Cyber Top Cops Is Back!

Tuesday, September 02, 2008, the date of my last (but luckily not my final) article. More than a year and a half has passed since my last article. E-mails to cybertopcops.com were left unanswered and the site was no longer updated. Most people who made contact with me during this time, noticed that the site was outdated and no longer maintained. I'm sure a lot of people asked why, so for those who wondered why I disappeared into thin air, here is the explanation.

Those of you who know me well, is aware of the fact that CyberTopCops.com is not my day job and that I'm a very busy man (I work and study at the same time). During this time I took on quite a lot of responsibilities at the firm where I work, which resulted in a lot of overtime. All of the overtime took a bite out of my study time and quite obviously all the study time took a bite out of my CyberTopCops time. To add insult to injury I also had to attend to some personal matters, so I had quite a lot on my plate during the last year and a half. So I hope all my supporters will understand and forgive me for not answering their e-mails (especially my good friend John Masters, thanks for your support during these tough times).

So have things changed all of a sudden? Well, to be honest, no. I kept CyberTopCops.com online because I wanted to come back and continue to fight cyber crime. I tried to make a comeback several times but circumstances prevented me from doing so. I have to mention though, that I did some work on the SHPAMEE project during this time, so even though it seemed that CyberTopCops.com stood still, some of the work continued to happen behind the scenes. I also expanded my PC lab with another computer and converted all my machines from Windows to Fedora Linux (except the one I use to review security software and analyse malware samples). A word of thanks to everyone who continued to submit malware samples, malware sites and spam samples during this time (another BIG reason why I kept the site up and running).

OK, so if things are still as hectic as before, where will I find the time to keep the site updated and write articles? Well I did most of my work during the last couple of public holidays we had over here in South Africa, so I guess I will wait for the next public holiday before I write my next article. No... just kidding. I honestly don't know. All I know is that the desire to return to cyber crime fighting has motivated me enough to do something about the problem. I guess I will have to manage my time a little better and perhaps get some help to keep the site up and running, but I'm a bit of a sceptic and prefer to work alone.

A couple of major events took place in the cyber security field during my absence. SpywareInfo.com expired and was sold to the highest bidder (and yes not to a passionate cyber crime fighter but someone only interested in making as much profit as possible). The same happened to merijn.org (since it had the same owner as SpywareInfo.com). You can read more about this at DSLReports.com. Luckily the good people at SpywareInfo.com was able to continue their work at SpywareInfoForum.com and merijn.org moved to merijn.nu. PLEASE NOTE: The new owners of SpywareInfo.com and merijn.org have been using them for malicious purposes, so I do not recommend visiting them. But perhaps the biggest shock of them all was when Castlecops closed shop in December 2008. This was a huge blow to the cyber security community but I'm sure most of the volunteers have already joined forces with other cyber crime fighting groups. So I guess it is clear I've been out of the loop for quite some time and I have some catching up to do.

I constantly witness cases where people fall victim to cyber crime due to a lack of education. People still walk blindly into the traps set by phishing scammers and malware developers. I recently helped a client to get rid of over 300 infections on a single PC (and another couple hundred infections on every other PC that was connected to the same network), just because they failed to install anti-virus software on their network. This was a classic example of how one PC can cause several infections on every PC connected to the same network. And believe me, the client was quite surprised when I explained the dangers of data mining, identity theft and keystroke logging, not even to speak of the possibility that their PC's were used as hosts for spam distribution.

People often think I exaggerate when I explain the dangers of malware and spam, but their views suddenly change when someone breaks into their bank account or if someone hacks into their e-mail account. The ignorance of most people continues to amaze me. With all the real life stories out there of people falling victim to cyber crime and all the warnings from banks and financial institutions, people still go by their day to day activities without taking appropriate precautions against these threats.

So how can we solve this problem? First of all education (yes I know I tend to sound like a broken gramophone, but one can never emphasise this too much), because education empowers our online community with the know-how to stay safe online without the use of fancy and expensive tools. I also believe mainstream media should play a more prominent role in the fight against cyber crime. We need more stories about victims of cyber crime in the most popular publications. I'm not sure about the press in other countries, but here in South Africa there is almost never a story about phishing incidents or 419 scams (many people over here still don't even know what it is) in our local newspapers or prime time news on TV. Why? Because these stories don't sell newspapers or keep viewers hooked to their TV's. Why? Because journalists don't see them as newsworthy. I realise you can't write an article on every murder, theft or kidnapping, but for goodness sake, make some space for cyber related crimes in your newspapers, magazines and news bulletins on TV and radio. We need to make people aware of these incidents and by making people aware you call them to action to learn more about these threats and how to defend themselves against cyber criminals. Finally, we need better legislation and enforcement of those laws. It makes no sense to have perfect laws but no one is willing and able to enforce them.

So CyberTopCops.com is back in action and I hope to bring you a brand new article once a week, however, I can't promise anything at this moment, but I'll do my very best.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

Cyber Top Cops Goes Spammy (or rather SHPAMEE)

You may have noticed that my last article was published more than 2 months ago. I may have been absent from the blog, but I was not taking a break. I devoted all my time and attention to a new project aimed at educating the Internet community about Internet crime. All my hard work finally paid off and I am proud to announce that the project is finally ready for launch.

Today marks the launch of a new educational initiative called the SHPAMEE project. SHPAMEE is short for Spam, Hoaxes, Phishing and Malware E-mail Examples and replaces the current Hoaxes, Spams & Scams section of our website. The main goals of the new project will remain the same as the old one, but the SHPAMEE project features several new enhancements and improvements over the old project:

• Full headers of e-mail examples will now be published.
  
• Names (aliases) and contact details of perpetrators will no longer be removed from the examples, but will be published along with the examples.
  
• More emphasis will be placed on the techniques used by spammers to bypass spam filters and these techniques will be highlighted more prominently.
  
• E-mail examples will be categorised and grouped more effectively, combined with an integrated search feature, something that was missing from the previous project.
  
• An RSS feed will be updated each time when a new example is published. This will help users to stay up to date with the latest examples published on our site. The RSS feed will also be used as an alert service, where possible, to warn subscribers about the latest spam outbreaks (however the main purpose of this project remains education).
  
• E-mail examples will be discussed in greater detail.
  

Why replace the old project? A lot of work was done behind the scenes to simplify our job of publishing these e-mail examples. Too much time went into the preparation of the e-mail examples, so we had to find a way to publish the examples in a more efficient way. I'm still not completely satisfied with the current publishing model and I'm constantly working on improvements, but the new system saves us a lot of time and the time saved during publishing is used to investigate and discuss the examples in greater detail. The number of examples in the database might be disappointing at first, but we plan to add new examples on a regular basis. We could cut back on the time spent on investigating each spam example, to publish more examples in a shorter time frame, but we do not want to sacrifice the quality of our comments and the background information about each spam example. After all, this is what the project is all about, publishing interesting and valuable information about these examples to educate the Internet community. We still have a huge backlog of examples to publish, quite obviously, because there is never a shortage of spam examples to investigate.

But now a little more about the reasons behind the creation of this project.

There is still a huge problem among Internet users when it comes to the identification of spam. I get loads of requests from people who want me to take a look at some dodgy e-mail to confirm whether it is legitimate or not. Most of these dodgy e-mails are 419 scams and it is shocking to see that there are so many people who are still unaware of these scams, not even to speak of their inability to identify these e-mails as fraudulent. Many people might say: "That's easy for you to say, you work with these scams everyday, so it is easy for you to spot a scam when you see one". Perhaps so, but it is not rocket science to identify a 419 or phishing scam, you just need to use common sense and a little bit of scepticism. There are always certain elements in these e-mails that do not add up and the scammers make these mistakes over and over again.

Identifying a spam e-mail before opening it, is crucial, because spam is the cause of several problems like malware, fraud, distribution of illegal and harmful substances, porn, piracy, identity theft and even more spam (yes, one spam e-mail can be the igniting spark for a forest fire of spam). I mentioned earlier that we will use this project as an alert service where possible, but the main goal remains education. Why so much emphasis on education, isn't it more important to get the word out on new threats and outbreaks? Well, from my point of view I believe education plays a larger role in our defences against cyber crime.

My biggest problem with any alert service is the fact that many threats need to occur before one can take notice of them. There is always a delay between discovering a threat and alerting the public about it and a lot can happen during this time. Another drawback about an alert service is the fact that it can only reach the people who are subscribed to the service (unless you make use of mainstream media off course), so not everyone gets the message. Education on the other hand enables people to think for themselves and helps them to asses the situation on their own terms, based on their knowledge and previous experience. This means the threat is isolated more effectively and buys more time for the alert services to get the word out. So I'm not against an alert service, I simply believe that education will enable the community to adapt to new threats much quicker than a community relying on alert services alone to keep them safe. Your best weapon would therefore be a combination of education and alerts.

I guess a lot of people are wondering why we didn't publish the names and contact details of spammers and scammers along with the examples in the previous project. A spammer never distribute spam under his/her own name, so the spammer will use an alias and the originating e-mail address is often spoofed. So the details are basically useless and our focus was never on the people behind the spam, but more on the mechanics of the spam examples. It is more about the things that spammers do than the persons distributing the spam. However we realised that it would be an additional benefit for the community if we published these phony details along with the examples, especially with 419 scams. This means that you that you are not only educating people about the schemes of a 419 scammer, you are also alerting them about the aliases, e-mail address and telephone numbers used by these swindlers. So as you can see we are back at the ideal of combining education and alerts into a powerful weapon against cyber crime.

Through the SHPAMEE project and a series of educational articles in the weeks to come, I plan to educate the Internet community about the common flaws made by spammers. But what if the spammers start to pull up their socks and correct their mistakes? Spammers will always make mistakes and it is our goal to stay up to date with their latest tricks and gimmicks and communicate these deceptive techniques through the SHPAMEE project.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.