Not long ago, an Apple notebook owner (Josh Kaufman) had an unfortunate experience. His MacBook was stolen and the police were not interested in investigating. Usually, that would be the end of the story, but in this case something else happened.

Shortly before the robbery, the owner installed a program on his MacBook which secretly tracked the user. It took screen shots, photos from the inbuilt camera and even identified the probable location of the device by using the Wi-Fi network. The software regularly sent all this data to the owner’s email.

The owner of the stolen computer wrote a blog called “This Guy Has My MacBook” and began to publish the screenshots and photographs in the hope of identifying the thief or of getting the police more interested. Fortunately, the thief didn’t wipe the disk or sell the laptop, but kept and used it himself. As a result Kaufman quickly collected a lot of photographs of the thief sleeping, sitting at the computer, driving his car, etc.

A few days later the police arrested the criminal and returned the stolen property to its owner. According to the police, they were able to make the arrest thanks to the photographs provided by Kaufman.

This story has caused a lot of discussion among MacBook owners. Many of them have asked Apple to add an app similar to the already existing services Find My iPhone and Find My iPad for iOS to the next MacOS version.

It has been long known that it is possible to steal information from computers in a number of ways, including in ways that are quite simple to use.

A criminal can illegally obtain information by remote access to a computer (and download anything they want), or install on the computer monitoring software or hardware keyloggers, infect the computer with a virus, capture data using a sniffer or simply steal the computer itself.

However, technology does not stand still: information is regularly published on new methods of data capture.

For example, last year technology was successfully tested (margin of error was less than 5%) for recovering text entered by the user on their keyboard from a recording of noise issued by the keyboard. This means that data can be captured by a simple dictaphone, radio bug or directional microphone.

Another leakage channel comes from emanation issued by parts of the computer, including the keyboard (wired, wireless and on laptops). By taking and studying this emanation it is possible to recover all the text entered by the user.

These emanations have been studied for a long time. This is usually called “compomising emanation” or TEMPEST.

Several ways of capturing TEMPEST have been developed and successfully tested (and apparantly used by someone).

The most obvious method is radio capture on a determined frequency. By using special equipment capture distance is 20 metres and can even work through walls. While for capturing data in the same building all that is needed is an FM receiver with manual settings and a computer with a good sound card.

An experiment conducted in the institute Ecole Polytechnique Federale de Lausanne showed that this method has been put into practice, all of the 11 different studied keyboards were vulnerable to TEMPEST capture.

At the Black Hat USA 2009 security conference another capture method was shown using the electricity network. The keyboard cable is unshielded and therefore emits an impulse to the ground wire, and from there into the ground wire of the power supply system, which makes it possible to use this method, which is called “power line exploit“.

If the user’s laptop is not connected to the power supply (or too many are connected), then another capture method can be used: a laser is directed at the laptop’s body, a receiver captures the reflected beam and records its modulations caused by vibrations from pressings keys.

Recently, there have been more and more rumours concerning technology allowing for remote capture of not only data coming from the keyboard but also data from the monitor.

It is quite difficult to protect oneself from such methods. As an active defence various noise generators can be used, and as a passive defence shielding computer parts or the building as a whole.

China and the USA against hackers. A week ago the 4th USA China internet industry forum was held in Beijing.

Gu Jian, vice-director of the Ministry of Public Security network security protection bureau, said in his speech that urgent Chinese USA collaboration on fighting internet crime was needed.

Cybercrime was only introduced into Chinese criminal law in 2009 when the country was already a major victim of hackers. Since then, more than 80 internet criminal groups have been destroyed. However, Chinese internet crime statistics are still bad today:

• About 42 000 Chinese websites have been attacked by hackers, including 200 government ones.
• 8 out of 10 computers in China are, to one degree or another, controlled by botnets, including more than 1 million IP-addresses.

In comparison, the average infection rate globally is 3.2 out of 10 computers.

China is looking for help from the USA, but different legal systems and conflict resolution measures often hinder joint collaboration. In 2009 the Chinese Ministry of Public Security sought cooperation from the Americans on 13 cases of child pornography and fake internet banks, but has not received a response.

Tim Cranton, Microsoft Director of Internet Safety, confirmed the global reach and seriousness of cybercrime and also the desire to overcome all possible barriers to combating it.

Viviane Reding, the European Union commissioner for information society and media, called to European leaders with an attempt to draw their attention to the problem of gradual loss of users’ control over the distribution of their personal data.

She explained that the users’ inability to control the distribution of their personal data is not just a serious problem, but also a violation of the private data protection law adopted back in 1995.

Her address also covers the necessity of creating more up-to-date laws protecting personal data, revision of the current legislation and creation of tools that will enable users to remove any references to their personalia on the Internet.

Confidential information published online (in social networks and various online services) can seriously affect people’s lives. Such precedents have already resulted in job losses, divorces and other serious problems.
Today, removal of the information published online is an incredibly complex (if at all feasible) task, since information can spread absolutely unpredictably.

The European Commission has already started discussing this problem. The draft version of the document that is supposed to minimize the collection and storing of personal users’ data on the Internet is expected to be released in 2011.

A major scandal concerning the leaking of personal data has hit Japan. More than 100 documents containing secret information were made available 28 October on a server located in Luxembourg. Japanese authorities consider this leak to be extremely dangerous and suspect that it was done deliberately.

The documents that were made available contained fairly detailed information on people taking part in Japanese anti-terrorism activities around the world. There was also data on security measures taken for the G8 summit in Tokyo and personal data on police officers and lists of people suspected of links with terrorists.

Although most of these documents covered 2007 to 2009, a lot of people, whose names are found in these documents, have expressed their anger to the authorities. So far there has been no official comment on the continuing investigation of the incident.

Entensys and Commtouch have released a detailed report on the most serious Internet threats in Q3 2010.

Entensys develops a line of traffic monitoring and Internet access products and is mostly known for its flagship product, UserGate. Commtouch (Israel) specializes in the study of emerging spam activities and development of anti-spam solutions.

The report covers the following trends:

• Along with regular spam messages with links to malware, users started receiving messages with infected attachments.
• Spammers are now using fake social network (LinkedIn, etc) invitations and notifications to distribute links to malware and illegal drugstores.
• The companies have identified that some malware is now distributed using a new complex multi-step infection scheme.
• PayPal fraud has focused on the South African Telescope Shop.
• Links to illegal drugs are more and more often disguised as letters of support for various politicians.

You can read the full version of the report on the Entensys website.

Largest German enterprises have recently blocked their employees from accessing popular social networks at work. This includes Facebook, Twitter, as well as Youtube among the others.

Mentioned companies include car manufacturers like Porshe, Volkswagen and Daimler, banks like Commerzbank, Heidelbergcement — a construction material factory, an energy concern E.on and chemical products producer — Linde.

Company executives are confident that employees using social networks at work pose a security risk. Such employees could potentially leak confident data or expose company computers and networks to viruses.

According to researches, 56% of German companies consider using social networks at work insecure. Another 30% of companies does not see a direct security threat but regard social networks as a general distraction factor, which degrade performance.

According to British CPP insurance company over a half of Wi-Fi networks can be easily compromised by hackers in a matter of seconds. Most of such networks don’t have password protection and many have simple passwords which can be guessed using a short dictionary.

40 thousand Wi-Fi networks were inspected in large British cities.

Almost 10 thousand networks (25%) had no passwords or basic encryption. Passwords for another 25% of networks were swiftly guessed by specialists.

This demonstrates irresponsibility of half of the users regarding security of their wireless networks.

Hackers don’t need specialized hardware or sophisticated software to gain access to data that passes through unprotected (or hardly protected) Wi-Fi networks. Modern methods only require ordinary notebook and freely available software.

Microsoft corporation has published research results which reveal that in the first half of this year over 2 million US computers inadvertently had become a part of botnets. The latter are distributed hacker networks intended for DDoS attacks, password stealing, SPAM and malware distribution.

Number of infected computers was based on data from 88 countries. USA takes the first place with a total of 2.2 millions infected home computers. Second place goes to Brazil with 550 thousands. Russia has 4.3 out of each 1000 computers infected, which is slightly higher than global average value — 3.2 out of each 1000.

A single malware named Win32/Rimecud is responsible for 37% of infected computers in Russia.

The research resulted in over 6.5 millions home computers got rid of malware. Also one of the biggest spam botnets called Waledac got shut down.

Symantec has release Ubiquity — a brand new technology against evolving malware.

Traditional threat detection approaches (semantic analysis and matching against virus signatures) proved to be ineffective against self-changing polymorphic or less spread viruses. Such viruses present a considerable security threat: in 2009, Symantec had detected over 240 millions unique instances of malware, many of which were represented with only a single copy.

New technology is an attempt to solve two issues with modern algorithms at once:
inability to fight against kind of threats mentioned above, and low performance speed. The core of new solution is Global Intelligence Network (GIN), which stores data about all applications launched by Ubiquity technology users. Based on this data, the system creates software ratings — a white list for trusted software and a black list for suspicious software. By now, the system already has ratings for 1.5 billion files and this number increases by 22 million per week. Symantec claims that the solution outperforms any other antivirus scanners since it excludes files trusted according to GIN.

Symantec researches cloud computing services for over 2 years and Ubiquity technology is most likely to become a way to incorporate long developed Quorum technology into Norton 2011 and Hosted Endpoint protection products. Furthermore, it’s planned to extend applications of this technology by using it in Symantec Web Gateway and other Symantec corporate solutions.

It’s worth noting that similar cloud computing logic is used in Kaspersky Software since 2009. It’s called “Kaspersky Security Network” and it has proved to be effective.