Security roundup for week ending Nov. 11

Is there justice in cyberspace? The U.S. Department of Justice (DOJ) last week offered hope there is, charging seven individuals with 27 counts of wire fraud and other computer-related crimes in connection with a massive "clickfraud" scheme that was based in Estonia.

The arrests of six of these individuals were carried out in cooperation with the Estonian police, and the U.S. wants them extradited to the U.S. to stand trial. Viewed at one of the largest botnet operations ever, the group allegedly controlled at least half a million infected computers in the U.S. The defendants are said to have set up a phony Internet advertising agency, entering into agreements with online ad providers that would pay the group whenever its ads were clicked on by "users," otherwise known as victims with malware-infected computers.

Security vendors such as Trend Micro also helped in the case, and if you look at some of the visuals of the crime group's computer operation that Trend Micro is providing, you'll notice it's all in Russian, not Estonian. In fact, one of the indicted suspects not yet in custody, Andrey Taame, resides in Russia. Though neighbors geographically, Estonia and Russia have had a tangled and tormented history when it comes to their languages, which are not at all similar. Russian is apparently the preferred language for cybercrime in this case. Always sad to see the language of Tolstoy debased in this way...

Case of former Motorola software engineer gets started

Federal prosecutors are accusing Hanjuan Jin of stealing copious amounts of sensitive Motorola documents to share with the Chinese military and a China-based firm, Kai Sun News (Beijing) Technology Company, based on actions alleged to have taken place about four years ago that have finally made it to trial in a Chicago court last week. Jin was detained at O'Hare International Airport by U.S. Customs officials in 2007 as she attempted to board a plane to China with a one-way ticket, $30,000 and a massive pile of Motorola-printed and electronically stored documents, as well as Chinese documents for military telecommunications technology.

Even as this closely watched case began, another element in the winding story of Jin unfolded. 4G equipment manufacturer Lemko sued Motorola Solutions, accusing the company of trying to "destroy" Lemko through "Chinese spy ring" insinuations against Lemko. Motorola, in its own investigations into Jin's actions, believes she went off to secretly work for Lemko during a period she was ostensibly on leave for medical reasons from Motorola, and Motorola more than three years ago launched a civil lawsuit against Lemko. The two have been battling legally ever since.

Another chapter in the SSL certificate mess

The security of SSL server certificates has been called into question in the wake of data breaches at several SSL certificate authorities during the past few months, and last week the latest to acknowledge a problem was Dutch-based telecom provider KPN, which stopped issuing certificates after it said its Web server used in issuing them may have been hacked.

Cyberspace, a dangerous place

In just two instances that made news last week, the Israeli government had to fend off suggestions that its government servers were under attack from enemies and quite possibly the hactivist group Anonymous, which had allegedly issued a threat to the Israeli government after Israel moved to blockade vessels bound for the Gaza Strip. Israel says it was a "server glitch" that took several government websites offline, including those of the Mossad Intelligence service, Israel Defense Forces and the Israeli Security Agency. Some glitch.

In the private sector, Adidas had to shut down several websites due to what it said was a criminal attack. These included,, and But Web services were restored later in the week.

Charlie Miller, at it again

When security researcher Charlie Miller showed off his considerable skills in hacking Apple products by creating a little booby-trapped proof-of-concept app called Instastock that bypassed Apple's code inspection process to be published in Apple's App store as a demonstration of a flaw he'd uncovered, Apple was not amused.

The app, which looks as though it just lists stock ticker information, is actually a Trojan that can connect back to Miller's server so he can read what's on the iPhone and control it. Miller wasn't hiding what he'd done and in fact discussed it with a Forbes reporter. Apple immediately yanked Miller's iOS Developer Program License, saying Miller violated the developer agreement.

Miller, a noted security researcher who was included in our Security Industry All-Stars lineup this year, was ticked off. Readers familiarizing themselves with Miller's actions of last week seem to be torn between taking Apple's side or his, some calling Miller a "buffoon" and another saying Apple seems to be "shooting the messenger" carrying bad news about Apple security.

Personally, I think Apple should go with the flow on this one unless they think Miller is a secret Chinese spy.

DARPA wants to push security envelop

Network World News Editor Michael Cooney attended the "Colloquium on Future Directions in Cyber Security" meeting held this week by the Defense Advanced Research Projects Agency (DARPA), and he reports DARPA is working on radically new methods for authentication. In a program called Active Authentication, the goal is to tie identity to the level of access within a system, with the machine using software applications that can determine identity through activities the user normally performs.

Gen. Keith Alexander, who gave a keynote address at the DARPA meeting, spoke on the topic of cloud computing, expressing confidence it can be used securely.

In cloud-security product news, RSA and McAfee each announced major cloud-security offerings related to secure authentication and other services in cloud environments.

News you can use

If you're looking for tips on secure use of Wi-Fi, check out Eric Gaier's article "Wi-Fi Security Do's and Don'ts."

Also, consultancy Forrester published a report last week called "Planning for Failure" that offers advice on handling data breach incidents. One point that Forester makes is it could be wise to hold back on remediation until a complete forensics examination is done and law enforcement is contacted. Forrester says security professionals in a company have to decide immediately after a data breach is identified whether they will try to prosecute the perpetrator, and closing down security weaknesses that may have been exploited could destroy needed evidence.

Security services -- everything from consulting to code-writing to maintenance to managed security -- are set to accelerate over the next three years, according to Gartner research published last week, which predicted spending will hit $49 billion in 2015. Managed security services are seen as the fastest rising in all the segments Gartner defines, with small to midsize companies driving a lot of new business.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of Justicetrend microsecurity

More about AdidasAdidasAppleDefense Advanced Research Projects AgencyDepartment of JusticeDOJFBIGartnerKPNLANMcAfee AustraliaMotorolaRSATechnologyTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts