IBLS Speaker's Corner : Europe

Europe Fights Mobile Malware

Maricelle Ruiz — Wed, 27 Jun 2007 12:10:00 GMT

Just when we thought our computer antivirus would protect us from anything out there…the mobile virus made its grand entrance into Europe. Police started to investigate and recently detained a prolific, mobile-virus creator. Information on the modus operandi of mobile hackers and tips to avoid their traps has been released to nip this challenge in the bud. Although they concur that this criminal activity is still not widespread, experts also agree that it shouldn’t be underestimated.

“Viruses are not harmless pranks; they cause real harm disrupting business and personal communications as well as destroying and stealing sensitive data,” says Graham Cluley, senior technology consultant for Sophos, an IT security firm. “The computer crime authorities around the globe are becoming more experienced at tracking down hackers and virus writers, and malware authors should be asking themselves whether it’s really worth taking the risk.”

After an investigation spanning half a year, Spanish police have detained a 28-year-old man accused of creating more than twenty “Leslie” viruses, reportedly affecting the high-end devices of more than 100,000 people. Millions of dollars could have been lost as a result of the viruses, reportedly named after the suspect’s fiancée. Police have seized computers, mobiles and other high-tech devices to build up their case.

The “Leslie” viruses resembled malware affecting the mobiles of hundreds of people attending the 2005 IAAF World Championships in Athletics in Helsinki, Finland, and devices in Northern Spain. The ‘Leslies’ spread through Bluetooth, manipulating infected devices to send multimedia messages to contacts in the phone agenda as well as in the call and incoming messages lists.

This particular malware came with pornography, ring tones, sports news, chat applications and even antiviruses, and manipulated devices to transmit costly phone messages or caused phones to run out of battery. However, experts report that malware may also come with pictures and video clips; replace system applications; and make screen text unreadable, among other criminal activity.

To protect mobiles, telecom and technology companies recommend that users equip mobiles with antivirus protection and firewalls; or run applications to revamp already affected devices. These programs are available online or at an operator. Companies also advise users to accept ONLY content from a known source, through Bluetooth or Beam infrared technology. Users should deactivate the technology when it is not in use to keep phones from receiving messages containing malware.

Internet security firms also report a fight against multilingual mobile spam within the continent.

Another Cyber Attack Hits Europe

Maricelle Ruiz — Wed, 13 Jun 2007 12:15:00 GMT

When Estonia suffered a series of cyber attacks in recent months, US official John Negroponte told the Financial Times: “We need to prepare ourselves because this is likely only to become more of an issue in the future.” Well, the future is here. And the wave of cyber attacks has moved from Eastern to Western Europe. It has recently been disclosed that around the time Estonia was under cyber attack, an important Spanish domain-registration company was also waging a battle against unknown cyber pirates. The Cyber Terrorism Division of the Spanish Police is investigating the incident. If identified, the hackers involved could be prosecuted for blackmailing a company to prevent the disclosure of confidential information.

There seems to be a disagreement regarding the severity of the situation. While some reports claim that the private data of hundreds of thousands of Internet users is in the hands of criminals, the leading Spanish company in the domain registration and web hosting business, Arsys, has issued a statement denying this information. Executives concede the company has experienced what they describe as “a security incident, compromising some client data.” However, they say, none of the data in question involves email, bank account or credit card passwords and therefore, they claim there’s no risk of illegal access into bank or email accounts.

According to Arsys, hackers reportedly stole FTP codes, enabling them to insert a link to an external server containing malicious code, in the web pages of some clients. As soon as the company detected the incident, executives say it eliminated the link from the web pages, notified affected clients and boosted security measures across the board. To comply with legal requirements, executives add the company has reported the incident to the Cyber Terrorism Division of the Spanish Police. They confirm the incident is under investigation and may end up in court.

The attackers reportedly used servers located in the United States and Russia. According to the latest Symantec Internet Security Threat Report, the United States is the top country for malicious threat activity, accounting for 31% of the worldwide total, followed by China (10%), Germany (7%), France (4%), United Kingdom (4%), South Korea (4%), Canada (3%), Spain (3%), Taiwan (3%) and Italy (3%). Meanwhile, law enforcement authorities have detained a Russian teenager suspected of involvement in the Estonian cyber attacks. The youth reportedly called for massive cyber attacks against Estonian servers in Internet forums.

ASK THE EXPERT: Can I include links to European websites in my webpage without asking for authorization?

IBLS Editor — Wed, 16 May 2007 12:35:00 GMT

Nagy Péter from Hungary asks:

I have a problem and I hope you can help me. I would like to make a website where a lot of European services could be found. I'd like to collect links of useful services. For example, if I would like to place your link on my website without asking, is this possible? I don’t know a lot about Internet Law, that’s why I ask for your help. Please help me!