Criminal Hackers

Several groups of Internet organizers plan to show on Saturday that they can mobilize patriotic Chinese Internet users and wield their influence worldwide against what they say is anti-Chinese media in the Western world.

The Dark Visitor, a site that tracks the activities of Chinese computer hackers, is reporting that a distributed denial-of-service (DDoS) attack on CNN.com is planned for 8 p.m. Beijing time, or 5 a.m. PT in the United States.

But the organizers themselves (Google translated page) appear to be waffling, and Jose Nazario of Arbor Networks reports that there has been little preattack activity … Read more

On Thursday morning, at this year's RSA Conference in San Francisco, Chris Boyd of Facetime and I will present a talk, "How to Adapt to the Echo Generation's Social Media Hacking Game." The following is a preview of that talk, presented in three parts. On Tuesday, we're looking at who are the Echo Generation hackers. Wednesday , we'll look at how they use online social media for hacks. And on Thursday, we'll talk about how Chris uses features of social networks and Web 2.0 to shut these kids down.

It's a world … Read more

Worried about online auction fraud? If you're a man you should be, according to the latest Internet Crime Complaint Center report (in PDF). On average, men lost more money to online fraud than women in 2007. Men also perpetrated most of the online crime, accounting for 75 percent of the total reports last year. And while the overall number of complaints declined when compared with previous years, the total dollar value in losses rose to a record high of $239 million in losses in 2007. That's $40 million more than in 2006.

The Internet Crime Complaint Center (IC3) … Read more

Owen Thor Walker, an 18-year-old bot herder from Whitianga, New Zealand, plead guilty on Monday to six charges resulting from a botched botnet upgrade that led to a 2007 denial-of-service attack on the University of Pennsylvania.

Walker plead guilty to two charges of accessing a computer for dishonest purposes; two charges of accessing computer systems without authorization; one of damaging or interfering with computer systems; and one of possessing software for committing a crime. He could face five years in jail. However, according to reports from The New Zealand Herald, Judge Arthur Tompkins is considering Walker's age and cooperation … Read more

Don't click on that silly April Fools' Day e-mail, says one security expert.

In a blog, Arbor Networks' Jose Nazario reports that within the last 24 hours he's seeing new releases of the Storm worm designed to take advantage of the first day of April. This new spam campaign is a lure to infect new computers that will become part of the larger Storm worm botnet.

The e-mail body is spartan: the words "Doh! April Fools" followed by a numeric URL. If a user clicks on that URL, the default Internet browser will open to a … Read more

Part of the Sequoia Voting Systems Web site was defaced and subsequently taken down on Thursday, according to a report in InfoWorld. As CNET prepared this blog, the entire Sequoia Voting System site was frequently inaccessible.

The defacement and subsequent takedown occurred Thursday morning on the company's Ballot Blog page. Sequoia is one of a handful of electronic voting companies used in the United States. It has in recent days come under fire for apparent discrepancies in voter tallies in last month's New Jersey primary election.

The Ballot Blog page on SequoiaVote.com had contained information from Sequoia … Read more

Details remain sketchy regarding Monday's announcement of 4.2 million credit card and debit cards exposed at a Maine-based supermarket chain. However, public comments made by Ronald Hodge, CEO of Hannaford Supermarkets, suggest that even with recent improvements in payment card transaction security, there may be holes.

The standards organization, PCI Security Standards International, was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. In October 2007, they implemented the PCI Data Security Standard (PCI DSS), which includes, among other things, network specifications. Dr. Neal Krawetz of Hacker Factor Solutions said that PCI DSS allows … Read more

Would you hire a former criminal hacker? Better question: would you elect a former criminal hacker to political office?

Credit goes to Brian Krebs over at the Washington Post's Security Fix blog for recognizing that Dmitri Ivanovich Golubov, a 24-year-old from Odessa, has started the "Internet Party of Ukraine." Golubov, whose hacker nickname is "Script," was arrested and even jailed in 2005 in connection with Carderplanet.com, a site that bought and traded credit and debit card credentials. After only six months in prision, Ukrainian politicians convinced a judge to set Golubov free.

What's … Read more

Harvard says about 10,000 of last year's applicants may have had their personal information compromised. At least 6,600 Social Security numbers were exposed. Worse, a compressed 125 M-byte file containing the stolen student data is currently available via BitTorrent, a peer-to-peer network.

In a statement published Monday night Harvard officials said the database containing summaries of GSAS applicant data for entry to the Fall 2007 academic year, summaries of GSAS housing applicant data for the 2007-08 and 2006-07 academic years, and administrator information had been compromised. The server had been taken offline for several days last month … Read more