The most recent articles from Computing

Public still vulnerable to web fraud

Tom Young — 2008-11-17T13:16:00.000Z

Tom Young, Computing, Monday 17 November 2008 at 13:16:00

Average individual loss reaches £14,500 per incident

A successful fraud attempt on the average working adult is worth some £14,500 to online criminals, who can empty current and savings accounts and credit cards quickly and easily once they have gained access, according to a report published today.

The report from government online security initiative Get Safe Online also found that most UK citizens do not have the right internet security controls in place to prevent such attacks.

Getting the right protection is easy, according to Tony Neate, managing director of Get Safe Online. "If internet users invest a relatively small amount of time and money in ensuring that they are fully protected and up-to-date, the risk of such financial loss is almost negligible," he said.

"To install the essential software and learn about the key safety measures on the Get Safe Online website takes a matter of a few hours, a small but worthwhile inconvenience compared to the potential loss."

The Get Safe Online report, published today, shows that almost half (48 per cent) of UK internet users are still not updating their anti-virus software frequently enough to make it effective.

And almost a quarter (23 per cent) do not have any anti-spyware protection, while nearly half (47 per cent) do not have website authentication software to protect against phishing attacks.

The report warned that the number of phishing attacks is rising sharply, and that 23 per cent of UK internet users surveyed said that they, or someone they knew, had fallen victim to such an attack this year, compared to just eight per cent in 2007.

Figures released in October by UK payment service Apacs showed that online banking fraud losses totalled £21.4m during the six months to June 2008, a 185 per cent rise on the 2007 figure.

Home Office minister Alan Campbell claimed that the government is taking e-crime seriously. "That is why we recently announced a new £7m police unit dedicated to tackling cyber-crime and clamping down on internet fraud," he said.

MPs attack government over e-crime unit funding

Parliamentary reporter — 2008-11-06T15:45:00.000Z

Parliamentary reporter, Computing, Thursday 6 November 2008 at 15:45:00

But minister insists £7m budget "is not the end of the story"

The government has rejected mounting criticism of the £7m budget for the new central e-crime unit to be set up within the Metropolitan Police.

Home Office minister Alan Campbell said: "This is not the only unit that will be seeking to tackle fraud. The important thing is that the unit will be working with other police forces that have a funded capability." He added that the £7m "is not the end of the story".

Campbell was responding to a Commons Westminster Hall debate in which MPs of all parties voiced concern at the growing level of internet fraud and cyber-crime.

Ribble Valley Tory MP Nigel Evans said that the government and financial institutions should do more, warning that scams would become even more common as the credit crunch bites and people become desperate for money.

Carshalton and Wallington Liberal Democrat MP Tom Brake added that concerns had been aired about the level of funding, and asked how many officers would be attached to the new unit.

Independent MP Richard Taylor, who called the debate, said: "We should have a scam alert day - SAD - because it is sad that we need it."

Ordinary users needed to be made more aware of "spear phishing" and other techniques being used, he said.

Campbell stated that the parliamentary process for the UK to ratify the international treaty on combating cyber-crime, launched in 2001, would begin in January 2009.

He maintained that the government takes e-fraud "very seriously".

The new unit will help streamline the reporting of e-crime, but Campbell warned that a promise that the police will investigate every fraud reported to the centre would "probably be way beyond the resources of any law enforcement agency anywhere".

Government backs central e-crime unit

Phil Muncaster — 2008-10-01T11:54:00.000Z

Phil Muncaster, Computing, Wednesday 1 October 2008 at 11:54:00

Baroness Scotland calls for coordinated national response

The government has finally put its weight behind a new centralised police unit tasked with leading a coordinated national response to e-crime.

The proposed Police Central E-crime Unit (PCEU), which has been awaiting funding for over a year, will act as a national coordination centre and work to improve the specialist e-crime skills of police officers in regional forces.

The unit is also set to work closely with the National Fraud Reporting Centre and National Fraud Intelligence Bureau once both organisations are fully launched.

"It is widely recognised that e-crime is the most rapidly expanding form of criminality and knows no borders," said attorney general Baroness Scotland in a statement.

"The network is a good example of the UK leading on an international initiative which improves our capability to prosecute e-crime."

The launch of the PCEU will be seen by many as an admission of the gap left by the National Hi-Tech Crime Unit when it was absorbed into the Serious Organised Crime Agency over two years ago.

The PCEU will receive £3.5m of government funding and £3.9m from the Metropolitan Police Service.

The unit was welcomed by Dave Martin, managing security consultant at IT services firm Logica.

"It is good to see UK leading with this and hopefully good relations with foreign equivalents will flourish, as there is of course still the problem of the international aspect of computer crime where some other countries are not as advanced as we are," he said.

However, there was a more skeptical response from industry association The Corporate IT Forum.

"£7m over three years seems a very small sum for a very large problem. We doubt whether that it will be enough to tackle an issue that the Home Office itself calls a ‘global menace’ – something our own members know all too well," argued chief executive David Roberts.

He added that it was still unclear whether the new organisation would provide a single line of reporting for hi-tech crime.

The PCEU is set to become operational in spring 2009.

CSOs urged to dispel security myths

Phil Muncaster — 2008-09-29T16:34:00.000Z

Phil Muncaster, Computing, Monday 29 September 2008 at 16:34:00

Gartner warns of damaging misconceptions

Information security professionals are often too easily distracted from their roles by myths about the nature of threats facing their organisations, according to analyst firm Gartner.

Analyst Andrew Walls said at Gartner's annual IT Security Summit in London today that these misconceptions can often lead to organisations investing in the wrong security programmes.

Walls maintained that it is up to IT security professionals to identify which threats are real and which are not, enabling their own function to become viewed as a strategic business enabler rather than a tactical reactionary control.

"Lots of them spend time chasing phantasms. Ideas like 'the hackers are winning' are patently false," he argued. "Hackers have to constantly innovate and find new ways of attack because security is forcing them to be more creative."

Other security myths according to Walls include the suggestion that data breaches are growing in frequency, when in fact it is only their disclosure which is increasing, and that the quality of your security systems is determined by how much money is spent on them.

“Business managers are focused on the bottom line and don’t want anything to distract them,” said Walls. Security professionals must debunk these myths so people understand that security is actually making them more profitable and … is an enabler.”

Firms ignoring risk of security breaches

David Neal — 2008-09-24T13:19:00.000Z

David Neal, Computing, Wednesday 24 September 2008 at 13:19:00

Logica survey uncovers alarming complacency at UK companies

A new survey from business services firm Logica has found a remarkable lack of awareness about how to manage data and respond to the risks of security weaknesses in enterprise systems.

The study, released today, found that a minority of firms educate staff on how to cope with data breaches, or even how to handle information in the first place.

Logica said that just 30 per cent of firms educate staff in IT security, and roughly the same amount have an in-house team with the specific remit of handling security incidents.

Alarmingly, in this compliance-centric enterprise environment, only a quarter of firms are complying with ISO 27001/2, an international standard that covers security procedures when storing personal data.

Perhaps worse is the fact that firms are not reporting breaches to their clients. Logica said that 60 per cent of companies that have experienced a data breach did not tell their clients, and half failed to tell the police or authorities.

Tim Best, director of enterprise security solutions at Logica, said: "Data losses put customers at risk and can lead to large contracts being withdrawn.

"With some organisations failing to disclose security breaches, this complacent attitude not only increases the likelihood of financial and reputational consequences, but highlights inadequate security policies and protocols at UK organisations."

Overall the study found that 57 per cent of those firms surveyed had no understanding of the impact of a security breach on their organisation.

BBC security glitch causes spam wave

Angelica Mari — 2008-09-23T12:41:00.000Z

Angelica Mari, Computing, Tuesday 23 September 2008 at 12:41:00

'Administrative error' forwards junk mail to thousands of mailing list subscribers

Music fans have been deluged with spam after a security breach on a BBC electronic mailing list.

It is understood that the breach affected subscribers to the BBC Electric Proms music festival mailing list, who have received emails offering anti-impotence drugs.

Details of the incident are unclear, but the BBC has acknowledged that the list had been mishandled.

"As a result of an administrative error, spam mail received by the BBC was accidentally sent out to subscribers of the Electric Proms mailing list," a BBC spokeswoman told The Daily Telegraph.

"We apologise for this mistake and have contacted everyone on the list to explain the situation. We wish to assure all subscribers that no details have been passed on to third-party companies and all the data held on our systems is completely secure."

3D Secure uptake soars to 25 million

Phil Muncaster — 2008-09-22T12:12:00.000Z

Phil Muncaster, Computing, Monday 22 September 2008 at 12:12:00

Apacs claims major milestone for authentication standard

Consumer uptake of online authentication schemes Verified by Visa and MasterCard SecureCode has increased by 600 per cent in the past two years, according to the latest figures from UK payments association Apacs.

Despite slow initial interest, the 3D Secure scheme now boasts registration of more than 25 million UK debit and credit cards, up 150 per cent in the past 12 months from 10 million in August 2007.

"This is an important milestone as it means that more than half of all online shoppers have now registered their cards," said Sandra Quinn, director of corporate communications at Apacs, in a statement.

"The banking industry continues to urge those cardholders not yet signed up to do so, as we all need to play our part to make life harder for online shopping fraudsters."

However, the schemes have come in for criticism by industry experts in the past for being non-intuitive and therefore forcing shoppers to abandon transactions.

Others have commented that the technology is still vulnerable to manipulation by fraudsters.

"This should be viewed as one of the tools in your armoury to combat fraud," argued Tim Sparrow of fraud prevention firm CyberSource. "What we're seeing as a result of [its success] is a lot more identity theft, so criminals are signing up for credit cards on your behalf and possibly registering for the scheme."

Bank hacking software developer walks free

Ambrose McNevin — 2008-07-16T17:02:00.000Z

Ambrose McNevin, Computing, Wednesday 16 July 2008 at 17:02:00

Police plan to use his skills to fight cybercrime

A teenage hacker who was part of an international gang who stole $20m from bank accounts has avoided jail, because police want to use his hacking skills.

New Zealander Owen Thor Walker has been fined $10,000 and told to hand over his IT equipment.

Walker had been paid for software designed to access usernames, passwords and credit card details.

Walker admitted charges of accessing a computer for dishonest purposes, interfering with computer systems, possession of software for committing crime and accessing computer systems without authorisation, the New Zealand Press Association said.

Investigators said the program written by Walker was one of the most advanced they had ever seen.

US criminals target large corporate web sites

Janie Davies — 2008-07-07T17:22:00.000Z

Janie Davies, Computing, Monday 7 July 2008 at 17:22:00

Evolving malware technology is being used against wealthy companies and individuals

Large corporate web sites were heavily targeted by hackers in the early part of 2008, said the threat round-up report from US security firm Trend Micro.

Cyber criminals launched SQL injection attacks on thousands of web pages belonging to some of the largest companies in the US, as well as state government agencies and educational institutions.

Criminals are increasinlgy targeting affluent users such as C-level executives in the hope of accessing lucrative bank accounts and sourcing log-in credentials and email addresses that span whole organisations.

Criminals are keeping pace with technology and becoming more ambitious in selecting targets, said Raimund Genes, chief technology officer of Trend Micro.

"This is a good example of how cyber criminals are evolving with the times. They are moving away from threats that use old or waning technologies and instead focusing on the lucrative threats that bring a bigger payload," he said

In its report, Trend Micro said mobile threats are continuing to emerge, and it discovered malware disguised as multimedia content was being used to infect older Nokia mobile phones.

Tracking software ware infections declined by 15 per cent between May 2007 and April 2008 while adware and keyloggers were also down.

Payment verification platform opens up to e-crime

Angelica Mari — 2008-06-13T12:02:00.000Z

Angelica Mari, Computing, Friday 13 June 2008 at 12:02:00

Loophole in payment system allows fraudsters to splash out in online shopping

Criminals targeting the web are taking advantage of a loophole in an online payment verification system used by retailers, according to research.

It is understood that a glitch was spotted in the address verification system (AVS), a popular identity verification system used by credit card companies and banks on behalf of retailers.

Under the system, identities are checked by matching the house number and postcode associated with the cardholder records, but e-criminals are now bypassing the verification standard by using alternative addresses with the same house number and digits in a different postcode, which is then accepted by AVS.

The loophole allows fraudsters to almost guarantee that retailers have no means of verifying the information, so transactions are successfully completed, according to the research, which follows the news that up to 38,000 customer records were stolen from the database of UK clothing retailer Cotton Traders.

The research was carried by out by fraud protection specialists The 3rd Man.

UK hacker extradition appeal reaches law Lords

Ambrose McNevin — 2008-06-12T18:19:00.000Z

Ambrose McNevin, Computing, Thursday 12 June 2008 at 18:19:00

Gary McKinnon takes his fight to avoid facing a US court to the House of Lords

The fate of UK hacker Gary McKinnon will be considered next week when he appears before the House of Lords on Monday (16 June).

In a case going back to 2002, McKinnon is appealing against his extradition to the US under hacking charges.

McKinnon told Computing he is fighting the extradition, despite claiming that he would have voluntarily presented himself to a US court were it not for the high-pressure tactics used by the Americans.

He claimed that US authorities verbally offered him a plea bargain with the minimum sentence of four years, but that they refused to confirm it in writing and have now said they want to prosecute him to the maximum level. McKinnon said one US prosecutor said the US wants to see him “fry”.

Former home secretary John Reid signed the extradition order on McKinnon, who has not denied hacking into US computer systems, including some of those mentioned in the American indictment. But he claims he was never a threat to security as he broke into Nasa and US defence computers to look for evidence of the existence of UFOs.

McKinnon said the legal basis for his appeal was that the extradition treaty under which he is to be sent to the US has not been ratified by the American government.

His defence team has two hours to present his case to five law Lords. A decision is expected within three weeks of the hearing.

Top cops warn on rising international e-crime

Angelica Mari — 2008-06-10T16:58:00.000Z

Angelica Mari, Computing, Tuesday 10 June 2008 at 16:58:00

Increasing numbers of international gangs are stealing and trading personal information, says Soca

The UK's Serious Organised Crime Agency (Soca) has issued a warning about the increasing number of international online gangs stealing and trading personal details of web users.

A report issued by the agency says that groups of criminals – often comprising of an average of 30 specialists focused on areas ranging from phishing to data trading – are part of a market evolution geared at trading and exploiting data.

Information is often stolen through techniques such as phishing and key logging using malware sent via email. The stolen data is then used by the thieves for fraudulent purposes or sold to other cyber criminals over the web.

"As web-based technologies become increasingly diverse, e-criminals will use these services to access and exploit victims and conceal their activities," says the Soca report.

"Each group will typically have an inner circle of more technically advanced and/or experienced members who control access to the attack tools and are responsible for dividing up the work."

The tactics used by the criminals are constantly updated to keep ahead of protection offered by software vendors, according to Soca.

Last month, Soca completed the first phase of a five-year IT overhaul to help in the battle against organised crime.

But the agency has admitted that it faced challenges in training staff to a level where the improvement will have a material effect on tackling criminals.

Soca’s annual reports said the “challenges involved in increasing knowledge to a level that would facilitate a transformation of the impact on organised crime still remained significant”.

So far the programme has given overseas staff secure access to IT systems, improved the internal management of information and upgraded software to improve the collection of Suspicious Activity Reports a mechanism allowing the public to electronically report financial crime.

Menzies begins software shake-up around UK

Bryan Glick — 2008-05-29T17:46:00.000Z

Bryan Glick, Computing, Thursday 29 May 2008 at 17:46:00

Magazine wholesaler rolls out SAP to help build business

Magazine wholesaler Menzies Distribution has started a £10m, five-year business overhaul based on the implementation of SAP software at 20 UK locations.

The Edinburgh firm is undergoing a major change initiative in response to declining sales of magazines and newspapers.

At least 13 different IT systems are in place for managing Menzies’ supply chain, some of which are 25 years old. Almost all have been developed in-house.

IT director David Speirs told Computing that the business has no alternative but to change its approach. “We can’t not do this. If we want to continue being successful and to grow, we have to go down this route,” he said.

“This is the biggest single project in Menzies Distribution’s history. It is going to touch every single person in the company. It is a change in culture.”

The introduction of SAP will be used to drive standardisation of business processes across the organisation.

“At the moment, if you go to two different branches, they use two different processes. The common theme in the project is standardisation and centralise where possible,” said Speirs.

“We built a business case, but it wasn’t solely on the cost benefits we were going to get out of SAP. Because of the difficulties in the market, we need to look at potential revenue streams and we need software that is flexible.”

The SAP project kicked off in March and is now in the blueprint phase, said Speirs. Financial systems will go live in January next year, with the first branch live in May. The project is due for completion by the end of 2009.

The 70-strong IT team face the challenge of learning new skills.

“We have strong focus on internal software development, but in the ERP world we will need different skill sets,” said Speirs.

“We need to map out the transition from old to new. We will work with staff to retrain them in the new SAP processes and technologies. We need to put people’s minds at ease.”

Apple signs iTunes deal with major film studios

Neon Kelly — 2008-05-02T16:12:00.000Z

Neon Kelly, Computing, Friday 2 May 2008 at 16:12:00

New releases will be made available online and on DVD at the same time

Apple has agreed a deal with several major film studios to ensure that new releases will be made available via iTunes on the same day as their DVD release.

Warner Bros, 20th Century Fox, Paramount and Universal Studios are among the studios co-operating with Apple. Ridley Scott's crime epic American Gangster and French drama The Diving Bell and the Butterfly will be two of the first films to receive a simultaneous release on iTunes and DVD.

The deal is the latest indication that the entertainment industry is coming to terms with the digital formats preferred by consumers. In the music sector, major record labels have now all but abandoned digital rights management, following a long battle with mp3 pirates.

Phishing up 200 per cent in first quarter, warns APACS

Computing — 2008-04-16T00:00:00.000Z

Computing, Computing, Wednesday 16 April 2008 at 00:00:00

One in three consumer PCs remain unprotected against spyware

Successful email-based fraud is falling but phishing attempts surged to over 10,000 between January and March, said bank payment clearing association Apacs.

The body estimated that successful email fraud dropped by one third last year to £22 million. The number of people who said they delete phishing emails or ignore the presented calls to action rose from 75 per cent to 82 per cent.

Recent email scams include the targeting of company directors with fake subpeonas and Mastercard users who were promised discounts on future purchases.