Effective
Professional
Affordable



InfoSec in the News
(Archives)

2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001 and earlier

Most of these news stories could have been prevented with an effective security awareness program or they promote the use of security awareness.
Also visit our News Archives for older stories

Subscribe to the following e-mail lists for even more stories:

SANS NewsBites

Security Wire Digest

28 December 2006 - Coast Guard Personnel Required to Complete Anti-Phishing Training
All Coast Guard personnel who use its computer network will be required to take training on how to avoid being victims of phishing attacks. The requirement follows the Defense Department's mandate that all personnel take spear phishing awareness training by January 17, 2007.
http://www.fcw.com/article97216-12-28-06-Web&printLayout

27 December 2006 - Utah Valley State College Data Breach
The names, SSNs and other personally identifiable information of approximately 15,000 Utah Valley State College (UVSC) students and faculty were inadvertently made available on Yahoo for about six weeks in November and December of this year. The data belong to students and faculty who participated in the college's distance education program between January 2002 and January 2005. UVSC removed the files from its servers as soon as it became aware of the situation. The school plans to notify all individuals affected by the data security breach.
http://www.sltrib.com/news/ci_4906175

27 December 2006 - Man Fired After Seeking Help to Change College Grades
A man who worked as communications director for US representative Denny Rehberg (R-Mont.) has been fired after trying to hire people to break into the computer system of his alma mater, Texas Christian University (TCU), and change his grades. Todd Shriber was concerned that his school records were not strong enough to ensure his acceptance to graduate school. Shriber's online request was met with responses from individuals who never intended to conduct the attack and warned him repeatedly that what he was asking them to do was in violation of federal law. The pair warned Shriber that the scheme had been detected and advised him to "duck and run" though they never attempted to infiltrate TCU's computer system.
http://www.dfw.com/mld/dfw/news/16327059.htm?template=contentModules/printstory.jsp

27 December 2006 - Indiana Hospital Notifies Patients of Data Theft
Deaconess Hospital in Indiana has sent letters to 128 patients, notifying them that their personal information was contained in a laptop computer that has been missing since late November. There is no
evidence the information has been misused; the data include Social Security numbers (SSNs). The hospital is mulling over security improvements, including encryption software and providing places to lock
up computers.
http://www.courierpress.com/news/2006/dec/27/patients-warned-of-possible-identity-theft/

26 December 2006 - Phishing Likely Behind Theft of Michigan County Funds
The theft of funds from Oceana County (Michigan) bank accounts is believed to be the result of a county employee responding to a phishing email and providing information needed to access the county's accounts. The theft was detected on November 7, 2006; within two days, affected accounts were closed and reopened with new numbers. The FBI is investigating and the Oceana county clerk and treasurer are implementing new security procedures. County Board members have expressed their displeasure with the situation, and listed examples of careless work behavior, including personnel leaving computers on when they leave the office during the day and using work computers for personal matters. The county staff was warned twice about phishing attacks earlier in the fall.
http://www.mlive.com/news/muchronicle/index.ssf?/base/news-0/116714610359880.xml&coll=8


23 December 2006 - Stolen Computer Tapes Hold Insurance Records
Computer tapes stolen during a burglary in Massachusetts are believed to hold personally identifiable information of approximately 42,000 New York City employees. The data include names and SSNs. The burglary took place at the offices of Concentra Preferred Systems, a vendor working with Group Health Insurance, Inc. Concentra also provides auditing for Aetna, who acknowledged approximately 130,000 customers across the country were affected by the breach as well.
- Link removed -

22 December 2006 - Data Security Breaches Top Execs' List of Concerns
According to a Harris Interactive poll conducted in September, corporate executives at large companies place data security breaches and terrorism at the top of their list of concerns. Just nine percent of the 197
senior executives surveyed said they are not concerned about data security. Executives say they are also worried about corporate malfeasance.
http://www.techweb.com/wire/196701706

22 December 2006 - Prison Sentences for Two Malware Gang Members
Two German men have received prison sentences for their roles in a scheme to manipulate PCs into dialing premium rate telephone numbers. The two are part of a larger gang that netted approximately 12 million Euros (US$15.75 million) in a 14-month period between 2002 and 2003 by infecting more than 100,000 computers with malware that dialed the numbers.
http://www.theregister.co.uk/2006/12/22/german_porn_trojan_duo_jailed/print.html

21 December 2006 - Boeing Taking Steps to Improve Data Security
Following the November 2005 theft of a laptop computer containing information on 161,000 current and former Boeing employees, the company instructed workers to remove sensitive data from laptop hard drives; managers were instructed to check that this was done. Employees were also told that if sensitive data are on a laptop, they should be encrypted. Boeing is moving away from using Social Security numbers (SSNs) as unique personal identifiers and has begun deploying software that will automatically encrypt data saved to company laptops' hard drives. Another Boeing laptop containing information of 382,000 current and former employees was stolen in early December; the employee from whom that computer was stolen was fired for violating company policy.
http://www.techweb.com/showArticle.jhtml?articleID=196701493

21 December 2006 - Nissan Customer Database Leak
Nissan has acknowledged that information from its customer database may have been leaked. The auto manufacturer plans to notify the approximately 5.38 million affected customers. Nissan plans to implement additional security measures in 2007, including physical security monitoring of secure areas and software to monitor databases and track all access to the databases.
http://www.forbes.com/markets/feeds/afx/2006/12/21/afx3276888.html

18 December 2006 - Government Agencies to Test Employees with Phishing Attacks
US military services and several agencies will use penetration testing software to "launch diagnostic phishing attacks against their own workers." The goal is to see how well government employees follow email security policies. The software can be used for general phishing attacks as well as spear phishing attacks, which are aimed at specific targets. Agencies planning on using the software include the National
Institute of Standards and Technology, the Department of Homeland Security, the Department of Veterans Affairs, and the Departments of Labor, Energy and Agriculture.
http://www.fcw.com/article97147-12-18-06-Web&printLayout

15 December 2006 - Microsoft Wins Summary Judgment Against Man for Selling Spam Lists
A UK court granted a summary judgment against a man who was selling lists of email addresses for use in spamming schemes. A lawsuit filed by Microsoft alleged that Paul Martin McDonald's sale of the lists violated the Privacy and Electronic Communications Regulations. A summary of the case indicates the judge found that "the evidence plainly established that the business of [McDonald's company] was supplying email lists of persons who had not consented to receive direct marketing mail and that it had encouraged purchasers of the lists to send emails to those people."
http://www.out-law.com/page-7580

15 December 2006 - Florida Motorists Win US$50 Million Class Action Settlement
A US District Court judge has approved a class action settlement granting US$50 million to compensate Florida motorists whose personally identifiable data were sold by the state to Fidelity Federal Bank and Trust. The bank used the data to send information about loans to people who had recently purchased cars. Each affected motorist will receive US$160. The sale of the data violated federal anti-stalking laws.
http://www.insurancejournal.com/news/southeast/2006/12/15/74964.htm?print=1

14 December 2006 - Stolen Laptop Case Held Papers with Sensitive Student Data
Papers in the case of a laptop computer stolen from the car of a school nurse contain personally identifiable information of as many as 600 St. Vrain Valley (CO) School District students. The data include names, birthdates, parents' names, Medicaid numbers, the school each student attends and each student's grade level. The school district indicated the affected students would be notified by Friday, December 15. The computer itself holds no information, as it is used only to access the school computer network. School district IT staff accessed the computer remotely and changed its password.
http://www.longmontfyi.com/Local-Story.asp?id=12861

13 December 2006 - Stolen Laptop Holds Boeing Employee Data
A laptop computer stolen from a Boeing Co. employee's car holds personally identifiable information of approximately 382,000 current and former employees of the aerospace company. Boeing plans to inform
current employees of the theft by email; former employees will receive letters. The data on the computer include home addresses, dates of birth and SSNs. Boeing has experienced several other data security
breaches in recent years, including three other laptop thefts that compromised information belonging to more than 160,000 employees. Boeing says approximately 250 of the company's more than 75,000 laptop
computers were stolen last year.
http://seattlepi.nwsource.com/local/295769_boeing13.html

13 December 2006 - Phishing Up 8,000 Percent in Two Years
The UK's Financial Services Authority (FSA) says the number of detected phishing schemes targeting bank customers has increased 8,000 percent over the last two years. Apacs security chief Philip Whitaker says the startling increase can in part be attributed to better detection. Losses from phishing schemes were estimated at GBP 4.5 million (US$8.82 million) for the year preceding October 2004; the estimated loss for 2006 is GBP 45.7 million (US$89.6 million). http://news.bbc.co.uk/2/hi/uk_news/politics/6177555.stm
http://www.theregister.co.uk/2006/12/14/phishing_fraud_uk/print.html

13 December 2006 - Florida Teen Arrested for Altering Grades in School Computer
A Florida high school senior and class president has been arrested for allegedly breaking into his school's computer system and altering students' grades. Ryan C. Shrouder allegedly used a school board employee's password to gain access to the system. He will be suspended and recommended for expulsion. Two other students have been suspended in connection with the case.
http://www.allheadlinenews.com/articles/7005847659

12 December 2006 - UCLA Database Breach Affects 800,000
The University of California, Los Angeles (UCLA) has begun notifying more than 800,000 individuals that their personal information has been compromised. UCLA computer security technicians became aware of the problem on November 21 after they noticed an "exceptionally high volume of suspicious database queries." A subsequent investigation revealed that attackers had been trying to access the information since October 2005 and that they were targeting SSNs. The FBI has been notified. UCLA CIO and associate vice chancellor says the database has been"reconstructed and protected" but did not provide details. Those affected include current and former students, faculty and staff, some applicants, and parents of students and applicants who applied for financial aid. The data include names, SSNs, dates of birth and addresses. http://www.msnbc.msn.com/id/16169453/?GT1=8816

7 & 6 December 2006 - Complaint Alleges Site Downloads Malware Surreptitiously
The Center for Democracy and Technology (CDT) and StopBadware.org plan to file a complaint with the Federal Trade Commission (FTC) alleging that FastMP3Search.com.ar installs malware on people's computers when they believe they are installing a plug-in to download MP3 files. The complaint alleges the download disables the Windows Firewall, changes homepage settings and otherwise affects users' computers. The downloads are made without users' consent and are difficult to remove.
http://www.scmagazine.com/uk/news/article/608841/anti-spyware-groups-target-sham-music-website/
http://news.com.com/2102-7348_3-6141621.html?tag=st.util.print

6 December 2006 - Sailor Draws 12 Years for Passing Classified Data to Foreign Governments
Naval Petty Officer 3rd Class Ariel J. Weinmann was sentenced to 12 years in prison for stealing a laptop computer and providing classified data to a foreign government. Weinmann was also dishonorably discharged; it was only through a plea agreement that he avoided life in prison without parole
http://www.msnbc.msn.com/id/16081717/

5 December 2006 - Student Charged with Stealing Data from Staff Computers
University of Wisconsin-Whitewater student Michael W. Mraz Jr. has been charged with two felony computer crimes and burglary for allegedly breaking into four university staff members' computers as well as installing keystroke logging software and gaining access to sensitive data. Mraz allegedly downloaded the software onto the computers from his flash drive. The data were allegedly collected between March 20 and May 10 of this year and include answers to an exam, discussions of student disciplinary situations and information about a police investigation. Mraz will be arraigned on December 15; he faces up to 19 years in prison if he is convicted on all charges.
http://www.gazetteextra.com/mraz120506.asp

5 December 2006 - Stolen Computer Holds WV Army Nat'l Guard Data
All members of West Virginia's Army National Guard 130th Airlift Wing have been notified that their personal information, including names, Social Security numbers (SSNs) and birthdates, was on a laptop computer stolen from a unit member. The FBI, the Office of Special Investigations and the Naval Criminal Investigative Service have been notified of the theft.
http://wowktv.com/story.cfm?func=viewstory&storyid=17093

4 December 2006 - Some websites reporting common error code contain adware
W eb surfers are accustomed to seeing a 404 error message when they try to reach a website that is not available. But now hackers are using that common occurrence to their advantage by creating fake sites containing the error message to load spyware and adware, security researchers said today. http://haymarket.ec-messenger.com/re?l=1hmcv1Ifvlxf5Ie

30 November 2006 - Stolen Computers Hold PA Driver's License Data
State officials in Pennsylvania acknowledged that two computers stolen from a driver's license office hold personally identifiable information of 11,384 individuals. The thieves also made away with a camera, a
printer and card stock and laminate to manufacture as many as 750 phony licenses. The compromised data include names, addresses, birth dates, driver's license numbers and some Social Security numbers (SSNs). The State plans to notify affected license holders by mail.
http://www.msnbc.msn.com/id/15974532/

30 November 2006 - TransUnion Credit Bureau Data Compromised
Someone managed to get login information for the TransUnion Credit Bureau and steal personally identifiable credit information, including SSNs, of more than 1,700 individuals. TransUnion is notifying the
people whose information was stolen.
http://www.kxan.com/Global/story.asp?S=5752352&nav=menu73_2


30 November 2006 - McAfee: Top 2007 threats will be money-makers
Researchers at McAfee Avert Labs predicted this week that the top security threats in 2007 will revolve around increased production of malware by organized criminals for monetary gain.
http://haymarket.ec-messenger.com/re?l=1hmc68Ifvlxf5Id

29 November 2006 - Attackers target teenagers through fake IM profiles
Malicious users are targeting young instant messaging (IM) aficionados through bogus profiles that redirect them to adult websites, where adware is installed on their PCs.
http://haymarket.ec-messenger.com/re?l=1hmc68Ifvlxf5Ig

22 November 2006 - Chinese malware stealing game usernames, passwords
More than half of all Chinese malware used last month was designed to steal usernames and passwords, according to new analysis.
http://haymarket.ec-messenger.com/re?l=1hmai7Ifvlxf5Id

21 November 2006 - Study: Almost half of firms late in patching laptops
Organizations, already knee-deep protecting the data in laptops are patching critical vulnerabilities in the mobile devices too slowly, a new study has suggested.
http://haymarket.ec-messenger.com/re?l=1hmai7Ifvlxf5If

15 November 2006 - Human error, zero-day targeted attacks make up latest SANS Top 20
Few would dispute the powerful link between social engineering and the success of a cyberattack in today's financially-driven threat landscape. So now, for the first time, the SANS Institute has named human error to its twice-annual Top 20 Internet Security Attack Targets list, a line-up that, until now, was reserved solely for technology.
http://haymarket.ec-messenger.com/re?l=1hm90sIfvlxf5Il

14 November 2006 - Symantec opens phishing-reporting site to home users
Symantec's worldwide phishing-reporting network, previously restricted to member companies, will now be open to home consumers.
http://haymarket.ec-messenger.com/re?l=1hm876Ifvlxf5Ih

14 November 2006 - Firms to spend more on data security, privacy, says Ernst & Young study
Three of four respondents to a recent survey said data security and privacy concerns will require further investment on their part. http://haymarket.ec-messenger.com/re?l=1hm876Ifvlxf5Ij

13 November 2006 - Security-related helpdesk calls and IT Security spending up - Cisco poll
Security-related helpdesk calls are rising sharply, with organizations planning to boost security spending next year to protect workers, new research shows.

http://haymarket.ec-messenger.com/re?l=1hm876Ifvlxf5Im

19 October 2006 - Spoofed Microsoft site promises Internet Explorer 7, but spreads trojan
Microsoft Internet Explorer users are being warned that one site claiming to host a new version of the web browser is not what it looks like.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061023/599722/

18 October 2006 - IFPI Files 8,000 More Filesharing Lawsuits Worldwide
The International Federation of the Phonographic Industry (IFPI) has brought 8,000 lawsuits against alleged illegal filesharers around the world, including the first such lawsuits ever in Brazil, Mexico and Poland. Many of the people facing lawsuits are parents of minors who have shared files in violation of copyright law. This brings the total number of lawsuits brought by IFPI outside the US to 13,000.
http://news.bbc.co.uk/2/hi/technology/6058912.stm

12 October 2006 - Cyber Thief Steals Data on Brock University Donors
A cyber thief broke into the Brock University computer system and accessed the personal data of approximately 70,000 individuals who have made donations to the Ontario, Canada school. The intruder had the passwords necessary to access the information. The intrusion occurred on September 22 and took just four minutes, according to Brock vice-president academic Terry Boak. The data include names, addresses, email addresses and in some cases, bank account and credit card numbers. Individuals whose financial account numbers were taken received phone calls within 24 hours of the school learning of the data theft; the others were sent letters notifying them of the breach. Boak said the school did not see the need to make a public statement about the breach, as those affected had been notified.
http://www.cbc.ca/technology/story/2006/10/12/tech-brock.html

12 October 2006 - Stolen Computers Hold UTA Student Information
Two computers stolen from the home of a University of Texas at Arlington faculty member hold personally identifiable information of approximately 2,500 university students. The data include names, Social Security numbers (SSNs), grades and email addresses of students who were enrolled in computer science and engineering classes between fall 2000 and fall 2006. A school spokesman said they are notifying affected students of the data security breach. The theft occurred on September 29th; the university has created a web page with more information for students. http://www.chron.com/disp/story.mpl/metropolitan/4253257.html

12 October 2006 - Vietnamese Authorities Fine Company for Software Piracy
A Daewoo Corp. affiliate in Vietnam has been fined for using pirated software. Daewoo Hanel Electronic Corp. was ordered to pay 15 million dong (US$934) for using pirated copies of Microsoft Windows, Microsoft office, Auto CAD and other software. According to the chief inspector of Vietnam's Ministry of Culture and Information, the pirated software was found in a raid on the company last week. A Daewoo Hanel executive said the software was already installed on the computers when they were purchased and the company did not know it was pirated. Vietnam hopes to join the WTO and has committed to cracking down on piracy. http://www.smh.com.au/news/Technology/Vietnam-fines-South-Korean-Daewoos-affiliate-for-software-piracy/2006/10/12/1160246221290.html

11 October 2006 - Data Stolen From 2,300 British Computers Found in The United States
The Metropolitan Policy (Scotland Yard) are investigating the theft of credit card data and passwords from thousands of personal computers in the United Kingdom and potentially tens of thousands more around the world. The stolen data were discovered on computers in the United States. Police are informing the people whose data were stolen.
http://www.guardian.co.uk/uklatest/story/0,,-6139406,00.html


10 October 2006 - More Than Half of Higher Education Institutions had Security Breaches Last Yr
The Higher Education IT Security Report Card, which this year surveyed 182 higher education IT directors and managers across the US, found that 58 percent said they had experienced at least one security incident within the past year. Thirty-three percent said they had experienced data loss or theft; nine percent said student data was lost or stolen. The biggest roadblocks to effective security, according to respondents, are inadequate staff resources and funding.
http://www.fcw.com/article96412-10-10-06-Web&printLayout

8 October 2006 - UK TV Documentary Focuses on Data Theft in Indian Call Centers
Channel 4 in the UK ran a documentary showing stolen credit card information from Indian call centers. The National Association of Software and Services Companies (NASSCON) in India disputes the claims
of the TV sting. http://www.forbes.com/business/feeds/afx/2006/10/08/afx3074649.html

7 October 2006 - Missing Laptop Holds Marine Base Resident Information
An investigation has been launched into the disappearance of a laptop computer containing personal information of 2,400 residents of the Camp Pendleton Marine Corps base. Lincoln B.P. Management Inc., the company that manages housing on the base, reported the missing computer. Lincoln P.B. is notifying individuals affected by the data security breach.
http://news.yahoo.com/s/ap/20061007/ap_on_hi_te/missing_laptop

6 October 2006 - Missing Hard Drive Holds Air Traffic Controllers' Personal Data
A hard drive missing from the Cleveland Air Route Traffic Control center in Oberlin, Ohio contains the names and Social Security numbers (SSNs) of at least 400 air traffic controllers. A Federal Aviation Administration (FAA) spokesperson says the agency believes the drive was encrypted; the FAA is investigating the incident to determine if the drive was stolen. The president of the facility's National Air Traffic Controllers Association says he believes the thief was after the information and not the hardware, which is ten years old.
http://www.cleveland.com/news/plaindealer/index.ssf?/base/lorain/1160124449197870.xml&coll=2

5 October 2006 - Woman's Identity Stolen from Marriage License on County Web Site
A Florida woman discovered that her marriage license was viewable on the Orange County (FL) controller's web site after someone applied for a loan in her name, according to a local television report. The license
revealed the woman's name, date of birth and SSN, as well as those of her husband. The Orange County comptroller is reportedly paying a vendor US$500,000 to black out all SSNs on the web site by January 2008.
http://www.local6.com/problemsolvers/10003689/detail.html


4 October 2006 - Customer data stolen at Indian call centres
Employees in outsourced call centres are stealing sensitive customer data and selling it on the black market, an investigation has found.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061009/596745/

3 October 2006 - SANS Top 10: Laptop encryption, targeted attacks to become more common
Laptop encryption will be made mandatory at a number of government agencies and private organizations, predicts the latest installment of the SANS Institute's Top 10.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061004/596502/

29 September 2006 - Attacks on IM networks continue to rise
Researchers with Akonix Systems' Security Center said that they tracked the highest number of attacks on instant messenger (IM) networks in September than in any month of the year.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061002/596092

28 September 2006 - Six charged for phishing, spamming AOL users
Six men have been indicted on charges they spearheaded a phishing and spamming operation that targeted thousands of AOL users by installing malicious software and requesting private information, the U.S. Attorney's Office in Connecticut announced Wednesday.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061002/595597/

27 September 2006 - Laptop with personal info of 55,000 GE workers stolen
A laptop containing the names and Social Security numbers of about 50,000 General Electric (GE) employees was stolen from a locked hotel room earlier this month.http://www.scmagazine.com/us/newsletter/dailyupdate/article/20061002/595224/

25 September 2006 - Scammers adding layers to image spam
Email users should be on the lookout for an advanced type of image spam featuring a new technical wrinkle, researchers said today. http://www.scmagazine.com/us/newsletter/dailyupdate/article/20060927/594610/

20 September 2006 - Life is Good Customer Data Compromised
A database containing the names, addresses and credit card data of more than 9,000 Life is Good customers has been compromised. The company acknowledged the intrusion on September 19, but did not say when it had occurred. A company spokesperson said affected customers were notified"within days" after the head of the company's customer service department detected the intrusion. Soon after that, access to the web site was shut down and security measures implemented. The incident is being investigated.
http://business.bostonherald.com/businessNews/view.bg?articleid=158367

19 September 2006 - Computers Stolen from Virginia Medical Center
Two computers stolen from the Radiation Therapy Department at DePaul Medical Center in Norfolk, Virginia contain data belonging to approximately 100 patients. The computers were stolen on August 28 and September 11. The hospital is notifying those affected by the breach. http://www.wtkr.com/global/story.asp?S=5423927&nav=ZolHbyvj

15 September 2006 - Gun Permit Holders' Personal Data Exposed
The names, addresses, Social Security numbers (SSNs) and other personal data belonging to approximately 25,000 gun permit holders in Berks County, Pennsylvania were inadvertently exposed on the Internet. The Berks County sheriff was attempting to make the list of gun permit holders more secure to comply with a court order. An outside contractor apparently failed to take steps to protect the information over the Labor Day weekend. County Solicitor Alan L. Miller says state law requires they notify all individuals whose data were exposed.
http://www.tmcnet.com/usubmit/2006/09/15/1898313.htm


18 September 2006 - Computer Stolen From Auditor's Car Holds Law Firm Pension Data
A laptop computer stolen from an employee of auditor Morris, Davis & Chan held unencrypted, personally identifiable pension plan data, including names and Social Security numbers (SSNs) of employees from San Francisco law firm Howard, Rice, Nemerovski, Canady, Falk & Rabkin. The breach affects approximately 500 individuals. All current and former partners, associates and employees of the firm have been informed of the breach, according to the firm's executive director.
http://www.law.com/jsp/legaltechnology/PubArticleFriendlyLT.jsp?id=1158311123646

18 September 2006 - DHS to Announce Appointment of Cyber Security Chief
There are reports that Greg Garcia will be appointed assistant secretary for cybersecurity and telecommunications at the Department of Homeland Security (DHS). The position has remained vacant since its creation in July 2005; the DHS has had a difficult time finding qualified candidates who were willing to take a cut in pay and perks to work in the public sector. Garcia is currently vice president for information security policy and programs at the Information Technology Association of America. Donald "Andy" Purdy Jr. is currently serving as acting cybersecurity director.
http://www.foxnews.com/story/0,2933,214364,00.html
http://news.com.com/2061-10789_3-6116920.html

15 September 2006 - Authorities Recover Stolen Computer Holding VA Data
A desktop computer stolen from a Unisys Corp. in Reston, Virginia in August has been recovered; the computer held unencrypted insurance claim forms with names, addresses and personal identifiers that belong to approximately 16,000 patients treated by Veterans Affairs Department (VA) medical centers in Philadelphia and Pittsburgh. A man, Khalil Abdullah-Raheem, who worked as a temporary employee at Unisys, has been arrested in connection with the theft of the computer and charged with theft of government property. He was released after posting a US$50,000 personal recognizance bond. The FBI is analyzing the computer to see if the data were compromised; VA Secretary Jim Nicholson says the
computer was not targeted because of the information it contained.
http://www.gcn.com/online/vol1_no1/42012-1.html?topic=security

15 September 2006 - US Judge Orders Spamhaus to Pay US$11.7M Damages and Post Apology
A federal judge has ordered Spamhaus to pay US$11.7 million in damages to a company that the spam-fighting organization had blacklisted. The judge also ordered Spamhaus to stop blocking email from e360 Insight LLC in any way and to post an apology on its web site indicating e360 Insight is not a spammer. Spamhaus, which is based in the UK, has posted a statement on its website that says "default judgments obtained in US county, state or federal courts have no validity in the UK and cannot be enforced under the British legal system." Spamhaus says e360 Insight violates UK antispam laws and that it has no intention of removing that company from its blacklist.
http://www.msnbc.msn.com/id/14855085/

14 September 2006 - Nikon World Magazine Subscribers' Data Exposed
The names, addresses and credit card numbers of 3,235 subscribers to Nikon World magazine were accessible on the Internet for approximately nine hours last week. The problem was discovered on September 13 when an Alabama camera store employee attempted to subscribe to the magazine on line. The sensitive subscriber data were accessible from a link in an email from Nikon World. Nikon says it has contacted everyone whose data were compromised. The breach affects people who subscribed to the
magazine after January 1, 2006.
http://www.ledger-enquirer.com/mld/ledgerenquirer/news/local/15519104.htm

13 September 2006 - Microsoft Wins Civil Suit Against UK Spammer
Microsoft has won a civil suit against a spammer in the UK. A court has ordered Paul Fox to pay GBP45,000 (US$85,000) for violations of the terms and conditions of use of Microsoft's Hotmail service, which prohibit anyone from delivering spam to Hotmail customers. The case was not pursued under UK spam laws because they are limited in scope.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39283259-39020375t-10000025c

13 September 2006 - Earthlink Awarded US$11 Million Judgment in CAN-SPAM Case
Nevada-based bulk emailer KSTM LLC has been ordered to pay Earthlink US$11 million for sending spam to Earthlink customers. The judgment from a federal court in Atlanta also prohibits the firm from spoofing
the "from" fields in email, hiding the sender's identity, selling email addresses and accessing or obtaining Earthlink accounts. The suit was brought under the CAN-SPAM Act. Earthlink has won more than US$200
million in judgments against spammers over the last 10 years.
http://www.theregister.com/2006/09/13/earthlink_nevada_spammer_judgment/print.html

12 September 2006 - Missing Tapes Hold Data on British Columbian Citizens
Thirty-one computer tapes holding information about hundreds of thousands of British Columbia citizens are missing from a government facility in Victoria. The data on the tapes could be used to commit
identity fraud. A confidential government report about the incident obtained by the Vancouver Sun recommends not making the tapes' disappearance public knowledge. Canadian law does not require that
individuals be notified in the event of a possible data breach. The government became aware the tapes were missing in August 2005.
http://www.canada.com/victoriatimescolonist/news/story.html?id=e1b03e3e-d043-4e64-9a09-415a24636751&k=71796

11 September 2006 - Employee Files Found in Dumpster
Following the buyout of a telemarketing company, employees found personnel files and files containing consumer data dumped in the trash. The employee files included photocopies of driver's licenses and Social Security cards. The state attorney general's office plans to examine the discarded files. Federal law requires businesses to take measures to destroy personal data beyond simply tossing it in the trash.
http://www.theindychannel.com/news/9818472/detail.html
http://www.theindychannel.com/call6/9824917/detail.html

9 September 2006 - Pair Indicted for Filing Phony Claims with Stolen Patient Information
Isis Machado and Fernando Ferrer, Jr. were indicted on charges of conspiracy to commit computer fraud, conspiracy to commit identity theft and conspiracy to wrongfully disclose individually identifiable health
information as well as charges related to fraud in connection with computers and violations of the Health Insurance Portability and Accountability Act (HIPAA). Machado and Ferrer allegedly conspired to steal personal medical information belonging to more than 1,100 Cleveland Clinic Florida patients and using it to make more than US$2.8 million in phony Medicare claims. The Cleveland Clinic has sent letters to patients whose data were stolen. If convicted of charges against them, Machado and Ferrer could each face up to 10 years in prison and fines of up to US$250,000.
http://www.sun-sentinel.com/news/local/southflorida/sfl-dfraud09sep09,0,2612716,print.story?coll=sfla-home-headlines

8 September 2006 - Stolen Univ. of Minnesota Laptops Hold Student Data
On August 14 or 15, two laptop computers were stolen from a campus office at the University of Minnesota. The computers hold data belonging to 13,064 current and former students who entered the
university as freshmen between 1992 and 2006. The data include names, birthdates, high schools attended, test scores and academic probation information. The computers also contain the Social Security numbers (SSNs) of 603 of the students. The school is making efforts to contact affected individuals to inform them of the data breach. The data were stored on a hard drive, which is "not standard operating procedure," according to a university spokesperson.
http://www.twincities.com/mld/pioneerpress/news/local/15475291.htm

8 September 2006 - Bank of Montreal Laptop Stolen
A laptop computer stolen from an Ottawa branch of BMO Bank of Montreal holds personally identifiable data belonging to approximately 900 bank clients. The computer was stolen in May; police were notified of the theft on May 18. A bank spokesperson said there has been no evidence that the information has been used fraudulently. BMO Bank of Montreal has advised the affected customers to monitor their accounts for
suspicious activity.
http://ottsun.canoe.ca/News/OttawaAndRegion/2006/09/08/pf-1814249.html

7 September 2006 - Missing Laptop Prompts Security Review
A laptop computer stolen from the car of a Florida National Guard soldier contained no classified information, but did hold personally identifiable information belonging to as many as 100 Florida National
Guard soldiers. The computer was stolen on September 5. The incident has prompted the Florida National Guard to conduct a security review.
http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20060907/BREAKINGNEWS/60907027/1086

6 September 2006 - Subliminal messages sent by spammers in latest pump-and-dump scams
Spammers are using an animated graphic to display a "subliminal" message to potential stock investors. Find out about more, and view the graphic for yourself.
http://s592.link.sophos.com/subliminal?pl_id=9

6 September 2006 - Top ten malware threats and hoaxes reported to Sophos in August 2006
Which malware made the top of the charts in the last month? Find out how many new threats the experts at SophosLabs analyzed last month, which threats are trying to clog up firms' email inboxes, and ensure that your computers are properly defended.

http://s592.link.sophos.com/topaug06?pl_id=9

2 September 2006 - Stolen Laptop Holds Chicago City Employees' Data
A laptop computer stolen from the home of a contractor for the city of Chicago holds personally identifiable information, including names and Social Security numbers (SSNs), belonging to thousands of city employees. Nationwide Retirement Solutions (NRS) is notifying people whose data were on the computer by mail and will offer them one year of free credit monitoring along with US$25,000 of identity theft insurance. The computer was stolen in April 2005; local police and the company were notified promptly. However, the division of NRS that investigates computer thefts did not learn of it until July 2006. Since the theft, NRS has deployed encryption on all laptop computers.
http://www.wbbm780.com/pages/77513.php?contentType=4&contentId=198758

2 September 2006 - Indian Call Center Employee Arrested on Charges of Fraud
Sulagna Ray, a call center employee in eastern India, has been arrested for allegedly using credit card information she obtained though her work to buy goods for herself over the Internet. Ray worked for Jaishree Infotech selling Dish TV to people in the US.
http://timesofindia.indiatimes.com/articleshow/1950763.cms


1 September 2006 - GAO Report Finds Security Problems at FDIC
A report from the Government Accountability Office (GAO) says that while the Federal Deposit Insurance Corp. (FDIC) has addressed 18 of 24 security weaknesses found in a previous audit, the agency still "has not consistently implemented information security controls to properly protect the confidentiality, integrity and availability of its financial and sensitive information systems." The report also identifies 20 additional security problems FDIC needs to fix.
http://www.fcw.com/article95904-09-01-06-Web

23 August 2006 - Hundreds of Workers Punished for Data Privacy Breaches
Nineteen Centrelink staff members were fired; ninety-two resigned and more than 300 face salary reductions, after allegations of privacy breaches, including looking at records of neighbors and friends,
surfaced. Centrelink is an agency of Australia's Department of Human Services. A two-year investigation uncovered nearly 800 instances in which Centrelink employees gained "inappropriate access" to welfare
records since 2004. Nearly 600 staff members are believed to have performed the inappropriate searches. Employees were warned twice last year that an investigation into inappropriate access to records was underway.
http://australianit.news.com.au/articles/0,7204,20224186%5E15306%5E%5Enbv%5E,00.html

23/22 August 2006 - Beaumont Hospital's Home Care Patients Data on Stolen Computer
A laptop computer stolen on August 5 from the car of a nurse in Detroit holds personally identifiable information, including names, Social Security numbers (SSNs) and medical insurance information of more than 28,000 Home Care patients of Beaumont Hospitals. There is no evidence that the data on the computer have been misused. Although the laptop was encrypted and password-protected, the nurse's access code and password were stolen along with the computer. Authorities have disabled the login connection for the computer. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002685
http://www.clickondetroit.com/news/9716061/detail.html

22 August 2006 - Stolen Laptop Holds Info on 612 Aflac Policyholders
A laptop computer containing personally identifiable information belonging to 612 American Family Life Assurance Co. (Aflac) policyholders was stolen from an agent's car. The company notified those affected by the data security breach in a letter dated August 11, 2006. The stolen laptop is equipped with tracking technology. Aflac has established a call line for affected customers with questions about the theft. Local law enforcement is investigating.
http://www.charleston.net/assets/webPages/departmental/news/default_pf.aspx?NEWSID=103737

22 August 2006 - US Army Plans to Encrypt Data on Notebook Computers
The US Army is following the lead of the Veterans Affairs department (VA) by piloting a program to encrypt data held on notebook computers. Army CIO Lt. General Steven Boutelle said a forthcoming policy would
require Army personnel to provide an accounting of mobile devices, including notebook computers. Each device will be labeled, identifying it as mobile or non-mobile. Personnel will also be instructed not to remove mobile devices from secure areas unless the data on the devices are encrypted.
http://www.gcn.com/online/vol1_no1/41759-1.html?topic=security

21 August 2006 - SEC Suing Couple for Alleged Stock "Pump-and-Dump" Scheme
The US Securities and Exchange Commission (SEC) is suing a Connecticut husband and wife for using spam to artificially inflate the price of stock they had purchased; they then allegedly sold the stock when its value temporarily shot up. Jeffrey Stone and Janette Diller Stone allegedly made US$1 million with their scheme, typically called a"pump-and-dump" scheme.
http://www.theregister.co.uk/2006/08/21/sec_spam_scam_suit/print.html

16 August 2006 - Microsoft Reports Organized Crime Groups Targeting On Line Gaming
Microsoft's Dave Weinstein, a security engineer, says, "Those of you who are working on massively multiplayer online games, organized crime is already looking at you." They make money by hacking into computers, stealing account information, and then selling off virtual gold and weapons.
http://www.foxnews.com/story/0,2933,208392,00.html

14 August 2006 - Personal Bank Account Data For Sale in Nigeria, Cheap!
Personal financial information belonging to thousands of UK residents is being sold in Nigeria; the information was gleaned from the hard drives of used PCs sent from the UK. People in West Africa are
reportedly buying Internet banking account details for under GBP20 (US$37.75). The UK television program Real Story found PCs containing sensitive information from all over the world in Nigeria's capital, Lagos. People are still being encouraged to give away their used PCs, but also to make sure the hard disks are wiped of personal data or removed from the computers altogether. The UK's Information Commissioner's office says companies are legally obligated by the Data Protection Act to remove customer data from their computers when they no longer require the information.
http://news.bbc.co.uk/2/hi/business/4790293.stm

14 August 2006 - Dollar Tree Customers Report Debit and Check Card Fraud
The US Secret Service and Visa are investigating reports that ATM card information and PINs were stolen from people who shopped at Dollar Tree stores in states on the US's west coast. The stolen information was apparently used to create phony cards that were used to steal hundreds of thousands of dollars from victims. The data were apparently stolen in March and April, but were not used until several months later. When debit cards are used, the money is immediately deducted from accounts. Customers have just 60 days to call their banks and straighten out the situation, or lose their money. Credit card fraud presents less financial risk for consumers.
http://redtape.msnbc.com/2006/08/there_is_a_new_.html

10 August 2006 - IG Report Finds eMail Security Problems at IRS
A recent report from the Treasury Inspector General (IG) for Tax Administration indicated that nearly 75 percent of 96 IRS employee email inboxes reviewed contained messages that violated the department's
personal use policy. The IG's report recommends that the IRS monitor email content. The audit also examined 28 of the IRS's 228 email servers and found a total of 687 vulnerabilities. The report recommends
reducing the number of email servers. There was also evidence that devices had been configured to act as unauthorized email servers. The report says system administrators should be responsible for ensuring
that only authorized email servers are used.
http://www.fcw.com/article95629-08-10-06-Web&printLayout

24 July 2006 - IRS Warns Taxpayers of E-Mail Scam Using US Treasury Payment Systems
Fake e-mail messages containing several misspellings and purporting to be from a fictitious IRS organization are circulating. They claim that someone has enrolled the recipient's credit card in the US Treasury's Electronic Federal Tax Payment System and has tried to use the credit card to pay taxes. The messages instruct recipients to click on a link to recover the money, but the link takes them to a malicious Web page that tries to gather sensitive personal information. This scam is one of more than 100 since last November. in which perpetrators have tried to impersonate the IRS in attempts to fool victims into divulging personal and/or financial information or into downloading malicious code.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=
9001961

22 July 2006 - Fake Google Web Site Hides Trojan Horse
A fake Google Tool Bar can turn victims' machines into zombies if it is downloaded. E-mails direct users to the Web site that perfectly mimics the real Google download page where the victim is offered the fake tool.
http://www.cio.com/blog_view.html?CID=23222

20 July 2006 - The State Of Spam
Nearly five billion pieces of spam are blocked every day between the efforts of AOL and Microsoft which represents 95 percent of SPAM traffic, but that still leaves about 5 percent that gets through. The
Messaging Anti-Abuse Working Group says spam accounted for about 80 percent of all the e-mail traffic on the Internet during the first three months of 2006. IBM is reporting that phishing now accounts for one in
every three hundred email messages. The article includes lots more information about spam and phishing and what can and cannot be done to fight back.
http://www.informationweek.com/security/showArticle.jhtml?articleID=190600156

19 July 2006 - Hackers Striking Databases In Record Numbers
A firm that monitors security at 1,300 client organizations reports its clients' databases are experiencing more than 8,000 SQL Injection attacks per day. That is nearly a six-fold increase from earlier in 2006. Attacks were detected coming from computers in Russia, China, Brazil, Hungary and Korea. These attacks are specifically crafted for the target organizations.
http://www.infoworld.com/article/06/07/19/HNsqlattacks_1.html

15 July 2006 - FBI: Cybercrime losses down last year
The financial losses related to cybercrime are going down, and the number of businesses willing to report these crimes is going up, according to a new survey co-sponsored by the FBI.

http://www.scmagazine.com/us/news/article/569885/fbi+cybercrime+losses+down+last+year/

13 July 2006 - CIO Resigns After Security Breaches at Ohio University
Citing the need for "a new energy level and skill set," the CIO of Ohio University has submitted his resignation. William Sams will remain at Ohio University until a replacement has been hired. Two IT staffers were recently placed on administrative leave following the disclosure of several data security breaches that exposed the personal information of 137,000 students and alumni.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001777

13 July 2006 - VA IG Report Critical of Department Data Security Policies
A report from the US Department of Veterans Affairs office of the inspector general says VA officials acted "with indifference and little sense of urgency" in the wake of the theft of a computer and storage device containing data belonging to millions of veterans. The report is critical of employees at all levels within the VA; it also says VA policies in place at the time of the theft did not adequately protect sensitive data. The report says notification of the theft was passed from one desk to another, delaying the Department's response; the report also indicates that a VA official wanted to rewrite the theft notification to make the possibility of data misuse seem less likely than it actually was.
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39374813-39000005c


12 July 2006 - IT Spending to Grow Significantly

Analyst firm Accenture reports IT security spending will grow significantly this year. http://www.scmagazine.com/us/news/article/568708/it+security+spending+set+grow+significantly/

12 July 2006 - Vladimir Putin death spam helps spread Trojan horse
Sophos experts have warned of a spam campaign that poses as a breaking news report about the death of Russian President Vladimir Putin, but is really an attempt by hackers to infect computer users with a Trojan horse. http://s573.link.sophos.com/putin?pl_id=9

12 July 2006 - Gmail Phishing Scam
A recently detected phishing scam targeting Gmail users pretends to offer a US$500 cash prize. Recipients are directed to a web site where they are asked to register to receive the prize. They are also asked to pay a membership fee of less than US$10. The phony registration site actually hosts malware.
http://www.theregister.co.uk/2006/07/12/gmail_phish/print.html

11 July 2006 - Gmail phishing email lures the unwary with $500 cash prize
A widespread phishing email campaign that tries to trick users out of money by pretending to be a random cash prize from Gmail, Google's popular free email service, has been spammed out to internet users..
http://s573.link.sophos.com/gmailphish?pl_id=9

5 July 2006 - Sophos Security Threat Management Report 2006
Sophos's new in-depth report explores the year's most pressing security issues, and reveals Trojans are now the internet criminal's weapon of choice. If you're a security professional, protecting your company from malicious attack, or just responsible for looking after the data on your own PC, then you need to read this detailed report into the latest virus, spyware and spam trends.
http://s573.link.sophos.com/secrepmid06?pl_id=9

27 June 2006 - Unlucky 13 sacked by Merrill Lynch over porn
U.S. financial giant Merrill Lynch dismissed 13 staff members at its Dublin office after they had sent pornographic material through the company email system. This followed the suspension of 20 staffers the
previous week following an internal investigation.
http://www.scmagazine.com/us/newsletter/dailyupdate/article/20060628/566397/

27 June 2006 - Police bust M00P international virus-writing gang
Authorities in the UK and Finland have arrested three men in connection with an international malware crime ring. Find out more about the malware they are alleged to have written, how hackers abuse zombie computers, and why the gang may have christened themselves "M00P".

http://s562.link.sophos.com/m00pgang?pl_id=9

26 June 2006 - DVLA Employees Disciplined and/or Fired Over Porn E-mail
More than 100 employees of the Driver and Vehicle Licensing Agency (DVLA) were disciplined for sending
pornographic email; fourteen were fired for "gross misconduct." The sending of such email violates DVLA's code of conduct.
http://www.theregister.co.uk/2006/06/26/dvla_email_smut_affair/print.html

26 June 2006 - USB Drives Pose Insider Threat; SecurityFocus
Workers have become more wary of putting giveaway CDs in their company's computers, but USB flash drives are another story.
http://ses.symantec.com/jp/symes1474.cfm?JID=8&PID=898884

26 June 2006 - Lost Memory Stick Holds Phishing Investigation Dossier
A police officer with the Australian High Tech Crime Centre (AHTCC) lost a memory stick that contains sensitive financial data belonging to thousands of Australians. The lost memory stick holds a dossier on
Russian phishing scams. The data on the stick were being used in an investigation; several arrests were made with the help of the data, but since the loss of the stick, no arrests have been made. While officials
searched fruitlessly for the memory stick, the people whose data were compromised were not informed of the loss. The officer who lost the device violated AHTCC rules regarding data transport.
http://australianit.news.com.au/common/print/0,7208,19588463%5E15306%5E%5Enbv%5E,00.html

26 June 2006 - Cosmetic company's stock price rises sharply following pump-and-dump spam
A spam campaign is attempting to make money for criminals by inflating the stock price of a cosmetics company. Find out more about the spammers are trying to influence the share price, and be aware of the risks of falling for unsolicited stock market advice.
http://s562.link.sophos.com/stockspam?pl_id=9

23 June 2006 - Personal info of 26,000 Agriculture Department employees compromised
The U.S. Department of Agriculture (USDA) announced this week that the identities of about 26,000 employees and contractors may have been compromised by the illegal hijacking of the agency’s computer systems earlier this month.
http://www.scmagazine.com/us/newsletter/dailyupdate/article/20060626/566300/

24 June 2006 - Audit Indicates Security Didn't Top List of Concerns at Ohio University
An independent audit has turned up evidence that Ohio University's Computer Services department failed to take appropriate security precautions to protect the data on its systems despite a generous budget
and average annual surpluses in excess of US$1 million. Ohio University has been in the news lately because of no fewer than five security breaches of its systems that exposed personal data belonging to thousands of students and alumni. Last week, university trustees voted to spend up to US$4 million to improve the school's computer systems.
http://www.smh.com.au/news/Technology/Audit-Ohio-U-Cyber-Security-Low-Priority/2006/06/24/1150845411386.html

23 June 2006 - FTC Says Laptops Stolen from Car
The US Federal Trade Commission (FTC) has acknowledged that two laptop computers containing names, Social Security numbers (SSNs) and some financial account data belonging to approximately 110 individuals, were stolen from a locked vehicle. The computers are those of staff attorneys and are password protected. The agency "is developing a new information security policy that would require an employee to remove any personal identifying data in the machine before it leaves an agency office. If the personal data were needed for an investigation, an FTC manager would have to approve allowing the laptop to leave the building."
http://news.com.com/2102-1029_3-6087218.html?tag=st.util.print

23 June 2006 - Stolen Laptop Holds Student Data
A laptop computer stolen from the car of a San Francisco State University faculty member held data, including some SSNs, belonging to nearly 3,000 current and former students. A university spokesperson
declined to elaborate on the disciplinary measures taken, and said it is "very common" for faculty to have student data on their computers. The school stopped using SSNs as personal identifiers one year ago.
http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2006/06/23/BAGQLJJ2LB1.DTL&type=printable

23 June 2006 - Man Sentenced to 21 Months for Running Phishing Site
Jayson Harris has been sentenced to 21 months in jail for operating a phishing site that pretended to be an MSN billing web site. Harris, who will also pay about US$57,000 in restitution, pleaded guilty to two counts of wire fraud and fraud. He will also be subject to three years of supervised release following completion of his jail time. http://www.vnunet.com/vnunet/news/2158925/phishing-site-operator-gets-21

23 May 2006 - CSIA study: Less than a fifth feel protected on internet
Fewer than one in five Americans feel that existing laws are enough to protect them on the internet, a new survey revealed.
http://www.scmagazine.com/us/news/article/560588/csia+study+less+fifth+feel+protected+internet/

22 May 2006 - Personal info of 26.5 million veterans lost
Electronic data containing the personal information of as many as 26.5 million veterans and some spouses has been stolen from the home of a Department of Veterans Affairs (VA) employee who violated agency policy by leaving the office with the information.
http://www.scmagazine.com/us/news/article/560359/personal+info+265+million+veterans+lost/

22 May 2006 - Iowa Phisher Gets 21 Months in Jail
An Iowa man, guilty of using phishing schemes to dupe as many as 250 MSN customers into giving up their personal information, was sentenced Friday to 21 months in prison.
http://www.scmagazine.com/us/news/article/560357/iowa+phisher+gets+21+months+jail/

18 May 2006 - Zombie king suspect alleged to have sent 18 million spams per day
South Korean authorities have arrested a man suspected of running a 16,000-strong network of zombie computers. h
ttp://www.sophos.com/pressoffice/news/articles/2006/05/krzombie.html

17 May 2006 - Spyware Infections Up 50 Percent Over Last Year
According to the annual Websense Web@Work survey, the number of organizations reporting their systems have been infected with spyware is up nearly 50 percent. Seventeen percent of companies with more than 100 employees reported their networks have been infiltrated by spyware, such as keystroke loggers. One likely reason for the increase in spyware infestations is the increasing availability of spyware toolkits on the Internet. The study also says that 44 percent of IT decision makers do not believe their employees can distinguish phishing sites from legitimate ones.
ht
tp://www.zdnetasia.com/news/security/printfriendly.htm?AT=39360278-39000005c

17 May 2006 - People Selling Pirated Software on eBay Sued
Three lawsuits filed in Los Angeles federal court target five individuals who allegedly offered pirated software for sale on eBay. The Software & Information Industry Association (SIIA) is spearheading an effort to crack down on people selling pirated software by purchasing their goods in on line auctions and suing them without warning. http://www.smh.com.au/news/breaking/companies-crack-down-on-ebay-pirates/2006/05/17/1147545358529.html

17 May 2006 - New York's Anti-Phishing Act Heads to Governor
The New York State legislature has approved the Anti-Phishing Act of 2006. If Governor George Pataki signs the bill into law, it would allow the New York attorney general, industries and non-profit groups to bring civil actions against phishers.
http://www.bizjournals.com/albany/stories/2006/05/15/daily32.html?from_rss=1

16 May 2006 - Malware displays fake virus warnings to sell software
The FakeVir-O Trojan horse displays a message, encouraging computer users to visit a website selling software which claims to protect against spyware.
http://www.sophos.com/pressoffice/news/articles/2006/05/fakeviro.html

13 May 2006 - DISA Offers Free Anti-Spyware Software to All Gov Employees
The Defense Information Systems Agency (DISA) has licensed anti-spyware software for all US government employees and armed forces personnel to use on their home computers. The free software is seen as, one measure to protect government systems from malware as many employees bring work home. The employees can download the software directly to their home computers, or they can take home a CD containing the software; it will update automatically.
http://www.news.navy.mil/search/display.asp?story_id=23639

12 May 2006 - Former Dept. of Education Employee Gets Five Months in Prison for Accessing Supervisor's Computer
Kenneth Kwak has been sentenced to five months in prison for using remote control software to access his former supervisor's computer without authorization. Kwak read his supervisor's email and kept an eye
on his surfing habits; Kwak shared what he discovered with other employees. Kwak was at the time a computer security specialist at the Department of Education. Kwak will serve five months of home confinement once he has completed his prison sentence. He has also been ordered to pay US$40,000 in restitution to the US government and will be on parole for three years.
http://news.com.com/2102-7350_3-6071928.html?tag=st.util.print

10 May 2006 - Hong Kong Court Says ISPs Must Divulge Names of Suspected Movie Downloaders
A Hong Kong court has ordered four Internet service providers (ISPs) to reveal the identities of 49 people who are suspected of illegally downloading several movies. While last year a man was sentenced to
three months in jail for making movies available on the Internet with BitTorrent technology, this is the first legal action taken by film companies in Hong Kong against suspected downloaders.
http://australianit.news.com.au/articles/0,7204,19088317%5E15319%5E%5Enbv%5E,00.html

8 May 2006 - Trojan Goes After Online Game Account Information
The PWS.Win32.WOW.x Trojan horse program seeks user names and passwords for the online game "World of Warcraft." Once attackers have the means to access an account, they have the ability to transfer virtual goods to another account. Although the game's publisher has forbidden the sale of virtual goods for money there is a black market for them on the Internet. The program spreads through peer-to-peer file sharing, pop-ups and email attachments and tries to disable security software on computers it infects.
http://www.informationweek.com/news/showArticle.jhtml?articleID=187002835

4 May 2006 - Idaho Power Drives Sold on eBay Not Adequately Scrubbed
Idaho Power Co. is trying to track down old company hard drives that were sold on eBay without going through prescribed scrubbing procedures. The data on the drives includes memos, customer correspondence and confidential employee data. Idaho Power recycles old drives through a salvage vendor. The power company has launched a private investigation into why scrubbing procedures were not followed. Idaho Power requires that their discarded drives be destroyed or scrubbed to US Department of Defense standards. Companies that do not properly scrub memory devices risk violating regulations in addition to the embarrassment of exposing confidential data. According to a Gartner survey, approximately 30 percent of organizations use third party companies to dispose of PCs and servers they are no longer using. Idaho Power says it will now destroy old drives rather than recycle them.
http://www.computerworld.com/securitytopics/security/story/0,10801,111148,00.html

27 April 2006 - Stolen Aetna Laptop Contains Data on 38,000 Members
Aetna Insurance has acknowledged that a laptop computer stolen from an employee's car contains personal data belonging to approximately 38,000 members. Those affected are employees of two companies who asked not to be named until all of their affected employees are informed of the laptop's theft and its implications. Aetna plans to send letters to inform all those affected. Aetna said the employee who left the computer in the car was not following company policy.
http://news.zdnet.com/2102-1009_22-6066078.html?tag=printthis

27 April 2006 - BSA Ups Maximum Reward for Tips About Unlicensed Software at UK Businesses
The Business Software Alliance (BSA) has increased its maximum reward for information regarding the use of illegal or unlicensed software in UK businesses. The BSA has launched 420 investigations from tips
received on its hotline. People providing the BSA with tips about unlicensed software could receive as much as GBP20,000 (US$36,513) through the end of June.
http://management.silicon.com/itdirector/0,39024855,39158440,00.htm

27 April 2006 - RIAA and MPAA Ask University Presidents for Help in Fighting Piracy
The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) have sent letters to 40 US university presidents informing them of problems with pirated digital content on their schools' local area networks (LANs) and asking they take action to halt the copyright violations. The RIAA and the MPAA say students are trading files across school LANs rather than sending them over the Internet. LANs in universities often serve tens of thousands of people.
http://news.com.com/2102-1025_3-6066118.html?tag=st.util.print

19 April 2006 - Studies Say HIPAA Privacy Rule Compliance Not Improving
According to a survey from the American Health Information Management Association (AHIMA), compliance with the Health Insurance Portability and Accountability Act (HIPAA) patient privacy rules appears to be on the wane. Of 1,117 hospitals and health systems responding to the survey, 91 reported HIPAA compliance last year while 85 percent said they were in compliance this year. The top reasons given for declining compliance were "lack of resources and diminished management support." However, 75 percent of respondents said they were "fully or mostly compliant" with HIPAA's information security rules, marking a 60 percent improvement over last year's figure.
http://govhealthit.com/article94120-04-19-06-Web


18 April 2006 - FTC Reaches Settlement With Spammers
The US Federal Trade Commission (FTC) has arrived at a settlement with two people who sent millions of unsolicited commercial email messages in violation of the CAN-SPAM Act. Washington state residents Matthew Olson and Jennifer LeRoy sent spam with false "from" data, misleading subject lines; they also failed to provide a means for recipients to opt out of receiving future emails. Among the products Olson and LeRoy pushed included mortgage plans and a device for improving automobile gas mileage. Olson and LeRoy have agreed they will not violate the law in the future. A suspended US$45,000 judgment against the pair will be reinstated if evidence emerges to indicate they have misrepresented their financial condition. http://www.internetnews.com/xSP/print.php/3599796

13 April 2006 - Texas Governor Issues Executive Order Limiting P2P Use on State Systems
Texas Governor Rick Perry has issued an executive order that prohibits the unauthorized or illegal use of peer-to-peer (P2P) software on state computer systems. Perry's order says the file-sharing software poses a potential threat to network resources. In addition, P2P networks are often used to share pirated copies of digital content. The policy would not apply to the legislative nor judicial branches of Texas government or to Constitutional state officers.
http://www.fcw.com/article94067-04-13-06-Web

7 April 2006 - Five Arrested in Huge DVD Piracy Scheme
Law enforcement officers have arrested five people in London following a raid of what is being called the largest manufacturing facility of pirated DVDs ever discovered in the UK. The facility was equipped to create 2,700 pirated disks an hour.
http://www.theregister.co.uk/2006/04/07/dvd_piracy_factory_raid/print.html

6 April 2006 - CISOs Reasons for Investing in IT Security
A Merrill Lynch & Co. Inc. survey of 50 chief information security officers (CISOs) found regulatory compliance tops the list of "reasons driving demand for security software." Seventy-eight percent of the
CISOs said less than 10 percent of their IT budgets are given over to security software and infrastructure. That figure is expected to increase an average of 11.4 percent over the next 18 months.
http://www.informationweek.com/story/showArticle.jhtml?articleID=184429550

29 March 2006 - Twenty-one Arrested in On-Line Cyber Crime Crackdown
Seven people in the US were arrested as part of Operation Rolling Stone, which is targeting on-line criminal activity in the financial sector. The seven join 14 others arrested in the US and the UK over the last three months. The people are allegedly involved with on-line groups that trade financial and other consumer data. (Site requires free registration)
http://www.nytimes.com/2006/03/29/technology/29theft.html?_r=1&oref=slogin&pagewanted=print

29 March 2006 - Phishers Take New Tack With Three Florida Banks
Attackers broke into servers belonging to an Internet service provider (ISP) that hosts web sites for three small Florida banks. They then redirected traffic from those sites to a phony server designed to mimic the real banking sites where they attempted to gather sensitive customer account data. The attack is believed to be the first of its kind.
http://www.computerworld.com/printthis/2006/0,4814,110046,00.html

27 March 2006 - Four Indicted on Charges Related to Nigerian 419 Scam
A grand jury in Brooklyn, NY has indicted four people on charges of conspiracy, wire fraud and mail fraud for their alleged roles in an email 419 scam that cost victims more than US$1.2 million. If convicted of all charges against them, the men face decades of prison time.
http://zdnet.com.au/news/security/print.htm?TYPE=story&AT=39247806-2000061744t-10000005c

26 March 2006 - Florida State Employee Data Compromised
People who worked for the state of Florida between January 1, 2003 and June 30, 2004, are being notified that the privacy of their personal data may have been compromised. Florida's Department of Management Services was using an outsourcing service provider, Convergys, that outsourced the data to GDXData, that, in turn, outsourced the contract to a subcontractor in India. Convergys maintains the offshore work was done without its knowledge and has cancelled its contract with GDXData.
One Florida state public employee union wants the contract with Convergys cancelled.
http://www.computerworld.com/printthis/2006/0,4814,109938,00.html

24 March 2006 - Stolen Laptop Contained Personal Data from Vermont State Colleges
A laptop computer stolen from a car parked on a Montreal street contained personal data belonging to thousands of Vermont State Colleges students, faculty and staff. Security precautions were taken as soon as the school learned of the theft, which occurred on February 28, but people whose data were stored on the computer were notified just last week.
http://www.timesargus.com/apps/pbcs.dll/article?AID=/20060324/NEWS/603240363/1002

24 March 2006 - German Anti-Piracy Law Imposes Stiff Penalties
Under new legislation in Germany, people convicted of downloading movies and music for private use could face penalties of up to two years imprisonment; those who download movies for commercial use could face up to five years. The new law takes effect January 1, 2007.
http://technology.timesonline.co.uk/article/0,,20409-2100973,00.html

24 March 2006 - Man Fined and Sentenced for Wireless Piggybacking
David M. Kauchak has been fined US$250 and sentenced to one year of court supervision for accessing another person's wireless network without permission. Kauchak was arrested after he was seen sitting in his parked car with his computer.
http://www.techweb.com/wire/183702832

23 March 2006 - Fidelity Informs HP Employees Their Data is on Stolen Laptop
Fidelity Investments is notifying nearly 200,000 Hewlett-Packard (HP) employees that their account information is on a laptop that has been stolen. Fidelity serves as record keeper for HP's retirement plans.
The data include names, addresses and Social Security numbers. Fidelity has set up a web site and a call center to help those affected take steps to protect their data and have questions answered. A Fidelity spokesperson said "the application was running on a temporary license ... [that has since] expired." The company has also "taken steps to implement extra security processes requiring additional authentication for access to those HP accounts as well as other measures to prevent unauthorized use."
http://www.theregister.co.uk/2006/03/22/fidelity_laptop_hp/print.html

23 March 2006 - HHS System Security Problems Place Medical Data at Risk, Says GAO
A forthcoming Government Accountability Office (GAO) review of the Department of Health and Human Services (HHS) says that "significant weaknesses in information security controls" could place at risk the privacy and security of sensitive data gathered about millions of Americans through Medicare, Medicaid and other government programs. GAO investigators examined 2004 and 2005 management and audit reports of security practices at 13 HHS divisions. Among their findings: anti-virus software was either not installed or not current; passwords were not adequately controlled; and physical controls were lacking.
Among the data retained by the systems are Social Security numbers, names, addresses and medical conditions.
http://www.usatoday.com/tech/news/computersecurity/2006-03-23-medical-data_x.htm

22 March 2006 - Trojan Filches Financial Account Details
Variants of a sophisticated Trojan horse program have been infecting vulnerable computers for months; an estimated one million machines have been compromised. The Trojan, called MetaFisher and known alternately as Spy-Agent and PWS, exploits the Windows Metafile flaw to download itself onto vulnerable machines and uses HTML injection to harvest financial account information. Users become infected after being tricked into visiting a maliciously constructed web site from an email link. The Trojan is currently aimed at customers of Spanish, British and German banks.
http://www.informationweek.com/story/showArticle.jhtml?articleID=183701982

19 March 2006 - French Legislators Address Internet Piracy Penalties
French legislators have passed a bill defining the penalties for people convicted of Internet piracy. Those convicted of "supplying software enabling users to break copyright protection on DVDs or CDs" could face up to six months in jail and a fine of 30,000 Euros (US$36,500). People convicted of possessing and/or using the software will face lesser fines of between 750 - 3,750 Euros (US$913 - 4555). Amendments to the bill could require companies that use digital rights management (DRM) to publish details to allow the development of interoperable systems. The bill would also make the development and use of peer-to-peer (P2P) software illegal.
http://australianit.news.com.au/articles/0,7204,18498096%5E15306%5E%5Enbv%5E,00.html

16 March 2006 - Pennsylvania AG Seized Newspaper's Hard Drives in Probe of Lancaster Coroner
In an attempt to gather evidence in a grand jury probe into whether or not Lancaster (PA) coroner G. Gary Kirchner provided journalists with his "password to a secure law-enforcement web site," the Pennsylvania Attorney General's office has seized four computer hard drives from the Lancaster Intelligencer Journal newsroom. The state supreme court had earlier in the week upheld a lower court ruling that rejected the newspaper's attempts to withhold the information. The attorney general's office says it will limit its examination of the computer hard drives to that particular web site.
http://www.yorkdispatch.com/pennsylvania/ci_3608667

8 March 2006 - Attackers Sidestepping Phishing Site Closures
Phishers have begun using a new technique to ensure a higher rate of victims reaching fraudulently constructed web sites. Because anti-phishing vendors are taking more aggressive steps to close phishing sites, some phishing email now directs recipients to one IP address that hosts a "smart redirector" that checks to see which web sites are still live before deciding where to send the intended victim. Smart redirector attacks have been detected at two banks.
http://www.theregister.co.uk/2006/03/08/smart_redirect_phish_attack/print.html

8 March 2006 - Debit Card Fraud May be Linked to OfficeMax-Related Breach
Investigators say that debit card fraud affecting members of credit unions in Leominster and Fitchburg, Massachusetts may have been linked to a security breach related to OfficeMax; all affected customers had used Visa debit cards at OfficeMax. Fraudulent account withdrawals have been made in Spain, Turkey, Greece, Switzerland, the UK, as well as in the US and Canada, suggesting that the information is being sold on the Internet. The thieves used cloned debit cards constructed with the use of stolen PIN numbers, either from OfficeMax or from a transaction processor. An OfficeMax spokesperson said there is no evidence of a security breach of their network.
http://www.eweek.com/print_article2/0,1217,a=173073,00.asp

7 March 2006 - Security and Privacy Top Federal CIO's List of IT Concerns
The IT Association of America's 16th Annual Federal CIO Survey found that federal CIOs rate IT security and privacy as their most pressing concerns. Though they believe they have made progress in these areas, they also say protecting information and allowing people access to that information is a stressful balancing act that consumes their budgets. ITAA interviewed 36 CIOs and assistant CIOs and three government oversight officials during the last five months of 2005.
http://www.fcw.com/article92517-03-07-06-Web

23 February 2006 - Korean online gamers victims of ID theft
Around 2,000 South Koreans have had their names and national identity numbers stolen from a popular online role-playing game to play the game for free.http://www.scmagazine.com/us/news/article/542791/?n=us

23 February 2006 - Deloitte & Touche Loses Disk with McAfee Employee Data
A McAfee spokesperson said that an external auditing firm lost a CD containing the unencrypted names, Social Security numbers and McAfee stock holdings of an unspecified number of current and former employees. Deloitte & Touche acknowledged that an employee left the unlabelled CD in the seat back pocket on an airplane. The missing disk was reported to McAfee on January 11, 2006. The affected employees have been notified.
http://news.com.com/2102-1029_3-6042544.html?tag=st.util.print

23 February 2006 - Acxiom Data Thief Draws Eight-Year Sentence
A Florida man has been sentenced to eight years in prison for breaking into Acxiom Corp.'s database of consumer information and stealing more than one billion records. Scott Levine was convicted in August 2005 of 120 counts of unauthorized access to a computer connected to the Internet, two counts of device fraud and one count of obstruction of justice. There is no evidence that Levine used the data to commit identity fraud. Levine will also pay a fine of US$12,300; the amount of restitution has not yet been decided. Levine is the former CEO of Snipermail.com, a bulk emailing company.
http://news.com.com/2102-7348_3-6042290.html?tag=st.util.print

17 February 2006 - Man Arrested for Allegedly Uploading Oscar-Nominated Film
A California man has been arrested for allegedly uploading an Academy Award nominated film to the Internet. Luis Ochoa was caught in a sting operation that was set up after somebody informed the Motion Picture Association of America (MPAA) that Ochoa had mentioned in a chat room that he wanted to upload the film. The film's watermark indicated that it was a "screener" copy intended for viewing by someone with Academy voting privileges; the copy in question was allegedly obtained "before it reached the intended recipient." If he is convicted of all charges against him, Ochoa could face penalties of a one-year prison sentence and a fine.
http://news.bbc.co.uk/1/hi/entertainment/4724584.stm

15 February 2006 - New Hampshire State Computer System Data Breach
New Hampshire Governor John Lynch said the security of the state's computer system has been breached. The attackers may have been seeking credit card account information belonging to New Hampshire residents. The security breach involved computer and in-person transactions at motor vehicle offices, state liquor stores and other locations. People who have used credit cards for transactions with the state over the last six months are advised to scrutinize their statements for unauthorized transactions. The breach came to light when state technology experts found monitoring software installed on the system.
http://www.washingtonpost.com/wp-dyn/content/article/2006/02/15/AR2006021502764_pf.html

15 February 2006 - Judge Dismisses Data Negligence Case
A US District Judge has thrown out a lawsuit brought by an individual against a student loan company for not encrypting a customer database that was on a laptop computer stolen from the home of a financial
analyst. Stacy Lawton Guin maintained that the company was required to encrypt the data under the Gramm-Leach-Bliley Act, but the judge determined that GLB does not require data encryption and that the
company "had a written security policy and other 'proper safeguards' for customers' information."
http://software.silicon.com/security/0,39024655,39156463,00.htm

15 February 2006 - Brazilian Police Arrest 41 in Connection with Cyber Theft
Brazilian federal police arrested 41 people who allegedly used an emailed Trojan horse program to steal BRL10 million (US$4.74 million) from 200 accounts in six banks. Twenty-four other suspects are still being sought. http://www.theage.com.au/news/breaking/brazilian-police-bust-hacker-gang/2006/02/15/1139890794432.html

14 February 2006 - Olympic Torch virus warning is really a hoax
A new email hoax is spreading as the Winter Olympics are held in Turin. The email warning claims that "the most destructive virus ever" has been discovered, but the warning is completely bogus. Find out more now.
http://s502.link.sophos.com/torch?pl_id=9

14 February 2006 - Australian Man to Pay Fine and Restitution for Computer Intrusion
An Australian man, Stephen Sussich, has been fined AU$2,000 (US$1476) and ordered to pay AU$3,000 (US$2214) in compensation for placing a rootkit on a server of Webcentral, a Brisbane-based company. Sussich pleaded guilty to two charges of unauthorized modification of data to cause impairment. There is no evidence that Sussich accessed credit card data or that his motivation was financial.
http://www.theage.com.au/news/national/teen-hacker-fined-for-server-attack/2006/02/13/1139679536471.html

13 February 2006 - Additional Information Emerges Regarding Compromised Debit Cards
Sources are now indicating that the compromised debit cards reported earlier this week are related to two security breaches involving Wal-Mart and OfficeMax. Bank of America, Washington Mutual and a credit
union cancelled 200,000 customer debit cards. The FBI and the Secret Service are investigating. Neither store has commented on their connections to the data breach although Wal-Mart did point to their December 2, 2005 announcement that customer credit card security had been breached at some Sams' Club gas pumps in late September and early October. The FBI also believes that the breach may be connected to an ongoing investigation in Sacramento, CA; that case involves the cancellation of about 1,500 debit cards at the Golden 1 Credit Union.
http://news.com.com/2102-1029_3-6038405.html?tag=st.util.print

8 February 2006 - Spanish Man Jailed and Fined for Denial-of-Service Attack
A Spanish man who used a computer worm in 2003 to launch a denial-of-service attack has been sentenced to two years in jail and ordered to pay a fine of EUR1.4 million (US$1.67 million). Santiago
Garrido carried out the attack, which disrupted Internet service for approximately 3 million people across Spain, in retaliation for having been banned from an IRC chat room.
http://www.theregister.co.uk/2006/02/08/spanish_hacker_jailed/print.html

6 February 2006 - Phishing Scam Pretends to Provide Information About Tax Refunds
A recently detected phishing scam purports to be a message from the US Internal Revenue Service (IRS) regarding a tax refund. The email provides a link to a web site that claims to be able to tell taxpayers the status of their refunds and asks for visitors' names, Social Security numbers and credit card data.
http://www.computerworld.com/printthis/2006/0,4814,108430,00.html

30 January 2006 - ISPs Ordered to Divulge Identities of Alleged File Sharers
The British High Court has ordered ten Internet service providers (ISPs) to provide the names, addresses and other personal details of 150 alleged illegal file sharers in the UK to the Federation Against Software Theft. http://news.bbc.co.uk/2/hi/technology/4663388.stm

27 January 2006 - Canadian Record Label Will Fund Family's Defense in File Sharing
Nettwerk Music Group, Canada's largest record label, says it will fund the defense of David Gruebel, who was sued by the Recording Industry Association of America (RIAA) for allegedly having music on his family computer that was downloaded in violation of copyright law. Nettwerk chief executive terry McBride said "The current actions of the RIAA are not in my artists' best interests. Litigation is a deterrent to
creativity ... and it is hurting the business I love." Nettwerk has hired a Chicago-based law office to defend Greubel and has said it will pay any fines if the family loses the case. The RIAA is asking for a US$9,000 penalty, but will accept US$4,500 if it is paid within a specified time period.
http://www.theregister.co.uk/2006/01/27/nettwerk_sues_riaa/print.html
http://www.techweb.com/wire/177104841

27 January 2006 - Men Ordered to Pay Penalties in File Sharing Case
The British High Court has ordered two UK men to pay penalties totaling GBP 6,500 (US$11,488) for making nearly 9,000 songs available for downloading though peer-to-peer file sharing networks. Cases are
pending against the other three people. The cases were brought by the British Phonographic Industry (BPI); the defendants have also been ordered to pay the BPI's costs, pushing the total to more than GBP
20,000 (US$35,348).
http://news.bbc.co.uk/1/hi/entertainment/4653662.stm

27 January 2006 - Man Gets Two Years in Prison for Selling Windows Source Code
William Genovese Jr. has been sentenced to two years in prison for selling source code for Windows 4.0 and 2000. Genovese pleaded guilty last year to one count of unlawful distribution of trade secrets. Genovese has a dozen prior criminal convictions, including three for computer-related crime. Following completion of his prison term Genovese will serve three years of supervised release and will have programs
installed on his computer to monitor his Internet activity.
http://www.computerworld.com/printthis/2006/0,4814,108144,00.html

27 January 2006 - Alleged AOL Phisher Arrested
The US Attorney's Office in Los Angeles has announced the arrest of Jeffrey Brett Goodin, who allegedly used a phishing scheme to trick America Online (AOL) users into divulging their credit card details. The phony email messages asked AOL users to update their billing information and directed them to fraudulently constructed sites where the financial data were harvested. Goodin then used the information he stole to make fraudulent charges on credit and debit cards. Goodin faces charges of wire fraud and unauthorized use of an access device. If convicted, he could face up to 30 years in federal prison.
http://news.com.com/2102-7349_3-6031924.html?tag=st.util.print

27 January 2006 - Japanese Police Arrest Man on Spyware Charges
Police in Japan have arrested Atsushi Takewaka, who is suspected of developing spyware that he and an alleged co-conspirator used to steal Internet banking passwords. Takewaka allegedly developed the spyware at the request of Kiichi Hirayama, who sent CD-ROMs to targeted companies that installed the spyware on their computers. Takewaka and Kiichi Hirayama allegedly used the stolen passwords to withdraw money from bank accounts. The pair is also believed to be responsible for the theft of an online banking password belonging to a Kawasaki, Japan jewelry store.
http://www.computerworld.com/printthis/2006/0,4814,108130,00.html

27 January 2006 - Credit Card Details Allegedly Stolen from RI State Government Site
A Rhode Island government web site, www.RI.gov, was reportedly the target of cyber thieves, who stole credit card information belonging to people who had conducted online business with Rhode Island state
agencies. Cyber criminals bragged of their exploits several weeks ago on a Russian-language web site. Attackers breached the security of a server database and stole encrypted credit card data. A pokesperson
for the web site said they comply with the payment card Industry's Data Security Standards, meaning they do not store complete credit card information. The breach was discovered through routine security procedures; measures have been taken to close the hole the thieves exploited.
http://www.fcw.com/article92132-01-27-06-Web

26 January 2006 - Ameriprise Notifies Customers Affected by Computer Theft
Ameriprise Financial Inc. has sent letters to 158,000 customers informing them their personal account data were held in a laptop stolen from an employee's car. The customer data do not include customer
Social Security numbers (SSNs), but the computer also held a file that contained the names and SSNs of 68,000 current and former financial advisers.
http://twincities.bizjournals.com/twincities/stories/2006/01/23/daily39.html

26 January 2006 - Spammer Fined US$5 Million
A federal judge has ordered Christopher William Smith to pay America Online (AOL) more than US$5 million in damages and legal fees for sending billions of spam messages. AOL filed a lawsuit against Smith in 2004 under the CAN-SPAM Act. Smith is also awaiting trial on criminal charges of violating federal drug laws.
http://www.usatoday.com/tech/news/computersecurity/2006-01-26-aol-spam-case_x.htm

19 January 2006 - Former Medical Office Manager Indicted for Patient Record Theft
Joseph Nathaniel Harris, who formerly worked as the manager of the San Jose (California) Medical Group, has been indicted by a federal grand jury on charges stemming from the theft of computers and DVDs that
contained patient records. Harris allegedly broke into the office after resigning his position. If convicted of all charges against him, Harris faces a maximum prison sentence of ten years and a fine of up to US $250,000. http://www.eweek.com/print_article2/0,1217,a=169608,00.asp

18 January 2006 - Obscene Kama Sutra worm spreads via email
Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have warned users to be wary of unsolicited emails claiming to contain obscene pictures and sex movies. Find out more about the W32/Nyxem-D worm now.http://s489.link.sophos.com/nyxemd?pl_id=9

17 January 2006 - Beware bogus business deal from US military in Iraq
-In a message reminiscent of the George Clooney Gulf War movie "Three Kings", an email claiming to come from a US military sergeant in Iraq looks for assistance in moving money out of the war-torn country. Make sure you don't fall for the scam.http://s489.link.sophos.com/iraq?pl_id=9

17 January 2006 - Privacy Rights Clearinghouse List of Data Security Breaches
The Privacy Rights Clearing house has compiled a list of known data security breaches that have occurred since ChoicePoint's data breach acknowledgment on February 15, 2005. The list includes the dates the breaches were reported, the names of the institutions, the types of breach and the number of individuals affected in each breach. http://www.privacyrights.org/ar/ChronDataBreaches.htm

16 January 2006 - Imprisoned Russian billionaire's fortune offered by 419 scammers
Mikhail Khodorkovsky's name is being used by spammers hell bent on stealing money from innocent computer users. Find out about this email scam, and make sure your users are protected at the email gateway.http://s489.link.sophos.com/khodorkovsky?pl_id=9

16 January 2006 - Spanish Civil Guard Arrests Suspected Cyber Intruder
The Spanish Civil Guard says that a man has been arrested in Malaga for allegedly breaking into a computer with sensitive information at a US Navy base in San Diego. The Spanish Civil Guard searched the man's home and seized a computer and other effects. The Civil Guard says the suspect is allegedly part of a group that has broken into more than 100 computer systems and caused damages exceeding US$500,000. http://www.cnn.com/2006/WORLD/europe/01/16/spain.us/index.html

13 January 2006 - Alleged Spammer Reportedly Reaches Plea Deal
Alleged spammer Daniel Lin is expected to enter a guilty plea in court on January 17, 2005 after he admitted using corporate and government computer networks to send unsolicited commercial email. Lin's deal with prosecutors will send him to jail for between two years and 57 months; if he had not agreed to the deal, Lin would face a much lengthier sentence. Lin is one of four people charged in April 2005 with using compromised computers to send spam. The group allegedly sent spam through proxies with phony return-path addresses in violation of the CAN-SPAM Act.
http://www.theregister.co.uk/2006/01/13/detroit_spam_case/print.html

12 January 2006 - Connecticut Bank Says Lost Tape Contains Customer Data
Connecticut-based People's Bank has acknowledged that a tape containing sensitive data belonging to approximately 90,000 customers was lost en route to a credit-reporting bureau. The data on the tape ncludes Social Security numbers, names and bank account numbers. The bank said there is no evidence that the data have been misused and made no comment about whether or not it was encrypted. Affected customers will be provided with one year of free credit monitoring service.
http://news.com.com/2102-1029_3-6026692.html?tag=st.util.print

11 January 2006 - Singapore Student Jailed for Selling Pirated Software
Ang Chiong Teck, a student at Singapore's Nanyang Technological University, has been sentenced to four months in prison for selling pirated copies of Microsoft software. The phony copies of software included forged certificates of authenticity. Ang's scheme was discovered when those who had purchased the software found they lacked the codes required to register the software online and download updates. When Ang was arrested, authorities confiscated S$20,000 (US$12,270) worth of pirated software in his possession. Ang was arrested in September, but his sentencing was delayed until December to allow him
to finish his university examinations.
http://www.zdnet.co.uk/print/?TYPE=story&AT=39246559-39020651t-10000022csa

11 January 2006 - New 419 spam promising Volkswagen
Security experts today warned internet users of a spam campaign that pretends the recipient has won a lottery sponsored by the Volkswagen motor company.http://www.scmagazine.com/us/news/article/534992/?n=us

10 January 2006 - Audit of Military User Accounts Finds Problems
An audit of US military computer user accounts found that as many as 20 percent of all accounts are unauthorized or inactive, with 3,000 in the Defense Information Systems Agency (DISA) alone. Inactive accounts are those abandoned when those to whom they were issued moved on to other positions; unauthorized accounts are those that were created with"unnecessary or unauthorized permissions." The existence of these accounts together with the fact that military systems experience slow patch distribution presents opportunities for malicious attackers to infiltrate military computer systems.
http://www.eweek.com/print_article2/0,1217,a=168898,00.asp

10 January 2006 - Resort Acknowledges Security Breach Compromised Customer Data
Kerzner International, owner of the Atlantis resort in the Bahamas, filed a document with the Bahamas Securities and Exchange Commission that included information about a data theft; personal data belonging to approximately 55,000 resort customers was among the information compromised in a database security breach. Atlantis hotel management is notifying those affected in writing and is offering them one year of credit monitoring service. The compromised information includes Social Security numbers and credit card and bank account details.
http://news.com.com/2102-7348_3-6025591.html?tag=st.util.print

11 January 2006 - 2005 FBI Computer Crime Survey
According to the 2005 FBI Computer Crime Survey, 87 percent of those responding said their organizations had experienced a security incident. Ninety-eight percent of respondents said they used antivirus software; ninety percent said they used firewalls. The report found a "positive correlation between the number of security measures employed and the number of denial-of-service attacks" experienced. More than 79 percent of respondents said their organizations experienced problems with spyware. Some security incidents went unreported due to beliefs that there was no criminal activity involved in the incident, that the incident was too small to report and that law enforcement would not be interested in the incidents. The survey asked 23 questions of 2,066 organizations in New York, Iowa, Texas and Nebraska.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1157706,00.html?track=sy160

10 January 2006 - Parents and enterprises warned of ‘Podporn’ problem
Security experts issued a warning about the fast growing problem of pornography being accessed via devices such the new video-enabled Apple iPod or Sony PSP.
http://www.scmagazine.com/us/news/article/534636/?n=us

9 January 2006 - Amended Qwest Subscriber Agreement Describes Fines for Sending Spam
Qwest has added a clause to its subscriber agreement, indicating that customers will be charged US$5 for each spam message sent from their computers if the spam sent results in damages awarded against Qwest. The fine would stand regardless of whether or not the customers are aware of the spam being sent, according to the new clause. However, a Qwest spokesperson said that the company would be unlikely to impose fines if a customer or end-user were the victim of malware that caused the computer to send out spam. http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5116

9 January 2006 - IM and P2P threats reach 'critical levels'
The number of security threats propagating via instant messenger and peer-to-peer networks increased last year by more than 2,200 percent over 2004, newly published research has claimed.
http://www.scmagazine.com/us/news/article/534588/?n=us

6 January 2006 - Sophos Security Threat Management Report 2005
Sophos's free in-depth report explores the year's most pressing security issues. If you're a security professional, protecting your company from malicious attack, or just responsible for looking after the data on your own PC, then you need to read this detailed report into the latest virus, spyware and spam trends. http://s484.link.sophos.com/secrep2005?pl_id=9

6 January 2006 - eBay Account Hijacker Indicted
Sean Galvez of Boston, Massachusetts has been indicted on one count of larceny and 10 counts of unauthorized access to a computer and identity fraud for breaking into more than 40 eBay accounts and accumulating charges totaling US$32,000. The Massachusetts Attorney General's office is still trying to determine how Galvez obtained access to the accounts. Galvez allegedly changed the passwords and gathered credit card information. Galvez is scheduled to be arraigned on January 18, 2006 and faces up to five years in state prison if convicted of the charges against him.
http://www.eweek.com/print_article2/0,1217,a=168683,00.asp

5 January 2006 - Top ten viruses and hoaxes reported to Sophos in December 2005
Which virus topped the chart in December 2005? Find out which viruses and worms were spreading the most across internet email systems in the last last month in this hall of shame.
http://s484.link.sophos.com/topdec05?pl_id=9

5 January 2006 - Spammer hit by $11.2 billion fine in US judgment
An Iowa-based ISP has been awarded $11.2 billion in a judgment against a Florida man who sent millions of unsolicited spam emails. http://s484.link.sophos.com/11bill?pl_id=9

2 January 2006 - Trojan Horse Displays Phony Google Ads on Web Sites
A Trojan horse program is replacing legitimate Google AdSense advertisements with counterfeit ads. The Trojan targets small publishers. Normally AdSense advertisements are relevant to the web site's content; however, the ads generated by the Trojan promote products Google stays away from, including gambling and adult entertainment products. AdSense works by paying web site publishers to place relevant advertisements on their sites. When users click on the illegitimate ads, they are reportedly taken to three other sites and finally to a page of advertisements with links to more advertisements.
http://www.eweek.com/print_article2/0,1217,a=168268,00.asp

1 January 2006 - Pennsylvania Medical Office Informs 700 People Whose Data Were on Stolen Computer
Squirrel Hill Family Medicine in Pennsylvania is taking steps to inform approximately 700 patients that one of six computers stolen from their office over the December 17-18 weekend contains a file with their names, Social Security numbers and birth dates. The University of Pittsburgh Medical Center, which owns Squirrel Hill Family Medicine, will pay for one year of credit monitoring services for those affected.
http://www.philly.com/mld/philly/news/13530545.htm

29 December 2005 - Trojan targets Spanish-speaking bank customers
A new trojan blending spyware and phishing techniques is threatening Spanish-speaking bank customers, a European security firm warned this week. http://www.scmagazine.com/us/news/article/533796/?n=us

29 December 2005 - Alleged ChoicePoint Data Thief Pleads Guilty
A man allegedly responsible for the ChoicePoint consumer record database security breach has pleaded guilty to charges of conspiracy and grand theft. Olatunji Oluwatosin is the only person charged in the massive data theft that compromised the personal data of 145,000 people. Oluwatosin will be sentenced on February 10, 2006; he is already serving a 16-month prison term for an earlier felony count of identity theft. http://www.consumeraffairs.com/news04/2005/choicepoint_guilty.html

 

 

 
Return to top
 
© 1999-2016 Security Awareness, Inc. All Rights Reserved  :  Privacy Statement
Contact Us     Site Map