Information Highwaymen Will Follow the Cybermoney
The digital desperados who infected more than half a million Macs around the world with the Fastback worm made headlines for several days this month, but they didn't make as much money as they could have made. In a blog posting at its website, cybersecurity software maker Symantec explained that the Flashback gang installed the moneymaking component of the worm in only 10,000 of the estimated 600,000 machines they infected.
May 21, 2012 6:00 AM PT
An FBI report about Bitcoin leaked to a number of online media outlets earlier this month may have caused anxiety in some corners of the Internet, but not for one developer of the decentralized digital currency.
Bitcoin "provides a venue for individuals to generate, transfer, launder, and steal illicit funds with some anonymity," says the 20-page report.
"Bitcoin will likely continue to attract cyber criminals who view it as a means to move or steal funds as well as a means of making donations to illicit groups," it predicts.
"If Bitcoin stabilizes and grows in popularity," the report continues, "it will become an increasingly useful tool for various illegal activities beyond the cyber realm."
There's nothing surprising about the FBI's conclusions, according to a Bitcoin core developer Jeff Garzik. "Criminals want bitcoins just like they want U.S. dollars," he told TechNewsWorld. "They will steal and trade anything of value."
"We work with law enforcement and regulators whenever possible to reduce crime," he added, "but fundamentally, bitcoins are just like paper cash in your hand: You may hand a U.S. dollar or euro to a criminal on the street, and bitcoins are no different."
While the FBI may have concerns about Bitcoin, Garzik noted that the agency's report also recognizes the legitimate uses of the digital currency.
"That will be helpful in the ongoing effort to work with governments and law enforcement to ensure Bitcoin's future survival," he said.
Mobile Security Oxymoron
To some security pros, the phrase "mobile security" is an oxymoron.
Two things contribute to it, according to Alan Snyder, CEO of BoxTone, which makes mobile device management systems.
One is time. "Much of mobility is new," he told TechNewsWorld. "It hasn't had 10 years to bake like other systems."
Another is moving parts. Employees are bringing their own devices to work. There are multiple operating systems and versions of operating systems. And there are multiple ways to get data to a device -- WiFi, 3G cellular, 4G cellular -- many of them operated by parties outside the enterprise.
An endpoint isn't just desktops on a network any more, Snyder explained. "It is quite likely a personally owned device that is on a WiFi network at Starbucks with 47 other people at the same time, not all with good intentions."
Mobile security need not be an oxymoron, Snyder maintained. "The question is, can you secure your mobile footprint to a level and degree that you're comfortable with given the sensitivity of your data," he asked. "I think the answer to that is yes."
Fastback Hackers Missed Payday
The digital desperados who infected more than half a million Macs around the world with the Fastback worm made headlines for several days this month, but they didn't make as much money as they could have made.
In a blog posting at its website, Symantec explained that the Flashback gang installed the moneymaking component of the worm in only 10,000 of the estimated 600,000 machines they infected.
Those 10,000 infections generated US$14,000 worth of advertising clicks for the bandits in three weeks, but if the miscreants had used all the infected computers in their network for their click scam, their potential would have been greater by several orders of magnitude.
As it turned out, Symantec noted, the Black Hats couldn't even collect the 14 grand.
"Many [pay per click] providers employ antifraud measures and affiliate-verification processes before paying," the malware fighter explained. "Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid."
May 11. California Office of In-Home Supportive Services reports that personal records of some 700,000 caregivers and care recipients were either lost or stolen. The records were on microfiche found missing from a damaged package shipped through U.S.Postal Service.
May 11. Server for Bitcoinica, a digital currency exchange, was breached and $87,000 in digital currency stolen by hackers.
May 15. Researchers at the Shadowserver Foundation report that in recent weeks hackers breached the websites of several foreign policy and human rights groups, including Amnesty International and the International Institute for Counter-Terrorism.
May 16. Stephen Fletcher, Utah Department of Health's executive director of the department of technology services, resigns. In April, the department's computers were breached and 280,000 people had their Social Security Numbers compromised and another 500,000 had less sensitive data stolen by hackers.
May 16. UK's Information Commissioner's Office fines Council for London Borough of Barnet Pounds 70,000 (US$110,509) for loss of data containing names, addresses and sexual histories of 15 children.
Calendar of Events
May 21-25. Hack in the Box conference. Okura Hotel, Amsterdam. Standard: 899 euros. Walk-in: 1,199 euros.
May 23. Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution. Webcast. 2 p.m., ET. Sponsored by RSA.
June 17-22. 24th Annual FIRST Conference. Malta Hilton. Sponsored by Forum of Incident Response and Security Teams. Late fee registration (April 1-June 1): $2500.
June 29. Third Suits and Spooks Anti-conference. Bel Air Bay Club, Palisades, Calif. Sponsored by Taia Global and Pacific Council on International Policy.
August 20-23. Gartner Catalyst Conference. San Diego, Calif. Early bird price (before June 23): $1,995. Standard price: $2,295.