We’ve all heard security nerds complain about the vulnerabilities of cloud computing; here’s the news they’ve been waiting for. Black-hat hackers got into an unnamed website hosted on Amazon’s servers then proceeded to install an illegal command and control infrastructure. Named America’s number one most wanted botnet, Zeus was discovered on Amazon’s Elastic Compute Cloud (EC2) by security researchers yesterday. Sponsor The Zeus Trojan is a keylogger designed to steal data such as login credentials, account numbers and credit card information. It creates fake HTML forms on banking login pages to allow hackers to steal user data. This particular botnet has been linked to around $100 million in bank fraud in 2009. Although we don’t yet have details on exactly how the website in question was hacked, we have learned that the software has been removed from the Amazon cloud. This incident is the first example of malware being found on AWS’ infrastructure. As we were warned by black hats in April this year, cloud computing carries certain risks and opportunities for exploitation. Our own Sarah Perez wrote: In another part of the Sensepost presentation, they looked specifically at vulnerabilities of Amazon’s Web Services. To start off, they detailed the process involved in setting up a new instance on EC2… While Amazon has provided 47 machine images they built themselves, the remaining 2721 images were build by other EC2 users. Can you really believe that all of these images were built securely? Basically, the template directory is just a big archive of user-generated content. And you know what user-gen content is like… risky . As John Pescatore told the Financial Times , “The security of these cloud-based infrastructure services is like Windows in 1999. It’s being widely used and nothing tremendously bad has happened yet. But it’s just in early stages of getting exposed to the Internet, and you know bad things are coming.” Will hackers continue to employ web services to carry out their schemes in 2010? Twitter, Facebook, Google Apps, and now Amazon Web Services have all been used for evil this year. How can websites, corporations, and end users be smarter about online security to avoid personal and financial loss next year? Let us know what you think in the comments. Discuss

Go here to read the rest:
Bank Login-Stealing Botnet Found Hiding in Amazon Cloud

Fresh from the official Google blog , we have news that Google is taking a group of online scammers to court. We’ve all seen the ads: “Use Google to Make 1000s of Dollars!” “Easy Cash with Google: You Could be Making up to $978 a Day Working from Home!” Finally, the search giant has announced it’s going to do something to protect its trademark and help spare a few suckers from getting scalped. Google is suing Pacific WebWorks and a rash of unnamed defendants. Sponsor In a joint post from search quality engineer Jason Morrison and senior litigation counsel Stacey Wexler, the company stated, “Google hasn’t created or endorsed any of the sites like those described in our complaint. Misleading ads try to take advantage of consumers… As far as we can tell, thousands of people have been tricked into sending payment information and being charged hidden fees by questionable operations.” The scammers’ URLs will be de-indexed, and Google will also be permanently disabling AdWords accounts linked to poor user experiences. But, as Morrison and Wexler note, treating the symptoms of a scam circle is a bit like playing Whack-A-Mole. Google can bash away at the digital manifestations of these shady companies, but it’s nearly impossible to get rid of them forever without going after the people involved. We hope the lawsuits go well and help to get these scammers off our tubes. Here’s a brief list from Google of names associated with scam artists. These companies are not affiliated with Google in any way: Google Adwork Google ATM Google Biz Kit Google Cash Earn Google Cash Kit Google Fortune Google Marketing Kit Google Profits The Home Business Kit for Google Google StartUp Kit Google Works As always, be smart online, and remember that if something seems to good to be true, it probably is. For more tips on how to avoid getting ripped off on the Internet, check out an informative Google blog pos t from this summer. Discuss

See the rest here:
Google Sues "Google Money" Scam Artists

Consumer watchdog group, the Electronic Frontier Foundation , has initiated a lawsuit against multiple U.S. government agencies for failure to disclose their policies regarding the use of social media for surveillance. According to the filing, the government has been making use of social media sites like Facebook , MySpace , YouTube , and Twitter to aid in various investigations where the crimes range from the relatively minor infringement of underage drinking to more serious endeavors, such as the coordination of protesters during the G-20 summit . However, when requests were made under the Freedom of Information Act (FOIA) for details about governmental policies, several agencies failed to respond with information regarding what data is collected, under what circumstances, and who has access to it. Sponsor About the Suit The EFF is working with the Samuelson Law, Technology, and Public Policy Clinic at the University of California, Berkeley, School of Law (Samuelson Clinic) on this lawsuit. The Clinic filed the original FOIA requests on EFF’s behalf and later filed the suit when government agencies refused to respond. Named in suit are the Department of Defense (DoD), Central Intelligence Agency (CIA), Department of Homeland Security (DHS), Department of the Treasury, Office of the Director of National Intelligence, and Department of Justice (DoJ) which includes the Federal Bureau of Investigation (FBI), the Drug Enforcement Agency (DEA), and the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), among others. The filing mentions several recent media articles where criminals have been apprehended thanks to government surveillance of social networking sites, including the case of Maxi Sopo whose Facebook status updates led to his arrest on bank fraud charges. Another example involved programmer Aaron Swartz who helped an open-government activist with the collection of millions of public and free court records. His activities led to a full-scale FBI investigation, as detailed here in this Wired article . Twitter’s name came up when, as mentioned above, the service was used to notify G-20 summit protestors of police movements. Although this suit may lead some to believe the EFF is against the practice of utilizing social networking sites for investigative purposes, that is not the case. The filing notes that government use is “often for laudable reasons” – they just want the scope clarified so as to prevent abuse. Social Media Investigations are the New Wiretap No longer solely used by tech-savvy individuals, social networks have seen explosive growth over recent years. Sites which at one time catered only to the young, such as Facebook which began as college-only network, now include demographic groups that range from pre-teens all the way up to grandparents. As more mainstream users join sites such as these, there is a growing need for privacy awareness. Specifically, internet users have the right to know who can access their data as well as when and how it can be used. Initiatives like Facebook’s recent privacy updates hope to help users maintain some control over that data, but that may not be enough. As graduate student Christopher Soghoian recently revealed on his blog , government agencies routinely request information from the operators of social networks when investigating criminal activities in order to access data users have hidden from public view. In fact, most companies even have documented policies regarding the procedures for requesting this data – for example, Facebook’s Subpoena and Search Warrant Guide is here and MySpace’s Law Enforcement Guide is here . In this new technological age we live in, using social media to gather data and track criminals is commonplace. It’s the new wiretap. And while social network surveillance is usually used for beneficial purposes, people deserve to know what their rights are in this area. Hopefully, this suit will shed some light on that. Discuss

See the original post here:
Watchdog Group EFF Sues Government Regarding Social Media Surveillance Tactics

Yesterday’s official launch of Twitter co-founder Jack Dorsey’s new mobile payment system was greeted with a lot of enthusiasm . Not everybody agrees that Square’s business model is viable, however. Today, we got a chance to talk to Andy Kleitsch, the CEO of Billing Revolution , who didn’t hold back in his criticism of Dorsey’s plans. According to Kleitsch, Square is going after the wrong kind of customer if it wants to be a viable business: merchants who don’t qualify for accounts with traditional credit card processors because the would be deemed ‘high risk’ by these companies. Sponsor Billing Revolution offers a mobile payment system that gives customers the ability to pay for purchases through their phone and allows merchants to process credit cards through Billing Revolution’s mobile site. It’s worth noting that Square is using mobile technology to give merchants the ability to process transactions on their mobile phones and laptops and won’t enable uses to make mobile payments directly from their phones. As Billing Revolution competes with Square, we have to take Kleitsch’ comments with a grain of salt, but a lot of his arguments do ring true within the context of the credit card processing business. Are Real Merchants Looking for an Alternative? According to Kleitsch, established businesses “are not looking for Jack’s solution.” A regular coffee shop can get a payment terminal for free and only pays about $20 in fees per month (plus a percentage of every transaction). Kleitsch argues that the customer that is most likely to use Square’s system is somebody who makes jewelry at home and sells it at a local Christmas bazaar. The question is if this is a large enough market for Square. Traditional credit card processors are also able to settle accounts daily. It remains to be seen if Square will offer a similar service. Potential for Fraud Square will also have to deal with potential fraud. While we don’t know the exact details about how Square will operate, chances are that the company will have to keep a large reserve in an escrow account with the credit card processing companies that power Square’s back-end. Anybody who sits on a pile of stolen credit cards, Kleitsch pointed out, could use Square to run up charges on these accounts. Once the defrauded credit card owners dispute these charges, Square could be left with a large bill to pay. Merchants with a chargeback rate of more than 2% are typically turned down by credit card processing companies. If Kleitsch is right, these would be exactly the kind of merchants who would be interested in using Square’s payment system. Too Risky? Obviously, the company’s investors and advisors don’t think this business model is too risky. There can also be little doubt that consumers could benefit from a new company that disrupts the current status quo in the credit card processing world. Do you think Kleisch’s argument that Square will attract the wrong kind of customers holds true? Or do you think Square will revolutionize the market and finally give small companies the ability to do business on a level playing field? Discuss

Excerpt from:
Is Jack Dorsey’s Square Going After the Wrong Customers?

As Part of the Lionheart Assurance Scam Prevention Toolkit™

How to overcome an identity theft if you have been a victim of a scam is something that you want to know about but never really want to experience. However, these things happen and you must be prepared for any fraud eventuality. Here are the things that must be done if you have become a prey to identity theft. By learning what to do now, you may minimize greatly your loss and complaints and perhaps be able to help a friend or a loved one.

The first thing on your list on how to overcome an identity theft if you have been a victim of a scam is to act immediately. If you think that rip-off criminals were able to harvest your financial records and bank details, you need to call your bank and credit card issuers immediately. Cancel all your cards and tell your bank to freeze all transactions that you did not authorize. You should tell them that someone is using your identity and you want to change account numbers or cards to remedy the situation from the scams.

If you think that someone is impersonating you or using your identity to ripoff friends and family or cheating you by getting your personal benefits, you should file complaints with the FTC or the Federal Trade Commission. You can either call their hotline with your complaints or do the reporting online. You need to call the FTC because it is the one agency in charge of helping people who think they have been victims of identity theft and related crimes. This agency will be able to provide you with resources on how to overcome an identity theft or fraud if you have been a victim of a scam.

It is important that you do not forget to call your local police or FBI and the credit bureau to inform them on what has happened. It really doesn’t matter if your identity was used in Timbuktu. The point is you need a police report in order to file charges and to minimize damage to your bank accounts and reputation. Documenting everything is also another important step on how to overcome an identity theft if you have been a victim of a scam. You will need documents to support your complaints and to file criminal charges against the rip-off perpetrators. You might also want to consider taking on insurance that protects you from financial burden caused by identity theft.

To know more about how to avoid Identity Theft Fraud at your business, visit Lionheart Assurance Solutions at http://www.LionheartAssuranceSolutions.com today.