Cyberthieves Go Phishing to Rob Banks

Cyberthieves Go Phishing to Rob Banks

Story Highlights Cyber thieves are using phishing to wipe out bank accounts Phishers trick the user to get bank login information Most users don't know that their server settings have been hijacked

Notorious 20th-century bank robber Willie Sutton said famously, "I rob banks because that's where the money is."

It seems 21st-century criminals are following his footsteps.

But while Sutton disguised himself as a cop, a window washer and a Western Union messenger, cyberthieves use a different type of subterfuge -- phishing -- to cover their identities and wipe out bank accounts.

Phishing occurs when fraudulent e-mails that appear to be from a legitimate source are sent in an effort to obtain sensitive information from a user.

Those computer exploits and others are detailed in a survey of security threats and vulnerabilities for 2007 by the IBM Internet Security Systems X-Force.

Of the top 20 companies targeted by phishing in 2007, the report says, 19 are in the banking industry.

Computer users are often tricked into visiting fraudulent sites because of "danger, danger" e-mail subject lines like "account security measures," "important notice" or "(your bank name) security notice."

One sneaky thing some malware (malicious threats) does is to modify a user's server information.

For example, a user types www.bankofamerica.com into his or her browser. But instead of the computer using the service provider's server, which would take the user to the real Bank of America server, the computer uses a bogus server run by phishers -- and that takes the user to a fake Bank of America server.

The phishers take the user's login information and empty the account.

Most users, even the savvy ones, wouldn't know that their server settings have been hijacked.

Just a few years ago, computer viruses and worms seemed designed for bragging rights and a hacker's 15 minutes of fame, but the game has changed. Now, instead of creating chaos by shutting down or paralyzing computer systems, the bad guys are getting more bang for their buck by taking over systems and using them to commit crimes.

The IBM Internet security report shows that nearly 90 percent of all vulnerabilities allow this type of remote exploitation.

"The authors [of this malware] realize they are better off as parasites than they are killing their hosts," said Chris Rouland, engineer and chief technology officer for IBM Internet security.

Rouland said that some other malicious trends include growth in Web browser exploitation, especially for Windows Internet Explorer and Mozilla Firefox.

He said that although fewer vulnerabilities were disclosed publicly last year, the number of "high-severity vulnerabilities" increased by 28 percent compared with 2006.

The X-Force collected and analyzed 410,000 new malware in 2007. That's a third more than they analyzed in 2006.

And wildly popular social networks like MySpace and Facebook are now prime targets for exploits.

What's an average computer user to do?

Though tech-savvy, proudly paperless home computer users may shun those so-20th-century snail mail bank statements, it might be worth it to go retro and compare your online banking information with the paper record.

Rouland says criminals in Brazil have figured out ways to wipe out bank accounts and leave no trail in an individual's online account. And bank customers may be out of luck if the theft goes unnoticed for a while.

Usually, banks give only 90 days to remediate an account problem.

In the old days of worms and viruses and denial of service attacks, many of us learned, often the hard way, that computer security was often an afterthought compared to "user friendliness."

But these days, with organized criminals around the globe stealing with such great stealth, the bank with the best security might turn out to be the big business winner.

Nanotech Clothing Produces Power From Motion

Nanotech Clothing Produces Power From Motion

View image details An illustration shows nanowires arranged like the bristles on a bottlebrush around Kevlar fibers.

New research created such wires out of material that displays the piezoelectric effect, which produces an electric charge from mechanical pressure. Electrodes at the bases of the fibers collect the charge generated as the wires brush past each other.

Clothing made from piezoelectric fabrics could one day generate enough electricity to power portable electronics, a new study says.


Nanotech fabric that can harvest energy from motion could one day lead to clothing that can power portable electronics, researchers say.

Zhong Lin Wang and colleagues at Georgia Institute of Technology designed the new fabric based on a phenomenon called the piezoelectric effect.

This effect occurs when mechanical pressure is applied to certain materials that have crystalline structures in such a way that it produces a small electric charge.

Wang's team lined textile fibers with piezoelectric nanowires arranged like the bristles on a bottlebrush. When a person walks around wearing the material, the wires rub together and generate electricity.

"Bending the wires creates a piezoelectric field potential," Wang said.

The researchers estimated that their material could eventually generate up to 80 milliwatts of power for each square meter (about 11 square feet) of fabric.

An average digital music player or cell phone, by contrast, uses a few hundred milliwatts or more.

So while your future sweat suit may not charge up your iPod, it could power tiny sensors that keep track of your vital signs as you run.

And the use is not limited to clothing, Wang added. The technique can be applied to any surface that picks up vibration, such as engines, tires, or even swaths of cloth catching the wind.

Growing Wires

For their research, which is described in tomorrow's issue of the journal Nature, the Georgia Tech team first grew nano-size wires of zinc oxide around Kevlar fibers.

The wires were 50 nanometers thick, or about a thousand times thinner than a single human hair.

"You can grow this wire on any substrate, even on your hair," Wang said. The wires would make your hair look gray, he added, but it would feel largely the same.

The enhanced Kevlar was then woven to create fabric. As the material stretched, the wires bent, creating electric potential.

Electrodes at the bases of the fibers collected the charge.

Min-Feng Yu is a nanoelectronics expert at the University of Illinois, Urbana-Champaign.

While Wang's team is not the first to harness the piezoelectric effect, they have found a way to produce such material in large quantities, Yu noted.

Last year, Yu demonstrated how a single nanowire could harvest mechanical energy by a similar means.

But the new research shows that millions of such wires could be easily produced.

"Dr. Wang's team has a simple and low-cost process," Yu said. "It opens a new frontier."

Powering the Small

For decades nanotech researchers have speculated about potential applications for tiny electronics.

Nano-size sensors placed in the bloodstream could better detect early onset of diseases, for example.

Such devices could also be woven into soldiers' uniforms to monitor their health during combat.

Other work has focused on a fleet of tiny sensors that could be spread across a geographic area to monitor environmental health.

"One thing [nano-sensors have] in common is that each of these things needs power," Wang said, explaining why he chose nano-scale power generation as an area of study.

Conventional batteries are still too large, but piezoelectric generation would be perfect for these applications, Wang and others have reasoned.

"Any nano-device will consume very little power. Why don't we take an advantage of that?" Wang said.

David Nagel, a research professor at George Washington University, noted that if the team's nanowires work as predicted, then they could indeed power tiny systems, given enough material.

The fabric could even be useful for larger devices if the power is stored up and the devices are used sparingly.

Starlight Echoes Make Cosmic Measuring Stick

Starlight Echoes Make Cosmic Measuring Stick

View image details It's All in the Echo To nail the distance to the star RS Pup, astronomers measured the light coming straight from the star and light reflected off the surrounding gas nebula. Because the star's brightness changes in a very distinctive pattern, the presence of the nebula allowed the scientists to see light echoes and use them to measure the distance to the star. This artist's illustration is not to scale.

Astronomers have borrowed a technique from bats and dolphins to ultra-fine tune the distance to another star.

By using not only the direct light from the star, but also the starlight "echoes" created by nearby gas and dust, astronomers calculated the distance to the star in the constellation Puppis to an accuracy of 99 percent.

The technique is particularly useful for studying the distance from Earth to stars in the Milky Way and the nearby Magellanic Clouds, which are companion dwarf galaxies. It's also critical for calibrating the light of similar stars in other galaxies, and measuring distances between galaxies.

The reason the technique has not been used before on other stars near gas clouds is that the very bright star in question, called RS Pup, is a special sort called a Cepheid.

That's a variable star, which means its light pulses brighter and dimmer at a rate, or period, that is directly related to how much light it puts out. RS Pup pulses brighter by a factor of five every 41.4 days. This period-luminosity relationship has allowed astronomers to use Cepheids as cosmic measuring sticks for almost a century.

What makes RS Pup special is that its pulsing can be also seen in the light reflecting off the gas clouds. The reflection is somewhat delayed, however, because it has to travel from the star to the cloud, and then to Earth.

It's this delay, when compared to the direct, straight-line light from RS Pup, that allowed the astronomers to use basic geometry to refine their measurement of the star's distance.

"This is the only (Cepheid) with a nebula around it," explained astronomer Pierre Kervella of the Observatoire de Paris-Meudon, France. So it's the only one for which this sort of measurement can be done.

To make the measurement, the team had to block direct light from the star to see the dimmer echoes from the gas. That took some skill because RS Pup is no wallflower -- at 200 times larger than the sun and 10 times its mass, RS Pup shines out an average of 15,000 times more light.

"The star is enormously bright," said Bob Havlen, a retired astronomer from the Very Large Array in New Mexico and former director of the Astronomical Society of the Pacific. Havlen studied the very same star using traditional Cepheid techniques and published his measurement in early 1970s.

The dust and gas nebula around RS Pup was first detected in 1961 by Swedish astronomer Bengt Westerlund, but the technology was not quite up to the challenge of using that nebula until about ten years ago, said Kervella. And it was only recently that he thought to try it.

"This is the only (Cepheid) with a nebula around it," explained astronomer Pierre Kervella of the Observatoire de Paris-Meudon, France. So it's the only one for which this sort of measurement can be done.

Despite the difficulties, Kervella's numbers confirm that Havlen's work was pretty good: the new distance of RS Pup -- 6,500 light years, plus or minus 90 light years -- is within the range of Havlen's 1972 measurement.

"It's amazing to me that after 40 years that it's so good," Havlen said.