The Electric Onion - A satirical take on the world of IT security

From Russia With Love

My friends and I recently played a new version of Russian Roulette, we passed around 6 girls and one of them had HIV. Anyway I was thinking of this when I read that word (among other things) has started spreading in Sweden last month about the discovery of a £1 million banking hack traced to a Russian computer enthusiast who goes by the name “The Corpse” (I used to go by that nick name in University).

The word on the streets and smoky cafés of Stockholm is that The Corpse (I wonder if that's what his mother calls him?) targeted the clients of the online Scandinavian Financial Services company – Nordea Bank – sending them spam emails with a Trojan key logger that captured their account logons and passwords.

The program was a variant of the Haxdoor Trojan which you can purchase on the web for a few rubles but the interesting part of this story is the “story” behind the story. The Swedish police say that the Russian connection in the fraud goes beyond the source of the virus. Apparently the stolen passwords had been transmitted to a computer server in the US and then forwarded to a server in Russia. Likewise some of the stolen money was traced to accounts in both Russia and the U.S. indicating some sort of cooperative, multinational, bilateral joint venture kind of hack and perhaps heralding in a new era in US/Soviet cyber relations.

Reminds me of that old Russian proverb: The future is going to be very much like the present – only longer.

Hookd On Fonix Reelly Workd Fer Mee

I'm not a smart guy. I mean I finally realised I was dyslexic when I showed up at a toga party dressed as a goat. But did you read where that Michigan County Treasurer embezzled State funds and wired them to Nigeria answering one of those bog standard Nigerian 419 email scams?

Yep, last month Thomas Katona was arraigned in Harrisville, Michigan following an investigation that began in December when county officials learned he had directed eight unauthorized wire transfers totalling $186,500 to Nigerian fraudsters.

If that weren't proof enough that you don't have to take an intelligence test to be a County Treasurer, investigators also found that Katona had wired some $72,500 of his own money to the same accounts. And I thought I was a few fries short of a Happy Meal…

I guess I shouldn't be surprised though, I read somewhere that 5 out of every 4 Americans has trouble with fractions.

Made in the USA

For those of you with a weak stomach for security products associated with pants: LOOK AWAY NOW!

Last month saw the launch of “Brief Safe”, an “innovative diversion safe that can secure your cash, documents, and other small valuables from inquisitive eyes and thieving hands, both at home and when you're travelling”.

Their website boasts that “Personal items and cash can be hidden right under their noses with these specially-designed briefs which contain a fly-accessed 4" x 10" secret compartment with Velcro® closure and ‘special markings’ on the lower rear portion. Leave the ‘Brief Safe’ in plain view in your laundry basket or washing machine at home, or in your suitcase in a hotel room – even the most hardened burglar or most curious snoop will ‘skid’ to a screeching halt as soon as they see them.” One size. Color: White (and Brown).

Herd Around The Water Cooler

“My dentist has really bad breath. When he smokes – he blows onion rings”

Ed Gibson
Microsoft UK Chief Security Advisor

Taking it to the Max

I know I'm getting old. I mean I'm at the age where food has taken the place of sex in my life (I just had a mirror put over the kitchen table). But no matter how old I get, the news doesn't seem to change. Once again banks were busy last month notifying their customers to watch for fraud activity on their credit cards after TJX Cos., parent of retailers Marshalls and T.J. Maxx, disclosed thefts of massive (I love that word) amounts of customer data from its computer system.

Great. I've got enough problems with my credit card. My wife uses it and will buy anything marked down. Last year she bought an escalator.

The breach apparently happened back in May and involves information dating back to 2003. The break-in was only discovered in December but was kept quiet for almost a month at the request of law enforcement officials. While TJX officials refused to give details, the Wall Street Journal reported that more than 40 million cards may be affected.

40 million. Hmmm… If a book about failures doesn't sell, is it a success?? 40 freakin million! Takes me back to the Choicepoint days. TJX said they had broken into a system that handles all the credit and debit card transactions, as well as checks and merchandise returns for customers in the United States and Puerto Rico and may involve customer accounts from the U.K. and Ireland. OK then, 40 million seems reasonable in light of the potential. Don't you think?

The story ends well though. TJX said it has hired General Dynamics Corp. and IBM Corp. to upgrade its security system (insert your own joke here…).

Taxes

As a Yank, I've got to start thinking about my taxes. I guess I'm supposed to make my check out directly to Halliburton this year. But I'm filing my first joint return. No, I'm not getting married; I'm sending the IRS an actual joint with a note that says, 'If you think I'm paying for this war, you must be high'. But I digress…

I noticed that the Turkish Government is having their own tax problems. Last month a story broke that someone had hacked into their online filing application to access claims filed by Government Ministers. Damn proletariat and their make shift Freedom of Information Acts.

The Turkish Ministry of Finance announced that hackers accessed tax records and property holding reports of many top level governmental officers including the President of the Republic Ahmet Necdet Sezer, Prime Minister Erdogan, Chief of General Staff Büyükanit and CHP leader Deniz Baykal. The information was also apparently “sold to third parties” (parties being used in the political sense here I'm sure).

In a mysterious coincidence, it was announced in the same press conference that a Turkish tax inspector, two tax office managers and a computer programmer were “released from their positions”. Yeah, what positions where they: upside down?

So OK, maybe I jumped the gun: it could have been your run of the mill disgruntled insider. I'm not thinking clearly. I'm still upset about that Turkish parsley farmer who fell behind in his taxes last year and had his wages garnished.

Quizzing in America

The winner of this months quiz will receive a free Orthus Sales Monkey – Witness Relocation Programme T-Shirt (terms and conditions apply):

This month's quiz is dedicated to the late great James Brown.

Question: James' original backing group, The Famous Flames, were the former back up band of:

A. Otis Redding
B. Elvis Presley
C. Little Richard
D. Etta James
E. Aretha Franklin
F. Little Johnny Taylor
G. Pee Wee Herman

Answers to quiz@electric-onion.com

Quiz Rules:
One: Get up!
Two: Get on up!
Three: Get up!
Four: Get on up!
Five: Get up!
Six: Get on up!
Seven: Now, take it to the bridge!

Answer to last month's quiz:
Who played the role of J. Higgins in 3 Days of the Condor?
Correct answer: D. Cliff Robertson.
Winner of last month's quiz: MC

The Finest Print We Can Afford

Even on the worst of days, the eOnion is copyrighted to Orthus Ltd. and may not be used to mock other IT security service or product vendors unless of course when it's in Orthus' best commercial interest to do so or when it's done in good clean fun. Either way – our call.

Hold the eOnion upright and shake vigorously prior to reading. Do not ingest on a full stomach and wait 30 minutes after eating before you go swimming. Because I said so, that's why. If drowsiness or nausea occurs, try reading the Register. If symptoms persist, you try writing something remotely funny for a cheap and cheesy monthly newsletter because it's the only job you can get after 20 some years of formal education. Not laughing now are you?

To unsubscribe stick your head out of the nearest window and yell “I'm not going to take it anymore”. Alternatively, e-mail unsubscribe@electric-onion.com. All Information provided shall be processed in accordance with the Data Protection Act 1998 (more or less).

Feeling Insecure?

The Electric Onion is an Orthus publication. If you're feeling a little lonely, vulnerable or insecure, tell us about it. Contact us at: +44 (0) 207 929 1253 for information security consulting services, therapy, advice or assistance. Thoughts, feedback, comments, questions, veiled or unveiled threats? Send an e-mail to getalife@electric-onion.com