Twitter Hacked

Twitter announced its systems had been hacked an 250,000 users personal information had been compromised. Turn off your Java!

“Earlier this week, hackers gained access to Twitter’s internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company’s official blog, Twitter’s manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security’s advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter’s report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times.”

Create an Anonymous Email Address

To secure your data and reduce SPAM sent to your business as well as to your private email account, get a dedicated address for internet postings. Never use your business email address for posting guestbook entries, votes, or questions and answers in forums and surveys. It’s good to be reachable in these situations, but best to be anonymous.

Instagram Privacy Policy

An outrage of the new Instagram privacy policy has seen usage go from 40 million to 17 million in one month. Users took offense to instagram using photos in advertising without the consent of the photographer.

The adjustments to the privacy policy will still allow Instagram to share information with it’s parent company Facebook. “Our updated privacy policy helps Instagram function more easily as part of Facebook by being able to share info between the two groups.”

Tech Support Scam

The IC3 continues to receive complaints reporting telephone calls from individuals claiming to be with Tech Support from a well-known software company. The callers have very strong accents and use common names such as “Adam” or “Bill.” Callers report the user’s computer is sending error messages, and a virus has been detected. In order to gain access to the user’s computer, the caller claims that only their company can resolve the issue.

The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.

Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files were inaccessible.

Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.

In a new twist to this scam, it was reported that a user’s computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.

Beware Of Ransomware

A new extortion technique is being deployed by cyber-criminals using the Citadel malware platform to deliver Reveton ransomware. The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money to the perpetrators. In addition to instilling a fear of prosecution, this version of the malware also claims that the user’s computer activity is being recorded using audio, video, and other devices.

As described in prior alerts on this malware, it lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares that a law enforcement agency has determined that a computer using the victim’s IP address has accessed child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a fine using prepaid money card services. The geographic location of the user’s PC determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. Below is a screenshot of the new variation.

Reveton warning screen

This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction.

It is suggested that you:

  • File a complaint at www.IC3.gov.
  • Keep operating systems and legitimate antivirus and antispyware software updated.
  • Contact a reputable computer expert to assist with removing the malware.

Sandy Hook Fundraising Scam

David B. Fein, United States Attorney for the District of Connecticut, and Kimberly K. Mertz, Special Agent in Charge of the New Haven Division of the Federal Bureau of Investigation, announced that NOUEL ALBA, 37, of the Bronx, New York, was arrested today on a federal criminal complaint charging her with lying to FBI agents in connection with their investigation into a fraudulent fundraising scheme related to the Newtown school shooting tragedy.

The complaint alleges that ALBA used her Facebook account, telephone calls, and text messages to falsely claim to be a relative of a shooting victim and solicited money from donor-victims who wanted to donate, claiming the money was for the child’s “funeral fund.” At ALBA’s instruction, donor-victims sent money to a PayPal account controlled and accessed by ALBA. When contacted by FBI special agents investigating fundraising and charity scams related to the Newtown tragedy, ALBA falsely stated that she did not post information related to Newtown on her Facebook account, solicit donations, or recently access her PayPal account. ALBA also falsely claimed to have immediately refunded any donations that she received.

“This arrest should serve as a warning to anyone who attempts to profit from this tragedy by contriving fraudulent schemes that exploit the many victims, their families and individuals who sincerely want to help,” stated U.S. Attorney Fein. “Investigators continue to monitor the Internet to uncover other fundraising scams arising from this tragedy, and the individuals operating them face federal or state prosecution to the fullest extent permitted by law.”

“It is unconscionable to think that the families of the victims in Newtown and a sympathetic community looking to provide them some sort of financial support and comfort have become the targets of criminals,” stated FBI Special Agent in Charge Mertz. “Today’s arrest is a stern message that the FBI will investigate and bring to justice those who perpetrate Internet fundraising scams, especially those scams that exploit the most vulnerable in their time of shared sorrow.”

Following her arrest, ALBA appeared before United States Magistrate Thomas P. Smith in Hartford and was released on a $50,000 bond.

If convicted of making false statements to federal agents, ALBA faces a maximum term of imprisonment of five years and a fine of up to $250,000.

U.S. Attorney Fein stressed that a complaint is not evidence of guilt. Charges are only allegations, and each defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt.

Individuals with knowledge of Newtown-related fundraising schemes are encouraged to contact the FBI in Connecticut at 203-777-6311.

U.S. Attorney Fein noted that potential federal charges associated with fraudulent fundraising and charity schemes include wire fraud (18 USC 1343, 20-year maximum prison term), access device fraud (18 USC 1029, 10-year maximum prison term), and interstate transportation of stolen property (18 USC 2314, 10-year maximum prison term).

This case is being investigated by the Federal Bureau of Investigation. The case is being prosecuted by Assistant United States Attorney Jonathan Francis.

Facebook Phishing

There is a Facebook phishing scam circulating via email. The email looks as show below; however, the link doesn’t really take you to Facebook.

Example:
From: “Facebook.Team” F28991E87@borgesglass.com
To: myemail@domain.com
Subject: Account activation
Date: Wed, 19 Dec 2012 02:04:41 -1200
List-Unsubscribe: mailto:1B337AA6C3EE4D64226F@shabri.org

Hi id,
Your account has been blocked due to suspicious activity.
To re-activate account, please follow this link:

http://www.facebook.com/confirmemail.php?e=myemail@domain.com&c=4448890

You may be asked to enter this confirmation code: 4448890
The Facebook Team
Didn’t sign up for Facebook? Please let us know.

Actual hidden link that takes you to the hostile website:

http://sitedating2013.info/link.php?user=myemail@domain.com&id=95F0BBA2A5B&key=313CA548B6D9

Morgan Freeman Sandy Hook Hoax

A picture and article attributed to Morgan Freeman that has been circulating on Facebook since the Sandy Hook Elementary School shooting appears to be a hoax. Whenever there is a major news event, perpetrators of fraud try to take advantage of the situation. Internet users should take care before clicking on pictures or links.

The following is a copy of the Facebook hoax:

Morgan Freeman Facebook Hoax

Morgan Freeman Facebook Hoax

 
Morgan Freeman’s brilliant take on what happened yesterday :

“You want to know why. This may sound cynical, but here’s why.

It’s because of the way the media reports it. Flip on the news and watch how we treat the Batman theater shooter and the Oregon mall shooter like celebrities. Dylan Klebold and Eric Harris are household names, but do you know the name of a single victim of Columbine? Disturbed people who would otherwise just off themselves in their basements see the news and want to top it by doing something worse, and going out in a memorable way. Why a grade school? Why children? Because he’ll be remembered as a horrible monster, instead of a sad nobody.

CNN’s article says that if the body count “holds up”, this will rank as the second deadliest shooting behind Virginia Tech, as if statistics somehow make one shooting worse than another. Then they post a video interview of third-graders for all the details of what they saw and heard while the shootings were happening. Fox News has plastered the killer’s face on all their reports for hours. Any articles or news stories yet that focus on the victims and ignore the killer’s identity? None that I’ve seen yet. Because they don’t sell. So congratulations­, sensationalist media, you’ve just lit the fire for someone to top this and knock off a day care center or a maternity ward next.

You can help by forgetting you ever read this man’s name, and remembering the name of at least one victim. You can help by donating to mental health research instead of pointing to gun control as the problem.”

Child Predators and Internet Safety

Lancaster County associate pastor arrested by Attorney General’s Child Predator Unit; families urged to review Internet safety during the holidays

LANCASTER, PA — Agents from the Attorney General’s Child Predator Unit have arrested an associate pastor from Lancaster County accused of using Facebook and text messages to sexually soliciting a 15-year old boy, along with sending a nude photo to the boy.

Attorney General Linda Kelly identified the defendant as Clarence Tyrone Taylor, 26, of 442 Manor St., Columbia.

Kelly urged parents to regularly discuss Internet safety with their children, especially during times when family schedules change – such as during holiday vacations. She noted that some predators attempt to arrange meetings with kids, while others send nude photos or sexually explicit videos, many times during their initial online chats.

“Predators use popular social networking sites like Facebook to identify young people who may be vulnerable or lonely, gathering details about their activities and interests and using that information to gain their trust,” Kelly said. “Computer and smart phone technology now makes it quick and easy to send messages, photos or video, and many of the men arrested by the Child Predator Unit began sexually graphic discussions during their first online conversations with what they believed were children.”

Kelly said that Taylor allegedly made suggestive comments to several young people in his congregation, prompting parents to approach the pastor of the church. In response to those complaints, the pastor contacted Lancaster County Detectives and the Lancaster City Police Department, who forwarded the case to the Attorney General’s Office because of the specialized investigations performed by the Child Predator Unit.

According to the criminal complaint, Taylor used Facebook to contact a 15-year old boy from his church – telling the young man that he was “cute,” commenting on his appearance and suggesting that they spend more time together. Taylor also allegedly encouraged the boy to contact him via cell phone and to delete all messages between them.

Kelly said that following a review of those Facebook messages, an undercover agent from the Attorney General’s Office assumed the online identity of the boy and continued communication with Taylor.

Over the course of several days, Taylor allegedly engaged in a series of text message conversations – sending an explicit nude photo to the boy, requesting similar photos in return and suggesting that they meet for sex.

Taylor was taken into custody on Thursday, December 13th, by agents from the Attorney General’s Child Predator Unit, assisted by officers from the Columbia Borough Police Department.

Taylor is charged with one count of solicitation to commit sexual abuse of children, a second-degree felony punishable by up to ten years in prison and a $25,000 fine.

Taylor is also charged with one count of unlawful contact with a minor (related to obscene and other sexual materials and performances) and one count of criminal use of a communications facility, both third-degree felonies which are each punishable by up to seven years in prison and $15,000 fines.

He was preliminarily arraigned before Columbia Magisterial District Judge Robert A. Herman and lodged in the Lancaster County Prison in lieu of $75,000 bail. Taylor is also prohibited from having any contact with the victim.

A preliminary hearing will be scheduled before Magisterial District Judge Robert A. Herman and the case will be prosecuted in Lancaster County by Deputy Attorney General Christopher J. Jones of the Attorney General’s Child Predator Unit.

Kelly thanked the Columbia Borough Police Department for their cooperation and assistance with this investigation.
Internet Safety

Kelly noted that the Child Predator Unit has made 314 arrests since it was created.

Kelly urged parents to regularly discuss Internet safety and security issues with their children, including the importance of telling a trusted adult if someone engages in inappropriate online activity, such as:

  • Sexual discussions.
  • Sending or requesting nude photos or explicit videos.
  • Sharing links to pornography.
  • Trying to arrange face-to-face meetings.

Additionally, Kelly said parents and other caregivers should also monitor how kids are using the Internet, including:

  • Checking the websites they use frequently.
  • Searching the social networking sites they visit.
  • Asking them to show you their online profiles on Facebook and other websites.
  • Discussing the items they may be posting online.

Kelly also encouraged parents to stress the importance of not sharing personal information online, like full names, ages, addresses, phone numbers and school information, and added that children should always be especially cautious about strangers who approach them online.

Suspected internet predators can be reported to the Attorney General’s Office by clicking on the “Report a Predator” link, located on the front page of the Attorney General’s website, or by calling the toll-free Child Predator Hotline at 1-800-385-1044.
(A person charged with a crime is presumed innocent until proven guilty.)

People Forget, Computers Do Not

In 2003, the British Government published a report on Iraq’s security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file.

Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, convert them to plain ascii text.  For instance, you can copy and paste the information to a “notepad” or turn the document into an html page.

For more info, and to download Microsoft’s Hidden Data Removal tool, see http://www.microsoft.com/downloads/.