STE WILLIAMS

The moderator of a Mexican social network has been tortured and ritually murdered by local drug lords in the latest cartel-related killing in the country.

The victim, identified in an accompanying message as “El Rascatripas” (The Fiddler/Scratcher) was tortured and decapitated before his body was dumped in the early hours of Wednesday morning beside a statue of Christopher Columbus near the Texas border and outside the town of Nuevo Laredo. A blanket placed near the body featured a chilling message, scrawled in ink: “Hi I’m ‘Rascatripas’ and this happened to me because I didn’t understand I shouldn’t post things on social networks.”

Local reports suggest the man was a moderator on the social network Nuevo Laredo en Vivo. His death brings the death toll of bloggers and social media activists in the town – all apparent victims of the ultra-ruthless Zetas cartel – to four over the last two months. A man and a woman, who was disembowelled beforehand, were found strung from an overpass in the town in mid-September. Less than two weeks later, Nuevo Laredo en Vivo moderator Marisol Macias Castaneda, also known as The Laredo Girl, was decapitated and dumped – like the latest victim – by the Christopher Columbus statue. More details, including a grisly picture of the crime scene, can be found in local media reports here and here.

A bloody turf war between the Gulf Cartel (CDG) and their former enforcers, Los Zetas, is at its bloodiest in the states of eastern Tamaulipas, around the northern city of Monterrey and in Tamaulipas (the location of Nuevo Laredo). Some estimates suggest that as many as 40,000 Mexicans had lost their lives as a result of the escalating Mexican drug wars, which have included a terrorist-style attack on a Monterrey casino in August that claimed the lives of 53 people. The April 2011 Tamaulipas massacre, involving the execution of an estimated 190-plus abducted bus passengers, and the Monterrey casino attack had both been blamed on the Zetas.

Wired reports that locals are using social media tools to carry real-time reporting of firefights between drug runners and local police and cartel checkpoints on the region’s dangerous roads as well as criticism of local drug lords. Drug cartels, in particular the Zetas, take a ruthless line on those reporting their activities online, treating them as snitches and murdering them as a grisly warning to others.

Recent plans by a faction of Anonymous to release details of associates of Los Zetas were abandoned last weekend amid confusion over whether the alleged kidnapping of a member of the activists collective, the incident that provoked OpCartel, had ever actually taken place. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/10/narco_blogger_murdered/

A clean-up operation following the takedown of what has been described as the biggest cyber-scam scam ever has begun.

Six Estonian suspects have been charged, and one Russian suspect remains at large, over a malware-based DNS changer scam that affected 4 million PCs worldwide, generating an estimated $14m in the process. The botnet – spread over 100 countries – was used to hijack browsing on infected machines in order to redirect users towards sites under the control of cyber-crooks, instead of the locations they were actually trying to visit. The technique was used to run click-fraud scams, to punt scareware at unwitting victims and to promote unlicensed pharmaceutical stores, among other scams that ran for almost five years since early 2007.

Fraudulent web pages appeared when victims attempted to visit Netflix, the US Internal Revenue Service, Apple’s iTunes and other services. Infected Windows PCs and Mac machines were roped into the scam, as explained in our earlier story here.

Details of the two-year FBI-led investigation, codenamed Operation Ghost Click, were announced in New York on Wednesday after a federal indictment was unsealed. The FBI worked with the National High Tech Crime Unit of the Dutch National Police Agency on the case as well as security industry partners and academics. Trend Micro, Team Cymru, Georgia Tech University, Mandiant, Neustar, Spamhaus, University of Alabama at Birmingham and others formed the DNS Changer Working Group (DCWG) that figured out how the scam was operating and assisted law enforcement in its investigation.

Trend Micro ha published a detailed write-up of the how the scam worked from a technical perspective, and the shady firms involved, here.

As a result of the investigation, six suspected cyber-crooks were arrested in Estonia. Many are linked to Rove Digital, the Estonian firm at the centre of the probe, whose principals previously ran Esthost, an unsavoury reseller of web hosting services that was taken offline in 2008.

Botnet army commanded by 100 servers

The US has applied for extradition warrants against the six Estonian suspects, including Vladimir Tsastsin, 31, chief exec of Rove Digital. In the meantime a clean-up operation is getting under way.

US authorities seized computers and rogue DNS servers at various locations. The rogue DNS servers will be replaced by legitimate servers, a move that will mean that those infected with the malware will realise that something is wrong. The command control (CC) infrastructure behind the scam included more than 100 servers.

In a parallel move, Dutch police have advised RIPE (the Regional Internet Registry of Europe and the Middle East) to not change the registration of four specific blocks of IPv4 addresses until next March.

Simply swapping out DNS servers will not remove the DNSChanger malware — or other viruses it may have facilitated — from infected machines. The FBI wants DNSChanger victims to notify them about infections, a move seemingly designed to strengthen its hand in upcoming extradition proceedings against the accused.

The FBI has published an online tool designed to allow concerned punters to check if their DNS server settings have been tampered with. Advice on how to use the tool, which involves checking settings on your machine prior to entering DNS details, as well as links to Trend Micro’s freebie anti-malware scanner, can be found in a blog post by Rik Ferguson here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/10/botnet_take_down_clean_up/

Improper use of social media, especially Facebook, is leading to disciplinary action against staff at a number of English trusts.

Figures released to Guardian Healthcare show that 72 separate actions were carried out by 16 trusts against staff who inappropriately used social media between 2008-09 and October 2011.

The data, released in response to freedom of information (FoI) requests, reveals Facebook to be the main medium for misdemeanours. The largest number of incidents took place in 2010-11, indicating the growing use of social media and the difficulties it presents to the NHS.

Guardian Healthcare sent out FoI requests to 25 of the biggest NHS trusts in England by number of employees, asking how many members of staff had received warnings or dismissals for improper use of social media over the past three years. We also asked for examples of improper use from each year. 18 of the trusts replied, with two saying they could not provide the information as they did not collate the outcomes and it would require an extensive search. Seven did not respond at all.

Newcastle Upon Tyne foundation trust, one of the largest in the UK, carried out the most actions against staff, with 16 warnings issued and two dismissals over the last three years. One example involved a member of staff having “an inappropriate conversation” via Facebook about a confidential work matter. Another derived from staff making inappropriate comments about patient care and a manager on the site.

University Hospitals Coventry and Warwickshire trust disclosed seven actions against staff for misusing social media since the start of the 2008-9 financial year, while Nottingham University hospitals logged seven actions since the start of 2010-11. Neither trust disclosed the nature of these actions.

Central Manchester University hospitals foundation trust recorded six actions over the last three financial years, including five warnings and one dismissal. Cases included an administrator and a nurse making inappropriate comments about patients on Facebook, and “a nurse taking pictures of workplace and posting on Facebook”.

Hull and East Yorkshire hospitals trust recorded just two actions over the last three years, both of them warnings. The incidents involved a nurse being reprimanded for “inappropriately posting a photograph with comments”, and a member of staff posting messages on an internet forum with comments which could be construed as breaching the trust’s information governance policy.

The nature of the incidents should be of particular interest to the health service. For example, Leeds Teaching Hospitals trust recorded 11 instances where it it took action against its employees between 2009-10 and 2010-11 (it did not store the information centrally before this date), one of which involved a member of staff making excessive and inappropriate use of Facebook during work time.

NHS reacts to staff web abuse

In response to the potential for misuse, a number of NHS organisations have filtered or restricted access to the internet. However, earlier this year the British Medical Association (BMA) and the Nursing and Midwifery Council (NMC) issued stern guidance making clear that the onus should be on healthcare professionals to have a better understanding of the use of social media in order to avoid misuse.

The BMA’s guidance to its members states that:

• It is inappropriate to post informal, personal or derogatory comments about patients or colleagues on public internet forums.
• The ethical and legal duty to protect patient confidentiality applies equally on the internet as to other media.

It also warns doctors and medical students about the dangers of getting too close to patients through social media.

Similarly, the Department of Health (DH) said last month that it had issued “clear standards and guidance” to the NHS about keeping patient records secure and confidential. It was responding to figures released to privacy campaign group Big Brother Watch, which showed a number of the 806 data breaches reported by 152 trusts over the last three years involved the misuse of social media.

There are no plans at present for the government to issue national guidance on the issue. A spokeswoman for the DH told Guardian Healthcare that it is up to individual bodies to do so, and that some such as the BMA and the NMC have already issued guidance. But she said that all trusts should follow this guidance to ensure staff are aware of possible breaches.

This article was originally published at Guardian Professional. Join the Guardian Healthcare Network to receive regular emails on NHS innovation.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/10/nhs_staff_facebook_abuse/

A former IT manager for the city of Hoboken, New Jersey, was arrested on Wednesday on charges he intercepted emails sent to and from its sitting mayor and other top city officials, and forwarded them to others.

Patrick Ricciardi, 45, of Hoboken, used an automated script to access every email sent to or received by Mayor Dawn Zimmer and the two high-ranking officials, federal prosecutors alleged in a criminal complaint filed in US District Court in Newark, New Jersey. He then saved the emails to an archive folder on his official city computer and forwarded them to at least three unidentified individuals.

As the chief information technology officer for the mayor’s office, Ricciardi had administrative access to every email account in the office, prosecutors said. He used those privileges to spy on Zimmer, who took office in 2009 after the city’s previous mayor was arrested on federal corruption charges.

In April, city officials grew suspicious that the contents of their email correspondences with Zimmer were being leaked to outside parties, the complaint said. Ricciardi’s archive folder was discovered after the mayor hired an outside security consultant to audit the computers in her office.

“The investigation has also revealed that many of the elected and appointed officials in the city retain strong ties to the previous administration or are otherwise politically opposed to the mayor, and have sparred with the current mayor on a variety of municipal issues, large and small,” the complaint stated. “These officials include several members of the city council, as well as high-ranking employees of different city municipal agencies, such as Public Safety Department, the Fire Department, and the OEM.”

Ricciardi appeared in federal court in Newark, New Jersey, on Wednesday on one count each of accessing a computer without authorization, interception of wire and electronic communications, and disclosure of intercepted wire and electronic communications. If convicted, he faces a maximum sentence of 15 years in prison and a $750,000 fine.

He has not yet entered a plea.

The allegations are the latest to underscore the havoc IT managers can wreak on the organizations they’re entrusted to administer. For examples of other insider threats, see the related links below. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/10/it_manager_charges/

Insider trading does not pay, a judge in an American civil court declared, putting a record fine on Raj Rajaratnam, the businessman who was found guilty of insider trades using a network of tech insiders – including executives at IBM and Intel.

The $92.8m fine handed down by Judge Jed Rakoff is in addition to an 11-year jail sentence Rajaratnam already faces from his federal case. The former fund manager’s dodgy deals through hedge fund Galleon included trades on Intel and IBM. The reward will be collected by the Securities and Exchange Commission (SEC), which brought the case against the billionaire in October 2009.

“This case cries out for the kind of civil penalty that will deprive this defendant of a material part of his fortune,” Rakoff wrote in the order, according to the FT. He added that SEC civil penalties were necessary to send a message that insider trading was a “money-losing proposition”.

The SEC noted that the judgment marked “a record financial penalty”. Robert Khuzami, director of the SEC’s Division of Enforcement, reflected that, “The penalty imposed today reflects the historic proportions of Raj Rajaratnam’s illegal conduct and its impact on the integrity of our markets.”

The Rajaratnam case has led to 29 individuals being charged, including former McKinsey Co worldwide head Rajat K Gupta and Robert Moffat, and involves the assets of several Silicon Valley companies as well as Wall Street dealers.

Adding up the amount Rajaratnam has already paid out for in compensation, his total bill comes to $156.6m – including charges of $53.8m in forfeiture of illicit gains and $10m in criminal fines. The Sri Lankan also faces 11 years in the nick – the longest prison term ever given for insider trading. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/09/record_sec_fine_for_insider_trader/

Microsoft has released a temporary fix for a flaw in its latest operating systems that allows untrusted users to bypass security measures preventing them from running unauthorized applications.

AppLocker allows administrators to restrict the applications that can be run on computers running Windows 7 and Windows Server 2008. But end users can easily override the restrictions by invoking a variety of automated script features, including macros in Microsoft Office. Programming flags such as SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL could even allow malware stashed in temporary folders to be executed.

Microsoft on Wednesday published a hotfix to correct the flaw.

“This hotfix might receive additional testing,” Microsoft’s advisory stated. “Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.”

The advisory didn’t say when that update would be released. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/09/microsoft_applocker_bypass_fix/

Federal authorities have shut down an international conspiracy that forced more than four million computers to connect to fraudulent webpages when users tried to visit Netflix, the US Internal Revenue Service, Apple’s iTunes and other services.

Prosecutors named seven Eastern European defendants alleged to have generated more than $14 million in profit from the scheme, which used malware to replace the IP addresses of legitimate sites with those controlled by the attackers. Operators received a payment each time a rogue page was opened because they had entered into advertising agreements awarding them fees based on the number of times links for certain websites were clicked on.

The scam was controlled by an Estonian company known as Rove Digital, according to a blog post published by researchers from anti-virus provider Trend Micro, who said they’ve been tracking the group’s movements since 2006. The operators relied on malware known as DNS Changer, which caused infected PCs to rely on rogue DNS, or domain name system, servers. In addition to pointing to fraudulent IP addresses for false websites, the DNS servers also prevented infected machines from connecting to sites used to install or update antimalware software.

As a result, victims couldn’t disinfect their machines.

According to Trend Micro, two data centers in New York and Chicago were recently raided, and more than 100 command and control servers were taken offline. To reduce the disruption to infected machines, the rogue DNS servers have been replaced with modified machines that are being operated for the next four months by the not-for-profit Internet Systems Consortium. Authorities wisely opted not to disconnect the DNS servers completely because millions of PCs now rely on them to find internet domains.

Federal prosecutors in Manhattan said six Estonian nationals have been arrested by local authorities. The prosecutors plan to seek the defendants’ extradition to the US. They include Vladimir Tsastsin, 31; Timur Gerassimenko, 31; Dmitri Jegorov, 33; Valeri Aleksejev, 31; Konstantin Poltev, 28; and Anton Ivanov, 26. A seventh defendant, 31-year-old Russian national Andrey Taame, remains at large.

Each defendant is charged with five counts of wire fraud and computer intrusion crimes. Tsastsin is charged with an additional 22 counts of money laundering. If convicted on all counts, six of the defendants face a maximum of 85 years in prison. Tsastsin faces an additional maximum 10 years in prison for each of the additional counts.

Tsastsin was the president of EstDomains, a domain name registrar with a reputation for catering to cyber criminals. He lost his accreditation with ICANN in 2008 following a conviction in an Estonian court for credit card fraud, money laundering, and document forgery.

In addition to fleecing advertisers out of $14 million in fraudulent fees, the scam also deprived legitimate website operators and advertisers of revenue they would have generated if victims hadn’t been diverted. Search engines also lost money in fees they paid for clicks they believed came from interested computer users.

More from the US Attorney’s office and the FBI is here and here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/09/dns_malware_scam/

A Miami man’s attempt to conduct a threesome with his wife and another woman ended in a spell in the cells after he was accused of assaulting his spouse with a brace of TVs.

Deputy sheriffs were called to a kerfuffle at a home in Naples Florida, the Naples News reports, where they found Jorge Daniel Silva, 22, his wife, another woman and a pair of TVs, all in various states of disarray.

Silva, his wife and the the third wheel agreed they had planned a threesome to while away the dull Sunday afternoon.

However, Silva apparently attacked his wife after she and the third party engaged in some light snogging. Mrs Silva claimed her husband had freaked out, forcing the women to retire to the bedroom before Silva smashed down the door.

The enraged and presumably conflicted Silva then struck his wife, she claimed, before picking up a large screen TV that he then swung at her “like a bat”.

Silva then, allegedly, picked up a second TV and threw it at his cowering wife. When the other woman tried to intervene, he punched her, it was claimed.

For his part, Silva alleged that his wife attacked him after she kissed the other woman and the frolicking pair refused to let him join in. He smashed the door down, he claimed, because he thought the pair had scaled down the liaison from a threesome to a twosome.

The cops then hit Silva with charges of felony battery, held him in custody and concluded all three were under the influence of alcohol. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/09/florida_tv_battery/

PayPal has updated its Android client to allow person-to-person transactions by tapping phones together, but without the complexity everyone else is using.

Finally you can borrow an electronic tenner at the bar, just by tapping phones together. Assuming you both use PayPal, and have NFC-capable Android, handsets, and have the latest PayPal app installed – and that the pub has decent network connectivity too.

PalPay’s system only uses Near Field Communications (NFC) to identify the payer and payee; all the security and account information is held in the cloud. So both parties will need to be online for the transaction to work. But if they are – and both have Android handsets with NFC support – then one user just requests the cash and the pair tap phones, the other user authorises the payment and … Bob’s your uncle.

PayPal is still pretty lukewarm about NFC, as it (quite rightly) fears being locked out of the secure element which underlies all the other NFC-based payment systems. The secure element allows offline transactions – and fast transactions too – but it is becoming clear that it will remain under the control of the existing players (Visa, MasterCard, etc), which doesn’t fit with PayPal’s “disruptive” agenda.

So NFC is restricted to exchanging account details, but you can use it to move money between PayPal accounts. Now all you need to do is find a bar which will let you use that borrowed tenner to buy a pint or two – good luck with that. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/09/paypal_nfc/

The parliamentary aide to a right-wing Finnish MP has offered to resign after the Anonymous hacking collective published what it said was a list of applications to join a local neo-Nazi party.

Hacktivists broke into the website of Kansallinen Vastarinta, the magazine of the Suomen Vastarintaliike (Finnish Resistance Movement), before extracting and publishing what it said was the party’s membership application database at the end of last month. The local cell of Anonymous warned of future internet-based attacks on its websites and forums unless Suomen Vastarintaliike (Finnish Resistance Movement) is disbanded.

Among the list that allegedly contained the names of hundreds of would-be members of the neo-Nazi group was Ulla Pyysalo, aide to Finnish MP Juho Eerola of the True Finns. Pyysalo told local media that she is offering to quit her job by the end of the year, providing she finds alternative work in the meantime, because she wants to avoid damaging the True Finns. Pyysalo maintains that she never actually joined Suomen Vastarintaliike, which espouses a confrontational anti-immigrant agenda and runs training camps in the Finnish countryside.

The Finnish wing of Anonymous has been busy of late. Days after the Kansallinen Vastarinta hack, local hacktivists claimed responsibility for temporarily publishing personal details (names, social security numbers, addresses, telephone numbers and email addresses) of 16,000 Finns. Most of the details appear to have come from the databases of Finnish further education organisations and students alliances, though some of those listed are well into retirement, strongly suggesting other sources were involved. An investigation into the hack is underway.

Anonymous Finland claimed responsibility for the hack, which appears to be motivated into embarrassing firms and educational institutions into improving their security. It described the exercise as part of the wider OpAntiSec programme. As with previous leaks that have accompanied previous AntiSec operations, little consideration appears to have been given for the collateral damage that might arise to innocent parties by spilling their personal details all over the web. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/09/finland_anonymous/