Last Updated: 2008-03-02 22:42:37 UTC
by Scott Fendley (Version: 2)
Good afternoon everyone. As it is such a nice day here, I have taken my laptop and the MotoQ outside and caught up on some light reading and got a bit of sunshine as well. There are a couple of items that I feel might be useful to InfoSec professionals to read.
1) RBN `Rizing' - The Shadowserver Foundation released a whitepaper about some research they have been conducting involving the Russian Business Network and associated entities. From the information in this technical paper, it appears that many of the old cyber crimes have moved to the Abdallah InternetHizmetleri network and its network blocks. From the information provided, it may be to block this network or at least closely watch for activity involving these particular IPs.
2) Phreaking Article - Wired had an article come out this week that discusses the underworld of Phreaking which is alive and well. The article discusses an underage hacker who is being targetted by FBI investigation for attacks against other Phreakers and swatting other individuals. This article makes me wonder what type of preemptive training or defenses we need for our organizations for this type of activity. No direct conclusions from this article, but would be a good thing to discuss within your organization. I would hate to have an investigation where the forensic evidence is almost completely based on a caller-id that has been adjusted by a internal attacker/phreaker. Am I ready to stake my professional reputation on the basis of something which might have been tampered?
3) ID Theft Ring Broken Up in Canada - Very short article that was mentioned by one of our readers. As a bit of a lessons learned, who really believes that the sensitive data which were being printed on letters or transmitted in the clear prior to the early 2000s can't harm you now? Those unsafe activities from years past still have value in today's world as seen that the Mounties and Canadian Postal Inspectors raided an ID theft ring which had stolen postal mail back into the 1990s in their custody.
While thinking about the underground of phreaking, it reminded me that there is another cyber culture that there hasn't been significant discussion about security or legal or liability issues. This cyber culture is the world of Second Life. Anyone know of any articles or white papers discussing the security or privacy implications of SL use in any environment (corporate, home, or educational?) For those that don't know, Second Life is a 3D virtual world where users can socialize, network, give concerts, and create any number of things. As with any cyber culture, there are elements who attempt to attack the things others are trying to build and generally be a nuisance. Outside of the attacks against in-world islands and avatars, I haven't played with SecondLife enough to decide what other types of activity may be harming our respective networks.