Friday, June 10, 2011

Spain arrests Anonymous suspects

Three suspected members of the Anonymous hacking group have been arrested in Spain.

The trio are said to have been involved in co-ordinating the group's activity in that country.

The arrests were made simultaneously in three Spanish cities - Barcelona, Valencia and Almeria.

Anonymous has claimed responsibility for attacks on Sony, Spanish banks and co-ordinated action in defence of whistle-blowing site Wikileaks.

A statement from the Spanish national police force said that a computer seized in the home of one person it arrested was used in the hacks.

The arrests were the culmination of an investigation that began in October 2010. It involved Spanish cyber police combing through millions of lines of chat logs to identify who was co-ordinating the group's activities.

Some of the attacks made by Anonymous members used a web-based tool called Loic to bombard target sites with data. The websites of PayPal, Mastercard and Amazon were all targeted using this tool.

It seems that Loic did a poor job of hiding the identity of the people using it. It is believed that some police forces have already moved against the group based on this information.

Arrests have been made in the US, UK and Holland of Anonymous members, prior to the raids in Spain.

Anonymous grew out of the online picture sharing site 4Chan and describes itself as a group of concerned internet citizens.

As well as attacking sites that it perceives as not supporting Wikileaks. The loosely organised collective has also attacked government sites in Tunisia and Egypt to aid popular protest movements.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Hackers target UK games developer

The personal details of thousands of people have been stolen after hackers targeted British games developer Codemasters.

The firm described the data theft as "significant" saying names, addresses, phone numbers and dates of birth were all taken on 3 June.

However, it said that payment details were not compromised.

The latest security breach comes in the midst of a spate of hacker attacks, including several against Sony.

Codemasters said it took the compromised website offline as "as soon as the intrusion was detected".

Probe

A subsequent investigation revealed that hackers managed to take the personal details of thousands of users, including names, addresses, email addresses, phone numbers and dates of birth, passwords, IP addresses, XBox gamer tags, and biographies.

In an e-mail sent to some of its customers, the firm advised users to "change any passwords you have associated with other Codemasters accounts.

"If you use the same login information for other sites, you should change that information too.

"Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information."

A spokesperson for Codemasters told BBC News that they still had no idea who targeted their sites, or how many people had their details compromised, although they said that it would affect tens of thousands of users.

Codemasters said its website - codemasters.com - would remain offline "for the foreseeable future" with users being directed to its Facebook page.

Brad Langford from Manchester contacted the BBC after receiving an e-mail from Codemasters, warning that his personal details may have been taken.

He said: "Sensitive information such as date of birth, and some times postal address are tools to hackers who try and steal identities.

"Does a company like Codemasters or any video game company really require such sensitive information? In my opinion - no."



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Hi-tech crime estimates 'biased'

Surveys of cyber crime and numbers of sexual partners have a lot in common, researchers have suggested.

Both are self-reporting, uncorroborated surveys that are subject to "catastrophic errors", according to analysis by a Microsoft research team.

Over-reporting by a small number of survey subjects can wildly skew final estimates.

As a result, they said, no faith should be placed in the evidence these surveys claim to have uncovered.

Body count

There were deep similarities between surveys that try to get a snapshot of hi-tech crime and those that peep into human sexual relations, said Dinei Florencio and Cormac Herley in a paper entitled Sex, Lies and Cyber Crime Surveys.

Typically these surveys build up their totals from self-reported estimates because both phenomena defy "large-scale direct observation".

In the case of sexual partner surveys, such self-reporting produces totals which suggest that men have had far more female sexual partners than women have had male sexual partners. This, according to the researchers, "is impossible".

The truth is that in these surveys men over-report partner numbers and women under-report. Plus, said the researchers, some men tell "whopping" lies about their sexual lives and, as a result, vastly inflate the final results.

The same is true of cyber crime surveys, in that respondents tend to over-report. Also some wildly overestimate the financial loss they suffered or the time it took to resolve problems caused by theft of login details, credit card numbers or other valuable data.

Mathematical analysis of the surveys shows that it only takes a few large overestimates to produce a total that bears little relation to the facts.

"Our assessment of the quality of cyber crime surveys is harsh," wrote the researchers. "They are so compromised and biased that no faith whatever can be placed in their findings."

David Emm, senior security researcher at Kaspersky Labs, said he was always "sceptical" about figures that tried to quantify cyber crime.

"It's by definition a covert economy," he said, "cyber criminals don't publish annual accounts."

But, he said, it was not necessary to produce a global market estimate to be sure it was a big problem.

"Look at the reports in online media of arrests of cyber criminals and the figures cited for what the criminals would have 'earned' had they been successful," he said.

"These are real figures," he added. "Given that this is just the tip of a much larger iceberg, it's clear that it's a lucrative business."

The Sex Lies and Cyber Crime surveys paper is due to be presented at the forthcoming Workshop on the Economics of Information Security.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Microsoft to pay $290m court fine

The US Supreme Court has denied an appeal by Microsoft against a $290m verdict for infringing a small Canadian company's patent.

The company, i4i, sued Microsoft in 2007, saying it owned the technology behind a text manipulation tool used in Microsoft's Word application.

The technology gave Word 2003 and Word 2007 users an improved way of using a document's contents.

Lower courts had said Microsoft wilfully breached the patent.

They ordered the world's biggest software maker to pay up, and to stop selling versions of Word containing the infringing technology.

'Clear and convincing'

Microsoft claimed a judge used the wrong standard in instructing the jury that decided on the award, and said the judgement should be overturned.

It pushed for a lower standard of proof of infringement to be used instead, arguing that the level of proof usually required to overturn a patent in the US was too high.

Defendants in US patent suits are required to show that 70-80% of the "clear and convincing" evidence supports their case.

Microsoft argued that they should only need to show a "preponderance" of the evidence - more than 50% - was in its favour.

However, the Supreme Court said the "clear and convincing" standard was the correct one.

Prior to the decision, President Obama's administration had called for the court to uphold the higher standard of proof.

Microsoft said in a statement: "While the outcome is not what we had hoped for, we will continue to advocate for changes to the law that will prevent abuse of the patent system and protect inventors who hold patents representing true innovation."

Microsoft now sells versions of Word that do not contain the technology in question.

Loudon Owen, chairman of i4i, welcomed the outcome: "Microsoft tried to gut the value of patents by introducing a lower standard for invalidating patents.

"It is now 100% clear that you can only invalidate a patent based on 'clear and convincing' evidence."



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials