:: Contractor blamed for data breach :: Swedish site targeted by Turkish hackers :: SEC e-mail spam crackdown delivering dividends :: Chess group officials sued over inflammatory remarks :: 'Flash mob' to blame for online attack ::

Privacy:  Contractor blamed for data breach

An unnamed contractor is being blamed for a data breach at Gap that has compromised the data of about 800 000 people who applied for jobs with the US clothing retailer. Gap said the data had been stored on two laptop computers that were stolen from the vendor's offices. Although the job applicant information on the laptop – which included Social Security numbers – was supposed to be encrypted, it was not. The Washington Post notes that Gap's online job site is run by Taleo Corp., but Taleo said that it wasn't responsible for the breach. 'The data loss involved a Gap vendor that processes job applicant data. Taleo was not the vendor involved in this data loss,' the company said in a statement. The laptop had information on people who applied for positions at Gap stores, including Banana Republic and Old Navy, between July 2006 and June 2007. Gap has set up a Web site to assist those who may have been affected by the breach. Victims are being offered one year of credit monitoring and fraud resolution assistance.
Full report in The Washington Post 

Cybercrime: Swedish site targeted by Turkish hackers

Hackers in Turkey have attacked more than 5 000 Swedish Web sites in the past week, and at least some of the sabotage appears linked to a Swedish newspaper's publication of a disparaging caricature of Islam's prophet. The Sydney Morning Herald reports that around 1 600 sites hosted by server-provider Proinet and 3 800 sites hosted by another company have been targeted, Proinet spokesperson Kjetil Jensen said. Jensen said the hackers, operating on a Turkish network, removed all files on the sites and in some cases replaced them with messages. According to Swedish news agency TT, the site of a children's cartoon called Bamse was replaced by a message saying Islam's holy prophet had been insulted.
Full Sydney Morning Herald report 

Spam: SEC e-mail spam crackdown delivering dividends

The US Securities and Exchange Commission says that its seven-month crackdown on e-mail spam linked to stock fraud is already delivering dividends and protecting unwary investors from being duped, reports The Age. The securities watchdog said its campaign against the perpetrators of stock-touting spam had led to a dramatic fall in the number of complaints lodged with the regulator related to the mass e-mails. ‘Because of our aggressive enforcement efforts, there has been a reported 30% drop in financial spam, and that means fewer investors are getting ripped off,’ SEC chairman Christopher Cox said. The SEC launched its crusade against stock-pumping e-mail spam in March.
Full report in The Age

Litigation: Chess group officials sued over inflammatory remarks

A lawsuit filed in a US Federal Court last week accuses two officers of the nation’s leading chess organisation of posting inflammatory remarks on the Internet under false names in order to win election to the group’s board. The lawsuit, filed in Federal District Court in Manhattan, says that Susan Polgar and Paul Truong, who are married and who were elected to the board of the US Chess Federation in July, posted thousands of remarks, many obscene or defamatory, over the last two years on two public Internet bulletin boards. The New York Times notes that the suit was filed by Samuel Sloan of the Bronx, who ran unsuccessfully for re-election to the board. He said more than 2 000 of the fake remarks were posted under his name. According to the lawsuit, Polgar and Truong broke a federal law that prohibits using electronic means to harass or annoy another person.
Full report in The New York Times 

Cybercrime:  'Flash mob' to blame for online attack?

The online attack that took down government servers in Estonia was most likely caused by an online 'flash mob' and not the Russian Government, according to researchers. Sean Sullivan, a senior researcher at F-Secure, told vnunet.com that hackers created tools designed to damage the government servers, and then spread the word online so that individuals could deploy the tools more widely by acting together as a 'mob'. Sullivan added that the situation was similar to that which took down online camera retailer PriceRitePhoto. A customer was allegedly abused by a member of staff for trying to buy a camera without expensive accessories, and the incident was written up on the customer's blog. The blog posting got picked up by news aggregators and spread online, and some people took it upon themselves to create tools that were used to attack PriceRitePhoto. The company's Web site was taken down by a denial of service attack, its phones were jammed with calls and the fax machine was bombarded with spam.
Full vnunet.com report

In other developments, experts warned the world needs to take a global approach to tackling cybercrime and security issues on the Internet. International Telecommunications Union chief Hamadoun Toure said individual national or regional approaches to tackle spam, hackers, remote attacks on computer systems and use of the Internet for crime would inevitably be flawed. 'Cyber security is a global problem and it needs a global solution,' he said. According to a report on the iafrica.com site, the attempt to set up a global agenda to tackle cyber security has gained momentum following a concerted wave of cyber attacks on Estonia's Web sites and computer infrastructure in May, participants said. The meeting decided to set up five working groups to examine possible legislative and technical measures, more international cooperation and reinforcing finance and security infrastructure.
Full report on the iafrica.com site

MICT has engaged the services of FRD Risk Solutions to provide a bespoke insurance broking service to MICT services.  If you are interested in finding out more about the insurance covers available via FRD then please click here: http://www.frd-rs.co.uk/ittelec

Fitzgerald Reid Dickinson Limited T/A FRD Risk Solutions (‘FRD’) is Authorised and Regulated by the Financial Services Authority.  FRN: 314946.

While FRD has taken all reasonable steps to ensure the accuracy of this Newsletter, the information contained herein is provided “as is” and FRD makes no express or implied representations or warranties with regard thereto.  Without limiting the generality of the aforegoing:-

FRD does not warrant that this Newsletter or information contained herein will be error-free or will meet any particular criteria of performance or quality.  FRD expressly disclaims all implied warranties, including, without limitation, warranties of compatibility, security and accuracy: and

Whilst FRD has taken reasonable measures to ensure the integrity of this Newsletter and its contents, no warranty, whether express or implied is given that any files, downloads or applications available via this Newsletter are free of viruses, Trojans, bombs, time-locks or any other data or code which has the ability to corrupt, damage or affect the operation of the user’s system.

The content in this Newsletter has been complied by CFC Underwriting Ltd in association with E-Briefs and provided to FRD for dissemination to MICT members.