Wednesday, February 20, 2008

Virtualization : Is it Secure?

Virtual machines are often used by security researchers to sandbox malware samples for analysis, or to protect a machine from a potentially hazardous activity. The theory is that any security threat or malicious behaviour will be restricted to the virtual environment which can be discarded and then restored to pristine condition after use.

Virtual machines are sometimes thought of as impenetrable barriers between the guest and host, but in reality they're (usually) just another layer of software between you and the attacker. As with any complex application, it would be naive to think such a large codebase could be written without some serious bugs creeping in. If any of those bugs are exploitable, attackers restricted to the guest could potentially break out onto the host machine.

investigated this topic and presented a paper at CanSecWest on a number of ways that an attacker could break out of a virtual machine.

Most of the attacks identified were flaws, such as buffer overflows, in emulated hardware devices. One example of this is missing bounds checking in bitblt routines, which are used for moving rectangular blocks of data around the display. If exploited, by specifying pathological parameters for the operation, this could lead to an attacker compromising the virtual machine process.

While you would typically require root (or equivalent) privileges in the guest to interact with a device at the low level required, device drivers will often offload the parameter checking required onto the hardware, so in theory an unprivileged attacker could be able to access flaws like this by simply interacting with the regular API or system call interface provided by the guest operating system.

Things you can do to help end Phishing

  • Learn to recognize and avoid phishing. The Anti-Phishing Working Group has a good list of recommendations.

  • Update your software regularly and run an anti-virus program. If a cyber-criminal gains control of your computer through a virus or a software security flaw, he doesn't need to resort to phishing to steal your information.

  • Use different passwords on different sites and change them periodically. Phishers routinely try to log in to high-value targets, like online banking sites, with the passwords they steal for lower-value sites, like webmail and social networking services.

Tuesday, February 12, 2008

Using IT to Combat Money Laundering

Money Laundering in simple words is about making money that comes from a ‘source a’ look like it has come from ‘source b’. This in world of software is also called repudiating one’s identity. Money Laundering has been practiced generally by criminals trying to disguise the origins of money obtained from illegal activities to craft them in a way that they seem to originate from legitimate sources. This is mainly to prevent them connect them to criminal activity. The most common offenders in this process are drug traffickers, corrupt politicians, terrorists and con artists.

Financial Institutions and Banking Institutions are amongst the most vulnerable to Money Laundering as illegal money enters the economy via banks in the form of large cash deposits or illicit financial transactions.

Money Laundering typically has 3 main phases – Placement, Layering and Integration. The common methods used in each of these phases are mentioned below:

1. Placement Stage: This prefers to the physical disposal of bulk cash proceeds derived from illegal activity.
a. Cash paid into bank (mostly with staff involvement or mixed with proceeds of legitimate business.
b. Cash used to purchase high value goods, property or business assets.
c. Cash being exported.

2. Layering Stage: This refers to the separation of illegal entrance of money from their source by creating complex layers of financial transactions. Layering conceals the audit trail and provides anonymity.
a. Several bank to bank transfers
b. e-transactions between different accounts in different names in different countries
c. Changing money’s currency
d. Resale of goods or assets

3. Integration Stage: This refers to the reinjection of the laundered proceeds back into the economy in such a way that they re-enter the financial system as normal business funds.
a. False loan payments
b. Forged invoices used as cover
c. Presenting income from property or legitimate business assets to appear clean

Using Information Technology to combat Money Laundering

While money laundering techniques are becoming sophisticated, so is the technology used to fight it. IT systems cannot be viewed as perfect solutions for Anti-Money Laundering techniques, but current packages have following to offer. Use of these packages enables banks to know and understand their customers and their financial dealings to help them manage risks prudently.

1. Competent for Name Analysis
2. Offer case based account documentation acceptance and rectification
3. Assess Money Laundering Risks at both Account and Customer levels
4. Rules-based systems
5. Include Statistical and Profiling engines for monitoring customers
6. Use Neural Networks and Link Analysis to detect frauds
7. Time sequence matching to prevent Hawala cases
8. Can monitoring transactions for suspicious activity
9. Helps ensure compliance to Banking or Financial standards for Anti Money Laundering
10. Investigation Tools

Effect On Our Economy

Money laundering is one of the ongoing problems facing the international economy. The economic effects are on a broader scale. Developing countries often bear the brunt of modern money laundering because the governments are still in the process of establishing regulations for their newly privatized financial sectors. There is also a growing realization about the extent that money laundering and its relationship with organized crime are interlinked.

The huge profits that accrue to these criminals from areas such as drug trafficking, international fraud, arms dealing, trafficking in human organs, will be used not only to facilitate ongoing operations, but to consolidate the wealth, prestige and respectability of those in control of the criminal business.

Hawala transactions have a huge impact on the economy. Various commercial activities get influenced. In fact, the price of land has been spiraling due to the activities of this mafia. The root of the problem can be traced to the policies of Government both at the Centre and the State. Inflation, rise in the land prices and circulation of black money are among the effect of money laundering methods circulating in the system. If left uncontrolled, it would lead to creation of a parallel economy which will destabilize our country. These artificially created inflated financial sectors create errors in economic policies. Massive influxes of dirty cash into particular areas of the economy that are desirable to money launderers create false demand, and officials act on this new demand by adjusting economic policy.

Issues on a local scale relate to taxation and small-business competition. Money from illegal activity is often untaxed which means the rest of us ultimately have to make up the loss in tax revenue. Also, legitimate small businesses can't compete with money-laundering front businesses that can afford to sell a product for cheaper because their primary purpose is to clean money, not turn a profit.

Money Laundering is a major concern because of its scale, its capacity to exploit and influence the legitimate business world and its capacity for internationalization. These concerns have led to concerted international action for a solution to combat this growing menace called Money Laundering.