By Daniel Wolfe

Go Directly to Jail

Several foreigners were sentenced to multiyear prison terms in the United States for phishing and other forms of Internet fraud, the online tech news site Ars Technica reported last week.

Three individuals who stole $1.2 million in a so-called Nigerian scam received four to eight years in prison each after entering guilty pleas in January, Ars Technica reported.

Nigerian scams, so named because they tend to originate in that country, trick people into wiring money on the promise of a bigger payoff down the road. They predate the Internet but have thrived over e-mail.

Nnamdi Chizuba Anisiobi of Nigeria received a sentence of 87 months; his friends Anthony Friday Ehis of France and Kesandu Egwuonwu of Nigeria each received 57-month sentences. They were arrested in Amsterdam in 2006 and extradited to the United States to face charges of conspiracy, wire fraud and mail fraud.

Ars Technica also reported that a Romanian phisher in Washington was sentenced on March 31 to a 50-month prison term and three years of supervised release.

Ovidiu-Ionut Nicola-Roman has the distinction of being the first foreign national tried and convicted for phishing in the United States, the article said. He was captured in Bulgaria on an Interpol warrant more than a year ago and eventually extradited to the United States. Ars Technica said that Nicola-Roman might have been snared through a joint effort by the Federal Bureau of Investigation and Romanian law enforcement officials targeting phishing.

Peekaboo

Whole-body imagers — which might enable Transportation Security Administration screeners to see travelers naked — could become common in airport screening lines, The New York Times reported Tuesday.

The machines emit light X-ray doses or radio frequency energy to create an image of what airline passengers might be concealing beneath their clothes. The technology was initially pitched as a secondary screening method for passengers who set off metal detectors, the Times said. The TSA said that its tests of the technology — and the low rate of objections from people who are screened with the machines — have led the agency to consider using it as its primary scanning tool.

The agency is also considering new X-ray technology for screening carry-on bags. Since the new system would be able to tell explosive liquids from harmless ones, the agency may drop its restrictions on carrying liquids.

The imagers were tested at 19 airports, and fewer than 2% of passengers who were given the option of going through the machines objected to the procedure. The TSA said it does not have a timetable for deploying the machines but expects to award production contracts over the summer.

TSA representatives told the Times that going through a whole-body imager is a two-second procedure that would not slow down screening lines. To address privacy concerns, the image generated is viewed by a screener in a remote location. The images are not stored, the agency said, and though they are as detailed as photographs, they can be distorted to mask faces and private parts.

Bruce Schneier, a security technology consultant, told the Times that the procedure is akin to "a physically invasive strip-search" and that he was not convinced that the agency would diligently protect travelers' privacy.

"How do we know they're not going to be storing those images?" he said. "We're taking their word for it."

Bad Assessment

The Interior Department has not repaired vulnerabilities in its network security that were pointed out to it years ago, according to an internal report disclosed last week, The Washington Post reported Sunday.

The report was written last spring by the department's then-inspector general, Earl A. Devaney, who wrote that the agency "persistently failed to meet minimum standards in information security."

The report asserts that close to 70% of network traffic sent through one of the department's Internet gateways in January 2008 "was bound for known hostile countries and the Department lacked the capability to even determine what the traffic was."

Questions about the agency's security flaws were raised as far back as 1989, the Post reported, and resurfaced in 2001 when an official with the department's Bureau of Indian Affairs warned that the bureau's systems could be hacked.

The department was then ordered offline by a judge for two months; these orders were renewed until 2006, when the judge ordering the shutdowns was removed from the case.

The report was made public when it was filed with a federal appeals court as part of a class action by Native Americans against the federal government, the Post reported.

The suit alleges that the government mismanaged lands that the department held in trust for the Native Americans; the department's computer security problems were a key point in the dispute.

In August a judge ruled that the Native Americans were entitled to $455 million. The judgment, which fell far short of the $47 billion requested, is being appealed by both parties.

Worm Apes Worm

Neeris, a computer worm that has been around since 2005, has started to copy the techniques that helped the Conficker worm spread to millions of computers, Computerworld reported Sunday.

Conficker exploited a flaw in Microsoft Corp.'s Windows operating system that was patched in October. By targeting unpatched machines, Conficker spread "to devastating effect," the article said.

Another method the Conficker used to spread was through an autorun.inf file on infected USB drives. Windows machines would search for and run the file whenever an infected device was connected, allowing the file to copy Conficker to fresh machines.

Ziv Mador and Aaron Putnam, researchers at Microsoft's Malware Protection Center, said the authors of both worms may be working together, though the worms operate independently. Neeris "was not downloaded by any Conficker variant," and though the newest version of Neeris appeared near the April 1 time frame, when Conficker was scheduled to contact a fresh set of Internet domains for instructions, the pair said there is "no evidence" that Neeris' spread was connected to this event.