STE WILLIAMS

Updated A bunch of anti-scam sites were knocked offline last week by fierce and apparently well-organised distributed denial of service attacks.

The sites – 419eater.com, scamwarners.com and aa419.org (Artists Against 419) – were swamped with junk traffic for several days. During the attack the sites’ administrators turned to blogs, Facebook and other alternative channels to distribute news of newly detected fake payment sites and other urgent anti-fraud information.

“These websites and their users provide excellent exposure for online fraud activities and have been responsible for allowing thousands of prospective victims to detect a scam in play, and get out before losses are incurred,” an anonymous reader who was among those who told us about the attacks explained. “They also work actively to kill fake bank sites, fake freight forwarding sites and other criminal resources.”

Both 419eater.com and scamwarners.com were back operating normally by Monday morning while aa419.org remains sluggish the load.

The identities of the perpetrators behind the attacks remain unclear. Scammers angry at the activities of the sites in exposing their swindles are the obvious prime suspects behind the DDoS assaults. One reader suggested that recent publicity against a range of fake Amazon sites might have prompted the attacks, but this remains unconfirmed.

We’ve contacted the sites concerned and will update this story with more information as and when El Reg hears more.

An automated message received after we contacted the scam-warners confirmed that a DDoS attack had taken place against the site. “Please note that our forum is currently unavailable due to a DDoS attack,” the message said. “We hope to resume normal functioning soon. Meanwhile, we are glad to help via email.” ®

Bootnote

ScamWarners.com has been in touch to say the attack started against its last Wednesday and went on for several days, adding that a Russian scammer is suspected as the culprit:

The attack was perpetrated by a scammer who became angry at a topic posted on 419Eater, which exposed his scam. 419Eater.com was first attacked and ScamWarners began to publicise it via Twitter and Facebook. The next day [Thursday], ScamWarners was also attacked. The scammer then sent an email to me, threatening both ScamWarners and 419Eater. We were told to cease exposing their information and reporting their Amazon sites or we would both be eradicated from cyberspace.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/12/anti_scam_sites_ddos_blitz/

US watchdogs plan to refund victims of scareware scams using seized assets from fake anti-virus peddler Innovative Marketing.

More than 300,000 consumers, taken in by a scam that warned them they needed to purchase dodgy software to get rid of non-existent security threats, are in line to get a slice of $8 million forfeited by Innovative Marketing.

The firm agreed surrender the ill-gotten gains to settle FTC (Federal Trade Commission) charges that they used deceptive ads to trick marks into buying scareware packages such as Winfixer, Drive Cleaner, and XP Antivirus.

The average amount of the cheques to be distributed will be $20, however the exact amounts will be based on the level of individual loss. The refund programme itself may become the target of scam emails attempting to hoodwink victims into advanced fee fraud.

Mindful of this possibility the FTC makes it clear that it “never requires consumers to pay money or provide information before redress checks can be cashed”. More information on the refund programme can be found here.

More details on the FTC case against Innovative Marketing, which was settled back in January, can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/12/scareware_scam_refunds/

Earlier this week the Government announced proposals (40-page / 2.1MB PDF) to change the NHS Constitution so that information stored about patients would be automatically shared with life sciences researchers via a new anonymised database unless patients elect for their details not to be included.

While welcomed by the life sciences industry as a boost to research, the proposals raised concerns about the use of patient data.

The Royal Pharmaceutical Society said that patient data had helped researchers make key medical discoveries, such as the link between lung cancer and smoking, in the past.

“The public must be assured that the release of data is controlled by robust processes and legal and ethical oversight in which the patients themselves are involved,” Jayne Lawrence, chief science advisor at the Royal Pharmaceutical Society, said in a statement.

“All of us in the science and research community need to communicate to the public a vision for research in the UK which is centred on improving patient care. This will ensure we leave a legacy of improving health for the future,” Lawrence said.

Prime Minister David Cameron has insisted that patients’ privacy would not be compromised by the patient data-sharing plans. The Government has said that the information would help advance medical research and benefit patients.

“Let me be clear, this does not threaten privacy, it doesn’t mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs,” Cameron said in a speech detailing the Government’s plans, according to a report by the BBC.

“The end result will be that every willing patient is a research patient and every time you use the NHS you are playing a part in the fight against disease at home and around the world,” Cameron said.

Academic Paul Ohm, Associate Professor at University of Colorado Law School, told Out-Law.com in 2009 that research had shown that it is possible to use anonymised data to identify individuals. He said at the time that misplaced trust in anonymisation had been enshrined in privacy legislation.

“Virtually every privacy law allows you to escape the strictures and requirements of the privacy law completely once you’ve anonymised your data,” he said. “Every policy maker who has ever encountered a privacy law, and that’s in every country on earth, will need to re-examine the core assumptions they made when they wrote that law.”

Ohm said at the time that, in some fields of research such as health, it would be possible to open up much more data than is currently permitted as long as access to the information was controlled.

“We can’t trust technology any more but at the same time we don’t want to keep this information from researchers. So my solution is that we shift our trust from the technology to the people,” he said. “We write down the rules of trust among health researchers … [we say] you can get my data but only on a need to know basis,” he said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/12/out_law_nhs_data_plan_followup/

Twitter has injected some new features into the micro-blogging site in an effort to lure more developers, partners and – most importantly – users to the service.

The privately-held company said in a blog post yesterday that it had “simplified the design” of Twitter. In fact, the firm appears to be morphing the service into more of a publishing platform for content to be shared among its more than 100 million-strong userbase.

Arguably, it’s also becoming more of a social network. Although, Twitter’s general counsel Alexander Macgillivray recently dismissed that suggestion.

“We often get lumped in with other media out there… we think of ourselves as quite distinct. People come to Twitter to say things publicly,” he told a committee of MPs in September during a discussion about the England riots.

Perhaps times are a-changing for the site, which is clearly competing with Facebook given the tweaks that are incoming for the service.

“Four new tabs bring you instantly closer to everything you care about,” the company said.

A section, dubbed “Stories”, will be added to every account that will tailor the content on the site to that individual, presumably using an algorithm based on information such as location and followers.

The site is also getting a major marketing overhaul, allowing advertisers to have much greater interaction with Twitter.

Brand pages that are already prevalent on Facebook and were recently added to Google+ are also set to become a permanent feature on Twitter as the micro-blogging service pursues ad revenue.

The company told businesses that want branded pages that the site will be able to “control the message visitors see when they first come to your profile page by promoting a Tweet to the top of your page’s timeline.

“This Tweet helps you highlight your most engaging and important content and better connect with your target audience. The Promoted Tweet on your profile page will appear auto-expanded so that visitors to your page can instantly see the photo or video content that you link to from your Tweet.”

Twitter added that the page and promoted tweet were free of charge and publicly accessible.

Businesses will also be able to customise those pages, adding their own colours, logo and messaging to the service.

And, like Facebook, Twitter is getting stickier on the internet.

Developers will now be able to embed tweets on other websites, by copying and pasting a line of code, Twitter said.

“It’s a dynamic piece of media, and we believe that everyone should be able to view and interact with Tweets on the web in the same ways you would from any Twitter client,” the company said.

Twitter said its redesign would be rolled out over the next few weeks to all its users. However, iPhone and Android mobile users will see the changes immediately after updating the software on their handsets.

Tweetdeck, the feed organiser bought by Twitter for $40m in May, will also be overhauled “to be consistent” with the latest version of the service. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/twitter_redesign/

Four Romanian nationals were charged with pocketing millions of dollars by hacking into the credit card processing systems of more than 200 businesses.

The men remotely accessed point-of-sale systems of 150 Subway sandwich shops and 50 unnamed retailers and stealing credit card data for more than 80,000 customers, according to a federal indictment unsealed earlier this week. They used the stolen account information to make unauthorized purchases worth millions of dollars, prosecutors said.

The men allegedly scanned the internet to identify POS terminals that used certain remote desktop software applications and then gained unauthorized access to them by guessing or brute forcing passwords.

The indictment, filed in US District Court in New Hampshire, named Adrian-Tiberiu Oprea, 27, Iulian Dolan, 27, Cezar Iulian Butu, 26, and Florin Radu, 23. They were each charged with four counts, including conspiracy to commit computer fraud, wire fraud, and two counts of conspiracy to commit fraud in connection with access device.

Wired.com has much more here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/point_of_sale_hackers_charged/

Several sharp-eyed readers have pointed El Register to the latest corporate security howler in Australia: Telstra’s customer self-service site has had to be shut down after it sprayed sensitive customer data to the world at large.

First reported on the Australian broadband discussion site Whirlpool (original post here) and then picked up by the Sydney Morning Herald and then The Australian, the potentially-massive breach allowed an Internet user to bypass the front-page security of the BigPond self-help site and access details of other users.

The exposed site offered customer service-level access to customers of Telstra bundled products. Information accessible included a veritable feast for identity theft: bundle information, telephone numbers, users’ names and addresses, and according to the Whirlpool discussion, users’ login and password information.

The Register cannot verify the extent of the breach, because once it became aware of the issue, Telstra barred access to the site (incidentally interrupting BigPond users’ access to Webmail).

The site is not actually hosted on a Telstra domain: it’s a cloud-based service on the custhelp.com domain operated by RightNow Technologies, which is currently in the throes of being acquired by Oracle. The Register has sought comment on the incident and is awaiting a response.

As The Australian notes, the serious privacy breach could affect a very large number of customers, with more than 650,000 new bundle customers sold last year. Australia’s Privacy Commissioner is investigating.

Telstra has stated that it will contact customers, but at the time of writing, this process did not seem to have begun. ®

Update: A reader has advised The Register that Telstra’s BigPond POP and SMTP servers are currently offline. Although not on the affected RightNow servers, since customer logins may have been compromised, Telstra has probably taken services down as a precaution.

The carrier’s status page states that “some online services remain unavailable as a precaution”.

A Telstra spokesperson has stated on Twtter that as many as 60,000 customers “will need password resets to reduce risk from privacy breach” (sic). This suggests the carrier has assessed the logs of its customer self-service portal and has an estimate of how many accounts may have been compromised. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/telstra_opens_customer_database_in_egregious_blunder/

Microsoft has released a beta version of its Windows Defender antivirus tool that works even when computers are so badly infected that they are unable to fully access the internet.

The program allows users to boot their sick machines off of a CD, DVD or USB flash drive and use the most up-to-date definitions to fight the infections. It’s of particular use for removing certain types of malware that make it hard or impossible to access security and antivirus sites. Computer crooks often try to prevent victims from cleaning up their PCs by preventing them from accessing those sites. Other times, Windows gets so corrupted that network connectivity no longer works.

“Windows Defender Offline Beta can help remove such hard to find malicious and potentially unwanted programs using definitions that recognize threats,” Microsoft said in announcing the beta.

In the past, severely infected machines had to be disinfected using UBCD for Windows or a similar boot disk. As useful as these disks are, creating the image and keeping it updated with the latest malware definitions could be tedious and time-consuming.

Windows Defender Offline Beta walks users through the steps required to set up the boot disk. The program requires 250 MB of free space on a USB drive. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/microsoft_offline_av_tool/

Yahoo! has been awarded a $610 million default judgment against spammers who abusing its brand to run a lottery scam.

Marks received email supposedly from Yahoo! telling them they had won a lottery. Funds weren’t just handed over at once, of course, instead those hooked via the scam would have been tricked into handing over personal information such credit card and social security numbers that would have been used to carry out identify theft or to establish lines of credit under assumed names.

Some of the “winners” are also deceived into sending the defendants money for processing and mailing charges, a classic tactic in such 419-lite (advanced fee fraud) scams.

The order in Yahoo!’s favour was handed down by a federal district court judge in New York on 5 December, bringing to a close a lawsuit that began in 2008.

The $610 million judgment was made up of $27 million for trademark infringement and and $583 million for violation of the CAN-SPAM Act, the US federal anti-spam law. Yahoo! has been awarded $50 for each of the 11.6 million hoax lottery emails sent as part of the scam, which ran between December 2006 and May 2009. The internet firm was also awarded lawyers’ fees.

It seems highly unlikely that Yahoo! will see any of its money, so the award is purely symbolic. The alleged perpetrators of the scam are Nigerian, Thai and Taiwanese, a huge practical obstacle to any seizure or possible criminal proceedings, even assuming the miscreants were sitting on piles of money.

“The judgment is in the US, and the guilty parties are not. Applying the judgment extra-territorially is a significant hurdle for retribution on a practical level,” explains Lachlan Urquhart, a law graduate writing on Sophos’s Naked Security blog. “Despite this, laws remain incredibly important online because they represent democratic process and establish certainty and norms. Unfortunately, this judgment highlights their huge shortcoming: enforcement.”

Christian Dowell, legal director of global brand protection at Yahoo!, argued that fighting spammers was necessary in order to to protect the web biz’s brand.

“Yahoo! takes the protection if its users and its brand very seriously,” he said. “Our ultimate goal is to ensure that users continue to trust Yahoo! as the leading US email provider.”

Yahoo!’s strategy for fight against phishing scams and spam more generally can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/yahoo_spam_lawsuit_award/

Web security and WAN optimisation appliance firm Blue Coat Systems has been acquired by private equity investment outfit Thoma Bravo in a deal valued at about $1.3 billion.

Under the terms of the deal, shareholders will receive $25.81 in cash for each share of Blue Coat common stock they hold, a premium of around 48 per cent based on Blue Coat’s closing price on Thursday. The high growth potential in cyber-security market, coupled with a downturn in traditional defence spending, have persuaded investors and military contractors to splash out on infosecurity firms in recent years.

Other notable deals include Intel’s $7.8bn acquisition of McAfee, which completed in February, and Apax Partners’ acquisition of Sophos last year.

The Blue Coat deal, which is subject to regulatory and shareholder approval, is expected to close in the first quarter of 2012.

Blue Coat started life as a caching specialist called CacheFlow before branching into web filtering and application delivery technology. It changed its name and made several acquisitions along the way. Evidence emerged last month that the the Syrian government used Blue Coat’s technology to restrict internet access in the country.

The US has had trade embargoes against Syria since 2004. Blue Coat, which said it doesn’t sell to Syria, said its products arrived in the country via a shipment it believed was bound for Iraq. The vendor has notified the US government, which is running an investigation into the matter. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/blue_coat/

Twitter has injected some new features into the micro-blogging site in an effort to lure more developers, partners and – most importantly – users to the service.

The privately-held company said in a blog post yesterday that it had “simplified the design” of Twitter. In fact, the firm appears to be morphing the service into more of a publishing platform for content to be shared among its more than 100 million-strong userbase.

Arguably, it’s also becoming more of a social network. Although, Twitter’s general counsel Alexander Macgillivray recently dismissed that suggestion.

“We often get lumped in with other media out there… we think of ourselves as quite distinct. People come to Twitter to say things publicly,” he told a committee of MPs in September during a discussion about the England riots.

Perhaps times are a-changing for the site, which is clearly competing with Facebook given the tweaks that are incoming for the service.

“Four new tabs bring you instantly closer to everything you care about,” the company said.

A section, dubbed “Stories”, will be added to every account that will tailor the content on the site to that individual, presumably using an algorithm based on information such as location and followers.

The site is also getting a major marketing overhaul, allowing advertisers to have much greater interaction with Twitter.

Brand pages that are already prevalent on Facebook and were recently added to Google+ are also set to become a permanent feature on Twitter as the micro-blogging service pursues ad revenue.

The company told businesses that want branded pages that the site will be able to “control the message visitors see when they first come to your profile page by promoting a Tweet to the top of your page’s timeline.

“This Tweet helps you highlight your most engaging and important content and better connect with your target audience. The Promoted Tweet on your profile page will appear auto-expanded so that visitors to your page can instantly see the photo or video content that you link to from your Tweet.”

Twitter added that the page and promoted tweet were free of charge and publicly accessible.

Businesses will also be able to customise those pages, adding their own colours, logo and messaging to the service.

And, like Facebook, Twitter is getting stickier on the internet.

Developers will now be able to embed tweets on other websites, by copying and pasting a line of code, Twitter said.

“It’s a dynamic piece of media, and we believe that everyone should be able to view and interact with Tweets on the web in the same ways you would from any Twitter client,” the company said.

Twitter said its redesign would be rolled out over the next few weeks to all its users. However, iPhone and Android mobile users will see the changes immediately after updating the software on their handsets.

Tweetdeck, the feed organiser bought by Twitter for $40m in May, will also be overhauled “to be consistent” with the latest version of the service. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/09/twitter_redesign/