Source: TheLouisvilleChannel.com Posted: 4:10 pm EST December 7, 2004

December 2004 [ Louisville, KY] – The w32gabot worm infected tens of thousands of school computers across Kentucky. At duPont Manual High School it infected systems dealing with nearly everything from attendance records to checking out library books. Lessons were disrupted, Principal Dr. Beverly Keepers said. “Many of our teachers will post assignments on the Web and students will download that and complete it at home.” Students said that there weren’t always enough books available to replace the lost electronic material. Last year, Jefferson County public schools were hit by the doom virus and it cost nearly $100,000 to recover.

Source: December 6 2004. www.messagelabs.com/intelligence/2004report

The number of “phishing” incidents – the process of tricking users to send information that allows criminals to gain access to their financial assets – has exploded in 2004, according to MessageLabs' Intelligence End of Year Report. In the year from September 2003 to September 2004, the number of phishing emails intercepted by MessageLabs grew from a mere 279 to more than two million. During the course of 2004, MessageLabs intercepted more than 18 million phishing emails.

Ominously, recent phishing emails have been designed to capture online banking details automatically when a user opens an email message, rather than when the user clicks on URL links within messages. Phishers have also attempted to dupe unsuspecting users into becoming middlemen for money laundering operations. MessageLabs also witnessed tailored malicious activity ranging from blackmailing online gaming sites with Denial of Service (DoS) attacks to threatening to send out child pornography in the name of a particular organization. Recent evidence also suggests that Trojans and other malicious code have been developed during 2004 specifically to compromise particular organizations.

Similarly, the percentage of email identified as spam rose from 40% in 2003 to over 70% in 2004. And the ratio of virus-infected messages to all emails rose from 1 in 33 for 2003 to 1 in 16.

For more details: www.messagelabs.com/intelligence/2004report

Baselinemag.com http://www.baselinemag.com/print_article2/0,2533,a=134517,00.asp
September 1, 2004
September 2004 [Hanover, NH] – Just as the fall semester began, the Dartmouth College CIO sent a letter to the entire college community announcing that someone had gained unauthorized access to servers containing sensitive personal information as well as HR data on employees, research and student health information. Recipients were urged to monitor their credit reports since the full extent of the potential identify theft was not known.

July 2004 [ Madison, WI] – Two teenagers were arrested using stolen credit cards as part of an international scheme to order merchandise for themselves and others.

May 2004 [ Newport Beach, CA] – A second student was suspended for breaking into school computers to change the grades of classmates who paid hundreds of dollars for the service. Juvenile Court officials and prosecutors will wait until police finish their investigation before deciding if charges will be filed.

March 2004 [ Noth Ridgefield, OH] – A 13 year old deleted numerous files from a district’s electronic reading program. He was suspended and the case was referred to the police. Although he was accused of hacking, several people pointed out that the program was poorly designed and allowed the deletions to take place without any unauthorized intrusions. They also pointed out that the district was negligent for not having backup copies of the files on a separate server.

January 2004 [Saratoga, CA] – A group of high school students installed “keykatcher” devices on several school computers and captured teacher passwords which they used to access school systems to steal tests and answers. The device costs less than $100 and is about the size of a AA battery. It is installed between the keyboard and the computer. It went unnoticed in teachers' classrooms. “We've only found one KeyKatcher on campus,'' Principal Kevin Skelly said. “But we know there's more out there.” The keykatcher exploit was accidentally discovered in the process of investigating two other incidents: a math student who broke into a school computer and tried to change a grade, and two students who stole a printed test and saved electronic copies.

September 2003 [ Minnesota] – The capture of the teenage creator of the Blaster-B virus was mostly the result of his own stupidity. The code included his own name and contact information. Most virus creators, however, are not this dumb and are almost impossible to track down.

June 2003 [Palo Alto, CA] – A reporter from the Palo Alto Weekly succeeded last week in entering the school district's network using an insecure wireless access point, obtaining some students' grades, home phone numbers, addresses, medical information, psychological evaluations and even full-color photos of the children from an unsecured portion of the district's computer servers.

August 2001 [Oregon] – A 20 year old pleaded guilty to federal charges of hacking into computers at Oregon State University and using stolen credit card numbers in an attempt to wire transfer money through the Western Union Corporation. The hacker also faced charges of breaking into an Internet service provider and stealing copies of company databases containing account information and passwords.

August 2001 [Westchester, NY] – An unknown attacker gained full rights to the Lower Hudson Regional Information Center’s web server and deposited graffiti on various pages, then deleted the log files to avoid detection. Further checking on the firewall revealed that the person had dialed in from a home telephone line to an ISP. To secure the person’s name from the ISP a subpoena was required, which necessitated calling in the police and making the situation public

September 1998 [Georgia] – The U.S. Navy demanded that Georgia Southern University find out who used one of its lab computers to access electronic files from a government agency. A class was in session at the time the attack occurred.