News Security

Virgin Media Warns Customers Of SpyEye Infection

Virgin Media has cooperated with SOCA to identify broadband customers who are infected by SpyEye

Virgin Media has sent letters to about 1,500 of its broadband customers warning that their systems are infected by the SpyEye Trojan, which steals banking data.

The letters follow on from an investigation by the Serious Organised Crime Agency (SOCA) which uncovered IP addresses of infected systems. SOCA handed the IP addresses over to Virgin Media which identified a number of its customers among those affected.

Serious risk

Virgin Media previously used written notifications to alert users to the risk posed by the Zeus Trojan last year.

In the letters Virgin Media emphasised the seriousness of the risk from SpyEye and urged customers to update their security software. Customers also have the option of signing up for a help service, using which Virgin Media can remotely identify and eliminate problems.

Virgin Media said customers need increasingly more direct warning methods as the importance of broadband grows.

“Cyber crime is on the rise and the increasing sophistication of malware infections means that all Internet users could be at risk with devastating effects,” said Jon James, executive director of broadband at Virgin Media, in a statement.

SOCA said it isn’t enough for users to rely on service providers to help them.

“It is equally important for consumers to protect their finances and personal information by ensuring their computers are equipped with up-to-date security software,” said Lee Miles, SOCA’s head of cyber, in a statement.

Stealthy Trojan

SpyEye works in stealth mode, is invisible from the task manager and other user-mode applications, hides the files from the regular explorer searches, and also hides its registry keys. It can grab data entered in a web form and automates getting money from stolen credit cards.

In April British police arrested three alleged members of the SpyEye gang. Security researchers consider SpyEye, a banking Trojan that harvests victims’ personal credentials, the de facto successor to the Zeus Trojan.

Two of the men were charged on 8 April, but the third man was released on bail on the condition that he return for further questioning in August, police said. Pavel Cyganoc, a Lithuanian living in Birmingham, England, and Aldis Krummins, a Latvian living in Goole, England, were both charged with conspiracy to defraud and concealing the proceeds of crime.

Cyganoc was also charged with conspiracy to cause unauthorised modifications to computers, police said.

The Police Central e-Crime Unit, a specialised group within Scotland Yard, made the arrests “in connection with an international investigation into a group suspected of utilising malware to infect personal computers and retrieve private banking details”.

Along with the arrests, police also seized computer equipment and data. The investigation is still ongoing.

Last November researchers said the developers behind the Zeus and SpyEye Trojans had joined forces to create one major botnet, with sophisticated capabilities to attack user bank accounts.

Networking News Security

Westminster Abbey Blocks Twitter At Royal Wedding

Signal jamming technology will be deployed at Westminster Abbey to avoid disruptions to the royal wedding

Guests of the royal wedding on 29 April will be prevented from posting live Tweets, after event organisers arranged for signal-blocking technology to be installed at Westminster Abbey.

The move, which was initiated by senior members of the royal family, is intended to cut down the number of news photos and videos featuring mobile phone-toting guests, and also prevent any distracting ringtones from interrupting the ceremony. Those attending the wedding will also be unable to share pictures, send texts or make calls.

The news has reportedly been welcomed by police, security personnel, and broadcasters, who are keen to avoid any disruptions to the event. Mobile phones can also, of course, be used to set of bombs, meaning that mobile phone jamming will act as an additional security measure.

A police official confirmed to Yahoo on Wednesday that the blocking technology will be in place from early Friday morning and will remain switched on for the duration of the ceremony.

Twittersphere buzzing

The absence of Twitter at the actual event does not mean the web will go silent, however. The wedding will be streamed live on YouTube’s official Royal Channel, and will run for four hours beginning at 10am BST.

Meanwhile, AP Live, CBS News, and the UK Press Association will all have live coverage and commentary of the event, and the BBC, ABC News, Fox News and ITN are all hosting live streams, ensuring that the social media channels will be buzzing.

Talk of the Royal Wedding is already accelerating rapidly on Facebook and Twitter. Overall, tweets about the Royal Wedding have quadrupled since the beginning of the month, averaging nearly 5,000 per hour over the last week and accelerating quickly in recent days. According to data from social media business intelligence platform Trendrr, 46 percent of tweets are positive, 43 percent are neutral and 12 percent are negative.

News Security

White House Outlines Online Identity Strategy

The US government has set out plans to strengthen authentication and identity verification on the web

In an effort to the make the web a safe place, the White House has published a draft of a strategy designed to make the concept of trusted identities and authentication more of a reality in the digital world.

In a 39-page document (PDF) entitled the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), the White House promotes what it calls the Identity Ecosystem, an interoperable environment where individuals, organisations and devices can “trust each other because authoritative sources establish and authenticate their digital identities.”

Three Layers

The ecosystem will consist of three main layers – a governance layer that establishes the rules of the environment; a management layer that applies and enforces the rules of the ecosystem; and the execution layer that conducts transactions in accordance with the rules.

“The Federal government, in collaboration with individuals, businesses, non-profits, advocacy groups, associations, and other governments, must lead the way to improve how identities are trusted and used in cyberspace,” the document reads. “Ongoing collaboration between private and public sectors has already resulted in significant gains towards establishing Identity Ecosystem components. However, much more remains to be done.”

According to national Cyber Security Coordinator Howard Schmidt, the document was created in response to President Obama’s Cyberspace Policy Review issued last May. Individuals should no longer have to remember an “ever-expanding and potentially insecure list of usernames and passwords to log in into various online services,” he blogged.

User Choice

“Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.),” Schmidt wrote.

The US Department of Homeland Security will be collecting comments from the public on the document until 19 July. The NSTIC is expected to be finalised in the fall, Schmidt blogged.

Goverment IT News Security

Wikileaks: Chinese Government Ordered Google Hack

US embassy documents say a Chinese Politburo member ordered attacks on Google

The Chinese government ordered the hack against Google in January, and backed many other acts of cyber-warfare, according to the US Embassy cables revealed by Wikileaks.

Wikileaks sparked a diplomatic crisis this weekend by releasing more than 250,000  confidential cables from its embassies round the world. Along with Arab leaders urging strikes on Iran’s nuclear plants, and embarassing assessments of foreign leaders, the massive leak shed new light on the incident in January, when Google was subject to hacking from within China.

Hack ordered by Politburo member?

The hack in January, which prompted Google to leave China temporarily, was “orchestrated by a senior member of the Politburo who typed his own name into the global version of the search engine and found articles criticising him personally,” according to a source in China, The Guardian reports.

The campaign used “government operatives, private security experts and Internet outlaws recruited by the Chinese government,” and was part of a concerted pattern of Chinese official hacking dating back to 2002, whose targets included other businesses, the US government and its allies, and the Dalai Lama.

Earlier this month, it was revealed that, in April, 15 percent of Internet traffic was routed through China, an incident which raised fears of further Chinese interventions.

The material in the cables is embarassing to the US government and, in the case of the Google hack, adds evidence to back existing suspicions, rather than providing any proof. Wikileaks is posting 251,000 documents from 274 embassies dating back to 1996, in an action which it says “reveals the contradictions between the US’s public persona and what it says behind closed doors”.

The Chinese hack on Google was alleged to have stolen Google’s source code, and is believed to have originated from two Chinese colleges. Google stopped re-routing its traffic away from China in June.

News Security Wikileaks

WikiLeaks Spurs MoD To Step Up Cyber Defences

The Ministry of Defence has allocated funds to improving its defences against cyber attacks and information leaks following the WikiLeaks debacle

The Ministry of Defence has strengthened its cyber-defences in response to WikiLeaks’ release of confidential cables, the ensuing denial-of-service attacks launched by WikiLeaks supporters and a recent attack on an Iranian nuclear processing plant by the Stuxnet worm.

The measures were revealed by Armed forces minister Nick Harvey in response to MPs’ questions in the Commons.

Security concerns

Conservative MP Robert Halfon asked what recent steps the MoD has taken to reduce the risk of attacks such as the Stuxnet attack.

Meanwhile, Conservative MP James Morris described the WikiLeaks incident as a critical attack on national infrastructure, and said such attacks are “only likely to grow”.

Morris urged the involvement of private firms in preventing future such incidents. “We must involve the private sector in ensuring that we can be ahead of the game when it comes to our cyber security,” he said.

Harvey said that cyber defence is a “high priority” and that the MoD has allocated £650 million to improving cyber protections.

“There are technical and procedural measures in place to protect MoD systems from cyber attack and to ensure we can mitigate the impact of those attacks,” Harvey said.

He declined to comment on the detail of those measures, but said defences are tested regularly by intruders.

“The threat is of course changing in extent and complexity, which requires continual improvements in our security measures and novel approaches to dealing with the more sophisticated threats,” Harvey said.

He said the MoD intends to work closely with private firms on cyber defence.

DDos attacks

The MoD is “committed to working closely with the private sector in defence not only of our own systems but of systems across government”, he said.

WikiLeaks’ editor-in-chief Julian Assange was released from custody last week, following a court hearing’s decision to disregard an appeal, believed to have been filed by the Swedish authorities.

Over the past few weeks, Anonymous Operation has been named as the loosely organised gang behind DDoS attacks on MasterCard, Visa, PayPal and other organisations perceived as being anti-WikiLeaks. The group has also threatened the UK with reprisal attacks if Assange is extradited – as it did with the Swedish government for pressing to have him arrested.

News Security Wikileaks

WikiLeaks Sues Visa, Mastercard Over Payment Ban

WikiLeaks and DataCell are seeking revenge on Visa and Mastercard for blocking donations to the site

WikiLeaks has announced it is planning to sue payments companies Visa and Mastercard for suspending donations processing after the whistleblowing site started publishing leaked diplomatic cables in November 2010.

Lawyers representing WikiLeaks and DataCell – a service provider assisting WikiLeaks – have accused Visa and Mastercard of engaging in an unlawful US-influenced financial blockade, and warned that if the two companies do not remove the block on payments then a request for prosecution will be filed with the EU Commission.

The lawyers, based in Denmark and Iceland, said that the coordinated action by Visa and Mastercard to block all credit card transactions to WikiLeaks and DataCell constituted a violation of Articles 101(1) and 102 of the European Union’s Competition Rules, and also violated Danish merchant laws.

Bowing to political pressure

Visa and Mastercard suspended WikiLeaks processing in December 2010, following similar action by online payment service PayPal. Mastercard said at the time that it would take action against any organisation it believed to be involved in illegal activities “until the situation is resolved”.

The decision prompted a furious reaction from DataCell CEO Andreas Fink, who published two impassioned blogs warning that both card issuers would have to be ready to take damage claims of “billions of Euros” and could lose “a big chunk of their business”.

“We strongly believe a world class company such as Visa should not get involved [in] politics and just simply do [the] business [that] they are good at. Transferring money,” wrote Fink.

Following news of the blockades, both the websites of Visa and Mastercard were hit by a series of focused distributed denial of service (DDoS) attacks, carried out by the notorious group of hackers known as Anonymous, as part of its Operation:Payback campaign.

Mastercard then suffered a repeat attack in June, thought to have been carried out by hacker group LulzSec – an offshoot of Anonymous. “ DOWN!!!, thats what you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals :D ,” read a tweet by @ibomhacktivist on 28 June.

Abuse of market dominance

A spokesperson for Visa confirmed to eWEEK Europe that Visa Europe had received a letter from DataCell’s legal representatives. “We will be responding in due course to them,” the spokesperson added. Mastercard did not respond to a request for information in time for the publication of this article.

Visa holds about 70 percent of the payments market in Europe, while MasterCard has around 26 percent of the market. Collectively, these franchises therefore hold approximately 96 percent of the market for acquiring services in Europe.

DataCell claims that the card companies’ decision to boycott Datacell constitutes an abuse of market dominance in the meaning of Article 102 of the Treaty on the Functioning of the European Union, which prohibits all agreements and concerted practices that prevent, restrict or distort competition within the internal market.

The penalty for infringing the competition rules of the EU can amount to 10 percent of the turnover of the companies involved, the company said.

Cloud News Security

Security Main Concern Around Cloud Planning

Unisys found that just over half of users cited security and data privacy as the key concerns around cloud computing

A recent survey by Unisys is reinforcing what others have found: that security remains the top issue of enterprises when considering cloud computing.

Survey results released by Unisys on 15 Sept found that of 312 respondents, 51 percent cited security and data privacy as their top concern regarding the cloud.

The other major issues were integrating cloud-based applications with existing systems, the ability to bring systems back in-house and regulatory and compliance concerns, according to the survey.

“These poll results confirm what we continue to hear from our clients as well as industry analysts,” Sam Gross, vice president of global IT outsourcing solutions, said in a statement. “Until they are convinced that there is ‘industrial-strength’ security in the cloud, CIOs will remain reluctant to move more than development and test systems into that environment.”

The responses to Unisys’ survey echoes those that were received in similar studies. For example, a survey of 500 IT professionals from around the world conducted by IT consultancy Avanade found that, by a 5-to-1 ratio, respondents trusted in-house systems to those in the cloud because of security and loss-of-control issues.

Application delivery networking vendor F5 Networks in August released survey results that found that 99 percent of the 250 IT professionals surveyed were either discussing or implementing a public or private compute cloud, but respondents also said access control and security were key technologies necessary for cloud adoption.

Vendors—including Unisys—are trying to bulk up the security for the burgeoning computing model. In June, Unisys unvieled a cloud computing strategy that includes a patent-pending security technology codenamed “Stealth.” Unisys initially created Stealth several years ago for government agencies looking to secure their data, and now is aiming that technology at private, public and hybrid clouds.

News Security

Yahoo Denies Spying On Mail Users

Yahoo has defended itself against accusations by consumer watchdog Which? that the recently revised terms and conditions of its Mail service violate Internet users’ privacy.

The argument centres around Section C of Yahoo Mail‘s ‘Additional Terms Of Service’, which reads: “By using the Services, you consent to allow Yahoo’s automated systems to scan and analyse all incoming and outgoing communications content sent and received from your account (such as Mail and Messenger content including instant messages and SMS messages).”

Which? claims that this gives Yahoo the right to read messages within its members’ Mail and Messenger accounts, including those sent to them by non-members.

“This is a blatant intrusion of privacy,” said Sarah Kidner, editor of Which? Computing. “People should have the right to send messages without Yahoo snooping through them.”

Standard practice

However, a Yahoo spokesperson told eWEEK Europe that Yahoo’s new terms and conditions do not differ greatly from those of other free webmail services (such as Google Mail). The emails are scanned by a machine – not a person – which searches for keywords in order to filter out spam, he said. This will also be used to serve targeted advertising in the future.

Yahoo Mail users are given the option of whether or not to accept the update – which offers improved performance, enhanced spam protection and a customisable inbox – via a pop-up notice which outlines the new terms of service and privacy policy. By accepting the update, the user automatically agrees to additional scanning.

“We think transparency is key because our business depends almost entirely on the trust of our users,” said Yahoo in a statement. “We therefore ask users (via a pop-up notice) for consent to the extension of machine-scanning inbound and outbound emails to look for keywords and links to further protect you from spam, surface photos and in time, serve users with interest-based advertising.

“If you prefer not to consent, you can remain on our existing mail, although we will, as Yahoo and other free webmail service providers do, continue to machine scan emails to protect against spam,” the company added.

Third parties vulnerable?

As for those people who send email messages to Yahoo Mail customers, they must rely on the recipient to inform them of the scanning measures. However, according to Senior Which? in-house lawyer Georgina Nelson, this is impractical.

“The obligation to notify those who email you that their message will be scanned is nonsensical and unrealistic,” said Nelson. “When exactly are you supposed to do this?”


News Security

Yemen, Egypt Government Sites Taken Down By ‘Anonymous’

The activist group ‘Anonymous’ has attacked websites belonging to the Yemeni and Egyptian governments in support of protests

Hacktivists in the loosely affiliated group “Anonymous” painted a bull’s eye this week on websites belonging to the governments of Yemen and Egypt.

Members of the group launched DDoS (distributed denial of service) attacks against a number of sites, including the Egyptian Ministry of Communications and Information Technology and the country’s Ministry of Interior.

Support for protests

“Welcome back to the Internet, #Egypt. Well, except – you stay down. #Jan25 #OpEgypt #Feb4,” the group tweeted on 2 February.

The attacks are believed to have been carried out in support of protests against the Egyptian government. According to The New York Times, Gregg Housh, a member of Anonymous, said the group organised about 500 supporters in online forums to bring down the sites for Egypt’s Ministry of Information and Egyptian President Hosni Mubarak’s National Democratic Party. Housh personally disavowed any illegal activity.

“We want freedom,” Housh reportedly said. “It’s as simple as that. We’re sick of oppressive governments encroaching on people.”

Following the cyber-attacks on Egypt, the website of Yemeni President Ali Abdullah Saleh,, was knocked offline on 3 February following calls by Anonymous members for attacks on the site.


The attacks marked another in a long list of websites taken down by the group. In December, Anonymous was credited with DDoS attacks against several businesses and organisations in retaliation for the crackdown on WikiLeaks. Last month, police in the UK arrested a mix of teenagers and adults for taking part in the attacks.

On 27 January – the same day as the UK arrests – the FBI executed 40 search warrants tied to the investigation of the December attacks.

Housh was quoted as saying that the arrests will have little effect.

Goverment IT News Security

Zeus v3 Trojan Steals £675,000 From UK Bank

A new variant of the Zeus trojan has cost the customers of one British bank £675,000 in unauthorised withdrawals over the last month

Cyber-criminals based in Eastern Europe have stolen £675,000 from a British bank, using a new version of the infamous Zeus Trojan that cannot be detected by traditional firewalls.

According to security researchers at M86 Security, Zeus v3 spreads through legitimate websites and online advertising to infect victims’ computers. Once the Trojan is successfully installed on a PC, it lies dormant until the user connects to their online banking page. It then transfers the user’s banking login ID, date of birth, and a security number to a command and control server, enabling the hackers to break into the account.

About 3,000 online customers of an unnamed British bank have fallen victim to the cyber-criminals since 5 July, with each losing between £1,000 and £3,000, the experts claimed. However, money transfers are only carried out if the hacked account balance is bigger than £800. M86 claims that the attack is still progressing.

Bradley Anstis, vice-president of technical strategy at M86, explained that this latest version of the malware is “extremely sophisticated”, and is able to avoid detection by using the Secure Sockets Layer (SSL) protocol to communicate with the command and control centres.

UK bank accounts targeted

Only last week, researchers at security softeware maker Trusteer uncovered a large botnet of 100,000 computers built using a different variant of the Zeus malware. Again, almost all of the infected machines were thought to be in the UK.

After infecting the computers with Zeus 2, the botnet pilfered all kinds of user data, ranging from login information for banks to credit and debit card numbers and browser cookies.

“This is just one out of many Zeus 2 botnets operating all over the world,” said Amit Klein, Trusteer’s chief technology officer, at the time. “What is especially worrying is that this botnet doesn’t just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user that can be used to augment their illegal access to those users’ online accounts.”

The Metropolitan Police Service’s Police Central E-Crime Unit (PCeU) also recently arrested six people as part of a suspected online banking fraud. The arrests took place across London and Ireland, and concerned the theft of credit cards, as well as personal information and banking details.

It is thought that more than 10,000 online bank accounts and 10,000 credit cards were compromised in phishing attacks, and the bank account take-over fraud amounted to approximately £1.14 million, with £358,000 stolen successfully.

Cyber crime budget cuts

The UK government recently axed plans for an increase in funding to the Metropolitan Police’s cyber crime unit. With online fraud and other electronic crimes becoming increasingly commonplace, the Police Central e-crime Unit had been hoping for extra funding from the Home Office for training and equipment purposes. However the extra funding was cut as part of the coalition government’s £6 billion deficit reduction plans.

“There is concern that at the moment the cyber crime authorities are pretty pitifully funded for the level of crime that is going on,” said Graham Cluley, senior technology consultant at Sophos, speaking to eWEEK Europe last week. “I think the one thing we can be sure of is that the cyber criminals aren’t cutting their investment in this kind of crime. We are seeing more attacks than ever before. We see 60,000 pieces of new malware every single day, which is simply staggering, but that’s the level of crime that we’re seeing. So companies need to keep on top of this problem.”