Despite laws enacted in 2001 to combat digital-related incidents, cyber crime is still pervasive in Algeria. This is due not only to a lack of detection tools, awareness and training courses, but also to the negligence of private and public institutions in protecting their intellectual properties online. In 2010, the Center for Judicial and Judiciary Research (a branch of the Algerian Department of Justice) began developing and implementing cyber security laws. Until then, the field went mostly unregulated. Since 2010, 12 cases have been reported and to-date there has been eighty-eight cases brought to Justice.

Technological innovations in the world of cyber criminals have made the traditional bank robbery seem almost prehistoric. Computer and Internet access now replace the gun; surreptitious locations replace the need for an actual physical presence to confront the victim. Hacking, phishing, spear phishing, spamming, 419 scams, malware, web piracy and cyber terrorism, can all take place from the comfort of one’s cubicle – far from and invisible to the intended target.

A variety of those cyber crimes mentioned above are already affecting Algeria. In 2010, individuals suspected of operating from China infiltrated Algeria Telecom and hacked their servers, thus gaining control over their internet traffic in order to monitor digital communications among its citizenry.

There are other reasons why cyber criminals thrive. First, many law enforcement agencies lack the latest technological tools essential to tackling the problem. Second, the victims lack basic IT skills and an awareness of what has happened to them until it is too late. Yet if we are to address the growing threat of cyber crimes, there needs to be significant improvement in both of these areas. Expertise in the many forms of cyber attacks, training the audience on computer security, and a campaign of educational awareness must be instituted across private and public organizations. Information fliers, posters, e-mails, and videos are simple but vital tools in the war against cyber crime.

Now step back from the fact that these things are happening in Algeria, because while it may seem we are leaps and bounds in front of Algeria on the technology spectrum, the same holds true for organizations and consumers in the United States. We are so enamored with the cool new technologies that allow us to connect and share information from anywhere that we often forget that there are online criminals out there counting on us to have our guard down. We can’t simply rely on technology to protect us completely, because the criminals have found ways around technology – human error. The more people, employees and senior management understand the complexities of the cyber environment, the better off they will be in protecting their personal security and the security of their organization. Don’t become complacent with cyber security; make sure you and your organization are fully aware of the dangers and how to address them.

Trademark owners outside of the adult industry may sign up with ICM Registry to block trademarks from showing up on its new .XXX gTLD. Trademark owners have been making several common errors when applying for a .XXX gTLD.[1] If your company plans on submitting an application before the Sunrise B October 28, 2011 deadline, keeping these mistakes in mind can help you avoid paying multiple fees and having to reapply.[2]

Research which registrar you will use when submitting an application. Some registrars are more experienced than others.[3] Make sure you choose a registrar that will pre-check your application for compliance with all of the application guidelines.[4]

Also, the most common application mistakes to avoid are:[1]

• Eligibility. Make sure that your trademark is eligible. To be eligible, you must have a trademark that was registered prior to September 1, 2011, and you must have the following information:
  • Trademarked Name
  • Trademark Registration Number: Note that your trademark registration number is not the same as your application number
  • Nation Code: The country where your trademark was registered
  • Trademark Registration Date: The date your trademark was registered
  • Trademark Ownership: Your relation to the trademark: Owner or Assignee
• Dropping .com from Trademark. Do not drop the ‘.com’ from your trademark if it includes a ‘.com’. If you want ‘example.com’ to be eligible for ‘example.xxx.’ and not just ‘examplecom.xxx’ you can file amendment 7 with the United States Patent and Trademark Office to have the ‘.com’ removed.
• Inexact Match. Apply to register a domain that is an exact match for your trademark. If you want to register characters in addition to the actual brand name, such as slogans or tag lines, apply under Sunrise AD using a pre-existing domain name because members of the adult entertainment industry (the “Sponsored Community”) is very broad.

Cyveillance recently asked Alex Bobotek, Co-Vice Chairman, of the Messaging Anti-Abuse Working Group (MAAWG) to comment on security risks and trends in spam sent by SMS.

Cyveillance: Most mobile users in North America would not report that they receive much text message spam. Is that because text message spam is not sent to North American users or because the filters set up by mobile carriers are very effective? In either case, is text message spam considered a problem that’s mostly solved here?


Alex Bobotek: Text message spam in North America accounts for less than 1% of messages. It is a problem but it isn’t, and hasn’t been, as severe a problem as email spam, where 80-90% of messages are spam. This is largely due to the carriers’ best-in-class spam filters at the email interfaces, higher costs to senders of mobile spam, and aggressive actions against spammers. These conditions have made it more difficult to spam phones than email inboxes.


Cyveillance: Although certain types of email spam are reportedly on the rise, the overall volume of email spam sent appears to have dropped. How do the current levels of text message spam compare with what you’ve seen in the past?



Alex Bobotek: Unfortunately, although the volume is still comparatively low, the quantity of North American text message spam reaching subscribers’ phones has been increasing rapidly over the past two years. From around 2003, email-to-text spam – traffic sent as email to carriers’ email SMS gateways for delivery as text messages – has been a problem. But the industry has dealt with this effectively, reducing deliveries to a trickle. In the last two years, however, abusers have been exploiting unlimited or other low-cost messaging rate plans to send high volumes of spam. Some of this comes from mobile phones, chiefly prepaid, anonymously-purchased devices controlled by spammers. Additionally, as SMS services become more open to Internet marketers through short codes, affiliate spam has also increased.


Cyveillance: Is there a common topic in text message spam? Does it share the generally slimy advertising for adult sites, illegal online pharmacies, gambling (the “3 P’s: porn, pills, and poker), payday loans, replica rolexes and gucci bags? Or does the mobile environment tend to bring out other topics?



Alex Bobotek: Text messages are more expensive to send, even for spammers. So some of the spam campaigns that depend on high message volume such as pharmaceuticals are rare. Campaigns with higher expected profit per message, such as “free gift cards” and “payday loans,” are more common.


Cyveillance: When spammers send messages by SMS, what are the tactics they often use to avoid detection?



Alex Bobotek: As with email, there are techniques for staying under the radar, such as “snowshoeing,” which is spreading the load across multiple sending devices or accounts, and “polymorphism,” which is generating variations in the messages. Interestingly, it’s more common in SMS than email to bury a small volume of spam in a larger stream of legitimate messages. This is probably because it is much more difficult to spoof an SMS sender’s address (i.e., a sender’s phone number or a short code) than an email address.

Additionally, there’s little mobile botnet activity to date in North America. There are two leading theories as to why this is: First, there is more profit in botting PCs because of the lower cost to infect and the higher value when they are infected, so the professionals are attacking computers instead. The second theory is that the conditions aren’t ripe yet, but mobile botnets are coming as mCommerce and mBanking grow, smartphones gain market share, app downloads explode, and a single mobile OSs gains a dominant market share.


Cyveillance: Do any particular text message spam campaigns that you’ve seen stand out in your mind as being particularly clever or devious?


Alex Bobotek: Absolutely, but I’m afraid I can’t publicize these. On the other side of the spectrum, one not-so-clever spammer bought postpaid phones from a carrier’s mobile phone store, showing his driver’s license to set up an account. He allegedly then sent millions of diet pill spam messages. This turned out to be quite convenient for the carrier’s lawyers, who needed a name and address where they could to which to send the legal process notices. The case got almost comical when the guy tried to argue that it was academic research.


Cyveillance: In your experience, where are the senders of most text message spam to North America located geographically?


Alex Bobotek: They are mostly in North America. Sending from a mobile phone, the most common source of text spam, to a North American mobile is most economical from phones located in North America. Of course, botnets and more sophisticated or specialized spam organizations could change this. However, today most of the text spammers are just developers and hi-tech entrepreneurs with an ethics deficit, rather than script kiddies who have rented resources or obtained an affiliate kit. Therefore, they tend to be in the areas with the most hi-tech developers and entrepreneurs. 



Cyveillance: The advanced persistent threat is a common topic in information security these days. Have you seen evidence of unsolicited text messages being used as part of APT attacks?


Alex Bobotek: APT isn’t my specialty, so I’ll just comment on a few factors that may make text messaging more or less likely to be used in APT attacks. Numerous surveys show that people – correctly, due to much lower levels of mobile abuse – trust their SMS inbox more than their email inbox, which would seem to make text messaging spam a good choice for these attacks. However, many APT attackers targeting U.S. organizations seem to prefer not to use resources that can be traced to parties located in the U.S., such as a prepaid phone traceable to a U.S.-based purchaser. Additionally, it’s difficult to spoof a local phone number from outside the country and a message from a foreign phone number, would likely raise suspicion.


Cyveillance: What is MAAWG’s recommended response for consumers who receive text message spam? 



Alex Bobotek: Text message spam should be reported to the carrier. Some carriers, such as AT&T and Verizon, have set up the short code 7726 – “SPAM” on the keypad – to report spam so you just forward the spam text message to 7726. North American carriers are quite aggressive in protecting their subscribers through both technical defenses and legal means. But with billions of legitimate text messages passing through their networks every day, they need consumers’ help in identifying the spammers, which will then enable carriers to block and prevent their subsequent spam activity. Google “report text message spam ” for instructions.


Cyveillance: Any parting comments?


Alex Bobotek: As with wired Internet abuse, collaboration between ISPs and network operators, government, vendors and academia is the key to managing abuse. Industry led the way in creating collaboration forums such as MAAWG that have worked well in email and that are now working to control mobile messaging abuse. Attending these forums is the best way for security professionals and vendors to learn about and collaborate in fighting mobile abuse.

Many thanks to Alex Bobotek and the MAAWG for taking the time to answer our questions.

The sender name is spoofed to appear to come from “protection@nsa.security.gov” and the links go to national-security-agency.com, a domain that was just registered yesterday. This attack is a perfect example of how deeply spear-phishers understand the psychology of social engineering users. It invokes the authority of a respected and mysterious government agency, it uses fear of being hacked or getting “in trouble” at work to prompt action, and it takes advantage of current events in the form of the widely reported (i.e. verifiable fact) and recent RSA token hack. This is a potent cocktail of logic, emotion and authority to manipulate the user into a desired action, and is typical of today’s advanced Phishers.

Here are some of the tips that can help you spot scams like this one:

1. Supposed needs for patches, security updates and vulnerability fixes are a favorite technique of scammers and phishers. Even if the message appears to come from someone in your own company, treat all such requests as suspicious and verify with your IT team by voice or fresh email to the actual IT person who supports you.
2. Treat ANY email that tells you to download something as malicious until proven otherwise. Again, contact your IT team before installing anything on your system.
3. Hover (but do NOT click) your mouse over all links in the email. The true destination of the link will pop up next to your mouse pointer. If you’ve never heard of the site, treat it as dangerous. Does the site in the link address match the site in the sender’s email address? If it does not, be suspicious. Is the pop up destination different from the URL shown in the visible text of the email, what we call a bait-and-switch link? If so, this is a major warning.
4. Finally, any link that ends in .zip or .exe should be treated as extremely hazardous and not clicked on.

Education is needed to convey to your network users that the stakes here are high. Even if the intruder isn’t seeking a dime from your company, the potential cost with respect to response, data loss and reputation can be crippling. As indicated, the vast majority of these incidents are the result of your users’ social-media behavior. Actually, the exploitation of social media for the purpose of malware attacks is growing at the same or at an even greater pace than the overall use of these sites. Online tools – like the popular, URL-shortening ones for Tweets – are very handy in masking malware threats, and a lack of security-savvy on the part of users establish social networks as a virtual playground for cyber criminals.

In seeking to avoid fallout from this that would impact your business, we at Cyveillance strongly advocate the following five-point plan for our customers a plan that has helped us earn recognition by industry-research leader Gartner Inc. as a top provider of the surveillance/collection/analysis of social-media activity for commercial-organization networks:

1. Launch a social-media policy. We realize that many of our customers already have a policy in place. We examine it, however, to get a sense of whether it’s up to date. Social media changes all the time. Legal documents do not. We look to see whether the policy addresses “real” modern-day concerns about social media, or if it’s really just a copy/paste of some antiquated HR form. Here as some questions to consider within the policy: Is it OK for employees to say that they are representing the company on Facebook, Twitter, etc.? If so, what are the guidelines as for appropriate content to post?

2. Train everyone. As stated before on this blog, your weakest link can be your most uninformed employee. Printing and distributing a policy is fine. But reinforcing it with training is even better. Don’t lecture them. Instead, engage in interactive workshops or computer-based training sessions to test their awareness of the latest social engineering attack techniques. Too many organizations put all of their focus on firewalls and passwords. These days, hackers don’t necessarily need to know how to get around these measures to do damage. They just need to get a single user within the network to trust them via a cleverly disguised email.

3. Establish the significance. Meaning, make sure your users realize how important it is to remain informed and alert. If your logo is used to support some kind of malware scheme, for example, your future relationships with customers and partners will suffer. As conveyed previously, there’s tangible, bottom-line value in a company’s reputation. Within minutes, a successful intrusion can crush the good reputation that an organization has been building for years.

4. Don’t try to do it all on your own. Social media is a very, very large universe. In fact, nearly 56 percent of Internet users in the U.S. use some type of social media, according to the Pew Research Center. That translates to a lot of traffic to monitor. Consider tools such as social media monitoring solutions and protection appliances to address this need for you.

5. Keep it current. No matter what tools you use – as well as intrusion techniques you share with users – make sure everything is up-to-date. The entire landscape of social media and the methods used to exploit it are in a constant state of rapid transformation. What worked this month won’t necessarily work the next. Your security team needs to stay on top by constantly educating and re-educating itself and company staffers on the latest trends.

The bottom line is that – in the “share more, not less” world of today criminals can easily obtain the information needed to craft emails that can fool even the most savvy of users. With no “silver bullet” solution to thwart all intrusion attempts, the best practice is to educate users to make decisions, and equip yourself with the best monitoring tools to detect attacks in progress.

James Brooks, Director of Product Management, Cyveillance

Question to consider: What essentials do you feel are needed in a social-media policy?

Two Australian girls, ages 10 and 12, got stuck in a storm drain. To get help, they whipped out their smartphones and posted Facebook status updates to say they were lost in a local drain, and someone needed to call 000 (Australian 911).

Now, if you read that summary and concluded, “OK. So what? That’s what I’d do in the same situation,” consider yourself as part of a generation in which social media remains fully immersed within practically every facet of your life.

If you’re like me and say, “Wait…What?! They had phones in their hands and they posted Facebook updates asking someone to call the rescue brigade?!,” then you’re clearly a degree or two removed from this typically younger demographic.

Ironically, however, it’s members of the older generation – the ones who would call 911 instead of asking Facebook friends to do it for them who are often the biggest targets for socially-engineered attacks. That’s because higher-level executives with more access to valuable data tend to fall into this category. This, in turn, makes them more vulnerable. They may be connected to social media (or not, see here for an interesting case of what can happen then), but they’re often not as sophisticated in using it as younger employees are.

Think about it: For many in their 20s, social media is like running water or electricity. There is simply no conception of technology as distinct from daily existence, nor a comprehension of living, working, playing or socializing without it. For older users, technology is a topic, a tool, a discipline. They didn’t grow up with all of “this stuff.” Some are happy to use it, but don’t see it as integral to every aspect of their personal or profeesional lives.

This generational gap – where the least social-media savvy employees are most likely to be the prey in a highly targeted attack – presents a significant risk to corporate and government organizations. One need only read the details of the penetrations of Google, Conoco or RSA to see how public information and social media have become the tools of choice for achieving significant penetration and data exfiltration.

To make these well known cases more “real”, let me actually step through this hypothetical but otherwise very realistic scenario: Let’s say I’m a data thief and I know that executive Joe Smith works for a high-profile IT contractor that serves key DoD agencies. (The company here could just as well be a law firm, an accounting company or a widget maker.) I also know from an easy online search that he’s a big booster for his old college’s football team. So guess how easy it would be for me to come up with a completely believable email to send to Joe about the team, in anticipation that he’ll click my infected Web link to get more information?

The answer: incredibly easy, and that one click is often all I need to compromise the network of the company that employs Joe. (If you’re not sure why that’s true, see our White Paper here on A/V Detection Lag Times).

To mitigate these risks, organizations must come up with standard-operating procedures that allow the senior executives to anticipate, identify and avoid socially-engineered attacks. And all users on the enterprise should take a long, careful look at the extent of information they publish on sites such as Facebook, Twitter and LinkedIn. They need to “think like a data thief,” examining what’s posted “out there” relating to their job duties, associated customers/vendors/partners, building location, e-mail, phone and other details to get a sense of how vulnerable they could be and what information about themselves a hand-crafted attack would likely contain or leverage.

Consider educating your workforce – especially the senior members – about these scenarios as a “Safe Social Media Usage 101” ongoing seminar of sorts. It’s one that would provide great, lasting value, regardless of where your users fall within the generational divide.

Eric Olson, Vice President/ Solutions Assurance, Cyveillance

Question to consider: How up-to-date are your users – especially senior executives on socially-engineered attack methods?

But that isn’t really true. Your weakest link can often be your most uninformed business associate.

In other words, it’s not simply about what internal employees do online. The behaviors of vendors, suppliers and other partners matter too. Their activity contributes to your company’s “Internet footprint,” a footprint that phishers can exploit to create an intrusion plan to compromise your network. Your organization could be doing everything right. But if there’s a flaw, say, with a law firm it has on retainer, then your otherwise protected data remains vulnerable.

Let’s say, for example, that your company is defending itself against litigation and has hired that law firm for representation. As part of your legal defense, your C-suite execs email to the firm documents relating to product development, regulatory compliance and other sensitive information. Then, the law firm allows interns to review the documents and, after hours, the interns are seeking out music videos via peer-to-peer exchanges and end up clicking on malware.

That’s all it takes for your company’s entire case and all of that confidential corporate information to get exposed to the entire world.

This means your critical data supply chain must be as tight as it can be. Obviously, you can’t pursue 24/7 monitoring of your associates’ network. But you can enter these partnerships with as much information as possible, to determine whether their security policies are aligned with your security interests.

Ask potential partners these questions: How much ongoing training do your employees receive with respect to recognizing and avoiding socially engineered attacks? What kind of pro-active monitoring do you do? Do you deploy any automation tools that can detect questionable online behavior on the network and stop it before it’s too late?

Then you probably want to review their data-transmission methodology. How highly encrypted is data as it’s exchanged? If I send over payroll and social-security numbers of our employees to an outsourced HR firm, for example, can I be assured that the receiving hard drives have encryption capabilities that meet our standards?

These questions are critical in the evaluation process. The information that you’re essentially “trusting” here, after all, amounts to valuable corporate assets. Consider this analogy: If you turned over a treasured family heirloom jewel to a bank, you’d want to make sure that it was placed in a safety-deposit box that could not be compromised. So you should aspire to the same level of vigilance for the information “jewels” that you send outside your organization’s brick walls.

Eric Olson,
Vice President/ Solutions Assurance, Cyveillance

Question of the week: Have you evaluated the security vigilance of your associated business partners?

So what does this mean? People are going to be flooded with emails stating that they need to update their security records due to the breach, but how will they know a legitimate email from a fake? Quite simply, criminals can now use this information to contact all the victims of the breach and impersonate Epsilon’s customer service. Unknowing victims could think the email requests are coming from their authorized bank or retailer and may unknowingly click on malicious links, download virus laden attachments, or worse, provide key personal information.

Because these attacks often look legitimate, it’s much easier to fall victim if you are not careful. If something doesn’t seem right, it most likely isn’t. NEVER click on a link or download an attachment if you are not positive it came from a trusted source. Also, never give up your personal information (i.e. passwords, account numbers, etc.) over the phone or via email. Your financial institution or retail provider will never ask you for it through those channels. Taking precautionary steps can potentially save you from being the victim of financial loss or perhaps worse. Making sure you and your employees are properly educated will go a long way in complementing your existing security measures. Anti-virus and other solutions help reduce the chances of becoming a victim, but by no means should be your sole means of protection.

One current trend in the world of online fraud is the shift toward the mobile arena. For example, many reports are emerging about attacks against Google’s Android operating system for mobile devices. ISS recently examined malware designed to target Android.

In that vein, today we bring you images from the world of illegal online pharmacies. These organizations put lives at risk by offering prescription medications without a prescription, or worse, by sending fake medications that can cause great harm. Moreover, consumers’ credit card numbers are sometimes stolen when they make purchases from these sites.

Consider this screenshot of one a typical illegal online pharmacy website as viewed on an iPhone:

A traditional illegal online pharmacy as viewed on a mobile device.

As you can see, the type is small, not easy to read, and navigation is difficult.

Knowing that consumers are using mobile devices more than ever, cyber criminals have created the site below specifically to illegally sell prescription drugs in a format that is native to mobile devices. The images below were screenshots taken on an iPhone, and you can see how the presentation is different than a regular website tailored specifically for increased usability on a mobile device: larger font, less clutter… In short, they attempt to make it as easy as possible to make a purchase from this website. You can see that they have even gone to the trouble of incorporating a .mobi internet domain for the site to reinforce the mobile computing experience. It would be praiseworthy if it were not so recklessly endangering consumer safety.

The homepage of the rogue online pharmacy which is optimized for mobile devices.

The site’s product page for its generic Viagra. Note that Viagra is not off patent in most of the world, and is certainly not so in India, where this site claims its products originate. By definition this product is made outside the law and carries risk.

While most illegal online pharmacies will claim to offer a safe shopping experience, most (including this site) do not encrypt your credit card information when the purchase is made.

Here, offerings like “Cialis Professional” are made available for purchase. Unfortunately the maker of Cialis, Eli Lilly, has never offered such a drug. Only the maker of this counterfeit drug knows what the patient is really putting in his body if this is taken.

Regular readers of the Cyveillance Blog are well aware of the significant risks involved in online pharmacies. If you are looking for an easy way to help tell friends and family about this danger, MarketWatch just posted a video interview last week with a Special Agent in Charge from the Department of Homeland Security where they discuss the risks of online pharmacy.

It is our hope that consumers will remember examples like this site and recall that as technology advances, enterprising cyber criminals will likely have already considered ways to take advantage of the new landscape in ways that can seriously jeopardize your health and financial well being. Always stop, think, connect.