InfoTec Annual Security Breakfast

Every year at Infotec, the Computer Security groups in the Omaha area are invited to participate in a joint meeting. This is a chance for people to meet and network.


Infotec Annual Security Breakfast

GUEST SPEAKER: Chief Eric Buske - Omaha Police
CORPORATE SPONSOR: Fishnet Security

WHO: All Nebraska/Iowa Information Security Professionals

WHEN: Tuesday - April 14, 7:00 am

WHERE: QWEST Center Omaha
Conference Room 215
455 North 10th Street
Omaha, Nebraska

HOW: YOU MUST RSVP to infragard.nebraska "at" gmail.com
and provide name, company, phone and email address
by April 8th, if you want to eat at the event.

Hundreds of Stolen Data Dumps Found

A comprehensive new study that peers into huge troves of financial data stolen by cyber thieves confirms what experts have surmised from looking at much smaller, isolated caches of digital loot: That criminals can make hundreds, even thousands, of dollars a day selling data stolen with the help of widely available software toolkits.

Recent reports by security firms Finjan, RSA, SecureWorks and Symantec have shown that stolen identities, bank accounts and credit card numbers are sold in bulk every day in shadowy online forums, often for pennies on the dollar. In its analysis, Symantec found in 2007 that the going rate for the keys to assuming someone else's identity was between $14 and $18 per victim.

Those reports either presented conclusions based on examining a single cache of stolen data, or by observations based on watching transactions between cyber thieves. But a report released today by researchers at the University of Mannheim, Germany, offers a disturbing glimpse at the sheer abundance of this stolen data.

Read more from WashingtonPost.com.

Malware madness and spammers in the slammer: The year in cybercrime

One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices.

Security software company Symantec became the latest company to raise red flags about what it called the "underground server" economy last month, when it issued a report estimating that roughly $276 million worth of goods and information is available on online black markets. Credit card data accounted for 59% of the information available for sale on underground servers, Symantec reported, with identity theft information (16%), server accounts (10%), financial accounts (8%) and spam and phishing programs (6%) trailing far behind.

Read more from Network World.

CYB3RCRIM3

I recently ran across this blog (via Grand Stream Dreams) and thought it was worth noting. CYB3RCRIM3 is written by a law professor and has some helpful insights into the legal aspects of technology. Recent posts include:

• Fantasy Crime
• MapQuest as Hearsay
• The Nigerian Defense?
• Cartoon Child Pornography?
• Trojan Horse Warrant?
• Scope of Consent
• "Name"
• Antiforensics
• Attempt?
• Laptops and Borders . . . Again

http://cyb3rcrim3.blogspot.com/

Cybercrime leaves cybercops in the virtual dust

"The problem is that there aren't enough well-trained investigators, prosecutors and judges to use it effectively," he said.

In the courts, where penalties are traditionally imposed based on damages, the extent of damage caused by cybercrime is hard to assess, and it's tough to get victims involved. Individuals often don't realize what's happened, and businesses -- breach disclosure laws notwithstanding -- are generally reluctant to go to court.....

"The law is irrelevant to most cyberhackers – they can operate out of anywhere," said Mary Kirwan, a former cybercrime prosecutor in Canada. "The reality for law enforcement is that if you want them to act as speedily and effectively as the international cybercrime community, you need to give them the tools. If the hackers share all their information, and businesses and governments share none of their information, you can imagine which does better."

Read more from SearchSecurity.com