Tech Talk

When I received an e-mail recently with the subject, “Please change your twitter password,” supposedly from the popular social network, I was suspicious. After all, many scammers seeking to seize sensitive information make similar claims.

Nonetheless, I read the e-mail, which began:

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser: [with a link here]

This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.

Although everything looked legitimate, I remained skeptical about its authenticity.

So I decided rather than clicking any of the links, I would attempt to log into my Twitter accounts.  One of my accounts made me change my password immediately, which seemed to confirm the contents of the note.

Since then I have read Internet reports confirming the authenticity of the e-mail.

John Paczkowski of All Things Digital received the following statement from Twitter:

As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. In one case, a number of accounts posted updates indicative of giving their username and password to untrusted third parties. While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety. We’ll continue provide updates as warranted at @safety and @spam. We do, as always, encourage our users to read our help pages on what to do if your account is compromised: http://twitter.zendesk.com/forums/10713/entries/31796 and how to stay safe on Twitter: http://twitter.zendesk.com/forums/10711/entries/76036.

It is important to remember that if you ever receive an e-mail that does not seem right, or that you are suspicious of, not to click any links in the e-mail. I would recommend verifying the information from said e-mail by accessing the site directly rather than clicking a link.  If you have further issues, I would recommend attempting to contact the respective company or organization directly.

This is also a good time to remember the importance of having strong passwords unique to each respective account that contain special characters.

America must look to technology to protect its citizens and infrastructure from 21st century threats.

Dennis Blair, director of national intelligence, said that the United States is at risk of a cyberattack that could “wreak havoc,” FOX News reported Wednesday. It is substantially easier to launch a digital attack than defend against one, the intelligence czar reportedly told the House Intelligence Committee.

“What we don’t quite understand as seriously as we should is the extent of malicious cyberactivity that grows, that is growing now at unprecedented rates, extraordinary sophistication,” Blair said. “And the dynamic of cyberspace, when you look at the technological balance, right now it favors those who want to use the Internet for malicious purposes over those who want to use it for legal and lawful purposes.”

Al Qaeda could attempt to carry out an attack in America within the next six month, FOX News quoted senior intelligence officials as telling Congress on Tuesday.

Despite President Obama’s promises to make cybersecurity a priority, FOX News reports that his budget actually requests a decrease in funds for America’s cybersecurity division of Homeland Security.

Our government has for too long been reactive, rather than proactive. Just consider how the TSA operates. New policies and protocols are routinely instituted AFTER threats are made known, rather than before. The alleged Christmas Day bomber is the perfect example.

Tech Talk has reported extensively on potential cyber threats facing this country.  You can sample our cyberwarfare archives here.

As America becomes increasingly dependent on technology — to do everything from manage finances, sewage treatment plans, sustain missions in space and operate military operations, it is increasingly important to take the mounting cyberthreat seriously.  Or else, it will be too late.

A hacker claims that he has broken the encryption that protects the majority of cell phone calls on earth, the Wall Street Journal reports. 

Karsten Nohl, a German hacker, said he and his small team have broken the code for networks that utilize GSM technology, which includes AT&T and 80 percent of the world’s wireless networks.  He said his purpose, according to the Journal, is to make phone carriers more serious about securing the calls.

The newspaper quoted him as saying he does not fear a lawsuit because “Everything we do is within the framework of academic research.”

The Journal reported that he is expected to prove his claim Wednesday.

If Nohl’s claims are true and his team’s research is used maliciously, we could all suffer. 

Let’s hope that regardless of whether his claims pan out that our nation’s cellular providers increase security and encryption.

Please click here to read the full Wall Street Journal report.

Insurgents are using inexpensive software to breach one of America’s primary tools in the wars in Afghanistan and Iraq, senior defense and intelligence officials were quoted in a prominent American newspaper as saying.

The militants have been utilizing over-the-counter software, like SkyGrabber, sold for as little as $25.95 on the Internet to intercept and capture live video feeds coming from U.S. Predator drones, the Wall Street Journal reported late this week.  The feeds could allow America’s enemies to evade and monitor military operations.

The newspaper reports:

[T]he intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

The story is significant for two reasons:

• The first is that the Obama administration has come to rely largely on the drones in this two battlefronts.  Hacking into their operations could greatly reduce their effectiveness.  According to the Journal, drones account for 36 percent of the planes in the Air Force’s proposed 2010 budget.
• Insurgents have found yet another means to utilize cheap software to outmaneuver America’s trillion-dollar military budget.  And with more software being developed and becoming available to consumers around the world, the trend will likely grow. 

An Iranian ‘army’ has attacked one of the most prominent American Web sites late Thursday, according to an influential technology Web site.

The Iranian Cyber Army directed visitors away from Twitter and altered its Google summary, according to TechCrunch Friday morning.

Tweeters found the following message, according to TechCrunch:

Iranian Cyber Army

THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY

iRANiAN.CYBER.ARMY@GMAIL.COM

U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….

NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST
Take Care.

As a result of the cyber attack, Twitter was down for several hours, but appears to be running smoothly now.  However, as a precaution, TechCrunch suggests changing any passwords that are the same as the one tied to Twitter.

As you may recall, Twitter played a high-profile role in the social and political upheaval following the controversial Iranian elections earlier this year.  You could read more information on that in these file Tech Talk pieces here.

According to the Twitter blog:

“Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon.”

To read more, and see screengrabs, please read this TechCrunch report.

Internet users across the country have woken up this week to devastating news of new malware that could plant child pornography onto innocent people’s computers.

And the idea isn’t just hypothetical, it has apparently already happened and ruined one man’s life, and almost resulted in prison-time.

CBS News reported this week:

The AP story reportedabout the case of Michael Fiola, a former Massachusetts state employee whose state-owned work computer was found to contain illegal child pornography images. He was fired and charged with possession of child pornography which, had he been convicted, could have landed him in prison for up to five years, according to the AP.

However, the charges were ultimately dropped when his attorneys were able to prove the number of sites visited in the actual time frame would not be possible by a  human being.

CBS News explored this issue and determined the likelihood of such a case happening to the typical user is slim.

Among the reasons why:

• Most malware is planted to make money, and there is no indication this practice would rake in the dough.
• Images put on someone else’s computer would not be accessible whenever the planter wanted it.
• A digital trail is often left between the planter’s system and victim’s computer.
• The time lapse between image downloads is often much higher when a computer does it than when a person does.
• The prosecution will have to prove the defendant knowingly and intentionally possessed, received or distributed child pornography.

Also, users who keep their system security up-to-date should be relatively safe.

CBS advises:

• Making sure that your operating system and regularly used software are up-to-date.
• Using good software addressing malware, phishing attacks, and/or spam, and keeping it up to date. Subscriptions to paid programs should be renewed.
• Being cautious about spam and about providing information to sites you navigate to from links within even the most legitimate-appearing e-mails.

A malicious worm appears to be spreading across the Twitter network.

Over the past few hours, I have received a half dozen direct messages encouraging me to check out several supposed videos.

While I cannot confirm they are the Koobface virus, several people sent me this message:

“haha check out this vid”

I removed the url to prevent any accidental clicks.

In the past, the Koobface virus has hidden behind the promise of videos the victim was in.

Regardless of it is the Koobface, it is a dangerous link and should be avoided.

Upon doing a quick Twitter search, it is clear many users have already made that mistake and are spreading the worm.  I hope you are not the next victim.

DO NOT CLICK THIS LINK IF YOU SEE IT.  IT IS DANGEROUS TO YOUR COMPUTER AND THREATENS ANY PERSONAL INFORMATION YOU HAVE STORED THERE.

If you already clicked the link, change your password immediately, delete all posts that resulted from when you clicked the link and post a note explaining what happened.

REMINDER: Don’t ever click a link that doesn’t seem consistent with the user’s particular post pattern.  And while it’s difficult to predict exactly what could be a virus, malicious software is often hidden behind misspelled messages or items that promise to share videos or photos.

RELATED TECH TALK POSTS:

• Koobface virus spreading on Twitter
• Worm spreading through Facebook newsfeed

A growing threat to the security of personal bank accounts around the world has reared its ugly head in Connecticut.

A man who would only identify himself to police as “Martin” allegedly attached skimming devices to ATMs in two Wallingford, Conn. banks, the New Haven Register reported late Wednesday.

As a result, he has been charged with criminal attempt to commit larceny, criminal attempt to commit identity theft and unlawful possession of a skimming device, the newspaper reported on its Web site.  He has been scheduled to appear in court Aug. 6.

The man allegedly targeted North Colony Road branches of Wachovia Bank and Bank of America.

“As technology evolves, there are more and more ways for criminals to circumvent the process,” Connecticut State Police spokesman Sgt. Chris Johnson told the Register.

Thieves can capture ATM, debit and credit card information through a process called skimming anywhere such cards are used by capturing the information contained on the cards’ magnetic strip.  In many cases, cameras are also attached nearby to capture PIN information.

ABCNews.com recently reported on how simple it is to be victimized:

Sean Seibel thought it looked just like any other ATM — at least at first.

Earlier this month, the 33-year-old Microsoft employee, who lives in New York City, stopped in the closest Chase bank to get some cash to pay his barber. But when he inserted his ATM (automatic teller machine) card in the machine, he noticed a bit of resistance.

The screen said the machine was unable to read his card. So he tried again. But a second time, the machine gave him an error message.

He was about to give up and try another machine, when a thought popped into his head. He had heard about devices that fraudsters attach to the outside of card readers on ATM machines and, though it seemed unlikely, wondered if that was the source of his problem.

“I’m looking at the thing and thinking this can’t be – no way,” he said. “There are all these stories and myths about it, but I actually found one in the wild.”

With a combination of fear and exhilaration, he tried to pull on the green plastic surrounding the card slot and found that it peeled right off.

So if a seemingly informed and technologically savvy person like Sean Seibel could be nearly victimized, any of us could.

However, by following but a few simple tips, you could avoid becoming a victim.

Consumer Reports recommends:

• Don’t type in your pin at the gas pump for your debit card because they are produced by only a couple manufacturers making it easier for someone to gain the ability to insert a skimming device inside the pump where it cannot be seen.  If a credit card is unavailable, the publication suggests choosing the screen prompt that identifies the card as a credit card so a PIN is not required; greater protection from liability is gained if fraud occurs this way.
• Closely monitor your bank accounts — preferably online — because federal law limits consumers’ liability for fraudulent debit-card charges to $50, but only if the  theft or loss is reported within two business days. Failing to report unauthorized charges within 60 days of the date of the statement could make you liable for any unauthorized withdrawals afterward.  Visa and MasterCard have zero liability policies that go beyond federal law by exempting debit users from liability in most circumstances when a bank investigation confirms a transaction is fraudulent.  However, dealing with debit-card fraud has the potential of having a greater impact on your finances than credit-card fraud as you won’t be out any money while the disputed charges are being investigated.
• Use ATMs at banks because there’s generally more traffic and surveillance cameras to prevent someone from attaching a skimming device.  Granted, as noted in the ABCNews.com report, bank ATMs could also be targeted.  And, in fact, ABCNews.com reports that criminals are beginning to target ATMs in banks because the increased traffic gives thieves the potential for more activity and subsequent money.

ABCNews.com offers six recommendations of how to spot ATM skimmers:

• Be aware of your surroundings. Be extra careful of machines in dark areas or in places that don’t look well guarded and monitored.
• Pay attention to the front of machines. If it looks different from others in the area (for example, it has an extra mirror on the face), has sticky residue on it (potentially from a device attached to it) or extra signage, use a different machine and notify bank management with your concerns.
• Notice how it feels to type in your PIN code. If it’s difficult to punch the keys or you feel resistance, it could mean that a keypad overlay is present.
• Cover your hand as you type in your PIN. If a camera is present or someone is trying to look over your shoulder, this will obstruct their view.
• If you think the area around the card entry slot looks peculiar, pull on it. If it comes off or loosens, alert bank management but try to leave the machine as you found it. Leaving the evidence in place could help authorities track down the criminals.
• If you find a skimming device, in addition to notifying bank management, the ATMIA says to notify local law enforcement.

However, American consumers still appear to be concerned about their money.

According to the same ABCNews.com article:

A February study commissioned by Level Four, an ATM software company, found that 67 percent of American adults would consider switching to a competitor if their bank suffered an instance of ATM fraud. Steven Lund, president of Level Four Americas, LLC, told ABCNews.com that rising fraud in many European countries is what led them to replace the magnetic strip technology with the “chip and PIN” approach (also known as EMV for Europay, Mastercard and Visa).

If things get completely out of hand, American banks might resort to a South African technique of loading pepper spray into automatic teller machines to deter crooks, as Tech Talk reported several weeks ago here.  Granted, a few modifications would have to be made first.