BreachBytes

SC Magazine reported today that the Davidson Companies, a Montana-based financial firm disclosed “one of its databases, containing the names and Social Security numbers of 226,000 current and past clients, was illegally accessed ‘by a third party through a sophisticated network intrusion.’” In response the firm “took its public website offline after learning of the intrusion, hired a security consulting firm to investigate the theft and notified the major credit-reporting bureaus after learning about the incident.”

We keep beating the drum at BreachBytes that enterprises need to have a response and recovery plan in place because Breaches are inevitable.

A quote by Gartner analyst John Pescatore in a recent article in PC World points out a fact that is becoming more and more common and is of grave concern to security experts:

“…government-funded cyber espionage is minimal in comparison to that carried out by criminals motivated to steal information for financial gain.”

Cybercrimes are no longer fashionable pranks by teenage hackers to get their name in the paper. Cybercrime is now being driven by financial gain and in many cases is the result of organized crime. The San Jose Mercury News did an excellent three-part series called “Ghosts in the Browser” which highlighted the rise of organized crime, particularly overseas, in the cyberworld.

What makes this so scary?

(more…)

In the end of 2007 we first noted the FastHosts breaches in the BreachBytes links to breach articles. On January 14, 2008, ComputerWorld reported that the seemingly benign and random breach(es) at FastHost - The UK’s largest hosting company - in late 2007 appear to be much worse than originally thought due to the damage that is now happening as a result. Here is the article:

New mass hack strikes sites, confounds researchers

It is interesting to see that the hackers continue to use more sophisticated methods to perform their damage and a variety of the knowledgeable security companies are quoted as not really knowing how to determine which sites were in fact infected.

Two big legal cases have made headlines in the cybercrime arena over the last week. First, Reuters reported on 1/3/08 that the Justice department has indicted Alan Ralsky, known as the “spam king”, under charges that he orchestrated a stock spamming operation. Reuters, in a 1/8/08 article, is also reporting on a case where a system administrator was hit for $81K in fines and 30 months in prison for unleashing a classic logic bomb on his former employers servers.

Maybe this is just a coincidence but does this signal a shift towards holding criminals accountable for cybercrime? I personally would like to think so since a huge reason that cybercrime is so rampant is due to the U.S. legal system’s inability to evolve and adapt in the prosecution of crimes that take place on or using the Internet.

(more…)

I find myself asking the question: “How can a network ever really be secure?” and talking about it with customers and colleagues all the time. This article “How dangerous user behavior puts networks at risk” brings this issue to the forefront. Regardless of the number of defenses a company puts in place whether it’s firewalls, Intrusion Prevention Systems, Security Information Management Systems or the like one of the biggest vulnerabilities are the users on a network.

It is becoming necessary both from what you read in the press and today’s environment to be sure that your company has the necessary “evidence” in a stockpile in addition to alerting and correlation tools for those times when you are alerted by one of your users or a network device about potentially damaging user behavior. What I mean by evidence is to retain all of that network and NetFlow data for future forensic analysis. While that data isn’t going to be able to spot the employee who loads up a thumb drive with company data and takes it home, that data is what allows network security experts in a company to address the insider threat caused by simple violations of corporate policies when it comes to what the employee does online.

(more…)