“Widespread use" of computers and cellphones "created a market for malicious software that allows perpetrators to surreptitiously intercept their victims’ communications,” Leslie Caldwell, U.S. assistant attorney general for the Department of Justice Criminal Division, said in a blog post Friday. “For a small fee, people can purchase this software and download it onto a victim's device.” The Obama administration has a proposal that would “expand the statute that already provides for the forfeiture of surreptitious interception devices themselves to include forfeiture of proceeds from the sale of spyware and property used to facilitate the crime,” Caldwell said. “Violators of the surreptitious interception device statute often engage in money laundering by transferring funds through multiple overseas accounts to conceal the profits of their criminal enterprise,” she said. “Because the spyware statute is not listed as a predicate offense in the money laundering statute, however, prosecutors are unable to charge defendants for money laundering activities related to the sale of spyware unless they can link it to some other crime, which will often be difficult or impossible," she said: The proposal "adds violations of the spyware statue to the list of money laundering predicate offenses."
Security updates for Adobe’s Flash Player were released Thursday after “multiple vulnerabilities” allowing a remote hacker to “take control of an affected system” were discovered, the U.S. Computer Emergency Readiness Team said Thursday in a news release. Users and administrators are asked to review the Adobe Security Bulletin and update Flash Player to the latest version, as the update for Windows, Macintosh and Linux isn't automatic, Adobe said.
The Department of Justice advocated for the passage of an amendment proposed by the Obama administration that would “add activities like the operation of a botnet to the list of offenses eligible for injunctive relief,” in a blog post Wednesday by DOJ Assistant Attorney General-Criminal Division Leslie Caldwell. Criminals use botnets to steal usernames, passwords and other personal and financial information, or to infect computers with criminal malware to hold computers and computer systems ransom, Caldwell said. The DOJ has used the civil injunction process to thwart these attacks successfully in the past, she said. “If we want security to keep pace with technological innovations by criminals, we need to ensure that we have a variety of effective tools to combat evolving cyber threats,” Caldwell said. Enacting the Obama administration’s proposed amendment, which would add to list of offenses eligible for injunctive relief activities that may not be technically considered fraud or illegal wiretapping -- such as stealing sensitive corporate information, harvesting email account addresses, hacking computers, or executing distributed denial of service (DDoS) attacks -- would “provide the government with an effective tool to shut down illegal botnets or certain widespread malicious software to better match the ways that criminals are using these technologies,” Caldwell said. Under the administration's proposed update to the criminal code, the legal safeguards that currently apply to civil injunctions such as civilly suing the defendant, the defendants' right to notice and ability to have a hearing before a permanent injunction is issued, and the defendants' ability to move to “quash or modify any injunctions,” would still apply, Caldwell said.
Hammacher Schlemmer said Tuesday it added the Eye Scanning Password Authenticator ($279) to its catalog, a device that’s designed to provide users authenticated access to secure websites “and other sensitive digital data.” The biometric device -- designed to supplant the need for passwords -- has a camera that scans a user’s iris to confirm identity before granting access to secure locations, the company said. The camera scans the 240 distinctive points of a user’s iris, which make up an individual’s unique pattern, and creates an encrypted ID that can’t be forged or duplicated, the company said. Once they’re identified, users link their account information for banking and shopping sites, social media and other portals, it said. On subsequent logins, the authenticator scans the iris, verifies identity and grants access to websites, eliminating the need to type in a password, it said. The device plugs into a USB port on a PC and can provide authentication for five users.
Three individuals were indicted by a federal grand jury for their alleged involvement in the largest reported data breach in U.S. history, the Department of Justice (DOJ) said Friday. The individuals are Vietnamese citizens Viet Quoc Nguyen, 28, Giang Hoang Vu, 25, and David-Manuel Santos Da Silva, 33, of Montreal. Between February 2009 and June 2012, Nguyen allegedly hacked into at least eight email service providers in the U.S., stealing confidential information, including proprietary marketing data containing more than 1 billion email addresses, DOJ said. With the help of Vu, Nguyen allegedly used the data to send “spam” to tens of millions of email recipients, activity that became the subject of a congressional inquiry in June 2011, DOJ said. Da Silva helped Nguyen and Vu generate revenue from the “spam” and launder the proceeds, Justice said. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers,” said Assistant Attorney General Leslie Caldwell. “The scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data -- they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites,” said Acting U.S. Attorney John Horn. Vu pled guilty Feb. 5 to conspiracy to commit computer fraud and is scheduled to be sentenced on April 21 before U.S. District Judge Timothy Batten of the Northern District of Georgia, Justice said. Da Silva was arrested based upon a criminal complaint at Ft. Lauderdale International Airport on Feb. 12, and was scheduled to be arraigned Friday in Atlanta before Magistrate Judge Clayton Scofield. Nguyen is a fugitive.
Limelight said 46 percent of respondents to a recent survey were most concerned about how distributed denial-of-service (DDoS) attacks would affect their delivery of digital content. The survey was of more than 100 content delivery network customers. The second-most-cited concern, noted by 27 percent of respondents, was unauthorized access to content, Limelight said. Fifty-three percent of respondents said they believe their CDN provider is best equipped to help them detect and mitigate DDoS attacks. Thirty-three percent of respondents said a cyberattack would affect their brand’s image, Limelight said. “This survey highlights the immense pressure on enterprises to ensure content availability and protect brand reputation as cyberattacks increase and metastasize,” Chief Marketing Officer Kirby Wadsworth said in a news release.
Senate Homeland Security Committee ranking member Tom Carper, D-Del., expressed concerns Wednesday with the Office of Management and Budget's latest Federal Information Security Management Act (FISMA) report to Congress, saying in a statement that it "underscores the troubling reality that cyber attacks and intrusions continue to occur at an increasing rate, and agencies need to be better prepared." The OMB report said the number of cybersecurity incidents against federal government networks rose 15 percent during FY 2014 to 70,000, vs. 48,000 reported in FY 2012. The most common threat was the mishandling of documents containing personally identifiable information, rather than distributed denial-of-service attacks or other typical threats to private sector networks, OMB said.
The FCC Communications Security, Reliability and Interoperability Council meets March 18 for the last time under its current charter, the FCC said Monday. Three working groups are to offer reports: Working Group 3 on Emergency Alerting Systems, Working Group 4 on Cybersecurity Risk Management and Best Practices and Working Group 7 on Legacy System Best Practices, the agency said. The meeting starts at 1 p.m. EDT in the commission meeting room.
Consumers with Lenovo tablets need to remove Superfish software, change their passwords, use caution when using public Wi-Fi networks and check their personal banking information, Aditi Jhaveri, FTC consumer education specialist, said in a blog post Friday. Lenovo shipped products that included Superfish software between September and December, but the software has been disabled since January, the company said in a statement last week (see 1502190046). Lenovo was hit with a lawsuit seeking class-action status by a blogger last week for alleged privacy violations stemming from its use of Superfish software (see 1502230061). “Although Lenovo has announced that they have discontinued pre-installing Superfish on its notebooks, some Lenovo notebooks sold today may still have Superfish pre-installed,” Jhaveri said.
Allied Market Research forecast the mobile security market will grow to $34.8 billion in 2020 sales, from $3.4 billion in 2013, it said in a news release Thursday. It said the bring-your-own-device trend is a major reason for the adoption of mobile security software.