Nasty iPhone Worm Hints at the Future

As smart phones become smarter, malicious code will find a friendlier home.

By Robert Lemos

As mobile phones get more powerful, the threat of serious attacks against such devices increases, security experts warn. This week, cybercriminals moved closer to proving this point–exploiting a weakness in modified iPhones to spread a worm programmed to steal banking information. Some experts say the worm may be a sign that criminals are getting more savvy about hacking mobile devices.

Last Saturday, researchers at several security firms reported that the new worm, dubbed “Ikee.B” or “Duh,” spreads using the default password for an application that can be installed on modified versions of the iPhone. Once the device has been compromised, the worm grabs text messages, and searches for banking authorization codes used by at least one bank, before sending the codes to a central server. Earlier this month, another iPhone worm was released. It exploited the same password weakness to spread itself, but did not try to steal personal information.

“The banking [attack] is new to mobile devices,” says Chet Wisniewski, a senior security advisor at antivirus firm Sophos. “It goes through your phone, grabbing all your text messages, and sends them off to a server in Lithuania.”

Since the attack affects only the small number of iPhones that have been “jail broken”–modified to run nonapproved software–the worm will likely inconvenience only a few people. Yet some researchers say the worm confirms that attacks against mobile users are evolving, and that cybercriminals are targeting the personal and financial information kept on portable devices. The ability to communicate with a central command-and-control server–a characteristic more commonly associated with hijacked PCs–also makes such software more dangerous.

This past summer, at the Black Hat Security Briefings conference in Las Vegas, Charlie Miller, a consultant with Independent Security Evaluators, demonstrated a way to remotely attack iPhones using the short message service (SMS) protocol. Miller says it’s only a matter of time before cybercriminals find a way to infect phones that haven’t been jail broken, vastly increasing the potential scale of an infection. “A [more serious] worm against an iPhone or any other mobile device is going to happen,” Miller says. “It is going to happen to [Google's] Android and iPhone and everything else. As more bad guys do research into the mobile platforms, these devices are going to get attacked.”

The evolution of the Ikee.B or Duh worm can be traced back to early attacks against mobile devices. In 2000, Timofonica, a relatively simple virus that spread between desktop computers and servers, also had the ability to spam mobile phones in Spain with text messages. In 2004, Cabir, the first mobile-phone-only worm, was released. Cabir could jump automatically between Nokia handsets.

Article Continues – http://www.technologyreview.com/communications/24011/?a=f

Wired Science News for Your Neurons Courtroom First: Brain Scan Used in Murder Sentencing

By Alexis Madrigal

A defendant’s fMRI brain scan has been used in court for what is believed to be the first time.

//

Brain scan evidence that the defense claimed shows the defendant’s brain was psychopathic was allowed into the sentencing portion of a murder trial in Chicago, Science reported Monday. Brian Dugan, who had been convicted of the rape and murder of a 10-year old, was sentenced to death, despite the fMRI scans.

“I don’t know of any other cases where fMRI was used in that context,” Stanford professor Hank Greely told Science.

While the possibility of using fMRI data in a variety of contexts, particularly lie detection, has bounced around the margins of the legal system for years, there are almost no documented cases of its actual use. In the 2005 case Roper v. Simmons, the Supreme Court allowed brain scans to be entered as evidence received at least one amicus brief based in part on brain scans showing that adolescent brains work differently than adult brains. But it’s not clear that the Court used that evidence in making its decision.

“The Court didn’t not rely on, or even mention, that evidence in support of its conclusion,” Greely wrote in an email to Wired.com.

In any case, that’s a far cry, though, from using fMRI to establish the truth of testimony or that specific structures within an individual defendant’s brain are legally relevant.

It’s difficult to tell whether the Dugan case will be a watershed moment in the use of brain scan evidence in court, or if the evidence impacted the decision in this case.

“The penalty phase of a capital case … is a special situation where the law bends over backwards to allow the convicted man to introduce just about any mitigating evidence,” Greely noted.

Earlier this year, Wired.com reported on another attempt to use fMRI evidence in which Greely’s MacArthur Foundation Law and Neuroscience Project was involved. In that case, fMRI evidence was entered into a juvenile sexual abuse case in San Diego, but was withdrawn without being admitted.

The debate over whether or not to use fMRI evidence has several dimensions. The first is whether reliable evidence can be obtained. On that score, fMRI appears to perform well. In a very small number of studies, researchers have identified lying in study subjects with accuracy ranging from 76 percent to over 90 percent (pdf). The real doubts begin to surface about whether the data will be good outside the laboratory in real settings.

“When you build a model based on people in the laboratory, it may or may not be that applicable to someone who has practiced their lie over and over, or someone who has been accused of something,” Elizabeth Phelps, a neuroscientist at New York University told Wired.com in March. “I don’t think that we have any standard of evidence that this data is going to be reliable in the way that the courts should be admitting.”

Even if the data isn’t perfect, some law theorists say it might be on par with traditional lie-detection carried out by human beings, if not better.

“It’s not clear whether or not a somewhat reliable but foolproof fMRI machine is any worse than having a jury look at a witness,” Brooklyn Law School’s Edward Cheng said. “It’s always important to think about what the baseline is. If you want the status quo, fine, but in this case, the status quo might not be all that good.”

Others like Greely argue that until studies are conducted under realistic settings, the technology should stay out of the courtroom.

One thing seems clear: If brain scan data has even a remote change of helping a defendant’s case, defense lawyers will keep to try to enter the evidence into court.

Via Greg Miller, Science

11/24: Updated to include further comments by Hank Greely about Roper V. Simmons.

Image: flickr/foreverdigital

http://www.wired.com/wiredscience/2009/11/brain-scan-murder-sentencing/

An introduction to the FBI’s anti-cyber crime network

The FBI explained how its anti-cyber crime task force works at a Congressional hearing this week, and outlined the Bureau’s latest accomplishments, which include catching the masterminds of a coordinated raid on over 1,000 ATM machines. But nobody thinks the United States is prepared to stop a really bad attack through cyberspace on our financial or physical networks.

By Matthew Lasar

The Federal Bureau of Investigation told Congress this week that when it comes to cyber crime, terrorist groups like Al Qaeda aren’t the sharpest pencils in the cup, but they’re not out of the game either. “It is always worth remaining mindful that terrorists do not require long term, persistent network access to accomplish some or all of their goals,” Steven R. Chabinsky, one of the Bureau’s Cyber Division directors, explained to a Senate Judiciary Subcommittee. “Rather, a compelling act of terror in cyberspace could take advantage of a limited window of opportunity to access and then destroy portions of our networked infrastructure.”

And there are lots of such windows, Chabinsky added, since, “we, as a nation, continue to deploy new technologies without having in place sufficient hardware or software assurance schemes, or sufficient security processes that extend through the entire lifecycle of our networks.”

Thus the FBI has set up its own network to respond to whatever comes down the pike. Time will tell, and probably soon, how effective it is, but Chabinsky laid it out all the parts at the hearing. They include a division within the bureau, an inter-federal task force, an alliance with state, local, and industry enforcers, and a consumer complaint center.

Big news

Before unpacking these components, it should be noted that cyber crime is big news these days, with top officials repeatedly warning that the United States is not prepared for a major attack through the net on its financial or physical structures. “The architecture of the Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient,” the White House concluded in its recent Cyberspace Policy Review.

Millions of Americans got a sense of the global situation on a recent 60 Minutes feature, which noted that a cyber attack probably took out the power in several cities in Brazil between 2005 and 2007. Then they learned about our “electronic Pearl Harbor,” described by Jim Lewis of the Center for Strategic and International Studies:

“Some unknown foreign power, and honestly, we don’t know who it is,” Lewis explained to 60 Minutes’ Steve Kroft, “broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.” And last November some sleuths, possibly just by leaving thumbnail drives around, managed to get into the U.S. Central Command network (CENTCOM). Thumbnails are now banned from use at the agency.

That is why the White House cyberspace assessment concluded that the Federal government “is not organized to address this growing problem effectively now or in the future.” And that’s why we’re seeing Capitol Hill hearings on the extant structure and how to improve it. Here’s how the FBI is fitted to deal with the problem at this point.

Phish fries

The FBI’s first line of defense against cyber crime is its Cyber Division. It has about 2,000 special agents who have received some kind of instruction in this field, and another 1,000 with more advanced training.

The Cyber Division’s most noted recent accomplishment was a raid completed in October dubbed “Operation Phish Fry.” The 100 people caught in this sting are accused of stealing about $1.5 million from U.S. bank account holders via phony email solicitations—complete with links to bogus bank web sites. About half the defendants are Egyptian citizens who sent out the phishing messages and broke into the bank accounts. The other half hail from Nevada, California, and North Carolina. They’re accused of transferring the ill gotten money to U.S. bank accounts, then siphoning it out of the country.

What was significant about Phish Fry was that it was it involved an unprecedented partnership with Egyptian police. Catching up with these kind of assaults isn’t easy. It took about a year for the Cyber Division to collar the Eastern European masterminds of a massive simultaneous heist of 2,100 ATMs in 280 cities in the US, Canada, Japan, the Ukraine, and Hong Kong. The Great ATM Robbery was quite an operation, which involved penetrating a credit/debit card processing company, identifying PIN numbers, then coordinating a global network of baddies who strolled over to ATMs and collectively helped themselves to $9 million in cash.

But the ultimate goal is stopping these virtual raiders before they strike. The FBI’s Operation Dark Market seems to be the closest step towards that Holy Grail. The agency claims the so-named online network was a kind of exclusive stock exchange for crooks, where they bought and sold stolen financial data. Dark Market had 2,500 registered members. An FBI operative managed to talk his way into a job as systems administrator for the cabal. The end result was 56 collars around the world.

Infragard

Then there’s Infragard. Coordinated by the FBI, it’s is a fellowship of federal, state, local, industry, and academic cybercrook catchers and watchers. Infragard has about 33,000 participants in almost 90 cities around the country, and you can apply to become a member yourself. The point is to build an accessible community for the FBI to contact on any given cyber-crime problem, especially in the private sector, where IT managers and policy folk are understandably touchy about this stuff. “No governmental entity should be involved in monitoring private communications networks as part of a cybersecurity initiative,” warned Gregory T. Nojeim of the Center for Democracy and Technology, speaking before that Senate hearing.

Mindful of these concerns, Infragard hangs out around the margins between government and the private sector, “to promote ongoing timely dialogue,” in the FBI’s own words. Its chapters work with FBI Field Offices in the same geographic area. Infragardians conference on the latest technology and hold hacking contests.

Here’s the deal, as far as we can tell. You join Infraguard and become part of the FBI’s information cohort. In exchange, you get the following cool stuff:

• “Network with other companies that help maintain our national infrastructure. Quick Fact: 350 of our nation’s Fortune 500 have a representative in InfraGard.
• Gain access to an FBI secure communication network complete with VPN encrypted website, webmail, listservs, message boards and much more.
• Learn time-sensitive, infrastructure related security information from government sources such as Department of Homeland Security and the FBI.”

Needless to say, this makes people nervous. The Progressive magazine ran an exposé about Infragard in 2008 titled “The FBI Deputizes Business. The piece suggested that the organization may have given its members authority to “shoot to kill” in national emergencies. The FBI strongly denies this. “Patently false,” FBI Cyber Division director Shawn Henry called the assertion. But it’s likely that civil liberties minded observers will continue to squint at Infragard for the foreseeable future.

Complain complain complain

Then there’s the Internet Crime Complaint Center, a collaboration between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance (BJA). The point of IC3, as it’s called, is to provide a place for victims of online theft to make complaints, a centralized system for the government to take them, and a means to learn what the bad guys are up to this week.

IC3 received almost 280,000 complaints last year and did something about over 70,000 of them. In many instances it referred them to state and local law enforcement agencies. IC3 also issues regular advisories on the latest mischief. These include alerts on the latest social networking fraud techniques, tips for SQL programmers on protecting their sites from hackers, and even warnings about e-mails pretending to be FBI warnings about Al Qaeda.

The FBI, it should be noted, is just one component of the National Cyber Investigative Joint Task Force, which it leads, and which consists of representatives from 19 government agencies that struggle with cyber crime. But it’s unclear to what extent that coalition is going to have any obvious impact on the ground war against large scale roguery on the Internet. The spotlight will more likely continue to shine on the Bureau and Department of Justice’s efforts in this regard—success measured by results to some, or judged by others by their impact on the nation’s civil liberties.

http://arstechnica.com/web/news/2009/11/an-introduction-to-the-fbis-anti-cybercrime-network.ars

‘Fingerprinting’ RFID Tags: Researchers Develop Anti-Counterfeiting Technology

Engineering researchers at the University of Arkansas have developed a unique and robust method to prevent cloning of passive radio frequency identification tags. The technology, based on one or more unique physical attributes of individual tags rather than information stored on them, will prevent the production of counterfeit tags and thus greatly enhance both security and privacy for government agencies, businesses and consumers.

“RFID tags embedded in objects will become the standard way to identify objects and link them to the cyberworld,” said Dale R. Thompson, associate professor of computer science and computer engineering. “However, it is easy to clone an RFID tag by copying the contents of its memory and applying them to a new, counterfeit tag, which can then be attached to a counterfeit product — or person, in the case of these new e-passports. What we’ve developed is an electronic fingerprinting system to prevent this from happening.”

Thompson and Jia Di, associate professor of computer science and computer engineering and co-principal investigator on the project, refer to the system as a fingerprint because they discovered that individual tags are unique, not because of the data or memory they contain, but because of radio-frequency and manufacturing differences.

As Thompson mentioned, RFID tags are becoming more prevalent. They have been used in a wide range of applications, including government processes, industry and manufacturing, supply-chain operations, payment and administration systems, and especially retail.

“In spite of this wide deployment, security and privacy issues have to be addressed to make it a dependable technology,” Thompson said.

A passive RFID tag harvests its power from an RFID reader, which sends radio frequency signals to the tag. The tag, which consists of a microchip connected to a radio antenna, modulates the signal and communicates back to the reader. Working with an Avery Dennison M4E testcube designed for determining the best placement of RFID tags on packages, Thompson, Di and students in the Security, Network, Analysis and Privacy Lab measured tags’ minimum power response at multiple frequencies.

The researchers did this using an algorithm that repeatedly sent reader-to-tag signals starting at a low power value and increasing the power until the tag responded. Radio frequencies ranged from 903 to 927 megahertz and increased by increments of 2.4 megahertz. These measurements revealed that each tag had a unique minimum power response at multiple radio frequencies. Moreover, power responses were significantly different for same-model tags.

“Repeatedly, our experiments demonstrated that the minimum power response at multiple frequencies is unique for each tag,” Thompson said. “These different responses are just one of several unique physical characteristics that allowed us to create an electronic fingerprint to identify the tag with high probability and to detect counterfeit tags.”

Like other electronics equipment, cost and size have driven development of RFID technology. This emphasis means that most tags have limited computational capabilities; they do not include conventional encryption algorithms and security protocols to prevent cloning and counterfeiting. The electronic fingerprinting system addresses these concerns without increasing the cost or physically modifying the tag, Thompson said. The method can be used along with other security protocols for identification and authentication because it is independent of the computational capabilities and resources of the tag.

Thompson and Di are also developing network circuits that are resistant to side-channel attacks against readers and tags.

Story Source:

Adapted from materials provided by University of Arkansas, Fayetteville, via Newswise.

http://www.sciencedaily.com/releases/2009/11/091118160627.htm

Facial Biometrics System Capable of Creating a Facial ‘DNA’

A new facial biometrics system that is able to recognize the facial “DNA” of every individual by determining his/her most noteworthy facial traits. (Credit: Image courtesy of Universidad Carlos III de Madrid – Oficina de Información Científica)

Research into techniques of facial biometrics, carried out by scientists at Universidad Carlos III de Madrid (UC3M), has resulted in a system that is able to recognize the facial “DNA” of every individual by determining his/her most noteworthy facial traits, with a of 95% rate of precision.

Recognition techniques based on facial features, known as facial biometrics, is usually based on the search for those traits which make one face different from another. The research carried out by this team, in contrast, approaches the issue from a slightly different point of view.

“The difference between our work and the majority of the others that are found in this field is the idea of individualized models,” explains one of the study’s authors, mathematician David Delgado Gomez from the UC3M Statistics Department. “Our objective,” he continued, “is to create a model for each person which highlights the most distinguishing features of each face, as a sort of facial ‘DNA’.”

The researchers had this idea when they were imagining the situation of a crowded room where someone comes in asking for one of them. “Our way to describe a person is through some traits that the others don’t have, such as the tall woman with blue eyes, or the bald guy with a beard. We try to apply this idea to our algorithm,” remarked Professor Delgado, who has been carrying out this research with Federico Sukno, Kaushik Pavani and Alejandro Frangi from the CISTIB Group of Universidad Pompeu Fabra of Barcelona, and Bjarne Ersboll and Jens Fagertun from the mathematical modelling group of Technical University of Denmark, which has recently published an article entitled “Similarity-based Fisherfaces,” with some of their research results appearing in the scientific journal Pattern Recognition Letters.

Basic elements

A facial biometrics system is normally made up of three components. First, a camera is necessary to record an image; secondly, a software program is needed which determines if there is a face in that image, locating among other things, the facial geometry (the placement of the eyes, nose, mouth, etc.); and thirdly, a system that is capable of classifying all those elements to differentiate between them and those of other persons. The most complicated part, according to the researchers was combining the facial geometry and facial texture.

“With only the geometric information, very low classifications are obtained, which is why we combine this information with that of facial texture to obtain a more robust model, and a statistical way of combining them occurred to us, which offered very good results.,” Delgado pointed out. The researchers have shown that when this system is used in a controlled environment, it can achieve a 95% rate of precision.

The main complication occurring when using this type of systems is the lighting, which can change the color of the face. Another challenge is the passage of time, because as a person ages, his/her face undergoes changes as it becomes heavier, thinner, or more wrinkled, which can then fool the classifiers. On the other hand, the researchers add, it does have a significant advantage when compared to other biometric systems: it doesn’t need direct interaction with a person as do fingerprinting or iris recognition, for example.

Story Source:

Adapted from materials provided by Universidad Carlos III de Madrid – Oficina de Información Científica, via AlphaGalileo.

http://www.sciencedaily.com/releases/2009/11/091111121358.htm

A single smartphone can DoS federal wiretaps

The official protocol for providing US law enforcement with the ability to monitor and record calls in the digital era was a product of compromise and, according to new research, it shows: an enterprising hacker could have a wealth of tools to interfere with the monitoring.

By John Timmer

As the telecommunications world went wireless and digital, the tried-and-true method law enforcement agencies used for wiretaps—splicing into the local loop—was in danger of becoming an anachronism. In 1994, Congress passed the Communications Assistance for Law Enforcement Act, which required telecommunications switches to incorporate a capacity for government monitoring of phone calls and other communications. That requirement ultimately produced an ANSI standard, J-STD-025, that dictated the capabilities of the hardware interface used by law enforcement agencies. A team of academic researchers has now put that standard to the test, and found that it’s vulnerable to various forms of denial and obfuscation attacks.

As the authors note, the monitoring of domestic communications has been a source of controversy in recent years; others have questioned whether having a standard capacity built into every piece of communication hardware leaves the US communications infrastructure at risk of external attack. They avoid these issues, however, and focus on a simpler question: how well does the J-standard actually work?

The answer, it appears, is that it’s trivial to defeat it and interfere with wiretaps. The big caveat to this work is that the authors didn’t have access to any of the actual hardware used by law enforcement agencies; they simply tested whether hardware that follows the J-standard could hold up to a variety of attacks. It’s possible that hardware makers have exceeded the standards with more recent equipment, and obviated some of the problems.

Still, there are two reasons to think that at least some wiretaps would be vulnerable. The first is that the hardware that’s actually deployed is probably from a variety of generations and manufacturers, making it likely that some of it does the bare minimum needed to comply. The second is that the authors demonstrate multiple vulnerabilities, making it unlikely that even the best equipment handles all of them.

Part of the problem is that there are two classes of phone monitoring available to law enforcement: simple call logging, which is relatively easy to obtain, and full call recording, which is typically more challenging. The two are handled separately within the protocol, and the capacity granted for the logging was based on typical usage patterns at the time: a single, 64kbps ISDN line. The authors go on to show that it’s relatively simple to exceed this bandwidth with a single computer or smartphone, creating a denial of service situation.

Part of the problem is that there’s an asymmetry between the basic information that needs to be sent down a phone line—there’s a connection waiting—and all the information that law enforcement needs, such as the source, a datestamp, a case identifier, etc. This asymmetry ensures that even a simple unconnected call produces significant data that has to be stuffed down the 64kbps pipe.

The other part of the problem is that modern telephony creates a variety of methods of sending a lot of traffic to an individual phone line with minimal effort. So, for example, the authors use an ISDN phone to send commands to voicemail boxes at a rate of 94 calls a second. Forty-two text messages a second would also work, as would repeated call/hangups using IP telephony. A rate of 20 hangups a second would do the trick, and the researchers were easily able to exceed that from a residential broadband connection.

Since the J protocol doesn’t allow for queueing or buffering, once the bandwidth is exceeded, any information that can’t be stuffed down the pipes is lost. So, once these levels are exceeded, law enforcement call logging becomes unreliable. The protocol is less clear about the capacity allocated to content monitoring, but the authors’ analysis suggests that this would be even easier to saturate.

More sophisticated attacks are also possible. For example, the J protocol calls for a termination of call recording once a tone is registered. However, communications hardware will only register the tone if it originates from specific hardware. As a result, a person being monitored could send the tone over their phone; the monitoring equipment should hang up, while the call would continue.

The authors were also able to craft a variety of IP packets that would interfere with monitoring. These include false datestamp information—which would inject irrelevant packets into the middle of a conversation—and eliminating the directionality information used by packets in some CDMA cellular systems. They also built packets that would be routed part of the way to the end user, but never reach them; these would be seen by the tap, but not interfere with the phone conversation.

All told, the authors come up with six attack scenarios that they consider practical, in that they could be carried out with readily available equipment. In fact, they tested a number of them using a laptop tethered to a CDMA phone (in one case, causing Sprint to throttle back their bandwidth).

They also suggest a number of stopgap measures that could be used to help avert some of their own scenarios, such as providing law enforcement with greater bandwidth. Still, it’s clear that they think the J standard is due for a complete rewrite, as they suggest it was the product of compromise among law enforcement, hardware makers, and telcos, and a product of simpler telecommunications times.

http://arstechnica.com/security/news/2009/11/a-single-smartphone-can-dos-federal-wiretaps.ars

The “DNA Pardon”: Murder Sentence Genetically Reduced

Gear up for Gattaca, as an Italian court has reduced a murderer’s sentence to account for his genes.  Despite the fact the relevant genetic science isn’t actually that advanced, the likely effects on the legal system, and the very real question of “Isn’t that ass backwards?”

A Mr Bayout stabbed a man to death for insulting his eye make-up in 2007.  These facts are not in doubt, and have been admitted by Mr Bayout himself.  The standard twelve year term was reduced by three years because of “psychiatric illness”, because when someone not only murders people for cosmetic reasons but is unbalanced and inclined towards doing it again, it’s important to get them back on the street as soon as possible.  But then Judge Reinotti of the Italian Court of Appeal cut another year off the sentence because of a “genetic abnormality” causing our killer to have low-levels of metabolizing enzyme monoamine oxidase A (MOAO).

Studies show that low levels of MOAO in abused children can lead to violent behavior.  And other studies show the opposite, accounting for some of the infinity of other factors which could influence this.  And there’s the fact that the entire science of behavioral genetics is nowhere near the point of being used in society and sentencing, unless you have lawyer who’s throwing everything possible at a judge in order to reduce the conviction.
But even suppose you had a perfect genetic program which could pinpoint what a person will do (which would be a hell of a trick because genes don’t even remotely work like that):  if your lawyer proves that your genes make you more likely to suddenly, insanely lose your mind and shove a knife into another human being until they die, that doesn’t sound like something that should reduce your sentence.  If someone proves in a court of law that you cannot help but kill people, that your very genes lead to murder, wouldn’t the only sane response is to make sure that your genes aren’t walking around any more?

Luke McKinneySentence Reduced – http://www.nature.com/news/2009/091030/full/news.2009.1050.html?s=news_rss

http://www.dailygalaxy.com/my_weblog/2009/11/the-dna-pardon-murder-sentence-genetically-reduced.html

Tracking Devious Phishing Websites

Gone phishing: Researchers from Indiana University–left to right, Andrew Kalafut, Youngsang Shin, and Minaxi Gupta–are studying a trick used to make phishing sites harder to detect and block.  Credit: Aaron Bernstein/Indiana University Communications

Researchers are monitoring a trick that makes it harder to track and shut down fraudulent websites.

By Erica Naone

In the world of online fraud, as in real life, the longer miscreants can operate without being caught, the more money they stand to make. And experts have discovered that many phishers–crooks who use fake websites to trick users into giving up valuable personal information–have found a trick that makes it harder for the good guys to block or shut them down.

The trick, dubbed “flux,” allows a fake site to change its address on the Internet very quickly, making it hard for defenders to block these sites or warn unsuspecting users. According to research recently published in the journal IEEE Security and Privacy, about 10 percent of phishing sites are using flux to hide themselves.

Flux makes use of the Internet’s domain name system, which is responsible for matching a Web address typed into a browser with the server that actually hosts a site. When a user tries to visit a Web page, the domain name system first directs the user to a name server, which maintains an up-to-date list of site addresses. This name server then tells the user’s browser where to find the desired site.

Normally, only a small number of machines host copies of a site–just enough to keep it going if something goes wrong. Fraudulent sites, however, are a different story. Phishing sites are often hosted through botnets–thousands of hijacked machines distributed across the globe.

“These machines don’t belong to the miscreants, they belong to you and I and our grandmothers,” says Minaxi Gupta, an assistant professor of computer science at Indiana University who was involved with the research. Because phishers have access to so many machines, she explains, they can use all of them to move a site around rapidly, throwing defenders off the scent while keeping the website available.

To use flux, a phisher needs to control a domain name, which gives him the right to control its name server. The phisher then sets the name server so that it directs each new visitor to a different set of machines, cycling quickly through the thousands of addresses available within the botnet. Gupta notes that flux is most effective when the phisher shifts the location of the name server as well. If the name server is also moving to different locations on the Internet, it’s doubly hard for defenders to pinpoint a central location where the fake website can be shut down. Gupta’s group found that 83 percent of phishing sites that used flux this way lasted more than a day before being blocked, compared with a 65 percent survival rate for sites that didn’t use flux.

Article Continues – http://www.technologyreview.com/web/23747/?a=f

SC World Congress: Forensic tips in court

Computer forensics experts called to testify before a judge and jury must relay the facts of the case but equally important, must convey them in a way a jury can understand.

On the witness stand, a computer forensic expert must also establish himself or herself as a reliable source, Mark Pollitt, visiting professor at the National Center for Forensic Science at the University of Central Florida, said Tuesday at the SC World Congress in a session called “Forensics for Court.”

The goal, he said, is to establish personal credibility, relay the facts of the case clearly, ensure the judge and jury comprehend the facts and, finally, to be likable.

“The facts aren’t enough,” Pollitt said.

Getting and maintaining credibility with the jury is essential for an expert witness, Pollitt said. A jury typically is not technology savvy, so a forensic expert has the opportunity to teach members during testimony. But a jury will not be willing to learn from someone it does not believe is a credible source, so witnesses must explain their credentials in a way that is easy to understand, Pollitt said.

When relaying the facts of the case, a forensic expert must ultimately tell two stories – what the perpetrator did and how the evidence was gathered that proves that person is the culprit.

To effectively tell these stories, it is important to “banish the geek speak,” Pollitt said. In other words, don’t speak in acronyms or assume a jury understands a certain evidence-gathering technology or process. On the witness stand, a question might be asked that requires a lengthy background explanation for the jury to understand the answer. If this happens, lay the foundation and build up to the point of the story, he said.

In addition, Pollitt recommended reiterating the technical details of the evidence-gathering process and make eye contact with each juror to ensure comprehension. Also, some people learn visually, so providing a “cheat sheet” for jurors with the technical details of the forensic evidence is beneficial, Pollitt said. Just make sure to ask the lawyer if a “cheat sheet” will be allowed, he added.

Finally, during cross-examination maintain the same demeanor, reiterate the technical details of the case and relay the same testimony, Pollitt said.

http://www.scmagazineus.com/SC-World-Congress-Forensic-tips-in-court/article/152181/

Virtual Autopsy Table brings multitouch to the morgue

Ever wonder what the insides of a human being really look like but lacked the grit or credentials to watch an autopsy in the flesh? Well, whatever the reasons, we can all probably agree this is one of the best uses for a multitouch table surface ever. The Virtual Autopsy Table (developed by Norrköping Visualization Centre and the Center for Medical Image Science and Visualization in Sweden) makes use of high resolution MRIs, rendered and processed into 3D images which are then accessible in the table itself. The results are super impressive and educational — not to mention the fact that there’s no actual cutting involved! The autopsy table was obviously developed with educational purposes in mind, and we wouldn’t be surprised to see these cropping up in museums all over the globe any day now. Check out the truly riveting video after the break.

(See the Video demo) – http://www.engadget.com/2009/10/07/virtual-autopsy-table-brings-multitouch-to-the-morgue/