While recent news has indicated the dangers of identity theft, a new report from the Federal Bureau of Investigation (FBI) has revealed it was actually not the most-reported activity of its type recorded last year.

The findings come as part of data published by the US-based Internet Crime Complaint Centre, a new initiative set up between the FBI and the private group The National White Collar Crime Centre.

This body works as a clearinghouse for online crime and fraud allegations, with officers working day-to-day to forward any serious cases on to law enforcement agencies who will then investigate the potential for criminal prosecution.

According to the new report, identity theft was only the second most common complaint, with email impersonation scams, and in particular those involving hackers posing as FBI agents, instead representing the most common cyber crime of 2011.

Top Five Reported Cyber Crimes

1. 35,764: FBI Related Scams
2. 28,915: Identity Theft
3. 27,892: Advanced Fee Fraud
4. 22,404: Non Auction Non Delivery of Merchandise
5. 18,511: Overpayment Fraud

This FBI email scam represents a new twist on the traditional email fraud attempt. In essence the same as previous message-based cons, the recipient receives an email claiming to have either won or inherited a large sum of money.

Victims are directed to someone within another government agency and at this point charged a number of fees to claim what proves to be a non-existent windfall.

While in previous years these scams have taken the form of competition winnings, as FBI supervisory special agent Charles Pavelites, who works at the centre, explains, presenting the email under the guise of the government body has proven an effective tool for criminals.

FBI EMail Scam

"Basically, the scams need an air of legitimacy in order to work and invoking the FBI or another governmental agency leads victims to believe the fraudsters' claims," Mr Pavelites told the Associated Press.

The new FBI-focused email scam generated around 39 complaints per day from US citizens, with an average sum of $245 reported stolen by victims in each instance. Over the course of 2011, the FBI estimates that some 14,350 people reported being scammed by these emails.

The overall statistics make for concerning reading too, with the centre receiving 314,246 complaints last year, a third of which reported stolen funds. These figures were up 3.4 per cent on the number seen in 2010, when complaints totalled 303,809. An estimated $485.3 million was lost by victims of cyber crime fraud in the US last year.

Identity Theft Statistics

2011's fourth top-selling mobile phone manufacturer has confirmed that one particular model has a security flaw that could allow access to third parties.

Known as a backdoor, it's a vulnerability affecting the Android-based ZTE Score and, according to cyber-security professionals, anyone with the right password could potentially control the phone.

Historically, ZTE Corp is one of a group of Chinese firms that's only been able to gain a limited US market presence, due to concerns that the country's government has some involvement in its operations: a claim that ZTE itself has denied.

The ZTE Score (X500) is marketed as an inexpensive Smartphone option and its backdoor was first reported anonymously on the pastebin.com code-sharing website. That was several days ago and, since then, it's been claimed that the same security issue is common to other handsets produced by the firm, such as the ZTE Skate.

Score Smartphone Security

‘ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future', the firm told news agency Reuters in an email on the Score smartphone security hole.

‘We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.'

Such security holes have been discovered before in mobile operating systems, like Android, but not so often seemingly intentionally added by hardware developers.

ZTE Security Hole

ZTE supplies mobile phones to Australian telecommunication group Telstra and, in a statement on the ZTE security hole , it sought to reassure customers. "Our preliminary tests suggest that handsets supplied to Telstra are unaffected by this issue", explained Telstra.

"That said, we take device security very seriously, and we are conducting more extensive testing to confirm our initial findings. Should we discover any issues, we will contact customers directly."

Only three other mobile phone manufacturers sold more products last year than ZTE, while just four other groups reported higher revenue figures.

Image copyright Bjoertvedt - Courtesy Wikimedia Commons

Russian-based anti-virus firm Kaspersky Lab has revealed work has begun on the analysis of any potential vulnerabilities within the Apple Mac OS X operating system.

News of the research broke last week, when the computer security company's chief technical officer Nikolai Grebennikov revealed some details of the project.

"Apple recently invited us to improve its security. We've begun an analysis of its vulnerabilities, and the malware targeting it," he told reporters. Speaking in the interview, Mr Grebennikov went on to explain the dangers facing Apple Mac users, with the current operating system being "really vulnerable" to cyber attacks.

Kaspersky Apple Mac OS

With Apple computer sales continuing, following the firm's resurgence in sales of iPhones and iPads, an increasing number of botnets are appearing, with additional malware attacks predicted to increase, according to the expert.

The Kaspersky Lab representative also warned that the current statistics highlighting the better security record of the Apple OS X system, in comparison to Windows, were skewed by the fact that fewer people used the latter's machines.

Earlier this year, 600,000 Macs were infected by a Flashback Trojan virus, which utilised vulnerabilities in the Java plug-in for web browsers. This problem was then compounded when Apple failed to release a patch created by Oracle in February, until April, which allowed cyber-criminals time to tailor their malware.

In previous times, the firm has also garnered criticism for failing to work more closely with security vendors on potential solutions to these problems.

But despite the new developments, the Kaspersky boss was quick to note that the firm would be conducting the analysis at their own behest, with the information gathered from the research shared with customers, rather than supplied directly to Apple.

Apple Mac OS Security Review

Mr Grebinnikov was also keen to stress that, while the security revision of the Mac OS X was being conducted independently, Apple was "open to collaborating" further down the line, should any new vulnerabilities and potential malware threats be uncovered.

Kaspersky Lab represents one of the biggest international firms involved in cyber crime and virus protection, with operations in over 100 countries across the world.

It is estimated that the firm's computer protection software is currently in operation with over 300 million users worldwide. With over 2,400 specialists spread across offices in 29 countries, they are also well positioned to deal with the increasingly global threat of cyber attacks.

The OS X security issue became important in early April, when Dr. Web, a Russian computer security company, reported finding botnets -- or networks of compromised computers controlled by hackers -- that included more than 500,000 infected Macs.

In April, Kaspersky co-founder and chief executive Eugene Kaspersky told Computer Business Review magazine that Apple was "10 years behind Microsoft in terms of security."

Law enforcement officials from many parts of the world have converged in West Virginia to participate in the annual Mock Prison Riot event, harnessing and perfecting their anti-riot tactics.

Staged between 5-9 May at the ex-West Virginia Penitentiary located in Moundsville, the Mock Prison Riot supplies law enforcement personnel and correction personnel with new opportunities to train and learn, while simultaneously showcasing the latest in riot control technologies.

The 2012 Mock Prison Riot involved a total of 27 teams, engaged in almost 60 tactical scenarios. Close to 1,200 people took part in all and they hailed from 35 US states and nine overseas nations. Among those present were SWAT representatives and members of SPEAR - the Singapore Prisons Emergency Action Response unit.

New Riot Enforcement Technologies

The new riot enforcement technologies demonstrated, meanwhile, included the Custom Carbine SX and TX semi-automatic Pepperball launchers, which have a 60 foot precision range but can be used against targets positioned at over twice that distance.

Also displayed was the ALS Hornets Nest Sting Grenade, which unleashes an acoustic assault and a strong irritating sensation like that associated with pepper spray.

Over 25 years ago, Moundsville hosted a real-life prison riot, when its inmates managed to take hostage 15 law enforcement officers but the site's now been out of operation for almost two decades.

Mock Prison Riot

"It is historic circumstances like these that remind us of the importance to continue training for every possible scenario, and that is why I am committed to ensuring that this world-renowned event continues indefinitely", the President of the Senate of West Virginia, Jeff Kessler, explained in a statement on the 2012 Mock Prison Riot.

"This is a rather unique event that allows for the demonstration and evaluation of existing and emerging corrections technology", he said. "It offers a chance for law enforcement and corrections officers to network and learn from various groups and team from around the world.

"This is a tremendous learning opportunity that I believe should be shared by everyone in the law enforcement and corrections fields."

SWAT Image copyright US Navy

The increasing involvement of globally-based criminal gangs has led to a boom in cyber crime around the world, according to the International Criminal Police Organisation (Interpol).

Speaking at the France-based police agency's European Regional Conference in Tel Aviv, Israel, Interpol president Khoo Boon Hui pointed to a rise in the number of internet scams organised crime syndicates were responsible for.

According to the police chief, the impact of these cyber criminals now far outweighs the global cost generated through cocaine, marijuana and heroin drug trafficking combined.

Using figures from a recent London Metropolitan University study, Mr Hui estimated that around four in every five cyber crimes committed were linked to criminal gangs operating across the world.

Cyber Crime Gangs

The Interpol president pointed to the ease with which these groups were able to perpetrate crimes on a global scale, as the key reason behind the rise.

"Criminal gangs now find that transnational and cyber crime are far more rewarding and profitable than other, riskier forms of making money," he explained.

Mr Hui also revealed that the estimated cost of cybercrime in Europe along stood at $979 billion (£607 billion) a year.

Financial institutions remained a key area of focus for these organised syndicates with US banks reporting losses of $12 billion (£7.4 billion) to cyber criminals last year, compared with the $900 million (£560 million) lost through conventional robberies.

Alongside the more traditional forms of banking and credit card fraud, illegal gambling has emerged as a popular source of illegal income for these groups.

In these instances groups will set up temporary safe bases in the Far East, from where they will net billions through football and gambling websites alongside financial scams.

"Organized crime is now able to recruit members from countries without diplomatic ties to commit crimes overseas operating from temporary safe bases in third countries equipped with the latest technology," he explained.

Mr Hui also revealed that police in Malaysia recently arrested over 200 cyber criminals operating online scams, through two syndicates in China and Taiwan, under the instructions of one Taiwanese boss.

Meanwhile he also warned delegates of the ongoing threat of cyber attacks to the global security infrastructure, with Interpol even hit by hackers in recent years.

Mr Hui estimates that as many as 1,000 cyber attacks currently take place every minute across the world.

Interpol is planning to help train police in online enforcement in the next few years, with plans in place to open a cyber crime and digital security complex in Singapore in 2014.

The Federal Bureau of Investigation (FBI) has revealed that an al-Qaida plot to blow up a plane heading for America, on the anniversary of Osama bin Laden's death, has been foiled.

According to a statement from the US intelligence service, an individual based in Yemen had been supplied with a bomb by the militant Islamist organization, with the timing and choice of flight left to the unnamed individual.

The device in question is believed to a more advanced version of the infamous underwear bomb used in an unsuccessful terrorist attack back in 2009, when Nigerian student Umar Farouk Abdulmutallab attempted to detonate an explosive on a flight to Detroit.

Al-Qaida Underwear Bomb Plot

A statement from the FBI later confirmed that a device of this type had been seized by operatives from the CIA. "The FBI currently has possession of the IED and is conducting technical and forensics analysis on it," it read.

"Initial exploitation indicates that the device is very similar to IEDs that have been used previously by al-Qaida in the Arabian Peninsula in attempted terrorist attacks."

US officials are thought to suspect Ibrahim Hassan al-Asiri of manufacturing the bomb, as well as the device deployed three years.

No word has yet been given on the fate of the Yemen-based individual involved in the plot, though if
guilty, he is likely to suffer a similar fate to Mr Abdulmutallab, who was jailed for life back in February this year for his part in the 2009 plot.

The White House meanwhile refused to confirm reports that the bomb plot was part of a wider scheme orchestrated by al-Qaida to mark the anniversary of Osama bin Laden's death at the hands of US Special Forces on May 2nd 2011.

According to reports, figures within the Associated Press first learnt of the story last week, but were asked by US officials to wait until intelligence gathering operations had been completed and an official announcement from the White House could be made.

Commenting on the failed plot, White House deputy national security council spokeswoman Caitlin Hayden said:"The disruption of this IED plot underscores the necessity of remaining vigilant against terrorism here and abroad."

President Barack Obama had known about the potential plot since April, with homeland security and counter-terrorism adviser John Brennan providing regular updates on the developments of the CIA and FBI's operations.
The FBI is now investigating the potential for one of these devices to pass through airport security undetected with figures at Homeland Security stressing that vigilance remained essential in the current climate.

Two days ago, al-Qaida member Fahd al-Quso was reportedly killed by a US drone in Yemen. A longtime member of the FBI most wanted list, Mr Quso was rumored to have played a key role in the 2009 bombing attempt.

The number of targeted cyber attacks rose by 81 per cent in 2011, according to statistics published in a new report from Symantec Corp.

The company, which represents world's largest manufacturer of security software for computers, revealed that over 5.5 billion malicious attacks were blocked over the past year.

According to their figures, the amount of unique malware variants also rose sharply with the total of 403 million indicating a 41 per cent increase on 2010.

Symantec also estimated there were around 4,500 new web based attacks every day throughout 2011 - a yearly rise of 36 per cent.

Cyber Attacks Rise

The report warned that "greater numbers of more widespread attacks employed advanced techniques, such as server-side polymorphism to colossal effect". This is a technique which allows attackers to generate an near-unique version of their malware for each intended victim.

More concerning still was the indiscriminate nature of the breaches, with companies of all types and sizes reportedly breached alongside the more traditionally targeting financial institutions.

Fiscal businesses did remain among the top sectors impacted by cybercrime though with almost eight per cent of all data breaches in 2011 coming from this sector and 0.4 per cent of identities stolen also registered from here.

Finance firms continued to be the target of phishing attacks too, with 85.2 per cent of all those recorded last year being related to false organisations, up on the rate of 56 per cent recorded in 2010.

Spam levels did see a drop-off with the number of new vulnerabilities uncovered falling by of 20 per cent though, with attackers opting instead to explore existing weaknesses.

Meanwhile targeted attacks also rose, with the daily amount registered rising from 77 per day to 82 by the end of last year.

Utilising customised malware and social engineering, these attacks gain access to highly sensitive information, with individuals in the government and wider public sector traditionally targeted.

In 2011, this focus evolved further though, with a more diverse cross section of web users coming under threat from these attacks.

Social Media Threat

The Symantec findings also revealed the concerning increase in the number of cyber criminals utilising social networks like Facebook to launch their attacks.

These groups take advantage of the assumption that these networking sites are not at risk to such attacks, with hackers utilising the viral nature and social expansion tools of these systems to spread their attacks from user to user.

In all the computer security firm estimated that 1.1 million identities were stolen per data breach on average last year - the highest amount ever recorded by the company. Hacking remained the greatest cyber crime threat, with a total of 187 million identities breached in 2011.

Interestingly, the report also concluded that the majority of data breaches leading to identity theft stemmed from the loss or a computer or data storage unit, such as a USB key. These thefts exposed approximately 18.5 million identities last year alone.

The company meanwhile warned of the growing cyber threat posed to users of smartphones and other web-enhanced portable computer technology.

Two RAF Typhoon combat jets have deployed to a London airbase to participate in Exercise Olympic Guardian, which will test the security procedures designed to ensure the London 2012 games pass without incident.

Temporarily based at RAF Northolt, they'll fly for a total of eight days, beginning on 2 May, and will be involved in the air-to-ground protection element of the London Olympics security plan.

"Whilst there is no specific threat to the Games, we have to be ready to assist in delivering a safe and secure Olympics for all to enjoy", Phillip Hammond, Defence Secretary, explained in a statement, highlighting the MoD's (Ministry of Defence's) pledge to keep safe the British public "at a time when the world will be watching us."

Olympic Air Security

The Olympic air security measures, though, have been heavily criticised by some, who believe they'll create unnecessary panic.

"Far from safeguarding Londoners as they go about their daily lives, they will bring a real fear of explosions and the prospect of these places becoming a target for terrorist attack", Stop the War Coalition representative Lindsey German commented. "We are told by the Government that the war in Afghanistan is being fought so that we don't have to fight on the streets of London.

"These manoeuvres give the lie to that, and show that the war has made Britain a more dangerous place."

RAF Jets: London Olympics

News of the RAF jets' deployment follows by hours the announcement that six local sites will host surface-to-air missiles while the London Olympics are in progress.

Exercise Olympic Guardian will be a security run-through involving several elements of the UK armed forces. Besides RAF Typhoons, it will also feature Royal Navy Sea King search and rescue helicopters, the Royal Navy vessels HMS Ocean and HMS Bulwark and a total of 13,500 military personnel.

As reported in previous Security Technology News Items, there are other aspects to the London Olympics security arrangements, too. Among these are drug-testing and, at the start of 2012, a dedicated London Olympics drug-testing centre was unveiled.

File-sharing site Pirate Bay is set to be blocked by UK internet providers, following a major High Court Ruling today.

Under the plans Sky, TalkTalk, O2, Everything Everywhere and Virgin Media will be required to prevent their internet users from accessing the site in the next few months. BT could also soon join this list, with the firm requesting more time to consider its position on blocking the site.

The decision represents a major development in the world of cyber crime, with the Swedish website infamous for hosting links to a range of free to download pirated video and music files.

Pirate Bay File Sharing

Sites like Pirate Bay have had a damaging affect on the media industry, with music sales declining as a result of competition posed by these illegal files.

The decision was welcomed by the British Phonographic Industry (BPI), with chief executive Geoff Taylor condemning the site for destroying jobs and undermining investment in the new music.

"Its operators line their pockets by commercially exploiting music and other creative works without paying a penny to the people who created them," he said.

"This is wrong - musicians, sound engineers and video editors deserve to be paid for their work just like everyone else."

According to figures provided to The Guardian by record labels, Pirate Bay currently offers around four million copies of music and films to a user base of some 30 million spread across the world, with comScore estimating that around 3.7 million of these reside in the UK.

More importantly, the illegal site generates a significant amount of its income from adverting with a total of nearly $3 million (£1.8 million) earned last October.

Pirate Bay Blocked

The block on Pirate Bay will begin within a couple of weeks, with millions set to feel the effects of the shutdown.

Despite the ruling representing a major coup for those against online piracy though, some advocacy groups have condemned the move as yet another form of online censorship.

These groups are reportedly concerned that the introduction of such blocks could lead to more drastic calls for censorship of the worldwide web with extremism and pornography likely to be among the main targets for any action.

More significantly still, these groups have warned that blocking the site will prove only a temporary reprieve for the industry, with those behind Pirate Bay likely to shift the site to alternative domains while also utilising SSL tunnels, virtual private networks and proxy servers to avoid detection.

The high court action represents the second time in which a file-sharing site has been blocked, with the Newzbin2 site previously found to have infringed on copyright back in October 2011.

This ruling subsequently opened the door for internet service providers to block file sharing sites under the 1988 Copyright, Designs and Patents Act 1988.

Since its introduction in 2003, Pirate Bay has fought off legal action and police raids from a number of different authorities. How they react to this latest development, remains to be seen.

A new cyber-security bill's been approved by the US House of Representatives, even though the US President has threatened to stop it coming into law.

248 House members backed CISPA's (the Cyber-Intelligence Sharing and Protection Act's) adoption but, of those on the opposing side, many referred to it as a civil liberty and privacy threat-in-waiting. These are concerns seemingly amplified by the White House which, in a statement, said CISPA may "...undermine the public's trust in the government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties and consumer protections."

The law, added the White House, repeals "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards."

CISPA Cyber-Security Bill

On the other side of the support coin is Facebook which, last week, publically supported the CISPA cyber-security bill as a means of lowering online crime and, reportedly, Microsoft, AT&T and Verizon also back the Act's introduction.

CISPA is intended to promote threat data-sharing between businesses and intelligence agencies, potentially giving firms the tools needed to protect themselves from attack.

Crucially, the measure's generally received a much better response within the IT industry than did SOPA - the Stop Online Piracy Act that faltered after a campaign against it spearheaded by a number of online firms.

House CISPA Approval

"Without question, the path to the House vote wasn't an easy one", Information Technology Industry Council CEO Dean Garfield said of the House CISPA approval. "But, at the end of the day, we have legislation that would markedly improve our country's cyber defenses and enhance our citizens' safety."

Elsewhere, the US Senate is presently exploring separate new cyber-security legislation but with content significantly different to that of CISPA. Furthermore, no vote has yet been scheduled for this legislation but, for CISPA, a Senate vote's now required. From there, it will go to the White House for ultimate approval or rejection.

Security Technology News will provide further coverage of CISPA as future facts emerge.

Image copyright Sara Moses – courtesy sxc.hu