HOME WHAT'S HEADFRY? CONTACT
Security week in review
FUD
Hot topics
Tip of the week
Home users
Security in the movies
Email a friend Print this page
Week of October 24, 2004

Mid life crisis and life stressors cause MBA grad to hack

John Denison, 49, an Australian MBA grad with degrees in science and mathematics, hacked into the New Zealand Health Ministry’s bank account, and transferred $2.15 million intended for doctors and medical laboratories to a bank account established under an assumed name, with the aid of a false passport and driver's licence.

Denison was hired for a senior role with the Ministry in March 2004, heading up a national meningococcal B vaccination program. He had apparently tried many times to crack the system, before he finally succeeded.

Clearly with aspirations toward high living, he attempted to use almost $800,000 of his ill- gotten gains as a down payment on a luxury apartment in Sydney, before he was caught- after the intended recipients of the stolen funds alerted the Ministry. After confessing to his crimes, he offered to highlight the flaws in the Ministry’s computer security that allowed him gain access and siphon off funds. They politely declined.

According to a report in Australian IT News, at his trial in Wellington, NZ, the presiding Judge indicated that Denison was partly motivated “by a desire to maintain a certain quality of life”, and his lawyer argued the offence had arisen out of "something of a mid-life crisis" because his client's annual income had gone from $200,000 to $103,000 in his job with the Ministry, and he was under financial pressure, taking care of several sick relatives.

All the money has been recovered, but Denison was sentenced to three years in jail for his troubles.

This article goes to show the oftentimes complex motivations of hackers, and emphasizes that fact that they are not all pimply-faced teenagers.

Remember- in any computer fraud investigation, look for motive and opportunity.

It is rarely as easy as it sounds, but insiders clearly have a considerable advantage when it comes to the opportunity stakes.

read more...

  So what's headfry? Headfry is a common, much used and loved expression in Ireland, the UK and Australia. read more...

 
 

Week of Oct 11, 04

 
   
California gets second cyber security law

California is clearly a trailblazer when it comes to IT security centric legislation.

On 29 September 2004, California Governor Schwarzenegger signed into law Assembly Bill 1950 (AB 1950) to add Section 1798.81.5 to the California Civil Code. It requires companies to implement and maintain reasonable security procedures and practices to protect the personal information of California residents from unauthorized access, destruction, use, modification, or disclosure. Companies are also required to ensure that third parties with access to personal data have similar security measures in place.

This new requirement fills a gap left by SB1386 (in force July 1, 2003), which requires companies to notify Californian residents if security breaches impact their personal information, namely an obligation to get security right in the first place.

In both laws, encrypted data is exempted. In other words, of you encrypt the relevant data, you are not caught by these laws.

Commentary by Baker & McKenzie global law firm. This newsletter service is to be recommended. read more...

We will post our own analysis of the law in due course.
   
   

Home users oblivious to the fact PCs infected

According to a report in C/NET, a study funded by AOL and the National Cyber Security Alliance found that two-thirds of home users don't have a firewall on their computer, and although 85 percent of PC owners had installed antivirus software, two-thirds of them had not updated it in the previous week.

In addition, one in five home users had a virus on their machines. AOL and the NCSA sent technicians to 329 homes to inspect computers - with these results and findings.

All the more reason to read our home users section.

Brazilian police arrest hackers for stealing $28 million from private bank accounts

In Rio De Janeiro, police arrested 50 hackers for stealing $28m from the bank accounts of private citizens. Most of the suspects are under 25.

It is unclear how the fraud was carried out - reports suggest that investigators found the victims had opened email messages from the cyber thieves, resulting in the loss of personal banking access codes and passwords. The hackers succeeded in transferring money out of these accounts elsewhere. It is likely they used a combination of phishing scams, and social engineering (various con jobs) to extricate the data from the unsuspecting victims.

News24.com reported that authorities stated the hackers had attacked leading Brazilian and international banks, such as: Caixa Economica Federal, Banco do Brasil, HSBC, Bradesco, Unibanco and Itau.

read the story
   
Home |  Security Week in Review |  FUD |  Hot Topics |  Tip of the Week |  Home Users |  Security in the Movies Copyright ©
Disclaimer Headfry Inc. 2004