http://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2012-12-28T09:06:00ZFrom John McAfee's escape from Belize to the privacy debacle that compromised CIA director Petraeus' career, 2012 had no shortage of security shockers.http://www.informationweek.com/security/attacks/10-biggest-information-security-stories/240145238?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->On the information security front, 2012 has featured nonstop takedowns and arrests, breaches and data dumps, and hacktivist-launched distributed denial-of-service (DDoS) attacks. <P> Early in the year, notably, hackers <a href="http://www.informationweek.com/security/attacks/wikileaks-stratfor-disclosure-highlights/232601656">breached Stratfor</a>, while the FBI arrested alleged Anonymous and LulzSec ringleaders. By year's end, hacktivists were still out in force -- this time supporting Syrian rebels and <a href="http://www.informationweek.com/security/attacks/anonymous-continues-westboro-church-atta/240145120">targeting picket-happy Westboro Baptist Church</a>. In between, there were a plethora of hacks, defacements, leaks, arrests, mass surveillance, privacy violations and numerous other high-profile information security happenings. <P> Here are the highlights from 2012: <P> <strong>1. Feds Bust Alleged LulzSec, Anonymous Ringleaders.</strong> <P> Hacktivist group LulzSec dominated headlines in 2011 for its 50-day hacking and defacement spree, as well as witty press releases. After those attacks, U.S. and U.K. law enforcement officials <a href="http://www.informationweek.com/security/attacks/alleged-lulzsec-spokesman-arrested-in-sc/231002800">began arresting alleged LulzSec participants</a>, many of whom were also accused of participating in attacks launched under the banners of Anonymous and AntiSec. But LulzSec leader Sabu appeared to elude the authorities. <P> <strong>[ Want to read about more 2012 security escapades? See <a href="http://www.informationweek.com/security/attacks/9-ways-hacktivists-shocked-the-world-in/240145117?itc=edit_in_body_cross">9 Ways Hacktivists Shocked The World In 2012</a>. ]</strong> <P> That turned out to not be the case, when in March 2012 the FBI arrested a handful of alleged LulzSec and Anonymous leaders -- accused of launching attacks against <a href="http://www.informationweek.com/news/security/attacks/232602103">PBS, Sony, Stratfor</a> and more. Court documents unsealed after those arrests revealed a stunning turn of events, and what many hacktivists would soon label as betrayal. In fact, Sabu -- real name Hector Xavier Monsegur -- had been cooperating with the FBI since being secretly arrested in June 2011. In short order, the former LulzSec leader apparently had helped the bureau identify his alleged former comrades, leading to their arrests. <P> <strong>2. DDoS Attackers Reach New Heights With Bank Attacks.</strong> <P> How do you define a DDoS attack? Many hacktivists label it as a form of online protest, while law enforcement agencies say disrupting websites remains a punishable offense, and have the arrests and convictions to prove it. Regardless, attackers have continued to push DDoS attacks to new levels of packet-overwhelming power, leading security experts to warn that so-called <a href="http://www.informationweek.com/security/cybercrime/bank-ddos-strikes-could-presage-armagedd/240142631">Armageddon attacks</a> -- which disrupt not only a targeted site, but every service provider in between -- might soon become reality. <P> A glimpse of that new reality has been seen in the DDoS attacks launched by Muslim hacktivists against U.S. banks. After compromising numerous servers with DDoS toolkits, the attackers have been able to <a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-take-credit-for-us-ba/240008059">overwhelm leading Wall Street firms' websites</a>, despite the attackers revealing in advance which sites they'll target, and when. The bank attacks reveal that with advance planning and a good DDoS toolkit, attackers might soon be able to disrupt any website they choose. <P> <strong>3. Escape From Belize: AV Founder John McAfee Turns Fugitive.</strong> <P> The security-related world turned surreal in November, when eccentric security expert John McAfee, who'd founded and later sold the McAfee antivirus firm, announced that he was on the run from <a href="http://www.informationweek.com/security/antivirus/mcafee-founder-says-belize-framing-him-f/240124914">authorities in Belize</a>. McAfee claimed the government was trying to frame him for a murder after he refused to honor its shakedown request. <P> McAfee's freedom proved short-lived when his <a href="http://www.informationweek.com/security/mobile/mcafee-av-king-turned-fugitive-surfaces/240143769">location was revealed</a> through an information security error: Journalists traveling with him posted an iPhone snap with McAfee, but failed to remove the GPS coordinates that had been automatically included in the image. Soon, the dual American and British citizen was <a href="http://www.informationweek.com/security/government/6-wacky-mcafee-facts-from-guatemala-with/240144062">arrested by Guatemalan authorities</a>, requested asylum, faked a heart attack, had his asylum request refused, and was <a href="http://www.informationweek.com/security/antivirus/mcafee-back-in-us-crazy-like-a-fox/240144326">deported to Miami</a>, where's he's now reportedly <a href="http://www.dailymail.co.uk/news/article-2249619/Newly-freed-sharply-dressed-Penniless-fugitive-John-McAfee-goes-romantic-stroll-mystery-woman-days-returning-Florida.html">laying low</a>. <P> <strong>4. Espionage Malware Is All Around.</strong> <P> What do Stuxnet, Duqu, Flame, <a href="http://www.informationweek.com/security/attacks/gauss-espionage-malware-7-key-facts/240005296">Gauss</a> and Mini-Flame all have in common? They're all examples of espionage malware, and they were all designed at least in part by the United States. That conclusion can be drawn because unnamed U.S. government officials this year confirmed that <a href="http://www.informationweek.com/security/management/stuxnet-launched-by-united-states-and-is/240001297">Stuxnet was the product of a U.S. cyber-weapons program</a>. <P> Because security researchers who studied Stuxnet have found <a href="http://www.informationweek.com/security/attacks/flame-malwares-ties-to-stuxnet-duqu-deta/240001271">evidence that it's related to Duqu</a>, as well as <a href="http://www.informationweek.com/security/attacks/flame-malwares-ties-to-stuxnet-duqu-deta/240001271">to Flame</a> and Gauss, it's clear that the United States hasn't shied away from using malware to spy on its opponents. Which means that the opposite, of course, is also likely to be true. <P> <strong>5. Attackers Turn To Wire Transfers.</strong> <P> Malware also has long been a favorite tool of criminals, because they can use it to make money, most often by stealing people's bank credentials and transferring money to dummy accounts, from which <a href="http://www.informationweek.com/security/attacks/rsa-upgrades-malware-defenses-for-bank-t/240142390">money mules withdraw the funds</a> via ATMs. Although such attacks aren't new, the sophistication and success rate of the related malware appears to be on the increase. In September, notably, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center <a href="http://www.informationweek.com/security/attacks/hackers-rob-400000-from-washington-town/240009142">released a joint warning</a> that criminals have been targeting bank account information using "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as variants of the Zeus financial malware. Individual heists have bagged up to $900,000 in one go. U.S. officials have claimed that the Iranian government is sponsoring the attacks.<strong>6. Privacy Bill Of Rights Lacks Force Of Law.</strong> <P> Earlier this year, the White House unveiled a pioneering <a href="http://www.informationweek.com/security/privacy/obamas-consumer-privacy-bill-of-rights-9/232601343">Consumer Privacy Bill of Rights</a>, building on FTC recommendations for increasing the transparency of how businesses use people's personal information. Unfortunately, because the bill of rights hasn't been passed by Congress and become law, the White House has to encourage businesses to say they'll voluntarily abide by the recommendations. <P> Also this year, California's attorney general began requiring that all mobile apps distributed to its residents -- and thus, really, any U.S. resident -- would need to <a href="http://www.informationweek.com/government/mobile/california-targets-mobile-apps-for-missi/240012603">contain clear privacy policies</a>, or be in breach of California law. Later in the year, California carried through by warning and then <a href="http://www.informationweek.com/security/privacy/google-privacy-convictions-overturned-by/240145193">suing Delta Airlines</a> for failing to offer a privacy policy for its mobile apps. <P> Beyond the White House and California, however, the body that's most notably been absent from advancing consumer privacy protections has been Congress, which has so far failed to pass any laws aimed at protecting people's online privacy. <P> <strong>7. How Girlfriends Stop Hackers.</strong> <P> What stops hackers from hacking? Simple: Jobs, relationships, children and other adult responsibilities. Some readers, perhaps not making it past the related story headline --<a href="http://www.informationweek.com/news/security/management/240003767">"One Secret That Stops Hackers: Girlfriends"</a> -- took offense at the suggestion that more hackers need girlfriends. Others suggested that the actual cost of procuring girlfriends for hackers might prove exorbitant, while other respondents reported that yes, in fact they'd <a href="http://www.informationweek.com/security/intrusion-prevention/when-hackers-meet-girlfriends-readers-ju/240004209">dropped hacking because they'd gotten a girlfriend</a>. <P> Based on research conducted by online psychology expert Grainne Kirwan, who lectures at Ireland's Dun Laoghaire Institute of Art, Design and Technology, as do other criminals most law-breaking hackers simply "age out" of their life of crime after getting more responsibilities. But even with that knowledge, the next step toward preventing more teenagers from breaking the law by hacking remains an open question. <P> <strong>8. Revealed: Outsourced Brokerage Firm IT Meltdown.</strong> <P> Although the <a href="http://www.informationweek.com/security/attacks/exclusive-anatomy-of-a-brokerage-it-melt/240008569">downfall of brokerage firm GunnAllen</a> occurred in 2010, its demise arguably began a decade before, when one broker began running Ponzi schemes, followed by another concocting a "trade allocation scheme" that routed profits from profitable picks to his wife. But the firm's demise could also be glimpsed by the manner in which the firm's executives outsourced all IT responsibilities for at least several years to the Revere Group, and never looked back. <P> But former Revere employees revealed this year that numerous IT errors had remained unreported to regulators, and perhaps even GunnAllen management. Among other incidents, network traffic-handling trades were routed through a home network; unencrypted lost laptops remained unreported to regulators; and a rogue engineer apparently was sabotaging equipment and playing hero by fixing it. Also notable was the fact that the missteps remained undetected by regulators. <P> <strong>9. Designerware PC Rental Surveillance Tool Revealed.</strong> <P> Consumers who buy rent-to-own PCs, beware: A judge has ruled that it's okay to spy on you and your children. That fact emerged during a court case against software developer Designerware, as well as multiple rent-to-own businesses that used the company's software for "loss prevention" purposes. Although many of the businesses claimed they only used the software to recover laptops from people who missed payments, former employees told a court that rent-to-own managers and employees regularly used the software to remotely activate webcams and spy on people's "intimate activities." <P> Those revelations led to FTC charges, which in September both DesignerWare and seven rent-to-own businesses <a href="http://www.informationweek.com/security/client/ftc-wrist-slaps-pc-rental-firms-for-spyi/240007967">agreed to settle</a>, although Florida's attorney general <a href="http://www.informationweek.com/security/attacks/florida-ag-confirms-pc-surveillance-tool/240008218">launched her own investigation</a>. Meanwhile, Designerware's two principals declared bankruptcy after seeing their court costs mount -- so some related privacy justice, while delayed, does seem to finally have been served. <P> <strong>10. FBI Investigation Snares CIA Director Petraeus.</strong> <P> Consumer advocates have long maintained that the privacy protections afforded to Americans, and their personal data, remain sorely lacking. Perhaps the best illustration to date of people's poor privacy rights arrived in November via an FBI agent outing an affair between the director of the CIA, David Petraeus, and his biographer, Paula Broadwell. <P> <a href="http://www.informationweek.com/security/privacy/petraeus-snoop-7-privacy-facts/240142247">Petraeus' career was undone</a> by Broadwell sending anonymous emails of an allegedly threatening nature to Jill Kelly, a friend of Petraeus whom Broadwell viewed as a rival. Kelly showed the emails to an FBI agent, who alerted the bureau's cybercrime investigators, who traced them back to the sender, in part via a <a href="http://www.informationweek.com/security/privacy/petraeus-mission-impossible-cloaking-ema/240134943">Gmail account Broadwell shared with Petraeus</a> to coordinate their affair. <P> After the bureau found no evidence of wrongdoing that it wished to prosecute, the FBI agent friend of Kelly suspected that the White House was covering up the incident, and so leaked details to Rep. Dave Reichert (R-Wash.), who took it to Rep. Eric Cantor, the GOP majority leader, who -- not knowing that the FBI had dropped the investigation -- took the information to Petraeus' boss, James Clapper, the director of national intelligence. Clapper told Petraeus to resign. One upside from the case is that the ease with which Petraeus' affair was discovered and his career apparently wrecked has finally driven more members of Congress to weigh better consumer privacy protections for all. <P> <i>Recent breaches have tarnished digital certificates, the Web security technology. The new, all-digital <a href="http://www.informationweek.com/drdigital/111212dr/?k=axxe&cid=article_axxt_os">Digital Certificates</a> issue of Dark Reading gives five reasons to keep it going. (Free registration required.)</i>2012-12-27T10:51:00ZFrom sandboxing enterprise apps on mobile devices to hacking websites via high-bandwidth cloud attacks, experts detail the security trends they expect to see in 2013.http://www.informationweek.com/security/application-security/7-top-information-security-trends-for-20/240145336?cid=RSSfeed_IWK_authorsWhat's in store for security in 2013? <P> On the information security front, 2012 was notable in numerous ways: for Muslim hacktivists launching <a href="http://www.informationweek.com/security/attacks/bank-attackers-promise-to-resume-ddos-ta/240144371">distributed denial-of-service (DDoS) attacks</a> against U.S. banks, the FBI <a href="http://www.informationweek.com/security/cybercrime/lulzsec-leader-sabu-details-exploits/231900535">busting alleged LulzSec and Anonymous leaders</a>, eccentric antivirus founder <a href="http://www.informationweek.com/security/government/6-wacky-mcafee-facts-from-guatemala-with/240144062">John McAfee's flight from justice</a>, the apparent data security missteps of the <a href="http://www.informationweek.com/security/privacy/petraeus-affair-7-privacy-techniques-to/240142446">former director of the CIA</a>, as well as a nonstop stream of website hacks, defacements, and data breaches. <P> Expect more of the same for 2013, and then some. Here are some of the top information security trends -- and vulnerability warnings -- that experts are calling out for the upcoming year: <P> <strong>1. Mainstream Cloud and Mobile Adoption Seeks Security</strong> <P> In 2013 more businesses than ever will look to cloud and mobile computing while also seeking <a href="http://www.informationweek.com/security/management/virtual-encryption-gateway-secures-web-a/240007137">security checks and balances</a> to protect corporate data. "'Cloud' is finally getting over its hype curve," said <a href="http://www.informationweek.com/security/management/whats-next-for-ibm-security/232601310">Steve Robinson</a>, vice president of security development, product management, and strategy at IBM, speaking by phone. "In the beginning of 2012, we were hearing more discussions about if the cloud is safe." <P> <strong>[ Hacktivism is alive and well. Read more about their increasingly sophisticated tactics at <a href="http://www.informationweek.com/security/attacks/9-ways-hacktivists-shocked-the-world-in/240145117?itc=edit_in_body_cross">9 Ways Hacktivists Shocked The World In 2012</a>. ]</strong> <P> Going into 2013, however, more firms are now setting deployment timetables and talking security practicalities. "I've had a few CISOs tell me that the two platforms they're planning the most for now, looking five years out, are cloud and mobile," Robinson said. On the cloud front, he continued, "We're seeing cloud security being discussed in much more practical terms: what workloads do we put out there, and how do we protect it?" <P> For mobile devices, on the <a href="http://www.informationweek.com/security/mobile/blame-screen-size-mobile-browsers-flunk/240143999">bring-your-own-device</a> (BYOD) tip, many businesses are asking how to best mix corporate and personal information on smartphones. Interestingly, such questions were hardly ever asked about corporate-owned laptops or desktops, according to Robinson. As a result, he said, by 2014 "we think mobile is going to be as secure, or more secure, than many desktop environments." <P> <strong>2. Businesses Begin Sandboxing Smartphone Apps</strong> <P> One tool that could see widespread adoption in 2013 will be mobile app sandboxing. Indeed, as more employees examine how corporate data gets stored on myriad employee-owned devices, Jim Butterworth, CSO of security software and consulting firm <a href="http://www.informationweek.com/security/encryption/cracking-bin-ladens-hard-drives/229402923">HBGary</a>, predicts that more businesses will <a href="http://www.informationweek.com/mobility/security/mdm-to-sandbox-or-not-to-sandbox/231902065">turn to sandboxing technology</a> on mobile devices to protect their data. Using a sandbox application to access corporate emails, for example, "that application is only resident on the machine while you're receiving emails -- but you can't copy out or in any attachments," said Butterworth, speaking by phone. <P> <strong>3. Cloud Offers Unprecedented Attack Strength</strong> <P> Just as there's a productivity upside to new technology or trends such as BYOD, so often there can be a potential security downside. In the case of cloud computing, notably, some security researchers have been warning that the <a href="http://www.informationweek.com/security/attacks/bank-attackers-used-php-websites-as-laun/240144413">sheer scale</a> of the recent DDoS attacks against U.S. banks presages a future of <a href="http://www.informationweek.com/security/cybercrime/bank-ddos-strikes-could-presage-armagedd/240142631">Armageddon-style attacks</a> in which hackers can overwhelm not just targeted websites with high-bandwidth attacks, but every intervening service provider. <P> In 2013, expect to see even bigger attacks launched from the cloud. "It used to be, to launch a massive denial of service attack, you had to build up your botnets so criminals would slowly and surely build up their army of hundreds of thousands of drones," said <a href="http://www.informationweek.com/news/security/mobile/232200144">Harry Sverdlove</a>, chief technology officer of security software vendor, speaking by phone. "Now, they can rent the equivalent of 100,000 processors. ... So just as legitimate companies are using the cloud to do great things, of course cyber attackers are taking notice as well -- and they can cause significant damage." <P> <strong>4. Post-Flashback, Cross-Platform Attacks Increase</strong> <P> Write once, infect anywhere? That's no doubt the attack goal of many a malware writer. But until recently the relatively scant install base of every operating system -- bar Windows -- led most malware writers to avoid bothering with Mac, Linux, Unix, Android, or other operating systems. <P> In 2012, however, malware authors altered their approach with the Flashback malware. "With the Flashback Trojan earlier this year, we saw estimates of over 600,000 Mac computers were infected," said Sverdlove, and it apparently <a href="http://www.informationweek.com/security/attacks/mac-flashback-malware-bags-big-bucks/232901251">earned attackers big bucks</a> via click fraud. Since Flashback, more than one attack has targeted multiple operating systems via cross-platform vulnerabilities present in Java and Flash, and no doubt that targeting those plug-ins for financial gain in 2013 will continue. "With the prevalence of Macs in the workplace and the number of mobile devices, this is becoming a much more lucrative target," he said. <P> <strong>5. Destructive Malware Targets Critical Infrastructure</strong> <P> In 2012, the <a href="http://www.informationweek.com/security/attacks/saudi-aramco-restores-network-after-sham/240006278">Shamoon malware</a> was notable for what it apparently wasn't, which was a state-sponsored attack. Instead, <a href="http://www.informationweek.com/security/attacks/9-ways-hacktivists-shocked-the-world-in/240145117">Middle Eastern hacktivists</a> have taken credit for disrupting Saudi Aramco -- the state-owned national oil company of Saudi Arabia and the world's largest exporter of crude oil. To do this, they didn't build a <a href="http://www.informationweek.com/security/management/stuxnet-launched-by-united-states-and-is/240001297">Stuxnet-style cyber-weapons factory</a>, but rather gleaned some tricks from previously launched attack code, such as the <a href="http://www.informationweek.com/security/attacks/shamoon-malware-might-be-flame-copycat/240006014">U.S. government-created Flame malware</a>. The result was Shamoon, which infected and begin erasing the hard drives of 30,000 Saudi Aramco workstations. <P> Moving into 2013, said Sverdlove, "the trend of hacktivists, combined with a rise in sophistication, will lead to much more destructive attacks on infrastructure." Already, Shamoon has shown that the barrier to entry for launching malware attacks against critical infrastructure systems continues to decrease and that attackers no longer have to be malware experts. Accordingly, people with a grudge may add them to their attack toolkit, next to website defacements, <a href="http://www.informationweek.com/security/attacks/anonymous-continues-westboro-church-atta/240145120">Twitter account takeovers</a>, and DDoS attacks. <P> "Hacktivists represent the unpredictable factor," said Sverdlove. "All it takes is a few individuals with an agenda or an ax to grind, and they now have the tools to launch distributed denial-of-service attacks or attacks to wipe out data. It makes for a much more dangerous combination." <P> <strong>6. Hackers Target QR Codes, TecTiles</strong> <P> One of the more innovative -- as well as simple and inexpensive -- attacks to emerge over the past year involves <a href="http://www.darkreading.com/mobile-security/167901113/security/news/232301147/qr-code-malware-picks-up-steam.html">fake QR codes</a>, which attackers have printed out and used to cover up real QR codes on advertisements -- especially for financial services firms. "Banks have been battling fake QR codes as a method of doing cross-site scripting attacks on mobile phones," said HBGary's Butterworth. "It's scary: [attackers] use open-source QR generators, then they put these things on billboards or ATM machines, promising $100 if you open a new account -- and it's all just to exploit [consumers]." Alternately, attackers could use fake QR codes on bank advertisements to send consumers to <a href="http://www.informationweek.com/smb/security/how-one-midsize-bank-protects-against-ha/240009149">fake versions of their bank's website</a>, then steal their access credentials. <P> Banks are now also exploring <a href="http://www.informationweek.com/development/mobility/samsung-tectiles-automate-android-tasks/240001946">Samsung TecTiles</a>, which are Android apps that let you read and write near field communication (NFC) tags, as a way to let people make payments. But according to Butterworth, with near field communications comes a huge amount of risk. Enterprising attackers could create their own TecTiles that redirect to malicious websites, or even launch phishing attacks. <P> Attacks using QR and TecTiles target consumers. "It's a problem more, I think, for personal banking and the threat of people getting their money stolen than for some state-sponsored entity trying to find their way in," said Butterworth. <P> <strong>7. Digital Wallets Become Cybercrime Targets</strong> <P> Expect any combination of smartphones, payment capabilities, or credit card data to draw attackers' interest. On a related note, Google, Apple, Verizon, T-Mobile, AT&T and others are now moving into the electronic wallet and digital wallet space. But storing gifts cards and credit cards on a smartphone and allowing consumers to make payments via NFC -- simply waving a smartphone near a payment terminal to begin a transaction -- will make digital wallets a big target for criminals, said Bit9's Sverdlove. <P> It's virtually guaranteed, furthermore, that every last potential attack vector or exploitable vulnerability hasn't yet been worked out of such systems. "Like any new technology, convenience always precedes security ... and we'll see some elevation in the number of attacks on e-wallets or digital wallets," Sverdlove said. "It will serve in the long run to strengthen security." <P> But in the short term: come 2013, watch your digital wallet. <P> Cloud computing, virtualization and the mobile explosion create computing demands that today's servers may not meet. Join Dell executives to get an in-depth look at how next-generation servers meet the evolving demands of enterprise computing, while adapting to the next wave of IT challenges. <a href=" https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005372&K=EOA">Register for this Dell-sponsored webcast now</a>.2012-12-21T10:10:00ZThree Google executives had been convicted of violating Italian privacy law after a video of a boy being bullied was uploaded to Google Video.http://www.informationweek.com/security/privacy/google-privacy-convictions-overturned-by/240145193?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE --> The conviction of three Google executives on charges of violating Italian privacy law was overturned Friday by an Italian appeals court. <P> Google said that the ruling represented "a total victory," <a href="http://www.nytimes.com/aponline/2012/12/21/world/europe/ap-eu-italy-google.html">reported</a> AP. <P> The defendants' attorney, Giulia Bongiorno, said that his response to the ruling was "absolute satisfaction, but it isn't surprising to me--honestly the conviction was based on nothing," <a href="http://milano.corriere.it/milano/notizie/cronaca/12_dicembre_21/manager-google-assolti-picchiato-ragazzo-disabile-video-2113264459098.shtml">reported</a> Italian newspaper <em>Corriere della Sera</em>. <P> <strong>[ Hacktivist group Anonymous gains new support for attacks against Westboro Baptist Church. <a href="http://www.informationweek.com/security/attacks/anonymous-continues-westboro-church-atta/240145120">Catch up on the latest</a>. ]</strong> <P> Charges of violating Italian privacy law had been filed against three Google executives, after a three-minute mobile phone video of a teenager with Down syndrome being bullied was uploaded in 2006 to Italian Google Video, which was the precursor to <a href="http://www.youtube.com/GoogleItalia">Google Italia YouTube</a>. Less than 24 hours after being alerted to the video's existence, Google removed it. <P> "The video was totally reprehensible and violated Google Video's terms and conditions of service," said Google's head of global privacy, Peter Fleischer, in a <a href="http://peterfleischer.blogspot.co.uk/2012/12/my-italian-appeal.html">blog post</a>. "Google took it down within hours of being notified by the Italian police of the presence of the offensive video, consistent with its policy to remove any content that violates the terms and conditions of service." <P> News reports about the video, however, sparked outrage across Italy, and the four boys responsible for creating the video--and bullying the boy--were sentenced in a court for minors to community service. <P> In 2008, a Milan prosecutor then sued Fleischer, as well as chief legal officer David Drummond, the now retired chief financial officer George De Los Reyes, and the former head of Google Video for Europe, Arvind Desikan, for failing to prevent the video from being uploaded in the first place, as well as allowing it to remain online for two months, during which time it was viewed more than 12,000 times. The charges carried a maximum penalty of three years' incarceration. <P> The charges came despite the Google executives having no hand in the video's creation or uploading. "None of us ... had anything to do with this video. We did not appear in it, film it, upload it or review it. None of us knew the people involved or were even aware of the video's existence until after it was removed," said Fleischer. Fleischer didn't immediately respond to an emailed request for comment on the overturned convictions. <P> The Italian case, according to legal experts, was a debate about whether content-hosting websites in Italy should be liable for the content they publish--as is the case with newspapers, and television and radio stations--or if online content hosts should be treated as Internet service providers, and indemnified from prosecution so long as they abide by terms of service that require them to expeditiously remove objectionable or illegal content, after receiving an official takedown notice. <P> Under EU law, hosting providers aren't supposed to be held liable for the content they host, so long as they comply rapidly with official takedown orders. But in 2010, a lower Italian court upheld convictions against Fleischer, Drummond, and De Los Reyes, and gave the men a six-month, suspended sentence. Google has been fighting since then to have the convictions--which have also been vigorously protested by the U.S. embassy in Italy--overturned. <P> "We're very happy that the verdict has been reversed and our colleagues' names have been cleared. Of course, while we are delighted with the appeal, our thoughts continue to be with the family who have been through the ordeal," said Google spokesman Stephen Rosenthal via email. <P> <i>Tech spending is looking up, but IT must focus more on customers and less on internal systems. Also in the new, all-digital <a href="http://www.informationweek.com/gogreen/121012/?k=axxe&cid=article_axxt_os">Outlook 2013</a> issue of InformationWeek: Five painless rules for encryption. (Free registration required.)</i> <P> <P>2012-12-21T09:06:00ZDespite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.http://www.informationweek.com/security/attacks/9-ways-hacktivists-shocked-the-world-in/240145117?cid=RSSfeed_IWK_authorsHacking websites, cracking databases, leaving behind defacements and releasing untold amounts of purloined information has been happening for years. The exploits of hackers appeared to reach new heights last year, in the wake of 2011's high-profile attacks against HBGary Federal, Sony and numerous government websites, together with the debut -- and self-imposed demise -- of the sharp-tongued hacktivist group LulzSec. <P> Yet, throughout 2012, hacking exploits continued unabated, with still more attacks targeting and obtaining sensitive information from governments, law enforcement agencies, businesses and more. Furthermore, the exploits continued despite the surprising news that the leader of LulzSec had not only been busted in 2011, but worked with the FBI to help snare his Anonymous associates. <P> Here are nine notable ways that hackers and hacktivism have remained in the headlines in 2012: <P> <strong>1. Anonymous Hacks FBI Cybercrime Conference Call</strong> <P> The LulzSec gang <a href="http://www.informationweek.com/security/attacks/lulzsec-hackers-retire-time-to-rethink-r/231000472">announced its retirement</a> in June 2011, and while some alleged members, such as Jake Davis -- accused of being the group's spokesman, "Topiary" -- were arrested, at the beginning of 2012, many participants appeared to be still at large. <P> <strong>[ Rules and regulations may be friends or a foes. See <a href="http://www.informationweek.com/security/attacks/sc-security-blunders-show-why-states-get/240144341?itc=edit_in_body_cross">S.C. Security Blunders Show Why States Get Hacked</a>. ]</strong> <P> Come February 2012, elements of Anonymous even <a href="http://www.informationweek.com/security/attacks/cia-website-hacked-struggles-to-recover/232600729">took down the CIA's public-facing website</a>, and <a href="http://www.informationweek.com/news/security/cybercrime/232600225">leaked an FBI conference call</a> in which investigators coordinated Anonymous and LulzSec participants'' arrests. Curiously, however, key details -- such as the alleged hacktivists' names -- had been blanked out of the audio file that was ultimately released. <P> <strong>2. Stratfor Hack Upends Private Sector Intelligence Provider</strong> <P> Also in February, Anonymous announced the release of a <a href="http://www.informationweek.com/security/attacks/wikileaks-stratfor-disclosure-highlights/232601656">trove of emails and personal data stored by Strategic Forecasting</a>, better known as Stratfor, which is an intelligence contractor. A member of Anonymous -- who turned out to be <a href="http://www.informationweek.com/security/cybercrime/lulzsec-leader-sabu-details-exploits/231900535">LulzSec leader Sabu</a> -- reported that the plaintext emails and customer information had been obtained by exploiting known vulnerabilities in the Stratfor network. Ultimately, the breach exposed personal information on 860,000 Stratfor customers, 60,000 credit card numbers and a massive trove of emails between Stratfor and its sources. <P> <strong>3. Hacker King Turns Informant: Feds Reveal Sabu Bust</strong> <P> Come March, the FBI announced the arrest of five principal members of Anonymous and LulzSec, accused of <a href="http://www.informationweek.com/news/security/attacks/232602103">hacking into the websites of Sony, PBS and Stratfor</a>, amongst other organizations. In retrospect, the blanked-out audio of the released FBI conference call might have been a giveaway, as court documents unsealed after the arrests revealed that LulzSec leader Sabu -- real name, Hector Xavier Monsegur -- had himself been arrested back in June 2011. <P> Facing the potential of serious jail time for alleged <a href="http://www.informationweek.com/security/attacks/lulzsecs-sabu-was-identity-thief-not-rob/232602184">identity theft</a>, Sabu quickly turned informer and began <a href="http://www.informationweek.com/security/vulnerabilities/hacker-sabu-worked-nonstop-as-government/232602334">working around the clock to help investigators</a> counter emerging attacks, as well as bust high-profile Anonymous participants. Since the March arrests, prosecutors have continued to expand the case, including <a href="http://www.informationweek.com/security/attacks/should-lulzsec-suspect-face-life-in-pris/240142911">arresting Jeremy Hammond</a>, the alleged ringleader of the <a href="http://www.informationweek.com/news/security/attacks/232602103">Stratfor hack</a>. <P> <strong>4. Hacktivists Drive Global Law Enforcement Agencies To Unite</strong> <P> One side effect of the rise in hacktivism has been <a href="http://www.informationweek.com/security/attacks/anonymous-retaliates-for-interpol-arrest/232601823">increased cooperation</a> -- no need for cybercrime treaties -- between law enforcement agencies in various countries. "A lot of people think this is just a bunch of kids fooling around, but in reality, it's not, it can destroy your business," said Eric Strom, the unit chief for the cyber initiative and resource fusion unit in the FBI's cyber division, at the RSA conference in San Francisco in February. "You know, market share goes down and you're talking about significant damage to a company." <P> Asked at the conference what the FBI was doing about the problem -- months after the bureau had secretly turned Sabu, but just days before busting the alleged higher-ups in Anonymous and LulzSec -- Strom kept his cards close to his chest. "So let's put it this way, the FBI has put a lot of resources towards this problem ... it's not something that we just look at as a small issue, we have a lot of people around the country working this, as well as around the world, so companies should do the same." <P> But Strom said the word "hacktivism" meant little to the bureau. Instead, he said the FBI attempted to differentiate between people's online freedoms of assembly and speech versus clear evidence of law-breaking.<strong>5. Despite Arrests, Hacktivist Operations Continue</strong> <P> No matter the arrest of Sabu and other alleged Anonymous, LulzSec and AntiSec luminaries delivering on the hacktivist assertion that "you can't arrest an idea," attacks launched under the mantle of those groups continued unabated. After claiming an <a href="http://www.informationweek.com/news/security/attacks/232602962 ">end to LulzSec's retirement</a>, LulzSec Reborn <a href="http://www.informationweek.com/news/security/attacks/232700290">doxed a military-focused dating site</a> and released details on 170,000 members. <P> Other hacktivist groups, claiming no LulzSec or Anonymous affiliation, also continued their efforts. Team GhostShell, notably, <a href="http://www.informationweek.com/security/attacks/hackers-claim-wall-street-resume-leak/240004023">leaked usernames, passwords and resumes</a> from a Wall Street jobs board in July, followed later in the year by a <a href="http://www.informationweek.com/security/attacks/team-ghostshell-hackers-claim-nasa-inter/240144111">massive data dump</a> involving 1.6 million records related to a variety of organizations, including NASA, Interpol, the Department of Defense and trade organizations. <P> <strong>6. Symantec Sees pcAnywhere Extortion Shakedown</strong> <P> Another notable hack came to light in February, when <a href="http://www.informationweek.com/security/attacks/extortion-plot-behind-anonymous-release/232600394">Anonymous released 2 GB of source code</a> pertaining to the 2006 version of Symantec's pcAnywhere remote access software. Seeing the source code made public was cause for concern since enterprising coders might find new vulnerabilities that could be quietly exploited, as, by many accounts, the code remains relatively unchanged in more recent versions of the software. <P> But this wasn't a straight-up data release (a.k.a. doxing) operation. After first denying that the source was legitimate, Symantec confirmed that the source code had apparently been stolen -- unbeknownst to the security firm -- in a 2006 security breach. Symantec also said that it, and then a U.S. law enforcement agent disguised as a Symantec employee, had been communicating in advance of the source code release with one or more hackers, who threatened blackmail if the security vendor didn't pay up. <P> Meanwhile, hacker Yama Tough -- leader of "LoD," short for Lords of Dharmaraja, which describes itself as the "Anonymous Avengers of Indian Independence Frontier" -- uploaded to Pastebin a series of emails he'd sent to Symantec to tell his side of the story, and demanded that Symantec wire $50,000 into an offshore account if it wanted to prevent the code from being released. When the security firm failed to pay up, he shared the stolen source code with Anonymous. How Yama Tough obtained the source code, however, and who else may have had access to it in the five years after it was stolen, remains a mystery. <P> <strong>7. Hackers Target U.S. Banks Over Anti-Muslim Film</strong> <P> This year also saw the launch of a number of high-profile <a href="http://www.informationweek.com/security/cybercrime/bank-ddos-strikes-could-presage-armagedd/240142631">distributed denial of service (DDoS) attacks</a> by a Muslim hacktivist group calling itself the <a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-take-credit-for-us-ba/240008059">Cyber fighters of Izz ad-din Al qassam</a>, who began targeting U.S. banks in retaliation for the YouTube posting of a clip of the <a href="http://www.informationweek.com/security/attacks/bank-of-america-website-slows-after-isla/240007581"><em>Innocence of the Muslims</em> film</a> that mocks the founder of Islam. <P> The attacks against U.S. bank websites weren't without precedent. In Feb., for example, Anonymous-backed attacks reportedly <a href="http://www.informationweek.com/security/attacks/anonymous-backed-attacks-took-nasdaq-web/232600975">disrupted the NASDAQ and BATS stock exchanges</a>, as well as the Chicago Board Options Exchange. But what differed was the <a href="http://www.informationweek.com/security/cybercrime/bank-ddos-strikes-could-presage-armagedd/240142631">sheer scale of the new attacks</a>, which overwhelmed the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. That was despite the <a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-take-credit-for-us-ba/240008059">attackers previewing</a> the sites they'd target, as well as the days and times that the attacks would commence. <P> U.S. officials <a href="http://www.informationweek.com/security/attacks/bank-hacks-iran-blame-game-intensifies/240009068">blamed the Iranian government</a> for sponsoring the DDoS attacks again U.S. banks, but in numerous Pastebin pronouncements, the Cyber fighters of Izz ad-din Al qassam said that their members hailed from multiple countries. <P> <strong>8. Anonymous Continues Pressing Political Agenda</strong> <P> Efforts conducted under the Anonymous banner continued throughout 2012, despite the arrest of Sabu and other alleged group leaders. In May, for example, as part of anti-NATO protests, the group's members obtained and released -- together with Anonymous affiliate AntiS3curityOPS -- a <a href="http://www.informationweek.com/security/attacks/anonymous-leaks-17-gb-justice-department/240000778">1.7 GB Justice Department database</a>. In July, in support of Syrian rebels, Anonymous worked with WikiLeaks to <a href="http://www.informationweek.com/security/attacks/anonymous-hands-wikileaks-24-million-syr/240003443">release 2.4 million Syrian government emails</a>. <P> Other campaigns included the Nov. launch of <a href="http://www.informationweek.com/security/attacks/anonymous-launches-opisrael-ddos-attacks/240142149">Operation Israel (OpIsrael)</a> after violence between Israel and Hamas flared into an <a href="http://www.informationweek.com/security/cybercrime/gaza-ceasefire-doesnt-hold-online-new-an/240142974">eight-day conflict</a>. In Dec., meanwhile, the hacktivist collective <a href="http://www.informationweek.com/security/privacy/anonymous-posts-westboro-church-members/240144592">vowed to dismantle Westboro Baptist Church</a>, an independent group that self-identifies as a church, after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn. <P> <strong>9. Anonymous' Achilles Heel: Anonymity</strong> <P> One recurring problem for hacktivists, however, has been the apparent difficulty of <a href="http://www.informationweek.com/security/government/anonymous-hackers-not-smart-on-anonymity/232900479">remaining anonymous online</a>. Numerous alleged Anonymous and LulzSec participants were busted in 2011 after VPN services such as <a href="http://www.informationweek.com/news/security/privacy/231602248">HideMyAss.com</a> complied with law enforcement requests to share subscriber data. Investigators then cross-referenced subscribers' access times with data related to attacks to help pinpoint attackers' real identities. <P> Likewise, the FBI earlier this year arrested Galveston, Texas-based Higinio O. Ochoa III and accused him of being part of the hacking group CabinCr3w, which launched attacks against the websites of the West Virginia Chiefs of Police, the Alabama Department of Public Safety, the Texas Department of Safety and the police department in Mobile, Ala. According to law enforcement officials, the Mobile police website defacers left behind a taunting image of a woman in a bikini top, holding a sign reading "PwNd by wOrmer & CabinCr3w <3 u BiTch's!" The EXIF data contained in the image file, however, revealed the GPS coordinates where the iPhone photo had been taken, which <a href="http://www.informationweek.com/security/government/anonymous-hacker-girlfriend-pictures-rev/232900329">led investigators directly to the house of Ochoa's girlfriend</a> in Australia. <P> Other anonymity-busting 2012 incidents involved <a href="http://www.informationweek.com/security/privacy/petraeus-snoop-7-privacy-facts/240142247">former CIA director David H. Petraeus</a> and <a href="http://www.informationweek.com/security/mobile/mcafee-av-king-turned-fugitive-surfaces/240143769">antivirus founder John McAfee</a>. They further highlight just how difficult it is to remain anonymous online, which will no double be a cause for concern for any hacktivists who remain active come 2013.2012-12-20T15:06:00ZElcomSoft's Forensic Disk Decryptor uses PC memory dumps to crack passwords associated with BitLocker, PGP and TrueCrypt archives.http://www.informationweek.com/security/encryption/forensic-tool-cracks-bitlocker-pgp-truec/240145127?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->A new software tool, Elcomsoft Forensic Disk Decryptor, promises to decrypt encryption containers created using BitLocker, PGP and TrueCrypt. <P> The software from ElcomSoft -- a Russian provider of <a href="http://www.informationweek.com/security/storage/forensic-tool-grabs-iphone-ipad-data-rem/240000552">encryption-cracking software</a> and other digital forensic tools -- accomplishes the feat not by cracking the containers themselves, but rather by exploiting the fact that once the containers are accessed, the decryption passwords get stored in computer memory. The software is designed to be used by digital forensic investigators -- for example, when investigating suspected insider theft incidents. <P> "BitLocker, PGP and TrueCrypt set [an] industry standard in the area of whole-disk and partition encryption," said ElcomSoft CEO Vladimir Katalov in a <a href="http://blog.crackpassword.com/2012/12/elcomsoft-decrypts-bitlocker-pgp-and-truecrypt-containers/">blog post</a>. "All three tools provide strong, reliable protection, and offer a perfect implementation of strong crypto." As a result, he said that if a user of those tools picks a long, complex password, cracking the encryption container outright would likely be impossible. <P> <strong>[ Forensics software can be a crucial tool in busting the bad guys. Read <a href="http://www.informationweek.com/security/encryption/cracking-bin-ladens-hard-drives/229402923?itc=edit_in_body_cross">Cracking Bin Laden's Hard Drives</a>. ]</strong> <P> One encryption container Achilles heel, however, happens when the containers get accessed on a computer. "No one likes typing their long, complex passwords every time they need to read or write a file," said Katalov. "As a result, keys used to encrypt and decrypt data that's being written or read from protected volumes are kept readily accessible in the computer's operating memory. Obviously, what's kept readily accessible can be retrieved near instantly by a third-party tool." <P> What's needed first, however, is a memory dump, which can be grabbed either using forensic tools, or via a <a href="http://www.informationweek.com/security/vulnerabilities/mac-os-x-lion-password-vulnerability-sle/231002943">Firewire attack</a>, even if a computer is in hibernation or sleep mode. The Elcomsoft tool then attempts to extract the encryption keys from that dump. "The new product includes algorithms allowing us to analyze dumps of computers' volatile memory, locating areas that contain the decryption keys," Katalov said. "Sometimes the keys are discovered by analyzing byte sequences, and sometimes by examining crypto containers' internal structures. When searching for PGP keys, the user can significantly speed up the process if the exact encryption algorithm is known." <P> But there's one big caveat when grabbing the needed memory dumps: The targeted encryption containers must be mounted to the computer. "It's important that encrypted volumes are mounted at the time a memory dump is obtained or the PC goes to sleep; otherwise, the decryption keys are destroyed and the content of encrypted volumes cannot be decrypted without knowing the original plain-text password," said Katalov. <P> The three encryption containers targeted by the software comprise some of the most-used file encryption tools on the market. Microsoft's <a href="http://www.informationweek.com/windows/microsoft-news/microsoft-dismisses-bitlocker-threat/222001114">BitLocker To Go</a>, for example, allows data on removable devices to be encrypted and is included with some premium versions of Windows 7 and Vista, as well as <a href="http://www.informationweek.com/security/application-security/windows-8-security-improvements-carry-ca/240044435">Windows 8</a>. <P> <a href="http://www.informationweek.com/byte/personal-tech/desktop-applications/how-to-encrypt-documents-with-truecrypt/231000250">TrueCrypt</a>, meanwhile, is well-regarded open source data encryption software that currently runs on Windows 7, Vista and XP, as well as Mac OS X and Linux systems. Finally, PGP -- which stands for Pretty Good Privacy -- is available from Symantec, which <a href="http://www.informationweek.com/security/perimeter/symantec-to-buy-pgp-guardianedge-for-370/224700308">acquired PGP</a> in 2010. <P> Elcomsoft also has added plug-ins for TrueCrypt and BitLocker To Go to its Distributed Password Recovery software, which allows users to subject encryption containers to a variety of brute-force attack techniques, as well as a <a href="http://www.informationweek.com/security/client/sony-breach-reveals-users-lax-with-passw/230500044">dictionary</a>, <a href="http://hashcat.net/wiki/doku.php?id=mask_attack">password mask</a> and <a href="http://hashcat.net/wiki/doku.php?id=permutation_attack">permutation</a> attacks. <P> <i>Recent breaches have tarnished digital certificates, the Web security technology. The new, all-digital <a href="http://www.informationweek.com/drdigital/111212dr/?k=axxe&cid=article_axxt_os">Digital Certificates</a> issue of Dark Reading gives five reasons to keep it going. (Free registration required.)</i>2012-12-20T12:10:00ZHacktivist collective Anonymous gets help with attacks against Westboro Baptist Church, which pledged to picket funerals of shooting victims in Newtown, Conn.http://www.informationweek.com/security/attacks/anonymous-continues-westboro-church-atta/240145120?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->The hacktivist collective Anonymous, hacker Cosmo The God, and the botmaster known as The Jester, have continued their press against Westboro Baptist Church (WBC), after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn. <P> Westboro Baptist Church, an independent group that self-identifies as a church, is known for picketing the funerals of members of the armed services who have been killed in action in Iraq and Afghanistan. <P> On Wednesday, 15-year-old Cosmo The God, who's a member of <a href="http://en.wikipedia.org/wiki/UGNazi">Underground Nazi Hacktivist Group</a> (UG Nazi), apparently took over the Twitter account of Fred Phelps Jr., who's the son of Westboro leader Fred Phelps Sr. The compromised Twitter page header was changed to read "Ooooooooops!" and bear the name of Cosmo. On Wednesday, multiple tweets began listing the names of the people killed at Sandy Hook Elementary School. The hijacked Twitter account remained active until Thursday morning, at which point it was suspended by Twitter. <P> <strong>[ Want more background on Anonymous? Read <a href="http://www.informationweek.com/news/galleries/security/attacks/232600322?itc=edit_in_body_cross">Who Is Anonymous: 10 Key Facts</a>. ]</strong> <P> Suggesting that the real Cosmo was behind the exploit, a Wednesday tweet from the hacked Twitter account was retweeted by the <a href="https://twitter.com/CosmoTheGod">Cosmo The God</a> Twitter feed, making it the first account activity there since a June 28 post announcing that "me and Josh were arrested early monday morning." Interestingly, the retweet was later missing, which may have been due to Twitter suspending the account of Fred Phelps Jr. <P> The takeover of Phelps' Twitter account was a repeat of Cosmo's apparent takeover of Westboro spokeswoman Shirley Phelps-Roper's "Dear Shirley" Twitter feed earlier in the week. Cosmo reportedly accomplished the takeover by exploiting a vulnerability in Twitter's trouble-ticket system, which allowed him to close requests from account owners before Twitter had responded to them. <P> Members of Westboro have yet to publicly respond to the recent Anonymous, Cosmo, or Jester attacks. <P> Earlier this week, Anonymous <a href="http://www.informationweek.com/security/privacy/anonymous-posts-westboro-church-members/240144592">released personal details</a> about the group's members, including social security numbers and dates of birth, via Pastebin as well as multiple Twitter channels, including @LulzExecutive and @Shm00pLOL, both of which have since been suspended by Twitter. Anonymous also <a href="https://twitter.com/YourAnonNews/status/280385713667710976">filed for a death certificate</a> in the name of Phelps-Roper, to prevent her from using her social security number. Anonymous members also have been publishing the phone numbers of hotels in Connecticut where members of the group are saying, and urging people to phone the hotel operators and request that they refuse to do business with Westboro. <P> Under the banner of #OpWBC -- as well as #OpWestBor -- on Twitter, members of Anonymous also have vowed to dismantle Westboro using every available means. To that end, members of the group have been urging people to sign a White House <a href="https://petitions.whitehouse.gov/petition/legally-recognize-westboro-baptist-church-hate-group/DYf3pH2d">petition calling for Westboro to be labeled as a "hate group"</a> and to have its tax-exempt church status revoked by the IRS. As of Tuesday, the petition had received more than 227,000 signatures, far in excess of the 25,000 needed to trigger an official response from the White House. <P> This week, approximately 10 of the 19 websites operated by Westboro also appear to have been disrupted by a hacker and distributed denial-of-service (DDoS) botmaster known as The Jester. He previously has provided assistance to Anonymous when it sought to knock websites offline. According to a Wednesday <a href="https://twitter.com/th3j35t3r/status/281495612636139520">post to the Jester's Twitter feed</a>: "I'm not trying to violate #WBC's civil rights. I'm just making best use of mine. And I'm non-violent. They hate that." <P> One reason it had been difficult for <a href="http://www.informationweek.com/security/vulnerabilities/10-strategies-to-fight-anonymous-ddos-at/232600411">Anonymous participants</a> to disrupt the Westboro websites on their own was because Westboro had contracted with DDoS and threat mitigation provider Black Lotus Communications to keep its websites online. But after that fact came to light, Black Lotus Wednesday announced that it would donate all revenue it's received from Westboro to charity, and began soliciting recommendations for which charities it should choose. <P> On Twitter, numerous people began lauding Black Lotus for dropping its support for Westboro, and making recommendations for where the money should go. <P> "We have received overwhelming support for donations to be given to various groups supporting the Newtown community, veterans groups like the Wounded Warrior Project, and LGBT groups like The Trevor Project," Jeffrey Lyon, Black Lotus Communications president, <a href="http://en.wikinews.org/wiki/Internet_security_firm_to_donate_revenue_to_charity_after_Anonymous_protest_of_Westboro_Baptist_Church?dpl_id=625714">told</a> Wikinews. The company's Twitter channel also <a href="https://twitter.com/ddosprotection/status/281621109579866113">called out United Way of Connecticut's Sandy Hook fund</a> as a potential recipient. <P> Reached by email, Lyon confirmed that the money would be donated to charity, although his company has yet to make a formal announcement. He also confirmed that Westboro would remain a customer, at least for now. "As a security firm, it is our duty to defend our clients even in those cases where we disagree with their actions," he said. "WBC is non-violent and has not put anyone's lives at risk so our supposed authority to terminate the account under terms of service, as suggested by the protesters, is extremely weak. At that point the only option if we chose to cease our relationship would be non-renewal of service at end of term." <P> He said those facts had been relayed to protestors. "I reached out to <a href="http://www.twitter.com/YourAnonNews">@YourAnonNews</a> and asked what they felt the best course of action would be given these facts," said Lyon. "They agreed to ask their supporters if our idea of gifting all ongoing WBC revenue to charity would be a positive outcome and the vast majority agreed." <P> Furthermore, noting that "the revenue we receive from WBC is very minimal," Lyon said the company would make its own, out-of-pocket donations, beginning with $2,000 to the United Way's <a href="https://newtown.uwwesternct.org">Sandy Hook School Support Fund</a>. He said the company planned to make an official announcement later this week. <P> <i>Whether it's for monetary gain, revenge or embarrassment, hackers want your organization's data, and they will stop at almost nothing to get it. In the <a href="http://www.darkreading.com/DatabaseSecurity/util/8511/download.html?k=axxe&cid=article_axxe">How Attackers Find And Exploit Database Vulnerabilities</a> report, we look at the vulnerabilities attackers target, how they get in and what they do once they get there. More importantly, we recommend how to close those holes and establish a layered security approach that includes products, processes and constant vigilance. (Free registration required.)</i>2012-12-19T11:17:00ZBeware Trojan app sending 500,000 spam SMS messages per day, charging messages to smartphone owners.http://www.informationweek.com/security/attacks/attack-turns-android-devices-into-spam-s/240144988?cid=RSSfeed_IWK_authorsFrom an attacker's perspective, malware doesn't need to be elegant or sophisticated; it just needs to work. <P> That's the ethos behind a recent spate of Trojan applications designed to infect smartphones and tablets that run the <a href="http://www.informationweek.com/security/mobile/android-buyers-find-smartphone-update-ch/232200144">Android operating system</a>, and turn the devices into spam-SMS-spewing botnets. <P> By last week, the malware was being used to send more than 500,000 texts per day. Perhaps appropriately, links to the malware are also being distributed via spam SMS messages that offer downloads of popular Android games--such as Angry Birds Star Wars, Need for Speed: Most Wanted, and Grand Theft Auto: Vice City--for free. <P> <strong>[ Anonymous hacks Westboro Baptist Church in aftermath of Connecticut school shooting. Read more at <a href="http://www.informationweek.com/security/privacy/anonymous-posts-westboro-church-members/240144592?itc=edit_in_body_cross">Anonymous Posts Westboro Members' Personal Information</a>. ]</strong> <P> Despite the apparent holiday spirit behind the messages, however, it's just a scam. "If you do download this 'spamvertised' application and install it on your Android handset, you may be unknowingly loading a malicious software application on your phone which will induct your handset into a simple <a href="http://www.informationweek.com/security/attacks/fast-flux-botnet-nets-fraudsters-78-mill/240009729">botnet</a>, one that leverages the resources of your mobile phone for the benefit of the malware's author," according to an <a href="http://blog.cloudmark.com/2012/12/16/android-trojan-used-to-create-simple-sms-spam-botnet/">overview of the malware</a> written by Cloudmark lead software engineer Andrew Conway. <P> The malware in question uses infected phones "to silently send out thousands of spam SMS messages without your permission to lists of victim phone numbers that the malware automatically downloads from a command and control server," said Conway. Of course, the smartphone owner gets to pay any associated SMS-sending costs. <P> An earlier version of the malware was discovered in October, disguised as anti-SMS spam software, but it remained downloadable for only a day. "Apparently using SMS spam to promote a bogus SMS spam blocking service was not an easy sell," said Conway. Subsequently, the malware was repackaged as free versions of popular games, and the malware's creator now appears to be <a href="http://www.informationweek.com/security/mobile/android-mobile-malware-fails-to-make-mon/231900495">monetizing the Trojan</a> by sending <a href="http://www.informationweek.com/security/vulnerabilities/facebook-gift-scams-how-they-work/240142403">gift card spam</a> of the following ilk: "You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at [redacted website name] can claim it!" <P> As with the majority of Android malware, the malicious apps can be downloaded not from the official Google Play application store, but rather from <a href="http://www.informationweek.com/security/attacks/android-attackers-launch-fake-app-market/240003991">third-party download sites</a>, in this case largely based in Hong Kong. In general, security experts recommend that Android users <a href="http://www.informationweek.com/security/application-security/android-apps-fail-risk-assessment-check/240012652">stick to Google Play</a> and avoid third-party sites advertising supposedly free versions of popular paid apps, since many of those sites appear to be little more than "fakeware" distribution farms. But since Android users are blocked from reaching Google Play in some countries, including China, third-party app stores are their only option. <P> After installing the malware and before it takes hold, a user must first <a href="http://www.informationweek.com/security/vulnerabilities/popular-android-apps-vulnerable/240009507">grant the app numerous permissions</a> -- such as allowing it to send SMS messages and access websites. Only then it can successfully transform the mobile device into a spam relay. Of course, people in search of free versions of paid apps may agree to such requests. Furthermore, "not many people read the fine print when installing Android applications," said Conway. <P> If a user does grant the malware the requested permissions, it will transform their Android device into node, or zombie, for the malware creator's botnet. At that point, the malware immediately "phones home" to a command-and-control server via HTTP to receive further instructions. "Typically a message and a list of 50 numbers are returned," said Conway. "The zombie waits 1.3 seconds after sending each message, and checks with the C&C server every 65 seconds for more numbers." <P> Again, the Android malware used to build the accompanying SMS-spewing botnet isn't sophisticated, but it does appear to be earning its creator money. "Compared with PC botnets this was an unsophisticated attack," said Conway. "However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs. Now that we know it can be done, we can expect to see more complex attacks that are harder to take down." <P> <i>Your employees are a critical part of your security program, particularly when it comes to the endpoint. Whether it's a PC, smartphone or tablet, your end users are on the front lines of phishing attempts and malware attacks. Read our <a href="http://reports.informationweek.com/abstract/21/8667/security/informed-cio-endpoint-security.html?k=axxe&cid=article_axxe">Security: Get Users To Care</a> report to find out how to keep your company safe. (Free registration required.)</i>2012-12-19T09:24:00ZLondon Fire Brigade moves to allow people to summon rescuers via Twitter, parallels "text to 911" efforts in the United States.http://www.informationweek.com/security/mobile/london-firefighters-pursue-twitter-monit/240144966?cid=RSSfeed_IWK_authorsCould Londoners soon sound an alarm to firefighters via Twitter? <P> The London Fire Brigade announced Tuesday that it's exploring Twitter monitoring to help the service more quickly identify and respond to emergencies. <P> "With over a billion people now using Facebook and half a billion using Twitter, it's quite clear that social media is here to stay," said Rita Dexter, deputy commissioner of London Fire Brigade, in a statement. "The London Fire Brigade is the biggest fire service in the country and we think it's important to look into ways to improve how we communicate with the public and how they can get in touch with us." <P> To be clear, she said that anyone wishing to report a fire should still dial Britain's "999" emergency services number. But with roughly one in five adults in the United Kingdom now owing a smartphone, and the number of fixed, landline subscriptions -- from BT, amongst other telecommunications companies -- in decline, mobile devices increasingly offer another communications channel that might be tapped by emergency services providers. <P> <strong>[ Find out how social "leakage" played a large role in <a href="http://www.informationweek.com/security/attacks/how-uk-police-busted-anonymous-suspect/240144452?itc=edit_in_body_cross">How U.K. Police Busted Anonymous Suspect</a>. ]</strong> <P> Accordingly, Twitter monitoring is set to be included in the fifth version of the London Safety Plan (LSP5), developed by the London Fire and Emergency Planning Authority, which said the new plan will detail "how the fire and rescue service in London will be delivered over the next few years." The plan will be open for public comment in January 2013. <P> According to the London Fire Brigade, the LSP5 requires that the service review its use of social media -- not just as a communications tool, but to allow people to report emergencies and to trigger a response from emergency services. Accordingly, the service said it will work with the U.K. government, as well as the <a href="http://www.informationweek.com/security/attacks/how-uk-police-busted-anonymous-suspect/240144452">Metropolitan Police Service</a> and the London Ambulance Service, to identify how such a service could be operated. <P> In 2010, the London Fire Brigade first began <a href="http://twitter.com/londonfire">tweeting</a> real-time information about incidents to which it was responding. A <a href="https://twitter.com/LondonFire/status/281351029688242180">typical tweet</a> -- this from early Tuesday morning -- read: "We're now attending a house fire on Hurst Road in Sidcup. Part of the 1st floor is alight. Four fire engines & 20 firefighters at the scene." Also in 2010, the service began <a href="http://www.facebook.com/LondonFireBrigade">using Facebook</a> to provide fire safety information. London Fire Brigade said it now boasts the second-largest group of social media followers of any local or regional public sector organization in Britain. <P> Changes to how people can contact emergency services are also underway in the United States. Notably, Federal Communications Commission chairman Julius Genachowski this month announced that the nation's four largest wireless carriers have agreed to support <a href="https://www.fcc.gov/document/chairman-genachowski-announces-commitments-accelerate-text-911">"text to 911" initiatives</a>. AT&T, Sprint, T-Mobile and Verizon have all promised to make major deployments of <a href="http://www.informationweek.com/telecom/unified-communications/fcc-explores-allowing-texts-to-911/228300477">text-to-911 capabilities</a> beginning in 2013, and to provide nationwide coverage by May 15, 2014. Behind the scenes, carriers are working with local 911 call centers -- known as public safety answering points -- to ensure they can <a href="http://www.informationweek.com/tech-center/gov-cloud/911-centers-not-ready-for-mobile-app-era/240142891">receive the texts</a>. <P> The FCC said that the full rollout will eventually provide text-to-911 support for 90% of the country's wireless subscribers, compared with dialing 911, which covers about 98% of the country. But the FCC noted that the ability to send a text to 911 would be a valuable alternative to phone calls for people with hearing or speech disabilities. <P> Regardless, the FCC announcement noted that "text to 911 will be a complement to, not a substitute for, voice calls to 911 services, and consumers should always make a voice call to 911 during an emergency if they can." In addition, a recently published <a href="http://www.fcc.gov/text-to-911">text-to-911 guide</a> from the FCC warned that "in most cases, you cannot today reach 911 by sending a text message." <P> Will using Twitter or text messages to alert emergency services succeed? London Fire Brigade's Dexter offered a relevant historical precedent, via Britain's 999 emergency line. "When it was first set up in 1935, people said that dialing 999 to report emergencies would never work," she said. "Today BT handles over 30 million emergency calls each year. It's time to look at new ways for people to report emergencies quickly and efficiently and social media could provide the answer in the future."2012-12-18T15:01:00ZAnonymous and other hackers have launched DDoS attacks and leaked personal information about group that promised to protest funerals of victims killed at Sandy Hook Elementary School.http://www.informationweek.com/security/privacy/anonymous-posts-westboro-church-members/240144592?cid=RSSfeed_IWK_authorsThe Anonymous collective has once again turned its attention to the Westboro Baptist Church. <P> On Sunday, the hacktivist group <a href="http://pastebin.com/pCTSgLTJ">uploaded to Pastebin</a> the names, phone numbers, and social security numbers of numerous people it said are members of Westboro Baptist Church, which is based in Topeka, Kan. The data dump also includes the names of multiple members' children and grandchildren. <P> The Anonymous outreach was fueled by Westboro members promising to picket the funerals of people killed last week at the Sandy Hook Elementary School in Newtown, Conn. "Your downfall is underway," vowed an <a href="http://www.youtube.com/watch?v=eB3wSK0Xi58&feature=youtu.be">Anonymous video</a> uploaded Sunday. "Since your one-dimensional thought protocol will conform not to any modern logic, we will not debate, argue, or attempt to reason with you." Instead, the collective promised to wage a sustained assault that would "progressively dismantle your institution." <P> To that end, Anonymous has disseminated additional personal details about the group's members via Twitter and the <a href="http://www.informationweek.com/security/vulnerabilities/anonymous-builds-new-haven-for-stolen-da/232900590">AnonPaste website</a>. Anonymous also claimed to have changed Westboro spokeswoman Shirley Phelps-Roper's <a href="https://twitter.com/YourAnonNews/status/280370626491998210">PC desktop wallpaper to gay porn</a>, and <a href="https://twitter.com/YourAnonNews/status/280385713667710976">filed a death certificate</a> in her name, which would prevent her from using her social security number. <P> <strong>[ What constitutes justice for convicted hackers? Read <a href="http://www.informationweek.com/security/attacks/should-lulzsec-suspect-face-life-in-pris/240142911?itc=edit_in_body_cross">Should LulzSec Suspect Face Life In Prison?</a> ]</strong> <P> Meanwhile, on Monday Phelps-Roper's Twitter account was taken over by someone who claimed to be the hacker <a href="https://twitter.com/CosmoTheGod">Cosmo The God</a>, and who posted several tweets to the account about the takeover. <em>Wired</em> <a href="http://www.wired.com/threatlevel/2012/12/threatlevel_1217_wbccosmo/">reported</a> that Cosmo is a 15-year-old hacker who was arrested in June by the FBI, and who remains on probation until his 21st birthday, before which time he's not supposed to use a computer without supervision. <P> Phelps-Roper's Twitter account, which was compromised for over 24 hours, was exploited via a flaw in Twitter's Zendesk system that allowed trouble tickets that were submitted by users to be closed before they've been resolved by customer service personnel, reported <em>Wired</em>. By Wednesday, however, Phelps-Roper's <a href="https://twitter.com/dearshirley">DearShirley</a> Twitter account page resolved to a page saying that the account had been suspended. <P> By Tuesday, the church's website also appeared to be on the receiving end of a multi-day <a href="http://www.informationweek.com/big-data/news/security/vulnerabilities/10-strategies-to-fight-anonymous-ddos-at/232600411">distributed denial-of-service (DDoS) attack</a>, while Anonymous Twitter channels shared the name and contact information for the hotel where members of the church were staying in Connecticut. <P> A post to the Anonymous IRC Twitter account has also requested signatories for a <a href="https://petitions.whitehouse.gov/petition/legally-recognize-westboro-baptist-church-hate-group/DYf3pH2d">petition to the White House</a> to "recognize WBC as a hate group." As of press time, the petition had received over 180,000 signatures, which is well beyond the 25,000 signatures required for the White House to review the request and issue an official response. <P> A <a href="https://petitions.whitehouse.gov/petition/revoke-tax-exempt-status-westboro-baptist-church-re-classify-westboro-baptist-church-hate-group/tNVz4V7Q">competing petition</a>, which similarly requests that the White House "revoke the tax exempt status of the Westboro Baptist Church and re-classify Westboro Baptist Church as a hate group," by Tuesday received over 38,000 signatures. <P> Westboro Baptist Church is thought to comprise about 100 people, and while the organization self-identifies as a church, it isn't affiliated with any established religious group, according to a statement released Sunday by American Baptist Churches USA. "American Baptists want to be clear that we denounce their message and tactics of hate," read the statement. "Westboro Baptist Church of Topeka, Kansas, is in no way affiliated with American Baptist Churches USA. Fred Phelps, pastor of Westboro Baptist Church, is not and never has been an American Baptist. Phelps' ordination is not in an American Baptist church, and his credentials have never been recognized by any region of ABCUSA. Westboro is an independent, non-affiliated church." <P> This isn't the first tussle between elements of Anonymous and Westboro, who notably debated last year on a call-in radio show. According to Parmy Olson's <em>We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency</em>, the Anonymous representative was none other than <a href="http://www.informationweek.com/security/government/anonymous-lulzsec-case-in-us-expanded-by/232901400">Jake Davis, aka Topiary</a>, who was later to become spokesman for the hacktivist group LulzSec. According to Olson, Davis was debating Phelps-Roper via Skype while at the same time attempting to coordinate, via chats on Anonymous IRC server channels, a DDoS attack against the Westboro website. While the website was ultimately disrupted, <a href="http://www.theregister.co.uk/2011/02/24/jester_westboro_baptists_anon_silliness/">hacker and DDoS botmaster The Jester</a> claimed credit. <P> According to a Wed. <a href="https://twitter.com/th3j35t3r/status/281075522816073729">post to The Jester's Twitter feed</a>, the hacker appears to have again worked with Anonymous to launch this week's DDoS attacks against the Westboro website. <P> <i>Whether it's for monetary gain, revenge or embarrassment, hackers want your organization's data, and they will stop at almost nothing to get it. In the <a href="http://www.darkreading.com/DatabaseSecurity/util/8511/download.html?k=axxe&cid=article_axxe">How Attackers Find And Exploit Database Vulnerabilities</a> report, we look at the vulnerabilities attackers target, how they get in and what they do once they get there. More importantly, we recommend how to close those holes and establish a layered security approach that includes products, processes and constant vigilance. (Free registration required.)</i>2012-12-18T11:26:00ZMobile networks, banks, energy companies and other critical infrastructure providers could be required to report all breaches to EU authorities.http://www.informationweek.com/security/cybercrime/europe-weighs-new-data-breach-rules-for/240144604?cid=RSSfeed_IWK_authorsEuropean businesses that provide critical infrastructure services, including banks, stock exchanges, telecommunications firms and utilities, may soon be required to disclose to authorities any data breach they suffer. <P> That proposal is contained in draft regulations currently being circulated by the European Union's executive committee. The committee plans to formally introduce the recommendation in February 2013, after receiving feedback from the European Parliament and the 27 different countries in Europe that comprise the EU. <P> An EU spokesman didn't immediately respond to a request to review a copy of the executive commission's draft proposal. But EU officials said the new regulation is needed to remove the stigma associated with data breaches, as well as to improve information sharing between providers of critical infrastructure services, who are being <a href="http://www.informationweek.com/government/security/dod-hackers-breached-us-critical-infrast/240008972">increasingly targeted by hackers</a>. <P> "We want to change the culture around cybersecurity from one where people are sometimes afraid or ashamed to admit a problem, to one where authorities and network owners are better able to work together to maximize security," an unnamed EU official told Reuters, which first reported the <a href="http://www.reuters.com/article/2012/12/17/us-eu-cybersecurity-idUSBRE8BG0Z220121217">news of the EU's draft proposal</a>. <P> <strong>[ Learn more about U.S. critical infrastructure security. See <a href="http://www.informationweek.com/security/attacks/cyberattack-reports-on-us-critical-infra/240003076?itc=edit_in_body_cross">Cyberattack Reports On U.S. Critical Infrastructure Jump Dramatically</a>. ]</strong> <P> The draft report from the EU's executive committee suggests that critical infrastructure is too valuable to be left to voluntary -- if any -- reporting requirements. "Cybersecurity incidents are increasing at an alarming pace and could disrupt the supply of essential services we take for granted such as water, sanitation, electricity or mobile networks," the report said, according to news reports. Furthermore, the report suggested that businesses in Europe currently "lack effective incentives to provide reliable data on the existence or impact" of data breaches or information security incidents. <P> "Minimum security requirements should also apply to public administrations and operators of critical information infrastructure to promote a culture of risk management and ensure that the most serious incidents are reported," according to the draft report. <P> Europe currently lacks a single data-breach notification law. Instead, not unlike in the United States, data-breach notification requirements in Europe are governed by a patchwork of country-level provisions. The different laws have differing thresholds for triggering notifications, and differ also as to whether individuals, regulators or both should receive notifications. <P> "For example, a legal obligation to notify regulators and affected individuals (under certain circumstances) of data breaches exists in Germany and Norway," according to a recent <a href="http://www.wsgr.com/publications/PDFSearch/eye-on-privacy/Nov2012/index.html">analysis of European data breach notification requirements</a> published by attorneys Christopher Kuner and Anna Pateraki at Wilson Sonsini Goodrich & Rosati. "In contrast, some countries, such as Austria, have a legal requirement to notify individuals but not the regulator, whereas other countries have a voluntary regime based on codes and guidelines issued by regulators, such as Denmark, Ireland and the United Kingdom." <P> A draft data protection regulation currently being debated by the EU would also create a <a href="http://www.informationweek.com/security/privacy/eu-data-rules-worse-than-sopa/232500742">single data breach notification requirement</a> for all of Europe. But EU watchers have said that debate over the proposed changes may take at least another year or two to be resolved. <P> Regardless of the timing, data security and breach notifications are clearly on the EU's agenda. "The European Commission's work on critical infrastructure shows the crucial importance of cybersecurity in today's world," said Brussels-based Pateraki, who specializes in privacy law, via email. "In parallel to the ongoing EU data protection reform, which will also enhance data security, the commission is planning to move forward with a proposal on critical information infrastructure protection (CIIP) probably in early 2013. It is expected that the commission's CIIP proposal will build on the existing proposal for a general data breach notification regime and might include a similar regime for security breach notification in critical sectors." <P> <em>Note: Story updated to include Anna Pateraki's quote. </em>2012-12-17T12:50:00ZNHTSA proposes that beginning in 2014, most cars would have to be fitted with data recorders. Consumer rights advocates say the measure includes few privacy protections.http://www.informationweek.com/security/privacy/mandatory-car-black-boxes-proposed-priva/240144546?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div><span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->Is the country ready for black box data recorders inside consumers' automobiles? <P> The National Highway Traffic Safety Administration (NHTSA) last week issued a <a href="http://www.gpo.gov/fdsys/pkg/FR-2012-12-13/pdf/2012-30082.pdf">notice of proposed rulemaking</a> in the <em>Federal Register</em>, proposing that as of Sept. 1, 2014, all cars should be fitted with event data recorders (EDRs). <P> "The agency is issuing this proposal because we believe that, without a regulation, EDRs will remain absent from the estimated 8% of the current light vehicle fleet that lacks an EDR," according to the <em>Federal Register</em> listing. "We believe that requiring all light vehicles required to have frontal air bags to be equipped with EDRs would help improve vehicle safety for consumers, while imposing relatively limited costs on the automobile industry." <P> Consumers have until Feb. 11, 2013, to comment on the proposal. Already, however, the consumer rights group Electronic Privacy Information Center (EPIC) <a href="http://epic.org/2012/12/federal-agency-proposes-black-.html">warned that EDRs</a> "record detailed information about drivers, which can be made available to insurance companies, the police, and others," and recommended that "commentators urge the agency to 'strengthen privacy safeguards'" for data captured by any such devices. <P> <strong>[ Ready for driverless cars? Read <a href="http://www.informationweek.com/government/policy/google-autonomous-cars-get-green-light-i/240008033">Google Autonomous Cars Get Green Light In California</a>. ]</strong> <P> But the NHTSA, in its proposal, suggested that any related data privacy safeguards would have to come via laws enacted by Congress -- none currently exist -- or state legislatures. "While these issues are of continued importance in the public discussion on the use of EDR technology, as an agency, we do not have the statutory authority to address many of these privacy issues because they are generally matters of State and Federal law that we do not administer," said the NHTSA proposal. <P> To date, about a dozen states have passed laws governing how EDR data can be used. Most state laws <a href="https://www.accidentreconstruction.com/research/edr/index.asp">require automotive manufacturers</a> to disclose to new buyers when a vehicle contains an EDR, and also limit how collected data may be used or shared. Colorado law, for example, "prohibits the release of event data unless the data is released to a motor vehicle safety and medical research entity or data processor in order to advance motor vehicle safety, security, or traffic management," unless the release of that information is ordered by a court, or else the vehicle's owner simply consents to it being used. <P> This isn't the NHTSA's first foray into EDR standards. Notably, the agency created an EDR regulation in 2006, and it went into effect on Sept. 1, 2012. But although that regulation specifies how recorders should capture and store information -- as well as "crash survivability" requirements -- it doesn't mandate the installation of EDRs. <P> Why bother capturing vehicle data? According to the NHTSA, having access to EDR data could improve vehicle safety both now and in the future, not least by allowing the agency to examine the effectiveness of the latest safety features. "It is important to have EDR data relating to the crash experiences of vehicles with these advanced safety systems so that the agency can, at the earliest possible time, gather enough information about emerging advanced technologies to conduct reliable analyses and make policy judgments," said the proposal. <P> "Additionally, the agency's experience in handling unintended acceleration and pedal entrapment allegations has demonstrated that EDR data from a particular vehicle model can have significant value to both the agency and the vehicle's manufacturer to identify and address safety concerns associated with possible defects in the design or performance of the vehicle," it said. <P> <i>Recent breaches have tarnished digital certificates, the Web security technology. The new, all-digital <a href="http://www.informationweek.com/drdigital/111212dr/?k=axxe&cid=article_axxt_os">Digital Certificates</a> issue of Dark Reading gives five reasons to keep it going. (Free registration required.)</i>2012-12-17T11:52:00ZAfter 10-year legal battle for allegedly hacking U.S. government computers in search of information on UFOs, British hacker Gary McKinnon is free.http://www.informationweek.com/security/attacks/britain-declines-to-prosecute-alleged-na/240144510?cid=RSSfeed_IWK_authorsThe British government has declined to prosecute Gary McKinnon, 46, who had been accused of perpetrating "the biggest military computer hack of all time." As a result, more than a decade after the alleged crimes occurred, McKinnon is now a free man. <P> "I feel the 10 years have been grueling, it's been life-destroying. It's difficult to explain how bad it's been," McKinnon's mother, Janis Sharp, <a href="http://www.guardian.co.uk/world/2012/dec/14/gary-mckinnon-no-uk-charges">told <em>The Guardian</em></a>. <P> "To have this over is amazing. Gary's gone through enough," she said. "Other people have been accused of more serious hacking in this country and they've been given a 1,000-pound fine and a very short community sentence. Gary regrets what he's done. He wishes he hadn't done it. He wishes he hadn't upset the Americans. We all regret it. But I'm grateful to Theresa May that this is all over now." <P> Sharp said McKinnon's next step will be to seek a pardon from President Obama. <P> <strong>[ Operation Payback case highlights how U.S. and British hacker investigations differ. Read more at <a href="http://www.informationweek.com/security/attacks/how-uk-police-busted-anonymous-suspect/240144452?itc=edit_in_body_cross">How U.K. Police Busted Anonymous Suspect</a>. ]</strong> <P> McKinnon, who's been diagnosed with <a href="http://www.informationweek.com/security/management/one-secret-that-stops-hackers-girlfriend/240003767">Asperger's syndrome</a> and depression, was first arrested by U.K. police a decade ago for allegedly gaining unauthorized access to computers owned by the U.S. government, reportedly in search of evidence about UFOs. In 2004, the United States first sought his extradition, and in recent years, after McKinnon <a href="http://www.informationweek.com/government/security/hacker-gary-mckinnon-loses-extradition-a/218900350">lost multiple appeals</a>, it looked like he'd finally be extradited. <P> In October, however, British home secretary Theresa May, citing medical reports that McKinnon would be a suicide risk if he was extradited, said that Britain would not honor the extradition request. May also said that it would be up to the director of public prosecutions (DPP) to determine if a case against the alleged hacker should proceed in England and Wales. <P> Keir Starmer, the director of public prosecutions for the Crown Prosecution Service, and Mark Rowley, the assistant commissioner of the Metropolitan Police Service, in a joint statement released Friday, noted that it was unlikely that any prosecution of McKinnon in Britain would now succeed, especially because there's been no live investigation into his alleged crimes for many years. Notably, the U.S. Department of Justice, Metropolitan Police Service, and Crown Prosecution Service in 2002 jointly agreed that McKinnon should be tried not in Britain, but the United States, given that the required witnesses, and the vast majority of evidence, was located there. <P> "None of the reasons for the original decision in 2002 that the appropriate place for Mr. McKinnon to be tried was the United States have altered," said Starmer and Rowley. "So far as the evidence is concerned, the position in 2012 is the same as it was in 2002. Most of the witnesses are in the U.S., as is nearly all the physical evidence and the bulk of the unused material, some of which is sensitive." <P> Starmer and Rowley noted that the U.S. Department of Justice said it would cooperate with any U.K. investigation, but said that the related evidence-handling would be especially challenging. In addition, U.S. authorities said that they would only share some of the evidence, and not make every witness -- many are, or were, U.S. government employees -- available for a British trial. <P> McKinnon is far from the first hacker who's been indicted by U.S. authorities. Earlier this year, for example, alleged Anonymous and LulzSec participant Ryan Cleary was indicted by a Los Angeles federal grand jury on hacking charges. Unofficially, however, U.S. authorities have said they <a href="http://www.informationweek.com/security/management/accused-lulzsec-hacker-fights-extraditio/240002206">won't seek Cleary's extradition</a>, most likely because he's already being prosecuted by authorities in Britain on charges of launching botnet-driven distributed denial-of-service (DDoS) attacks against the British Phonographic Industry website, as well as the United Kingdom's Serious Organized Crime Agency (SOCA) website. <P> <i>More than half of federal agencies are saving money with cloud computing, but security, compatibility, and skills present huge problems, according to our survey. Also in the <a href="http://www.informationweek.com/gogreen/100812gov/?k=axxe&cid=article_axxt_os">Cloud Business Case</a> issue of InformationWeek Government: President Obama's record on IT strategy is long on vision but short on results. (Free registration required.)</i>2012-12-17T09:06:00ZOperation Payback operators' identities unearthed largely through "social leakage" -- highlighting differences between U.S. and British hacker investigations.http://www.informationweek.com/security/attacks/how-uk-police-busted-anonymous-suspect/240144452?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->Are U.S. authorities focusing too much on busting low-level hacktivist operators, at the expense of taking down the leading lights? <P> The difference in style can be seen in the approach that U.K. investigators have taken to prosecuting the ringleaders of <a href="http://www.informationweek.com/security/attacks/anonymous-group-abandoning-ddos-attacks/228800667">Operation Payback</a>, which was the Anonymous-branded attack campaign that targeted businesses, including PayPal and MasterCard, with distributed denial of service (DDoS) attacks for their having blocked payments to WikiLeaks. PayPal said the attacks resulted in losses of &#163;3.5 million ($5.6 million). <P> According to Ray Massie, a freelance computer forensic and open source training consultant who led Britain's Operation Payback investigation as a detective sergeant with London's Metropolitan Police Service, his team focused on the people who organized the attacks and picked the targets, rather than low-level operators. "We went after organizers and facilitators rather than foot soldiers. U.S. authorities went after a mix," Massie <a href="http://www.theregister.co.uk/2012/12/14/uk_anon_investigation/">told</a> <em>The Register</em>. <P> <strong>[ For more about busting bad guys based on digital tracks, read <a href="http://www.informationweek.com/security/management/how-digital-forensics-detects-insider-t/232300409?itc=edit_in_body_cross">How Digital Forensics Detects Insider Theft</a>. ]</strong> <P> By comparison, U.S. authorities have ended up prosecuting a large number of people who downloaded a DDoS tool promoted by some of the leaders of Anonymous, and which attacked targets selected not by the downloader, but by leaders of Anonymous. The DDoS tool in question was known as the <a href="http://www.informationweek.com/security/cybercrime/lulzsec-leader-sabu-details-exploits/231900535">Low Orbit Ion Cannon</a> (LOIC), and less advanced LOIC users didn't seem to realize that the tool often coded their IP address into the packets it generated. Many of the attacked organizations recorded these packets and shared them with authorities, who used service providers' subscriber records to identify LOIC users' real identities, then <a href="http://www.informationweek.com/security/government/anonymous-boycotts-paypal-arrest-fallout/231002708">began making arrests</a>. <P> Of course, U.S. authorities have also busted multiple alleged leaders of the supposedly leaderless Anonymous hacktivist collective, <a href="http://www.informationweek.com/security/attacks/lulzsec-leader-sabu-unmasked-aids-fbi-ha/232602103">including Sabu</a> -- real name: Hector Xavier Monsegur -- who also served as the leader of LulzSec. <P> But British authorities have limited their efforts to prosecuting the organizers behind Operation Payback, as highlighted by the case of Northampton, England-based Christopher Wetherhead (aka "Nerdo"), 22. Last week, he was found guilty in Southwark Crown Court of one count of conspiracy to commit unauthorized acts with intent to impair the operation of a computer, in violation of the U.K.'s 1990 Computer Misuse Act. <P> In his defense, Wetherhead maintained that he only moderated the AnonOps IRC channel. But Scotland Yard's Police Central eCrime Unit had studied numerous Anonymous IRC logs and found nickname (NIC) clues that helped them identify the British leaders of Operation Payback <P> "In a nutshell we identified Weatherhead via the IRC network," former detective constable Trevor Dickey, who now works in the private sector, told <em>The Register</em>. <P> "We identified their IRC channels and captured several weeks of chat. During that time we looked at the status of NICs such as admins and operators," he said. "We then did some keyword searching and spent a lot of time looking [at] social leakage. Combining all these elements we then identified the NICs of interest and did open source research on them. Weatherhead was easy to identify as he had been using the NIC of 'Nerdo' for quite some time." <P> The other suspects likewise were also identified in large part via social-network leakage. "We were able to tie their digital identities to real life identities," Massie told <em>The Register</em>. "Now that the suspects are in their 20s, they are security conscious, but they were using the same nick when they were a kid on gaming forums or elsewhere. They made mistakes." <P> Prosecutors also found evidence that Wetherhead had contracted for services with <a href="http://www.informationweek.com/security/attacks/fast-flux-botnet-nets-fraudsters-78-mill/240009729">bulletproof hosting provider</a> Heihachi in Russia, on behalf of Anonymous. The prosecutor described Heihachi as providing a "safe haven" for cybercriminals. <P> Thanks to that police digital forensic work, a jury of six men and five women took just two hours to return a guilty verdict against Weatherhead, saying he'd had an "integral role" in the attacks, reported <em>The Guardian</em>. <P> Three other men -- Jake Alexander Birchall, 18, of Little Neston, Cheshire; Ashley Rhodes, 27, of Bolton Crescent, London; and Peter David Gibson, 24, of Hartlepool, Cleveland -- earlier this year pled guilty to the same charge. <P> Judge Peter Testar told Wetherhead that he and his co-conspirators <a href="http://www.guardian.co.uk/technology/2012/dec/06/student-convicted-anonymous-cyber-attacks">might do jail time</a> as a result. All four men are due back in Southwark Crown Court in January 2013 for pre-sentence reports. <P> <i>Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales. <a href=https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005250&K=ECOMEAIBM">Register now</a>.</i> <P> <P>2012-12-14T11:36:00ZWordPress sites with outdated TimThumb plug-in were among PHP-based sites hackers used to launch this fall's massive DDoS attacks, reports Arbor Network.http://www.informationweek.com/security/attacks/bank-attackers-used-php-websites-as-laun/240144413?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->The group that began targeting U.S. bank websites in September launched their large-scale, distributed denial-of-service (DDoS) attacks via a number of PHP-based websites that they'd previously exploited. <P> That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the <a href="http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/">TimThumb plug-in</a>. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. <P> "Unmaintained sites running out-of-date extensions are easy targets and the attackers took full advantage of this to upload various PHP webshells which were then used to further deploy attack tools," according to a <a href="http://ddos.arbornetworks.com/2012/12/lessons-learned-from-the-u-s-financial-services-ddos-attacks">blog post</a> by Dan Holden and Curt Wilson, who are part of the security engineering and response team at Arbor Networks. <P> <strong>[ Build bullet-proof Web apps. Read <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962?itc=edit_in_body_cross">6 Ways To Strengthen Web App Security</a>. ]</strong> <P> After compromising the PHP-based websites and loading their attack toolkits, the bank attackers then either connected directly to the sites to issue commands, or else used intermediate servers, proxies or scripts. The particular attack tool that was most used by attackers, according to Arbor, was the <a href="http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-facts/240008566">"itsoknoproblembro" toolkit</a>, which is also know as Brobot. Two other tools, KamiKaze and AMOS, were also used, but less frequently. <P> Those tools enabled attackers to launch "a mix of application layer attacks on HTTP, HTTPS and DNS with volumetric attack traffic on a variety of TCP, UDP, ICMP and other IP protocols," said Holden and Wilson. "The other obvious and uncommon factor at play was the launch of simultaneous attacks, at high bandwidth, to multiple companies in the same vertical." <P> The <a href="http://www.informationweek.com/security/cybercrime/bank-ddos-strikes-could-presage-armagedd/240142631">scale of those DDoS attacks</a> disrupted the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. That was despite the attackers <a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-take-credit-for-us-ba/240008059">previewing which sites would be attacked</a>, as well as the date and time their attacks would commence. <P> In late October, after more than a month of bank website attacks, the hacktivist group that claimed credit for the so-called Operational Ababil campaign <a href="http://www.informationweek.com/security/attacks/us-bank-hackers-promise-ddos-pause/240009676">promised a pause</a> in its efforts. But the group broke its silence earlier this week, when it reemerged and promised to begin attacks this week against Bank of America, JPMorgan Chase, PNC Financial Services Group, SunTrust Banks and U.S. Bancorp. <P> Those attacks appeared to recommence Tuesday. A spokesman for PNC confirmed Thursday via email that the bank's website had been seeing "an unusual volume of electronic traffic at our Internet connection." But he declined to comment on whether that traffic had been caused by DDoS attacks. <P> According to Arbor, the new attacks "looked similar in construction to Brobot v1, however there is a newly crafted DNS packet attack and a few other attack changes in Brobot v2," showing that attackers' techniques are continuing to evolve. <P> What lessons can businesses draw from the Arbor finding that the DDoS bank attackers are using vulnerable WordPress and PHP sites as staging grounds? For starters, businesses should keep an eye on their websites for signs of outdated or unsecured PHP applications -- and not just to help prevent DDoS attacks. Indeed, criminals often use exploited websites to launch attacks and store stolen information. <P> "WordPress enables these organizations to set up an infrastructure on the Internet that exacerbates the challenge of locating them," said Jim Butterworth, CSO of HBGary, speaking by phone. "They're using it as an opportunistic technique for lifting stolen information, more so than using WordPress as an attack vector." <P> The gang behind the <a href="http://www.informationweek.com/security/attacks/zeus-botnet-eurograbber-steals-47-millio/240143837">Eurograbber attack campaign</a>, for example, reportedly used Zitmo Trojan spyware to steal $47 million or more from over 30,000 corporate and private banking customers. Although the gang used command-and-control servers to manage PCs infected with its malware, it had also exploited PHP websites to create <a href="http://www.net-security.org/malware_news.php?id=1589">drop zones</a> for storing stolen information, as well as for pushing additional attack code to infected PCs. Using drop zones -- as a kind of criminal Dropbox -- helps attackers better cover their tracks and evade security defenses. <P> Despite those criminal tactics, Butterworth said businesses shouldn't avoid using PHP-based applications such as WordPress. Instead, they should inventory which PHP applications are being used, log network traffic to reveal inbound PHP requests that expose would-be attackers probing for such applications, and ensure that the PHP applications remain hardened against the toolkits and vulnerabilities used to exploit them. "Locate, patch and watch. That's the advice," he said. <P> <i>Storing and protecting data are critical components of any successful cloud solution. Join our webcast, Cloud Storage Drivers: Auto-provisioning, Virtualization, Encryption, to stay ahead of the curve on automated and self-service storage, enterprise class data protection and service level management. <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005242&K=STOEAIBM">Watch now or bookmark for later</a>.</i>2012-12-14T09:06:00ZGovernor blames data breach on Russian hackers and the IRS, but states' by-the-book IT ethos shows rules and regulations are the real culprit.http://www.informationweek.com/security/attacks/sc-security-blunders-show-why-states-get/240144341?cid=RSSfeed_IWK_authorsThis holiday season, millions of people who live or work in South Carolina have a special treat in store: the potential for their identities and savings to get misused. <P> That's thanks to the state's Department of Revenue having <a href="http://www.darkreading.com/database-security/167901020/security/news/240012646/lies-we-tell-our-ceos-about-database-security.html">stored 3.3 million bank account numbers</a>, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a single state employee clicked on a malicious email link, an attacker -- unnamed Russian hackers have been blamed -- was able to obtain copies of those records. The state has now urged anyone who has filed a tax return in South Carolina since 1998 to contact law enforcement officials. <P> How could this happen? After <a href="http://www.informationweek.com/security/attacks/how-south-carolina-failed-to-spot-hack-a/240142543">attackers owned South Carolina's revenue systems</a>, they were able to conduct weeks of reconnaissance undetected. That's because the Department of Revenue had opted out of the state's optional intrusion-detection-monitoring program. Thankfully, the U.S. Secret Service spotted some identity theft cases and seems to have traced the stolen information back to state tax returns. <P> <strong>[ After a six-week silence, banks may again be under siege. <a href="http://www.informationweek.com/security/attacks/bank-attackers-promise-to-resume-ddos-ta/240144371?itc=edit_in_body_cross">Bank Attackers Promise To Resume DDoS Takedowns</a>. ]</strong> <P> Why wasn't South Carolina better prepared? The answer is simple: the state's leadership, from the governor on down, failed to take information security seriously or to correctly gauge the financial risk involved. As a result, taxpayers will pay extra to clean up the mess. Beyond the $800,000 that the state will spend -- and should have already spent -- to improve its information security systems, $500,000 will go to the data breach investigation, $740,000 to notify consumers and businesses, $250,000 for legal and PR help, and $12 million for identity theft monitoring services. Of course, such services only help to spot ID theft; they don't prevent or fully resolve it. Taxpayers get to do that themselves. <P> Had the state done the right thing, it could have avoided the data breach and saved $13 million, which is a tad ironic, given that Gov. Nikki Haley holds an accounting degree from Clemson University. <P> Haley said the breach isn't the state's fault. Instead, <a href="http://www.pcworld.com/article/2015543/irs-blamed-in-massive-south-carolina-data-breach.html">she blamed the IRS</a>, noting that while the state complied with IRS regulations, the IRS doesn't require stored Social Security numbers to be encrypted. Helpfully, the governor has now written a letter to the IRS recommending that it begin requiring that Social Security numbers get encrypted. <P> According to <em>The New York Times</em>, Haley has also claimed that a hacker somehow managed to breach the state's <a href="http://www.nytimes.com/2012/11/06/us/south-carolina-tax-hacking-puts-other-states-on-alert.html">state-of-the-art security defenses</a>. Then again, maybe not: In a <a href="http://www.youtube.com/watch?v=7OV6TZHZKqg">press conference</a>, she later admitted that the state's revenue systems not only lacked encryption and strong access controls, but also are based on a lot of 1970s-era equipment. <P> "This is a new era in time where you can't work with 1970s equipment," Haley said. "You can't go with compliance standards of the federal government." <P> Shocking news, and evidently the governor still doesn't understand information security -- or the <a href="http://www.informationweek.com/security/management/67-of-companies-fail-credit-card-securit/229401946">folly of "security by compliance,"</a> that is, mistaking regulatory compliance with adequate information security. <P> South Carolina isn't the only state treating information security as an afterthought. Earlier this year, <a href="http://www.informationweek.com/healthcare/security-privacy/utahs-medicaid-data-breach-worse-than-ex/232900128">hackers breached a Utah state server</a>, stealing the Social Security numbers of 280,000 people and health information for 500,000 state residents, none of which was encrypted. <P> Last year, <a href="http://www.informationweek.com/security/attacks/texas-data-breach-exposed-35-million-rec/229401489">Texas discovered that 3.5 million records</a>, including people's names, mailing addresses, Social Security numbers, and in some cases dates of birth and driver's license numbers, had been exposed. None of that personally identifiable information (PII), which was available for a year on a public-facing website, had been encrypted. <P> How could the South Carolina breach happen in the wake of the Utah and Texas breaches? The answer seems to be weak rules and regulations. According to a former Texas state IT employee, "a major flaw that occurred in Texas with that data leak incident was the complete and utter failure of three agencies to properly secure their confidential PII per best practice, common sense and agreed-to methodology." <P> That's because the state's agencies used only information security practices and procedures explicitly required by <a href="http://info.sos.state.tx.us/pls/pub/readtac$ext.ViewTAC?tac_view=4&ti=1&pt=10&ch=202">chapter 202 of the Texas administrative code</a> (aka TAC 202)."If their government code states they don't have to, or makes something an option, state agencies just don't and won't do it -- it costs time and $$$ tax dollars," said the former Texas state employee, via email. <P> Never mind if encrypting the data would require five minutes and common-sense thinking. "Yes, encrypting payloads with Winzip, 7Zip or GPG/PGP is <em>way</em> easy to do," he said, but without a rule or regulation, state agencies won't bother. On a related note, the state employee said he left for a private-sector job after his efforts to get the Texas Department of Information Resources to update TAC 202 to require encryption for data, whether it's at rest or in transit, were rebuffed. <P> Gov. Haley, by blaming the IRS for not requiring her state to encrypt Social Security numbers, has hit upon a solution to this problem: Put stronger rules and regulations in place. Require anyone who transmits or stores PII to encrypt the data, safeguard it with access controls and use intrusion monitoring to detect unfolding hack attacks. Just in case that move doesn't make government agencies' responsibilities clear, add extra penalties for any agency that suffers a data breach, regardless of the security controls it has in place. Maybe that step will finally stop the buck-passing and focus state governors' thinking on information security.2012-12-13T12:18:00ZSilent for six weeks, the Cyber fighters of Izz ad-din Al qassam hacktivist group have promised to resume targeting banks, in protest of a movie that mocks the founder of Islam.http://www.informationweek.com/security/attacks/bank-attackers-promise-to-resume-ddos-ta/240144371?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->The U.S. bank attackers are back. <P> The hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam this week broke six weeks of silence to announce the second phase of its Operation Ababil <a href="http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-facts/240008566">distributed denial of service (DDoS) attacks</a> against banks. <P> "The goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices (sic) Group, SunTrust Banks, Inc.," said a <a href="http://pastebin.com/E4f7fmB5">post</a> uploaded Monday to the group's Pastebin account. <P> In the previous attacks, which stretched for more than a month, the attackers disrupted the websites of some of Wall Street's biggest financial institutions, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. Despite the attackers <a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-take-credit-for-us-ba/240008059">previewing the sites to be attacked</a>, as well as the days and times, the bank websites seemed unable to handle the <a href="http://www.informationweek.com/security/cybercrime/bank-ddos-strikes-could-presage-armagedd/240142631">sheer scale of the attacks</a>. <P> <strong>[ Read <a href="http://www.informationweek.com/security/attacks/hackers-rob-400000-from-washington-town/240009142?itc=edit_in_body_cross">Hackers Rob $400,000 From Washington Town</a>. ]</strong> <P> The attackers have promised more of the same, and then some. "In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group claimed in its post. <P> According to the <a href="http://sitedown.co/">Sitedown website</a>, which tracks website outages, Bank of America Tuesday appeared to begin suffering an unusual number of sites outages, with many customers reporting that the bank's website had been unreachable for hours, if not days. Likewise, customers of the <a href="http://www.pnc.com">PNC Financial Services Group</a> Tuesday began reporting difficulties accessing that website. <P> Fred Solomon, VP of corporate communications for PNC, said via email that the bank's customers have recently experienced some disruptions. "PNC customers experienced slower access to online banking on Tuesday and Wednesday due to an unusual volume of electronic traffic at our Internet connection," he said. But he declined to comment on whether that traffic had been caused by DDoS attacks. <P> Bank of America spokesman Mark T. Pipitone said via email that the bank's website is operating normally. "We have experienced no outages. We&#8217;re aware of the reports of possible cyberattacks and we&#8217;re monitoring our systems, which are fully operational," he said. <P> A U.S. Bancorp spokesman didn't immediately respond to an emailed request for comment on the hacktivist threat, or whether it has seen DDoS attacks against its websites increase this week. When asked similar questions, meanwhile, a spokesman for JPMorgan Chase, reached by phone, declined to comment, as did a spokesman for SunTrust Bank, via email. <P> The bank attackers made their last attack-related pronouncement in October, when they announced that they'd be <a href="http://www.informationweek.com/security/attacks/us-bank-hackers-promise-ddos-pause/240009676">pausing their attacks</a> in honor of the Muslim Eid al-Adha holiday, which in 2012 ran from the evening of Oct. 25 to the evening of Oct. 26. Since then, the attackers appear to have conducted interviews with multiple media outlets, one of which was apparently reprinted by private intelligence firm <a href="http://www.informationweek.com/security/attacks/us-bank-attackers-dispute-iran-ties/240142895">Flashpoint Partners</a>. <P> In their Monday Pastebin post, the bank attackers said they were restarting their attack campaign for the same reason as they'd begun it: To protest the <a href="http://www.informationweek.com/security/attacks/bank-of-america-website-slows-after-isla/240007581"><em>Innocence of the Muslims</em> film</a> that mocks the founder of Islam. A 14-minute clip of the film was earlier this year uploaded to YouTube by its director, who resides in the United States, and it reportedly sparked a number of riots across the Middle East. <P> U.S. officials have <a href="http://www.informationweek.com/security/attacks/bank-hacks-iran-blame-game-intensifies/240009068">blamed the Iranian government</a> for sponsoring the DDoS attacks against U.S. banks. But the Cyber fighters of Izz ad-din Al qassam have disputed having ties with any government, and hinted that its members hail from multiple countries. <P> The group reiterated that assertion in its Monday Pastebin post, in which it reprinted in full the answers it said it had provided to <em>American Banker</em>, amongst other media outlets. "No government or organization is sponsoring us and we do not wait for any sponsor as well," said the group. <P> <em>Note: Story updated to add Bank of America statement.</em> <P> <i>Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales. <a href=https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005250&K=ECOMEAIBM">Register now</a>.</i>2012-12-13T10:44:00ZGuatemala refuses asylum request and deports AV founder McAfee to Miami. Officials in Belize dismiss McAfee's claims that he's being persecuted by government, call him "bonkers."http://www.informationweek.com/security/antivirus/mcafee-back-in-us-crazy-like-a-fox/240144326?cid=RSSfeed_IWK_authorsAntivirus pioneer John McAfee has been deported from Guatemala to the United States. <P> Until recently a resident of Belize, 67-year-old McAfee arrived Wednesday in Miami after being put on a plane by Guatemalan officials. "They took me out of my cell and put me on a freaking airplane," he <a href="http://abcnews.go.com/Blotter/mcafee-released-returning-us/story?id=17946650">told ABC News</a>. "I had no choice in the matter." <P> McAfee had requested asylum in Guatemala after accusing officials in Belize of framing him for a murder that he says he didn't commit. While Guatemalan officials denied McAfee's asylum request, they allowed him to pick his destination country. "He opted to return to his country of origin," attorney Telesforo Guerra, who's been McAfee's lawyer in Guatemala, <a href="http://edition.cnn.com/2012/12/12/world/americas/guatemala-mcafee/index.html">told CNN</a>. <P> Despite getting kicked out of their country, McAfee complimented Guatemala officials for being "nice" and reported that his deportation wasn't unpleasant. "It was the most gracious expulsion I've ever experienced," he said. "Compared to my past two wives that expelled me this isn't a terrible trip." <P> <strong>[ Who should play John McAfee in the movie? <a href="http://www.informationweek.com/security/antivirus/mcafee-founder-sells-rights-to-life-stor/240144207?itc=edit_in_body_cross">McAfee Founder Sells Rights To Life Story</a>. ]</strong> <P> Upon landing in Miami, McAfee was greeted and escorted off of the plane -- before other passengers -- by federal officials, who took him through customs and to a taxi stand, bypassing a waiting media scrum, according to news reports. McAfee then tweeted that he was holed up in a hotel in the Miami South Beach neighborhood. <P> "I have no phone, no money, no contact information," said McAfee in a post to his <a href="http://www.whoismcafee.com/">blog</a>. When an AP reporter reached McAfee via telephone, the reporter was told that he couldn't speak, because he was waiting for his girlfriend, 20-year-old Belizean Samantha Vanegas, to call. <P> McAfee told ABC News that he's retained an attorney in the United States to file for a visa for Vanegas. McAfee, who holds dual American and British citizenship, said he plans to reside in the United States or Britain. <P> McAfee's arrival in Miami caps off a madcap month involving the antivirus firm founder turning fugitive from authorities in Belize after the Nov. 11 murder of his neighbor, American Gregory Viant Faull, 52. McAfee has denied having anything to do with the murder, though he did admit that he and Faull had quarreled over McAfee's unruly dogs. <P> After the murder, and over a period of three weeks, McAfee, Vanegas, and two journalists traveled overland in Belize, and then by boat to Guatemala. But McAfee's <a href="http://www.informationweek.com/security/mobile/mcafee-av-king-turned-fugitive-surfaces/240143769">location was divulged</a>, apparently by accident, after the journalists for <em>Vice</em> magazine posted an iPhone photo that included embedded EXIF location data. In short order, <a href="http://www.informationweek.com/security/management/guatemala-arrests-rogue-av-founder-mcafe/240143971">Guatemalan authorities arrested McAfee</a> for immigration violations, and he remained incarcerated for a week. <P> Now that McAfee has arrived in the United States, it's unlikely that he'll be forced to return to Belize, where he began residing in 2008. While Belize has an extradition treaty with the United States, <a href="http://www.informationweek.com/security/government/6-wacky-mcafee-facts-from-guatemala-with/240144062">McAfee hasn't been charged by Belizean investigators</a>, who have named him only as a "person of interest" in their investigation into the murder of Faull. <P> According to Belize police spokesman Raphael Martinez, law enforcement officials there still want to question McAfee. "He will be just under the goodwill of the United States of America. He is still a person of interest, but a U.S. national has been killed and he has been somewhat implicated in that murder. People want him to answer some questions," Martinez <a href="http://www.reuters.com/article/2012/12/13/belize-mcafee-idUSL1E8NCBTC20121213">told Reuters</a>. <P> But Martinez said that the extradition treaty signed between Belize and the United States only covers suspected criminals, meaning that the country couldn't request that McAfee be extradited just for questioning. "Right now, we don't have enough information to change his status from person of interest to suspect," he said. <P> McAfee claims he was prosecuted by the government for refusing to pay roughly $2 million bribes to the country's ruling party. He's also accused the government of poisoning his dogs. Meanwhile, on his blog, McAfee said that he'd <a href="http://www.informationweek.com/security/antivirus/mcafee-to-be-released-from-guatemalan-pr/240144273">used an alias, "Harold M."</a>, to author controversial posts. "Shorty after my detention, the Government of Belize lobbied Guatemala to have my access to the Internet cut off. This would have crippled my ability to fight what was happening. I had anticipated this and had a plan," he said. "Belize officials were reading my blog constantly so I could not post under my own name. Hence, my friend Harold let me use his name. Apparently it worked." <P> Officials in Belize have dismissed McAfee's claims that he's being persecuted by the government. "I don't want to be unkind to the gentleman, but I believe he is extremely paranoid, even bonkers," said Belize's prime minster, Dean Barrow. <P> <i>Your employees are a critical part of your security program, particularly when it comes to the endpoint. Whether it's a PC, smartphone or tablet, your end users are on the front lines of phishing attempts and malware attacks. Read our <a href="http://reports.informationweek.com/abstract/21/8667/security/informed-cio-endpoint-security.html?k=axxe&cid=article_axxe">Security: Get Users To Care</a> report to find out how to keep your company safe. (Free registration required.)</i>2012-12-12T12:52:00ZKingston launches USB thumb drives with built-in ESET antivirus software to eliminate viruses, Trojan applications, rootkits, and worms.http://www.informationweek.com/security/antivirus/could-a-thumb-drive-stop-stuxnet/240144299?cid=RSSfeed_IWK_authorsIs the data stored on your USB thumb drive safe from any malware on a PC it gets plugged into? <P> USB thumb drive manufacturer Kingston Technology this week announced that two of its drives from the Traveler line -- DataTraveler Vault Privacy and DataTraveler 4000 -- now come with an optional ClevX DriveSecurity feature, which requires 300 MB of the drive's space and includes built-in ESET antivirus software for nuking any viruses, worms, Trojan applications, rootkits, or adware that might attempt to infect the drive. <P> "When the drive owner authenticates to the flash drive, DriveSecurity launches immediately. It updates its virus signature and scans any changes (all new files, applications, etc.) to the flash drive," said ESET. "Upon user request, it checks the entire flash drive to ensure that it is free of malicious code." ESET also said its anti-malware software contains heuristic malware detection to help identity unknown threats. But the company said that the drive's antivirus software won't scan the PC that it gets plugged into. <P> Is antivirus software on USB thumb drives redundant? Or might it instead have helped prevent the outbreak of such malware as Stuxnet? Indeed, a <a href="http://www.informationweek.com/security/attacks/stuxnet-iran-attack-launched-from-10-mac/229218562">USB key carrying Stuxnet</a> appears to have been responsible for at least some of the resulting infections, which <a href="http://www.informationweek.com/security/management/stuxnet-launched-by-united-states-and-is/240001297">targeted an Iranian nuclear facility at Natanz</a>. The caveat with Stuxnet, of course, is that the malware seems to have been introduced on purpose, likely by a U.S. agent, meaning it was meant to infect the USB drive and in turn systems at the facility. <P> <strong>[ Hacking group boasts of government, trade group exploits. Read more at <a href="http://www.informationweek.com/security/attacks/team-ghostshell-hackers-claim-nasa-inter/240144111?itc=edit_in_body_cross">Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches</a>. ]</strong> <P> On the other hand, common malware that attempts to infect USB drives remains alive and well, in part because eradicating it is difficult given all of the different ways in which it can spread. For example, ESET last week reported that the second most prevalent virus is an <a href="http://blog.eset.com/2012/12/07/autorun-worm-continues-to-turn">auto-run worm known as Pronny</a>, which spreads in part by infecting removable media. Once the worm infects a system, it then hides versions of itself elsewhere, including on network shares, and attempts to infect everything it can touch, including thumb drives. <P> USB drives can get infected in numerous ways, such as through supply chain insecurities during production. For example, <a href="http://www.informationweek.com/security/client/ibm-distributes-malware-at-security-conf/225200561">IBM accidentally distributed thumb drives</a> at an Australian security conference that were infected malware. <P> Other infection vectors involve employees using virus-infected kiosks or third-party PCs at airports or Internet cafes, giving the USB key to a friend whose PC happens to have a virus, or using the USB key on a corporate network where a virus is residing. <P> "In practice one sees both unintentional and intentional infection. Stuxnet is an example of the latter, where someone loaded malicious code onto the drive with the intent of getting that code onto a target system," said ESET security evangelist Stephen Cobb in a <a href="http://blog.eset.com/2012/12/11/are-your-usb-flash-drives-an-infectious-malware-delivery-system">blog post</a>. "Unintentional infection can occur when you place your USB flash drive into an inadequately protected system. Sure, you may detect the infection later, when you eventually place your drive into your own computer, but you could do a lot of damage before then." <P> As an example, Cobb references a case <a href="http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Incident_Response_Summary_Report_09_11.pdf">detailed earlier this year</a> by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which in 2010 investigated an outbreak of <a href="http://www.informationweek.com/software/soa-webservices/mariposa-botnet-creator-arrested/226300262">malware tied to the Mariposa botnet</a>. While the affected organization wasn't named, the industry was noted as being "the nuclear sector." <P> The investigators traced the infection back to a conference presentation, noting in an advisory that "an employee attended an industry event and used an instructor's universal serial bus (USB) flash drive to download presentation materials to a laptop." After the employee reconnected their laptop to the corporate network after returning to work, the malware spread, ultimately infecting 100 other network-connected systems. <P> <i>As malware gets increasingly sophisticated, so, too, must the technology and strategies we use to detect and eradicate it (or, better yet, stop it before it ever makes it onto network systems). Our <a href="http://www.darkreading.com/AdvancedThreats/util/8382/download.html?k=axxe&cid=article_axxe">Rooting Out Sophisticated Malware</a> report examines the tools, technologies and strategies that can ease some of the burden. (Free registration required.)</i>2012-12-12T11:41:00ZAntivirus founder's lawyer said a Guatemalan judge will rule that McAfee was illegally detained, paving the way for his return to the United States.http://www.informationweek.com/security/antivirus/mcafee-to-be-released-from-guatemalan-pr/240144273?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->Antivirus founder John McAfee is set to be released from a Guatemalan jail. <P> Telesforo Guerra, McAfee's lawyer in Guatemala, <a href="http://www.latimes.com/business/technology/la-fi-tn-mcafees-lawyer-says-guatemalan-judge-has-ordered-his-release-20121211,0,6867793.story">told the<em> Los Angeles Times</em></a> Tuesday that Guatemalan Judge Judith Secaida verbally said to him that she plans to rule that McAfee had been illegally incarcerated. <P> Guerra said McAfee would be released as soon as the court could process the judge's written instructions, which would likely happen Thursday or Friday. "It's a victory because the government wanted to send him back to Belize," he told the newspaper via phone. "With this kind of resolution, they cannot do it." <P> <strong>[Read <a href="http://www.informationweek.com/security/government/6-wacky-mcafee-facts-from-guatemala-with/240144062?itc=edit_in_body_cross">6 Wacky McAfee Facts: From Guatemala, With Twists</a>.]</strong> <P> By Wednesday, <a href="http://www.whoismcafee.com/">McAfee's blog</a> posted a message saying that McAfee would be released at 9 a.m. local time that day from the immigration facility in which he's currently incarcerated in Guatemala City. <P> According to Guerra, Guatemalan law grants anyone who enters the country 10 days to settle their immigration status. "There is no crime in coming without any visa," he said. "If there's not any crime, the immigration office has to release him." <P> McAfee Tuesday <a href="http://news.sky.com/story/1024003/john-mcafee-expects-release-from-jail-soon">told Britain's Sky News</a> that he was "100% certain" that he'd soon be leaving Guatemala for the United States. He's stated multiple times that he planned to relocate there with his 20-year-old girlfriend, Sam Vanegas. <P> McAfee, who's resided in Belize since 2008, was <a href="http://www.informationweek.com/security/management/guatemala-arrests-rogue-av-founder-mcafe/240143971">arrested last week in Guatemala</a> on immigration violation charges. But he posted regular blog updates, in part to criticize the Belize government for corruption, as well as for attempting to <ahref="http://www.informationweek.com/security/antivirus/mcafee-founder-says-belize-framing-him-f/240124914">frame him for the murder</a> of his American neighbor, Gregory Viant Faull, 52. <P> Belize prime minister Dean Barrow has denied those charges, and instead criticized McAfee for his "extremely paranoid" and "bonkers" behavior. Furthermore, Belizean police investigators are maintaining that McAfee is a "person of interest" in their murder investigation, saying they want to question him. No charges, however, have been filed against McAfee. <P> It's been a busy week for McAfee, who announced that he's <a href="http://www.informationweek.com/security/antivirus/mcafee-founder-sells-rights-to-life-stor/240144207">sold the rights to his life story</a>. He also said Tuesday that he would be ending his relationship with <em>Vice</em> magazine, which had filmed his three-week flight from Belize to Guatemala over land and by boat. <P> Shortly after landing, <em>Vice</em> published a story, titled "We Are With John McAfee Right Now, Suckers," which included an iPhone photograph showing two of its journalists with McAfee, but declining to name their location. The EXIF data attached to the photograph, however, showed that it had been taken in Guatemala, and according to McAfee, that mishap led directly to his arrest. <P> "Due to information just received, It is no longer clear to Mr. McAfee that the 'accidental' release of his co-ordinates due to Vice Magazine's editorial department's failure to remove location data from their now notorious photo, was indeed an accident," according to a post to McAfee's blog made by "Harold M.," who's described on the blog only as "a close friend of Mr McAfee." <P> "This incident led directly to Mr. McAfee's arrest," according to the post. "The reason, possibly, was that Vice wanted exclusive access to Mr. McAfee's arrest, which they in fact obtained and broadcast. This, and subsequent developments, including a breach of verbal contract, has led Mr. McAfee to terminate all contact with Vice." <P> <i>Storing and protecting data are critical components of any successful cloud solution. Join our webcast, Cloud Storage Drivers: Auto-provisioning, Virtualization, Encryption, to stay ahead of the curve on automated and self-service storage, enterprise class data protection and service level management. <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005242&K=STOEAIBM">Watch now or bookmark for later</a>.</i> <P>2012-12-11T10:50:00ZAntivirus company founder remains in Guatemalan jail awaiting deportation to Belize for questioning in a murder investigation.http://www.informationweek.com/security/antivirus/mcafee-founder-sells-rights-to-life-stor/240144207?cid=RSSfeed_IWK_authorsAntivirus firm founder John McAfee, who recently fled from Belize to Guatemala to avoid questioning as part of a murder investigation, has sold his life story to Montreal-based Impact Future Media. <P> The 67-year-old's life story is tentatively titled -- wait for it -- <em>Running in the Background: The True Story of John McAfee</em>. The deal was announced in a <a href="http://www.urecommendmedia.com/mcafee-story.html">statement</a> released by Impact Future Media, which described McAfee as both a "famed antivirus software pioneer and human rights advocate." <P> "We are very excited about working with John McAfee on this initiative," said Francois Garcia, CEO of Impact Future Media, in the statement. "Mr. McAfee has entrusted us with his life story, and that is a responsibility we take very seriously. We will work tirelessly to make certain that his story is shared with the proper industry partners." Impact Future Media said it could develop the story itself, but was also open to licensing the story to others. <P> "My most heartfelt thank you goes to Impact Future Media and CartoonMonkey Studio," said McAfee in a statement. "Their dedication to the truth is very uncommon in the world we Impact Future Media live in today (sic). I am now, and will always be grateful to their organizations." <P> <strong>[ What a fair sentence for a hacker? <a href="http://www.informationweek.com/security/attacks/should-lulzsec-suspect-face-life-in-pris/240142911?itc=edit_in_body_cross">Should LulzSec Suspect Face Life In Prison?</a> ]</strong> <P> The news led renowned ex-hacker Kevin Mitnick to ask via Twitter <a href="https://twitter.com/kevinmitnick/status/278270951936913408">who might best play McAfee</a>. As of press time, recommendations included Gary Busey, Gary Oldman, Billy Bob Thornton, Cuba Gooding Jr. and Sacha Baron Cohen. <P> Impact Future Media also announced a deal with CartoonMonkey Studio, which is run by Chad Essley, who maintains <a href="http://www.whoismcafee.com/">McAfee's blog</a>. McAfee recently used the blog to announce that he'd been <a href="http://www.informationweek.com/security/government/6-wacky-mcafee-facts-from-guatemala-with/240144062">arrested on the Belize-Mexico border</a>, which he later admitted was a red herring designed to confuse any Belizean pursuers. <P> The McAfee life story won't be Impact Future Media's first foray into edgy fare. Notably, the firm is already developing several other "entertainment properties," including a television show called <em><a href="http://www.impfm.com/film-tv-productio/high-on-tuna-by-george-jung/">High On Tuna</em></a> about George Jung, who <a href="http://www.imdb.com/title/tt0221027/">established the American cocaine market</a> in the 1970s. It's also developing an animated series called <a href="http://www.impfm.com/film-tv-productio/flatrock-animated-series/"><em>Flatrock</em></a>, which is billed as "a fresh and lighthearted look at prison life from the inmate's perspective." <P> On a related note, shortly after arriving in Guatemala by boat, McAfee was <a href="http://www.informationweek.com/security/management/guatemala-arrests-rogue-av-founder-mcafe/240143971">arrested by immigration authorities</a> for having illegally entered the country. Since then, he's been incarcerated in a Guatemalan jail cell, fighting deportation to Belize, where he's wanted for questioning in the murder of his neighbor, fellow American expatriate Gregory Viant Faull, 52. <P> McAfee has claimed that he's innocent of the murder. "I had absolutely nothing to do with the murder in Belize," he said in a <a href="http://www.whoismcafee.com/live-broadcast-press-conference-sunday-december-9th-7-8-pm-guatemala-city/">video "news conference"</a> broadcast Sunday from his Guatemalan prison cell, in which he answered questions that had been submitted in advance. <P> McAfee has claimed that the government of Belize is <a href="http://www.informationweek.com/security/antivirus/mcafee-founder-says-belize-framing-him-f/240124914">framing him for Faull's murder</a>, as part of a long-running vendetta against him. "The intent to question me has nothing to do with Mr. Faull's murder," he said in the news conference. <P> Another question asked whether McAfee -- whose behavior has been seen as erratic -- has ever taken designer drugs known as <a href="http://en.wikipedia.org/wiki/Bath_salts_(drug)">bath salts</a>, as was suggested by a recent <a href="http://www.vice.com/read/john-mcafee-bath-salts-belize-murder-fugitive-gregory-faull"><em>Vice</em> magazine story</a>. In response, he said, "I do not take drugs and have not taken drugs for over 30 years. I do not drink. I haven't taken a drop of alcohol." <P> For McAfee followers who can't wait for the official version of his life events to debut, help is at hand. Taiwanese news show Next Media Animation last week released a <a href="http://www.youtube.com/watch?feature=player_embedded&v=hePJGol7XjQ">wacky CGI recreation of McAfee's flight from justice</a>.2012-12-11T10:06:00ZWith no offline backups available, Australian medical center must choose: pay $4,200 ransom or attempt to do business without patient records.http://www.informationweek.com/security/attacks/hackers-hold-australian-medical-records/240144164?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --> <div class="inlineStoryImage inlineStoryImageRight"> <a href="http://www.informationweek.com/news/galleries/healthcare/security-privacy/232500404"><img src="http://twimgs.com/informationweek/galleries/automated/724/07_Goods_App_Device_600x600_shadow_tn.jpg" alt="Health Data Security: Tips And Tools" title="Health Data Security: Tips And Tools" class="img175" /></a><br /> <div class="storyImageTitle">Health Data Security: Tips And Tools</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div> <!-- /KINDLE EXCLUDE --> An Australian medical clinic's patient records have been forcibly encrypted by attackers, who are demanding $4,200 to decrypt the data. The Miami Family Medical Center, located in the Australian state of Queensland, has taken the encrypted drive offline and refused to pay the ransom demand. <P> Australian news reports have suggested that Russian hackers are behind the ransom demand, but exactly how they cracked the clinic's network remains unclear. "We've got all the antivirus stuff in place -- there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software," clinic co-owner David Wood told <a href="http://www.abc.net.au/news/2012-12-10/hackers-target-gold-coast-medical-centre/4418676">Australia's ABC News</a>. <P> But keeping the clinic running smoothly has been "very, very, very difficult" since the thousands of patient records are now inaccessible, he said. "What medication you're on can be retrieved from the pharmacists [and] pathology results can be gotten back from pathology," he said. <P> Information security expert Nigel Phair, who's the director of Australia's Center for Internet Safety, told ABC News that the attacker's low ransom price reflects a high-volume business model, in which hackers will hold as much data for ransom as possible, and set a price that they think the majority of victims will pay. <P> <strong>[ Social engineering is the oldest trick in the book. See <a href="http://www.informationweek.com/security/privacy/royal-security-fail-may-i-speak-to-kate/240143973?itc=edit_in_body_cross">Royal Security Fail: 'May I Speak To Kate?'</a> ]</strong> <P> Security experts have been warning that <a href="http://www.informationweek.com/smb/security/smb-security-dont-get-held-for-cyber-ran/231902397">small and midsize businesses are especially vulnerable</a> to these types of ransom demands. Any business that suffers this type of exploit would typically also be legally required to <a href="http://www.informationweek.com/security/attacks/more-data-breaches-fewer-details-for-vic/240003658">issue data breach notifications</a> to all of their customers or patients, since their records would have been breached. <P> While numerous data breaches -- including those perpetrated by self-described hacktivist groups -- have <a href="http://www.informationweek.com/healthcare/security-privacy/patient-data-breaches-future-looks-grim/240143949">involved leaked medical records</a>, ransoming the data is a less well-known occurrence. "It really is not much of a surprise, or it shouldn't be, that some criminals have developed ways to profit from the same sort of hacker activity," said Sean Sullivan, security advisor at F-Secure Labs, in a <a href="http://www.f-secure.com/weblog/archives/00002469.html">blog post</a>. "Is this the beginning of a trend which we'll see outside of Oz in 2013?" <P> This isn't the first such attack against Australian businesses. In September, Queensland police issued a warning that two small businesses had been recently targeted by attackers using ransomware. All of the businesses' customer records were forcibly encrypted by attackers, who then sent ransom notices via email to the affected companies. <P> Those businesses appeared to have been exploited via drive-by attacks, launched by websites that had been compromised by attackers. "At this stage it appears that infected websites are responsible for the problem. When this is combined with older or insecure Web browsers or poor network security, companies are essentially leaving the door open for these viruses," said detective superintendent Brian Hay in a statement released at the time. He recommended that any businesses affected by such an attack not respond to the ransom emails, but instead contact police for assistance. <P> In the case of the medical center, paying the attackers' ransom demand may be the only way to recover the data, since forcibly decrypting it may be impossible, said Phair. Then again, paying the ransom might only see the attackers decrypt a fraction of the data, and then require further payments for each additional batch. <P> Wood, the medical center's co-owner, said one lesson he's learned is to ensure that not all backups are network-connected. "Check your IT security and don't leave backups connected to servers," he said. Arguably, if his facility had put a <a href="http://www.informationweek.com/storage/disaster-recovery/no-disaster-recovery-plan-no-excuse/240005645">disaster recovery plan in place</a> that included offsite backups, it would have avoided the situation it's in now. <P> While the Australian ransom demand targeted a medical facility, there's also been an increase this year in ransom-style attacks targeting consumers. Last week, the Internet Crime Complaint Center (IC3), which is a joint effort between the <a href="http://www.informationweek.com/security/government/fbi-to-get-more-cyber-crime-agents/232300860">FBI</a> and the <a href="http://www.informationweek.com/government/security/identify-theft-financial-scams-top-inter/229219434">National White Collar Crime Center</a>, reissued a <a href="http://www.informationweek.com/security/vulnerabilities/ransomware-pays-fbi-updates-reveton-malw/240143047">warning about the Raveton malware</a>, which automatically locks an infected PC and issues a fake notice from the FBI demanding users pay a fine to regain access.2012-12-10T13:30:00ZGroup boasts "juicy release" of 1.6 million records and accounts drawn from defense contractors, government agencies, trade organizations and more.http://www.informationweek.com/security/attacks/team-ghostshell-hackers-claim-nasa-inter/240144111?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->Hacking group Team Ghostshell Monday announced its latest string of exploits, as well as the release of 1.6 million accounts and records gathered as part of what it has dubbed Project WhiteFox. The hacked organizations allegedly include everyone from the European Space Agency (ESA) and the Japan Aerospace Exploration Agency (JAXA), to the Department of Defense and defense contractor L-3 Communications. <P> "'Kay, let's get this party started! ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI try to keep up from here on out because it's about to get interesting," said the group in a <a href="http://pastebin.com/agUFkEEa">Pastebin post</a>, making reference to some of the organizations with servers it claimed to have hacked. <P> The resulting data that was copied and released by Team Ghostshell, and which largely appears to be in the form of server database tables, spans over 140 separate uploads -- all mirrored to multiple sites. Seventeen of those uploads relate to data grabs allegedly obtained from the <a href="http://www.cuna.org/">Credit Union National Association</a> (CUNA), which bills itself as "the premier national trade association serving credit unions." Team Ghostshell said the related data dump puts "over 85 mil. people at risk," while noting that "we've keep (sic) the leak to as little as possible." As of press time, CUNA's website was offline. <P> <strong>[ Read <a href="http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-facts/240008566?itc=edit_in_body_cross">Bank Hacks: 7 Misunderstood Facts</a>. ]</strong> <P> Meanwhile, 36 of Team Ghostshell's uploads appeared to involve data stolen from airport transfer firm World Airport Transfer, which is based in Ohio and owned by Tours & Co; 23 uploads are from California Manufacturers & Technology Association; 19 from Crestwood Technology Group; and eight from NASA's Center for Advanced Engineering Environments. Some of the other breached organizations appeared to include the Institute of Makers of Explosives, law firm Glaser Weil, the Defense Production Act (DPA) Title III Program, intelligence company Aquilent, the Texas Bankers Association, and the University of Texas at Austin School of Law's continuing education program. <P> The hackers apparently were also able to access servers that are part of ICS-CERT, the Department of Homeland Security Information Network, the FBI's Washington division in Seattle, intelligence company Flashpoint Partners, and Raytheon. It promised to warn affected organizations, via an email from deadmellox@tormail.org. "The email will also contain another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, intelligence firms, L-3 CyberSecurity, JAXA, etc. consider it an early Christmas present from us," said Team Ghostshell. <P> In what it has dubbed its year-end wrap up, the hacking group also detailed an identity -- "DeadMellox" -- which it said that its members had created to trace the flow of information relating to hackers. "'DeadMellox' was a ghost to begin with. Never existed. No, really. Before we created 'him,' he never exited (sic) on the internet, zero searches on google and all that jazz. Starting to get it now? We used the name afterwards to trackback all mentions of that name all over the place," said the group via Pastebin. <P> As part of its massive dox -- aka data dump -- Team Ghostshell included a briefing document allegedly stolen from Flashpoint Partners, the private intelligence firm that recently <a href="http://www.informationweek.com/security/attacks/us-bank-attackers-dispute-iran-ties/240142895">scored an interview with the U.S. bank attackers</a>. The document lists the <a href="https://twitter.com/deadmellox">Twitter feed of DeadMellox</a> as a source for the company's Team Ghostshell intelligence. To obtain the document, the hacking group claimed to have penetrated the Flashpoint network. "Interesting fact is that we weren't the only ones in there doing espionage," it said. <P> Earlier efforts by Team Ghostshell have included the release of 50,000 user accounts stolen from a <a href="http://www.informationweek.com/security/attacks/hackers-claim-wall-street-resume-leak/240004023">jobs board that focuses on Wall Street</a>, and the release of 120,000 records from <a href="http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240008262/team-ghostshell-exposes-120-000-records-from-universities.html">100 of the world's top universities</a>, including Harvard and Oxford. <P> Last month, meanwhile, after "declaring war on Russia's cyberspace" as part of what it dubbed <a href="http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240034513/team-ghostshell-declares-war-on-russia-s-cyberspace.html">Project BlackStar</a>, the group claimed to have leaked 2.5 million records and accounts related to a number of Russian government, law enforcement, and business organizations. <P> <i>Storing and protecting data are critical components of any successful cloud solution. Join our webcast, Cloud Storage Drivers: Auto-provisioning, Virtualization, Encryption, to stay ahead of the curve on automated and self-service storage, enterprise class data protection and service level management. <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005242&K=STOEAIBM">Watch now or bookmark for later</a>.</i> <P>2012-12-10T11:38:00ZTexas charges a self-professed Anonymous spokesman with handling stolen Stratfor credit card data; Britain convicts four people for Operation Payback DDoS attacks.http://www.informationweek.com/security/attacks/anonymous-no-longer-hacktivist-spokesman/240144134?cid=RSSfeed_IWK_authors<!-- KINDLE EXCLUDE --><div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/security/attacks/muslim-hacktivists-target-us-banks-8-fac/240009554"><img src="http://twimgs.com/informationweek/galleries/automated/886/01_Wall-Street_tn.jpg" alt="Who Is Hacking U.S. Banks? 8 Facts" title="Who Is Hacking U.S. Banks? 8 Facts" class="img175" /></a><br /> <div class="storyImageTitle">Who Is Hacking U.S. Banks? 8 Facts</div> <span class="inlinelargerView">(click image for larger view and for slideshow)</span></div><!-- /KINDLE EXCLUDE -->One of the most publicly visible faces of the Anonymous hacktivist collective faces jail time for allegedly handling data stolen in last year's hack of global intelligence company Stratfor. <P> A federal grand jury in Dallas Friday returned a <a href="http://www.scribd.com/doc/115981886/Gov-uscourts-txnd-226354-1-0">12-count indictment</a> against Barrett Lancaster Brown, 31, who's a former self-proclaimed spokesman -- or some might say <a href="http://threatpost.com/en_us/blogs/barrett-brown-public-face-anonymous-leaves-group-051611">chief apologist</a> -- for the Anonymous hacking collective. <P> The indictment, filed Tuesday in open court, accused Brown of one count of access device fraud, for having stolen credit card numbers in his possession. Brown also is accused of one count of trafficking in stolen authentication features, for allegedly transferring a hyperlink "from the Internet relay chat (IRC) channel called '#Anonops' to an IRC channel under Brown's control called '#ProjectPM,' said hyperlink [providing] access to data stolen from the company Stratfor Global Intelligence, to include in excess of 5,000 credit card account numbers, the card holders' identification information, and the authentication features for the credit cards," such as the card verification value (CVV) printed on the back of cards. <P> <strong>[ Read <a href="http://www.informationweek.com/global-cio/personnel/how-to-hire-a-hacker/240002918?itc=edit_in_body_cross">How To Hire A Hacker</a>. ]</strong> <P> The other 10 counts against Brown all are aggravated identity theft charges relating to 10 specific cardholders who had their credit card information, as well as physical and email addresses, allegedly shared by Brown. Specifically, he's been accused of having "transferred and possessed" their card information, which authorities said occurred between Dec. 25, 2011, and March 6, 2012. <P> According to the U.S. Attorney's Office, if Brown is convicted of all charges, he faces a maximum of 15 years in jail for the trafficking count and 10 years for the access device fraud. In addition, he faces a mandatory two years for each aggravated identity theft count, as well as a fine of up to $250,000 for each count. He might also be ordered to pay restitution. <P> Interestingly, Brown walked away from Anonymous last year, <a href="http://arstechnica.com/tech-policy/2011/05/why-anonymous-spokesman-is-leaving-the-group/">telling Ars Technica</a> in May 2011 that he'd grown dissatisfied by the focus of the group shifting from toppling dictators to ganging up on electronics companies such as Sony. Brown said he'd be spending time instead working with his activist group, "Project PM," which according to its <a href="http://pastebin.com/QNuXwRTn">mission statement on Pastebin</a> is designed "to develop new methods by which to use the Internet for positive change and to encourage others to adapt such methods." <P> Brown has been in jail since being arrested at his home in Dallas on Sept. 12 by FBI agents. His arrest came just hours after he <a href="http://www.youtube.com/watch?feature=player_embedded&v=TOW7GOrXNZI#!">posted a threatening YouTube video</a> called "Why I'm Going to Destroy FBI Agent Robert Smith," in which Brown made references to the agent's children, and threatened to "ruin" the agent's life. Brown now faces charges of threatening a federal agent via the Internet, threatening to publish a U.S. employee's restricted personal information, and threatening retaliation against a federal law enforcement officer. The 12-count indictment against him, filed last week, doesn't include those charges. <P> Authorities currently also are prosecuting Jeffrey Hammond, who they've accused of <a href="http://www.informationweek.com/security/attacks/accused-lulzsec-hacker-could-face-life-i/240142628">masterminding the Stratfor hack</a> and subsequent data release, as well as serving as second-in-command to <a href="http://www.informationweek.com/security/attacks/whats-next-for-anonymous-after-sabu-arre/232602188">LulzSec leader</a> Hector Xavier Monsegur, better known as Sabu. If convicted on all charges, Hammond faces a prison term of <a href="http://www.informationweek.com/security/attacks/should-lulzsec-suspect-face-life-in-pris/240142911">between 30 years and life imprisonment</a>. <P> In other hacktivist prosecution news, British authorities Thursday announced that Christopher Wetherhead, 22, has been found guilty of one count of conspiracy to commit unauthorized acts with intent to impair the operation of a computer, in violation of the country's 1990 Computer Misuse Act. Authorities said three of Wetherhead's co-conspirators pled guilty to the same charge earlier this year, while another one -- a 15-year-old boy -- received a written warning from a local youth justice board. <P> "These are important convictions which confirm this type of activity is not merely civil protest but is serious criminal conduct," said detective chief inspector Terry Wilson, who's with the London Metropolitan Police Service's Police Central e-Crime Unit, in a statement. <P> According to police, Wetherhead's group operated under such nicknames as "Nerdo" and "NikonElite," and "targeted a number of companies from the digital entertainment industry that make up the anti-piracy lobby (i.e. those taking legal actions against illegal file-sharing)," including the British Phonographic Industry. The group then began participating in the Anonymous collective's <a href="http://www.informationweek.com/security/attacks/anonymous-group-abandoning-ddos-attacks/228800667">Operation Payback</a>, which targeted businesses such as MasterCard and PayPal with distributed denial of service attacks, for their having blocked payments to WikiLeaks. <P> Wetherhead and two of his co-conspirators were first arrested on Jan. 27, 2011, with a fourth man arrested on April 6, 2011. All four are scheduled to return to court on Jan. 14 for <a href="http://www.cps.gov.uk/legal/p_to_r/provision_of_pre_sentence_report_information/">pre-sentencing reports</a>. <P> <i>Storing and protecting data are critical components of any successful cloud solution. Join our webcast, Cloud Storage Drivers: Auto-provisioning, Virtualization, Encryption, to stay ahead of the curve on automated and self-service storage, enterprise class data protection and service level management. <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1005242&K=STOEAIBM">Watch now or bookmark for later</a>.</i> (Free registration required.)</i>2012-12-07T12:30:00ZYou can't make up stories like the one unfolding around rogue antivirus company founder John McAfee. Catch up on the latest.http://www.informationweek.com/security/government/6-wacky-mcafee-facts-from-guatemala-with/240144062?cid=RSSfeed_IWK_authorsPicture the scene: An information security genius retires to Central America, where he dabbles in yoga, guns, and pharmaceutical research. An unknown assassin kills his neighbor, perhaps mistaking him for the security pro. When government agents turn up, the security pro goes rogue, burying himself in the sand, with his face shielded by cardboard so he can breathe. Over the next three weeks, he escapes over land and by boat to a friendly nearby country, where he requests asylum and promises to tell all. <P> As an episode of "24," viewers might call that scenario forced. But it's the actual ongoing case of real-life 67-year-old antivirus pioneer John McAfee, who fled Belize after being sought for questioning in the Nov. 10 murder of his neighbor, fellow U.S. citizen Gregory Viant Faull, 52. Along the way, McAfee claimed to create a diversion involving another "John McAfee" who was arrested with a North Korean passport in that name at the border between Belize and Mexico, before the real McAfee landed in Guatemala and began seeking asylum. <P> Having trouble keeping up with the unfolding drama, which is currently in the running for the wackiest information security-related story of 2012? Here are six related facts: <P> <strong>1. Murder Charges Haven't Been Filed Against McAfee</strong> <P> Why did McAfee flee Belize? To be clear, no charges have been filed against him, and investigators in Belize have recently said that he's not a suspect in Faull's murder. <P> But according to McAfee, authorities in Belize have attempted to <a href="http://www.informationweek.com/security/antivirus/mcafee-founder-says-belize-framing-him-f/240124914">frame him for the murder of Faull</a>, after previously harassing him after he stopped donating money to the government. "Seven months ago the Belizean government sent 42 armed soldiers into my property. They killed one of my dogs, they broke into all of my houses, they stole, they arrested me and kept me handcuffed in the sun for 14 hours. I was taken to jail, and it was only the intervention of the U.S. embassy that got me out of jail," said McAfee said in a video uploaded to YouTube by <em>Vice</em> magazine, which has had journalists shadowing McAfee from Belize to Guatemala. <P> <strong>[ For more background on the McAfee story, see <a href="http://www.informationweek.com/security/mobile/mcafee-av-king-turned-fugitive-surfaces/240143769?itc=edit_in_body_cross">McAfee, AV King Turned Fugitive, Surfaces In Guatemala</a>. ]</strong> <P> <strong>2. McAfee Alleges Corruption In Belize</strong> <P> On Wednesday McAfee said he'd hold a press conference in Guatemala City Thursday, at which he promised to unveil proof of widespread government corruption in Belize. Just hours later, however, he was arrested by immigration police in Guatemala for having entered the country illegally. Since then, McAfee has been <a href="http://www.informationweek.com/security/management/guatemala-arrests-rogue-av-founder-mcafe/240143971">updating his blog from jail</a>. Currently, a judge is reviewing his case and could opt to not return McAfee to Belize if it can be proven that his life would be in danger. <P> <strong>3. Guatemala Rejects Asylum Application</strong> <P> After being on the run for three weeks, McAfee arrived in Guatemala by boat with his 20-year-old girlfriend, Sam Vanegas, and two journalists from <em>Vice</em>, which <a href="http://www.informationweek.com/security/mobile/mcafee-av-king-turned-fugitive-surfaces/240143769">inadvertently disclosed his location</a> via an iPhone photo. <P> One of McAfee's first actions after arriving in Guatemala was to obtain counsel and request asylum. His lawyer, Telesforo Guerra -- a former attorney general of Guatemala and Vanegas' uncle -- filed the asylum request. In a press conference Thursday, however, Guatemalan president Otto Perez Molina announced that McAfee's request had been rejected, saying that the country had "no obligation" to grant his request. <P> <strong>4. Heart Attack: False Alarm</strong> <P> After his asylum request was rejected, McAfee Thursday was taken to a police hospital, complaining of chest pains. Earlier in the day, he'd declined to be taken to a hospital, saying that after suffering a heart attack in 2003, he <a href="http://today.msnbc.msn.com/id/44979333/ns/today-books/t/jobs-delayed-cancer-surgery-tried-herbal-remedies-first/">preferred to use Chinese herbal medicine</a>. "Last night I had a little bit of pain, but I am fine this morning," he told the Associated Press. "I don't like Western medicine ... if the people around me are kind and compassionate, that's all that matters in life. The people of Guatemala are very kind people, so I have no complaints." <P> Doctors who examined McAfee found no signs that he was having a heart attack, and suggested that the chest pains related to McAfee having consumed no food and little water over the preceding 24 hours. <P> <strong>5. Belize Hints At New Evidence</strong> <P> What might happen if -- or when -- McAfee returns to Belize? Technically, no warrant has been issued for his arrest by the country, meaning that after police questioning, he could be free to go. <P> Raphael Martinez, a spokesman for the Belize government, said that because charges haven't been filed against McAfee, he could be held for only up to 48 hours for questioning, or longer if formally charged, <a href="http://abcnews.go.com/International/guatemala-deport-john-mcafee-back-belize/story?id=17890926">reported ABC News</a>. "There is more that we know about the investigation, but that remains part of the police work," Martinez said, meaning that investigators may have as-yet-undisclosed evidence relating to the case. Regardless, Martinez argued that returning McAfee to Belize was "the neighborly thing to do." <P> <strong>6. Banner Year For Asylum Requests</strong> <P> It's been a big year for tech-savvy types fleeing charges in one country to seek asylum in another. Indeed, 2012 has also been the year in which <a href="http://edition.cnn.com/2012/08/16/world/americas/ecuador-assange/index.html">Ecuador granted asylum to Julian Assange</a>, the founder of WikiLeaks. The only wrinkle with that case, of course, is that the Australian national is holed up in Ecuador's embassy in London. British authorities have promised to arrest him, should he emerge, and send him to Sweden, where he's wanted for questioning related to <a href="http://www.informationweek.com/hardware/unix-linux/wikileaks-assange-arrested-on-rape-charg/228600116">charges of sexual molestation and rape</a> that have been filed against him. <P> <i>InformationWeek's last Enterprise Social Networking Survey found huge interest, widespread use -- and lukewarm satisfaction with the results from enterprise social networking. Now in its fifth year, our annual survey assesses the growth of enterprise social networking and its impact on internal and external operations. Take our <a href="http://informationweek.2013socialnetworking.sgizmo.com/s3/?iwid=pl">Enterprise Social Networking Survey Survey</a> now. Survey ends Dec. 7. </i>2012-12-07T10:50:00ZCalifornia attorney general opens suit after Delta ignores warnings about its nonexistent app privacy policy. This may be a small part of the airline's larger technology problems.http://www.informationweek.com/security/privacy/calif-sues-delta-for-app-privacy-violati/240144043?cid=RSSfeed_IWK_authorsHas Delta's smartphone app program been left to fly on autopilot? <P> That's one possible explanation for why Delta failed to address a written notice from California, sent in October, which warned that unless the airline updated its mobile apps within 30 days to include a privacy policy, the state would sue it for violating privacy laws. <P> As promised, California's attorney general, Kamala D. Harris, Thursday filed a groundbreaking civil lawsuit against the airline in San Francisco state court. The lawsuit accuses Delta of violating both the 2004 California Online Privacy Protection Act and California's Unfair Competition Law by failing to post a conspicuous privacy policy for its mobile "Fly Delta" app, which debuted in 2010. By conspicuous, the state means that the privacy policy should be "reasonably accessible to consumers within the apps." <P> According to the lawsuit, "despite collecting substantial personality identifiable information (PII) such as a user's full name, telephone number, email address, frequent flyer account number and PIN code, photographs and geo-location, the Fly Delta application does not have a privacy policy." As a result, it said, "users of the Fly Delta application do not know what personally identifiable information Delta collects about them, how Delta uses that information, or to whom that information is shared, disclosed or sold." <P> <strong>[ Privacy seems to be an antiquated concept. Read <a href="http://www.informationweek.com/cloud-computing/software/social-networks-continue-push-for-contro/240143884?itc=edit_in_body_cross">Social Networks Continue Push For Control</a>. ]</strong> <P> "Losing your personal privacy should not be the cost of using mobile apps, but all too often it is," Harris said in a statement. "California law is clear that mobile apps collecting personal information need privacy policies, and that the users of those apps deserve to know what is being done with their personal information." <P> The state's lawsuit seeks to prohibit Delta from distributing its mobile app until it posts a privacy policy, and requests a $2,500 fine for every non-compliant app that's been downloaded by consumers. "FlyDelta has been downloaded over 1 million times on Google Play store alone. That's <a href="https://twitter.com/JustinBrookman/status/276856502072012800">$2.5 billion in potential penalties</a>," said Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, via Twitter. <P> A Delta spokesman didn't immediately respond to an emailed request for comment about how the airline intends to respond to the lawsuit. <P> What's perplexing about this case is that the lawsuit could have easily been avoided. Harris first began warning about the state's mobile-app privacy policy enforcement plans in February, when she announced a <a href="http://www.informationweek.com/security/privacy/obamas-consumer-privacy-bill-of-rights-9/232601343">legal settlement</a> with the six largest mobile app distribution platforms. That settlement included a set of privacy principles that will allow consumers to review an app's privacy policy without having to first download or install the app. <P> Subsequently, the state began directly cautioning mobile-app developers who failed to post a privacy policy both online and in their app. In letters dated Oct. 29, <a href="http://www.informationweek.com/government/mobile/california-targets-mobile-apps-for-missi/240012603">Harris notified numerous businesses</a> -- which collectively develop as many as 100 different mobile apps -- that they were breaking California privacy law, and had 30 days "to conspicuously post a privacy policy within their app that informs users of what personally identifiable information about them is being collected." <P> On Oct. 31, Delta spokeswoman Chris Kelly Singley confirmed to <em>InformationWeek</em> via email, "We have received the letter from the attorney general and intend to provide the requested information." <P> More than 30 days later, what accounts for Delta's failure to include a privacy policy in its Fly Delta app, which is available for Android, BlackBerry, iOS and Windows Phone devices? Interestingly, every platform version of the app has recently garnered withering reviews for its slow response time, as well as for requiring a PIN code, which Delta previously issued to all new website users. But while Delta has discontinued issuing new PIN codes, its mobile app still requires one. That led one reviewer at the iTunes store to note of the app: "Will only let you login with a pin, and the Delta website says they've switched from pins to passwords (login will only let you continue with a pin). I'm deleting this app immediately." <P> User reviews also note that the Windows Phone version of the app remains incompatible with Windows Phone 8, which was released more than a month ago. Likewise, some BlackBerry users with recently released handsets said the BlackBerry version of the app fails to work on their device. <P> In other words, irrespective of the California privacy-lawsuit warning, Delta hasn't been updating its mobile applications lately. Combined with the company's recent decision to drop PINs for passwords -- which appears to be a work in progress -- does the airline currently have more technology challenges on its plate than the company's developers can handle?