Chinese Police Detain Four Internet Hackers

On May 19, China experienced widespread Internet outages after hackers took down major DNS servers in a DoS (Denial of Service) attack. Chinese authorities now have the four hackers in custody following police investigations in the Jiangsu, Zhejiang and Guandong provinces. The server in question was DNSPod, a Chinese DNS service provider and domain name registrar.

The motive for the attacks was apparently over a bitter rivalry between two illegal online gaming companies. DNSPod provides access to some of the competition’s gaming servers, and the suspects figured it was an easy way to redirect traffic to their own gaming sites. But the effects of the attacks were widespread, causing other servers to go down, including those of Baofeng, a popular Chinese video streaming service. Millions of users were denied service.

Nearly 300 million Internet users in China temporarily lost service, the worst outage since 2006, according to the the Chinese Ministry of Public Security. A DoS attack relies on unsecured computers to do its dirty work, infiltrating them and then using their Internet connections to send useless packets of data to a server until the server’s resources are completely used, denying real customers service.
Source: Top Tech News
Photo: Flickr

Turkish hackers attack U.S. army's web servers

InformationWeek has released a report indicating that in 2007, Turkish hackers infiltrated two U.S. army web servers, redirecting traffic from them to their own Anti-American and Anti-Israeli web sites. The hackers go by the name ‘m0sted’ and used a vulnerability in Microsoft SQL server to initiate an SQL injection attack.

The case is currently under investigation, with major search engines such as Google and internet service providers being served search warrants. The breach was at the Army’s McAlester Ammunition Plant in McAlester, Oklahoma, and the U.S. Army Corps of Engeineers’ Transatlantic Center in Winchester, Virginia.

The hackers managed to circumvent sophisticated security software designed by the Defense Department. It relies on many experts, spending millions of dollars on web server security, which raises questions about the safety of government cybersecurity programs. The Defense Department did not immediately respond to InformationWeek’s request for comments. Friday, President Obama announced a plan to create a new “cyber czar” position to oversee the U.S. Goverment’s cybersecurity.

Source: InformationWeek
Photo: Flickr

Obama announces creation of "cyber czar" job

Friday, President Obama confirmed our earlier report and announced the creation of a new cyber security coordinator post that will oversee the securing of “America’s digital infrastructure.” The person who takes this new post will report directly to the President and have his full support and consultation.

“Our technological advantage is a key to America’s military dominance,” he added. “But our defense and military networks are under constant attack. Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country — attacks that are harder to detect and harder to defend against.”

Obama insisted that, while there are plans to increase cyber security and ensure that American infrastructure is safe, the plans do not include domestic spying, a subject that made Americans very uncomfortable under the Bush administration’s security policies. The U.S. military is also creating a new division called Cyber Command to protect U.S. government and private networks.

This announcement comes after a 60-day review of government cyber security, which was published earlier this week and made available on the White House website. President Obama will personally select the new cyber security coordinator.

Source: CNN
Photo: Flickr

Obama's new cyber judge

President Barack Obama’s choice for U.S. Supreme Court justice is apparently well versed in cyberlaw. Tuesday, President Obama named Judge Sonia Sotomayor to the Supreme Court to replace retiring Justice David Souter. Her experience with technology issues, particularly those related to the Internet, is most likely not a coincidence.

According to Wired Magazine, she has made rulings on copyright of digital material, Internet privacy, disputes between Netscape and its customers, and many others.

“If confirmed, she will be the first justice who has written cyberlaw-related opinions before joining the court,” the TechLaw blog wrote.

Later today, Obama is expected to announce who will take the position of “cyber czar” to head his new task force that will deal with network security. The appointment of Sotomayor will undoubtedly play a role in pushing through whatever agenda Obama has planned for the U.S. cyber relations with the rest of the world, especially with the latest developments in the ICANN oversight dispute.

Source: Wired
Photo: Whitehouse.gov

Obama to appoint Cyber Czar this week

The Washington Post reported this morning that the White House will soon announce plans to appoint a national cybersecurity adviser who will oversee strategies to protect the United States’ government-operated and private computer networks. Speaking under the condition of anonymity, a White House official said that the “cyber czar” will report to both the national security adviser and the senior White House economic adviser.

The announcement will coincide with the release of a 40-page document which will outline the U.S. government’s cybersecurity policies and strategies. What will not be addressed is the topic that is on the minds of many human rights organizations: privacy, particularly the role of the National Security Agency in relation to spying. Average citizens are concerned about whether their emails, web surfing, chatting, and other Internet activities are being monitored and what will be done with that intelligence.

The report does suggest the Privacy and Civil Liberties Oversight Board address concerns of privacy in relation to cybersecurity and the fight against terrorism. Melissa Hathaway is the interim White House cybersecurity adviser and is a contender to be appointed for the new position. She and her team created the cybersecurity document after a 60-day review of cyber policies.

Source: Washington Post
Photo: Flickr

UK's Serious Organized Crime Agency (SOCA) reveals some of its victories

SOCA released an annual report Wednesday that highlights some of their more memorable victories. In collaboration with the FBI, they made 60 arrests in the DarkMarket forum case, an online message forum where cyber criminals trade stolen credit cards and bank accounts. They have since recovered more than 16,000 stolen cards.

Then there was the group that attempt to transfer $347 million from Sumitomo Matsui Banking Corporation. SOCA thwarted this attempt, which was the largest attempt at bank theft in the UK. SOCA also worked with Nigerian authorities to intercept email containing Nigerian 419 scams.

SOCA underwent a complete IT overhaul, replacing an aging system with newer, more advanced technology. With these advancements, telephone conversations, emails, and even web browsing sessions can be intercepted and stored for surveillance. This has raised concerns over the right to privacy by ordinary citizens in the UK. It is a highly secretive organization that is exempt from the provisions of the Freedom of Information Act. UK officials claim this is necessary in order to fight organized crime effectively.

Source: ZDNet Asia
Photo: SXC

IFPI uses The Pirate Bay verdict to go after web hosts

News of the conviction of four people responsible for The Pirate Bay file-sharing site spread quickly, and the IFPI, an international affiliate of the RIAA, is now targeting web hosting providers who host file sharing web sites.

The web hosts, they argue, are accountable for content and should shut down the file sharing sites, despite the fact that the sites in question do not illegally distribute music.

The IFPI’s actions raise new questions about privacy and how involved a web hosting provider should be in the daily activities of their clients. Web hosting providers do not generally monitor their clients, unless there are specific terms of service violations or activity that would cause harm to the servers.

DCP Networks, the company responsible for providing hosting services to TorrentBytes, one of the larger BitTorrent sites, reportedly received a letter from the IFPI, requesting them to shut down the site.

IFPI lawyer Magnus Mårtensson told DN.se that the letter received by DCP Networks is not something strange or unusual. IFPI has contacted several other hosting providers and site owners Mårtensson said. What they aim to do here is extend the (yet to be appealed) verdict of “assisting copyright infringement” and apply it to hosting providers as well.

It remains to be seen whether there will be any legal basis for the IFPI claims, but their letters to web hosting providers might be enough to convince some to reject any clients with torrent tracking web sites.

Source: DN.se via Torrent Freak
Photo: Flickr

Over 1,300 swine flu domains registered

According to F-Secure, over 1,300 swine-flu related domain names were registered over the weekend. Although there are many websites and emails circulating the Internet warning people to beware of swine flu domains, as of yet, only one has been proven to be malicious. It involved contacting the user via email and providing a link that redirected the user to a phishing website.

The web site sells a PDF file for $19.95 that the site claims contains information on how to protect yourself and your family from the swine flu. The attackers would then use your payment information for identity theft and fraud.

F-Secure’s website lists the domain names, which include such names as: swineflushot.com, swineflusurvivalguide.com, and swineflusafety.info.

Source: ZDNet Asia
Photo: F-Secure

UK accused of stalling in fight against cybercrime

The Council of Europe, a 60-year-old human rights organization, has expressed its strong concern about what it calls Britain’s failure to adequately fight Internet crimes, including the financing of terrorism.

The convention on cybercrime was drawn up in November of 2001 and adopted by the Council of Europe’s 47 members.

“What is disappointing is that the government of the United Kingdom have not yet ratified it,” Terry Davis, the secretary general of the Council of Europe and a former Labour Party politician, told Reuters in an interview.

“I find it very strange… By definition cybercrime is international. It’s an international problem that requires an international solution.”

The convention allows signatories to communicate with one another instantaneously when there is the suspicion of cybercrime being committed, and standardises offences across countries, increasing the likelihood of prosecution.

“I’ve never been given any satisfactory explanation of why it hasn’t been ratified except that, well, it takes us time to do these things,” Davis said, adding that he would be raising the issue with Minister of Justice, Jack Straw.

In addition to the European member signatories, several non-European countries have adopted the terms of the convention, including: Canada, Japan, Mexico, and the United States.

Sources: Reuters UK and Council of Europe
Photo: Flickr