June 28, 2006
A new breed of USB trojan, which can automatically remove critical data from a PC or network was exposed recently at the IDG Endpoint Security show in London. Slurp.exe 2.0 in combination with tweaked U3 USB drives can copy and remove sensitive information from a network within minutes, by just being inserted into a USB port.
“As tales of high profile security breaches such as the 26.5 million US war veterans’ personal details and account details of 243,000 Hotels.com customers continue to dominate the headlines there’s no doubt that data theft has become a major for concern across the globe,” said Abe Usher. “Centennial DeviceWall proved to be a foolproof way to prevent the inappropriate use of portable devices in a network environment. It was very easy to set up and once running, completely blocked devices running Slurp.exe 2.0.”
Source: IT Observer
Two graduate students are suing Ohio University following a spate a recent data thefts from the insitution’s IT systems. Donald Jay Kulpa and Kenneth Neben claim their privacy was violated and are seeking a class action lawsuit against the university.
A recent consultants’ report concluded that Ohio’s Computer and Network Services division considered security as a low priority for the past decade. However, the division had an annual budget of about $11 million and recent annual surpluses averaging $1.4 million.
On April 21, the university announced it had discovered a security breach at its training center for fledgling businesses. Since the incident, breaches have been reported at the alumni office, health center, and the department that handles records for businesses the university hires.
A 24 year-old worker at the HSBC operation in Bangalore has been suspended following the theft of £233,000 (US $420,000) from the accounts of UK customers. The worker is accused of accessing confidential information and passing it onto criminal associates outside the bank.
There are even reports that the employee secured a place at HSBC using false records, which were not identified by the bank’s security procedures. HSBC has said it will compensate customers for any losses.
More on Silicon.com
June 26, 2006
A new survey released by Deloitte Touche Tohmatsu has revealed that a huge 82% of Financial Service Institutions (FSIs) globally have suffered a security breach in the last twelve months - and 72% of those compromised said that the breach cost them more than $1 million.
Half of respondents admitted that they had suffered both external and internal security breaches. 58% of FSIs claimed that combatting identity theft would be a major focus for them in the next year.
The survey highlighted the fact that addressing identity theft required a rounded approach, including mechanisms to manage the use of portable computing devices and to restrict the ability to move data off the network without proper authorization.
Australia’s leading internet crime-fighting agency was left red-faced this week after it emerged that operatives from the Australian High Tech Crime Centre (AHTCC) managed to lose a USB memory stick containing the personal details of 3,500 customers from 18 different banks. The device was apparently mis-placed en route from Sydney to London.
The lost dossier was part of a police investigation into Russian mafia ‘phishing’ scams. A number of suspects in Australia have been arrested, but a string of others were still being hunted by police. No arrests have been made since the memory stick was lost.
According to the AHTCC, the data on the memory stick was not password encrypted or password-protected - and the officer carrying the information was doing so in violation of several policies. There is no news of any disciplinary action against the officer involved.
The loss of the computer files has sparked an as yet unsuccessful search by Australian Federal Police officers of hotels and airports in Sydney, Singapore and London. Worse still, it appears that the affected bank customers were never informed by the AHTCC.
This bungle comes at a time when consumers are increasingly fearful of identity theft.
