New Horizons…

It has been a little while since I last blogged. My apologies – so, what happened? Well, I changed job and continents – literally and figuratively: new horizons.

I am writing this blog from here in Los Angeles, California. I took up the exciting offer of moving over here to head up the Product Management effort in establishing Norton in the brave and different world of Mobile. I have not been disappointed, in either my choice of new job, nor my new country.

The past months have been head down focused on building a team, on building technology and building products. It’s been quite a ride. To be fair it has not all been about work – mostly, mind you. However, I have found some time to attempt to learn to surf and retrain myself to play ‘soccer’.

I had time to attend CES in Las Vegas last week. The show is now not so much about the big set piece announcements, rather, a showcase as to the possible: a window to new horizons. A brave new world awaits. From my standpoint, it means that the Norton mobile team has much to ponder and to navigate in providing a whole new generation of product and services. Fundamentally, what is ‘security’ in this context? For sure, it is different. There are some things we can leverage from our past experience, most of it we will have to build anew and look to the spirit of innovation to propel us onwards. Again, new horizons come into view. It is going to be very interesting – I will be sure to give you a view and insight into just how different it all is.

January 21, 2012 | Filed Under Miscellaneous, Mobile, Uncategorized | Leave a Comment 

Norton Cybersecurity Institute

This is a guest post from Adam Palmer, Norton’s Lead Cybersecurity Advisor.

Cybercrime is a global concern and any solution requires global cooperation.
The Norton Cybersecurity Institute, announced this month, is a collaboration between law enforcement, consumer safety groups and security leader Norton.

Our goal is to create a global initiative to win the fight against cybercrime by providing law enforcement with training, technical expertise, and improved global cooperation.

Starting in 2011, the Norton Cybersecurity Institute plans to begin rolling out a number of programs and resources to assist law enforcement in the fight against cybercrime and to support victims of cybercriminals.

We have already sponsored law enforcement conferences in Cartagena, Colombia and Kuala Lumpur, Malaysia.

As an example of the global nature of our work, the Malaysian was hosted by the Society for the Policing of Cyberspace (POLCYB), which is a Canadian non-profit group, currently headed by a senior member of UK law enforcement! (He’s the President of the POLCYB Board of Directors).

The event in Malaysia attracted over 50 law enforcement members from 20 countries who spent several days discussing anti-cybercrime strategy.  This type of collaboration greatly improves the ability of law enforcement to effectively communicate and successfully investigate cybercrime cases.

In addition to training conferences, the Norton Cybersecurity Institute is also sponsoring programs that bring members of the international law enforcement community together for extended meetings to collaborate on case investigations and receive extended training.

This “train the trainer” program produces experts who can return to their home countries with the expertise to assist and train their colleagues.  Members of UK law enforcement have actively participated in these programs and provided valuable assistance.

Cybercrime is a global epidemic that can’t be solved by one company or law enforcement agency alone; keeping the Internet safe is a shared responsibility.

Through training and global collaboration, the Norton Cybersecurity Institute will help law enforcement in their efforts to catch and prosecute cybercriminals successfully.

In the coming months we are also planning other international projects to increase the effectiveness of global anti-cybercrime efforts.

Global cooperation to develop a solution to cybercrime is a founding principle of the Norton Cybersecurity Institute, and will remain of the highest importance.

May 26, 2011 | Filed Under Uncategorized | Leave a Comment 

Cyber Crooks All Set to Crash the British Royal Wedding

This guest post originally appeared on the Symantec Connect blog. The post was written and researched by ymantec’s Suyog Sainkar, Nithya Raman, and Helen Malani.

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques.

Spam campaigns

We have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding of Prince William and Kate Middleton. Spam email messages advertising a replica of Princess Diana’s engagement ring that were observed in February are still making the rounds on the Internet, and the eve of the royal wedding is now upon us. Furthermore, as we had anticipated, we have recently observed additional spam campaigns making use of this significant event to promote various products.

In one such recent spam campaign, email promoting a “limited edition Buckingham Mint Royal Wedding Commemorative Coin” at a discounted rate is being observed:

The IP address involved in this particular spam attack is from a domain owned by an email marketing company based in the UK. The link in the body of the email at first briefly redirects to the domain lpmtrk.info—created on January 14, 2011—before redirecting to the final destination site. This domain was registered using a domain privacy service to obscure its identity so it could be used for spamming activities.

In another spam campaign, limited edition customizable mugs and t-shirts are being promoted at a discounted rate:

Sample “From” and “Subject” lines observed in these and related spam attacks are listed below:

From: Sovenir
From: Sovenir souvenir@ardent.informationfoot.com
From: “Timeless Royal Ring”
From: “British Heirloom Ring”

Subject: Get a limited-edition royal wedding mug now
Subject: Get A Limited Edition Royal Wedding T-Shirt Now
Subject: Share in the most anticipated wedding of the century
Subject: A Beautiful Simulated Sapphire Ring

The domains that are linked to the above email addresses are spammer-owned domains created recently, most likely for spamming purposes. The two domains used in the email addresses above were registered on April 7, 2011, to the same registrant. The links in the above spam emails first redirect to the domain linked to the email address before redirecting to the actual spam website. Spammers have also included opt-out links (not included in the screenshots above), which are most likely bogus.

The IP addresses involved in the above spam messages are traced back to the United States. These IP addresses have been blacklisted due to their past involvement in spam campaigns. Rest assured, Symantec Brightmail filters are in place to block these and related spam email attacks.

Black hat SEO

With only one day left before the “big day,” searches related to the Royal wedding are gaining momentum on the Web. Black hat SEO techniques are being used in “fake” pages to lure people looking for news related to the royal wedding.

At one point, a search for “william and kate movie imdb” returned 61 malicious links in the first 100 search results. Fifty-eight of the first 100 results for the search term “princess diana death photos“ and 45 of the first 100 results for the search term “royal wedding guest list kanye” also led to malicious sites.

Screenshots of the search results for the term “royal wedding gown sketches” are shown below, in which Norton Safe Web indicates 6 of the 8 links are malicious:

Some of these poisoned pages receive very high search engine rankings, and appear in the first page of search results. The following screenshot shows a malicious URL appearing as the first link in the results (right below the news links) for the term “Royal wedding time.”

The Norton Safe Web site reports at safeweb.norton.com provide a detailed threat report for sites rated red or yellow:
Here are some other search terms currently returning poisoned links:

• william and kate movie cast
• prince charles age
• princess diana death facts
• prince harry last name
• william and kate movie on lifetime
• royal wedding guest list bush
• royal wedding guest list snubs
• prince charles siblings
• the royal wedding date and time

We have seen over 500 compromised sites being used in this campaign over the past few days. Attackers create multiple fake pages on each site and use unethical SEO techniques—such as keyword stuffing, cloaking, and link farming—to “game” the search engine algorithms to achieve high search engine rankings.

These poisoned links generally have the following pattern:

hxxp:///-

Most of these poisoned links redirect (307 Temporary Redirect) to co.cc domains that host rogue antivirus software. We came across 11 different co.cc domains being used in this campaign so far.

The screenshot below shows the usual fake scanning/rogue antivirus activity that claims a whole bunch of serious errors and threats need to be cleaned from your computer:

When searching for information on the Internet, make sure your legitimate antivirus software is updated and be wary of scam pages asking you to download “antivirus” software.

Symantec’s multilayered protection technologies provide coverage for all of these attacks. The Norton Safe Web toolbar identifies and blocks poisoned search results.

Norton survey results

Our Norton team at Symantec recently conducted a Royal Wedding survey. The results of the survey were released on April 18, 2011, and they exhibit some interesting facts as listed below—as well as some that were quite shocking:

* 62% of Americans surveyed are likely to follow the British royal wedding.

* 87% of those surveyed responded that, as of March 25, they were already following the news about the upcoming wedding.

* Moreover, one-third of respondents will seek their royal wedding news online, making them more susceptible to online scams and other threats.

* One-quarter of respondents said they are interested in the royal wedding primarily because they love the notion of royalty with all its pomp and ceremony.

* Nearly 1 in 4 said their primary reason for following the wedding is because they want to see the lavish decorations, food, and clothing.

Royal Wedding 2.0 – The first “e-royal wedding”

* Nearly 40% of all respondents will seek their royal wedding information online.

* 67% of 18-34 year olds will seek their royal wedding information online.

* 87% of 18-24 year olds will seek their royal wedding information online.

* More than a quarter of respondents will be watching the wedding on a computer, laptop, or mobile device, either live or recorded.

* 53% of respondents will potentially share their thoughts about the royal wedding online (e.g., social networks, micro-blogs, and blogs).

People are unaware and unprotected from cybercriminal “wedding crashers”

* 18-34 year olds are more than twice as likely to not have security software (or not know if they do) on their laptop or computer than those 45 or older.

* 87% of 18-24 year olds seek their royal wedding information through online channels, and—shockingly—that same amount of 18-24 year olds don’t know what search engine optimization (SEO) poisoning is, or how it affects them.

April 28, 2011 | Filed Under Uncategorized | Leave a Comment 

Lying With Numbers

Guest post from Marian Merritt, originally posted on Ask Marian

This UK headline screamed at me from my inbox last week: One in four pupils admit swapping porn images of themselves by text message and 40% young kids are sexting.

Could this possible be true? There’s very little reliable data about how many people engage in the practice known as “sexting”, less still about children’s level of participation. First, what is sexting? Even the definition of the term seems to vary in important ways. Some describe it as sending sexual content in words, images and videos. By some more relaxed definitions, you are “sexting” if you are talking dirty, even as mildly as saying “you are hot.” For others, “sexting” is only the distribution of nude or partially nude photos or videos. Keep that variability in mind as we discuss this story.

The UK newspaper story can be found here. The newspaper quotes a new sexting study done in the UK by a researcher at a non-profit that provides broadband in Southwestern England.  (You can read about the study here. You can download the full study here.) The shocker in the headline, that 40 per cent of 11- to 14-year-olds have used their mobile phones or computer to send pictures of themselves or receive naked or topless images of friends is bound to get attention. And that more than half of youngsters who sent these images did so knowing the pictures would be passed on to a number of recipients.

And here’s what the research ACTUALLY shows:

“Among the main findings are the fact that around 40% of respondents say that they know friends who have been involved in sexting. Over a quarter (27%) of respondents said that sexting happens regularly or all of the time.” So instead of 40% of kids actively sexting, what we discover is the 40% of kids know someone who has done it, or perhaps seen a sexting message or received one themselves. Big, big difference.

More from the study: “Over half (56%) of respondents were aware of instances where images and videos were distributed further than the intended recipient, but only 23% believe this distribution is intended to cause upset.” Again, instead of learning that most kids who sext are purposely spreading around the dirty photos to all their friends, we discover instead merely that most of the kids knew of cases where that happened! This doesn’t diminish the cruelty of a private image or message being shared with others but it clarifies what the study found.

Further on, teachers are concerned that a minority (24%) would turn to a teacher in a sexting incident. I’m not surprised  that so few young kids would trust their teacher to handle the situation well. The legal situation with sexting is difficult to figure out. In some cases, the kids get into big trouble not only for creating sexting images but for sending, viewing or receiving them. Some leaders in the cyberbullying research community currently would recommend a youth involved in sexting simply delete the images and not report it.

As confusing as these situations are for the kids involved, it most definitely DOES NOT HELP if the media takes what little data we have and twists it around to make a scary headline. The takeaway here is that while we know kids are mimicking adult behaviors and using cell phones to create inappropriate material and distribute it, sexting is still an activity engaged in by the minority of youth and it’s still one that is poorly defined or understood.

April 11, 2011 | Filed Under Uncategorized | Leave a Comment 

Fatal System Error

Without wanting to turn my Blog into a book-club, without the wine I may add, I want to recommend a very interesting and readable book.  ‘Fatal System Error’ by Joseph Menn, offers a fascinating glimpse and insight into how cybercrime has evolved, it’s consequences and the issues that law enforcement faces in counteracting it. 

The factual narrative is enlivened by focusing on the story of two individuals who have battled against the rise in cybercrime. Barret Lyon, a computer whizz who unwittingly became embroiled in protecting legitimate and illegitimate businesses against attacks. Andrew Crocker is a British detective, who in working for the National Hi-Tech Crime Unit in the UK, went to Russia to track down and prosecute hackers and to find out who they ultimately worked for. 

The books offers great insights into how cybercrime works, who is involved and why it is being used. It is truly shocking and thought-provoking, in equal measure.

April 20, 2010 | Filed Under Gaming, Identity theft, Regulation, Security, Technology, Uncategorized | Leave a Comment 

Symantec guide to scary internet threats

Scary internet threatsThe countdown to the World Cup is well underway. It is clearly going to be the event of the Summer – even if Scotland did not qualify and are not going to be there. As such, the cybercriminals are turning their attention to it. Whilst none of them will be an official FIFA partner, that will not deter them from leveraging and piggy-backing off the pack of this truly global event. We thought it both timely and relevant to produce another one of our Symantec guides to scary internet stuff. The subject this time is ‘internet threats’. We hope you enjoy it and you act on the message. You can find the link to the video here. Read more

March 16, 2010 | Filed Under Announcements, Security, Uncategorized | Leave a Comment 

UK Council for Child Internet Safety

When talking about Norton to people, I outline to them that or job, or mission, or whatever you want to call it, has changed significantly. Most people understand us as being the company that helps protect your PC and stops all those ‘viruses and stuff’ messing with them. I explain that we still do that, but really the focus is now how we can also protect your identity that resides with the PC. However, it is actually even bigger than that. For those of you who are parents, we have to protect everyone in your family who has access to and uses the internet.

Symantec sits on two of the working groups within the Council for Child Internet Safety and was delighted to attend the summit where Gordon Brown MP, Ed Balls MP and child psychologist Professor Tanya Byron officially launched the new internet safety campaign, Click Clever, Click Safe, and the accompanying internet safety code “Zip It, Block It, Flag It”.

We really like the campaign and are looking forward to the launch in February next year –it’s particularly good for us to see as we’ve been involved with the UK Council since before it was even formed, even consulting with Professor Byron as she was researching her report for the government.

It’s part of our remit as an internet security company to keep families and children safe online so we’ll be working with the council to help them promote the code when the campaign launches next year.

December 12, 2009 | Filed Under Family Online Safety, Security, Uncategorized | Leave a Comment 

Better late than never

gchqThe UK Government, yesterday, announced their cyber security strategy, as part of a revamped all encompassing national security initiative. For many people it may have prompted the question, ‘I thought we would have already had this already?’ Well we did not, but it is all in hand now. The new cyber security minister (Yes, we do have one),  Lord West commented that it is not that the UK has been left exposed to cyber threats from other countries to this point in time. He did go out of his way to reassure that the UK government has already faced down cyber attacks from foreign states such as Russia and China.

Two  new bodies will be established in the coming months as part of the strategy. A dedicated Office of Cyber Security in the Cabinet Office will co-ordinate policy across government and look at the legal and ethical issues as well as the relations with other countries. The second body will be a new Cyber Security Operations Centre (CSOC) based at GCHQ. This will bring people together from across government and from outside to get a better handle on cyber security issues and work out how to better protect the country, providing advice and information about the risks

So there we have it. We have shiny new groups to go out and battle the national cyber threats -  we wish them well!

June 26, 2009 | Filed Under Security, Uncategorized | Leave a Comment 

How much information is too much?

spy_eyeI came across this very sad and terrible story. A murderer used a social networking site to gain information on his victim and in doing so help him commit this awful crime. David Heiss, 21, from Dauborn, Germany, developed an obsession with his victim’s girlfriend, and used information the couple had posted online to plan his attack in September last year.  Matthew Pyke, 20, died of 86 stab wounds in the flat he shared with his girlfriend, Joanna Witton.

I do not want to be sensationalist, but the danger is there for people to see. I do not want to be accused of scaremongering: rather to continue to council reserve and caution about just how much information we disclose on social networking sites.  Most of the stakeholders in internet security (security vendors, ISPs, governments, businesses, NGOs) constantly put the issues of financial loss (phishing) and inconvenience (spam) in the forefront of consumer’s minds. However, we all  need to remember that security is exactly the same in the on and offline worlds. Yes, financial security is important, but there are also (fortunately less common) physical risks associated, and keeping your personal identity and information safe and secure is very important for your wellbeing. So, a little forethought and caution can and will keep you safe on-line, just as much as it would do in the real world.

May 13, 2009 | Filed Under Miscellaneous, Uncategorized | Leave a Comment 

The story of the take down of ‘Dark Market’

fbiThe question of just how capable law enforcement is in the face of cyber-criminals comes up regularly.  Unfortunately, tracking down the true perpetrators is a complex and time consuming process. Many times it requires a detailed technical knowledge and understanding, which then needs to be coupled with potentially cross jurisdictional cooperation and coordination. I told you that it was difficult!

At RSA this week, the FBI provided an insight into how they went about ‘Dark Market’ bust. The man who led the operation outlined just how they went about it. What is also interesting is the insight to the structure and operation of ‘Dark Market’. A link to the story is here.

In the end, 60 people were ultimately arrested and an estimated $70M of fraud averted. It is good to see that law enforcement can be effective and cyber-criminals can be brought to account. However, the victory is short-lived given the dynamic and growing nature of the under-ground economy and the cyber-criminals who frequent it.

April 23, 2009 | Filed Under Security, Uncategorized | Leave a Comment 

Next Page »