The Indian cyberspace is under attack and is being increasingly targeted by hackers and cyber criminals from neighbouring countries.

ICERT (Indian Computer Emergency Response Team) statistics show a rise in defacement cases. In January, 466 cases were reported whereas in January 2008 the number was 81.

Defacement of a website means changing the original content on the website by editing or adding fake information about people, organisation, or issues.

"Defacement can lead to serious problems for an organisation or a government body owning a website," Vijay Mukhi of the Foundation for Information Security and Technology (FIST) said.

"If some fake information is added on a website, it can lead to huge monetary as well as other losses for the owner. Defacement can be done by hacking into a website or by using some flaws in the software."

The ICERT report has divided the cases of defacement into two sections -- defacement cases in TLD (Top Level Domain) websites and CCTLD (Country Code Top Level Domain). Websites that fall in the TLD category have extension codes such as com, org, net, and edu whereas CCTLD websites have extension codes such as in, ac.in, gov.in, or edu.in.

"Cases reported to ICERT deal with mostly government websites that have been defaced," a cyber crime expert said. "On most occasions, the person defacing the website is traced to foreign countries. This makes it difficult to take any action against them."

Mukhi said several cases of defacement were not reported to ICERT. "This is another reason why no action can be taken against culprits," he said. "People should register complaints. One should keep upgrading the operating and other softwares to prevent websites being defaced."

Shannon Rossmiller, a Montana mom who befriends and betrays online jihadists -- while she gets her kids ready for school. Her social networking has helped bust a half-dozen terror rings, authorities say.

Rossmiller succeeds by exploiting a fundamental flaw in al Qaeda's famously decentralized organization. The absence of a strict hierarchy makes it pretty easy for a cunning person to mix among the terrorists. So she poses as a potential al Qaeda soldier looking for like-minded comers. She creates multiple characters and uses her older and more respected personae to invite the new ones into private forums. There are other self-taught counterterrorists like her, but they tend to translate and discuss, lurk and report. Rossmiller works the terrorism boards as if she were playing a complex videogame. Her characters come complete with distinct personalities and detailed biographies that are as richly conceived as any protagonist on an HBO series. She keeps copies of everything, time-stamps files, and takes screenshots. She has an Excel spreadsheet that details the 640 people with whom she has had contact on these boards since 2002...

In May 2002, [for instance,] Rossmiller saw a post from a man in Pakistan who said he had access to Stinger missiles he wanted to sell. She wrote back to the person she now identifies in her files as Rocket Man, posing as someone interested in purchasing his wares. After a few exchanges, she abruptly threatened to cut off contact unless he provided proof he was who he said he was. "And I'll be gol-danged if a few days later, a nice little zip file appears with pictures of him sitting on some crates." The inventory numbers of the Stingers were clearly visible. Rossmiller then realized that her hobby had turned into something that needed attention from the FBI.

Rossmiller's not the only private citizen that's tangling with Islamic extremists online, of course. Earlier this month, terror-hunted Rita Katz made headlines when she accused the Bush Administration of blowing her surveillance of Al-Qaeda's "intranet."

Then there's Joseph G. Shahda, a Boston engineer who's "happily claiming credit" for knocking offline "40 militant Islamist Web sites," including "some of the world’s most active jihadi sites, with forums full of extremist chatter."

“These sites are very, very dangerous,” Shahda tells the New York Times. “And I think we should keep going after them. They are used as recruiting tools for terrorists, arousing emotions, teaching how to hate.”

Al Qaeda may have been a pioneer in exploiting new media to spread propaganda and recruit members. But now, many experts feel the terror group is falling behind. Despite all the hand-wringing in U.S. intelligence circles, Osama & Co. don't seem to be comfortable with Web 2.0-style applications. Marc Lynch explains why, in a must-read post. Here's a snip:

Social networking: one of the biggest problems for a virtual network like AQ today is that it needs to build connections between its members while protecting itself from its enemies. That's a filtering problem: how do you get your people in, and keep intelligence agents out? An AQMonster.com database would be easy pickings - an online list of all the 'explosives experts' would be a gift to intelligence, no? An AQFacebook or AQSpace might create an identifiable universe of jihadist sympathizers, but again would probably help intelligence agencies as much as AQ. Perhaps an AQLinkedIn model, where members need to be recommended by a current member would reproduce the low-tech approach of allowing in trusted members and keeping out unknown quantities. This could potentially strengthen the 'organization' part... but at the expense of a greater distance from the pool of potential recruits who would not be sufficiently trusted to join. Overall it's hard to see how AQ could adapt social networking without creating such vulnerabilities. Its rivals, on the other hand, have no such problems - Muslim Brotherhood youth are all over Facebook.

Could Twitter become terrorists' newest killer app? A draft Army intelligence report, making its way through spy circles, thinks the miniature messaging software could be used as an effective tool for coordinating militant attacks.

For years, American analysts have been concerned that militants would take advantage of commercial hardware and software to help plan and carry out their strikes. Everything from online games to remote-controlled toys to social network sites to garage door openers has been fingered as possible tools for mayhem.

This recent presentation -- put together on the Army's 304th Military Intelligence Battalion and found on the Federation of the American Scientists website -- focuses on some of the newer applications for mobile phones: digital maps, GPS locators, photo swappers, and Twitter mash-ups of it all.

The report is roughly divided into two halves. The first is based mostly on chatter from Al-Qaeda-affiliated online forums. One Islamic extremist site discusses, for example, the benefits of "using a mobile phone camera to monitor the enemy and its mechanisms." Another focuses on the benefits of the Nokia 6210 Navigator, and how its GPS utilities could be used for "marksmanship, border crossings, and in concealment of supplies." Such software could allow jihadists to pick their way across multiple routes, identifying terrain features as they go. A third extremist forum recommends the installation of voice-modification software to conceal one's identity when making calls. Excerpts from a fourth site show cell phone wallpapers that wannabe jihadists can use to express their affinity for radicalism:

Then the presentation launches into an even-more theoretical discussion of how militants might pair some of these mobile applications with Twitter, to magnify their impact. After all, "Twitter was recently used as a countersurveillance, command and control, and movement tool by activists at the Republican National Convention," the report notes."The activists would Tweet each other and their Twitter pages to add information on what was happening with Law Enforcement near real time."

Terrorists haven't done anything similar, the Army report concedes - although it does note that there are "multiple pro and anti Hezbollah Tweets." Instead, the presentation lays out three possible scenarios in which Twitter could become a militant's friend:

Scenario 1: Terrorist operative “A” uses Twitter with… a cell phone camera/video function to send back messages, and to receive messages, from the rest of his [group]... Other members of his [group] receive near real time updates (similar to the movement updates that were sent by activists at the RNC) on how, where, and the number of troops that are moving in order to conduct an ambush.

Scenario 2: Terrorist operative “A” has a mobile phone for Tweet messaging and for taking images. Operative “A” also has a separate mobile phone that is actually an explosive device and/or a suicide vest for remote detonation. Terrorist operative “B” has the detonator and a mobile to view “A’s” Tweets and images. This may allow ”B” to select the precise moment of remote detonation based on near real time movement and imagery that is being sent by “A.”

Scenario 3: Cyber Terrorist operative “A” finds U.S. [soldier] Smith’s Twitter account. Operative “A” joins Smith’s Tweets and begins to elicit information from Smith. This information is then used for… identity theft, hacking, and/or physical [attacks]. This scenario… has already been discussed for other social networking sites, such as My Space and/or Face Book.

Steven Aftergood, a veteran intelligence analyst at the Federation of the American Scientists, doesn't dismiss the Army presentation out of hand. But nor does he think it's tackling a terribly seriously threat. "Red-teaming exercises to anticipate adversary operations are fundamental. But they need to be informed by a sense of what's realistic and important and what's not," he tells Danger Room. "If we have time to worry about 'Twitter threats' then we're in good shape. I mean, it's important to keep some sense of proportion."

Al-Qaida's once-robust online propaganda network has taken a hit. The release of a 9/11 anniversary video was delayed by nearly a week. And one of the most popular video-distribution sites is offline.

For years, the al-Ekhlaas network of sites has been a primary distributor of videos from al-Sahab, Qaida's propaganda arm. Then, on September 11, al-Ekhlaas.net was suddenly re-registered. Its domain name now belongs to the joker.com hosting service. All of its content vanished. Related and mirrored pages also went down. Even al-Ekhlaas' YouTube account was suspended.

It's not the first time this has happened; hosting companies have dumped al-Ekhlaas sites before, in response to Western pressures. But the breadth of this effort points to a coordinated attack on a major nerve center of al-Qaida's information warfare effort. "Al Ekhlaas fans are beginning to lose hope of being able to log onto what was once the number one militant Islamist forum on the web," reports CBS' online Internet Terror Monitor.

The strikes against the propaganda network appear to be ongoing. A much-hyped al-Sahab video, commemorating the 9/11 attacks, was only released today -- six days late. And some online al-Qaida sympathizers are complaining that they've been unable to use their normal passwords, to download the video.

The Hindustani Times credits two bloggers with the disruption: Aaron Weisburd from Internet Haganah and "Rusty Shackleford" from The Jawa Report. Shackleford was quick to laugh off the accusation. "News of my ability to thwart al Qaida's online activities have been greatly exaggerated," he writes. Internet jihadists, on the other hand, are blaming American intelligence agencies for the takedown.

Online jihadists have already used YouTube, blogs and other social media to spread their propaganda. Now, a group of internet Islamic extremists is putting together a plan for "invading Facebook."

"We can use Facebook to fight the media," notes a recent posting on the extremist al-Faloja forum, translated by Jihadica.com. "We can post media on Facebook that shows the Crusader losses."

"We have already had great success in raiding YouTube," the poster adds. "American politicians have used Facebook to get votes, like the house slave Obama."

Groups like al-Qaida were pioneering users of the internet — to train, share ideas and organize. But some observers, like George Washington University professor Marc Lynch, see a reluctance to embrace Web 2.0 tools like Facebook. "One of the biggest problems for a virtual network like AQ today is that it needs to build connections between its members while protecting itself from its enemies. That's a filtering problem: How do you get your people in, and keep intelligence agents out?" he asks.

But as Jihadica.com author and West Point Combating Terrorism Center fellow William McCants notes, the proposed Facebook invasion "is not an attempt to replicate [existing] social networks." Instead, "the members of the campaign want to exploit existing networks of people who are hostile to them and presumably they will adopt new identities once they have posted their material."

The al-Faloja poster suggests seven "brigades" work together within Facebook. One will distribute videos and writing of so-called "martyrs." Another will spread military training material. Most of them will work in Arabic, presumably. But one of the units will focus just on spread English-language propaganda through Facebook.

A group of Israeli students and would-be cyberwarriors have developed a program that makes it easy for just about anyone to start pounding on pro-Hamas websites. But using this "Patriot" software, to join in the online fight, means handing over control of your computer to the Israeli hacker group.

"While you're running their program, they can do whatever they want with your computer," Mike La Pilla, manager of malicious code operations at Verisign iDefense, the electronic security firm.

The online collective "Help Israel Win" formed in late December, as the current conflict in Gaza erupted. "We couldn't join the real combat, so we decided to fight Hamas in the cyber arena," "Liri," one the group's organizers, told Danger Room.

So they created a simple program, supposedly designed to overload Hamas-friendly sites like qudsnews.net and palestine-info.info. In recent years, such online struggles have become key components in the information warfare that accompanies traditional bomb-and-bullets conflicts. Each side tries to recruit more and more people -- and more and more computers -- to help in the network assaults. Help Israel Win says that more than 8,000 people have already downloaded and installed its Patriot software. It's a small part of a larger, increasingly sophisticated propaganda fight between supporters of Israel and Hamas that's being waged over the airwaves and online.

Help Israel Win, which has websites in Hebrew, English, Spanish, French, Russian and Portugese, doesn't say much about how the program functions -- only that it "unites the computer capabilities of many people around the world. Our goal is to use this power in order to disrupt our enemy's efforts to destroy the state of Israel. The more support we get, the more efficient we are."

Analysis from iDefense and the SANS Institute, however, reveals that computer users put their PCs at risk when they run the Patriot software. The program connects a computer to one of a number of Internet Relay Chat (IRC) servers. Once the machine is linked up, Help Israel Win can order it to do just about anything.

The Patriot program does something "fishy," SANS Institute security specialist Bojan Zdrnja said, by retrieving "a remote file and sav[ing] it on the local machine as TmpUpdateFile.exe." That could easily be a "trojan," Zdrnja said, referring to a program that sneaks malicious code onto a computer.

"While at the moment it does not appear to do anything bad (it just connects to the IRC server and sites there -- there also appeared to be around 1,000 machines running this when I tested this) the owner can probably do whatever he wants with machines running this," Zdrnja wrote.

Liri, with Help Israel Win, conceded that "the Patriot code could be used as a trojan. However, "practically it is not used as such, and will never be."

"The update option is used to fix bugs in the client, and not to upload any malicious code... never have and never will," Liri said. "The project will close right after the war is over, and we have given a fully functional uninstaller to [remove] the application."

It's also unclear how much the Patriot program is really helping the Israeli side in the online information war.

La Pilla has been monitoring Help Israel Win's IRC servers for days. "They didn't make us download and install anything. Didn't make us [attack] anybody. I was basically just sitting idle on their network." The group claims to have shut down sarayaalquds.org and qudsvoice.net. But, as of now, the rest of the group's pro-Hamas targets remain online. Meanwhile, Help Israel Win has had to shift from website to website, as they come under attack from unknown assailants.

Open wi-fi is a terrorist tool and has to be shut down, right this second. That's the conclusion, at least, of the Mumbai police. Starting today, the Times of India reports, "several police teams, armed with laptops and internet-enabled mobile phones, will randomly visit homes to detect unprotected networks."

"If a particular place's wi-fi is not password-protected or secured then the policemen at the spot has the authority to issue notice to the owner of the wi-fi connection directing him to secure the connection," deputy commissioner of police Sanjay Mohite tells The Hindu. Repeat wi-fi offenders may receive "notices under the Criminal Procedure Code," another senior officer warns the Times.

Mohite notes that e-mails taking credit for terror attacks in New Delhi and Ahmedabad were sent through open wireless networks. "Unprotected IP addresses can be misused for cyber crimes,'' he says. Other Indian cities now require cyber cafes to install surveillance cameras, and to collect identification from all customers.

But plugging up all those perceived security sieves in Mumbai is going to take some work. A quick Sheriff's Brigade survey on Sunday showed that 80 percent of wi-fi networks in South Mumbai were left unlocked. And it's not like terrorists are all that 802.11-dependent, of course. An e-mail also took credit for December's massacre in Mumbai. Whether that came from an open wi-fi connection or not is unclear -- the mailer used an anonymizer service, to cover his electronic tracks.

Last summer, three weeks before the shooting war between Georgia and Russia began, online attackers started assaulting Georgia's websites. Since then, researchers have tried to find out who masterminded the network strikes -- military electronic warriors, patriotic hackers, cyber-crooks -- without finding anything definitive.

But Georgian National Security Council chief Eka Tkeshelashvili says she knows exactly who's behind the network assault. "There's plenty of evidence that the attacks were directly organized by the government in Russia," she tells Danger Room. It's perhaps the boldest, most direct accusation of blame to come from a senior government official in the Russia-Georgia cyber war.

But, in conversations with Danger Room, neither Tkeshelashvili nor her advisers offered any new evidence that conclusively linked Moscow to the attacks on Georgian cyberspace. "I'm not saying it's enough for a criminal court, to prove a case beyond a reasonable doubt," Tkeshelashvili conceded.

Nevertheless, Tkeshelashvili is scheduled to tell the GovSec conference in Washington, D.C. later today that "Russia invaded Georgia on four fronts. Three of them were conventional — on the ground, through the air, and by sea. The fourth was new — their attacks via cyberspace... It is, quite simply, implausible that the parallel attacks by land and by cyberspace were a coincidence — official denials by Moscow notwithstanding."

And she may not be wrong. But the maddening thing about network attacks is that it's all too easy to cloak identities, work through third-parties, and route attacks through far-flung servers. Which makes it next-to-impossible to definitively pin blame. Russian hackers have claimed key roles in the cyber war. Ordinary citizens were encouraged to pile on. One member of Russia's parliament recently said the whole thing was started out of his office.

"You'll never be able to establish, through in-band technical means, who was sitting in front of a computer from which an attack originates, nor can you discern their motivations," Bill Woodcock, research director at the Packet Clearing House, told Danger Room, when the attacks began. "Instead, one has to look at who the political beneficiary is, one has to look at who's claiming responsibility for the attack, and whether that claim is contested."

In her speech, Tkeshelashvili lays out a three-part hierarchy to the attacks:

"At the top of the hierarchy are the "Soldiers": the professional planners, computer scientists, engineers, and other implementers, including the military itself. Next are what some call the "Mercenaries." These are criminal organizations paid to carry out certain elements of the attacks. In this case, there are strong signs implicating an outfit known as the Russian Business Network (RBN). And, finally, there are the "Volunteers." These are individuals with PC’s who are recruited to carry out attacks. They are provided with access to all the necessary software tools, as well as to detailed instructions for carrying out the attacks. In other words, they don’t have to be skilled and “educated” hackers. This is literally a mobilization of the masses."

Jeffrey Carr, principal of hacker-tracker firm GreyLogic, LLC, says Tkeshelashvili is "definitely in the ballpark." But key details are off. The Russian Business Network, as a group of individuals, has been largely disbanded, for instance. Their infrastructure of shell companies and shady servers and botnets-for-hire remains. It's yet another complicating factor, when online investigators try to find who's behind a network attack.

A university student in Florida on Tuesday was sentenced to 22 months in prison for his role in a bungled scheme to hack into his school's computer system and make hundreds of grade changes.

Christopher Jacquette, 29, of Tallahassee was also ordered to serve three years of supervised release for his part in the plot, which used keyloggers to access protected computers at Florida A & M University, according to federal prosecutors. Along with cohorts Lawrence Secrease and Marcus Barrington, his caper reads like a modern-day episode of The Three Stooges.

The tale begins in August 2007, when Jacquette installed keyloggers onto several of the university's computers after sneaking into a locked ballroom where student registration was taking place. In short order, the trio had access to the school's PeopleSoft accounts. They promptly used it to change dozens of grades belonging to them and their friends, in many cases from Fs to As.

Naturally, these under-achieving students weren't the sharpest tools in the shed, and they made some mistakes along the way. A university audit quickly revealed the presence of the keyloggers, and the discovery gave up several email addresses under the control of the students. University logs also showed that the grade changes were made using internet accounts from the students' homes.

When police questioned Barrington's sister about changes made to her grades, she said she believed they were an act of God.

Then, within hours of being interrogated, Barrington convened a meeting where the trio would plan how to sneak keylogging software on university computers a second time. The university had reversed the altered grades, it seems, and the students were intent on changing them back. According to court documents, they did just that, boosting 16 grades belonging to Jacquette and 12 belonging to Barrington.

The students also used their unauthorized access to change the residency status of several students so they wouldn't have to pay out-of-state fees that were more expensive. After Jacquette received $600 apiece from two students, he used his cell phone to send a text message instructing Barrington to change the students' residence. After Jacquette gave consent to have his cell phone searched, investigators found several passwords belonging to university employees.

Court documents charged all three students with four felonies in connection with the alleged scheme. The status of Barrington and Secrease wasn't immediately known. Prosecutors weren't available late Tuesday to clarify.

In all, the trio changed some 650 grades belonging to 90 students. About 114 of the grades were Fs that were converted to As. Because the changes to grades and residency status would have allowed students to receive lower tuition fees, it could have had thee effect of costing the university hundreds of thousands of dollars, prosecutors alleged.

Foreign spies have infiltrated the US electrical grid, leaving behind software programs that could disrupt the system in a time of war, American national security officials have claimed.

The intruders, who came from countries including China and Russia, were believed to be attempting to map the US electrical system and work out how it was controlled, according to reports in the Wall Street Journal.

Officials said the cyberspies had not tried to damage the grid, but warned they could during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the paper. "So have the Russians."

The intrusion spread across the country and didn't target any specific companies or regions, a former Department of Homeland Security official said. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."

Several of the intrusions were detected by US intelligence agencies and not by the companies in charge of the infrastructure, the officials said.

The breaches come as concern grows among the intelligence community over cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the internet.

More worrying was the discovery that the cyberspies had left behind software tools that could be used to destroy infrastructure components, the senior intelligence official said. He told the Wall Street Journal: "If we go to war with them, they will try to turn them on."

Water, sewage and other infrastructure systems were also believed to be at risk.

"Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts," Director of National Intelligence Dennis Blair recently told politicians. "A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure."

An Israeli network security company brought down a Hizbullah-run Web site last week using hacking technology developed in China, Haaretz reported Tuesday. According to the daily, the Israeli company Applicure employed relatively cheap, accessible and easy to use software to bring down the site, english.hizbollah.tv, with only 10 computers.

Nevertheless, in the wake of the report, commentators were already questioning the ways in which privately waged cyber-warfare could affect the tense relationship between avowed enemies like Israel and Hizbullah.

The term used to describe the use of a singular or coordinated assault on a Web site to prevent it from properly functioning is "denial of service" (DOS) or distributed denial of service (DDOS). DOS or DDOS attacks utilize a number of computers, infected by viruses or Trojan horses and grouped into networks, to bombard a Web site with an overwhelming number of illegitimate requests, preventing it from servicing legitimate requests.

DOS is only one of many way to bring down a Web site or network, but it is often considered the most popular method because it does not require the advanced software used in other forms of Web sabotage.

Computers used by and often hijacked (without the knowledge of the primary user) by hackers are known as bots. Only ten of these bots, according to Haaretz were needed to interrupt the Hizbullah site.

Haaretz reported that Applicure was "trying out breaking-in tools developed by Chinese hackers," when it brought down the site. The report added that the software used was intended for "laymen," not hackers well-versed in programming.

In addition, the article noted that this particular software is relatively cheap, as little as $260 a year with a limited number of bots, and that it use to disrupt services can earn a user a six figure salary, primarily through blackmail.

Applicure has partners in South Korea, which is reportedly a popular place for Chinese hackers to disrupt Web-based services, especially gaming sites, which are quite popular. China's Computer Emergency Response Team increased its risk assessment to China's internal network twenty fold in 2007.

In the United States, DOS attacks often target online gambling sites where the private information of users, like credit card information can be mined, by infecting the largest number possible of personal computers with Trojan horses.

Citing technology and security experts, the report said this kind of virus infects an entire site and tires to "download" itself on to as many users computers as possible.

China has gained capability to shut down Britain by crippling its telecoms and utilities, a report claimed on Sunday.

Intelligence chiefs have told the government that equipment installed by Huawei, the Chinese telecoms giant, in BT's new communications network could be used to halt critical services such as power, food and water supplies.

According to a report in The Sunday Times, the warnings coincide with growing cyber warfare attacks on Britain by foreign governments, particularly Russia and China.

While BT has taken steps to reduce the risk of attacks by hackers or organised crime, the government believed that the mitigating measures are not effective against deliberate attack by China.

According to the report, Alex Allan, chairman of the Joint Intelligence Committee (JIC), briefed members of the ministerial committee on national security about the threat from China at a top-secret official meeting in January.

Home Secretary Ms Jacqui Smith chaired the meeting.

A media report on Sunday said vast cyber spy network controlled from China has infiltrated government and private computers in 103 countries, including those of Indian embassy in Washington and the Tibetan spiritual leader Dalai Lama.

Canadian researchers, the New York Times reported, have concluded that the computers based almost exclusively in China are controlling the network and stealing documents, but stopped short of saying that the Chinese government was involved.

A China-based cyber spy network has hacked into government and private systems in 103 countries, including those of many Indian embassies and the Dalai Lama, an Internet research group said on Saturday.

The Information Warfare Monitor (IWM), which carried out an extensive 10-month research on cyber spy activities emanating from China, said the hacked systems include the computers of Indian embassies and offices of the Dalai Lama.

Without identifying Indian embassies, the group said all evidence points to China as the source of this spy espionage.

The group said it has evidence that the hackers managed to install a software called malware on the compromised computers to steal sensitive documents, including those from the Dalai Lama's offices.

The group began its research after Tibetan exiles made allegations of cyber spying by the Chinese.

After initial investigations when the group widened it research it found that the China-based cyber espionage had hacked computer systems of embassies of India, Pakistan, Germany, Indonesia, Thailand, South Korea and many other countries.

In all, the hackers had gained access to 1,295 computer systems of foreign ministries of many countries, including Bhutan, Bangladesh, Latvia, Indonesia, Iran, and the Philippines, the researchers said.

After gaining access to foreign government and private computer systems, the hackers installed malware to exercise control over these computer systems to access any documents.

"We have been told by the researchers that the Chinese hackers have gained access to our computers systems all over the world, and taken sensitive documents from the office of His Holiness (the Dalai Lama)," Toronto-based Tibetan student leader Bhutila Karpoche told IANS.

She said, "Our website (studentsforafreetibet.org) has been repeated hacked, and we keep getting all kinds of viruses in our emails. This trend has increased in recent months, and we have become very wary about opening

our emails."

The findings of the 10-month investigation titled 'Tracking GhostNet:

Investigating a Cyber Espionage Network,' can be found here,

Tracking GhostNet: Investigating a Cyber Espionage Network

UK & US IDs Exposed to World

A reported 22,000 card records have been exposed through cached copies of data stored on a defunct cybercrime server.

iTnews in Australia reports that 19,000 of the 22,000 exposed details referred to US and UK cards and that data came from Google cache records of a disused internet payment gateway, a line picked up by Slashdot.

However, a security expert told us the information was actually from either a dump or attack site used for credit card fraud. This cybercrime site, registered by someone in Vietnam, is no longer operational.

The data - viewable through Google cache - includes credit card numbers, expiry dates, names and addresses for accounts held with Visa, Mastercard, American Express, Solo and Delta. The information remains available at the time of writing for anyone with the wit to formulate the correct search term.

First spotted by an anonymous Australian, details were posted on a now deleted thread on whirlpool.net.au. Reg readers have since independently located the sensitive information in Google's cache.

"Google can sometimes be a victim of its own effectiveness, having indexed all available content from the criminal's dump server in Vietnam they inadvertently made thousands of UK credit card details available to the casual browser by serving them up from their own cache," explained Rik Ferguson, a security consultant at Trend Micro. "From the moment this content was made public Trend Micro have been working to help Google, over the course of the weekend, to identify and remove all the offending information," he added.

It's not the first time Google's spiders have indexed such sensitive data. In May 2008 net security firm Finjan reported a similar case, where banking login credentials and other data was stored on a crimeware server accessible though Google search queries.

A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.

Reporters posing as fraudsters bought UK names, addresses and valid credit card details from a Delhi-based man.

The seller denied any wrongdoing and Symantec corporation, from whom three victims bought a product via a call centre, called the incident "isolated".

Card fraud totalled £609m during 2008, according to payments group Apacs.

Symantec said it requires rigorous security measures of any third-party call centre agents and it believed the breach had been limited to a single agent.

The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details.

Two undercover reporters met the broker in a Delhi coffee shop for an encounter that was filmed secretly.

Secret filming exposes frauster selling stolen credit card details
http://news.bbc.co.uk/1/hi/uk/7952419.stm

He told the pair he could supply them with hundreds of credit and debit card details each week at a cost of $10 dollars a card.

After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14. He said the remainder would be sent later by e-mail.

The man claimed some of the numbers had been obtained from call centres handling mobile phone sales, or payments for phone bills.

Back in the UK, the broker continued to supply card details to one of the undercover reporters by email.

Nearly all of the names, addresses and post codes sold to the BBC team were valid. But most of the numbers attached to them were invalid - often out by a single digit.

However, about one in seven of the numbers purchased were valid - active cards still in use by UK customers. Their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.


The BBC team contacted the owners of these cards and warned them that their details were now being bought and sold in India.

Three of those customers had, within hours of each other, bought a computer software package by giving their credit card details to a call centre over the phone.

Within hours of making the purchase, their details were fraudulently sent on to the reporters.

One of the victims said he was "disturbed" at what had happened.

Allan Little telephones the fraudster to confront him about what we found
http://news.bbc.co.uk/1/hi/uk/7952423.stm

The software was made by Norton, which is part of the Symantec corporation.

Symantec, which launched an investigation after being informed of the the undercover probe, said the leak had come from a single source which has now been removed.

In a statement it said: "We are investigating how this incident happened and will take any appropriate steps to address any opportunities for improvement in our processes.

"We have engaged with the local law enforcement officials in India and will cooperate fully with that investigation. We are in the process of reviewing all possible options to manage this third party call centre, including moving away from it."

A spokeswoman stressed that "rigorous security measures" are put in place at call centres. For example, staff are not allowed to take electronic devices, memory sticks, pens or pencils to their desks. Internet and email access is also banned.

Wrongdoing denied

Saurabh Sachar, the seller, denied any wrongdoing or illegal activity.

When told that he had been filmed taking money from undercover reporters, he said they had borrowed that money from him and were paying it back.

He said the piece of paper handed over to undercover reporters contained "some directions" and a "kind of balance sheet".

And, when accused of providing credit card details he said they were "not correct". Mr Sachar also denied sending more details by e-mail.

Credit and debit card fraud cost the UK banking industry £609 million in 2008 - a rise of 14% on 2007.

Much of that fraud comes from transactions where the card is not physically present, such as telephone or internet sales.

The UK and the EU have stringent Data Protection laws. India has recently tightened up its rules governing the use of Information technology, but it has no data protection legislation.

"India is only paying lip service to data protection," the Data Protection lawyer Pavan Duggal told BBC News.


"We don't yet have a dedicated legislation on data protection. Until such times as India comes across with strong stringent provisions on data security we will have instances like this keep on happening."

The huge expansion in credit card use in recent years has produced a new kind of fraudster - one that will try to exploit any opportunity to reach into almost any credit or debit account that is used to make telephone purchases.

Research Shows Economic Slump Prompting Surge In Online Criminality

Malware volumes grew by a huge 300 per cent during 2008, fuelled in part by continuing job uncertainty, according to new research from security-as-a-service provider ScanSafe.

The firm analysed more than 240 billion web requests in over 80 countries last year, and found a particular growth in exploits and iframe attacks, which rose 1,731 per cent, and data-theft Trojans, which increased by 1,559 per cent.

Mary Landesman, senior security researcher at ScanSafe, suggested that the rise in criminal activity could correspond to the decline in the global economy.

"We saw a continued acceleration of web-delivered malware in 2008, reaching significant peaks in October and November. The numbers are staggering," she said.

"It could be that the increasing job losses and uncertainty are fuelling the surge in criminal activity. It is also likely that cyber crime is a viable business opportunity in a climate where legitimate opportunities are becoming increasingly limited."

ScanSafe also warned that trusted sites are now statistically the most dangerous on the web, as they are frequently hacked using techniques such as SQL injection attacks. The firm recorded 780,000 malicious web pages in April alone as a result of a single SQL injection attack.

Reports Reveal Police Store Records on Protestors & Journalists

Just a day after the Information Commissioner raided a firm for possessing a covert database of construction workers’ personal information, it emerged that the police force is keeping a potentially illegal database listing the details of political activists and journalists.

In a Guardian newspaper investigation, the Metropolitan Police force, which is said to have pioneered surveillance techniques at demonstrations, was accused of storing details including names, photographs, political associations and video footage of protesters and reporters.

The information is stored on CrimInt, a centralised database used by all police to catalogue criminal intelligence, the report said.

The information was obtained by the paper via Freedom of Information requests, court testimony, an interview with a senior Met officer and police surveillance footage.

According to reports, the data is held by the police for up to seven years, and reviewed each year, so it is unclear whether the ICO will decide to investigate possible breaches of the Data Protection Act.

However, the storage of details belonging to people who have not been convicted or accused of a crime could contravene the Human Rights Act.

The news comes as the ICO seeks to harden its stance on organisations believed to be breaking the Data Protection Act. Last week it began proceedings against a Droitwich firm it accused of holding the details of over 3,000 building site workers without their knowledge.

Public confidence in the state’s policies on data handling is at an all time low after a string of high profile public sector data breach incidents, and widely criticised proposals for a centralised database of communications data.

The police and Home Office also came in for recent criticism after the police were given new powers to hack into individuals’ PCs without a warrant.

Source: vnunet

Computer hackers suspected of working from Russia successfully penetrated Pentagon computer systems in one of the most severe cyber attacks on US military networks.

The electronic attack was so serious that Adm Michael Mullen, the chairman of the joint chiefs of staff, briefed President George W Bush and Robert Gates, the defence secretary.

Defence officials told the Los Angeles Times that the attack struck computers within the US Central Command, which oversees Iraq and Afghanistan, and involved malicious software - known as "malware" - that permeates a network.

"This one was significant, this one got our attention," said an official, speaking anonymously.

Officials did not disclose the extent of the damage and would not elaborate on the reasons for believing the assault originated in Russia.

The Pentagon and other US government departments face repeated cyber attacks, especially from Russia and China, either from individuals or indirectly from those countries' governments.

Within the past 18 months Russia has been accused of orchestrating major electronic attacks on neighbours Estonia and Georgia.

Source: telegraph.co.uk

Careers website Monster.com and USAJobs.gov, the official job site of the US Federal Government, have published security alerts to their customers warning of a serious hacking attack.

Feeling a sense of deja vu? Well, you should be as this has happened before.

It appears that Monster.com's database and USAJobs.gov's database were compromised and contact and account information was stolen. Data stolen included users' login names, passwords, email addresses, names, phone numbers and some demographic data.

Here is a short video I have made, explaining the possible impact of this security breach - and explaining why you should take this opportunity to think long and hard about whether you are acting securely with your website passwords:


What the Monster.com security breach teaches us about passwords from Sophos Labs on Vimeo.

Monster has published a warning for its users, advising them to change their passwords. A similar alert has appeared on the USAJobs.gov website, whose database is run by Monster.



Although the warnings are keen to emphasis what information has not been breached during the attack (for instance, social security numbers), it is important to understand the serious risks that Monster and USAJobs customers may be placed in because of this incident.

One very real risk is that hackers will use the email addresses and personal information they have received to mount a realistic phishing campaign, attempting to gather more sensitive information about victims. Phishing emails which attempt to look more legitimate by using the recipient's real name and other personal information (such as user id, phone number or location) are always more successful at social engineering further details that could be used for indentity theft out of people.

There is even more potential for danger, however, because passwords have been stolen. We know that too many people use the same password for every website that they access.

That means that if hackers have managed to extract your Monster.com or USAJobs.gov password in this attack, they might be able to use it to break into your email accounts, or the likes of eBay, PayPal, Amazon, and indeed any other website that you have used the same password for.

So, if you use Monster.com or USAJobs.gov you should change your password now. Choose a sensible password that is not a dictionary word and that is hard to guess. And *then* change your passwords at any other site where you might be using the same password. Make sure, of course, that it's not the same password as the one you are using at Monster - you don't want to make that mistake again.

Worryingly, this isn't the first time that Monster and USAJobs have been targeted by hackers who have stolen data about their users. 18 months ago, as this 2007 report from Reuters reveals, hackers used the Monstres Trojan horse to steal details of jobseekers via recruiter accounts. That hack was unsurprisingly followed up by a widespread phishing email campaign.