by Constantine von Hoffman

The Real-Life Bad, Bad Leroy Brown (and More Cybersecurity News)

Opinion
Oct 26, 20124 mins
CybercrimeData BreachMalware

This week's IT security news roundup has stories on a real-life bad, bad Leroy Brown; a Barnes & Noble data breach; Facebook's refusal to remove a page with the license-plate numbers of unmarked police vehicles; and more.

Cybercrook May Wish He’d Been Named Sue: In 1980, a child was born and his parents, surnamed Brown, decided to make sure he would someday become a criminal. They named him Leroy, Sure enough, 32 years later he did indeed turn out to be bad, bad.

LeroyBrown.jpg

This week the pre-doomed Mr. Brown, a former personal banker from Washington D.C., pled guilty to conspiracy to commit bank fraud for his role in an identity theft scheme involving $121,400 in forged checks.  Brown admitted that he and others participated in the scheme from November 2009 until January 2010, conspiring to steal funds from the accounts of customers of Wachovia Bank, now operating as Wells Fargo Bank.

Mr. Brown could have gotten away with it had he not set his sights so low. Had he bilked investors and mortgages holders for billions of dollars–as the senior management of Wachovia did–he never would have been prosecuted. (If you have no idea what I’m referring to count yourself lucky and DO NOT CLICK ON THIS LINK TO HEAR THIS SONG BY JIM CROCE. DON’T! Oh, you poor naïve fool.)

Also in this week’s news:

All Israeli Police Departments Ordered to Unplug from Web:

The Israel Police have ordered every district and officer under their jurisdiction to disconnect their computers from the civilian Web network, after learning that its system could be at risk for a severe cyber-attack. On Thursday, police said they had ordered all officers to stop using the Internet on police computers and avoid using thumb drives, CDs, or any other method of passing of data and programs between police computers. The decision was made after an infiltration of some sort in the police computer system raised flags in the computer security department of the police.

According to the Jerusalem Post: “A flurry of messages was sent to the press by several police subdistrict spokespeople shortly thereafter, stating that ‘due to a computer malfunction in the national police computer system,’ they would not be able to send out emails, and that if reporters or anyone else would like to reach them, it must be done by phone or by fax.”

Barnes & Noble Halts Use of PIN Pad Devices After Data Breach

(NetworkWorld) Barnes & Noble has removed PIN pad devices from all of its nearly 700 stores nationwide as a precaution after detecting evidence of tampering with the devices at 63 of its stores in eight states. The company has warned that some customers may have had personal information as a result of the hacking.

Service Sells Access to Fortune 500 Firms:

(KrebsOnSecurity) An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks.

Spammers Abuse .gov URL Shortener Service in Work-at-Home Scams:

(NetworkWorld) Spammers have found a way to abuse a URL shortener service destined for U.S. government social media activities in order to craft rogue .gov URLs for work-at-home scams. Security researchers from Symantec have detected a new email spam campaign that tries to trick users into visiting URLs with the 1.usa.gov domain name. This domain was created as the result of a partnership between the USA.gov, the U.S. government’s official Web portal, and the Bitly URL shortener service. According to a how-to page on USA.gov, when anyone uses Bitly.com to shorten URLs that end in .gov or .mil, the service will generate shorts URL under the 1.usa.gov domain.

Facebook Won’t Pull Unmarked Police Plates Page:

Facebook says it will not remove a page listing the number plates of unmarked police cars in the Australian State of Victoria. The “VIC Undercover Police Cars” page and “Victorian Police Booze/Drugs/Unmarked cars locations” pages both claim to be providing a public service.

The owner of one posted:  “I would just like to state that this page has been created for the general public to inform each other of undercover or unmarked police cars in Victoria and NOT to hinder undercover operations by the Victorian police, so please people, post, post, post.”

Surprisingly, the police do not agree. Police Association Secretary Greg Davies told the Australian Broadcasting Corporation it is only a matter of time before crooks use the page. “Not every criminal in Victoria is a moron,” he said. “It’s a pretty good resource for them.”

Camera Jammer that Protects Licence Plates

(Bruce Schneier) The Australian Police may want to consider getting the noPhoto which reacts to a camera flash, and then jams the image with a bright light.