Revealed: the worst passwords of 2011

Pro tip: choosing “password” as your online password is not a good idea. In fact, unless you’re hoping to be an easy target for hackers, it’s the worst password you can possibly choose.

“Password” ranks first on password management application provider SplashData’s annual list of worst internet passwords, which are ordered by how common they are. (“Passw0rd”, with a numeral zero, isn’t much smarter, ranking 18th on the list.)

The list is somewhat predictable: sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael”, all are common choices. Other common choices, such as “monkey” and “shadow”, are harder to explain.

As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123″ and “trustno1”, are popular choices.

SplashData created the rankings based on millions of stolen passwords posted online by hackers. Here is the complete list:

• 1. password
• 2. 123456
• 3.12345678
• 4. qwerty
• 5. abc123
• 6. monkey
• 7. 1234567
• 8. letmein
• 9. trustno1
• 10. dragon
• 11. baseball
• 12. 111111
• 13. iloveyou
• 14. master
• 15. sunshine
• 16. ashley
• 17. bailey
• 18. passw0rd
• 19. shadow
• 20. 123123
• 21. 654321
• 22. superman
• 23. qazwsx
• 24. michael
• 25. football

SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately.

“Hackers can easily break into many accounts just by repeatedly trying common passwords,” Slain says. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.” 

The company provided some tips for choosing secure passwords in a statement:

• 1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.

• 2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.

• 3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.

Source: smh.com.au

Accessing VMFS partitions on an ESX server that doesn’t boot normally

This week I was dealing with an ESX vSphere v4.0.0 that wasn’t booting properly and had problem with mounting VSD.

it was showing the following message:

“VSD Mount Failed


You have entered the recovery shell. You can try booting in troubleshooting mode to attempt to fix the issue. If that fails, you should contact VMWare techsupport.

/bin/sh: can´t access tty: job control turned off.”

All I wanted to do was to transfer all the Virtual Machines (all VMDK files) out of that server but, because it was in recovery shell, I wasn’t able to mount an external disk or connect via SSH.

After a lot of googling and testing, I found a way of doing it.  This method is useful for disaster recovery as well as forensic analysis in case you have to image an ESX server.  Forensic software like Encase and FTK don’t support VMFS file system and when you add an image of an ESX server as evidence, they just show the VMFS partitions as Unknown.

These are the steps for mounting VMFS partitions under Linux / Unix:

1.  vmfs-tools is a tool which is “originally loosely based on the vmfs code from fluidOps” and allows read only access to VMFS file systems from non ESX/ESXi hosts.

2.  boot the ESX server with a live linux CD (I used Ubuntu 10 ) and when it asks if you want to install or just try it live, choose try.

3.  after the OS is booted and you can see the desktop, connect the OS to Internet and install vmfs-tools by running: sudo apt-get install vmfs-tools ( if it says it can’t find the package, go to software source setting and add universe by checking the box).  Alternatively, if you don’t have internet connection, you can download the vmfs-tools package from here and put it on a usb and install it manually using dpkg -i command (example dpkg -i vmfs-tools.deb).

4.  Now type  the following command: sudo fdisk –l this shows that the vmfs file system is located at /dev/sdb3 ( if it’s a server with SCSI raid unit, it will be under /dev/cciss/c0d0p#)

5.  The next command is to mount VMware VMFS partition:
create a folder as a mount point using this command mkdir /media/VMFS and use this command to mount the VMFS partition vmfs-fuse /dev/sdb3 /media/VMFS
6.  now go to that folder and check the content using cd /media/VMFS and then ls -hal

7.  you should be able to see all the VM folders.

 
8.  to export those VMs to an external disk, connect a USB disk and mount it. then use cp -r command to copy each VM folder to USB disk. (example cp -r /media/VMFS/VMname/ /Media/sdb1(usb disk partition mount point)/
 

 
I hope you have found this post useful.
 

 
Hadi Rahnama
Senior Digital Forensic Analyst
Vincents Forensic Technology

Mobile phone spies

Imagine just how much private information has passed through your mobile phone. Now imagine that information in the hands of your ex-boyfriend, your boss or even an identity thief. Software that can relay all your calls, texts and movements to a third party is available for download online, and what’s worse is that it can be nearly impossible to detect.

Hi-tech detective work uncovers unknown suspects

A HI-TECH crime centre in Canberra is uncovering new suspects by scanning financial and other documents to red-flag suspicious anomalies.

The Criminal Intelligence Fusion Centre was created last year to encourage specialists from different government agencies to share and analyse data.

The Australian today reported that in its first 12 months of operation, the Centre identified 53 people suspected of involvement in organised crime and generated 2300 leads.

In one case described by the paper, the losses of casino gamblers were cross-matched with reported incomes to uncover possible instances of welfare fraud and unexplained wealth.

That analysis returned 78 potential matches.

Read the full report here

Located at the headquarters of the Australian Crime Commission, the Centre employs up to two dozen specialists from various agencies like Customs, Immigration and the Tax Office.

The Centre’s website said its aim was to “maximise the use of the full range of available data holdings across Government”.

Offences targeted by the Centre include money laundering, people smuggling, terrorism and tax evasion.

One of the databases used by the Centre is the Australian Criminal Intelligence Database, or ACID. Almost 350,000 new documents were added to ACID in the past year, The Australian reported.

Local council forces Twitter to hand over user details

AN English local authority says it has forced Twitter to hand over users’ details after it took the US website to court in California, in what is believed the first case of its kind in Britain.

South Tyneside Council, in northeast England, took the legal action in a bid to discover the identity of a blogger, known as “My Monkey”, behind allegedly libellous statements against councillors.

“Twitter have released information to our lawyers and this is currently being analysed by technical experts,” council spokesman Paul Robinson said.

Details were handed over after the council took Twitter to court in California, where the site is based.

Commentators said the ruling could have implications for the case of footballer Ryan Giggs, whose lawyers have demanded in the British courts that Twitter reveal which users named him over an alleged affair in defiance of a court order.

Ahmed Khan, a South Tyneside councillor, said Twitter had informed him that it was giving his details to the local authority and blasted the situation as “Orwellian”.

The website handed over details he had submitted when he signed up for the service, including IP identities, mobile phone numbers and email addresses, he said.

Mr Khan said he believed the council had been given the details of five Twitter accounts, two of which are his.

He denied he was the blogger behind the “Mr Monkey” site: “I’m the kind of person who will tell you face-to-face what I think. I have no need to use an anonymous blog.”

Media lawyer Mark Stephens said he believed the case was the first of its kind.

“I am unaware of any other occasion where somebody from this country has actually gone to America and launched proceedings in a Californian court to force Twitter to release the identities of individuals,” he told the BBC.

“The implications are that people who have had their name released can actually now go to California and begin proceedings.”

MP John Hemming last week outed Giggs as the sportsman who had won an injunction to stop British media reporting his alleged extramarital affair, publicly naming him using a right to freedom of speech in the House of Commons.

Liberal Democrat Hemming argued that the injunction was no longer practical after tens of thousands of people had named the Manchester United star on Twitter.
Source: www.news.com.au

Fraud Check software can sniffs out cyber criminals

WITH nearly half of Australian and New Zealand businesses falling victim to fraud in any two-year period, forensic technology is rapidly becoming a major corporate survival tool.

According to Vincents Chartered Accountants, fraud is costing Australian businesses more than $1.5 million a case.

Director of Vincents Forensic Technology Daniel Hains said fraud represented one of the biggest risks to business today.

“When you consider that in 42 per cent of major fraud cases none of the defrauded money or goods are ever recovered, you can see what a devastating impact it can have,” Mr Hains said.

“We have developed an in-house data solution that discretely and accurately checks 100 per cent of transactions in a business’s accounting data.

“Fraud Check can perform tests in minutes what would usually take a team of accountants weeks or even months to achieve, which makes it a very cost-effective option not only to identify possible fraudulent activities in your business but be a tool that manages risk on an ongoing basis,” he said.

Malcolm Shackell, Investigations and Forensics leader at PricewaterhouseCoopers, said website safety was crucial.

“Databases should be protected and encrypted. In particular, card numbers and client data should be encrypted, and access to the data highly restricted,” he said.

It was also advisable to regularly perform ethical hacking and penetration attacks on sites to test security. “And understand that the attackers will take their time to penetrate networks.” He said staff should be trained on card processes for manual transactions and card identification.

The Vincents’ Fraud Check software is a first step in fraud proofing.

Often companies become targets simply through the process of delegation, where directors are too busy managing day-to-day operations to effectively scrutinise financial and bookkeeping tasks.

According to Vincents, there are two key places to look within a business for signs that fraudulent activities might be taking place.

Firstly, look at the people working on your books – things such as working odd hours, sudden lifestyle changes, overbearing management styles and a lack of segregation of duties.

“It is difficult for some business owners to believe that their staff or bookkeeper could be stealing from them, but unfortunately it is a sad reality and we are seeing more and more businesses protecting their revenue by installing professional safeguards,” Mr Hains said.

“Obviously, discretion is often the key in fraud investigations, which is why businesses should engage experienced fraud and risk professionals to negotiate this tricky territory.”

Mr Hains said businesses should ensure any fraud checking software or systems they employ were designed by experienced forensic accountants who are familiar with the techniques being used by fraudsters.

He said the heavy reliance on computers and technology for accounting had significantly increased the demand for fraud-checking software.

Source: Couriermail

Popular Australian e-commerce fraud suburbs revealed

New data collated from about two million Australian credit and debit cards reveals the popular suburbs in which e-commerce fraud has been attempted using internet-connected computers.

The data, released by security company RSA to Fairfax, publisher of this website, showed Queensland was the hot spot for e-commerce fraud in Australia during the January to March reporting period, which utilised data collected from about two million Visa and MasterCard credit and debit cards.

Victoria, New South Wales and Western Australia were the second, third and fourth most popular states after Queensland, RSA data showed. Both MasterCard and Visa were RSA clients, according to RSA spokesman Mason Hooper.

In NSW the suburb of Fairfield accounted for 6.9 per cent of the state’s e-commerce fraud. Gosford (5.4%), Hurstville (2.1%), North Ryde (2%), Hay (1.5%), Sydney (1.1%) and Mascot (1%) were also also amongst the top-ranked NSW suburbs in which e-commerce fraud was committed.

The Victorian suburb of Sunshine accounted for 3.1 per cent of the state’s e-commerce fraud, Melbourne (1.1%), Sunbury (0.7%), Burwood East (0.3%) and Burwood (0.2%).

In Queensland the suburb of Sandgate accounted for 2.6 per cent of the state’s e-commerce fraud followed by Brisbane (1.6%), the Sunshine Coast (0.8%) and Ipswich (0.6%)

Popular goods attempted to be purchased using stolen credit or debit card details often included iPhones, iPads, laptops and other computer hardware, as well as plane tickets, according to RSA’s Hooper. “We see a lot of fraud in the air travel space.”

A person’s credit or debit card information was usually stolen by a fraudster “phishing” for it or a victim unknowingly installing what is known as a “Trojan” virus on their computer.

Phishing can occur when a fraudster sends a victim an email that appears to look as though it’s come from the their bank. It usually asks them to “verify” their details by clicking on a link and entering their credit or debit card details.

If the details are filled out and submitted, the victim essentially hands over their details to the fraudster instead of to their bank (which a bank will never ask you you to do), allowing the fraudster to perform what is known as a card-not-present transaction to purchase goods using the internet with the card information they have obtained.

A Trojan on the other hand, such as “Zeus” or “SpyEye”, can be used by hackers to steal information from a compromised computer. It usually takes advantage of security flaws in web browsers when a victim visits a compromised website that is used to install it.

Trojan-infected computers are also used by fraudsters to anonymise a credit or debit card transaction, which is why many of the top-ranked suburbs were not necessarily crime hot spots, according to RSA’s Hooper, but where victims of trojan-infected computers resided.

Tapping into a trojan-infected computer allows for a fraudster to essentially become untraceable, using the victim’s IP address – the unique sequence of numbers assigned to each computer, website or other internet-connected device – instead of their own.

“So we find out via IP address location [of suburbs],” Hooper said. “Which … means that it could be the actual fraudster sitting at the end of that IP address or it could be someone proxying though an infected machine. And there’s no real way to break that down.”

Hooper said there was “definitely a correlation between high-crime areas and online fraud”. He said he expected that “a lot” of the 6.9 per cent of e-commerce fraud being committed at Fairfield during the reporting period was “genuine” and not fraudsters using victim’s computers in that suburb “because there’s a lot of … crime out in [the western suburbs] … so it’s not surprising to see genuine fraud attempts out in those areas”.

He also said Mascot, which is near Sydney’s airport, would be where “you’d get a lot of fraud attempts on public machines”, especially on internet cafe computers at the airport.

“If you’re a fraudster then you don’t want to be caught, so it’s better if you’re going to commit fraud … to do it from public Wi-Fi or from a public machine,” Hooper explained.

“So at airports it’s not surprising to see a lot in those sorts of areas and in universities where they’ve largely got free and open access to the internet.”

In the case of universities being a hot spot for e-commerce crime, Hooper pointed to North Ryde, where 2 per cent of NSW’s e-commerce fraud had been committed and where Macquarie University resides. “So again that’s not surprising to see these things where universities exist and there’s a lot of public machines that people can use to commit fraud.”

Hooper suspected many of the Queensland suburbs listed to be hot spots for trojan-infected computers rather than where the criminals lived. “[In] Sandgate …. there’s a lot of retirees around there and people that might not be patching their machines and keeping both the patching up-to-date and the anti-virus up to date,” Hooper said. “They might be more likely to be prone to open an email message that they shouldn’t open. So either responding to a phishing attack or opening up a trojan that’s embedded within a machine.”

He also suspected this to be the case for the suburb of Hay – but for a different reason.

“Hay’s a very small town in NSW. I would suspect that [with] somewhere like Hay it’s actually more likely to be rampant trojans out there. And because they’re a smaller community they’ll be sharing files between each other. So it’s quite easy to … get a concentrated infection in one area. So I would suggest there’d be less genuine fraud [there]. So I don’t think the fraudsters will live in Hay. I think they’ll live somewhere else. But there’ll be a large proportion of their machines that are infected out there. And again a lot of that will come from the community sort of impact of sending files around.”

Hooper said schemes such as Verified by Visa and MasterCard’s Securecode were designed to stop e-commerce fraud from occurring. “RSA are providing that extra level of authentication or fraud detection [to them],” he said. “So we’re stopping that fraud as the user’s making that transaction.”

Verified by Visa, which is only available on websites that participate in adding the extra level of security, creates another factor of authentication when completing a transaction. MasterCard’s Securecode works on the same premise.
Source: Brisbane Times

eTrials in Queensland Courts

An eTrial is conducted like a paper-based hearing, except that documents are submitted and viewed electronically.

An eTrial can be conducted in any Supreme or District Court in Queensland. In an eTrial, all documentary evidence is submitted as scanned images in fully text-searchable PDF documents. These documents are managed and viewed on-line throughout the trial while all other court processes proceed as usual.

Legal firms are encouraged to use this process for civil cases where there is likely to be more than 500 relevant documents.

An eTrial streamlines and increases access to the justice system. It also helps legal firms to offer greater value to their clients by providing:

• fast access to fully text-searchable documents in court;
• 24-hour real-time access for remote teams to relevant documents before and during a trial;
• access during hearings to email and firm systems via Queensland Courts’ Wi-Fi service;
• significant reductions in paper handling and photocopying;
• compatibility with commercial document management and case preparation systems – enabling the bulk import of documents and related data;
• an ability to scale the solution to trial requirements.

More information can be found on the Qld Court’s website http://www.courts.qld.gov.au/4274.htm

Should you require any assistance with PDF searchable documents or any aspect of eTrials contact Vincents Forensic Technology.

Tips for flooded computers

We are aware that our clients may have been affected by the recent flooding and we have set out some general advice which we hope will assist in some way those who are recovering from these events.

Based in Brisbane’s CBD, Vincents Forensic Technology are well placed to assist clients with all forms of data recovery and assistance.

Here are some quick tips from our forensic technology experts.

1. Do not attempt to turn on equipment which may have been damaged by water:

If water has infiltrated the hard drive or electrical components, applying electrical power can leave the hard drive unrecoverable and it can become dangerous to handle.

2. Do not attempt to open closed media such as laptops or external hard disks:

In some cases there may be voltage present within some power components, such as transformers, which may be dangerous.  Also, opening a previously closed case may also allow or even force water into previously unaffected areas of the device.

3. Do Not Dry the Hard Drive:

Whenever media is damaged by water, the first instinct to remedy the situation is to attempt to access the circuits and physically dry them out. However, the tiny particles and abrasives contained in water are often not visible to the human eye and will seriously damage the media.  Corrosion and any contaminants which may be left on the hard drive platters will need to be treated by professionals. If you’re not able to get to an engineer, sealing the unopened device in a container with a small amount of passive material, such as silica or even dry rice may assist until that time.

4. Never assume that data is unrecoverable

Depending on the level of damage to a digital device, data can sometimes still be recovered. Seek professional help in securing your data and you may be able to continue to enjoy the benefits of the digital world.

Please contact Vincents Forensic Technology on (07) 3228 4000 if we can assist with your computer and data recovery needs.

Electronic Theft Costing Companies More Than Physical Theft

Reuters reports that a recent study conducted by a risk consulting firm shows that, worldwide, electronic theft is now costing companies more than physical theft. While it’s a marginal difference, according to Kroll’s Global Fraud Report, electronic theft accounts for about 27.3-percent of fraud losses reported globally while physical theft accounts for about 27.2-percent of that total. Fraud in North America, both electronic or physical, remains low (87-percent of businesses are affected) in comparison to China, which boasts the highest level of fraud (98-percent).

Kroll’s Tommy Helsby told Reuters, “Much more work is done electronically, and that creates new opportunities for fraud. It takes time for companies to catch up with that.” Information-based industries, like finance, media and telecommunications, were the most common global targets of electronic theft because those businesses handle so much sensitive consumer data. This doesn’t mean you should panic and disable your online accounts. An increase in electronic fraud could mean that we’re doing a better job at detection.

Via: SWITCHED.COM