Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by a notorious crime gang believed to be based in Eastern Europe. Reg reader Richard D. reported receiving a bogus secure sockets layer certificate when attempting to log in to his Mycheckfree. …
does my bank keep telling me internet banking is secure?
Block the uatelecom range
Its pretty obvious that all of uatelecom.co.ua is dodgy. Their nameserver is ns1.uadns.co.cr with an admin contact in Panama who lists a gmail address. The snailmail address given for that contact is a mailbox.
Consideration should also be given to blocking their upstream providers ukrpack.net and ukrtel.net - in fact I haven't considered it, I've just done it :)
but it's quite difficult to shop safely
The first step in combating on-line fraud is for the major payment sites to get their act together. Once the "legitimate" recipients of electronic payments use best practice, the dodgy sites will start to be discernable by the ordinary user.
E.g.on Monday I tried to make a credit card payment to Vodafone.ie. Firefox warned me off, complaining of cross-site scripting and an obsolete SSL certificate. I thought that I would be conscientious and notify Vodafone customer services. The reply was:
"I'm sorry you have been unable to .... I suggest you disable the security settings on your computer and try ... once more.
"We recommend Microsoft's Internet Explorer Version 6 browser."
We are all doomed.
So, this IP address is ..
.. well known as a source of criminal activity. Why hasn't it been closed down and the operators arrested?
OK, naive question... er thought here
"Security experts say the 18.104.22.168 IP address has long served as a conduit for online crime"
Why not nuke (for those that think in terms of flowers... not nuclear device type nuke) that IP and/or its host?
Because they pay their bills on time.
At least, in the Uk, if you pay your bribes/bills then you can do whatever you want.
Just look at British Telecom
Online banking is safe because if anything happens as the result of misuse of your online account you are refunded the money.
But if you are irresponsible with your cheque book, credit card etc you are liable for the loss.
These online payment systems are not banks and aren't covered by banking law, yet another reason to try to use normal banking systems as much as possible.
re: So, this IP address is ..
Exactly, couldn't agree more. How can they know these are bad people, and not do anything about it?
Step one. Provide evidence to local authorities.
Step two, raid premises (home, offices etc.) and take everything and arrest everyone involved. Freeze all bank accounts.
Step three, throw all people involved in jail and throw away key. Ban all people involved from access to the internet or any companies involved in internet services, under penalty of being thrown back in jail. Take all money from frozen accounts.
If the local authorities are corrupt and/or unwilling to do anything, then surely there would be some way to globally banning these IP addresses? Remove the hosting ISP's from the Internet, remove the ISP hosting back bone providers etc.
Dodgy ISP's and Back bone provided would soon stop hosting these bad sites if they found they would loose their net access. Plus legit sites would avoid dodgy hosts, as they wouldn't want to suddenly find they lost their sites.
How about an official black list, (aka like bluetack.co.uk have). Then simply make that available to all browsers. I know this can be done yourself, (just go to bluetack and download blocklist manager and Protowall or similar). But having this done as an automatic and standard part of your OS would be better.
@so this IP address is...
"Why hasn't it been closed down and the operators arrested?"
Because its hosted in the Ukraine by an ISP who is either a crook themselves or cares only about the revenue stream from the client.
There is no transnational means of closing down an IP address or even an ISP - the Ukranian govt would have to do the latter, the individual ISP the former.
What /could/ happen is that major ISPs in other countries could refuse to peer with the culprit ISP - but there'd be legal and financial implications to that and unfortunately our ISPs don't really care enough to take the pain. Just look at how much spam gets through and you can see their commitment to blocking dodgy sources.
Re: So, this IP address is ..
"Why hasn't it been closed down and the operators arrested?"
Agreed. Maybe, if it's an EU-based Eastern European operation, the Eurocrats should have been a bit tougher on letting everyone onto their gravy train back when they stopped getting love from the existing EU nations, and maybe a few penalty laps outside the EU for the corrupt authorities who let this go on should be in order. Of course, all bets are off if it's happening in Russia or various other states in the region.
Can't do nuffin.....
The nature of the allconnectedness of the Internet means you can't stop this sort of thing happening, also it's protected by international treaties which prevent "Internet Warfare" (although that remains to be seen).
Basically you have to punish the criminals in their country of origin (where the crime was committed), otherwise what's the difference between blocking a site which the govenment believes to be illegal and one it just doesn't like (i.e. Chinese Internet).
Rule one of secure banking, be very suspicious of anything unusual (certificate warnings esp.)
Then also have a good firewall, up to date virus scanner, latest updates, never use a PC for secure banking that could have been tampered with (cyber cafe, kids/grannies who download without knowing what they are doing etc.), intenet banking *can* be very secure, but it can also be very insecure (if you're ignorant of the issues or slack with your security), perhaps the banks should do more to raise awareness, but doing so without scaring people off is not easy and no bank wants to be the first as it will be seen as *their* bank that is less secure than others that don't try to raise awareness.
"To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the US"
By doing so, he checked that it was a US-wide problem shurely... there are places outside the US. Reportedly.
Now it may or may not be an internet-wide problem, but...
"to check that Greek is really the most spoken language in the world, we talked to people in another part of Greece"
anyone remebere 'electric dreams'
can we send 100.000 volts to that ip address ? that might solve things....
Here was me thinking...
...that this was a story about Paypal director changes. Why? because even PH know's they wear black balaclavas and carry a SWAG bag to and from the office.
Yeah I fonud something like that on another site it was basicaly a borked script that just needed a single line changed to a few lines as somewhere along that line the script broke but I was told to use IE as well if I wanted to use that site as they had no plans to fix it anytime soon.. It's a well know supermarket site to boot.
I mean If they had given me an e-mail address I could have e-mail them the fix there and then would have taken about 10 minutes maybe.
I do love those "paypal" dispute ones going about... I precheck all e-mail via mailwasher as it shows where the links truely go that and the true return address of the e-mail.
...The Macedonians and/or the Romanians will be upset that the Ukranians did something "cool" and will wreak havoc upon the purpatrators to fuel their jealousy
No need to panic, or do anything, they'll all sort themselves out and we can go back to being ignorant to it all.
Unless I'm just being too old school here, I haven't graced the presence of an IRC server in over a year at least..
Putting on my jacket and heading to the pub..
Patriotic response encouraged?
Perhaps the IP was released so generally to encourage some patriotic hacker who fancies doing a bit of damage to start a war.
just goes to show you cant trust online shopping any more than you can trust the shop assistant not to clone your card :O/