BREAKING: Discover How A Slacker Makes $100,000 A Year!

WEBMASTERS! Get Your Website To The Top Of Google

Websites sell secret bank data and PINs

Monday, December 3rd, 2007

Security breaches that are allowing the financial details of tens of thousands of Britons to be sold on the internet are to be investigated by the country’s information watchdog.

Without paying a single penny, The Times downloaded banking information belonging to 32 people, including a High Court deputy judge and a managing director. The private account numbers, PINs and security codes were offered as tasters by illegal hacking sites in the hope that purchases would follow.

Richard Thomas, the Information Commissioner, will begin an investigation into the security breach today and Scotland Yard is also investigating. Experts said that the findings suggested that more personal data than ever before was going astray. The Times found: More than 100 websites trafficking British bank details A fraudster offering to sell 30,000 British credit card numbers for less than £1 each A British “e-passport” for sale, although the Government insists that they are unhackable.

The discovery comes as public alarm is growing about the dangers of identity theft. HM Revenue & Customs has yet to retrieve two lost CDs containing the banking details of 25 million Britons, which ministers admitted had vanished in the post a fortnight ago. At current underworld prices, these could fetch more than £100 million if they fell into the hands of hackers.

The News of the World disclosed yesterday that it had been handed two discs mislaid by the Department for Work and Pensions containing the national insurance numbers of 18,000 claimants.

Last year The Times discovered internet chatrooms where the hacked credit card details of 400 British people were being sold every day.

A spokesman for Mr Thomas said: “We will be looking at the evidence you have provided and investigating the circumstances. This looks serious and is a matter of genuine concern.

“We can take action against UK-based organisations that flout the Data Protection Act. If some of these websites are not UK-based we will work with our counterparts in the relevant country.”

Mr Thomas will address the Commons Justice Committee tomorrow on the addional powers that he says are needed to prevent breaches of data protection. He believes that reckless failure to protect information should result in prosecution and that his staff should have powers to raid government and business premises.

Hacking sites act as online bazaars for stolen personal information. They are well run, hierarchical groups structured like businesses. Some even have review sections where buyers can recommend a particular fraudster.

Geraldine Hernon, 30, of St Ives, Cambridgeshire, was shocked to hear that her credit card number, expiry date and security number were online with her address, telephone number and e-mail address. She said: “I can’t believe it. I will have to change my whole account. It is terrifying that people have the information. It is personal information. I feel really scared.”

The bank details of Robert Seabrook, QC, a deputy judge and former chairman of the Bar Council, were also freely available. He, too, described the breach as terrifying. “I am profoundly concerned,” he said. “One reads about the anxieties of data in the public domain but it is disconcerting to hear something so personal being available. If you can get this sort of thing for free who knows what is below the water line?”

Neil Munroe, the director of the credit reference agency Equifax and an expert on internet fraud, said that the depth of information obtained by The Times was greater than he had ever seen. “The detail you have got is very disturbing,” he said. “Normally we only see credit card numbers coming up but you have got e-mails, addresses, security and PINs. Everything. It is very scary.”

Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.”

Since April customers have been told to report card crimes to their banks rather than to the police. Mr McMurdie, backed by the main banks, has asked the Home Office for £1.3 million to fund a central e-crime unit.

Stolen identities

Criminals use three main methods to extract personal information

- Viruses contained in e-mails that install malicious software to collect information such as login names, bank account details and credit card numbers. Make sure you use up-to-date antivirus software

- Handheld credit card readers are used to “skim” cards and copy data that is then used to clone another one. Check your accounts regulary for unusual transactions

- Bin raiders go through rubbish bins to find discarded bank statements and utility bills. Make sure that all personal documents are shredded before you throw them out

Have Your Say: Websites sell secret bank data and PINs
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

They used us like rats and dogs at Guantanamo

Monday, December 3rd, 2007

Mamdouh Habib says he was beaten until his final days in the US detention facility at Guantanamo Bay and has accused Australian officials of having “no humanity” for failing to intervene.

Mr Habib is suing Nationwide News over a February 2005 newspaper column that implied he made false claims about torture.

A jury found he had been defamed by the article, and Nationwide News is now mounting a defence of truth and justification in the NSW Supreme Court.

Mr Habib today said he was beaten from the day of his arrest in Pakistan in 2001 until his final moments in 2005 at Guantanamo Bay, where he claimed he was experimented upon.

“People have no humanity, they have been using us for experiments,” he told the court.

“They [were] using us like rats and dogs and animals.

“Every single injection, I take it by force.”

Mr Habib denied a number of claims made by an Australian team which visited Guantanamo Bay in May 2002, including statements allegedly made by him that he was being treated well and had no major complaints.

“I say that’s not true, I never been treated well in Guantanamo Bay, or Egypt, or Pakistan,” Mr Habib said.

“They drag me (to interrogations) maybe half a kilometre in the gravel,” he said.

Mr Habib said he told “every single person I saw” about his torture and mistreatment and Australians were “definitely” involved.

“Australians, they aware of my torture and they be involved, definitely, with my torture,” he said.

Alec Leopold, acting for Nationwide News, asked Mr Habib whether he was accusing Australian officials of being inhumane.

“If Australian team was there when I was tortured, when I was given injection, yes,” he replied.

The hearing continues.

AAP

Have Your Say: They used us like rats and dogs at Guantanamo
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

Confirmed: Ability to spy on remote calls with VoIP

Monday, December 3rd, 2007

In October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone

By Linda Leung Framingham

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones. In its security response, Cisco says: “an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.”

Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that “any Extension Mobility account configured on an IP phone’s Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack.”

The technique was described by Telindus researcher Joffrey Czarny at HACK.LU 2007 in Luxembourg in October.

Cisco has published some workarounds to this problem in its security response.

Also in October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone.

The hackers, John Kindervag and Jason Ostrom said they were able to access the hotel’s financial and corporate network and recorded other phone calls, according to a blog on Wired.com.

The hackers used penetration tests propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC — which the hackers switched in place of the hotel phone — into the network running the VoIP, according to the blog post.

The Avaya configuration is superior to Cisco, according to the hackers, because you have to send requests beyond a sniffer. Although it can be breached the same way, by replacing the phone with a PC.

MI5 accuses China of hacking businesses

Monday, December 3rd, 2007

Howard Dahdah

According to reports in the weekend newspapers, the government has accused China of hacking into the computer systems of leading companies.

According to The Times, the MI5 director-general Jonathan Evans sent a confidential letter to 300 chief executives and security chiefs at financial institutions and legal firms last week warning them that they were under attack from Chinese state organisations.

The summary of the letter, which was posted (securely) on the website of the Centre for the Protection of the National Infrastructure, warned its recipients of the “electronic espionage attack”.

“The contents of the letter highlight the following: the Director-General’s concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organisations, and the fact that the attacks are designed to defeat best-practice IT security systems.

“The letter acknowledges the strong economic and commercial reasons to do business with China, but the need to ensure management of the risks involved.”

According to one security expert quoted in the Times article, one of the techniques used by the Chinese groups were “custom Trojans”, software designed to hack into the network of a particular firm and feed back confidential data.

The MI5 website already acknowledges the UK is a high priority espionage target.

“We estimate that at least 20 foreign intelligence services are operating to some degree against UK interests. Of greatest concern are the Russians and Chinese,” it said.

Have Your Say: MI5 accuses China of hacking businesses
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

The new spy camera

Monday, December 3rd, 2007

Tech.co.uk

The latest prototype product from NEC Japan has to be one of the most novel uses of alternative energy we’ve ever seen - it’s a wireless security camera that draws its power directly from fluorescent light tubes.

As odd as it may seem, the unnamed camera simply needs to be fixed to the ceiling beside a fluorescent light and connected to it by a wire with a ring-like adapter on one end. When the light is switched on, electricity is then generated by the Sharp-created technology in the ring through electromagnetic induction.

Key to the development is not the flicker of a fluorescent tube that we’re so familiar with, but the magnetic field created by the AC source in the light. A field frequency of 45-100kHz can be used by the ring to generate 120mW of electricity, which is enough to power the camera.

From that point on the otherwise-standard camera - VGA resolution with shots every 10 seconds - takes over, beaming its images to a PC using an ordinary Wi-Fi chip that also draws power from the light.

NEC suggests that its camera could be installed in office light fittings to help companies keep an eye on their staff at work or in supermarkets for analyzing shopper behavior. So, suspicious cheapskates and manipulative marketers are probably rubbing their hands in glee.

Have Your Say: The new spy camera
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

Poll shows more people now oppose ID cards

Monday, December 3rd, 2007

By Philip Johnston

More people now oppose Labour’s proposed ID cards than support them, a poll for The Daily Telegraph has found.

Have your say: Have data-protection fears put you off ID cards?

Just 43 per cent of those questioned said they favoured the introduction of a national identity scheme compared with 48 per cent who were against. It is the first time YouGov has found more against than in favour.

When the ID scheme was first proposed by the Government in 2003, YouGov found 78 per cent supported it and just 15 per cent were opposed.

Since then, there has been a gradual erosion in support for ID cards and the recent loss of the country’s entire child benefit records on two CDs seems to have tipped the balance.

Yesterday, it emerged that the Department of Work and Pensions let a contractor keep two discs with thousands of benefit claimants’ details for more than a year.

The last time the pollsters asked the same question in July 2005, shortly after the London bombings, 45 per cent were in favour and 42 per cent opposed.

The poll findings will be another blow to ministers who have been adamant that the ID project would proceed despite the child records fiasco.

ID cards are due to be introduced from next year for foreign nationals and from 2009 for all British citizens applying for a new passport.

The charge for a combined ID card and passport will be more than £100 in order to fund the £550 million annual cost to the Home Office.

Ministers have said the project should be self-financing and not a drain on taxes.

The Government has made a number of claims for the advantages of an ID scheme, including making it easier to track terrorists and criminals, bear down on ID fraud and tackle illegal immigration.

But the recent disclosure that illegal immigrants were licensed to work as security guards by a Government agency and the ease with which the personal data of 25 million families were lost have clearly been a blow to public confidence.

There is also a growing number of opponents who would pay a fine or risk prison by refusing to hand over their details.

Phil Booth, of the campaign group No2ID, said: “Clearly a majority no longer trust that the Government can secure their personal information.

“It’s hard to say whether proceeding with an ID scheme that will log your every application for credit, or registration with a clinic and add fingerprints to the data that officials will then lose or compromise is more pig-headed or foolhardy. Either way, public opinion is against the scheme now.”

David Cameron recently told the Prime Minister that the public would find it “bizarre” if the Government was not willing now to “stop and think” about ID cards.

However, at the weekend Jacqui Smith, the Home Secretary, continued to defend the scheme and said the inclusion of fingerprints would ensure the data’s security.

“I will be able to be confident that my identity… will be linked to my fingerprint so just knowing who I am, where I live and what my bank details are will not be enough to be able to take my identity,” she said in a television interview.

“It is an increased protection even against times when people’s biographical details are stolen or lost.”

The Government has dropped plans, on cost grounds, to build a new database for the scheme. It will instead ”piggy-back” on an existing Whitehall IT system.

Have Your Say: Poll shows more people now oppose ID cards
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

Related News

This entry was posted on Monday, December 3rd, 2007 at 12:40 pm and is filed under Business News, Science & Technology News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Translate: