“An audacious hacker has defaced 175 Australian websites in an attack that links viewers to his personal website, email and Facebook fan page.

The hacker, who is described as a 26 year old male from Tunisia, launched the attacks after a Brisbane hosting provider — which Computerworld Australia will not name — left a permission level too low on an Apache server.

A manager at the provider said the exploit was present in an obscure program on the provider’s servers, which the hacker used in the mass defacements that included the hosting provider’s websites.

The hacker provided links to his Facebook, Myspace and Blogger accounts, along with a phone number based in Romania.”

(Source: Hacker wrecks 175 websites, leaves Facebook fan link – network access control (NAC), exploits and vulnerabilities, defacements – Computerworld)

“But the White House this week issued a memorandum delineating the cybersecurity duties of the Office of Management and Budget, White House cybersecurity coordinator and DHS, with DHS gaining more responsibility in assuring agencies comply with FISMA. Technically, OMB retains its authority outlined in FISMA, the law is the law, after all. In practice, however, DHS role in IT governance has grown. “

(Source: DHS Given More Cybersecurity Responsibilities)

“Three men have been indicted in connection with a Ukraine-based fraud scheme which tricked Internet users into believing their computers were infected and collected some 100 million dollars, officials said Thursday.

Internet users in more than 60 countries purchased more than one million bogus software products from the three defendants, two Americans and a Swede, the Justice Department said in a statement.”

(Source: 3 indicted in $100 million Internet ’scareware’ scheme – Yahoo! News)

“The FBI’s top anti-cyber crime official today said the agency is planning a law enforcement action against so-called ‘money mules,’ individuals willingly or unwittingly roped into helping organized computer crooks launder money stolen through online banking fraud.

Patrick Carney, acting chief of the FBI’s cyber criminal section, said mules are an integral component of an international crime wave that is costing U.S. banks and companies hundreds of millions of dollars. He said the agency hopes the enforcement action will help spread awareness that money mules are helping to perpetrate crimes.

‘We want to make sure that public understands this is illegal activity and one of the best ways we can think of to give that message is to have some prosecutions,’ Carney said at a Federal Deposit Insurance Corporation (FDIC) symposium in Arlington, Va. today on combating commercial payments fraud. ‘We realize it’s not going to make the problem go away, but it should help raise awareness and send a signal.’”

(Source: FBI Promises Action Against Money Mules — Krebs on Security.)

“The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail. Col. Jonathan Dahms, chief public affairs for the Army Reserve, said the personal data was contained on a CD-Rom in a laptop that was stolen from the Morrow, Ga. offices of Serco Inc., a government contractor based in Reston, Va.

The laptop was one of three stolen from the Serco offices, but it was the only one that contained sensitive personal information, Dahms said.”

(Source: Stolen Laptop Exposes Personal Data on 207,000 Army Reservists — Krebs on Security.)

“The 22-year-old son of a Tennessee state senator was convicted last week on one felony charge and one misdemeanor charge arising from his hacking into Sarah Palin’s Yahoo mail account during the 2008 presidential campaign.

PCWorld.com reports David Kernell was convicted of ‘felony destruction of records to hamper a federal investigation and of a misdemeanor charge that he unlawfully accessed a protected computer.’ The jury acquitted him of federal wire fraud charges.”

(Source: Palin Hacker Convicted, Faces Up to 21 Years in Prison | Blogs | ITBusinessEdge.com.)

“Cyber criminals are focusing on developing expertise in one specific skill–such as coding, hacking or moving money–rather than being generalists as they collaborate with colleagues to carry out computer exploits, a senior FBI cybersecurity official said today.

The cyber underground now consists of subject matter experts that focus on their specific areas, Steven Chabinsky, an FBI deputy assistant director in the bureau’s Cyber Division, said today at the FOSE 2010 trade show in Washington. Chabinsky added that almost every cyber criminal is now a member of an online forum or chat service.

‘Just like you have doctors who are specialists instead of general practitioners, we have cyber criminals who are specialists instead of general practitioners,’ Chabinsky said.”

(Source: Cyber criminals getting specialized, FBI says — Federal Computer Week.)

“A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and ‘disrupt’ data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center (CSOC) since 2004. The CSOC is used to vet people who have ‘access to sensitive information and secure areas of the nation’s transportation network,’ according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.”

(Source: Feds: TSA Worker Tried to Sabotage Terror Database | Threat Level | Wired.com.)

“As economic espionage and hacking become growing threats to the West, the Canadian Security Intelligence Service is stepping up efforts to persuade businesses to safeguard secrets deemed vital to national interests.

CSIS’s corporate-outreach program, which started in the 1990s, largely fell by the wayside during the years after the Sept. 11 attacks in the United States, when fighting terrorism absorbed nearly all the spy service’s energies.

But emerging threats – including shadowy-but-powerful hacker networks based in China – are sparking a renewed federal interest in forging partnerships between the corporate and intelligence worlds.

‘CSIS has and continues to speak with various corporations in Canada on potential security threats, which may have an impact on national security interests,’ CSIS spokeswoman Isabelle Scott said in an e-mailed response to questions from The Globe and Mail. ‘CSIS alerts firms to common covert methods used by those who may target them.’”

(Source: Cyberattacks push CSIS to reach out to business – The Globe and Mail)

“The risk of a catastrophic cyberattack is approaching the gravity of the nuclear risk, according to the Bush administration’s top spy.

‘The cyber risk has become so important that, in my view, it rivals nuclear weapons in terms of seriousness,’ Michael McConnell, former director of national intelligence, said Tuesday at a hearing of the Senate committee on commerce, transportation, and technology. “

(Former Intelligence Chief: U.S. Would Lose Cyberwar — Cybersecurity — InformationWeek)