News: cloudcomputing congress Europe 2010

Submitted by kakroo on Mon, 2010-03-01 23:42.

Well for quite some time I’ve been thinking about whether to attend the conference. As per the website the advantages of attending the conference are:

Cases for students?

Submitted by Kai on Fri, 2007-09-28 22:00.

As I have informed about earlier, I will be a guest lecturer at BI (Norwegian school of management) this autumn. And as I hate boring "read-the-manuscript" type lectures, I will do a two hour case study workshop with the students.

I want to take one or two security scenarios that are relevant for business managers and middle management, and have the students work in groups as the imaginary management of a corporation. The point is to teach them how security can and will impact their future job, and to prepare them to be proactive and resourceful when disaster strikes.

I would love to hear about relevant scenarios from my readers. I know there are many resourceful people among my readers with great stories to share. I also know that some of those stories might be even more relevant and exciting than the more local cases I have.

So, please post your stories as comments - or if you prefer, use the contact page.

Thanks you kindly :)

Great case

Submitted by Kai on Mon, 2007-10-01 21:31.
Hi Heidi, thank you kindly for your case! This is a great example of how scripting, creativity, and understanding how the systems work, creates great opportunities. (For criminals in this case). Btw, nice comic you run on your site!

Russian Hacker Case

Submitted by planetheidi (not verified) on Mon, 2007-10-01 18:43.

Was just talking about this case with someone today. A business-level hack... brilliant work and ahead of it's time.

Best write up on the web so far is by Barb P here -

http://www.oii.ox.ac.uk/microsites/cybersafety/extensions/pdfs/papers/barbara_endicottpopovsky.pdf

"Incriminating Perl scripts were found that were designed to subscribe randomly to free email accounts (using random name generation, random country and domain binding) then populate an SQL database table with the results. Random generators for e-Bay and PayPal account creation were also found. The latter were randomly associated with names in stolen credit card databases. [21]

While the Russian gang had a variety of criminal projects underway, their major enterprise was a virtual business that fabricated both sides of online auctions, automating the process using the Perl scripts just described. Forensic analysts reconstructed the business model (Figure 5). [21, 22]

Summarizing the business process, the intruders' scripts would post non-existent products to sell on e-Bay. Different scripts would pay with stolen credit cards, which would cause payments to precipitate into PayPal accounts that another script created. Then a different set of scripts would create and generate email acknowledgements to the "buyer" and "seller," simulating the e-Bay process. [21, 22] By keeping credit card transactions below a threshold, they avoided triggering undue scrutiny. In less than 9 months, credit card companies were defrauded of over $25 million dollars. [23]

Since PayPal, at that time, was not making cash payments to international bank accounts, the criminals used the money accumulating in PayPal to buy goods through other online merchants, and then have them shipped to Russia where they were unloaded in the black market for cash through their network in Kazakhstan."

Post new comment

The content of this field is kept private and will not be shown publicly.

Recent comments