CyberLex™

$9 Million ATM heist

2009-11-12T06:57:00.000-08:00

Hackers from Eastern Europe were indicted for allegedly breaking into the computer network of RBS WorldPay, an Atlanta-based credit card processing subsidiary of the Royal Bank of Scotland (RBS), and withdrawing $9.4 million dollars within 12 hours from 2,100 ATMS in 280 cities around the world.

According to the indictment, a pair of hackers identified vulnerabilities that let them break into RBS WorldPay’s system. The company manages payroll operations for dozens of banks and companies across the United States, and specializes in prepaid payroll cards -- a type of debit card that employers pay employees. Once into the system, the hackers stole card numbers and PIN codes. Using a method they devised to reverse-engineer the encrypted PINs, the hackers created 44 prepaid payroll cards with inflated limits and usable PIN codes.

The cards were distributed to a network of "cashers." On Nov. 8, 2008, the cashers started withdrawing money from ATMs in the United States, Canada, Russia, Estonia, Italy, Hong Kong, Japan and Ukraine. The cashers were paid with 30% to 50% of the proceeds.

RBS WorldPay later announced that financial account information of 1.5 million customers and the social security numbers of 1.1 million individuals may have been accessed by the ring.

See, “Four hackers indicted in $9.4 million ATM heist,” Christian Science Monitor, November 10, 2009, at http://www.csmonitor.com/2009/1110/p02s33-usju.html; “ATM hacking ring garnered millions,” Globe and Mail, November 11, 2009, at http://www.theglobeandmail.com/report-on-business/atm-hacking-ring-garnered-millions/article1358881/; B. Sterling, “The bank-card hackers and their army of cashers,” Wired, November 10, 2009, at http://www.wired.com/beyond_the_beyond/2009/11/the-bank-card-hackers-and-their-army-of-cashers/; "RBS credit card fraud gang 'stole $9m in 12 hours'," Telegraph, November 11, 2009, at
http://www.telegraph.co.uk/finance/newsbysector/epic/rbs/6541047/RBS-credit-card-fraud-gang-stole-9m-in-12-hours.html.

Sidekick falls through the Cloud

2009-10-16T03:33:00.000-07:00

In what is being described as the largest failing of "cloud computing" to date, about 1 million US owners of the T-Mobile Sidekick lost data stored on their mobile phones due to a back-up failure. A Microsoft subsidiary, Danger, operates the Sidekick data service.

T-Mobile and Microsoft announced that customers whose data could not be recovered will receive a $100 gift card in addition to one month data service credit. T-Mobile also temporarily halted sales of the Sidekick.

Microsoft later announced that all data will be restored, beginning with personal contacts. According to the company, the utage was caused by a system failure that created data loss in the core database and the back up. Microsoft says it has installed a "more resilient back-up process" to safeguard against a repeat incident.

See, "Phone sales hit by Sidekick loss," BBC News, October 12, 2009, at http://news.bbc.co.uk/2/hi/technology/8303952.stm; "T-Mobile to Update Sidekick Users on Data Loss," San Francisco Chronicle, October 12, 2009, at http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2009/10/12/urnidgns852573C4006938800025764D004CF9BC.DTL; "T-Mobile, Microsoft Promise $100 Gift Card For Lost Data," Information Week, October 13, 2009, at http://www.informationweek.com/news/personal_tech/smartphones/showArticle.jhtml?articleID=220600430; "Microsoft recovers Sidekick data ," BBC News, October 15, 2009, at http://news.bbc.co.uk/2/hi/technology/8309218.stm; "Danger Debacle Highlights Microsoft's Dilemma With Mobile ," Wall St. Journal, October 15, 2009, at http://online.wsj.com/article/BT-CO-20091015-713811.html.

Model Outs Blogger

2009-08-26T06:27:00.000-07:00

In an online defamation case, a Manhattan supreme court judge allowed Vogue cover girl Liskula Cohen to compel Google to identify an anonymous blogger who called her a “psychotic, lying, whoring ... skank." The judge rejected the blogger’s claim that the blogs “serve as a modern-day forum for conveying personal opinions, including invective and ranting,” and should not be treated as factual assertions.

Rosemary Port, who was then outed, sued Google -- which operates the blog, "Skanks in NYC" -- for failing to protect her right to privacy.

“Vogue model Liskula Cohen wins right to unmask offensive blogger,” Times, August 19, 2009, at http://www.timesonline.co.uk/tol/news/world/us_and_americas/article6801213.ece;
“Google lawsuit dispels the Web’s oldest tradition: anonymity,” Christian Science Monitor, August 20, 2009, at http://features.csmonitor.com/innovation/2009/08/20/google-lawsuit-dispels-the-webs-oldest-tradition-anonymity/; “Unmasked Google blogger to sue over privacy breach,” Times, August 24, 2009, at http://timesonline.typepad.com/law/2009/08/unmasked-google-blogger-to-sue-over-privacy-breach.html; “Model Liksula Cohen still not getting apology from blogger Rosemary Port,” New York Daily News, August 26, 2009, at http://www.nydailynews.com/gossip/2009/08/26/2009-08-26_model_liksula_cohen_still_not_getting_apology_from_blogger_rosemary_port.html;
“Stung by the Perfect Sting, New York Times, August 25, 2009, at http://www.nytimes.com/2009/08/26/opinion/26dowd.html?ref=opinion.

Charges brought in largest hacking and identity theft case

2009-08-17T14:12:00.000-07:00

Three men were indicted on federal charges in the largest computer hacking and identity theft case ever charged in the U.S. The defendants allegedly hacked into computer networks of major U.S. retail and financial organizations -- using a standard (and preventable) SQL injection attack that exploits a database when user input is not properly filtered -- and stole data related to more than 130 million credit and debit cards.

Albert Gonzalez, of Miami, along with two unnamed Russians, stands accused of hacking into Heartland Payment Systems, 7-Eleven, and Hannaford Bros. The stolen data was sent to computer servers that Gonzalez and his co-conspirators operated in California, Illinois, Latvia, the Netherlands, and Ukraine.

The hackers were also allegedly involved in the cracking of a Citibank-branded ATM network lcoated in 7-Eleven stores. The group penetrated a network linking 2,200 ATMs (by breaching a back-end system that had been outsourced by 7-Eleven) and stole card and PIN codes, using them to steal about $2 million in cash from Citibank ATMs. They also compromised prepaid iWire cards and withdrew about $5 million, which was sent to Russia.

Gonzalez is currently awaiting trial on charges that he and others allegedly also stole more than 40 million credit-card numbers from TJX and others, costing TJX $200 million.

According to the Justice Department, Gonzalez had been arrested in 2003, but not charged because he agreed to become an informant for the Secret Service.

See, "Three Indicted in Major Hacking Case," Wall St. Journal, August 17, 2009, at http://online.wsj.com/article/SB125053669921337753.html; "U.S. Indicts 3 in Theft of 130 Million Bank Cards," New York Times, August 17, 2009, at http://www.nytimes.com/2009/08/18/technology/18card.html; "Arrest in Epic Cyber Swindle," Wall St. Journal, August 18, 2009, at http://online.wsj.com/article/SB125053669921337753.html; "Hacker Indictments Highlight Application Security," InformationWeek, August 18, 2009, at http://www.informationweek.com/blog/main/archives/2009/08/hacker_indictme.html;jsessionid=2IV31GYNRMD3RQE1GHOSKHWATMY32JVN; "Cyber-thieves linked to Citibank ATM breach," Financial Times, August 24, 2009, at http://www.ft.com/cms/s/0/0e964e10-9046-11de-bc59-00144feabdc0.html.

Most damaging hacker to be extradited to the US

2009-08-01T08:44:00.000-07:00

A UK court has approved the extradition to the US of Gary McKinnon, who admits hacking into 97 computers belonging to the US Defence Department, Navy, Army, Air Force and after September 11, 2001. McKinnon is claimed to be most prolific and damaging computer hacker in US military history. One message he allegedly left on a Pentagon computer stated, “U.S. foreign policy is akin to government-sponsored terrorism. I will continue to disrupt at the highest possible level.”

McKinnon and family say his actions were influenced by Asperger’s syndrome, a form of autism. McKinnon, admitting the charges, says that rather than harming the United States, his goal was to expose evidence that "secretive parts of the American government intelligence agencies did have access to crashed extra terrestrial technology which could… save us as a form of free, clean, pollution-free energy." But prosecutors seeking his extradition have said his actions were not benign and the diagnosis was made long after the computer hacking occurred and the case against him was under way.

See, "Hacker’s Extradition to U.S. More Likely," New York Times, July 31, 2009, at http://www.nytimes.com/2009/08/01/world/europe/01britain.html?ref=todayspaper; "Autistic Genius Hacked Military Computers in Search of Alien Eco Tech," CBS News, July 31, 2009, at http://www.cbsnews.com/blogs/2009/07/31/crimesider/entry5202308.shtml; "New legal blow for hacker fighting extradition to US," Independent, August 1, 2009, at http://www.independent.co.uk/news/uk/crime/new-legal-blow-for-hacker-fighting-extradition-to-us-1765884.html ;http://freegary.org.uk/.

Stolen Goldman Sachs code could be used to manipulate markets unfairly

2009-07-17T23:19:00.000-07:00

A former Goldman Sachs computer programmer, Sergey Aleynikov, was arrested and charged with stealing computer code related to the firm's high-speed stock and commodities trading platform. Federal prosecutors allege Aleynikov downloaded the code and then uploaded it to a computer server in Germany. Aleynikov claims he "only intended to collect 'open source' files on which he had worked, but later realized that he had obtained more files than he intended."

Aleynikov was part of a team responsible for developing and improving Goldman Sachs's trading platform. He was required to sign a confidentiality agreement when first employed there. He resigned from the firm to work for a new company that also planned to engage in high-volume automated trading.

Assistant U.S. Attorney Joseph Facciponti told a federal magistrate judge at a bail hearing that, Goldman Sachs "has raised the possibility that there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways.”

See, "Ex-Goldman Employee Charged With Code Theft ," Wall St. Journal, July 6, 2009, at http://online.wsj.com/article/BT-CO-20090706-713684.html; "Goldman Sachs Loses Grip on Its Doomsday Machine," Bloomberg, July 9, 2009, at http://www.bloomberg.com/apps/news?pid=20601039&sid=aFeyqdzYcizc; "Steal this code," New York Times, July 16, 2009, at http://www.nytimes.com/2009/07/17/opinion/17osinski.html?em.

Quadrillion dollar glitches hit Visa debit card users

2009-07-17T23:00:00.000-07:00

A New Hampshire man using his Visa debit card at a gas station to buy a pack of cigarettes found that his account was charged $23,148,855,308,184,500 for the transaction. Bank of America also added a $15 overdraft charge.

A North Texas man was charged the same when he charged a slice of pizza and a Coke to his Visa card.

Visa Debit Processing Services acknowledged that a programming error impacted about 13,000 transactions.

See, "US shopper charged $23 quadrillion for cigarettes," Guardian, July 16, 2009, at http://www.guardian.co.uk/world/2009/jul/16/man-buys-cigarettes-23-quadrillion; "The $23 Quadrillion Pack Of Cigarettes," DigitalTrends, July 16, 2009, at http://news.digitaltrends.com/news-article/20426/the-23-quadrillion-pack-of-cigarettes; "Pizza And Soda? That'll Be $23 Quadrillion, Please," NPR, July 15, 2009, http://www.npr.org/templates/story/story.php?storyId=106658657.

Hacker rips through Twitter and its business plans

2009-07-16T19:58:00.000-07:00

A hacker broke into the email account of a Twitter administrative employee and gained access to the employee’s Google Apps account, where the company shares spreadsheets and documents. The hacker then sent documents about company plans and finances, confidential contracts, and job applicants to two tech news blogs. The disclosed information included personal information about Twitter employees, including credit card numbers. The hacker also broke into the e-mail account of the wife of Twitter’s chief executive and from then accessed several of his personal Internet accounts, including those at Amazon and PayPal.

One of the blogs disclosed that the documents show that Twitter projects that it will reach a billion users and $1.54 billion in revenue by 2013. The documents also show information about potential business models, the competitive threat from Facebook, and when the company might be acquired.

The hacker managed to launch the attacks by correctly answering personal questions that Gmail asks users in order to reset their password. The hacker claims to want to teach people to be more careful.

While Twitter users were not affected, some became victims of a separate attack to have them pay $49.95 for a fake anti-virus software.

See, "Twitter Hack Raises Flags on Security," New York Times, July 15, 2009, at http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html; "Twitter hacked; confidential documents stolen," San Jose Mercury News, July 15, 2009, at http://www.mercurynews.com/topstories/ci_12844562.

Hackers knock off line South Korean banks and government sites

2009-07-08T05:57:00.000-07:00

Hackers using a Distributed Denial of Service attack disabled the Web sites in South Korea of several major government agencies and financial institutions, including the office of South Korea’s president, the National Assembly, the defence and foreign ministries, two banks, and the US-South Korea combined forces military command. North Korea is suspected of launching the cyberattack.

See, "North Korea 'launches massive cyber attack on Seoul'," July 8, 2009, Times, at http://www.timesonline.co.uk/tol/news/world/asia/article6667440.ece; "South Korea: Authorities Issue Cybersecurity Warning," New York Times, July 8, 2009, at http://www.nytimes.com/2009/07/08/world/asia/08briefs-skorea.html?_r=1&ref=todayspaper

Britain's chief spy exposed on Facebook

2009-07-05T22:23:00.000-07:00

The wife of the Sir John Sawer, new head of MI6 (the British Secret Intelligence Service), posted on Facebook details of their London apartment, the whereabouts of their three children and of Sir John’s parents, and family photos. She used no privacy protection on the account, making the postings available to Facebook’s 200 million users.

The incident led to warnings to diplomats and civil servants about the dangers of putting details of their family and career on social networking websites.

See, "Farce of the Facebook spy: MI6 chief faces probe after wife exposes their life on Net," Daily Mail, July 6, 2009, at http://www.dailymail.co.uk/news/article-1197757/New-MI6-chief-faces-probe-wife-exposes-life-Net.html; "Wife of Sir John Sawer, the future head of MI6, in Facebook security alert," July 6, 2009, Times, at http://technology.timesonline.co.uk/tol/news/tech_and_web/article6644199.ece.

Phone hacks financed terrorism

2009-06-13T13:03:00.000-07:00

Authorities in the US and Italy arrested a group of hackers and others who allegedly stole phone service (about 12 million minutes, valued at $55 million), resold it via call centers and phone cards, and used the profit to fund terrorist activities.

Three suspects living in the Philipines allegedly provided Pakistani nationals living in Italy with access to stolen phone lines. According to Philippines authorities, one of the suspects has ties to al Qaeda.

The hackers received about $100 a hack, in payments made by the Madina Trading Co., which provided wire transfers via U.S.-based money-transfer services. The company, owned by one of the call center operators, also paid for the Internet-based phone accounts used by the 11-26 Mumbai attackers to make calls to their handlers.

See, "Alleged Hacking-Terror Effort Thwarted," Wall St. Journal, June 13, 2009, at http://online.wsj.com/article/SB124485009253011435.html.

US accidentally posts nuclear secrets

2009-06-03T02:30:00.000-07:00

The US federal government mistakenly posted on the Internet a 266-page report -- with pages marked “highly confidential” -- setting out details on hundreds of the nation’s civilian nuclear sites and programs, including maps showing the precise locations of stockpiles of fuel for nuclear weapons.

After inquiries from The New York Times, the document was withdrawn from the Government Printing Office Web site.

See, "U.S. Releases Secret List of Nuclear Sites Accidentally," New York Times, June 2, 2009, at http://www.nytimes.com/2009/06/03/us/03nuke.html?_r=1&ref=todayspaper.

$10 million ransom demand for Virginia patient data

2009-05-11T03:16:00.000-07:00

A hacker claims to have broken into a Virginia state website -- the Virginia Prescription Monitoring Program (PMP) used by pharmacists to track prescription drug abuse -- deleted records of more than 8 million patients, and has offered to replace the data for $10 million. The hacker posted a ransom note on the PMP website:

"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

The Virginia Department of Health Professionals, which operates the site, admits that it has yet to receive computer security upgrades ordered five years ago, in 2004 by then-Governor Mark Warner. The agency said that because of its small size, it was among the last on the list to receive the security upgrades.

"Official: Hacked agency missing security upgrade," Washington Examiner, May 10, 2009, at http://www.washingtonexaminer.com/local/crime/Official-Hacked-agency-missing-security-upgrade-44673922.html; "Hackers Break Into Virginia Health Professions Database, Demand Ransom," Washington Post, May 4, 2009, at http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html; "Hacker demands $10M ransom from Virginia," UPI, May 8, 2009, at http://www.upi.com/Top_News/2009/05/08/Hacker-demands-10M-ransom-from-Virginia/UPI-35631241758949/

Court rules on knowing standard in identity theft cases

2009-05-05T05:53:00.000-07:00

The U.S. Supreme Court ruled that persons who use fake identification numbers to commit other crimes must know they belong to a real person to be subject to a two-year sentence extension for “aggravated identity theft.” The ruling came in a federal identity theft case concerning illegal immigrants who used false social security numbers to obtain employment.

See, "Justices Limit Use of Identity Theft Law in Immigration Cases," New York Times, May 4, 2009, at http://www.nytimes.com/2009/05/05/us/05immig.html?_r=1&ref=todayspaper; "Supreme Court limits identity theft law," Los Angeles Times, May 5, 2009, at http://www.latimes.com/news/nationworld/nation/la-na-court-identity5-2009may05,0,7732350.story.

Drug war agent loses secrets on the bus

2009-04-28T00:20:00.000-07:00

The British Serious Organized Crime Agency (heralded as Britain's FBI) confirmed that, in 2006, one of its agents lost a computer memory stick containing a list of undercover agents, informants, and details of more than five years of intelligence work. The memory stick was lost when the agent, who traveled to Colombia to work with British intelligence agencies on anti-drug trade operations, left her handbag on a transit bus at the Bogata airport. Fearing the information could fall into the worng hands, intelligence agencies halted operations and relocated dozens of agents and informants. The cost of the aborted operations was £100m.

See, "Bumbling agent lost ‘crown jewels’ of drugs war," Sunday Times, April 26, 2009, at http://www.timesonline.co.uk/tol/news/politics/article6169946.ece; "MI6 agent leaves secret details of the war against drugs on bus," Mirror, April 27, 2009, at http://www.mirror.co.uk/news/top-stories/2009/04/27/mi6-agent-leaves-secret-details-of-the-war-against-drugs-on-bus-115875-21311667/

Hackers strike Pentagon's $300 billion F-35 fighter project

2009-04-22T02:51:00.000-07:00

Computer intruders hacked into the Pentagon's $300 billion F-35 Lightning II (Joint Strike Fighter) project. In attacks apparently originating from China, the hackers downloaded huge amounts of data -- but not the most sensitive material, which is stored offline.

See, Wall St. Journal, April 21, 2009, at http://online.wsj.com/article/SB124027491029837401.html; see also, "Fighter Jet Hack Far From First Government Breach," PC World, April 21, 2009, at http://www.pcworld.com/article/163533/fighter_jet_hack_far_from_first_government_breach.html

YouTube prank video damages Domino's reputation

2009-04-16T07:38:00.000-07:00

Two employees of a Domino's Pizza fanchise created a video at work purporting to show the prepartation of unsanitary food for customer delivery. Released onto the Internet, the video was seen by more than a million YouTube viewers. Customers were disgusted and the prank resulted in a public relations crisis for Domino's. The employees were fired and also arrested on felony charges for distribution of prohibited food.

See, "Video Prank at Domino’s Taints Brand," New YorkTimes, April 16, 2009, at http://www.nytimes.com/2009/04/16/business/media/16dominos.html?ref=todayspaper.

Britain's top counterterrorism cop resigns after security blunder

2009-04-10T07:44:00.000-07:00

Britain's top counterterrorism police officer resigned after being photographed on his way to a government briefing carrying a "secret" document showing details of a major anti-terrorist operation, titled “Briefing Note: Operation PATHWAY.” Although the U.K. government banned the publication of the photo on grounds of national security, it found its way onto the Internet and the operation, designed to prevent an al-Qaida plot to bomb Britain, was moved up many hours earlier than planned.

See, "Britain’s Antiterror Officer Resigns," New York Times, April 10, 2009, at http://www.nytimes.com/2009/04/10/world/europe/10britain.html?ref=todayspaper; "Police chief Bob Quick steps down over terror blunder," Guardian, April 9, 2009, at http://www.guardian.co.uk/uk/2009/apr/09/bob-quick-terror-raids-leak.

U.S. Electricity Grid Hacked by Spies

2009-04-08T16:05:00.000-07:00

U.S. intelligence agencies have detected cyber intruders from Russia and China who have penetrated the U.S. electricity grid. The intruders appear to be on a mission to map the grid and its controls. They left behind software tools that could be used to disrupt service or destroy infrastructure components.

See, "Spies compromised US electric grid," Associated Press, April 8, 2009, at http://www.google.com/hostednews/ap/article/ALeqM5gTamvV9J8BmeVmQift2odb--mBigD97EHMJO0; "Electricity Grid in U.S. Penetrated By Spies," Wall St. Journal, April 8, 2009, at http://online.wsj.com/article/SB123914805204099085.html#mod=todays_us_page_one.

Google orphan works settlement under fire

2009-04-04T05:23:00.000-07:00

Critics are signalling that they will challenge the proposed settlement of a lawsuit against Google that they say will grant the company too much power over out-of-print books.

In 2005, publishers and authors sued Google because parts of copyrighted works were showing up in Google search results. The settlement allows Google, which has scanned more than 7 million books, to show U.S. readers up to 20 percent of most books, and to sell access to the entire collection to universities and other institutions. Public libraries will get free access to the full texts; individuals will be able to buy online access. Proceeds will be shared by Google, publishers, and authors.

Settlement proponents say the agreement greatly benefits the public by providing access to hard-to-find works. Opponents complain that the agreement hands Google a virtual monopoly over "orphan works," i.e., out-of-print works whose authors or other rights holders cannot be identified or located.

See, "Google’s Plan for Out-of-Print Books Is Challenged," New York Times, April 3, 2009, at http://www.nytimes.com/2009/04/04/technology/internet/04books.html?ref=todayspaper; "Google's Book Settlement Is a Ripoff for Authors," Wall St. Journal, March 28, 2009, at http://online.wsj.com/article/SB123819841868261921.html.

Vast Chinese computer espionage network uncovered

2009-03-28T20:23:00.000-07:00

Canadian researchers have detected a massive computer espionage network controlled from China that focuses on countries in south and south-east Asia, as well as the Dalai Lama's offices.

The researchers, who dub the network "Ghostnet," tracked it into almost 1300 computers in 130 countries. They uncovered the network after being asked by officials with the Dalai Lama to examine their network.

The researchers discovered that not only can Ghostnet allow files, including email, to be inspected and stolen, but that it can turn on computer cameras and microphones in order to monitor the room in which the computer sits.

See, "Vast Spy System Loots Computers in 103 Countries," New York Times, March 28, 2009, at March 28, 2009, at http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1&ref=todayspaper; "Massive Chinese computer espionage network uncovered," The Observer, March 29, 2009, at http://www.guardian.co.uk/world/2009/mar/29/china-computing.

Disgruntled contractor indicted for Fannie Mae software bomb

2009-01-31T15:56:00.000-08:00

An Indian contract computer engineer who worked for Fannie Mae has been indicted by a federal grand jury for installing a software bomb designed to destroy all the data in Fannie Mae's computer system. The contractor, Rajendrasinh Babubhai Makwana, had been fired by Fannie Mae.

According to the indictment, on the day the contractor was fired, the malicious code was placed at the end of a routine computer program scheduled to run each morning. Set to execute on Jan. 31, 2009, the code was programmed to attack all 4,000 of the company's servers and would have wiped out all the data on them. It was discovered by chance five days later.

See, "U.S. Probes Plot to Destroy Fannie Mae Data," Wall St. Journal, January 31, 2009, at http://online.wsj.com/article/SB123333187833633709.html?mod=todays_us_page_one.

Hackers knock Kyrgyzstan offline

2009-01-31T15:47:00.000-08:00

Russian hackers knocked Kyrgyzstan offline with a massive, sustained denial of service attack focused on the country's two main Internet service providers.

See, "Kyrgyzstan Knocked Offline," Wall St. Journal, January 28, 2009, at http://online.wsj.com/article/SB123310906904622741.html; "Kyrgyzstan goes offline following Russian hacker attack," The Industry Standard, January 29, 2009, at http://www.thestandard.com/news/2009/01/29/briefly-russian-hackers-kick-kyragystan-internet.

Largest UK data theft at Monster.com

2009-01-28T01:17:00.000-08:00

Hackers stole personal data belonging to the 4.5 million job seekers registered with Monster.com.uk, an online recruitment website. The stolen data includes passwords, telephone numbers, e-mail addresses, birth dates, sex and ethnicity data, and other demographic information. The incident is reportedly the largest data theft in Britain. It is also the second time in six months that Monster's customer database has been hacked.

See, "Hackers steal details of 4.5 million in attack on Monster jobs site," TimesOnline, January 27, 2009, at http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article5594222.ece; "Hackers hit Monster.com's customer data again," USA Today, January 27, 2009, at http://www.usatoday.com/money/industries/technology/2009-01-27-monster-data-hackers_N.htm.

"Kyrgyzstan Knocked Offline

600 million credit card data security breach

2009-01-20T22:08:00.000-08:00

Heartland Payment Systems, a payment transaction processor for more than 250,000 U.S. businesses, announced what may be the largest data security breach to date. Criminals reportedly installed sniffer software on the computer network and gained access to customer records associated with the 100 million card transactions that the company handles each month. The malicious software captured the credit card data at the point that it was unencrypted to enable Heartland to seek authorization from the major payment companies and banks. The compromised data includes credit card magnetic strip data, which can be used to duplicate (clone) credit cards.

Personal data of up to 600 million cardholders were potentially exposed, but Heartland, which is working with the secret service, cannot yet say how many records were accessed. Credit card companies contacted Heartland about a pattern of fraudulent transactions on accounts the processor handled sometime last fall, but an initial internal investigation and audit failed to detect a security breach. A forensic investigator discovered the breach last week.

According to Forrester Research, data breaches of this type can cost $300 to $600 per account in fraudulent purchases, fees, and legal costs.

See, "Card Data Breached, Firm Says," Wall St. Journal, January 20, 2009, at http://online.wsj.com/article/SB123249174099899837.html?mod=testMod; "Credit Card Processor Says Some Data Was Stolen," New York Times, January 20, 2009, at http://www.nytimes.com/2009/01/21/technology/21breach.html?_r=1.

Leap year freezes digital music player

2009-01-02T08:25:00.000-08:00

Microsoft's Zune digital music player froze on December 31, 2008. The problem was identified in the device's internal clock driver and how it handles a leap year, such as 2008. The problem affected only the 30-gigabyte model, of which 1.2 million have been sold.

See, "Leap Year Trips Zune In Black Eye For Microsoft," Wall St. Journal, January 1, 2009, at http://online.wsj.com/article/SB123074469238845927.html?mod=todays_us_marketplace.

VOIP handicaps response to terrorist attack

2008-12-10T08:10:00.000-08:00

Indian police officials said that the terrorists who struck Mumbai in November were directed by people using Voice over Internet Protocol (VoIP) phone service, which complicated efforts to trace and intercept the calls. A month earlier, a draft United States Army report highlighted the interest of Islamic militants, such as the Taliban, in using VoIP.

To locate a VoIP caller, investigators need access to service provider databases that track the unique numerical identifier (I.P. address) of the device the subscriber uses to connect to the Internet. Additional work is then needed to locate the device, which can take days longer than a phone .

See, "Mumbai Terrorists Relied on New Technology for Attacks," New York Times, December 9, 2008, at http://www.nytimes.com/2008/12/09/world/asia/09mumbai.html?_r=1&scp=2&sq=mumbai&st=cse.

Fake call puts nuclear Pakistan on highest alert

2008-12-07T09:51:00.000-08:00

A hoax phone call to the President of Pakistan led the nuclear-armed nation to put its air force on highest alert. On late Friday evening, November 28, on the heels of the Mumbai terrorist attacks, senior members of President Asif Ali Zardari's staff bypassed standard call verification procedures and transferred to Mr. Zardari a caller claiming to be Indian External Affairs Minister Pranab Mukherjee. The caller directly threatened to take military action if Pakistan failed to immediately act against the perpetrators of the Mumbai attacks.

Following the call, signals were sent out about how the situation could rapidly spiral out of control. A top Pakistan security officials advised the media that it might shift tens of thousands of troops from its western border with Afghanistan to its eastern frontier with India.

See, "A hoax call that could have triggered war," Dawn, December 6, 2008, at .http://www.dawn.com/2008/12/06/top2.htm

Guilty verdicts in MySpace girl's suicide

2008-11-29T09:37:00.001-08:00

A Missouri mother engaged in an online fraud that drove a 13-year old girl to suicide was convicted in Los Angeles on federal misdemeanor charges under the Computer Fraud and Abuse Act. Lori Drew was accused of violating the terms of service of a social networking site, MySpace, by creating a fictitious profile of a teen boy and creating postings, which she used to harass Megan Meier. The purpose of the fraud was to humiliate Megan for allegedly spreading gossip about Lori's daughter, Sarah.

Megan, who had a history of depression and suicidal impulses, received an e-mail message from Ms. Drew that said, “The world would be a better place without you.” Megan wrote back, “You’re the kind of boy a girl would kill herself over.” She then hanged herself with a belt in her bedroom closet.

Thomas P. O’Brien, the United States attorney in Los Angeles, prosecuted the case after law enforcement officials in Missouri determined Ms. Drew had broken no local laws. He based jurisdiction of the case on the fact that the MySpace computer servers are housed in Los Angeles.

See, "Woman Convicted of Minor Offenses in MySpace Hoax," Wall St. Journal, November 26, 2008, at http://online.wsj.com/article/SB122772794350760493.html; "Verdict in MySpace Suicide Case," New York Times, November 26, 2008, at http://www.nytimes.com/2008/11/27/us/27myspace.html; http://en.wikipedia.org/wiki/Megan_Meier; "Jurors Wanted to Convict Lori Drew of Felonies but Were Stymied by Prosecutors," Wired Blog Network, December 1, 2008, at http://blog.wired.com/27bstroke6/2008/12/jurors-wanted-t.html.

Verizon employees view Obama cell phone account

2008-11-21T07:13:00.000-08:00

Verizon (VZ) acknowledged that “a number of Verizon Wireless employees have, without authorization, accessed and viewed President-Elect Barack Obama’s personal cell phone account.”

View the full VZ chart at Wikinvest

See, "Verizon Apologizes To Obama: Sorry We Snooped On Your Account," D | All things Digital, NOvember 21, 2008, at http://mediamemo.allthingsd.com/20081121/verizon-apologizes-to-obama-sorry-we-snooped-on-your-account-this-fall/

NYPD fights Justice for terrorist surveillance warrants

2008-11-20T07:06:00.000-08:00

The New York Police Department is struggling with the U.S. Justice Department over the process to obtain a warrant from the special Foreign Intelligence Surveillance Court before it can begin electronic monitoring of people suspected of spying or terrorism. New York's police argue that Justice Department lawyers impose a needlessly high standard to be certain that every surveillance application submitted to the court would be approved. As a local police force, New York's Police Department cannot apply directly for surveillance warrants, but must seek them through the F.B.I. and the Justice Department.

See, "New York Police Fight With U.S. on Surveillance," November 20, 2008, at http://www.nytimes.com/2008/11/20/washington/20terror.html?pagewanted=1&ref=todayspaper.

White House computers attacked by Chinese hackers

2008-11-09T22:30:00.000-08:00

White House computer servers have repeatedly been compromised by Chinese hackers, who obtained non-classified email between government officials. The attackers entered the system for brief periods before US experts could patch it The Chinese government is the suspected sponsor of the attacks.

See, "Cyber-Attacks Reported At White House, Campaigns," Washington Post, Novemer 7, 2008, at http://voices.washingtonpost.com/washingtonpostinvestigations/2008/11/two_high-profile_incidents_of.html?nav=rss_blog; "Chinese hackers penetrate White House network," Financial Times, November 7, 2008, at http://www.ft.com/cms/s/0/f16027f0-ac6e-11dd-bf71-000077b07658.html.

US Presidential campaigns hacked in foreign intelligence operation

2008-11-09T22:22:00.000-08:00

The computer systems of both the Obama and McCain campaigns were attacked and large amounts of information were downloaded by hackers in what appears to have been a Russian or Chinese intelligence gathering operation.

See, "Obama computers 'hacked during election campaign'," Time Online, November 7, 2008, at http://www.timesonline.co.uk/tol/news/world/us_and_americas/us_elections/article5105027.ece.

Faulty computer models cost AIG tens of billions of dollars

2008-11-03T22:33:00.000-08:00

Computer models relied on by insurance giant AIG to evaluate more than $400 billion of credit-default swaps did not measure the risk of future collateral calls or write-downs. The deficiency, of which AIG was aware, reportedly cost it tens of billions of dollars and pushed the federal government to rescue the company in September 2008.

See, "Behind AIG's Fall, Risk Models Failed to Pass Real-World Test," Wall St. Journal, October 31, 2008, at http://online.wsj.com/article/SB122538449722784635.html.

Government contractor loses confidential data on 12M users

2008-11-03T22:20:00.000-08:00

The British government is investigating how a memory stick holding the user names and passwords for a government computer system was lost and later found in a pub parking lot. The memory stick belonged to a government contractor, which stated that an employee had breached procedure by removing the memory stick from the company's premises.

The incident resulted in the temporary shut down of the Gateway website, used by the public to access services such as tax returns, pension and child benefits. It has 12 million regsitered users.

See, "Inquiry into loss of confidential data on 12 million website users," The International Independent, November 3, 2008.

LPL Financial fined following account hacking

2008-10-24T07:33:00.000-07:00

The SEC issued a cease and desist order and imposed a fine of $275,000 against LPL Financial due to the firm’s failure to implement adequate controls to protect access to customer accounts. Between mid-July 2007 and February 2008, LPL was subject to hacking incidents in which customer accounts were accessed and the perpetrator placed or attempted to place 209 unauthorized trades in 68 customer accounts, in the sum of over $700,000. At that time, the SEC found that LPL had failed to implement increased security measures and adopt policies and procedures reasonably designed to safeguard customer information as required by SEC regulation.

The SEC noted that, among other things,
--LPL did not develop or maintain a complete set of policies and procedures addressing administrative, technical, and physical safeguards reasonably designed to protect customer records and information at its branch offices.
--LPL failed to reasonably evaluate security controls despite its knowledge of a prior data breach incident.
--A prior audit revealed deficiencies concerning users’ password complexity and session inactivity parameters.

The SEC Order In the Matter of LPL Financial Corp. is posted at http://www.sec.gov/litigation/admin/2008/34-58515.pdf

Citic Pacific faces billions in losses on unauthorized forex bets

2008-10-20T19:51:00.000-07:00

Citic Pacific, a Chinese government conglomerate, is facing billions of dollars in losses after traders made what the company said were unauthorised bets against US currency. At current mark-to-market prices, Citic Pacific faces a loss of US$1.88bn. The company said that “there was no reason to believe fraud or other illegal activities were involved.” Following the news, Citic Pacfic shares lost 38%.

See, "Citic Pacific faces $2bn in forex losses," Financial Times, October 20, 2008, at http://www.ft.com/cms/s/0/b65d9e52-9eaa-11dd-98bd-000077b07658.html; "CITIC Pacific shares dive 38 percent on forex losses," Reuters, October 20, 2008, at http://www.reuters.com/article/ousiv/idUSTRE49K0AU20081021.

Quantum encryption demonstrated

2008-10-18T05:12:00.000-07:00

Researchers demonstrated a quantum encryption system at a conference in Vienna. The system uses photons to encode data and relies on the Heisenberg Uncertainty Principle, which says that quantum information cannot be measured without disturbing it. As soon as the photons are observed by an eavesdropper they are scrambled, leaving the encryption unbroken and creating a trace of the eavesdropper.

See, "Researchers show off 'unbreakable' quantum encryption," ITPro, October 9, 2008, at http://www.itpro.co.uk/606984/researchers-show-off-unbreakable-quantum-encryption; "The solace of quantum key technology," The Guardian, October 9, 2008, at http://www.guardian.co.uk/technology/2008/oct/09/news.hitechcrime.

SMS attack on India's ICICI Bank

2008-10-18T04:53:00.000-07:00

India's ICICI Bank has requested a police investigation into brokers and others who allegedly used SMS, email, and the Internet to launch a run on its branches and an attack on its shares, which fell as much as 28 per cent. One of the SMS messages reportedly said, "Kindly withdraw all your deposits and cash in account with ICICI Bank as ICICI Bank has already rushed to RBI for insolvency."

See, "ICICI demands police probe into share attack," Financial Times, October 14, 2008, at http://www.ft.com/cms/s/0/d528df7a-9989-11dd-9d48-000077b07658.html; "ICICI moves cops against 'malicious' brokers," Business Standard, October 18, 2008, at http://www.business-standard.com/india/storypage.php?autono=337152.

Palin e-mail account hack

2008-10-09T08:32:00.000-07:00

David Kernell, the son of a prominent Democratic Tennessee state lawmaker, was indicted for hacking into the Yahoo! Web mail account of Sarah Palin, Republican Vice-Presidential candidate and Alaska Governor. Kernell broke into the account by guessing the answers to her pre-selected "Secret Questions," which must be answered before Yahoo! will allow users to reset their account passwords.

The hack was apparently facilitated by the fact that Yahoo! does not allow new registrants to make up their own question for resetting their passwords. Kerrin apparently found information on Wikipedia and used Google to discover the answers to her pre-selected secret questions and change her account password.

See, "Son of Tenn. Lawmaker Indicted in Palin E-Mail Hack," Washington Post, October 8, 2008, at http://voices.washingtonpost.com/securityfix/2008/10/son_of_tenn_lawmaker_indicted.html?hpid=news-col-blogs.

Computer faults causes jet to plummet

2008-10-09T00:05:00.000-07:00

The Australian Transport Safety Bureau said onboard computer equipment faults in a fly-by-wire Airbus jet, operated by Qantas, caused it to plummet, sending passengers, crew and objects flying through the air.

See, "Computer fault blamed in Qantas jet fall," Australian IT, October 9, 2008, at http://www.australianit.news.com.au/story/0,24897,24469386-15317,00.html.

Surveillance system found in Chinese version of Skype

2008-10-03T07:02:00.000-07:00

Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype (an online phone and text messaging service), has routinely been storing messages with politically sensitive keywords, along with with personal user records.

A research group at the University of Toronto, Citizen Lab, discovered an encrypted list of words inside the Tom-Skype software, which, in turn, monitors messages containing those words. Encrypted copies of messages containing the words are sent to servers that also store personal information about the customers who sent the messages. They also record chat conversations between Tom-Skype users and Skype users outside China.

The researchers were able to download and analyze copies of the surveillance data because the Chinese computers were misconfigured. The computer directories were readable with a simple Web browser and researchers also found a file containing the key needed to decode the encrypted files. The researchers said they did not know who was operating the surveillance system.

See, "Surveillance of Skype Messages Found in China ," New York Times, October 1, 2008, at http://www.nytimes.com/2008/10/02/technology/internet/02skype.html?em.

Text-messaging moments before train crash

2008-10-03T06:43:00.000-07:00

A commuter train engineer apparently was exchanging text messages on his mobile phone moments before his train ran a red light and slammed into a freight train, resulting in 25 deaths. Following the crash, state railroad regulators temporarily banned the use of all cellular devices by anyone at the controls of a moving train. Federal railroad regulators also issued an emergency order banning most cellphone use by locomotive engineers.

See, "California Bans Texting by Operators of Trains," New York Times, September 18, 2008, at http://www.nytimes.com/2008/09/19/us/19crash.html?fta=y; "Railroad Agency Bans Cellphones," New York Times, October 2, 2008, at http://www.nytimes.com/2008/10/03/us/03brfs-RAILROADAGEN_BRF.html?ref=us.

Kentucky seeks to block Internet gaming, seize domain names

2008-09-27T08:22:00.000-07:00

Kentucky is working to force 141 Internet gaming sites to block access to Kentucky users, or to relinquish control of their domain names. The state alleges, among other things, that online gaming drains the state of money by undermining horse racing, a key state tourism industry. Following a hearing, a district judge ordered the domain names be transferred to the state. The sites will be able to object to the transfers.

See, "Kentucky attempts to seize gambling site domains," cnet, September 26, 2008, at http://news.cnet.com/8301-13578_3-10052137-38.html.

Virginia anti-spam law unconstitutional

2008-09-13T07:03:00.000-07:00

First Amendment guarantees reversed the conviction of Jeremy Janes, the first person in the U.S. convicted of a felony for sending unsolicited bulk e-mail. He was sending 10 million emails per day from his North Carolina home, via an AOL server in Virginia. The Virginia Supreme Court held that its state anti-spam law violates free speech because it does not just restrict commercial e-mail -- it prohibits the anonymous transmission of all unsolicited bulk e-mails, including those containing political, religious or other speech protected by the First Amendment to the U.S. Constitution.

See, "Virginia: Spam Law Struck Down on Grounds of Free Speech," New York Times, Sept. 12, 2008, at http://www.nytimes.com/2008/09/13/us/13brfs-SPAMLAWSTRUC_BRF.html?ref=todayspaper.

Confusion reigns as US government e-records disappear

2008-09-13T06:27:00.000-07:00

While US federal law requires retention of electronic records, including email, government employees don't appear to understand their obligations. Widespread violations of federal record-keeping requirements have been uncovered. Many employees do not seem to understand what a record is, "much less how it must be preserved,” says Melanie Sloan, executive director of Citizens for Responsibility and Ethics in Washington, a watchdog group.

See, "In Digital Age, Federal Files Blip Into Oblivion," New York Times, Sept. 12, 2008, at http://www.nytimes.com/2008/09/13/us/13records.html?pagewanted=1&ref=todayspaper.

Guilty of massive U.S. credit-card number theft

2008-09-12T08:03:00.000-07:00

A defendant pled guilty to the theft of more than 40 million credit-card numbers from U.S. retailers. Damon Patrick Toey was charged along 10 other men in 5 countries with wireless interception of retailers' data transmissions and use of "sniffer" programs to steal credit card numbers as they were being swiped at cash registers. The case is the largest identity fraud theft prosecuted in the U.S.

See, "Hacker Pleads Guilty In TJX Security Breach," Wall St. Journal, Sept. 12, 2008, at http://online.wsj.com/article/SB122122769957627957.html?mod=hps_us_whats_news.

Search engine sinks UAL stock

2008-09-10T07:10:00.000-07:00

Stock in the parent of United Airlines sank from nearly $12.50 a share to $3, before trading was halted, after Google's news service surfaced an apparently new story about a bankrutcy filing by the airline. Google's search engine picked up the story from a new link on the website of a South Florida newspaper. The underlying article, published by the Chicago Tribune in December 2002, did not carry a date.

According to the Wall St. Journal,

"The damage was exacerbated by the growing use on Wall Street of automated programs that trigger stock trades without any human interaction. The so-called algorithmic trading mechanisms, which buy and sell stocks based on news headlines and earnings data, were responsible for roughly a quarter of New York Stock Exchange trades in the last week of August.
Investors said simple human scrutiny would have indicated the UAL story was old, but computerized trading systems don't make such determinations."

See, "UAL Story Blame Is Placed on Computer," Sept. 10, 2008, at http://online.wsj.com/article/SB122100794359017593.html?mod=todays_us_marketplace.

London Stock Exchange trading system fails

2008-09-08T07:39:00.000-07:00

A “connectivity issue” halted trading on the London Stock Exchange for the longest period in over eight years, “amid a day of frenzied trading as dealers responded to [the previous] night's rescue by the US Government of Fannie Mae and Freddie Mac.”

See, "London halts trading after shares surge on US bailout," Times Online, Sept. 8, 2008, at http://business.timesonline.co.uk/tol/business/markets/article4703130.ece.

Space Station computer worms

2008-09-08T07:26:00.000-07:00

A computer virus has been found in laptops used by astronauts on board the International Space Station. Known as W32.Gammima.AG, the virus spreads through removable storage devices and monitors keystrokes and seeks online gaming passwords.

See, “Stowaway computer virus sent into orbit,” The Times Online, Aug. 28, 2008, at http://technology.timesonline.co.uk/tol/news/tech_and_web/article4625408.ece.

GPS: Search and Seizure

2008-08-31T09:33:00.000-07:00

Police are using Global Positioning System data as evidence in criminal prosecutions, for crimes such as murder, rape and arson. Critics, like University of Maryland law professon Renée Hutchins, argue that GPS data is protected under the Fourth Amendment.

See, "Police Using G.P.S. Units as Evidence in Crimes," New York Times, Aug. 30, 2008, at http://www.nytimes.com/2008/08/31/us/31gps.html?ref=todayspaper.

Computer failure delays US flights

2008-08-27T01:30:00.000-07:00

Failure of a communications link in an Atlanta computer system for filing flight plans delayed hundreds of flights across the US. The other flight-plan facility in Salt Lake City tried to take up the slack and handle the entire country, but the backup system overloaded. This led to manual processing.

The FAA said that it had never experienced a computer problem this severe.

See, "U.S. airports back to normal after computer glitch," Reuters, Aug, 26, 2008, at http://www.reuters.com/article/topNews/idUSWBT00961720080827

Outsourcing cv fraud threatens sensitive bank data

2008-08-26T20:17:00.000-07:00

A background screening company reports that resume cheating in India's outsourcing industry rose 80% in the first quarter of 2008, compared with the first quarter of 2007.

The issue is troubling because recruits in in the outsourcing industy often have access to highly sensitive information and processes for leading international financial institutions.

See, "Outsourcing groups battle India's CV cheats," Financial Times, Aug. 25, 2008, http://www.ft.com/cms/s/0/d4d361da-71fc-11dd-a44a-0000779fd18c.html.

Bank data on 1M customers found on computer sold on eBay

2008-08-26T20:05:00.000-07:00

An eBay buyer reported to UK authorities that a computer he bought online contained data on at least one million credit card customers of the Royal Bank of Scotland, its subsidiary NatWest, and American Express, including account numbers, passwords, cell phone numbers and signatures.

The computer was apparently sold online by an archiving firm that stores financial information for the three financial institutions.

See, "U.K. Man Buys Computer With Millions Of Credit Card Data For $142 On eBay," AHN, Aug. 26, 2008, at http://www.allheadlinenews.com/articles/7012078080; "Privacy probe into bank data sale," Financial Times, Aug. 27, 2008, at http://www.ft.com/cms/s/0/03a2fcea-73cf-11dd-8a66-0000779fd18c.html.

Terror group hijacks Wi-Fi connections

2008-08-26T00:48:00.000-07:00

Email from a terrorist group, Indian Mujahideen, has been traced to a college in Mumbai. The email hinted at new terror attacks and warned that suicide bombers would be deployed. As a result, city colleges are working to eliminate the threat posed by unsecured Internet and Wi-Fi connections

A similar email was sent prior to serial bomb blasts in the west Indian city of Ahemdabad on July 26, 2008, which killed 42 people. That email was sent via a hacked computer with an unsecure Wi-Fi connection in a private Mumbai residence, and appears to be the first time that a local IP address has been hacked by terrorists.

See, "Second terror e-mail traced to Mumbai college," Morung Express, Aug. 25, 2008; "Colleges wake up to wi-fi threat," Hindustan Times, Aug. 26, 2008, at http://www.hindustantimes.com/storypage/storypage.aspx?sectionName=&id=a8603558-e1d6-46fe-a7a8-c614fca6685b&&Headline=Colleges+wake+up+to+wi-fi+threat&strParent=strParentID; "American expats caught up in Indian bomb blast inquiry," Guardian, July 29, 2008, at http://www.guardian.co.uk/world/2008/jul/29/india.terrorism; and, "Anyone can be caught in the web of terror," Times of India, July 29, 2008, http://timesofindia.indiatimes.com/Mumbai/Anyone_can_be_caught_in_the_web_of_terror/articleshow/3299793.cms

Inmate data lost

2008-08-23T20:28:00.000-07:00

A consulting firm lost a computer memory stick containing details of all 84,000 prisoners in England and Wales. Details including names, addresses and birthdate of 33,000 people with six or more convictions, and people in drug rehabilitation programmes were also on the stick. The data was apparently being held by the government in secure form, but was downloaded onto a memory stick in violation of rules in the contract with the consulting firm.

The loss follows admissions by UK Revenue and Customs that it lost data on about 25 million people; by the Ministry of Defence that about 658 laptops have been stolen in the past four years; and, by the Transport Secretary that details of some three million learner drivers were lost by a firm in the US.

The consulting firm involved is one of the main companies involved in setting up a controversial ID cards scheme and its failure raised concerns about the safety of the national identity database.

See, "Tories call for data loss prosecutions," The Observer, Aug. 24, 2008; "UK criminals' details go missing," Aug. 22, 2008, OneNews, at http://tvnz.co.nz/view/page/536641/2028793.

China Internet control claimed as trade violation

2008-08-22T23:10:00.000-07:00

The California First Amendment Coalition (CFAC) filed a petition with the Office of the US Trade Representative protesting that US service providers are severely damaged by restrictions place on Internet usage by China. CFAC claims that the restrictions place US companies at a disadvantage (e.g., by forcing them to register at a local level, or submit content for government approval) and violate international trade agreements, including the protocol China singed when it joined the World Trade Organization. See, "Google and Yahoo tread carefully in China internet row," Financial Times, Aug. 22, 2008.

China blocks iTunes

2008-08-22T20:06:00.000-07:00

Internet users report that China apparently blocked access to the Apple’s iTunes Store due to the presence of the pro-Tibet “Songs for Tibet” benefit album, which includes 20 songs from artists like Sting, Dave Matthews and Moby. See, "Apple iTunes Store Is Blocked in China, Internet Users Say," New York Times, Aug. 22, 2008.

Students' right to publicize flaw

2008-08-22T02:25:00.000-07:00

A U.S. District Court in Boston ruled that students have the right to publicize a flaw that allows magnetic fare cards used by Boston's subways and buses to be counterfeited. The court ruled that the National Information Infrastructure Protection Act of 1996 likely does not prohibit revealing weaknesses in computer-security systems. See, "Judge Backs Students in Transit Hacking Case," Wall St. J., August 20, 2008, at http://online.wsj.com/article/SB121916523108953701.html?mod=todays_us_page_one.

Student data and test scores released

2008-08-22T02:23:00.000-07:00

Personal data and test scores of thousands of Florida students were accidentally published by The Princeton Review on its web site. See, "Student Files Are Exposed on Web Site," New York Times, Aug. 18, 2008, at http://www.nytimes.com/2008/08/19/technology/19review.html?ref=todayspaper