity theft, malicious hacking and other forms of cyber crime. The group will be headquartered in Rome.

Massimo Sarmi, the CEO of the Italian Postal Service, said the new task force would be open to contributions from outside Europe as well. “We provide our services to more than 20 million customers and we are able to monitor in real time that operations are proceeding normally, and not turning into criminal events,” Sarmi said.

This alliance might strike some as odd, but it appears to be the first of many western government aligning their forces to combat cyber crime. Their hope is to extend it beyond Europe into a global effort. The United States and Britain have both formed new cyber security chief positions in their countries, and other nations are expected to take a similar approach, treating cyber crime like terrorism and other forms of high profile, international crime.

“This morning we detected seven phishing attacks from various parts of the world. If the criminals had been allowed enough time, our clients might have become victims of fraud,” Sarmi said. The Postal Service CEO said the quickest online thief he had encountered was able to start withdrawing funds just 39 seconds after a successful identity theft.

“We will exchange information and alerts with the Secret Service to prevent this type of event before it happens,” Sarmi said.

Source: ComputerWorld
Photo: Flickr

The Pirate Bay introduces video sharing site

Not to be deterred by a little litigation and jail time, the founders of The Pirate Bay plan to launch a new video sharing site. The new potential YouTube competitor will feature videos without copyright restrictions, the company claims. YouTube has long been the subject of copyright disputes with numerous companies requesting videos to be taken down for copyright violation. It is Google’s policy to comply.

The new video site, aptly called The Video Bay, will rely on HTML 5 video technology. It is currently in “beta extreme” and only hosts a handful of videos. Users wishing to view the videos will need versions of the latest web browsers, such as Firefox 3.5, that support the new video embedding. Once installed, a user can view the videos without the need for third-party plugins, such as Adobe Flash Player.

A Swedish court ruled that the Founders of The Pirate Bay were guilty of copyright violation, fined them $3.6 million dollars and sentenced them to a year in prison. The case is currently under appeal. In response to this, The Pirate Bay, which is still up and running, created a privacy service that allows subscribers to share files anonymously through security encryption.

Source: Information Week
Photo: Flickr

UK to get its own "Cyber Czar"

Following suit with the American announcement of a new cyber security advisor position, UK Prime Minister Gordon Brown is expected to announce the creation of Britain’s own cyber security chief. The new chief will be responsible for protecting the country from hackers, cyber spies and every other sort of tech baddie out there.

Brown’s plan was endorsed by the Cabinet, and sources anticipate that he will name Neil Thompson to the position. His biggest concern, upon taking the position will be hackers in China and, to a lesser degree, Russia, where the cyber worlds are essentially lawless by UK standards. He will also have to tackle the possibility of terrorists who decide to attack through viruses and network security breeches rather than conventional means.

A lesser publicized role of a nation’s cyber chief might also be developing cyber warfare to attack enemy infrastructure, as the U.S. has used in the past to disable Taliban anti-aircraft systems. One can only imagine how many other countries will soon have their own cyber chiefs, which does raise a question. Will the “cyber czars” of the world’s nations have their conferences on Twitter, or will they start a Facebook group?

Source: Independent
Photo: Flickr

Phishers have new tools

According to two reports released by the security company Symantec, phishers and spammers are coming up with new ways to attack their victims. In the past they almost exclusively relied on forged emails and web sites. Now, social networking sites like Twitter and Facebook can be added to their lists of targets.

“It is important that end users are educated and it is important that IT managers take measures against attacks,” said Dermot Harnett, Symantec’s senior director of anti-spam engineering and a co-author of the State of Spam and State of Phishing monthly reports.

“There are products — not just Symantec’s — that managers can use. It is important that we as a community protect ourselves,” Harnett told InternetNews.com.

The attackers often use forged emails to initially gain access to an unsuspecting user’s Facebook account, but once they are in the door, they can rely solely on Facebook to spread their spam or phishing scheme. They try to acquire private information until they have enough to get what they are really after: money. Their ultimate goal is still to get bank account information and credit card numbers. Phishers also target free web hosting services where they can quickly setup sites anonymously.

Source: Internetnews.com
Photo: Flickr

FTC Shuts Down California Web Host

Earlier this week, the Federal Trade Commission shut down a California web hosting firm for involvement in spam operations. This is the first time the FTC has ever taken action against a hosting provider.

The company, Triple Fiber Network, hosted some 15,000 websites at a data center in San Jose, California. The sites were taken offline Tuesday after the FTC told its bandwidth provider to stop routing the host’s traffic.

Triple Fiber allegedly hosted all sorts of illegal content, including malware and child pornography. “Anything bad on the Internet, they were involved in it,” FTC Chairman Jonathan Leibowitz said. “We’re very proud, because in one fell swoop we’ve gone after a big facilitator of some of the utterly worst conduct.”

The FTC stated:

[Triple Fiber Network] hosts very little legitimate content and vast quantities of illegal, malicious, and harmful content, including child pornography, botnet command and control servers, spyware, viruses, trojans, phishing related sites, illegal online pharmacies, investment and other Web-based scams, and pornography featuring violence, bestiality, and incest.

The black market provider also hosted the control servers for one of the world’s largest botnets, “Cutwail.” According to the government agency, the host marketed itself to overseas criminals by placing ads in the “darkest corners of the Internet.”

Most of the host’s personnel work overseas. In a message to customers, Three Fiber promised to be back up within days in another location. Meanwhile, some of its customers have already found other hosts and have placed their illegal content back online.

Source: Washington Post
Photo: Flickr