Hacking and Anonymous surfing

Morgan Stanley experienced a “very sensitive” break-in to its network by the same China-based hackers who attacked Google Inc’s computers more than a year ago, Bloomberg reported, citing leaked emails from an Internet security company.
The emails from the Sacramento, California-based computer security firm HBGary Inc said that Morgan Stanley — the first financial institution identified in the series of attacks — considered details of the intrusion a closely guarded secret, the report said.

Bloomberg quoted Phil Wallisch, a senior security engineer at HBGary, as saying that he read an internal Morgan Stanley report detailing the so-called Aurora attacks.

The HBGary emails don’t indicate what information may have been stolen from Morgan Stanley’s databanks or which of the world’s largest merger adviser’s multinational operations were targeted, according to the report.

Hackers are increasingly concentrating on attacks using social networking sites and techniques, and the industry needs to respond in kind according to Cisco.

Speaking at DEMO 2011 Tom Gillis, vice president and general manager of Cisco’s security division, said that a recent attack on his company showed how these techniques were being used to get around security systems.

During a Koobface attack he said the company tried putting an image captcha designed to defeat automated attacks. This worked for 48 hours until the attackers set up a network of contractors who inputted the captcha data in exchange for electronic currency. After more time the attackers set up a script to run on infected machines to require the user to input captcha details or face a system reboot. This took a cost out of the system he said.

Apple seems to be set to release a cheaper iPhone after the company’s executives made some uncharacteristically frank comments during an analyst meeting with Bernstein Research analyst Toni Sacconaghi. Chief operating officer Tim Cook appears to have all but confirmed a cheaper iPhone is in the works.

Cook told Sacconaghi that the Cupertino company wants its iPhone to not be just a device “for the rich,” and said the company is planning “clever” things for the prepaid market. He acknowledged that China, a major mobile market which the company is now focusing heavily on, is a country which has a large prepay base.

There was no market that Apple was willing to cede to its competitors, Cook said. Such an attitude from the company’s top brass seems somewhat shocking, considering the company for so long prided itself on its exclusivity and highly targeted products.

Ever wonder how much of a time suck Bejeweled is? Or how often your legitimate work-related research on the Web deteriorates into recreational browsing? Now there is software that will tell not only you, but also your boss and your coworkers.

We’re not talking about secretive spying software, though there is plenty of that for employers to use. No, there’s a new breed of corporate monitoring software that watches what employees do during the workday – without being stealthy. These in-your-face widgets report just how much or how little you’re getting done.

Most people who try out the software are shocked, says Joe Hruska, CEO and co-founder of RescueTime, which makes such monitoring software. “It’s very surprising to people how little, on average, gets done that’s productive during an eight-hour workday,” he says. “If you’re doing four to five hours of productive work on a computer, you’re in the top percentile. It is pretty rare that we see anybody go over five hours a day of productive time on a computer.”

Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach.

The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal’s computer network and published tens of thousands of company e-mail messages on the Internet. HBGary did not respond to telephone and e-mail requests for comments on Barr’s resignation.

In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack. “I need to focus on taking care of my family and rebuilding my reputation,” Barr said in a phone interview. “It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”

Law enforcement has a problem, and you may be part of it.

If your company makes an Internet application that enables its users to communicate with each other and you do not have a way to hand over those communications in real time to law enforcement, then you are part of the problem. If one grants that there is a problem, as I do, the question becomes: “Is the solution worse than the problem?”

The U.S. House Committee on the Judiciary recently held a hearing on the general problems faced by law enforcement in today’s Internet. They called the hearing “Going Dark: Lawful Electronic Surveillance in the Face of New Technologies.” During the hearing, FBI General Counsel Valerie Caproni clearly described the problems faced by law enforcement, noting that not all telecommunications providers were able to quickly meet their obligations under the Communications Assistance for Law Enforcement Act (CALEA). But she focused most of her testimony on the problem that law enforcement has in getting real-time communication among users of modern Internet applications.

The National E-Health Transition Authority has picked IBM to design and build the National Authentication Service for Health, an authentication service for its e-health records roll-out.

The deal, worth $23.6 million, will see the provider create a system by 30 June 2012, which will use public key infrastructure and secure tokens such as smart cards to provide an authenticated service so that healthcare personnel and providers can exchange e-health information including referrals, prescriptions and personally controlled electronic health records.

“It is critically important that when our doctors and nurses use e-health systems they know that they are sending and receiving communications to and from the right people,” Health Minister Nicola Roxon said. “This system will put in place strong access control mechanisms for [personally controlled electronic health records] so that patients will be able to grant access to their information — and be able to track which providers have accessed their records.”

An IT administrator at British Airways has been found guilty of four terrorism charges after an online investigation.

Rajib Karim, 31, joined BA in 2007 as a post-graduate trainee after getting a degree in electronics at Manchester University. He used his position to collect and distribute terrorist materials and conducted online conversations with radical cleric Anwar al-Awlaki.

“He found a position as a software engineer, which the prosecution said he considered the perfect job, giving an opportunity sooner or later to fulfil his deadly objective,” said Colin Gibbs, counter terrorism lawyer for the Crown Prosecution Service. Karim used the BA networks in London and Newcastle to disseminate confidential information to members of the Jammat-ul Mujahideen Bangladesh (JMB) terrorist group. He is also said to have discussed shutting down BA’s critical computer systems as part of an attack.

The California nonprofit organization that operates the Internet’s levers has always been a target for global heavies like Russia and China that prefer the United Nations in charge of the Web. But these days, the Internet Corporation for Assigned Names and Numbers is fending off attacks from a seemingly unlikely opposition: the Obama administration.

The U.S. government, which helped create ICANN in 1998, has been reprimanding the nonprofit to be more accountable to foreign nations, even warning that it must meet certain U.S. recommendations by the summer.

The battle has come at a sensitive time for ICANN, which this year is trying to pull off the biggest expansion of the Web in the Internet’s history. This week and later in March, the nonprofit is meeting with foreign governments to debate the controversial launch of new Web suffixes, such as .gay, .god or .nazi. Also, this fall, the nonprofit is trying to keep its federal contract to oversee the Web’s master database of addresses – a power that alarms some foreign governments.

Baidu Inc. and Alibaba Group Holding Ltd.’s Taobao, China’s biggest Internet search engine and retailer, were named “notorious markets” by the U.S. Trade Representative for helping sustain piracy and counterfeiting.

The two Chinese companies were among more than 30 Internet and physical markets worldwide identified by the USTR for helping the illegal sale of goods or materials protected by copyright or patents. Others on the list include the Pirate Bay file-sharing website in Sweden and the Silk Market in Beijing, according to the statement.

The U.S. agency said it published the list of “notorious markets,” which have been subject to enforcement action or may merit further investigation, to help authorities step up efforts to crack down on intellectual property rights violations. The spread of global piracy and counterfeiting hurts entrepreneurs and industries worldwide, said Ron Kirk, the trade representative.