FBI Notifies Businesses to be aware of "Man in the E-Mail" Scam

This is a re-post of a notification sent out by the FBI

The original link is located at: http://www.fbi.gov/seattle/press-releases/2013/man-in-the-e-mail-fraud-could-victimize-area-businesses?utm_campaign=email-Daily&utm_medium=email&utm_source=seattle-press-releases&utm_content=278754

======================================================================

Man-in-the-E-Mail’ Fraud Could Victimize AreaBusinesses

Dec. 2, 2013

The FBI Seattle Division is aware of a fraud victimizing Washington state-based businesses, nicknamed “man-in-the-e-mail” scheme for being an e-mail variation of a known “man-in-the-middle” scam. The FBI wants the public to learn about this scam in order to avoid being victimized.
In 2013, at least three area companies—in Bellevue, Tukwila, and Seattle—were led to believe they were sending money to an established supply partner in China. In reality, fraudsters intercepted legitimate e-mails between the purchasing and supply companies and then spoofed subsequent e-mails impersonating each company to the other. The fraudulent e-mails directed the purchasing companies to send payments to a new bank account because of a purported audit. The bank accounts belonged to the fraudsters, not the supply companies.

Total loss experienced by the three area companies is roughly $1.65 million. In some cases, the metadata on the spoofed e-mails indicated that they actually originated in Nigeria or South Africa.

Under this scam, both companies in a legitimate business relationship can be victimized. The supplier may first ship out the legitimately ordered products and then never receive payment (because the purchasing company was scammed into paying the scammer-controlled bank account). Or, the purchasing company may first make a payment and then never receive the ordered goods (because the supply company never receives that payment).

Here are some of the ways businesses can reduce their chance of being scammed by this man-in-the- e-mail fraud:

• Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
• Utilize digital signatures in e-mail accounts. Be aware that this will not work with web-based e-mail accounts, and some countries ban or limit the use of encryption.
• Avoid free, web-based e-mail. Establish a company website domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
• Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the real e-mail address is used.
• Delete spam: Immediately delete unsolicited e-mail (spam) from unknown parties. Do not open spam e-mail, click on links in the e-mail, or open attachments.
• Beware of sudden changes in business practices. For example, if suddenly asked to contact a representative at their personal e-mail address when all previous official correspondence has been on a company e-mail, verify via other channels that you are still communicating with your legitimate business partner.

If you or your business has been targeted by the man-in-the-e-mail fraud, report it to the Internet Crime Complaint Center (IC3) at www.ic3.gov. The following information is helpful to report:

• Header information from e-mail messages
• Identifiers for the perpetrator (e.g., name, website, bank account, e-mail addresses)
• Details on how, why, and when you believe you were defrauded
• Actual and attempted loss amounts
• Other relevant information you believe is necessary to support your complaint
• Reference to the man-in-the-e-mail fraud

Filing a complaint through IC3’s website allows analysts from the FBI to identify leads and patterns from the hundreds of complaints that are received daily. The sheer volume of complaints allows that information to come into view among disparate pieces, which can lead to stronger cases and help zero-in on the major sources of criminal activity. The IC3 then refers the complaints, along with their analyses, to the relevant law enforcement agency for follow-up.

The public can learn about other common scams by visiting http://www.fbi.gov/scams-safety/frauds-from-a-to-z and learn about ways to reduce their risk of being scammed: http://www.fbi.gov/scams-safety/fraud/Internet_fraud.

To subscribe to the FBI news feeds, goto: https://delivery.fbi.gov/subscribe

Keep Yourself Safe on the Internet

Every year, as the holidays approach, nefarious individuals roll out old techniques to steal data and information from computer users.  Each year that add additional tactics to their arsenal as well.

Each of us who has a computer is using that computer to access Internet locations throughout the day.  Each of us is also unique and no one uses the Internet in the same way.

What you do on the Internet is NOBODY else's business. And it can be a big deal if you're not careful.

Here are a few tips that will significantly protect your privacy:

1. Log Out of Search Engines:


Many of today's popular search engines now require you to log in to access all their  convenient features.  Those features might include calendars, branded e-mail, file storage, and news sources. 

Whatever you're searching for and looking at, you want privacy as part of those online searches, because your privacy is something you never want to loose.


2. Avoid Filling out Unnecessary Forms:

Ask yourself why the website you are on is asking for that personal information and think twice before putting it in.

Many sites store your information on their servers and not all of those servers are as secure as they should be.  If you do fill out a form, make certain the only use of the information you enter will be by the vendor or website, and that it will not be sold to other sites or businesses.

Avoid completing forms or using banking sites when you are on public WiFi networks.  Keep your personal information away from the public’s eye.


3. Be Careful What You Download:


When you download ANY file you are at risk of installing malware and viruses which can potentially track anything you do, freeze your computer and make it malfunction, erase your files and operating system or even encrypt your files and hold them hostage until you pay for an unlock key.

As a general rule of thumb, if you receive an attachment you were not expecting, or receive an attachment or link in an e-mail from a total stranger, DELETE the message.  DO NOT download the file or open the link.


4. Be Cautious When Using Social Media:


Assume everybody has access to your site, and always will.  Never post vacation dates in advance, and never post photographs of where you are while you are traveling.  Burglars watch social media sites and frequently use that information to conveniently schedule break-ins while you are away from home.

If your birth date is public, you talk about where you were born, or give your parents names, you may have given them all they need to hack your bank and credit card accounts.

Think carefully before posting information or photos.


5. Use Common Sense:


This is probably the best advice we can give you. The Internet mirrors the physical world. What goes on in the real world also happens on the Internet.

If it's too good to be true, then it probably is.


6. Monitor Your On Line Reputation:


Regularly search for your name and see what comes up.  You can also use an automated news-alert from either Google and Yahoo to monitor your name.


7. Clean Your Search History:

Everything you do on Internet is stored on your computer. Including: every website you visit, every photo and video you view and every chat message you send including passwords. All this information can be accessed by ANYONE.

Important that after every use you’ll delete all your tracks from your computer.   This is done via your browser.  Each browser is slightly different, but the information is available in the browser's help file.

1024 Bit RSA Key Size END OF LIFE Announced!

Until the recently, the RSA algorithm, first publicly described in 1977 has been the only algorithm available for commercial digital signing certificates. The RSA algorithm remains the de-facto standard although commercial certificates based on the DSA and ECC algorithms are now available.

The larger the certificate key size in an RSA certificate, the more difficult it is to compromise the encryption.

As raw computing power increases over time it becomes possible to factor or crack smaller sized RSA keys. Key sizes smaller than 1024 bits were voluntarily discontinued by Microsoft on 12 December, 2012.

Seventeen RSA key sizes have been factored since 1991. Most recently most of the industry has standardized on certificates with 1024-bit RSA keys. However, industry experts warn that the oft used 1024-bit RSA key size is now at risk of being compromised by cyber criminals.

As a proactive measure, effective 31 December, 2013, the NATIONAL INSTITUTE OF STANDARDS and TECHNOLOGY [NIST] has recommended that 1024-bit RSA certificates be eliminated and replaced with 2048-bit or stronger keys.

As a result of the NIST recommendation, the Certification Authority/ Browser (CA/B) Forum, created to develop best practices within the SSL/TLS industry, created a mandate to bring the 1024-bit RSA key size to end of life by December 31st, 2013.


The Responsibility of a CA

All responsible Certificate Authorities (CAs) should be informing their customer base of this regulation change and assisting them with their migration to a more secure keysize.

Due to the industry’s end-of-life mandate on 1024-bit certificates, Certification Authorities have the difficult requirement to revoke 1024-bit RSA certificates that expire after 12/31/13.


What Does This Mean?

As a result of these changes, mandated by NIST, all current CERTS with a key size of 1024 bits or less than bits will have to be replaced by 31 December, 2013, or users of smaller certs will run the risk of having them denied when they are checked in situations where they are used for encryptions.


For More Information:

• NIST Special Publication 800-131A | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths | http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

• - Comodo 2048 bit SSL Certificates | http://www.incommon.org/certificates/doc/2048-bit-Certificates.pdf

• - Symantec | 1024-Bit Migration Informational Webinar | http://www.slideshare.net/NortonSecuredUK/1024-deck-may-2013
  

SUMMARY:

 

Start planning to upgrade your SSL / TLS / DOMAIN KEY and DKIM certificates now.  Don't wait for the "rush," because most of them will become obsolete on 31 December, 2013.

Remember, the Holidays are coming, too.  If an upgrade to your certificates requires anything more than an "automatic approval" your upgrade could potentially be delayed and your websites or e-mail stop working because of an invalid certificate key length.

=====================

Be certain to like us on FaceBook, too.

Now the STORES are Tracking Our Movements - VIA OUR CELL PHONES!

I guess I should have seen this one coming and should either slap myself in the face or go find someone to do it for me to remind me that when the opportunity is there, someone will take advantage of it.  After all, I have worked in this industry for more than 40 years now and am usually keenly aware of the less than appetizing uses to which new technology is frequently adopted, but I didn't and now am . . .   shame on me!

For those who don't know what I'm talking about, the issue is the fact that major corporations like Target, Nordstrom's, Family Dollar, Cabela’s, Macy's and Mothercare, along with untold other numbers of stores, are now using the WIFI PING capabilities on your cell phone to track you while you are shopping in their stores.

Not only are they tracking the number of customers who come in the stores, but they are also tracking how long you spend stopped in front of a particular item, what parts of the stores you spend the most time in, and, depending on the level of service they have subscribed to, may even be able to tell what items you are actually considering based on the number of times you go back and forth between items to do comparison shopping and price checking of various like items.

So how are they able to track us within their stores, and just what information can they gather?

The how part is easy:  they take advantage of the fact that our cell phones are, in many cases, constantly pinging for available WIFI networks so they can notify us that free or "open"  WIFI service is available for our use.  They are taking advantage of the fact that most of us are cheap and too lazy to do manual searches for WIFI, allowing our mobile devices to do the searching for such service and automatically notify us when those services are available.

They are also taking advantage of the fact that the steel roof and iron girder superstructures of their stores, along with the other wireless signal absorbing materials used in the construction of such facilities frequently absorbs so much of the cellular network's signal level as to make it unusable within those stores and take advantage of the fact that, by our very nature we will almost automatically take advantage of their free WIFI network to see if we can find an item sold within their stores for less money on Amazon or another web-based sales portal - which is frequently the case with most overpriced items, especially in major electronics stores like Bust Buy and the former Circus City stores where there was not, nor has there ever been, such a thing as a knowledgeable sales person or good customer service.

In defense of those stores who have adopted this tracking method, they are at a disadvantage when it comes to tracking customer spending habits.  Online vendors like Amazon have technology to their advantage because they can follow our every move electronically, keep a digital record of every item we look at, set cookies in our browsers, and use our logins and purchase history to know what our preferences are, how much we like to spend, and what we are looking for as soon as we walk in the digital door.  The poor bastards at the brick and mortar locations don't have such advantages and most of the human employees they have would not be capable of compiling such data even if they had the tools to do so in real time.  Fortunately someone created the sales person and equipped those ruthless individuals with the tools to bring tracking similar to the online retailers to the physical store level . . .

The Actual Technology:  I've already eluded to the fact that these stores are using our mobile devices to track us via their WIFI networks, but exactly what technology are they using?   It's simpler than it sounds:  they track our MAC addresses . . .

The MAC address is a unique code which is assigned to every network interface.  Whether a connection is made via Bluetooth, a hard-wired connection, or a wireless connection, there's a MAC address involved.  The MAC address is a HEXIDECIMAL or BASE 16 number which is hard encoded into the electronics of the device and looks something like this:  00:4B:9F:21:6C:A7.  This unique set of 12 numbers, which can range from 0 through F, gives the ability to set a unique, non-repeating identifier to every network device and is the code which is tracked by the services which the stores have now authorized third-party vendors to collect and store in the cloud -- WITHOUT first gaining your permission to do so -- tracking your every move and spending habits.

So Who's Collecting the Actual Data:  While there may be other vendors, the largest culprits in the shopper MAC address conspiracy business are currently Euclid Elements, NOMI, RetailNext, and Sparkfly.

What Can You Do to Protect Yourself:  The simplest solution is to turn off your cell phone whenever you get out of the car to go shopping.  No matter where you go, someone is going to try to figure out how to more effectively make you think you really need to purchase something you don't actually want to spend your money on.

The other solution is to OPT OUT.

OPTING OUT:  The bad news is that, at least in most cases, you'll never know you're being tracked.

Both Euclid Elements and NOMI provide OPT OUT websites where you can plug in your the MAC address of your cell phone and have them remove all tracking of that unique ID from their databases.

To opt out or Euclid Elements, go to: https://signup.euclidelements.com/optout

To opt out of NOMI, click on this link and then scroll down to the OPT OUT link at the very bottom of the screen.

RETAILNET does not provide an opt-out solution at this time.

SPARKFLY does not provide an opt-out solution at this time.

To opt our of being tracked requires that you look up your MAC address on your cell phone or wireless device so you may want to do that ahead of time so you can have it handy.  Pay close attention to the format you use when entering that number as the format is six sets of two hexadecimal digits separated by a COLON ":"

Finding your MAC address:

• Iphone
  Settings > General > About > Wi-Fi Address








• Android
  Settings > About > "Status" or "Hardware information" > Wi-Fi MAC address
• Blackberry
  OS 4.5-5.0: Options > Status > WLAN MAC
  OS 6.0-7.1: Setup > Options > Device > Device and Status Information > WLAN MAC
• Windows Phone            
  

  Settings > About > More info > MAC address

SUMMARY:

 

If you want to be truly safe from tracking while shopping, turn off your cell phones before you even pull into the parking lot!

=====================

Be certain to like us on FaceBook, too.

 

Who Owns Your Corporate Internet Property Identity?

Whenever I speak with a customer I am invariably deluged with questions about how to make their website more prevalent in search results, help them get rid of the deluge of spam messages they are receiving in their e-mail and asked why their digital presence costs so much money to maintain when they used to have an employee who did it as part of their daily work routine. 

I then take a look at the fact that their website has not been updated in several years because they don't have access to the login accounts at hosting company and, in many cases, don't even have legal ownership of the domain name.  

When I ask them how this happened they look at me like a deer caught in the headlights on a dark road and, invariably, reply, "what do you mean we don't own our domain name?  We still receive our e-mail!"  

Fortunately, so long as the hosting and domain name registration bills are paid, both the website and e-mail accounts will usually continue to work.  Unfortunately, a business in this position does not have any control over what they are paying for and, more often than not, they don't even have a copyright statement on the website.

Why should the ownership of your corporate Internet property identity be important to you?  

Your ownership of corporate information is important because if you are the owner of a company and have any kind of an Internet representation what is posted under your company name is the representation of your business in the digital world.  Unfortunately, even placing a valid copyright statement on a website or on a published or printed work does not always protect you from those wordy and very lengthy "digital agreements" which you must agree to, but almost no one ever reads, anytime you setup an online account.  So, in order to help protect you, here are some highlights of some of the terms set forth by companies who provide online file storage:

Dropbox, who's terms terms can be found here, says:

"Your Stuff & Your Privacy: By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”).  You retain full ownership to your stuff. We don’t claim any ownership to any of it.  These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below."

Microsoft SkyDrive, who's terms can be found here, says:

"5. Your Content: Except for material that we license to you, we don't claim ownership of the content you provide on the service.  Your content remains your content.  We also don't control, verify, or endorse the content that you and others make available on the service."

 and Google Drive, who's terms can be found here, says:

"Your Content in our Services: When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones.  This licence continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps)."

At the very least, everything you post publicly should have a copyright statement.  The proper format for a copyright statement is: 

"Copyright © 2010 - 2013 Lakes Region Historical Society, All Rights Reserved"

Of course, your copyright statement would contain your proper business name and the appropriate year range.  If this is the first time something is posted, it may contain only one year.

Photographs and documents should also contain copyright information.  How the individual copyrights are embedded in the individual documents and photographs will depend on the software you are using.  If you are selling photographs online, consider placing a watermark into the photograph showing both the owner's name and copyright information.  This should also be embedded into the meta data for the image file.

No matter how simplistic you make your effort, so long as you note that an article is copyrighted you have made the initial effort to protect yourself and your digital assets from illegal pilferage and use.

===================

Be certain to like us on FaceBook, too.

Henderson Nevada Police Officers Sued for Invading Home, Assaulting Resident | Federal Case Cites 3rd Amendment: Ban on Quartering Soldiers

A lawsuit has been filed against the Henderson, Nev., police department over an incident in which its officers allegedly demanded to use a private home as a lookout for an investigation, then arrested the resident when he refused.

It raises the unusual claim that the police violated the Third Amendment, which prohibits the “quartering of soldiers” in private homes in peacetime without the owner’s consent.

“Whatever the ultimate outcome of this case, it is clear that lawyers and legal scholars should start taking the Third Amendment more seriously,” commented legal scholar Eugene Volohk. “Contrary to conventional wisdom, there is in fact a history of violations of the Third Amendment, such as the military’s brutal treatment of Alaska’s Aleutian Islanders during World War II.”

In the new case, filed just days ago, plaintiff Anthony Mitchell is suing Henderson, North Las Vegas and a long list of police officials and officers including Jutta Chambers, Garret Poiner, Ronald Feola, Ramona Walls, Angela Walker, Joseph Chronister and Christopher Worley.

Joining as plaintiffs are his parents, Michael and Linda Mitchell, who live nearby and also allegedly were physically rousted by police from their home.

They allege on July 20, 2011, Henderson officers responded to a domestic violence call at a neighbor’s residence.

According to the complaint, “At 10:45 a.m. defendant Officer Christopher Worley (HPD) contacted plaintiff Anthony Mitchell via his telephone. Worley told plaintiff that police needed to occupy his home in order to gain a ‘tactical advantage’ against the occupant of the neighboring house. Anthony Mitchell told the officer that he did not want to become involved and that he did not want police to enter his residence. Although Worley continued to insist that plaintiff should leave his residence, plaintiff clearly explained that he did not intend to leave his home or to allow police to occupy his home. Worley then ended the phone call.”

The complaint then explains that members of the police departments “conspired among themselves to force Anthony Mitchell out of his residence and to occupy his home for their own use.”

According to a report in Court News, “Defendant Officer David Cawthorn outlined the defendants’ plan in his official report: ‘It was determined to move to 367 Evening Side and attempt to contact Mitchell. If Mitchell answered the door he would be asked to leave. If he refused to leave he would be arrested for 

Obstructing a Police Officer. If Mitchell refused to answer the door, force entry would be made and Mitchell would be arrested.’”

The lawsuit explains at least five police officers banged on Anthony Mitchell’s front door and demanded he leave, then broke down the door and pointed their guns at him.

“As plaintiff Anthony Mitchell stood in shock, the officers aimed their weapons at Anthony Mitchell and shouted obscenities at him and ordered him to lie down on the floor. Fearing for his life, plaintiff Anthony Mitchell dropped his phone and prostrated himself onto the floor of his living room, covering his face and hands.”

His parents were lured out of their home and arrested, the lawsuit alleges.

According to the complaint, “Plaintiffs Anthony Mitchell and Michael Mitchell were subsequently transported to Henderson Detention Center and were booked on charges of Obstructing an Officer. Both Anthony and Michael Mitchell were detained for at least nine hours and were required to pay a bond to secure their release from custody.

“A criminal complaint was subsequently filed by the Henderson city attorney’s office … charging them with counts of Obstructing an Officer. All criminal charges against plaintiffs were ultimately dismissed with prejudice.”

The cities are named because they “developed and maintained policies and/or customs exhibiting deliberate indifference to the constitutional rights of United States citizens, which caused the violations of plaintiff’s rights.”

The legal action alleges assault, battery, false arrest and imprisonment, intentional infliction of emotional distress, negligent infliction of emotional distress, conspiracy, defamation, abuse, malicious prosecution, and negligence, and it claims the plaintiffs are due compensation for each offense.

Volokh noted that one question that would have to be resolved for damages to be due under the Third Amendment, one of several standards under which claims are being made, is whether “police … qualify as ‘solders.’”

“On the other hand, as Radley Balko describes in his excellent new book ‘The Rise of the Warrior Cop,’ many police departments are increasingly using military-style tactics and equipment, often including the aggressive use of force against innocent people who get in the way of their plans.

“In jurisdictions where the police have become increasingly militarized, perhaps the courts should treat them as ‘soldiers’ for Third Amendment purposes.”

The claim also seeks damages under the Fourth and 14th Amendments and under state law.

Police could not be reached over the holiday period for a comment.

=================

Be certain to like us on FaceBook, too.

The New Normal | How Did We Allow This To Happen?

For more than 10 years, China was able not only to hack into Nortel's networks, but do so without anyone attempting to stop them!

How did this happen?

Who was watching the network?

According to Brian Shields, a former 19-year Nortel veteran who led an internal investigation, used seven passwords stolen from top Nortel executives, including the chief executive officer of Nortel, to gain widespread  access to the corporate computer network of the once-giant telecommunications which has since firm fallen on hard times.

During their access to Nortel's networks, the Chinese hackers, over what is believed to have been a ten year period, beginning in 2000, downloaded technical papers, research-and-development reports, business plans, employee emails and other documents.

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.

The WSJ's Jerry Seib details a cyber attack against the U.S. Chamber of Commerce in which emails were stolen. Correction: An earlier caption incorrectly said more than 300 Internet addresses were breached.

The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 Internet addresses, was discovered and quietly shut down in May 2010.

View Interactive

It isn't clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.

It is possible the hackers had access to the network for more than a year before the breach was uncovered, according to two people familiar with the Chamber's internal investigation.

One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government. The Chamber learned of the break-in when the Federal Bureau of Investigation told the group that servers in China were stealing its information, this person said. The FBI declined to comment on the matter.

A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China "lacks proof and evidence and is irresponsible," adding that the hacking issue shouldn't be "politicized."

In Beijing, Foreign Ministry spokesman Liu Weimin said at a daily briefing that he hadn't heard about the matter, though he repeated that Chinese law forbids hacker attacks. He added that China wants to cooperate more with the international community to prevent hacker attacks.

The Chamber moved to shut down the hacking operation by unplugging and destroying some computers and overhauling its security system. The security revamp was timed for a 36-hour period over one weekend when the hackers, who kept regular working hours, were expected to be off duty.

Damage from data theft is often difficult to assess.

People familiar with the Chamber investigation said it has been hard to determine what was taken before the incursion was discovered, or whether cyberspies used information gleaned from the Chamber to send booby-trapped emails to its members to gain a foothold in their computers, too.

Chamber officials said they scoured email known to be purloined and determined that communications with fewer than 50 of its members were compromised. They notified those members. People familiar with the investigation said the emails revealed the names of companies and key people in contact with the Chamber, as well as trade-policy documents, meeting notes, trip reports and schedules.

Enlarge Image

Video Link: http://online.wsj.com/video/china-hackers-attack-us-chamber-of-commerce/A4DF072E-BD65-4063-ABFF-ECB6A9C0312C.html

Andrew Harrer/Bloomberg

The Chamber of Commerce building in Washington, D.C.

"What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," said the Chamber's Chief Operating Officer David Chavern.

Nevertheless, Chamber officials said they haven't seen evidence of harm to the organization or its members.
The Chamber, which has 450 employees and represents the interests of U.S. companies in Washington, might look like a juicy target to hackers. Its members include most of the nation's largest corporations, and the group has more than 100 affiliates around the globe.

While members are unlikely to share any intellectual property or trade secrets with the group, they sometimes communicate with it about trade and policy.

U.S. intelligence officials and lawmakers have become alarmed by the growing number of cyber break-ins with roots in China. Last month, the U.S. counterintelligence chief issued a blunt critique of China's theft of American corporate intellectual property and economic data, calling China "the world's most active and persistent perpetrators of economic espionage" and warning that large-scale industrial espionage threatens U.S. competitiveness and national security.

Two people familiar with the Chamber investigation said certain technical aspects of the attack suggested it was carried out by a known group operating out of China. It isn't clear exactly how the hackers broke in to the Chamber's systems. Evidence suggests they were in the network at least from November 2009 to May 2010.

Stan Harrell, chief information officer at the Chamber, said federal law enforcement told the group: "This is a different level of intrusion" than most hacking. "This is much more sophisticated."
Chamber President and Chief Executive Thomas J. Donahue first learned of the breach in May 2010 after he returned from a business trip to China. Chamber officials tapped their contacts in government for recommendations for private computer investigators, then hired a team to diagnose the breach and overhaul the Chamber's defenses.

They first watched the hackers in action to assess the operation. The intruders, in what appeared to be an effort to ensure continued access to the Chamber's systems, had built at least a half-dozen so-called back doors that allowed them to come and go as they pleased, one person familiar with the investigation said. They also built in mechanisms that would quietly communicate with computers in China every week or two, this person said.

The intruders used tools that allowed them to search for key words across a range of documents on the Chamber's network, including searches for financial and budget information, according to the person familiar with the investigation. The investigation didn't determine whether the hackers had taken the documents turned up in the searches.

When sophisticated cyberspies have access to a network for many months, they often take measures to cover their tracks and to conceal what they have stolen.

To beef up security, the Chamber installed more sophisticated detection equipment and barred employees from taking the portable devices they use every day to certain countries, including China, where the risk of infiltration is considered high. Instead, Chamber employees are issued different equipment before their trips—equipment that is checked thoroughly upon their return.

Chamber officials say they haven't been able to keep intruders completely out of their system, but now can detect and isolate attacks quickly.

The Chamber continues to see suspicious activity, they say. 

A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.

"It's nearly impossible to keep people out. The best thing you can do is have something that tells you when they get in," said Mr. Chavern, the chief operating officer. "It's the new normal. I expect this to continue for the foreseeable future. I expect to be surprised again."

=================

Be certain to like us on FaceBook, too.

Compromised Websites

With so many websites being compromised and used as infection spreading points for worms and viruses lately, I thought I would share a graphic from Commtouch 

You can download your own copy of this graphic from http://blog.commtouch.com/cafe/wp-content/uploads/Compromised-websites-infographic-survey-results-.jpg

Remember, network security is everyone's responsability and must start with the network administrators and, if necessary, be forced down the throats of those who simply "don't get it!"

Celebrate Fifty Years of Satellite Communications!

Fifty years ago this year AT&T launched the first Telstar satellite into orbit beginning the launch of a new form of communications which would shrink the world as we knew it then and allow faster and clearer setup of both domestic and international telephone calls, radio programs and television broadcasts.

See also: http://youtu.be/uKH-GijnAGk

Be certain to like us on FaceBook, too.