Oct 23 2009

‘China using elite hacker community to build cyber warfare capability’

Category: CybercrimeDISC @ 4:44 pm

The Hacker Files
Image via Wikipedia

Hacking: The Art of Exploitation

London, Oct 23 (ANI): The Communist regime in China with the help of a elite hacker community is building its cyber warfare capabilities and appears to be using a long-term computer attack campaign to collect US intelligence.

An independent study released by a congressional advisory panel found cases that suggested that China’s elite hacker community has ties to Beijing, although there is no substantial proof.

The commission report details a cyber attack against a US company several years ago that appeared to either originate in or came through China and was similar to other incidents also believed to be connected to that country, The Telegraph reports.

The data from company’s network was being sent to multiple computers in the US and overseas, according to an analysis done by the company over several days.

The report contends that the attackers targeted specific data, suggesting a very coordinated and sophisticated operation by people who had the expertise to use the high-tech information.

An Internet Protocol (IP) address located in China was used at times during the episode, the paper reports.

The Chinese Government is said to view such cyber prowess as critical for victory in future conflicts, similar to the priority on offensive cyber abilities stressed by some US officials.

Potential Chinese targets in the US would likely include Pentagon networks and databases to disrupt command and control communications, and possibly corrupt encrypted data, the report says. (ANI)

Reblog this post [with Zemanta]

Tags: chinese hacker, cyberwarfare, elite hacker, hacker, hacker files, uber hacker


Oct 21 2008

12 Phishing Threats and Identity Theft

Category: Email Security,Identity TheftDISC @ 7:22 pm

Have you ever thought of losing something and you cannot live without it? Yes, that something can be your identity. Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In daily life people advise to retrace your steps when you lose something. The question is how you retrace your steps on cyberspace where some uber hackers know how to erase their footsteps to avoid detection. It is difficult to find phishers in cyberspace, and jurisdictional issues make it even harder to prosecute them. Then there is an issue of trust that phishers dupe people to believe that their web site is not fraudulent to collect personal/financial information.

Amongst the financial crisis, phishing might be on the rise because for many organizations information protection might be the last thing on their mind. The FDIC has created a webpage to inform and warn consumers about “phishing.” These days phishers have targeted social network organizations LinkedIn and Facebook where their members have been duped into revealing their sensitive data.

Mainly phishing attacks are targeted to steal the identity. Now the question is, how easy it is to steal somebody’s identity? Let’s say a phisher has your name and address, and then he/she can get your Social Security number with the search on AccurInt or other personal database website. A Social Security number is not the only bounty a fraudster can find on these websites, other personal/private information is available as well at minimal cost.

In the table below are the 12 threats to your online identity which can be manipulated in phishing scams, and possible countermeasures to protect your personal and financial information. Some threats are inadequate or no security controls in place. The last row of the table is a monitoring control to identify the warning signs of identity theft.

[Table=7]

Organizations should take necessary steps to protect against identity fraud and apply whatever state and federal legislation applies to your business. Organizations which are serious about their information security should consider implementing the ISO 27001 (ISMS) standard as a best practice, which provides reasonable due diligence to protect and safeguard your information.

US Bank phishing attack exposed
httpv://www.youtube.com/watch?v=n2QKQkuSB4Q


(Free Two-Day Shipping from Amazon Prime). Great books

Tags: accurint, countermeasure, cyberspace, due diligence, equifax, experian, facebook, fdic, financial crisis, fraudster, identity fraud, information protection, isms, iso 27001, jurisdictional, legislation, linkedin, phishing, prosecute, safeguard, social security, threats, transunion, uber hacker