Software Industry Announcements and News
FBI, Slovenian and Spanish Police Arrests Mariposa Botnet Creator, Operators
[ Comments Off ] Posted on 07.28.10 under Government News, Security & Privacy
The FBI, in partnership with the Slovenian Criminal Police and the Spanish Guardia Civil, announced today significant developments in a two-year investigation of the creator and operators of the Mariposa Botnet. A botnet is a network of remote-controlled compromised computers.
The Mariposa Botnet was built with a computer virus known as “Butterfly Bot” and was used to steal passwords for websites and financial institutions. It stole computer users’ credit card and bank account information, launched denial of service attacks, and spread viruses. Industry experts estimated the Mariposa Botnet may have infected as many as 8 million to 12 million computers.
Read the rest of this entry…
DoJ Joins in Launch of Intellectual Property Enforcement Initiative
[ Comments Off ] Posted on 06.22.10 under Government News
As part of the Obama Administration’s launch of the first-ever Joint Strategic Plan on Intellectual Property Enforcement, Attorney General Eric Holder today emphasized the Department of Justice’s ongoing commitment to protecting U.S. intellectual property as central to America’s economic prosperity and public safety.
“The Department worked closely with Administration officials to develop key aspects of this strategic plan to better protect our nation’s ability to remain at the forefront of technological advancement, business development and job creation,” said Attorney General Holder. “The Department, along with its federal, state and local partners, is confronting this threat with a strong and coordinated response at home and abroad to ensure American entrepreneurs and businesses continue to develop, innovate and create.”
Attorney General Holder joined Vice President Joe Biden, Department of Homeland Security Secretary Janet Napolitano, Department of Commerce Secretary Gary Locke, U.S. Trade Representative Ron Kirk, and Intellectual Property Enforcement Coordinator (IPEC) Victoria Espinel at the White House earlier today to announce the strategic plan.
“The integrity of health and safety products and trade secrets must be protected. The FBI is committed to pursuing those groups and individuals who steal, manufacture, distribute or otherwise profit from intellectual property theft,” said Gordon M. Snow, Assistant Director of the FBI’s Cyber Division.
The components of the strategic plan that the Department will assist in implementing include:
* Ensuring efficiency and coordination among enforcement efforts across federal, state and local levels, domestically and overseas, through means such as shared information, streamlined investigatory processes and training efforts;
* Enhancing international enforcement efforts, including combating foreign-based web sites that violate American intellectual property rights by encouraging further cooperation and coordination with our trading partners in overseas markets, including China;
* Securing our supply chain to stop illegal products from coming into the country by providing law enforcement with authorities it needs and by fostering cooperation with the private sector to reduce infringement on the Internet and elsewhere.
The strategic plan is the latest effort in the Department’s ongoing initiative to protect intellectual property. Others include:
Department Task Force on Intellectual Property
Earlier this year, the Attorney General formed a new Department of Justice Task Force on Intellectual Property to focus on strengthening efforts to protect intellectual property rights through close coordination with state and local law enforcement partners as well as international counterparts. As part of its mission, the task force, chaired by the Acting Deputy Attorney General Gary G. Grindler, will also work together with the IPEC and other key partners to implement the Administration-wide strategic plan on intellectual property.
As part of its efforts to enhance coordination with its federal, state and local law enforcement partners, the task force is hosting joint sessions in the coming months. In July, the task force will be holding a joint workshop with Customs and Border Protection. In September, the Department, in partnership with the National White Collar Crime Center (NW3C), will hold a one-day Intellectual Property Crime Enforcement Outreach Summit in California for state and local law enforcement to learn and understand the impact of intellectual property crime on the local, regional, and national economy. In addition, the Department will emphasize the substantial health and safety risks to Americans from counterfeit goods and products .
The task force includes representatives from the offices of the Attorney General, the Deputy Attorney General, and the Associate Attorney General; the Criminal Division; the Civil Division; the Antitrust Division; the Office of Legal Policy; the Office of Justice Programs; the Attorney General’s Advisory Committee; the Executive Office for U.S. Attorneys and the FBI.
Increased Intellectual Property Enforcement Resources
As part of stepped up enforcement efforts, the Department has also devoted more resources to investigate and prosecute intellectual property crimes. In April, the Department announced the appointment of 15 new Assistant U.S. Attorney (AUSA) positions and 20 FBI Special Agents to be dedicated to combating domestic and international intellectual property crimes.
These new AUSAs will be working closely with the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) to aggressively pursue high tech crime, including computer crime and intellectual property offenses. The new positions are located in California, the District of Columbia, Maryland, Massachusetts, Michigan, New Jersey, New York, Pennsylvania, Texas, Virginia and Washington. These new positions will be part of the Department’s Computer Hacking and Intellectual Property (CHIP) program.
Just last month, the Department solicited applications for grant funding under the Department’s Intellectual Property Enforcement Program, which is administered by the Department’s Office of Justice Programs (OJP) and its Bureau of Justice Assistance (BJA). Under this program, OJP/BJA will award up to $4 million in competitive grants to fund state, local and tribal criminal investigations, prosecutions, and prevention and education efforts.
Enhanced Intellectual Property Enforcement Efforts
As part of its enforcement strategy, the Department has been aggressively targeting intellectual property criminals. The Department has successfully prosecuted cases in every area of intellectual property crime including health and safety, trade secret theft and economic espionage, large-scale counterfeiting and online piracy. These prosecutions include one of the largest counterfeiting cases in U.S. history (United States v. Lam http://www.cybercrime.gov/lamGuilty.pdf ). During FY 2010, the FBI opened 150 new investigations, including 21 counterfeit health and safety investigations and 26 investigations involving theft of trade secret cases. Additionally, the FBI also opened 40 new Economic Espionage investigations during the same time period.
Industry and International Engagement
The Department has also taken steps to strengthen its relationships with key stakeholders in the fight against intellectual property crimes around the world by meeting with foreign law enforcement partners as well as leaders in the industry.
In the past several months, the Attorney General has met with foreign law enforcement officials from South America and Spain, industry CEOs and others to discuss the Department’s ongoing efforts and emphasize the need for greater coordination and cooperation in the fight against intellectual property crime.
ifraudalert.org to Rescue Stolen Data
[ Comments Off ] Posted on 06.17.10 under Government News, Security & Privacy, Web Sites
New Internet Fraud Alert to Help Rescue Stolen Account Credentials
Microsoft technology powers early reporting system to help protect consumers and businesses from fraud.
WASHINGTON — June 17, 2010 — Microsoft Corp. has joined forces with the National Cyber-Forensics and Training Alliance (NCFTA), with the support of Accuity, the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay Inc., Federal Trade Commission, National Consumers League and PayPal, to release a new program that will help mitigate potential losses due to online fraud and account compromise. Launched today, Internet Fraud Alert will offer a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online — such as username and password login information for online services or compromised credit card numbers — to the appropriate institution responsible for that account. Through a centralized alerting system powered by Microsoft technology developed specifically for this program, Internet Fraud Alert will quickly inform companies about compromised credentials, allowing them to take the appropriate action to help protect their customers.
The program was unveiled today and will go into effect immediately. The first of its kind, Internet Fraud Alert represents an important step forward in fighting online fraud. It will serve the much-needed purpose of enabling security researchers and investigators to more securely and systematically share information with service providers, retailers, financial institutions and government entities about incidents where compromised account credentials have been discovered. To date, when the security community uncovers compromised credentials stemming from phishing attacks, for example, there has been no simple mechanism to warn the service provider or bank about the exposed credentials.
Phishing and malicious code attacks pose a serious threat to consumer identity and account credentials. In 2009, the Anti-Phishing Working Group received more than 410,000 unique phishing e-mail reports, and recent data from the group show that the number of brands being exploited by phishers is at an all-time high.
Internet Fraud Alert will bring together a wide assortment of stakeholders, including retailers, financial institutions, service providers, technology companies, academic researchers, consumer advocates and government agencies, in the shared interest of reducing online fraud and protecting consumers. As the technology creator and sponsor, Microsoft is donating the tool to the NCFTA, a nonprofit organization dedicated to facilitating public-private partnerships between industry, law enforcement and academia on cybersecurity issues. Accuity, a leading provider of global payment routing data, has donated a solution to assist NCFTA with the vetting of trusted institutions for participation in the program to help ensure the integrity of the alerting process.
More information about Internet Fraud Alert can be found at http://ifraudalert.org. Consumers interested in learning more about staying safe online and limiting the risk of identity theft can visit http://www.microsoft.com/protect, http://www.onguardonline.gov and http://www.lookstoogoodtobetrue.com.
About NCFTA
The National Cyber-Forensics and Training Alliance was established to unite the technology industry, law enforcement, academia and private- and public-sector organizations to bring into focus the most significant online threats and identify the most effective and efficient early options for detecting and combating cybercrimes. A focal point of this project is the primary partnership established between the FBI, the NW3C, Carnegie Mellon University and West Virginia University.
About Microsoft
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.
Supporting Industry Quotes
“Those who traffic in stolen identities often use online tools to collect, share and profit from compromised account credentials, but those of us working to combat identity theft have a few tools of our own. By combining new technology and critical partnerships, Internet Fraud Alert helps alert institutions to stolen credentials so they can take action to combat fraud. The Microsoft Digital Crimes Unit is proud to be working with the National Cyber-Forensics and Training Alliance and everyone joining with us today to announce this valuable new tool in the fight against cybercrime.”
—Nancy Anderson
Corporate Vice President and Deputy General Counsel
Microsoft Corp.
“The NCFTA is honored to manage this one-of–a-kind program as it is vital to the interests of our partners and consistent with our mission. This program will enable the expeditious identification of current and emerging threats, which is key to the mitigation of compromised data.”
—Ron Plesco
President and CEO
NCFTA
“Modern commerce depends on a trustworthy online marketplace, but, unfortunately, there will always be people trying to defraud consumers and erode trust in that system. Accuity has spent over a century earning the trust of financial institutions around the world. As a contributor to the Internet Fraud Alert program, we value the opportunity to extend that trust and be part of taking this significant step forward in helping to protect and ensure the integrity of the online marketplace.”
—Hugh Jones
President and CEO
Accuity
“Internet Fraud Alert will provide a vital link between those who find suspected compromised customer data in the course of their investigations or business and the National Cyber-Forensics and Training Alliance, who then can protect that customer from potential harm. ABA welcomes the opportunity to play a role in strengthening this link between law enforcement and business, particularly for community banks.”
—Doug Johnson
Vice President of Risk Management Policy
American Bankers Association (ABA)
“The APWG is pleased to see this innovation in repatriating compromised consumer data and credentials, a scheme useful for informing customer protection and industrial security response efforts. One of the challenges of e-crime response is the routine mobilization of e-crime event data that must be exchanged to protect consumers. Microsoft and NCFTA have done an enormous service to the e-crime response community by establishing this system to better enable industrial institutions to work together to protect consumers.”
—Peter Cassidy
Secretary General
Anti-Phishing Working Group
“Citizens Bank is excited about the opportunity to partner with Microsoft, law enforcement, the National Cyber-Forensics and Training Alliance, and others to help build an innovative framework to rapidly address cyberthreats by combining knowledge and resources to enhance consumer trust when conducting business online.”
—Lin Abbott
Vice President, Chief Information Security Officer
Citizens Bank
“Internet Fraud Alert is a promising and innovative approach to help financial and online institutions discover hijacked accounts and close them or inform the affected consumers. We hope that someday there won’t be a need for a secure database of stolen account credentials. In the meantime, computer users who want to protect themselves can learn how at OnGuardOnline.gov.”
—Chuck Harwood
Deputy Director
Federal Trade Commission
“At a time when scams and the criminals who run them are becoming ever more sophisticated and networked, it is imperative that the forces arrayed against them keep pace to provide consumers with the maximum protection possible. We applaud today’s announcement as a positive step in this direction. By enabling easier coordination between enforcement agencies, service providers, retailers and financial institutions, the Internet Fraud Alert system will add an additional layer of fraud protection for consumers.”
—John Breyault
Vice President
National Consumers League
Spyware Seller Settles FTC Charges; Order Bars Marketing of Keylogger Software for Illegal Uses
[ Comments Off ] Posted on 06.02.10 under Government News, Security & Privacy
The Federal Trade Commission has put the brakes on the business practices of an operation that was selling spyware and showing customers how to remotely install it on other people’s computers without their knowledge or consent.
The FTC is announcing a settlement that bars the sellers of the “RemoteSpy” keylogger from advertising that the spyware can be disguised and installed on someone else’s computer without the owner’s knowledge. It requires that the software provide notice that the program has been downloaded and obtain consent from computer owners before the software can be installed.
In 2008, the FTC filed suit against CyberSpy Software, LLC and its owner, Tracer R. Spence, alleging they were violating the law by advertising and selling RemoteSpy, a keylogger software program that the defendants touted as a “100% undetectable” way to “Spy on Anyone. From Anywhere.” According to papers filed with the court, the defendants provided their clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an e-mail. When the e-mail recipient clicked on the attachment, the RemoteSpy program was downloaded and installed without the victim’s knowledge. The spyware recorded every keystroke typed on an infected computer; captured images of the computer screen; obtained passwords, and recorded Web sites visited. To access the information gathered and organized by the spyware, RemoteSpy clients logged into a Web site maintained by the defendants.
The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment. It also requires that they inform purchasers that improper use of the software may violate state or federal law. The final Order also requires the defendants to take measures to reduce the risk that their spyware is misused, encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers on which it was previously installed.
The Commission vote to accept the final settlement Order was 5-0. The Order was entered in the U.S. District Court for the Middle District of Florida.
DOJ Fights IP Crimes
[ Comments Off ] Posted on 05.22.10 under Government News
Department of Justice Announces New Assistant United States Attorneys and FBI Agents to Combat Intellectual Property Crimes
As part of the Department of Justice’s ongoing initiative to confront intellectual property (IP) crimes, Acting Deputy Attorney General Gary G. Grindler announced today the appointment of 15 new Assistant U.S. Attorney (AUSA) positions and 20 FBI Special Agents to be dedicated to combating domestic and international IP crimes.
These new positions – announced on the 10th annual World Intellectual Property Day – are part of the department’s continued commitment to combat the growing number of IP crimes here at home, and abroad. The new AUSA positions will be part of the department’s Computer Hacking and Intellectual Property (CHIP) program.
“Intellectual property law enforcement is central to protecting our nation’s ability to remain at the forefront of technological advancement, business development and job creation,” said Acting Deputy Attorney General Grindler. “The department, along with its federal partners throughout the Administration, will remain ever vigilant in this pursuit as American entrepreneurs and businesses continue to develop, innovate and create.”
The 15 new Assistant U.S. Attorneys will work closely with the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) to aggressively pursue high tech crime, including computer crime and intellectual property offenses. The new positions will be located in California, the District of Columbia, Maryland, Massachusetts, Michigan, New Jersey, New York, Pennsylvania, Texas, Virginia and Washington.
The 20 new FBI Special Agents announced today will be deployed to specifically augment four geographic areas with intellectual property squads, and increase investigative capacity in other locations around the country where IP crimes are of particular concern. The four squads will be located in New York, San Francisco, Los Angeles and the District of Columbia. The squads will allow for more focused efforts in particular hot spot areas and increased contact and coordination with our state and local law enforcement partners. The 20 new agents will join the 31 agents devoted to investigating IP crimes who have already been deployed to field offices around the country.
“Theft of intellectual property – from inventions to trademarks and copyrights, to industrial designs and trade secrets – is a worldwide problem. It affects individuals and corporations financially and can threaten public safety. The additional FBI agents will significantly strengthen the efforts of our squads investigating intellectual property rights violations and help bring to justice those who seek to profit from intellectual property theft,” said Assistant Director Gordon M. Snow of the FBI Cyber Division.
Acting Deputy Attorney General Grindler serves as chair of the department’s Task Force on Intellectual Property , which was established earlier this year by Attorney General Eric Holder to coordinate the department’s efforts on IP crimes. The task force focuses on strengthening efforts to combat intellectual property crimes through close coordination with state and local law enforcement partners as well as international counterparts. As part of its mission, the task force works together with the Office of the Intellectual Property Enforcement Coordinator (IPEC), housed in the Executive Office of the President, to implement an Administration-wide strategic plan on intellectual property.
The task force includes representatives from the offices of the Attorney General, the Deputy Attorney General, and the Associate Attorney General; the Criminal Division; the Civil Division; the Antitrust Division; the Office of Legal Policy; the Office of Justice Programs; the Attorney General’s Advisory Committee; the Executive Office for U.S. Attorneys and the FBI.
World Intellectual Property Day was established by the World Intellectual Property Organization (WIPO) to recognize the importance of protecting intellectual property rights and enforcing their laws. Each year on April 26th, WIPO and its member states seek to increase public understanding of intellectual property through activities, events and campaigns.
FTC Permanently Shuts Down Notorious Rogue Internet Service Provider
[ Comments Off ] Posted on 05.19.10 under Government News, Security & Privacy
3FN Service Specialized in Hosting Spam-Spewing Botnets, Phishing Websites, Child Pornography, and Other Illegal, Malicious Web Content
At the Federal Trade Commission’s request, a district court judge has permanently shut down a rogue Internet Service Provider that recruited, hosted, and actively participated in the distribution of spam, spyware, child pornography, and other malicious and illegal content. The ISP’s computer servers and other assets have been seized and will be sold by a court-appointed receiver, and the operation has been ordered to turn over $1.08 million in ill-gotten gains to the FTC.
In June 2009, the FTC charged that 3FN, which does business under a variety of names, actively recruited and colluded with criminals to distribute harmful electronic content including spyware, viruses, trojan horses, phishing schemes, botnet command-and-control servers, and pornography featuring children, violence, bestiality, and incest. The FTC alleged that the defendant advertised its services in the darkest corners of the Internet, including a chat room for spammers.
The FTC complaint alleged that 3FN actively shielded its criminal clientele by either ignoring take-down requests issued by the online security community, or shifting its criminal elements to other Internet protocol addresses it controlled to evade detection.
The FTC also alleged that 3FN deployed and operated botnets – large networks of computers that have been compromised and enslaved by the originator of the botnet, known as a “bot herder.” Botnets can be used for a variety of illicit purposes, including sending spam and launching denial-of- service attacks. According to the FTC, the defendant recruited bot herders and hosted the command-and-control servers – the computers that relay commands from the bot herders to the compromised computers known as “zombie drones.”
Transcripts of instant-message logs filed with the district court show the defendants’ senior employees discussing the configuration of botnets with bot herders. And, in filings with the district court, the FTC alleged that more than 4,500 malicious software programs were controlled by command-and-control servers hosted by 3FN. This malware included programs capable of keystroke logging, password stealing, and data theft, programs with hidden backdoor remote control activity, and programs involved in spam distribution.
The FTC charged that 3FN’s distribution of illegal, malicious, and harmful content and deployment of botnets that compromised thousands of computers, harmed consumers and was an unfair practice, in violation of federal law.
On June 15, 2009 the court issued a preliminary injunction to prohibit 3FN’s illegal activities and require its upstream Internet providers and data centers to stop providing services to 3FN.
The court has now ordered a permanent bar on the illegal activities of 3FN and its agents and has appointed a receiver and instructed him to liquidate the operation’s assets.
The defendants named in the FTC’s complaint are Pricewert LLC, also doing business as 3FN.net, Triple Fiber Network, APS Telecom, APX Telecom, APS Communications, and APS Communication.
This case was brought with the invaluable assistance of NASA’s Office of Inspector General, Computer Crime Division; Gary Warner, Director of Research in Computer Forensics, University of Alabama at Birmingham; The National Center for Missing and Exploited Children; The Shadowserver Foundation; Symantec Corporation; and The Spamhaus Project.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.