Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog
Showing posts in English
Doug McLean | 02 Feb 2009 | 0 comments

A couple of days after I wrote last week that we will likely see an increase in the incidence of cybercrime as the world weathers the recession, the Wall Street Journal, in its role as an actual news gathering organization, documented what some analysts are seeing.

The bulk of the story appears based on an interview with Avivah Litan of the Gartner Group as many of the facts in the store come from presentations I've seen Ms. Litan do at various Gartner conferences. She is, incidently, one of the most articulate analysts covering the cybercrime space. If you ever have a chance to see her speak...do. The story also contains some data from the FBIs Internet Crime Complaint Center, but as it dates from , it doesn't really shed much light on what's happening currently.

The most interesting part of the story for me is the...

Kevin Albright | 02 Feb 2009 | 0 comments

Kevin Albright - Product Marketing Manager

By now I’m sure you’ve heard about last week’s breach at Heartland Payment Systems. The number of total records compromised has not yet been released, but given California’s SB 1386 we should be hearing some sort of estimate soon. What is known is that Heartland has contacted 150,000 merchants that it processes payments for and it handles roughly 100 million credit card and debit card transactions per month. Given that this breach is suspected of starting in October 2008, the quick and dirty math should give you a rough estimate of how big this breach is…Huge! Already companies have been contacting customers, issuing new cards, and we are all put on alert to watch our credit card and debit card statements in the coming months.

The interesting thing about this breach is that Heartland was PCI compliant, and that the nature of this breach fell within the rules of the PCI-DSS v1.2...

Doug McLean | 26 Jan 2009 | 0 comments

ZDNet in the UK is reporting an interesting consequence of the spreading global recession. It seems that many British technology companies that have historically contributed to the Police Central E-crime Unit (PCeU) are instead offering staff in lieu of cash. For those of you that don't follow global economic trends closely, it would appear that the UK is in for an even worse time in this recession than the American (and most other) economies. While the credit crisis may have begun in the U.S., it's hitting the UK much harder due to the relatively higher levels of consumer debt that drove much of the economic growth in the last few years.

Consequently, many tech firms have decided they are better off loaning people to the PCeU rather than writing checks. Ironically, this is probably a better approach to fighting cybercrime than simply handing the authorities money. As both the Center...

Doug McLean | 16 Jan 2009 | 2 comments

Impressive piece by Kentucky Attorney General Jack Conway here.

Mr. Conway is clearly one of the more technically savvy law enforcement officers in the U.S.  He is obviously committed to ensuring that the Kentuck criminal code keeps pace with the new forms anti-social behavior that are enabled by the Internet.

Beyond that, however, Mr. Conway is also investing heavily in educational programs to ensure both parents and minors are aware of some of the risks posed by predators hiding behind the anonymity of the 'net.

Finally, his office maintains a very good web site on safe Internet usage that includes topics such as identity theft, cyberstalking, and even safest way to use the burgeoning social networking sites.

Jack Conway is to be commended for his forward thinking ideas on protecting the citizens of Kentucky....

Doug McLean | 13 Jan 2009 | 0 comments

Since last we looked in on the governments progress in prosecuting the miscreants that perpetrated the watershed TJX breach, there have been limited develoments. In early November authorities charged one Stephen Watt of New York with conspiracy for providing the wireless "sniffer" used to capture millions of credit card numbers as they traversed TJX's unsecured wireless network. If convicted, Watt could spend up to 5 years in prison and be required to pay up to $250,000 in penalties. My guess is he gets off with a much reduced sentence in exchange for providing further testimony against the ring leaders of the conspiracy.

More recently one of the perpetrators that prosecutors believe WAS one of the ring leaders was sentenced last week to 30 years in a Turkish prison on an unrelated cybercrime charge....

Doug McLean | 12 Jan 2009 | 0 comments
Doug McLean | 08 Dec 2008 | 0 comments

Interesting piece in today's Wall Street Journal about President-Elect Obama's decision to appoint a cabinet level cybersecurity chief. The role as described will be one of those cross agency coordination jobs that has almost no staff or resources but significant influence given where it lives in the government.

I'm generally pretty suspicious of plan to create a new little piece of the bureaucracy that's supposed to magically solve some massive problem...witness the issues that the Department of Homeland Security has had. In this case, however, a small coordinating body might make a material difference. For legitimate security reasons, we'll never know how much effort is being expended by the various military and civilian agencies to address cybercrime and cyberterrorism. But, I'd bet dinner that the bulk of the work is stove-piped inside each agency. This turns out...

Doug McLean | 01 Dec 2008 | 0 comments

I've believed this for some time, but the author of this post does an unusually good job of describing how cybercrime gangs are now organized. I also really like the parallel's Michael draws between cybercrime gangs and their Mafia counterparts.

Like he says, "Let's be careful out there."

Doug McLean | 13 Nov 2008 | 0 comments

An interesting local story appeared in today's San José Mercury News. An ISP that was working under the brand McColo was shutdown when its two "upstream providers" Hurricane Electric and Global Crossing unplugged their links to McColo. This isn't exactly news by itself as these bad actor ISPs posing as legitimate businesses come and go pretty frequently.

Nor was it news that the miscreants behind McColo are probably well beyond the reach of U.S. law enforcement. While their hardware may have been in the heart of the Silicon Valley, the bad guys themselves are evidently in Eastern Europe.

What is shocking about the story is that the minute McColo was offline, Trend Micro observed at 40% drop in spam hitting its customers filters. Trend's spam filtering products report back to a central point to aid in the identification and blocking of new spam attacks. So they have a pretty good perspective on what's going on across the 'net. But,...

Doug McLean | 20 Oct 2008 | 0 comments

The Supreme Court announced today that they would hear the first case on identity theft to reach the high court. When I first saw the headline I thought great, now maybe we'll get some focus on this issue. Unfortunately, the case itself is only peripherally about identity theft.

The core issue is just how much latitude the court is willing to give prosecutors in pursuing illegal immigration cases. It turns out that one of the legal tactics now being used by prosecutors against those caught in the U.S. illegally is to threaten to charge them with identity theft in order to get them to plead to the lesser charge of entering the country without proper documentation. The case hinges on whether a defendant is aware that the made up social security number or other details they've invented on their fake documents in fact belong to someone else.

It will...