Guilty Plea
The data that Adeniyi Adeyemi pleaded guilty to stealing belonged mostly to fellow IT workers in New York, according to an article Computerworld published Saturday.
Adeyemi set up fake bank accounts using the personal information of IT employees. He then moved money from the bank accounts of charities into those accounts through the automated clearing house system.
Adeyemi targeted charities because they openly publish their bank account details to make it easier to receive donations, the article said.
Adeyemi also stole money directly from coworkers, spending some of the money on rent, credit card bills and items that were later shipped to Nigeria.
Adeyemi pleaded guilty to theft, money laundering and computer tampering. He is scheduled to be sentenced on July 21.
Hardwired Hack
Ordinary computer peripherals can be used to house malicious viruses, the tech news blog Gizmodo reported Friday.
USB devices can act as a "hardware Trojan" — much as music files and other software can act as a Trojan horse for malicious code, USB devices can also run code without the computer's user realizing it.
Antivirus programs and other security software can scan data on USB drives, but most do not scrutinize devices that identify themselves as keyboards or other peripherals that do not typically store data.
"The USB protocol trusts any device being plugged in to report its identity correctly," the article said. "But find out the make and model of a user's keyboard, say, swap it with a compromised device that reports the same information — and that doesn't even have to be a keyboard — and the computer won't realize."
This tactic was demonstrated by researchers at the Royal Military College of Canada in Kingston, Ontario. Though most Trojans would try to steal data by e-mailing to another computer, the researchers instead tested whether the data could be transmitted more subtly — such as by flashing the lights on a USB device in Morse code.
Around the Globe
Hackers are developing networks that can focus on identifying security holes at banks in specific countries — right now, their main target is the United Kingdom, according to the security firm Trusteer Ltd.
The bad guys are limiting their efforts to one country because global attacks are easier to spot, according to an article Computerworld ran Friday.
Today, the U.K. is receiving a lot of attention, but other countries are also being hit, said Mickey Boodaei, Trusteer's chief executive. "Regional malware is not unique to the U.K.," he said. "We've recently started analyzing financial malware in South Africa and identified targeted regional attacks [that] are rarely seen outside that region."
Connecticut's attorney general is investigating a data breach at an Indiana company discovered by a woman in California.
The cross-border crackdown stems from a breach disclosed last month by the health insurer Wellpoint Inc., which exposed the personal information of about 470,000 applicants, Bloomberg Businessweek reported Friday. The breach was discovered by a woman in California, who sued when she discovered that by editing a web address in Wellpoint's online application, she could unveil the confidential information of other people.
