Lost for words? Nah, on holiday..

Filed Under: Data loss, Law & order

Apologies for the silence from the Clu-blog over the last few days.

Of course, it's typical that when you take a few days holiday that various stories (large and small) will break in your absence. My wife always reminds me that it was while we were on holiday in Mexico that the notorious female virus writer Gigabyte was arrested.

So, if you can't wait until I return to my desk on Monday, here's a quick catch-up on some of the stories that occurred while I was out of keyboard range..

Spam takes a dive

Maybe the biggest story of the last few days has been the dramatic 75% drop in global spam which we witnessed after McColo was disconnected from the internet.

McColo is alleged to have been the home for command-and-control centres for some of the world's largest botnets - including those responsible for distributing attacks like Rustock and Pushdo.

Spamtrap connections to SophosLabs' spamtraps vs. time

Of course, the drop in spam levels is likely to be only temporary - but that shouldn't stop us from congratulating members of the security industry like Brian Krebs who helped make this happen.

Great work!

Inconsistent treatment for NASA hackers?

Remember Gary McKinnon, the British hacker who is facing extradition after breaking into NASA and Pentagon computers shortly after 9/11?

Well, his case contrasts dramatically with that of another NASA hacker sentenced this week. According to media reports, Victor Faur, a Romanian computer programmer who hacked into NASA, US Navy and Department of Energy computers has escaped a jail term.

28-year-old Faur received a suspended sentence of 16 months on Monday, and was ordered to pay a total of $238,000, after being found guilty of hacking into the government departments between November 2005 and September 2006.

What's curious is, that as far as anyone can tell, the US doesn't seem to be making much attempt to extradite Faur to their own shores. And furthermore, years after the McKinnon incident the American military systems were still open to exploitation by hackers.

My guess is that McKinnon would be very happy to receive a fine (and even spend time behind bars) if it meant he could stay in his country of birth and be tried by a British court.

$1 million bounty offered for capture of identity thief

Earlier this month I applauded Express Scripts who had refused to pay a ransom demand after data on some of their customers was apparently stolen by an identity thief.

Now the US-based company, which handles 500 million medical prescriptions every year, is offering a million dollar reward for information which might lead to the arrest and conviction of the thief.

Express Scripts have asked the FBI to investigate the theft - so if you have any clues about who might be responsible and fancy $1 million give them a call on 1-800-CALL-FBI.

Dental records extracted from University of Florida

The records of some 330,000 current and former patients at the University of Florida's College of Dentistry were potentially compromised by hackers, reports revealed on Wednesday.

It turns out that the University's IT team discovered unauthorised software on the computer system when they were doing a routine upgrade to the server in early October. Apparently, information stored on the computer included the names, addresses, dates of birth and social security numbers of dental patients reaching back as far as 1990.

There's a worry here that educational establishments may be something of a soft target when it comes to identity theft and data leakage compared to, say, financial organisations who are more used to always looking over their shoulder for the next hacker attack. As more universities realise the severity of attacks like this we're likely to see them instilling the need for stronger security throughout their systems.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.