30 December 2004 - Corporate Executives Engaging in CyberCrime
Corporate America faces a new kind of cracker. Information-technology
managers and chief technology officers-the people charged with
safeguarding corporate networks-are engaging in acts of digital
espionage. In the past two years, a half-dozen cases have hit
the courts, charging that technology executives have broken into
the computer systems of a rival. Keep the fingers of your competitors
off secrets you now store on hard drives and servers.
http://www.baselinemag.com/article2/0,1397,1744061,00.asp
30
December 2004 - Dutch Regulator Slaps Fines on Spammers
Dutch telecommunications regulator OPTA has imposed large fines
on three spammers; the Netherlands banned unsolicited email to
consumers in May, 2004. The fines ranged from 20,000 Euros to
42,500 Euros (approximately US$27,000 to US$57,000). One of the
scams used SMS (short messaging service) to send mail to mobile
phones. People who opened the mail were automatically charged
1.1 Euros (US$1.49). OPTA is coordinating an information sharing
effort within the EU to help cut down the volume of
spam; eight of 25 EU member nations have signed up for the program.
http://www.computerworld.com/printthis/2004/0,4814,98634,00.html
28
December 2004 - AOL Reports Significant Drop in Spam Volume
America Online said that it has seen spam drop significantly to
its customers. The average number of spam emails blocked daily
dropped from 2.4 billion in 2003 to 1.2 billion in late 2004.
AOL received 2.2 million spam complaints in November 2004, compared
with 11 million in November 2003. AOL users report spam by clicking
a "report spam" button. AOL says that anti-spam legislation
along with its spam filtering tools are responsible for the decline
in volume. Other Internet providers say they have not seen a decrease
in the amount of spam on their networks over the past year; this
may be attributable to AOL's aggressive stance regarding legal
action against spammers.
http://www.washingtonpost.com/ac2/wp-dyn/A30433-2004Dec27?language=printer
28
December 2004 - Iowa Man Pleads Guilty in Piracy Case
Jathan Desir, a 26-year-old Iowa man, has pleaded guilty to copyright
infringement and conspiracy to commit copyright infringement for
his part in a piracy operation that distributed music, games,
software and movies over the Internet. Desir will be sentenced
on March 18, 2005, and will face up to 15 years in prison. Desir
was caught through Operation Fastlink, which aims to curb digital
piracy on an international level. http://news.zdnet.com/2102-3513_22-5505610.html?tag=printthis
24
December 2004 - The Dirty Dozen Spamming Countries of 2004
Did you know that over 40% of all spam is sent from innocent third
party computers? Find out where the computers are around the world
which are spewing out the most spam in this report from Sophos,
and how you can ensure you are not adding to the problem.
http://www.sophos.com/spaminfo/articles/dirtydozenyear.html
21 December 2004 - Judge Refuses Guilty Plea in eMail Address
Theft Case
US District Judge Alvin Hellerstein refused to accept a guilty
plea from Jason Smathers, a former AOL employee who allegedly
stole and sold 92 million email addresses to spammers. Despite
the fact that Smathers had reached a plea agreement with federal
prosecutors, the judge said he was not convinced that Smathers
had deceived anyone by his actions. He cannot be prosecuted under
the CAN-SPAM Act if he did not intend to deceive anyone.
http://www.messagingpipeline.com/55801389
http://news.com.com/2102-1030_3-5499701.html?tag=st.util.print
21 December 2004 - Blood Bank Informs Donors of Possible Personal
Data Compromise
A California blood bank has sent letters to donors whose personal
information may have been compromised after one of the bank's
laptop computers was stolen. The information is protected by a
password and a series of steps necessary to open the database.
A California law requires organizations to notify customers whose
data may have been compromised in the event of a security breach.
The company has said it will no longer collect social security
numbers from donors and that it will revise the way it "handles
computer hardware and other sensitive equipment."
http://news.com.com/2102-1029_3-5500114.html?tag=st.util.print
20
December 2004 - Judge Awards Iowa ISP Damages in Spam Cases
A judge in Iowa has awarded a small ISP more than US$1 billion
in damages in a default judgment against three alleged spammers.
The enormous sum was determined under an Iowa law that levies
a $10 fine for
each spam email sent. It is unlikely the plaintiff will recover
any of the awarded damages.
http://www.theregister.co.uk/2004/12/20/isp_wins_1bn_damages_from_spammers/print.html
17
December 2004 - Lowe's Wardrivers Sentenced
Two men who broke into Lowe's wireless computer network and tried
to steal customer credit card numbers have received prison sentences
for their crimes. Though Brian Salcedo could have received a sentence
of up to 15 years under federal guidelines, his sentence was reduced
to 9 years because he helped Lowe's address the security problems
he had exploited. Adam Botbyl, an accomplice, received a 26-month
sentence to be followed by 2 years of court supervised release.
By compromising a Lowe's store wireless network in Southfield,
Michigan, the men were able to access to the company's central
computer system and other systems around the country. Salcedo's
sentence is the harshest ever handed down for a cyber crime in
the United States.
http://www.computerworld.com/printthis/2004/0,4814,98355,00.html
16
December 2004 - Phishing Attacks Increase in November
A newly released report from the Anti-Phishing Working group says
that phishing attacks were up 29% in November, nearly a third
higher than the figure for October. EarthLink and MSN were both
highly targeted in November. The US accounted for 27% of phishing
sites; China accounted for 21%.
http://asia.cnet.com/news/security/printfriendly.htm?AT=39209629-39037064t-39000005c
16 December 2004 - Australian Police Allowed to Use Spyware
to Gather Evidence
Australian legislators recently passed The Surveillance Devices
Act, allowing law enforcement to use backdoor and keystroke-logging
programs to gather evidence against suspected criminals. The warrants
to use the technology would be granted in cases where the offense
being investigated carries a sentence of three or more years.
Some critics of the act are concerned that it gives law enforcement
too much power; others are concerned that it conflicts with parts
of the country's Telecommunications Interception Act. Still others
fear that evidence gathered under the act would not be admissible
in court, as the computer in question has already been compromised
in order to install the spyware.
http://www.theregister.co.uk/2004/12/16/oz_police_surveillance/print.html
13
December 2004 - Healthcare Security group to Release HIPAA Compliance
Guidelines
The Healthcare Security Workgroup says it will release guidelines
to help health care organizations comply with the data security
requirements established by the Health Insurance Portability and
Accountability Act (HIPAA). The security provisions of the Act
take effect in April 2005.
http://www.computerworld.com/printthis/2004/0,4814,98232,00.html
13
December 2004 - Judge Throws Out Maryland's Anti-Spam Law
A Maryland judge has ruled the state's anti-spam law is unconstitutional
and tossed out a suit against a New York e-mail marketer, saying
the state law seeks to regulate commerce outside Maryland's borders.
http://www.msnbc.msn.com/id/6712615/
13 December 2004 - CAN-SPAM Has Not Reduced Spam Volume
The CAN-SPAM Act, which went into effect nearly one year ago,
has had no effect on the amount of spam in people's mailboxes;
in fact, spam volume has increased. Part of the reason for its
apparent lack of efficacy is that it relies on an opt-out model
that is counterproductive. CAN-SPAM has, however, provided a framework
to prosecute spammers. The Federal Trade Commission has filed
5 lawsuits under the act, and two states, Massachusetts and Washington
have each filed one suit under the act.
http://www.nwfusion.com/news/2004/121304canspam.html?fsrc=rss-security
10
December 2004 - Man Sentenced to 7 Years in Prison for DirecTV
Piracy
Martin Mullen has received a 7-year prison sentence after pleading
guilty to conspiracy to violate anti-piracy laws. Mullen apparently
ran an organization that sold smart cards that had been tampered
with to allow people to view DirecTV without paying. Mullen was
also ordered to pay US$24 million to DirecTV and NDS Ltd., the
company that makes the smart cards. Interestingly, NDS engineers
are working to crack a memory stick that was seized from Mullen
when he was arrested; the assistant US Attorney who prosecuted
Mullen says the government gave the memory stick and some other
evidence to NDS because the government did not have the facilities
to analyze the equipment.
http://www.securityfocus.com/printable/news/10103
8
December 2004 - Digital PhishNet Will Channel Phishing Information
to Law Enforcement
A group of ISPs, technology companies, banks and law enforcement
agencies have come together to help in the fight against phishing.
Called Digital PhishNet, the group's aim is to gather information
about phishing schemes as they occur and expedite the process
of getting that information to appropriate law enforcement agencies.
http://www.computerworld.com/printthis/2004/0,4814,98153,00.html
7
December 2004 - Trojan Horse Program Pretends to be Lycos Anti-Spam
Screensaver
A keystroke-logging Trojan horse program, known as Mdropper-IT,
has been circulating on the Internet in the guise of being Lycos
Europe's anti-spam screensaver that has recently garnered attention.
It arrives as an attachment and steals passwords, usernames, credit
card details and other sensitive personal data. Lycos Europe stopped
its campaign on December 3, 2004 due to criticism that the screensaver's
activities
were responsible for knocking sites offline.
http://news.com.com/2102-7349_3-5481674.html?tag=st.util.print
6
December 2004 - Internet Users Concerned About eCommerce and Banking
Security
A survey of 5,000 adult Internet users conducted by Gartner found
a growing concern with the lack of security on banking and e-commerce
web sites. More than 80% of the people surveyed said they would
be more likely to purchase from sites that require more than usernames
and passwords for account protection. Given choices among additional
authentication technologies, respondents favored the simple, such
as challenge and response features, over the more complex, such
as security software downloads, and multi factor authentication
like smartcards and USB tokens.
http://www.infoworld.com/article/04/12/06/HNdissatisfied_1.html
29
November 2004 - Cyber Attacks Are All About Money: Q&A with
FBI's Dave Thomas
Dave Thomas oversees the FBI's counter-terrorism and criminal
computer intrusion investigations. He provides a candid picture
of what the FBI is seeing in new types of attacks. He talks about
who is committing cyber crimes, where they are coming from geographically
and what is being done to prevent the crimes. Cyber criminals
are increasingly motivated by financial gain rather than mere
notoriety. "It used to be about access, but it's all about
money now."
http://www.nwfusion.com/supp/2004/cybercrime/112904qanda.html
19
November 2004 - Phishing Victims Still Learning the Hard Way
A compelling series of three articles about phishing include interviews
with nearly a dozen phishing victims underscores the rampant growth
of these attacks and what steps are being taken to mitigate the
problem. http://www.washingtonpost.com/ac2/wp-dyn/A59347-2004Nov18?language=printer
http://www.washingtonpost.com/ac2/wp-dyn/A59349-2004Nov18?language=printer
http://www.washingtonpost.com/ac2/wp-dyn/A61916-2004Nov19?language=printer
[Editor's Note (SANS): It is extraordinary that the Washington
Post.com journalists were able to find actual victims willing
to discuss what happened. Their stories bring the problem to life
for readers. If you have security awareness training in your organization,
these stories will be great handouts.]
19
November 2004 - New Sober Variant Spreading Rapidly
A new variant of the Sober worm began spreading late last week.
Sober arrives in an email attachment and uses its own SMTP engine
to spread to other email addresses it finds on the infected computer.
Machines running Windows 95, 98, ME, NT, XP, 2000 and 2003 are
vulnerable. It places two copies of itself on machines it infects.
http://www.techweb.com/article/printableArticle.jhtml?articleID=53700897&site_section=700028
17 November 2004 - FTC Alleges Mortgage Companies Violated
GLBA
The Federal Trade Commission has issued an administrative complaint
against one mortgage company and has reached a settlement agreement
with another regarding charges both violated the Gramm-Leach-Bliley
Act's Safeguard Rule. The rule requires financial companies to
provide reasonable protection for customers' personal and financial
data.
http://rismedia.com/index.php/article/articleprint/8396/-1/1/
17
November 2004 - Porno Trojan Preys on Sleazy Web Surfers
The Troj/Delf-IT Trojan horse redirects web browsers to a pornographic
website. The Troj/Delf-IT Trojan horse lurks in the background
on infected PCs, waiting for the user to visit webpages which
contain one of various adult phrases in their title. http://www.sophos.com/virusinfo/articles/delfit.htm
15
November 2004 - Spammer's Trial Reveals Mailing List Sources
Over the course of Jeremy Jaynes's trial, details emerged about
the spammer's activities. His mailing lists were a stolen AOL
customer database and an eBay customer database. He sent out 10
million emails a day on 16 high speed lines. http://www.informationweek.com/shared/printableArticle.jhtml?articleID=52601698
11
November 2004 - UK Online Bank Accounts Put at Risk by Trojan
Horse
Security researchers at Sophos have warned of a Trojan horse which
helps criminals break into the accounts of British internet banking
customers. http://www.sophos.com/virusinfo/articles/ukbanktrojan.html
10
November 2004 - Alleged Phisher Arrested in Boston
Boston police have arrested an alleged phishing scam artist. Andrew
Schwarmkoff has been arraigned on counts of fraud, larceny, identity
theft and receiving stolen goods. Schwarmkoff, who is alleged
to be a Russian mobster, was ordered held in lieu of US$100,000
bail.
http://www.techweb.com/article/printableArticle.jhtml?articleID=52600627&site_section=700028
8
November 2004 - Bofra-B worm poses as PayPal credit card purchase
Anti-virus experts at Sophos have warned users to be wary of unsolicited
emails appearing to come from PayPal, as they may be luring the
unwary into being infected by the W32/Bofra-B worm. The worm sends
emails pretending to be notification from PayPal of a $175 credit
card purchase. Find out what the emails look like now, and ensure
you are protected. http://www.sophos.com/virusinfo/articles/bofrab.html
8 November 2004 - BSA to Double Reward Cap for UK Whistleblowers
The Business Software Alliance has announced that it is doubling
the maximum reward it offers to people who inform them about UK
companies using pirated software. Whistleblowers will now receive
10% of the face value of the software recovered up to GBP20,000.
http://asia.cnet.com/news/industry/printfriendly.htm?AT=39200335-39037106t-39000003c
8
November 2004 - Study Shows IT Security Professionals Will Number
2.1 Million by 2008
A study conducted by IDC projects that the number of IT security
professionals worldwide will increase to 2.1 million by 2008,
a compound annual growth rate of 13.7% from 2003. In addition,
the study found that 93% managers responsible for hiring security
staff consider certifications to be important.
http://www.vnunet.com/news/1159247
8
November 2004 - Internet Scam "Mastermind" Sentenced
to Prison
An Australian judge has sentenced Nick Marinellis to at least
four years in jail for "masterminding" a Nigerian 419
scam in which he stole approximately AU$5 million (approximately
US$3.78 million) from his victims. Marinellis will not be eligible
for parole until February 28, 2008.
http://australianit.news.com.au/articles/0,7204,11319598%5E15331%5E%5
Enbv%5E15306%2D15318,00.html
5
November 2004 - Stolen Computers Contain Wells Fargo Customer
Data
Four computers stolen from Regulus Integrated Solutions LLS's
Atlanta office contain names, addresses, social security and account
numbers belonging to thousands of Wells Fargo student loan and
mortgage customers. Wells Fargo has notified affected customers
by mail and is offering a free year of its credit monitoring service.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10079221.htm?
template=contentModules/printstory.jsp
5
November 2004 - DDoS Boss on FBI's Most Wanted List
Saad "Jay" Echouafni, who allegedly hired people to
launch distributed denial of service attacks against business
competitors, has been placed on the FBI's most wanted list after
he apparently skipped bail, possibly fleeing to his home country
of Morocco. He is a fugitive from a five-count federal indictment.
Five men Echouafni allegedly hired to
orchestrate and conduct the attacks are headed for federal court.
http://www.securityfocus.com/printable/news/9870
5
November 2004 - Univ of Texas Student Indicted on Fraud Charges
for Alleged Data Theft
A federal grand jury has indicted Christopher Andrew Phillips,
a former University of Texas student, on charges he broke into
the university's computer system and stole personal data belonging
to more than 37,000 students, faculty and staff. Phillips's attorney
maintains his client had no criminal intent, that he did not use
any "hacking tools" and that the school's computer system
was not posted with "Do Not Enter" signs.
http://www.usatoday.com/tech/news/computersecurity/hacking/2004-11-05-ut-hack-charge_x.htm
4
November 2004 - New Phishing Tactic is Stealthy
MessageLabs has reported seeing what could become a new twist
in phishing scams. These emails contain a script that, once the
email is opened, rewrite host files to automatically redirect
users to phishing sites when they attempt to visit legitimate
banking sites. Traditionally, phishers' emails have required victims
to open an email
and then click on a link to the fraudulent web site. The only
banks that have been targeted thus far are three Brazilian banks.
Users can protect themselves from this particular attack by disabling
Windows Scripting Host.
http://www.computerworld.com/printthis/2004/0,4814,97213,00.html
4 November 2004 - Siblings Convicted of Spamming
Jeremy Jaynes and Jessica DeGroot have been convicted of sending
thousands of spam emails to AOL subscribers through the company's
servers in Virginia. The jury recommended that Jaynes receive
a 9-year prison sentence and that DeGroot, his sister, be fined
US$7,500; they will be formally sentenced early next year. A third
defendant in the
case was found not guilty.
http://www.computerworld.com/printthis/2004/0,4814,97229,00.html
1 November 2004 - Top ten viruses and hoaxes reported for October
Find out which viruses dominated the charts in the month of October,
and which email hoaxes continue to be spotted
by users around the world.
http://www.sophos.com/pressoffice/pressrel/uk/20041101topten.html
29
October 2004 - Two Oxford Students Suspended for Computer Network
Intrusion
Oxford University's Court of Summary Jurisdiction has suspended
two students on charges of breaking into the school's computer
network. Patrick Foster and Roger Waite wrote of their activities
in the Oxford Student newspaper, maintaining they wanted to expose
the security weaknesses in the computer system. The two feel the
punishment is too harsh and say they will appeal the decision.
http://news.bbc.co.uk/2/hi/uk_news/education/3966045.stm
28
October 2004 - Secret Service Undercover Investigation Nets 28
Alleged Identity Thieves
A US Secret Service undercover investigation code-named Operation
Firewall led to the arrest of 28 people in seven countries on
charges of identity theft, computer fraud, credit card fraud and
conspiracy. The group allegedly stole 1.7 million credit card
numbers and forged numerous identity-related documents, such as
licenses, birth certificates and passports. http://www.theregister.co.uk/2004/10/29/operation_firewall/print.html
26
October 2004 - Three Alleged AOL Spammers on Trial in Virginia
Three people are on trial in Virginia for allegedly using false
identities to send millions of unsolicited commercial emails to
AOL customers. Though the defendants are from North Carolina,
the trial is in Virginia the physical location of AOL's servers.
Virginia has the harshest anti-spam law in the country; if the
three are convicted of the charges against them, they could face
up to 15 years in prison.
http://www.securitypipeline.com/showArticle.jhtml;jsessionid=
2D1JARLSNIZ5CQSNDBCCKH0CJUMEKJVN?articleId=51200542&printableArticle=true
25
October 2004 - Company Tries to Gain Competitive Edge Through
Intrusion
In an example of what attorney Mark Rasch says is a growing trend
of cyber intrusion for profit, Getloaded.com accessed information
on Truckstop.com's web site, without authorization. Truckstop.com
had established a solid business of finding loads for long haul
truck drivers so they don't have to make return trips with empty
vehicles.
Getloaded.com wanted a piece of the action. Judge Andrew J. Kleinfeld
issued an opinion for the United States Court of Appeals for the
Ninth Circuit.
http://www.securityfocus.com/printable/columnists/273
25
October 2004 - Average Home User's PC Rife with Spyware, Weak
on Security
A survey from America Online and the National Cyber Security Alliance
found that the average home user's PC is not as secure as its
owner may think. The survey included an inspection of the computers
belonging to 329 respondents. Despite the fact that 77% of the
participants said they believed they were protected from security
threats, two-thirds lacked the combined protection of current
antivirus software and a firewall, though 85% do have anti-virus
software installed. 72% used their computers to conduct sensitive
personal business, such as banking or the transmission of medical
information. The inspections of the computers found 80% contained
multiple spyware programs, and 20% were infected with a virus.
http://www.usatoday.com/tech/news/2004-10-25-internet-security_x.htm
25
October 2004 - Red Hat Warns of Phony Patch Messages
Red Hat has published a warning about phony security alerts circulating
on the Internet; the messages purport to be a Red Hat patch for
a critical vulnerability but in fact contain malicious code. Red
Hat says all updates from them are digitally signed and that the
signature should be verified before anything is installed.
http://www.computerworld.com/printthis/2004/0,4814,96916,00.html
25
October 2004 - Malware Targets Mac OS X
The Opener or Renepo-A malware is a Mac OS X rootkit that includes
a keystroke logger and backdoors. Opener is a shell script requiring
superuser privileges for installation and is not spreading.
http://www.theregister.co.uk/2004/10/25/mac_rootkit_opener/
24
October 2004 - Judge Issues Restraining Order Against Alleged
Spammer
US District Judge Joseph DiClerico has issued a restraining order
against Stanford Wallace, known as the "Spam King,"
and his companies, ordering them to disable spyware programs.
A hearing is scheduled for November 9, 2004.
http://australianit.news.com.au/common/print/0,7208,11172502%5E15331%
5E%5Enbv%5E15306%2D15318,00.html
22
October 2004 - Seoul Government Bans Internet [Instant] Messenger
services
The Seoul (South Korea) Metropolitan Government has prohibited
its employees from using Internet [instant] messaging, chat services
and "connections to harmful Internet sites" in order
to guard against information leaks. ("protect internal information")
http://english.chosun.com/w21data/html/news/200410/200410220031.html
21
October 2004 - Brazil police arrest over 50 in phishing Trojan
investigation
Federal police in Brazil have arrested more than 50 people for
stealing money from internet bank accounts with a series of phishing
Trojan horses. Allegedly, in the region of $30 million is said
to have been stolen from online banking customers. http://www.sophos.com/virusinfo/articles/brazilarrest.html
20
October 2004 - Singapore Likely to Increase Penalties for Piracy
Singapore's parliament is considering amendments to the country's
Copyright Act which would impose a maximum sentence of 6 months
in jail and a fine of S$20,000 (US$12,000) for people convicted
of Internet piracy for the first time. Repeat offenders would
face three years in jail and fines of S$50,000 (US$30,000). The
amendments are likely to pass in mid-November and become law on
January 1, 2005.
http://australianit.news.com.au/common/print/0,7208,11127694%5E26199%5E%5Enbv
%5E15306%2D15319,00.html
19
October 2004 - ID theft, phishing altering online habits
Consumers, increasingly fearful of identity theft, want more security
before they'll engage in online banking and other Internet-based
services, according to a survey released Tuesday.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1017458,00.html?track=NL-
358&ad=495384
19
October 2004 - Man sentenced to 2 1/2 Years in Prison for Accessing
Computer Systems
Daniel Baas has been sentenced to 2 1/2 years in prison for breaking
into business and law firm computer systems to access legal documents,
financial data and other material that he copied for himself.
Baas pleaded guilty to unauthorized computer access. Baas is also
awaiting sentencing for his role in breaking into Acxiom Corp.'s
computer system.
http://www.cincypost.com/2004/10/19/baas101904.html
18
October 2004 - 12 Arrests Made in Hong Kong Phishing Scheme
Law enforcement officials have arrested 12 people in connection
with a phishing scheme in Hong Kong that allegedly resulted in
the loss of HK$600,000 (approximately US$77,000). Six of the suspects
have been charged with theft and face sentences of up to 10 years
in jail if they are convicted.
http://www.theregister.co.uk/2004/10/18/hk_phishing/print.html
16
October 2004 - NZ Health Ministry Official Sentenced to 3 Years
in Jail for Cyber Theft
New Zealand Health Ministry employee John Denison has been sentenced
to 3 years in jail for breaching the security of the Ministry's
banking system and diverting $2.15 million to his own account,
established with fictitious documents. Wellington District Court
Judge Robert Kerr has suppressed details of Mr. Denison's attack.
http://australianit.news.com.au/common/print/0,7208,11087415%5E15331%5E%5E
nbv%5E15306%2D15318,00.html
15
October 2004 - UK Court Charges Four in Large Phishing Scheme
A London court has charged four Eastern European people with phishing,
marking the first case in which charges have been brought against
people for phishing, according to Britain's National Hi-Tech Crime
Unit (NHTCU). The four, who allegedly defrauded banks of a considerable
amount of money, are scheduled to appear at a preliminary hearing
on October 21.
http://www.theregister.co.uk/2004/10/15/phishing_charges/print.html
12
October 2004 - Business Software Alliance Annual Sweep Brings
in Millions
The Business Software Alliance's most recent anti-piracy sweep
netted more than US$2.2 million in out-of-court settlements with
25 companies. The watchdog group seeks out companies that are
using software in violation of licensing agreements and copyright
laws. The money will be put toward educational initiatives, such
as a campaign aimed at children to discourage them from using
peer-to-peer networks for trading copyrighted material. http://news.zdnet.com/2102-3513_22-5406668.html?tag=printthis
12
October 2004 - DOJ Would Like to See Intellectual Property Laws
Revamped
The US Department of Justice released a report singing the praises
of both the Piracy Deterrence and Education Act, which makes it
a crime to use certain file sharing products, and the Induce Act,
which would allow lawsuits to be brought against companies whose
products "induce" people to illegally trade copyrighted
materials. The DoJ report calls for significant changes to US
intellectual property law, maintaining that piracy through peer-to-peer
file sharing networks is a significant problem.
http://news.zdnet.com/2102-9588_22-5406654.html?tag=printthis
12
October 2004 - Funner Worm
The Funner worm spreads by sending itself to contacts it finds
in Microsoft's MSN Messenger; it then modifies the registry and
overwrites hosts file entries.
http://www.computerworld.com/printthis/2004/0,4814,96606,00.html
11
October 2004 - Alleged Spammer Settles Case with Massachustts
AG
DC Enterprises and its owner William Carson have settled a case
brought by Massachusetts Attorney General Tom Reilly alleging
that the company and Carson violated the CAN-SPAM Act and the
Massachusetts Consumer Protection Act by sending out unsolicited
commercial email that did not provide valid opt-out provisions.
The case is the first to be brought under CAN-SPAM in the state
of Massachusetts. Carson and DC Enterprises will pay US$25,000
and will cease to violate the CAN-SPAM Act and Massachusetts mortgage
broker and advertising laws. http://news.zdnet.com/2102-9588_22-5406062.html?tag=printthis
11
October 2004 - South Korean Police Arrest Prolific Cyber Criminal
The Cyber Terror Response Center of South Korea's National Police
Agency has arrested a man who allegedly broke into 1,152 computer
systems since March 2003. The man, who has been identified only
as Lee, used to work at an information security company. Police
are investigating the possibility that he may have sold information
he accessed through his break-ins.
http://english.chosun.com/w21data/html/news/200410/200410110016.html
4 October 2004 - Malicious JPEG File Posted on Newsgroups
A malicious JPEG file has been posted on some newsgroups; code
embedded in the file attempts to exploit a recently disclosed
JPEG flaw which could allow attackers to gain control of infected
machines.
http://www.informationweek.com/story/showArticle.jhtml?articleID=49400063&tid=6004
4
October 2004 - Sony Japan Will Stop Making CDs with Copy Protection
Citing an increased awareness of copyright and piracy issues as
well as more stringent laws to punish violators, Japan's Sony
Music Entertainment will stop incorporating copy protection into
their CDs. It is also probable that customer dissatisfaction with
the arrangement factored into the company's decision.
http://www.theregister.co.uk/2004/10/01/sony_copy-control_cd/print.html
4
October 2004 - North Korea Has Trained 500+ in Cyber Warfare,
Says Report
According to a South Korean Defense Ministry report, North Korea
has trained more than 500 people in cyber warfare tactics. The
cyber troops reportedly went through a five-year training course
focusing specifically on infiltrating computers in South Korea,
Japan and the US.
http://www.channelnewsasia.com/stories/afp_asiapacific/print/109911/1/.html
2
October 2004 - Yoran Resigns DHS Cyber Security Position
DHS National Cyber Security Division director Amit Yoran has resigned
his position as of September 30. Yoran, who held the position
for one year, said he has achieved his goals: building the division
and US-CERT. Some say Yoran's resignation points to the need to
elevate the position within DHS.
http://www.washingtonpost.com/ac2/wp-dyn/A64915-2004Oct1?language=printer
30
September 2004 - RIAA Files 762 New Suits
The Recording Industry Association of America (RIAA) has filed
against 762 people for allegedly trading music over the Internet
and violating copyrights. The defendants are unnamed, identified
only as "John Doe" and by an IP address; this allows
the RIAA to seek subpoenas that would require ISPs to reveal their
customers' names. Individuals at 26
universities and colleges across the country have been named as
defendants, but the RIAA has not filed suits against the schools
themselves.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9802911.htm
?template=contentModules/printstory.jsp
[Editor's Note (SANS): See this story for raids on P2P in the
island nation of Iceland. Bandwidth usage on the island nation
apparently dropped 40% as word of the raids spread.
http://www.theregister.co.uk/2004/09/30/p2p_raids_iceland/
29
September 2004 - Man Pleads Guilty to Spamming Through Hijacked
Wireless Accounts
Nicholas Tombros has pleaded guilty to sending spam through other
people's wireless accounts which he accessed without authorization.
Tombros pleaded guilty to one felony count; when he is sentenced
on December 27, he could face up to six months in jail. The case
is believed to be the first criminal conviction under the federal
CAN-SPAM Act.
http://www.securityfocus.com/printable/news/9606
28
September 2004 - Governor Schwarzenegger Signs Anti-Spyware Bill
California Governor Arnold Schwarzenegger has signed a bill which
makes it illegal to install spyware on computers without authorization.
The legislation would allow people to sue those responsible for
installing the software for damages. The bill also prohibits keystroke-logging
and software which takes control of others' computers in order
to send spam or spread malware. the bill has been criticized for
being "toothless."
http://news.zdnet.com/2102-1009_22-5388122.html?tag=printthis
28
September 2004 - House Passes Piracy Deterrence and Education
Act
The US House of Representatives has passed the Piracy Deterrence
and Education Act of 2004, which expands the scope of file traders
who may be prosecuted for their actions from those who "willingly"
share
copyrighted material to those who "knowingly" do so.
http://www.infoworld.com/article/04/09/28/HNusfiletrading_1.html
28
September 2004 - UCLA Will Warn Students About Copyright Infringement,
but Won't Snoop
The University of California at Los Angeles (UCLA) is using a
system to warn students who have been identified as pirating copyrighted
digital content, like movies and music, but the school has chosen
to stop short of actually snooping on the students' activity,
saying doing so would violate their privacy.
http://news.com.com/2102-1027_3-5387859.html?tag=st.util.print
28
September 2004 - Security violations lead to terminations
The
best medicine for those who violate patient privacy is a pink
slip and full press coverage, according to the CIO for several
prestigious medical institutions.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1009790,00.html
?track=NL-358&ad=493227
24 Sept 2004 - Microsoft Files Suits Against Alleged Spammers
and Web Hosting Company
Microsoft has filed lawsuits against eight individuals and one
web hosting company for their alleged involvement in sending spam.
Microsoft attorney Aaron Kornblum said the suit against the web
hosting company marks the first time action has been taken against
a web host that "caters to spammers."
http://security.itworld.com/4368/040923mssuit/pfindex.html
24
September 2004 - Networked Photocopiers' Content Can Be Exposed
on Google
Carefully crafted searches on Google can reveal login details
for photocopiers that are network connected; attackers can use
the information to see what is being copied. Organization security
staff should check Google regularly for cached information on
company domain names; Google will remove information if requested.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39167848-39020375t-10000025c
23
September 2004 - Ernst & Young's 2004 Information Security
Survey
Ernst & Young's 2004 Information Security Survey, which includes
data from 1,233 organizations, found that most concentrate on
external security threats, like viruses and worms, but neglect
insider security threats. Respondents named lack of user security
awareness the top impediment to information security, yet only
28% of respondents named user education as a top priority for
the coming year. Ernst & Young recommends that organizations
create a security-conscious environment from the top down, with
management leading by example. http://www.theregister.co.uk/2004/09/23/insider_risk/print.html
http://www.vnunet.com/news/1158301
[SANS Editor Note (Northcutt): A dollar invested in awareness
training yeilds far more results than buying yet another security
gadget.]
23
September 2004 - BSA Has 700 Active Piracy Investigations in U.S.
Though the incidence of software piracy has dropped from 50% to
33% over the last 10 years, the Business Software Alliance still
keeps busy; the software publishers watchdog organization presently
has 700 active investigations in the United States. The penalties
for companies using pirated software can add up: copyright holders
can sue for damages and profits, as well as for statutory damages
of as much as US$150,000 per
instance of piracy. http://www.computerworld.com/printthis/2004/0,4814,96109,00.html
21
September 2004 - FDIC Issues Instant Messaging Guidelines
The Federal Deposit Insurance Corporation (FDIC) has issued instant
messaging (IM) guidelines which, while intended for organizations
within the financial industry, are sensible enough for companies
in any industry to adopt. The guidelines include setting up firewalls
to block incoming and outgoing public IM traffic, creating rules
to block IM delivery and file sharing and deploying strong antivirus
and patch management programs.
http://www.fdic.gov/news/news/financial/2004/fil8404a.html
20
September 2004 - Man Arrested in Connection with Cisco Source
Code Theft
UK police arrested a 20-year-old man on September 3 in connection
with the theft of Cisco source code. The man was arrested in the
wake of raid on several homes; investigators are examining property
confiscated during the raids, including a number of PCs. More
than 800MB of Cisco source code was posted to a Russian security
site in May of this year.
http://news.bbc.co.uk/1/hi/technology/3672242.stm
http://news.com.com/2102-7349_3-5371807.html?tag=st.util.print
17
September 2004 - Father and Son Sentenced in Software Piracy Case
A criminal court in Stuttgart, Germany has sentenced two men two
men on charges of piracy of Microsoft software. Dieter Rimmele
received a sentence of three years without parole; his father,
Hubert Rimmele, received a 16-month jail sentence and was ordered
to perform 100 hours of community service. Several days later,
German police arrested four people for allegedly selling pirated
software, movies, games and music over the Internet. http://www.computerworld.com/printthis/2004/0,4814,95908,00.html
17
September 2004 - USD87 Million Worth of Pirated Software Seized;
11 Indicted
A two-year investigation has culminated in conspiracy charges
being brought against 11 people in what is possibly the largest
seizure of pirated software in the US. The software and accompanying
documentation have an estimated value of USD30 million, and could
be as much as USD87 million. All 11 have been indicted and were
scheduled to appear before a judge on Monday, 20 September. If
they are convicted, they face federal prison sentences of between
15 and 75 years.
http://seattlepi.nwsource.com/business/191178_msftcounter17.html
http://www.nwfusion.com/news/2004/0916fbiseize.html
17
September 2004 - FTC Considers Offering Bounties for Spammer Convictions
The US Federal Trade Commission would like to be able to prosecute
more spammers, but given the lack of admissibility of much of
the evidence they use in identifying spammers, this has proven
problematic. What they need is hard, admissible evidence, probably
provided by an insider. Such evidence would likely be provided
only if there were a bounty program, much like Microsoft's $250,000
bounty for the successful prosecution and conviction of malware
authors.
http://www.silicon.com/research/specialreports/thespamreport/print.htm?
TYPE=story&AT=39124098-39025001t-40000011c
16
September 2004 - Some LANL Employees Lose Jobs, Others Cleared
or Demoted
Of the 23 people suspended from their jobs at Los Alamos National
Laboratory (LANL) this summer in the wake of an investigation
triggered by security problems, four have been fired, one is likely
to resign, 7 have been demoted, 10 have been cleared of any wrongdoing
and one is still on investigative leave.
http://www.theregister.co.uk/2004/09/16/los_alamos_sackings/print.html
http://www.wired.com/news/print/0,1294,64973,00.html
15
September 2004 - Phishers Target Gmail Accounts
Some phishers are now trying to steal Gmail accounts. The phishing
email informs Gmail users that they can invite friends to sign
up for a Gmail account if they fill out a form that includes their
Gmail address and password. Gmail accounts are in demand because
of their limited availability. Google does send out free invitations
for users to send to friends, but all the users need to do is
click on a button, rather than providing their personal account
information.
http://news.com.com/2102-1032_3-5367986.html?tag=st.util.print
15
September 2004 - Man Pleads Guilty in Identity Theft Case
Former Teledata employee Philip Cummings has pleaded guilty to
one count each of conspiracy, fraud and wire fraud for his role
in an identity theft scheme. Cummings's position at Teledata gave
him access to user names and passwords which allowed him and his
alleged accomplices to access and download credit reports from
all three major credit bureaus. His sentencing is scheduled for
January 11; he could receive a maximum prison term of 50 years.
Cummings and an alleged accomplice stole more than 30,000 credit
reports. Two other alleged conspirators are scheduled to go to
trial on November 3.
http://www.computerworld.com/printthis/2004/0,4814,95941,00.html
http://www.msnbc.msn.com/id/6001526/
11
September 2004 - PWC/CIO Magazine 2004 State of Information Security
Study
The 2004 State of Information Security study from PricewaterhouseCoopers
and CIO Magazine found that North America and Europe led South
America and Asia in security and best practice implementation.
64% of the companies surveyed said they expected security spending
to increase this year. The study was conducted online in late
March and April 2004; more than 8,000 CIOs, CFOs, CEOs, VPs and
directors of IT and security from 62 countries responded to the
survey.
http://www.itsecurity.com/tecsnews/sep2004/sep143.htm
8 September 2004 - Singapore Bank is Latest Phishing Mark
Phishers have targeted customers of Singapore's OCBC Bank Internet
banking service. OCBC said that the phony site which was being
used to try to steal customers' account information has been shut
down. OCBC has notified the police and the Monetary Authority
of Singapore.
http://asia.cnet.com/news/security/printfriendly.htm?AT=39192847-39037064t-39000005c
8 September 2004 - Savvis Shuts Down Spammers' Service
St. Louis, MO-based Savvis Communications, an international Internet
service provider, says it will cancel service for about 40 customers
who are known to be using the network to send spam. Savvis made
the decision only after pressure from anti-spam organizations.
The company had, according to leaked internal memos, known about
the problem for several months but had dragged its feet about
doing something to remedy the situation because it would feel
a financial pinch.
http://www.computerworld.com/printthis/2004/0,4814,95769,00.html
http://www.infoworld.com/article/04/09/08/HNleakedmemos_1.html
8
September 2004 - House Committee Approves Anti-Piracy and Spyware
Measures
The House Judiciary Committee has approved the Piracy Deterrence
and Education Act of 2004 which, if enacted, would impose a sentence
of up to five years for people convicted of illegally sharing
copyrighted music and movies over the Internet. The bill will
next head to the House for debate. The committee also approved
the Internet Spyware Prevention Act of 2004, a measure which criminalizes
the act of placing spyware on people's computers without their
express permission.
http://www.washingtonpost.com/ac2/wp-dyn/A6091-2004Sep8?language=printer
8 September 2004 - How Hackers Infect PCs To Spread Spam and
Steal Money
In a landmark study of the economics and techniques of hackers,
two top reporters from USA Today have painted a vivid picture
of what is really going on in cyber crime today and how it involves
millions of home and business users. This article is the first
of two parts. Part One vividly illustrates the problem and ends
with the challenge: "Consumer outrage needed." On Thursday,
September 9, Part Two shows that the problem will just get worse
if vendors and ISPs continue to refuse to do their fair share
to reduce the risk.
http://www.usatoday.com/money/industries/technology/2004-09-08-zombieuser_x.htm
3
September 2004 - California State University Hard Drive was Probably
Thrown Away
The disappearance of a hard drive containing the names, addresses
and social security numbers of 23,000 students, faculty and staff
at California State University campuses has prompted university
officials to contact everyone whose information may have been
exposed, as required by a new state law. All those affected received
letters though there have been no reports of identity theft; a
police investigation concluded that the drive in question was
probably thrown away by mistake rather than stolen.
http://www.computerworld.com/printthis/2004/0,4814,95690,00.html
3
September 2004 - Man Receives Three Year Sentence for Software
Piracy
Alexander Tobolsky has been sentenced to just over three years
in prison for copyright infringement. Mr. Tobolsky sold pirated
copies of Intuit financial software over the Internet.
http://www.itsecurity.com/tecsnews/sep2004/sep58.htm
30
August 2004 - Man Enjoined from Spamming Verizon Wireless Customers
Verizon Wireless has won a permanent injunction against a Rhode
Island man who allegedly sent a plethora of spam text messages
to the company's customers. According to the ruling, Jacob Brown
is prohibited from sending any more messages to Verizon Wireless
customers.
http://zdnet.com.com/2102-1105_2-5329820.html?tag=printthis
27 August 2004 - Operation Web Snare Leads to 150 Arrests
Sophos has welcomed the US authorities' firm action against suspected
spammers, phishers and other cybercriminals in "Operation
Web Snare". Read more about the arrests made so far.
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=6082393
http://www.sophos.com/spaminfo/articles/opwebsnare.html
27
August 2004 - Trojans Target British Banking Customers
Experts at Sophos have warned computer users about Trojan horses
that try to steal account details from users of a number of British
online banks. http://www.sophos.com/virusinfo/articles/tofger.html
27
August 2004 - Australian PM Admits Hiring Son to Send Political
Spam to Voters
Australian Prime Minister John Howard admitted he hired his son's
company to send out political spam to voters. Some are saying
that Howard has violated the country's anti-spam laws. While the
laws prohibit the sending of unsolicited commercial email, charities
and political groups are exempt. However, Howard's use of his
son's company, which is commercial, violated "the spirit,
if not the letter of the anti-spam laws," according to opposition
spokeswoman Kate Lundy.
http://www.theregister.co.uk/2004/08/27/pm_spam_slam/
26
August 2004 - Study Says Insider Attacks Don't Require Great Technical
Expertise
A Secret Service and CERT Coordination Center study of insider
attacks at financial institutions found that most attacks did
not require much "technical sophistication"; in fact,
87% of the attacks were made using "simple, legitimate user
commands." In addition, most attacks were driven by desire
for financial gains and were planned -- in 85% of the cases, someone
else knew about the plan to launch an attack. The study took into
account 26 attacks at financial services providers that occurred
between 1996 and 2003.
http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=27074
http://www.vnunet.com/news/1157662
26
August 2004 - Phishers Target German Banks' Customers
Phishers have begun targeting customers of German banks; there
have been reports that customers of Postbank and Deutsche Bank
have received phony email messages that try to trick them into
revealing account and PIN numbers. No bank customers have lost
money though some have come close. Two Postbank customers nearly
lost 21,000 Euros between them, but the transactions were caught
-- one by a customer and the other by the bank.
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=6080450
http://www.computerworld.com/printthis/2004/0,4814,95471,00.html
26
August 2004 - Winamp Flaw Allows Spyware Onto Computers
Adware makers can exploit a flaw in Winamp to place their stealth
programs on people's computers. The problem stems from the fact
that Winamp allows skin files to run programs. Winamp is a digital
music player made by Nullsoft, an AOL subsidiary. The company
is aware of the vulnerability but has not yet come up with a fix.
http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39191393-39000005c
26
August 2004 - DoJ Seizes Property in P2P Network Investigation
The Justice Department executed search warrants in three states
and seized computers and other equipment as part of a investigation
into a peer-to-peer network that was sharing copyrighted movies.
music and games. The Underground Network, which is the focus of
this investigation, is managed by hub computers that restricted
who could participate. http://www.eweek.com/print_article/0,1761,a=134097,00.asp
24
August 2004 - International Effort Breaks Worldwide Piracy Ring
More than 100 people have been arrested worldwide in connection
with an on-line piracy ring. The arrests were the result of a
cooperative effort between the UK, the US, Australia, Poland and
Slovakia. Ring members apparently broke into computers at academic
institutions and used their disk space to serve the pirated content.
http://www.theregister.co.uk/2004/08/24/anti-piracy_swoop/
http://www.reuters.com/newsArticle.jhtml?storyID=6056939
24
August 2004 - Former Employee Faces Prison and Fine for Alleged
Intrusion
Patrick Angle of Columbus, Indiana has been charged with breaking
into the computer system of his former employer, Varian Semiconductor
Equipment Associates Inc. Angle allegedly broke into the system
when he discovered his contract was going to be terminated, then
allegedly deleted source code for software he had been developing.
He also allegedly altered log information. Varian was able to
recover the lost data from backup systems at a cost of USD 26,455.
If he is convicted of the charges against him, Angle could face
a ten-year prison sentence as well as a fine of up to USD 250,000
plus restitution.
http://www.computerworld.com/printthis/2004/0,4814,95450,00.html
24
August 2004 - Report Shows Which Countries Export The Most Spam
Sophos researchers have identified which countries are pumping
out the most spam. Find out which country is the worst offender,
and how innocent unprotected computers are adding to the spam
problem.
http://www.sophos.com/spaminfo/articles/dirtydozenaug04.html
24
August 2004 - Is Your Webcam Spying on You?
The Rbot-GR worm can take over webcams, and may be secretly spying
on you in your home or office. Read more now and ensure you are
properly protected.
http://www.sophos.com/virusinfo/articles/webcam.html
23
August 2004 - MPAA Files Suits Against DVD Chip Manufacturers
for Illegal Sales
The Motion Picture Association of America (MPAA) has filed lawsuits
against two DVD-chip manufacturers, Sigma Designs and MediaTek,
for allegedly selling chips to companies that are breaking copy
protection rules. The products in question include features that
are not allowed under the general DVD technology license. Furthermore,
selling the chips to those companies violates the terms of the
license Sigma and MediaTek had to sign in order to manufacture
the chips in the first place.
http://news.com.com/2102-1025_3-5321084.html?tag=st.util.print
23
August 2004 - Cyberharassment Q & A
This article defines cyberharassment and cyberstalking, offers
advice for avoiding becoming a victim and discusses how current
law views cyberharassment and cyberstalking.
http://www.securitypipeline.com/showArticle.jhtml?articleId=29116803&printableArticle=true
23
August 2004 - IM Adoption Slowed by Security, Compatibility Concerns
Businesses are slow to adopt instant messaging due to a lack of
interoperability and security concerns, according to the Yankee
Group.
http://searchsecurity.techtarget.com/originalContent/
0,289142,sid14_gci1001647,00.html?track=NL-358&ad=490230
20
August 2004 - RIAA Suits Against Individuals Proceeding
The Recording Industry Association of America (RIAA) continues
to pursue lawsuits against individuals for copyright violations
in which music is illegally downloaded. While people would like
to fight the lawsuits, they more often than not find it too expensive
and end up settling with the RIAA. Nearly 4,000 people have been
sued since the RIAA began filing the suits in September 2003.
http://www.securityfocus.com/printable/news/9374
20
August 2004 - Study: Organizations Not Taking Mobile Device Security
Concerns to Heart
According to a study from Forrester Research, most organizations
have not put mobile device management systems in place despite
the security threats the devices pose. Of the companies surveyed
for the study, only
9% had deployed systems to manage mobile devices; an additional
20% were piloting or planned to deploy a management plan.
http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=PEDNWSJF51YMUQSNDBCCKHY?
articleId=29116607&printableArticle=true
19
August 2004 - New AIM Trojan Steals Financial Data
A new variant of Download.ject is threatening AIM users, opening
backdoors and stealing financial data.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1001648,00.html?track=NL-
358&ad=490230
18
August 2004 - Unpatched PCs Infected In Minutes
New, unpatched and unprotected computers survive only about 20
minutes before being exploited. Last year the survival time was
nearer 40 minutes. http://www.gcn.com/vol1_no1/daily-updates/26967-1.html
13
August 2004 - UK Police Warn of Phishing Scam that Uses Key-Logger
Trojan
The UK's National Hi-Tech Crime Unit (NHTCU) has issued a warning
about a key-logging Trojan horse program that attempts to steal
online banking account numbers and PINs. Phishers send out spam
email that appears to be an invoice and provides a link for recipients
to view more details about the order. The link in fact leads to
a site that downloads a Trojan horse program onto vulnerable computers.
http://www.vnunet.com/news/1157314
http://www.theregister.co.uk/2004/08/13/trojan_phish/
12
August 2004 - Teenager Pleads Guilty to Creating and Spreading
Blaster-B
19-year-old Jeffrey Lee Parson has pleaded guilty in federal court
to creating and distributing the Blaster.B worm one year ago this
month. Parson also admitted he added a Trojan horse program to
Blaster.B that let him gain access to infected computers. He could
face a prison term of up to just over three years when he is sentenced
in November, and may also be required to pay millions of dollars
in fines. http://www.computerworld.com/printthis/2004/0,4814,95199,00.html
12
August 2004 - Copier Security
As copiers gain functions like the ability to scan, fax and store
documents, they become increasingly vulnerable to cyber attacks.
Embedded operating systems in copiers make them vulnerable to
