One particular case of cyberbullying of a teacher in 2010 called for the involvement of the Police Cybercrime Unit to fish out the students involved, Education Minister Dolores Cristina told Parliament yesterday. Answering a question by Opposition Whip Joe Mizzi, she said that once the students responsible had been identified, a number of meetings had been held with the students and their respective parents.

The students were later suspended for a number of days from St Albert the Great College until things had been ironed out. The case had given rise toa wider, more sustainable process of education throughout the college on the issue of online safety and cyberbullying, involving both the college’s students and the parents.

Minister Cristina said that between 2008 and 2011 there had been 54 known cases of students bullying their teachers in primary and secondary schools. In 2009 there had been two cases of teacher bullying by parents at Newark Junior School, Sliema. In one case the parents had been charged in court, but lawyers had resolved the other case. Mrs Cristina said disciplinary steps had been taken in all cases.

Read the rest of this entry »

The number of Canadian servers being targeted by hackers has increased sharply, according to an IT security company that compares cybercrime rates around the world. San Diego-based Websense Inc. argues that hackers are taking advantage of Canada’s “squeaky clean” cyber reputation, which may no longer be as well-deserved as many believe. A growing number of malicious sites are hosted on Canada's internet service providers, allowing criminals to carry out cyber attacks on Canadian and international users.

Websense figures for the first quarter of 2012 show that: Canada ranks second worldwide for hosted phishing sites — ahead of well known offenders like Egypt and Russia — and hosts 170 per cent more phishing sites than during the same time period last year. Only the U.S. is worse.

Cybercriminals have increased the number of remotely controlled computers that run malicious software, leading to a 39 per cent increase over the first quarter of 2011 in so-called bot network activity. The number of malicious websites hosted in Canada has ballooned by 239 per cent since last year. "Things are getting worse — simple as that," said Patrik Runald, the company's director of security research.

Canada's increase in cybercrime is part of a worldwide trend. Despite the sharp spike in numbers, Canada ranks sixth in the world, the same position it held during last year's study. Hewlett-Packard's security division, DVLabs, said at a cybersecurity conference in Toronto on Tuesday that 50,000 phishing sites are discovered worldwide monthly.

Runald said malicious content had typically been hosted in places like eastern Europe, but in 2012 criminals have continued to focus on places like Canada, the U.S. and France. "The bad guys are looking to host their malicious content in countries that have good reputations," he said.

The increase in phishing sites, which try to fool users into giving private information, was a particularly strong trend, according to Websense — a publicly traded company that specializes in web, data, and email security products, services, research and technology.

Canada had one of the highest increases in that area, the report said. Runald said it's logical to infer that more Canadian phishing sites means more Canadians being targeted, though there is no data on the locations of victims. Examples he sent to CBC News included scams purporting to be from TD Canada Trust and Canada Post.

This year's report mentions many of the same issues that arose last year: Canadian IP addresses don't face the same scrutiny as those from other countries; Canada hasn't seen large cybercrime crackdowns like in the U.S.; and businesses aren't as aware of the issue as they could be.

Runald said the problem can be dealt with on multiple levels. For example: Companies must be aware of what data is important to them, where it is and how to protect it. Too many companies only know that their information is "on the computer" without knowing what that means, he said. Internet service providers should do more to notify site owners when they notice a site has been compromised. Governments can use tougher legislation to fight cybercrime. "It typically doesn't get better," Runald said. "For Canada, getting out of the top 10 would be a good move."

Read the rest of this entry »

WASHINGTON — A pill that has long been used to treat HIV has moved one step closer to becoming the first drug approved to prevent healthy people from becoming infected with the virus that causes AIDS.

The Food and Drug Administration said Tuesday that Gilead Sciences’ Truvada appears to be safe and effective for HIV prevention. It concluded that taking the pill daily could spare patients "infection with a serious and life-threatening illness that requires lifelong treatment."

On Thursday a panel of FDA advisers will consider the review when it votes on whether Truvada should be approved as a preventative treatment for people who are at high risk of contracting HIV through sexual intercourse. The FDA is not required to follow the advice of its panels, but it usually does.An estimated 1.2 million Americans have HIV, which attacks the immune system and, unless treated with antiviral drugs, develops into AIDS, a fatal condition in which the body cannot fight off infections. If Truvada is approved, it would be a major breakthrough in the 30-year campaign against the AIDS epidemic. There have been no other drugs proven to prevent HIV and a vaccine is believed to be decades away.

Gilead Sciences Inc., based in Foster City, Calif., has marketed Truvada since 2004 as a treatment for people who are infected with the virus. The medication is a combination of two older HIV drugs, Emtriva and Viread. Doctors usually prescribe the medications as part of a drug cocktail that makes it harder for the virus to reproduce. Patients with low viral levels have reduced symptoms and are far less likely to develop AIDS.

Researchers first reported that Truvada could prevent people from contracting HIV in 2010. A three-year study found that daily doses cut the risk of infection in healthy gay and bisexual men by 44 percent, when accompanied by condoms and counseling. Another study found that Truvada reduced infection by 75 percent in heterosexual couples in which one partner was infected with HIV and the other was not.

Because Truvada is already on the market to manage HIV, some doctors already prescribe it as a preventive measure. But FDA approval would allow the drugmaker Gilead Sciences to formally market its drug for that use.

FDA reviewers on Tuesday said that patients must be diligent about taking the pill every day if using it as a preventative measure. Adherence to the medication was less than perfect in clinical trials, and reviewers said that patients in the real world may forget to take their medication even more than those in clinical studies.

Some patient advocacy groups say the drug is an important new option to prevent HIV, alongside condoms, counseling and other measures. Last month, advocacy group AIDS United and more than a dozen other groups sent a letter to the FDA, urging approval of Truvada.

"If we’re going to reduce the more than 50,000 new HIV infections in this country each year, we need to increase the available options for people," said Ronald Johnson, AIDS United’s vice president.

But support for FDA approval is not unanimous. Although the FDA is legally barred from considering cost when reviewing drugs, health care providers have raised concerns about Truvada’s price tag: $900 a month, or just under $11,000 per year. Medicare and Medicaid, the nation’s largest health insurance plans, generally cover drugs approved by the FDA, and analysts expect most large health insurers to follow suit.

Additionally, some researchers say the prevention pill is not the chemical equivalent of condoms, which they say remain the best weapon against AIDS. They also worry about Truvada’s mixed success rate in preventing infection among women: Last year, a study in women was stopped early after researchers found that women taking the drug were more likely to become infected than those taking placebo.

Researchers speculated that women may require a higher dose of the drug to prevent infection. They also said the disappointing results may have resulted from women not taking the pills consistently.

"We know that if the person doesn’t take the medication every day they will not be protected," said Dr. Rodney Wright, director of HIV programs at Montefiore Medical Center in New York and chairman of the AIDS Health Foundation. "So the concern is that there may not be adequate adherence to provide protection in the general population."

Read the rest of this entry »

His projector throws images of codes and symbols onto a white wall, and then suddenly, the crowd bursts into spontaneous applause. Another website has been successfully hacked and unlocked.

But rather than doing something illegal, Mr Fadia, who describes himself as an ethical hacker, says he is trying to protect people and businesses from a rising wave of cyber crime. "The difficulty about tackling cyber crime is that it's increasing all the time," says Mr Fadia. "If we control one set of attacks there are hundreds more the next minute. That's why we need our systems, policing, the law, prepared for this kind of cyber onslaught."

Spam manager
According to a recent report by global research and accounting firm Ernst and Young, data or information theft was the most committed fraud in India last year. That data can be anything from personal details, to bank accounts, to company contacts and secrets.

Ernst and Young warns that it could cost companies as much as 5% of their profits if they are targeted by cyber criminals. At the same time, there has been an increase in nuisance internet issues such as spamming, with India recently overtaking the US to become the top global contributor of junk messages.

And while this jams an inbox and is a headache for the consumer, for the government there are also more serious issues, such as national security and trying to avoid a potential cyber attack by a terrorist group.

According to the Minister of State for Communications and IT, Sachin Pilot, more than 100 Indian government websites were hacked in the first three months of 2012. It is no surprise then that the government has been trying to step up its policing of cyberspace, and is mulling plans to build a National Cyber Coordination Centre, which will detect malicious cyber attacks and issue early warning alerts.

The IT industry lobby group Nasscom has also recommended establishing a cyber command centre which would sit within the defence forces. They argue the cyber command should be equipped with defensive and offensive cyber weapons and staff trained in cyber warfare.

Grey men
But for observers such as hacker and author Mr Fadia, India already has some firepower in place with its Information Technology Act that was passed in 2000.

The issue, however, is not with the law, rather the implementation of it. "Though India has laws aimed at tackling cyber crime, it isn't used effectively," explains Mr Fadia, who has tied up with the national police academy in Hyderabad and helps train police officers in understanding cyber crime.

"Even when arrests are made, very few people actually get convicted."Experts say that even if you go after the criminals it is not always easy to catch them because they usually operate behind the wall of anonymity that the internet offers. According to Arpinder Singh, head of Ernst and Young's Fraud Investigation and Dispute Services, the company recently tried to identify the profile of an Indian cyber fraudster. What they found was that the fraudster had changed significantly. Now, typically, they are a male middle-management employee in his 30's who is very ambitious and tech savvy. He can work anonymously from a remote location.

This makes it harder to trace any wrongdoer, a task that will only get harder as India's internet population grows from its current level of about 120 million, or about 10% of the current population. Mr Singh warns that as more people come online the risks to companies both big and small will increase.

Safe practice
One small firm that is already taking defensive measures is UC Infosystems. In a busy office in west Delhi, the company's technicians are breaking down electronic equipment and consumer gadgets so they can service their parts. As well as being full of computers and keyboards, the office is also brimming with confidential information such as client orders and addresses, payment methods and other financial data.

In an increasingly competitive business, the founder of the firm wants to make sure nothing can be lost or stolen. Though we are a small business, all our data is online," explains Sanjeev Sharma.

"My accounts department processes financial data; the service staff can access client addresses and phone numbers. "I have to consider the possibility that my competition can steal the data. That puts not just my business at risk, but all my valuable client data at risk."

Read the rest of this entry »

Microsoft and the banking industry on Monday provided a detailed, behind-the-scenes account of an operation they said disrupted a major cybercrime operation that used malicious software  to allegedly steal $100 million from consumers over the last five years.

A senior attorney from Microsoft's digital crimes unit, Richard Boscovich, said the company and financial industry associations used a creative legal strategy as part of a civil lawsuit that targeted a global  network  of computers suffering from an infection known as "Zeus." Those computers were under the remote  control of a criminal group that stole personal information , financial credentials and money, according to court records. The Zeus network has not been eliminated, Boscovich said, but the action has made it much more difficult and expensive for the criminals to operate.

"This was an initial volley," according to Boscovich, who said Microsoft and the industry groups will continue to target the Zeus network. A federal judge approved a warrant authorizing the raid in late March against computer  servers at hosting centers in Illinois and Pennsylvania. Attorneys for Microsoft, the Electronic Payments Association and the Financial Services Information Sharing and Analysis Center had filed a civil lawsuit claiming the Zeus network had infected 13 million computers since 2007. Boscovich said he believes the people behind the Zeus botnets are located in Eastern Europe. He declined to be more specific because the case is ongoing.

United States marshals accompanied employees of Microsoft on the sweep, according to Boscovich, a former U.S. prosecutor. The company and the industry groups relied on existing federal laws, including the 1946 Lanham Act that covers trademark infringement and the Racketeer Influenced and Corrupt Organizations Act, a statute that has been used to prosecute members of the mafia and the Hells Angels motorcycle gang. Congress envisioned that civil litigants would use both laws to protect their own interests, according to Boscovich.

A federal judge in New York granted their request for what Boscovich and others described as a "takedown" of the network's command and control servers. ""The framework has always been there," he said. "The court really understood what we were trying to do.

Read the rest of this entry »

HONOLULU - State lawmakers passed three bills to curb the growing cyber crime trend in Hawaii, according to announcement released Tuesday by the House Republican Caucus. Under these bills, law enforcement and prosecutors will have increased ability to charge cyber criminals with new or increased penalties.

HB 1777 authorizes District and Circuit Court judges in Hawaii to order the production of records held by entities located outside of the state in all criminal cases.  The intent is to help prosecutors to obtain electronic evidence that is often stored by mainland organizations. The Honolulu Prosecutor's Office advocated for the bill, testifying that it was the most important action Hawaii could take to aid in the prosecution of cybercriminals.

HB 1788, a cybercrime omnibus bill, toughens computer crime laws by modeling language after existing identity theft laws defining computer fraud as an aggravated form of theft.  It also imposes harsher penalties by raising each existing crime one grade higher.  Most notably, the bill creates a new offense of Computer Fraud in the Third Degree, a class C felony.  The crime would involve knowingly accessing a computer, computer system, or computer network, with intent to commit theft in the third or fourth degree.

HB 2295 expands the existing offense of Use of a Computer in the Commission of a Separate Crime to include situations where a perpetrator knowingly uses a computer to perform certain acts against a victim or intended victim of Harassment under HRS 711-1106 or Harassment by Stalking under HRS 711 1106.5.  The bill clarifies that the offense is also committed when the perpetrator knowingly uses a computer to pursue, surveil, contact, harass, annoy, or alarm a victim or intended victim.

Rep. Kymberly Marcos Pine was a co-chair of the cyber crime informational briefing, along with George Fontaine. "The cyber crime package gives new hope to victims that their perpetrators will be prosecuted," said Rep. Pine. "My hope is that Hawaii will soon be one the toughest states in the nation to be a cyber criminal."

Read the rest of this entry »

BALTIMORE: Microsoft and the banking industry on Monday provided a detailed, behind-the-scenes account of an operation they said disrupted a major cybercrime operation that used malicious software to allegedly steal $100 million from consumers over the last five years.

A senior attorney from Microsoft's digital crimes unit, Richard Boscovich, said the company and financial industry associations used a creative legal strategy as part of a civil lawsuit that targeted a global network of computers suffering from an infection known as "Zeus." Those computers were under the remote control of a criminal group that stole personal information, financial credentials and money, according to court records. The Zeus network has not been eliminated, Boscovich said, but the action has made it much more difficult and expensive for the criminals to operate.

"This was an initial volley," according to Boscovich, who said Microsoft and the industry groups will continue to target the Zeus network.

A federal judge approved a warrant authorizing the raid in late March against computer servers at hosting centers in Illinois and Pennsylvania. Attorneys for Microsoft, the Electronic Payments Association and the Financial Services Information Sharing and Analysis Center had filed a civil lawsuit claiming the Zeus network had infected 13 million computers since 2007. Boscovich said he believes the people behind the Zeus botnets are located in Eastern Europe. He declined to be more specific because the case is ongoing.

United States marshals accompanied employees of Microsoft on the sweep, according to Boscovich, a former U.S. prosecutor. The company and the industry groups relied on existing federal laws, including the 1946 Lanham Act that covers trademark infringement and the Racketeer Influenced and Corrupt Organizations Act, a statute that has been used to prosecute members of the mafia and the Hells Angels motorcycle gang. Congress envisioned that civil litigants would use both laws to protect their own interests, according to Boscovich.

A federal judge in New York granted their request for what Boscovich and others described as a "takedown" of the network's command and control servers. ""The framework has always been there," he said. "The court really understood what we were trying to do."

Boscovich and two other executives -- Janet Estep of the Electronic Payments Association and Bill Nelson of the Information Sharing and Analysis Center -- discussed the Zeus raid, called Operation b71, during a presentation at a conference in Baltimore.

The Zeus network sent spam email with corporate trademarks, including Microsoft's and the Electronic Payment Association's, and a message that directed victims to download an attached file or open an attached link, according to records filed in federal court by attorneys for Microsoft and the industry groups. These so-called "phishing" emails would tell users the files or links contained important information about their finances or were software security updates that needed to be installed as soon as possible.

About three and half million infected computers are now being directed to Microsoft instead of the Zeus command and control servers, Boscovich said.

Estep said a visible measure of Operation b71's impact is a significant reduction in spam blamed on the payment association or using the organization's logo. Prior to the raid, nearly 11.5 million of these emails were being sent each week to unsuspecting users and that number has dropped to about 1 million, she said.

Operation b71 shows how the private sector is not waiting for U.S. lawmakers to create a system for giving the private sector access to sensitive information gathered by U.S. intelligence agencies about threats in cyberspace. The House on Thursday passed the Cyber Intelligence Sharing and Protection Act despite a White House veto threat over concerns the bill fails to protect privacy rights.

In the Senate, a coalition of Democrats and Republicans prefer a bill by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, that would give the Homeland Security Department the primary role in overseeing domestic cybersecurity and the authority to set security standards. The House bill does not give Homeland Security that authority. The White House favors the Senate measure.

Greg Garcia, a former assistant secretary for cybersecurity and communications at the Homeland Security Department and the moderator of Monday's discussion, said a framework for exchanging cyberthreat data would create even more opportunities for cases against cybercriminals.

"There are very many instances of cyberthreats out in the wild that the government and the intelligence community know the specifics about," Garcia said.

Read the rest of this entry »

Russian-speaking criminals grabbed more than a third of the entire global cybercrime market in 2011 as a growth in online fraud activity turned the country into a major digital crime superpower, a new report has suggested.

The State and Trends of the Russian Digital Crime market 2011 from Russian security research company Group-IB estimates (using public and partner data) that the global cybercrime market reached around $12.5 billion (£7.74 billion) in size during the year, with Russians and Russian speakers (including those outside the country) accounting for $4.5 billion of that total.

At the same time, using its own internally-collected analysis, the Russia-only cybercrime market doubled to $2.3 billion compared to 2010, a disproportionate level of activity considering the country's modest 143 million population. The top Russian cybercrime activity was online fraud, equivalent to almost a billion dollars in revenue, just ahead of spam on $830 million, internal market services on $230 million and DDoS on with $130 million.

As well as startling growth, the Russian cybercrime scene also saw consolidation into larger, more organised groups increasingly controlled by conventional crime mafias. There was also evidence of co-operation between these groups, and the growth of an important internal 'crime-to-crime' (C2C) market to support its activities.

Coming from a Russian-based group of researchers, the report makes fascinating reading. There is a wealth of anecdotal evidence from crime busts and malware trends that Russia is a key hub for crybercrime but hard numbers are seldom put on its inner workings or business model.

An obvious question is why Russia has become such an important country for cybercrime. Beyond the traditional explanation of the large number of relatively poorly-paid programmers in the country, Group-IB also underlines the importance of policing and local laws.

The researchers note the case of Yevgeniy Anikin and Viktor Pleschuk, who were part of the gang that stole $10 million from the Royal bank of Scotland's WorldPay ATM system in 2008 And yet received suspended sentences from Russian courts.

"Thus, because of imperfections in Russian laws and the lack of severe penalties, stable law enforcement practice, and regular training regarding counter cybercrime measures, cybercriminals are disproportionately [not held] liable for the crimes they commit," note the researchers. "The cybercrime market originating from Russia costs the global economy billions of dollars every year," said Group-IB's CEO, Ilya Sachkov.

Read the rest of this entry »

SEATTLE -- Franky Toro, a 10-year-old who wants to be a star, seeks out celebrities on the computer.  "I am trying to connect with them to see what it is like to be on TV," said Toro who used our laptop to show us his Facebook page.  "Some were frauds, and actually adults trying to talk to me," he said.
 
The frauds are what concerns Franky's mom, Cassie Toro, who said, "it's hard to keep track of who they are really talking to."Seattle police investigators find frauds on Facebook and other social media sites all the time, according to Stefanie Thomas, a victims advocate with the Internet Crimes Against Children Task Force.
 
"Last year, just the Seattle Police department dealt with over 1300 cyber tips alone, and that's a lot for us," said Thomas. One recent tip involved McClure Middle School in Queen Anne  "That case involved a 20-year-old male passing as a 13-year-old female," said Thomas.  The man used the alias "Samantha" on Facebook and asked boys for pictures, according to Seattle police.
 
"You can't tell who is behind the screen. They had no idea this was an adult male," said Thomas.  Police arrested the man. Now it is one of the examples Thomas points to as she talks to parents and students at Seattle area schools.

Read the rest of this entry »

The Criminal Investigations Department (CID) said yesterday that they had seen a marked rise in cyber crimes, as they had received a total of 202 complaints on the matter.  Most of them were related to hacking of Facebook accounts.

Only 25 cases had been solved by the CID’s Cyber Crime Lab so far. However no arrests have been made so far in connection with hacking of facebook accounts, email accounts and phishing activities where a person impersonates an individual or a company and strike deals online.

 The CID uses a Cyber Crime Lab and a Digital Forensic Lab to conduct digital online forensic investigations to identify and track down the suspects. These cyber crimes are identified as offences against national security, economy and public order as well as offences against criminal breach of trust. Individuals who engage in computer hacking, unauthorised access to systems, manipulating, collecting, corrupting and destroying data without authorisation will be taken into custody under the No 24, Computer Crime Act of 2007.

The Lab was also established as its importance was identified by the government when several countries encountered the problem during that period. For cyber crime investigations the CID has given basic and advanced training to fourteen officers including a woman Sub Inspector and four women police constables.

According to the CID, they had found the details of individuals engaged in blackmailing especially young girls by sending compromising pictures of them to many e mail accounts and to mobile phones through MMS. (Supun Dias)

Read the rest of this entry »