Saturday, March 31, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, March 31, 2007, at least 3,246 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,621 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Earth Tech: Climate Report Maps Out 'Highway to Extinction'

An AP newswire article, via MSNBC, reports that:

A key element of the second major report on climate change being released Friday in Belgium is a chart that maps out the effects of global warming with every degree of temperature rise, most of them bad.

There’s one bright spot: A minimal heat rise means more food production in northern regions of the world.

However, the number of species going extinct rises with the heat, as does the number of people who may starve, or face water shortages, or floods, according to the projections in the draft report obtained by The Associated Press.

More here.

Websense: ANI Zero-Day Update

Via Websense Security Labs.

Websense Security Labs(TM) is actively tracking more than 100 websites that are spreading the ANI "zero-day" exploit. Proof-of-concept (POC) attack code is also now available, and we expect additional attacks to surface.

Currently the majority of the attacks appear to be downloading and installing generic password stealing code. Also, as represented in the below graphs, most sites are hosted in China. Interestingly the most popular domain space being used is .com.

Due to the fact that POC code is now downloadable on the web, there is no patch from Microsoft, and the fact that some of the attackers we are tracking have infected hundreds of sites on the web, we believe that exploits will continue to surface and the numbers will get larger.

More here.

Keyloggers: How They Work and How to Detect Them (Part 1)

Nikolay Grebennikov writes on The Kaspersky Analysis Blog:

In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia.

An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.

Joe Lopez’s losses were caused by a combination of overall carelessness and an ordinary keylogging program.

More here.

Space Junk Tech: Rubbish is a Ticking Timebomb in the Sky

Peter Griffin writes in The New Zealand Herald:

The passengers on the LAN Chile flight from Santiago to Auckland last week should know just how close they came to calamity when a number of mysterious burning objects roared past during their journey over the Pacific last week.

If the burning objects had hit the plane, causing it to crash, they'd have been very unlucky indeed.

Experts are still arguing about whether the objects were pieces of Russian space junk or a meteorite, but the incident has highlighted the often-overlooked fact that we have made a dumping ground of not only our planet, but also of the heavens above.

Scientists estimate the chance of being hit by a piece of space junk that has re-entered the Earth's atmosphere is less than one in a trillion.

More here.

User Friendly: The Web is a Sewer


Click for larger image.

RegisterFly Initiates Arbitration Challenge to ICANN's Directive


This is an update on the termination of RegistrFly as an ICANN accredited registrar.

As was previously advised ICANN sent a notice of termination to RegisterFly effective 31 March 2007

Under the agreement RegisterFly can initiate arbitration challenging the termination.

RegisterFly has decided to do that and has notified ICANN.

That means the termination has to be stayed by at least an additional thirty days.

Consequently there will be no bulk transfer to another Accredited registrar until further notice.

This clearly does not help registrants. It is another example of RegisterFly putting its own interests ahead of its customers.

More here.

Friday, March 30, 2007

On-Going Internet Emergency and Domain Names


There is a current on-going Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated.

This incident is currenly being handled by several operational groups.

More here.

U.S. Congress Flunks P2P Test

Roy Mark writes on

Our lawmakers seem utterly baffled that the widespread theft of copyrighted music didn't immediately cease following the 2005 Supreme Court Grokster decision ruling P2P services that induce users to infringe are illegal business models.

Of course, these are the same people who are still scratching their heads over why the CAN-SPAM Act has failed to staunch the tide of unsolicited e-mail. They are the same lawmakers whose attempts to curb pornography on the Internet are routinely rejected by the courts as violating the most basic of free-speech rights. And they are the same people whose campaign coffers are regularly filled by the entertainment industry.

As is the case when Congress tries to do something about a problem it can't control, troubled logic becomes epidemic. It started this time with the bashing of college officials as being soft on intellectual property theft.


More here.

TSA Missed 90% of Bombs at Denver Airport

Deborah Sherman writes on

Checkpoint security screeners at Denver International Airport last month failed to find liquid explosives packed in carry-on luggage and also improvised explosive devices, or IED's, worn by undercover agents sources told 9NEWS.

The Transportation Security Administration (TSA) screeners failed most of the covert tests because of human error, sources told 9NEWS. Alarms went off on the machines, but sources said screeners violated TSA standard operating procedures and did not hand-search suspicious luggage, wand, or pat down the undercover agents.

More here.

Bad Guys: Most Dangerous Internet Sites

Dan Kaplan writes on The U.S. News & World Report's Bad Guys Blog:

Online security is a nightmare these days, with all the viruses, phishing, drive-by downloads, pop-ups, and other malware out there. How bad is it? The Bad Guys blog was struck by an intriguing study this month by SiteAdvisor, the Web security firm owned by McAfee.

Researchers set out to chart the Internet's worst "domains"–those suffixes you find at the end of Web addresses, such as those by country (.br for Brazil) and generic (.com or .org). Called Mapping the Mal Web, their report looked at 265 top level domains (TLDs) worldwide and came up with some telling numbers.

More here.

GAO Raps IRS on Information Security (Again)

Paul Roberts writes on InfoWorld's Zero Day Security Blog:

With tax day fast approaching, tens of millions of U.S. residents are preparing to send reams of sensitive personal financial data to the Internal Revenue Service as part of their annual tax filing. That simple fact makes the systems that store that data the worlds fattest target for identity theft.

The big question is: how secure are the IRS's systems for storing taxpayer data.

Not very, according to a report [.pdf] by the Government Accountability Office (GAO). In a report released Friday, GAO s said that IRS has made only "limited progress toward correcting or mitigating previously reported information security weaknesses" at two of its data processing sites, and that 66 percent of the information security weaknesses discovered by previous GAO audits still exist.

More here.

Windows Security Flaw Linked to Super Bowl Site Attack


A security flaw in Microsoft Corp.'s Windows software that leaves computers vulnerable to hijack is linked to February's attack on the website of Super Bowl host Dolphin Stadium, researchers say.

In an advisory issued by Microsoft Thursday, the world's largest software maker said it had confirmed that multiple versions of Windows — including the latest Vista version — contain a flaw in the way the operating system handles animated cursors or pointers.

The animated cursor files end with the filename extension ".ani" and are sometimes used by software such as Microsoft's Office suite and by website developers to enhance or modify the experience of using the computer. The vulnerability could allow an attacker to take control of a computer.

More here.

FBI Director Mis-States Patriot Act Provisions

An AP newswire article, via MSNBC, reports that:

FBI Director Robert Mueller blames poor training and supervision for the bureau's Patriot Act abuses and promises new training programs. He might want to sign up for the first class himself.

Mueller misstated a key provision of the act in appealing to Congress this week for new authority that was actually granted last year.

More here.

Google Maps Change Fuels Katrina Conspiracy Theory

An AP newswire article by Cain Burdeau, via Tech News World, reports that:

Google's popular map portal has replaced post-Hurricane Katrina satellite imagery with pictures taken before the storm, leaving locals feeling like they're in a time loop and even fueling suspicions of a conspiracy.

Scroll across the city and the Mississippi Gulf Coast, and everything is back to normal: Marinas are filled with boats, bridges are intact and parks are filled with healthy, full-bodied trees.

More here.

Black Hat: Fooling Cisco's NAC Network Access Control

Via heise Security News.

Security experts at the Black Hat conference in Amsterdam have demonstrated how Cisco's NAC network access control can be fooled. In a live demonstration using a modified Trust Agent, Michael Thumann and Dror-John Röcher from ERNW were able to gain full access to an NAC protected network using a computer which did not comply with network policies.

According to Thumann and Röcher, Cisco has already fixed the problem and will be releasing its own advisory on the issue shortly. Network administrators can use systems such as Cisco's NAC to define access policies. An example would be that up-to-date anti-virus software and operating system patches must be installed for computers attempting to access the intranet. In NAC, conformity with these policies is checked by a 'Trust Agent' or 'Security Agent', which is installed on the clients and reports its results to the NAC router.

The attack demonstrated makes use of a fundamental weakness in common access control systems for networks - if client-side control software is running on a system which is under an attacker's control, he can determine its behaviour and can pass himself off as conforming to policies at will.

More here.

Minnesota: Retailers, Credit Firms Spar Over Data Theft

Via The Minneapolis-St. Paul Business Journal.

Financial institutions and retailers are squaring off over a bill that would prohibit retailers from storing customers' credit-card security information. If it becomes law, retailers also would be financially liable if that information is stolen.

The Plastic Card Security Act rides a wave of legislation aimed at consumer protection, ranging from predatory mortgage lending to gift-card policies. It expands upon a law passed two years ago that requires financial companies to inform customers following security breaches.

Financial institutions say the bill simply holds retailers accountable for security breaches they cause. Retailers counter that credit-card companies already prohibit the retention of security information and that the bill unfairly blames retailers for security problems.

More here.

(Props, Pogo Was Right.)

Lax Maxx: Stealing Customers' Data Still Seems All Too Easy

Image source: The Economist / AFP

Via The Economist.

Until recently TJ Maxx clothes shops were best known for a rapidly-changing assortment of brand-name clothing at rock-bottom prices. Now TJX, the American parent company that operates TJ Maxx (TK Maxx as it is known in Britain) and a clutch of other chains in 2,500 shops in America and elsewhere, may be better known for letting slip its customers’ credit- and debit-card details in bulk.

This week details were released of a huge security breach that first cam to light late last year (the company first admitted it had a problem in January). Hackers had apparently gained access to the card details of 45.7m customers.

Shamefaced spokesmen have tried to look on the bright side.

More here.

WTO Rebuffs U.S. on Internet Betting Ban

An AP newswire article by Bradley S. Klapper, via Yahoo! News, reports that:

The U.S. has failed to change its ban on Internet betting to comply with a
World Trade Organization ruling that said the legislation unfairly targets offshore casinos, the global trade body said Friday.

The ruling opens the door to possible commercial sanctions against the U.S.

In a 215-page decision [.pdf], a three-member WTO compliance panel sided with the twin Caribbean island nation of Antigua and Barbuda, which has argued that Internet gambling is a lucrative source of revenue and provides an income for hundreds of islanders.

The Geneva-based trade referee has said Washington can maintain restrictions on online gambling, as long as its laws are equally applied to American operators offering remote betting on horse racing.

More here.

Accused Chinese Spy's Defense Bolstered by e-Mails

H.G. Reza writes in The Los Angeles Times:

An attorney showed a jury e-mails Thursday that he said proved officials at an Anaheim defense firm knew that an engineer accused of illegally supplying military technology to China was going to present the information at a public symposium.

Chi Mak, 67, is on trial in U.S. District Court in Santa Ana, charged with 15 counts of conspiring to violate export laws, exporting or attempting to export defense information to China, acting as an agent of the Chinese government and lying to the FBI. He has been held without bail since his arrest on Oct. 28, 2005. A naturalized citizen who grew up in China, he worked on Navy warship projects for Power Paragon Inc.

Fred Witham, head of security at Power Paragon for 15 years, testified that Mak presented documents at the conferences without company approval.

More here.

Viet Nam: Internet Activist Priest Imprisoned

Via Amnesty International USA.

Father Nguyen Van Ly, a 60-year-old Catholic priest who helped set up an internet petition calling for democratic change, was today sentenced to eight years imprisonment for "conducting propaganda" against the state.

Four of his associates, Nguyen Phong, Nguyen Binh Thanh, Hoang Thi Anh Dao and Le Thi Hang, were also sentenced.

More here.

UK: Bank Glitch Leaves 400,000 Without Salaries

Rupert Jones writes in The Guardian:

A major technical hitch means that up to 400,000 people will today find that their monthly pay has not gone into their bank account. Many of those affected could see their finances plunged into the red, as some will have mortgage payments and other bills going out today or over the weekend.

The problem came to light last night. But the banks have promised that no customer will be left out of pocket if the error makes them overdrawn.

A spokeswoman said there had been a technical problem involving the payment processing systems. Initially the systems ran slower than usual, and then it was discovered that some data may have been corrupted.

More here.

Great Firewall of China: French Website Blocked for Warning of Investment Risks in China

Via Reporters sans Frontières.

The blocking of access to the Observatoire International des Crises website ( within China since late February after it posted an article, entitled “Shanghai, mon amour,” (Shangaï, my love) warning companies about the risks of trading with China shows that Chinese online censorship is by no means limited to “subversive” political content, Reporters Without Borders said today.

“Internet filtering is not just a problem for political activists, it also affects those who do business with China,” the press freedom organisation said. “How do you assess an investment opportunity if no reliable information about social tension, corruption or local trade unions is available? This case of censorship, affecting a very specialised site with solely French-language content, shows the government attaches as much importance to the censorship of economic data as political content.”

The press freedom organisation added: “The free flow of information online is not only a human rights issue, it is essential to lasting economic growth and the creation of solid trade relations with other countries.”

More here.

'American Idol' Voting Campaign Slammed With DDoS Attack

Dan Kaplan writes on SC Magazine Online:

A popular but controversial website that asks fans of the hit US TV show "American Idol" to vote for the least talented contestant each week continues to be slammed by a distributed denial-of-service attack, the site's manager has admitted., said to be the programme's most popular web destination behind the official site, has angered "Idol" purists since its launch in 2004 because it seeks to keep around the most entertaining, not necessarily the most talented, singers.

And now it's apparently caught the ire of not just teenage girls, but also the hacker community.

Nathan Palmer, who manages the site and server, said in an email that the site fell victim on Wednesday to an all-day DDoS attack using spoofed IP addresses. The site was pounded by 400 megabits of traffic per second, beginning at 12:30 am, about two hours after the show went off air.

More here.

ICANN Votes Against '.xxx' TLD

An AP newswire article, via MSNBC, reports that:

The agency that sets the Internet addressing guidelines influencing how people navigate the Web defeated a proposal Friday to give adult Web sites their own “.xxx” domain.

Many in the adult-entertainment industry and religious groups alike had criticized the plan, which the Canadian government also warned this week could leave the Internet Corporation for Assigned Names and Numbers in the tricky business of content regulation.

The 9-5 decision by ICANN’s board came nearly seven years after the proposal was first floated by ICM Registry LLC. It was the third time ICANN has rejected such a bid. One member abstained from voting.

More here.

Thursday, March 29, 2007

Toon of the Day: The Difference


.XXX Reportedly Voted Down in Board Straw Poll

Bret Fausett:

"Advanced word at the ICANN meeting tonight in Lisbon just came in. I understand that the board has voted down the Dot XXX proposal tonight, the board decided behind closed doors tonight that the new TLD should not be added to the Internet root."

I say "good", because the entire concept is brain-damaged.


Separate White House E-mail Accounts Draw New Criticism

Via U.S. News & World Report.

News that administration officials are buying separate private E-mail accounts to avoid using the internal system, coupled with reports that aides have often used GOP E-mail accounts, is drawing heat from public interest groups. One, the Citizens for Responsibility and Ethics in Washington, or CREW, claims the practice could be illegal.

According to CREW, the Presidential Records Act appears to require that internal documentation be kept and that it should be handled in official channels. The separate accounts are outside those channels.

"It appears that White House staff members routinely violated the law by using RNC E-mail accounts for official business," said CREW's Melanie Sloan.

More here.

U.S: China Cyberspace, Outer Space War Gains Impressive

Paul Eckert writes for Reuters:

China's development of modern modes of warfare including military uses of outer space and cyberspace have yielded impressive gains that require U.S. vigilance, experts told a congressional panel on Thursday.

The officials and security analysts told the U.S.-China Economic and Security Review Commission that China's military modernization also raises alarms because the communist government in Beijing remains secretive about its intentions.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, March 29, 2007, at least 3,244 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,621 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Get In Line: The Rush for H-1B Visas Is On

Michael Cooney writes on NetworkWorld:

With the deadline of April 2, filing for an H-1B visa is closing in experts say this year’s allotment of 65,000 slots will likely be exhausted in record time – time measured in days or weeks not months, as in years past.

And the agency that oversees the visas, the U.S. Citizen and Immigration Service (USCIS) has told the public that it will not accept any applications received earlier than April 2 and will reject those filed before the start date. This means people who planned on filing their petitions on Friday, March 30 with the USCIS to accept on March 31 will have their cases rejected, USCIS says.

More here.

ICANN Urged to Cut Phishing Trawl with Banking TLD

John Leyden writes on The Register:

Security watchers are calling on net governance body ICANN to adopt a new top level domain name to be used exclusively by registered banks and financial organisations.

A .safe or .sure domain name would give consumers increased piece of mind that they are dealing with a legitimate financial institution while potentially making it easier to identify rogue sites.

If ICANN introduced a .safe domain (or .sure or .bank), which could only be used by registered financial institutions, it would allow security providers to create better software to protect the public, according to F-Secure.

More here.

China: Author Apologizes But Fails to Fix Panda Worm

Robert McMillan writes on InfoWorld:

The accused mastermind behind the Panda Burning Incense worm has not done a very good job of making amends, according to security vendor Symantec.

Li Jun, a 25 year-old man from Wuhan, in central China, was arrested last month for allegedly selling copies of Panda. He is the first man to be arrested in China for virus-writing, according to China's Xinhua state news agency.

In an effort to make an example of Li, state police said they made Li write software that would remove the worm, but after analyzing the software, Symantec says this program fails to undo many of the file and registry changes made by Panda. Worse, it is completely ineffective against some variants of the malware.

More here.

Quote of the Day [2]: Ken Steinberg

"These guys perpetrated a perfect crime. This is what scares the living daylights out of everybody. And this one won’t be the last."

- Ken Steinberg, Chief Executive of Savant Protection Inc., commenting on the TJX debacle.

Hackers Attack DoD's myPay Military Wage User Accounts

Dmitry Chepusov writes on The Kings Bay Periscope:

The myPay website is known throughout the Department of Defense as a useful tool servicemembers can use to securely keep track of their leave and earnings statement. However, one Navy Region Southeast Sailor learned that no computer system is completely safe from the onslaught of hackers.

This Navy Band Southeast Sailor's myPay account was hacked and his direct deposit information changed, sending his paycheck into a prepaid card he did not own. It was only a few months before earlier that a dozen Sailors' Thrift Savings Plan funds were withdrawn using similar means.

According to reports and e-mails circulating this week, a hacker well versed in military pay accounts compromised the Sailor's personal computer. As with the TSP theft two months ago, a hacker used key logging software to log the Sailor's keystrokes while he was accessing his myPay account from the privacy of his home. On the day before payday, the hacker accessed the Sailor's account and changed the direct deposit information to transfer the funds into a foreign account.

More here.

'911 is Closed - Everyone's at the Doughnut Shop'

A Morning Call (Pennsylvania) newspaper article, via The Boston Globe, reports that:

A firefighter clicked on a link on the city's Web site and got a recording of a bogus dispatcher saying 911 was closed.

"Our offices are closed because everyone is at the doughnut shop," said the audio file. Stu Gallaher, city business administrator, said Wednesday the file was quickly removed when city officials learned about it.

Gallaher said it was accidentally left on the site by former Fire Chief Frank Chisesi, who had been hired to improve the city's Internet offerings. Chisesi said he had placed several audio files on the site but they did not work and he thought he had deleted them.

More here.

Quote of the Day: Brian Krebs

"Microsoft's advice about visiting 'untrusted Web sites' is not entirely helpful or complete."

- Brian Krebs, writing in Security Fix about the latest Microsoft Internet Explorer zero-day exploit.

TJX Intruder Had Retailer's Encryption Key

A Ziff Davis Internet article by Evan Schuman, via eWeek, reports that:

The massive data breach at $16 billion retailer TJX involved someone apparently armed with the chain's encryption key, but it might not have been needed as the cyber-thief was accessing data during the card-approval process before it was encrypted.

These are among the latest details in what is almost certainly the worst retail data breach ever.

In a 10-K filing to the federal SEC (Securities & Exchange Commission), TJX said it didn't know who the intruders were, but it did provide more details about what they say happened that led to the card information of some 46 million consumers to get into unauthorized hands.

The intruder or intruders here apparently planted software in TJX systems to capture data throughout the day and they also engaged in an increasingly popular tactic: post-event cleanup.

More here.

Australia: Optus Scrambling to Find Eavesdropping Glitch

Asher Moses writes on

Optus is battling to find the cause of a fault in its network, which allows customers to eavesdrop on others' phone calls.

The issue was originally thought to be limited to the Optus pre-paid mobile service, but readers have subsequently described the issue occurring in Optus' landline network as well.

It has customers fearing their privacy has been compromised.

Reports describing the glitch first appeared on the popular online broadband community, Whirlpool.

More here.

(Props, Pogo Was Right.)

Neiman Marcus Sues Registrars in $12M Domain Tasting Suit


US retailer Neiman Marcus is suing two domain name registrars for more than $12 million over their registration of names containing variations of its brand. The two linked companies are accused of improperly registering more than 40 domain names.

The case takes and Spot Domains to task over the relatively new phenomenon of 'domain tasting'. This is the practice of registering domains for five days then cancelling those that do not attract enough traffic. Taking advantage of a five day cancellation period, that practice costs the registering party nothing.

Within that five day period, adverts are published on the pages, and any page that receives enough hits to earn more than the $6 per year domain name registration fee is kept and paid for.

More here.

Breaking: Networx Universal Awarded

Kim Hart writes in The Washington Post:

AT&T Inc., Qwest Communications International Inc. and Verizon Inc. were awarded the government's largest telecommunications contract in history, leaving Sprint Nextel Corp. out of a deal potentially worth up to $48 billion over the next 10 years.

The three winners will now compete for individual contracts with the 135 agencies that are expected to buy telecom services and products through the contract, known as Networx Universal. The contract covers voice, video and data services that will be used throughout the United States as well as in nearly 200 countries worldwide.

More here.

MessageLabs: Blame Sales for Those Computer Security Breaches

A Reuters newswire article, via eWeek, reports that:

Junior sales staff are most likely to be responsible for technological security breaches at work, according to a British survey.

The poll of 942 IT managers found that salesmen between ages 26 and 35 are most at risk from computer viruses and other online attacks. Internet security firm MessageLabs, which commissioned the survey, said sales staff were too busy to worry about protecting themselves and their company from fraud.

More here.

Report Says Interior Official Overrode Work of Scientists

Felicity Berringer writes in The New York Times:

A top-ranking official overseeing the Fish and Wildlife Service at the Interior Department rode roughshod over agency scientists, and decisions made on her watch may not survive court challenges, investigators within the Interior Department have found.

Their report, sent to Congress this week by the department’s inspector general, does not accuse the official, Julie A. MacDonald, the deputy assistant secretary for fish, wildlife and parks, of any crime. But it does find that she violated federal rules when she sent internal agency documents to industry lobbyists.

More here.

Wednesday, March 28, 2007

Alcatel-Lucent Pushes the Optical Envelope

Ryan Lawler writes on Light Reading:

Alcatel-Lucent flexed its optical muscles this week, announcing a world-record optical transmission and demonstrating other optical milestones in a series of post-deadline papers presented at OFC/NFOEC.

In one post-deadline paper released today, AlcaLu announced that it transmitted 25.6 Tbit/s of optical data over a single fiber strand using 160 Wavelength Division Multiplexing (WDM) channels. The transmission went through three 80km spans, using WDM in both the C and L wavelength bands.

More here.

Prosecution: Spy Case Shows China's Effort To Steal U.S. Secrets

Josh Gerstein writes in The New York Sun:

The career of a Chinese-born electrical engineer, Chi Mak, over four decades is a textbook example of how China's spy services encourage their agents to burrow into American society in order to steal America's defense secrets, federal prosecutors said yesterday.

The picture of Mr. Mak as a dedicated and patient Chinese spy, along with an alternate image of him as a tireless and loyal developer of vital technologies for the American Navy, came as the government and the defense presented opening statements in one of the most significant China-related prosecutions ever to go trial in an American courtroom.

More here.

Prosecutors Say Ex-Qwest Chief Tried to Hide Assets

An AP newswire article, via The New York Times, reports that:

Joseph P. Nacchio, the former chief of Qwest Communications, who is on trial for insider trading, tried to hide $90 million in assets by transferring stock into accounts held solely by his wife, according to a prosecution motion made public Wednesday.

In the motion filed late Tuesday outside the jury’s presence, a prosecutor, Kevin Traskas, asked for permission to introduce evidence about the February 2002 transfer to counter the defense’s contention that Mr. Nacchio did not sell personal shares of Qwest Communications from 2001 through 2002.

More here.

Australian Firm Targeted With Trojan Keylogger CDs

Steven Deare writes on ZDNet Australia:

A low-tech approach to phishing has caught a NSW-based organisation after its employees were mailed CD-ROMs containing hidden keylogging software.

While the identity of the organisation has not been revealed, the perpetrators knew their target as the CD-ROMs were addressed to the organisation.

AusCERT (Australian Computer Emergency Response Team) spokesperson Macleonard Starkey told that, once inserted into staff computers, the CDs started a Windows Media Player executable file. In the background, keylogging software was downloaded.

More here.

Wanted By DARPA: IR Chemical Communication Graffiti Tags

Bill Christensen writes on

The Chemical Communications (ChemComm) program objective is to encode and transmit information in a rapid and covert manner. DARPA is asking for proposals for a PDA-sized device that will quickly print out coded tags, with a specific message, for placement in strategic locations in different environments, to be read by unmanned aerial vehicles (UAVs) or planes.

The tags will be used to mark locations of interest, identify friendly forces embedded or trapped in combatant zones, and in various surveillance and reconnaissance missions.

More here.

New Canadian Bill to Expand Law Enforcement Wiretapping

Tuan Nguyen writes on Daily Tech:

Internet privacy and user rights have long been a hot topic of debate in the U.S., but next door neighbor Canada has been relatively quiet on the issue. Things are about to heat up in Canada as the current Liberal government tries to pass something called the Modernization of Investigative Techniques Act (MITA) or Bill C-416.

The bill allow government and law enforcement agencies to access private citizen information without a warrant. Bill C-416 makes it possible for scenarios such as limited digital and analog wiretapping. Additionally, ISPs will also be required to give full customer information if needed.

More here.

(Props, Flying Hamster.)

TJX Breach Involved 45.7M Cards

Via The Boston Globe.

At least 45.7 million credit and debit card numbers were stolen by hackers who broke into the computer systems at the TJX Cos. in Framingham and the United Kingdom and siphoned off data over a period of several years, making it the biggest breach of personal data ever reported, according to security specialists.

TJX, the Framingham discounter that operates the T.J. Maxx and Marshalls clothing chains, also reported in a regulatory filing yesterday that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers’ license numbers. ‘‘It’s the biggest card heist ever,’’ said Avivah Litan, vice president of Gartner Inc. ‘‘This was obviously done over a long period of time, in many locations. It’s done considerable damage.’’

The filing provided the first detailed accounting on the breach since TJX publicly disclosed the problem in mid-January. TJX spokeswoman Sherry Lang said that about 75 percent of the compromised cards either were expired or had data in the magnetic stripe masked, meaning the data was stored as asterisks, rather than numbers. But the true extent of the damage likely will never be known, Lang said, because of the methods used by the intruder as well as file deletions by TJX done in the normal course of business.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, March 28, 2007, at least 3,243 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,618 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

N.Y., N.J. Hit Internet Gambling Rings

Roy Mark writes on

New York and New Jersey law enforcement officials busted two Internet bookmaking operations today that allegedly handled more than half a billion dollars in sports wagers over the last 16 months. Authorities said the arrests targeted "traditional mob-run" bookie operations.

In more than 70 raids based in Queens County, N.Y., and Monmouth County, N.J., authorities arrested 54 people with 12 more still at large. Among the host of criminal enterprise, conspiracy and money laundering charges, the defendants are charged with operating an unlawful gambling enterprise on the Internet.

Among those charged as a bookmaker is John Kinahan, 56, a former New York City police officer and current manager of a Long Island topless dancing club owned by his wife, Ginger Kinahan, 56. In New Jersey, raids netted more than $2 million in cash and a luxury yacht named "Risky Business" owned by the ring's alleged principle bookmaker, Joseph Pasquale, 51, of Mantoloking, N.J.

Queens County District Attorney Richard A. Brown said bettors and the ring's runners and managers used a Web site with its servers located in Costa Rica.

More here.

Startup Aims to Keep Network Security Vendors Honest

Robert McMillan writes on InfoWorld:

With the help of one of the world's best-known hackers, a little-known Austin startup hopes to give Internet service providers and enterprises a way to tell if their networking hardware is living up to its promises.

Late next month, BreakingPoint Systems Inc. plans to launch a new network test appliance that sniffs out security holes in devices such as load balancers, intrusion prevention systems, and routers. Called the BPS-1000, the device also gives users a way to see how their networking equipment performs under a high volume of networking traffic, said Dennis Cox, BreakingPoint's chief technology officer.

Cox and co-founder Craig Cantrell came up with the idea for BreakingPoint two years ago while working at 3Com Corp.'s TippingPoint division, where they realized that they were spending more money on testing equipment than they were on building products. What began as a running joke "every time we had to sign a purchase order for a half-million dollars worth of test equipment," eventually became a business plan, Cox said.

More here.

Headline of the Day: LiveScience

Image source: / Proyecto La Puntilla-UAB

"Ancient Head-Squishing Violence Revealed"

Heather Whipps writes on

Ancient Peruvian aristocrats dismembered their less well-off neighbors as a scare tactic, new archaeological finds suggest.

Several deformed corpses were found during recent excavations at the burial necropolis of El Trigal, a once-downtrodden community located in the Nazca province of Peru and dating to the 1st century A.D.

Members of nearby wealthier communities looking to send a message about their power may have been responsible for the mutilations, say archaeologists.

"When a dominant class appears, [it] always seeks mechanisms to impose fear," said Pedro Castro-Martinez of the Universitat Autonoma de Barcelona (UAB), who headed up a study of the corpses. "The power of an elite is exercised and maintained by means of force and fear. Mutilations can be part of those tactics to frighten."

More here.

Fortune 1000 Companies Hosting Bots in The Perimeter - UPDATE

Good job, Rick & Adam.

We've seen similar data...

Dan Goodin writes on The Register:

When it comes to bot-infested PCs that spew spam, most of us assume the owners are newbie users too naive or careless to follow basic security measures. Think again. There's a good chance that the penis enlargement email that just landed in your inbox is from a network maintained by Oracle, Hewlett-Packard or some other Fortune 1000 company.

We've been poring over data collected by Support Intelligence, a firm that uses spam traps and other methods to trace the locations of infected computers. Over two weeks in mid-February, it assembled evidence that computers connected to the networks of at least 28 large organizations sent unsolicited email.

These emails ran the spam gamut, from pump-and-dump scams to come-ons for Viagra. One appearing to come from Oracle tried to phish recipients' PayPal credentials. HP was also on the list. Best Buy, the giant electronics retailer, took the prize, having sent out more than 5,000 spams. To its credit, Best Buy acknowledged the spam problem after we brought it to the company's attention.

More here.

UPDATE: 10:17 3/29/2007: Also covered by Brian Krebs today in Security Fix.

Class Action Rumble: ICANN Sued by Irate RegisterFly Customer

Burke Hansen writes on The Register:

The Dummit Law Firm announced today on its website that it has filed a class action lawsuit against internet registrars Registerfly and Enom, as well as internet standards body ICANN.

The lawsuit was filed on behalf of Anne Martinez, a Registerfly customer and the registered owner of, which provided the main source of income for her and her children. The lawsuit was unsealed on March 23 and officially announced by the plaintiff and her attorney's today.

More here.

Citigroup Analyst Sticks 'Sell' on Vonage

Mark Sullivan writes on Light Reading:

The research department of one of Vonage Holdings Corp.'s IPO underwriters has slapped the company's stock with a Sell rating.

In a research brief sent to investors Tuesday, Citibank analyst Michael Rollins writes that Vonage may be headed for "a financial restructuring or bankruptcy in the 2008 or 2009 timeframe" if it doesn't prevail in its patent lawsuit fight with Verizon. He downgraded the stock from Hold.

More here.

In Unusual Step, Bush Cites Iraqi Bloggers

A Reuters newswire article, via The Boston Globe, reports that:

In an unusual step, President George W. Bush cited a pair of Iraqi bloggers on Wednesday to try to bolster his case that his troop buildup in Iraq is making progress.

Bombings in Iraq continue to take a heavy toll but Bush insisted U.S. and Iraqi forces circulating in Baghdad were making a difference, slowly.

"'Displaced families are returning home, marketplaces are seeing more activity, stores that were long shuttered are now reopening,"' Bush quoted the bloggers as writing.

In a speech, Bush did not identify them, but the White House said he was referring to an opinion article published March 5 in the Wall Street Journal by the two bloggers, Omar and Mohammed Fadhil.

More here.

Webroot: Malware Disrupts Half Of Global Businesses

Sharon Gaudin writes on InformationWeek:

Malware is disrupting nearly half of worldwide businesses, a new study reports.

The Webroot State of Internet Security study reports that out of 600 global businesses that were surveyed, 43% of them said they're suffering business disruptions due to malware and more than 60% do not have an information security plan.

More here.

Corporate Sloppiness Is the Real Culprit for Data Loss

Lisa Vaas writes on eWeek:

Expect to see the 2 billionth personal record compromised by year's end, according to recent research from the University of Washington. But don't blame it on rogue hackers; sorry to say, it's your own fault, Corporate America.

Researchers at the university in Seattle estimate that electronic records—those containing Social Security or credit card numbers, academic grades or medical history—are bleeding out of North American organizations at the rate of 6 million a month so far in 2007—up some 200,000 a month from last year.

More here.

Microsoft Releases Attack Advisory For WPAD Protocol

Sharon Gaudin writes on InformationWeek:

Microsoft released a security advisory on Wednesday, warning users about a new attack on the Web Proxy Automatic Discovery protocol (WPAD).

The government Internet threat alert center -- U.S.-CERT -- is advising users that an attacker with the ability to register a WPAD entry in a Domain Name System (DNS) or Windows Internet Naming Service (WINS) server may be able to cause a WPAD-configured client to resolve to an arbitrary host and retrieve the malicious WPAD.dat file. This may allow an attacker access to the client's traffic by routing it through a malicious proxy server.

More here.

Veteran's Identity Stolen for Fourth Time in a Year


A Cape Coral [Florida] veteran is afraid he could become the victim of identity theft again after learning Monday his personal information had been stolen for the fourth time in a year - this time from a state agency.

Bill Trowler got a letter from the Florida Department of Revenue Monday saying his information had been stolen from a database.

"I felt first of all shock. You can't believe it happened because you think it doesn't happen to you," said Trowler.

But it has happened to Trowler four times in the last year. It started when he got caught up in the largest identity theft case in U.S. history.

More here.

(Props, Flying Hamster.)

U.S. Military Beefs up Internet Arsenal

A USA Today article, via, reports that:

The U.S. military is quietly expanding capabilities to attack terrorists' computer networks, including websites that glorify insurgent attacks on U.S. forces in Iraq, military officials and experts say.

The move comes as al-Qaeda and other groups fighting in Iraq and elsewhere have expanded their activities on the Internet and increased the sophistication and volume of their videos and messages. Much of the material is designed to raise money and recruit fighters for Iraq.

"You should not let them operate uncontested" on the Internet and elsewhere in cyberspace, said Marine Brig. Gen. John Davis, who heads a military command located at the National Security Agency. The command was established to develop ways to attack computer networks.

Davis and other officials declined to say whether the military has actually attacked any networks, which would require presidential authorization. The techniques are highly classified.

More here.

Michigan: Virus Wreaks Havoc on State's Computers

Via The Detroit Free Press.

Customers at Michigan Secretary of State branch offices Tuesday can blame their wasted visit on the Rinbot virus.

The virus hit computer systems operated by the State of Michigan, preventing Secretary of State's Office branch employees from doing business.

It's the second time in a month that the state has been hit with a computer virus.

The one about three weeks ago took 48 hours to fix, said Kurt Weiss, spokesman for the Department of Information Technology.

He recommended that residents who plan to visit a Secretary of State's Office branch today should call to make sure the computers have been fixed.

More here.

F-Secure: So, What Does The Enemy Look Like in Real Life?

Image source: F-Secure

Mikko Hyppönen writes on the F-Secure "News from the Lab" Blog:

Yesterday at the conference I had a chance to meet Anton Aleksandrovich Pakhomov. He works as a public prosecutor in the Saratov Regional Prosecutor's Office in Russia.

Mr. Pakhamov worked as a prosecutor on a case against denial-of-service extortionists. The case involved a large botnet that was used to attack webshops and gambling operators in UK and in USA. Targeted companies were forced to pay a ransom to get their sites back online. The ring earned several million dollars before they were caught.

The case involved 10 persons in Latvia (money mules) and four attackers from Russia and two from Kazakhstan. Out of these, three persons were successfully located and prosecuted in the city of Balakov in Russia. The whole investigation took more than a year, but in the end the three individuals were all sentenced. They got eight years of prison each.

So who were they? They were, from left to right [above], Alexander Petrov, Denis Stepanov and Ivan Maksakov.

More here.

Hackers Build Private IM to Keep Out Law Enforcement

Jeremy Kirk writes on InfoWorld:

Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels.

The application, called CarderIM, is a sophisticated tool hackers are using to sell information such as credit-card numbers or e-mail addresses, part of an underground economy dealing in financial data, said Andrew Moloney, business director for financial services for RSA, part of EMC Corp., during a presentation at the International e-crime Congress in London on Wednesday.

CarderIM exemplifies the increased effort hackers are making to obscure their activities while continuing to use the Internet as a means to communicate with other criminals.

More here.

VA Wastes Millions on Computer Contract

An AP newswire article by Hope Yen, via The Boston Globe, reports that:

Veterans Affairs officials wasted millions on a $100 million computer security contract that became a virtual "open checkbook" because of poor oversight and sloppy management, an internal review says.

The audit by the VA inspector general brings renewed attention to problems of data security and contract management after the department sustained blistering criticism for its loss of nearly 26.5 million veterans' sensitive personal information last May.

It found that the VA put out multiple and inconsistent changes to the contract awarded in 2002 to VAST, a small business joint venture based in Texas, for computer service work aimed at fending off computer hackers.

More here.

Julie Amero Sentencing Delayed Until April

Robert Lemos writes on SecurityFocus:

For the second time this month, a Connecticut court has delayed the sentencing hearing of Julie Amero, the substitute teacher found guilty of four counts of risking injury to a minor for allowing pornographic pop-up ads to be displayed on her classroom's computer.

The charges stem from a incident in October 2004, when Amero's spyware-infested computer displayed the pop-up ads, some of which were seen by students. On January 5 of this year, a jury found Amero guilty of four counts on risking injury to a minor, which could result in a maximum sentence of 40 years in prison. The delay moves Amero's sentencing to April 26, according to the Hartford Courant.

Security researchers and other technologists have increasingly criticized the case, saying that prosecutors blamed Amero for the acts of one or more spyware programs. A group of security experts have performed an in-depth forensics analysis of an image of Amero's hard drive and have delivered the report to her defense attorney.

More here.

Tuesday, March 27, 2007

Toon of the Day: Taking The Fifth

Click for larger image.

Mr. Fish, via

Telstra to Build Australia-Hawaii Cable Link

Stuart Comer writes on

With Pipe Networks on the verge of committing to its own link from Australia to Guam, Telstra has announced plans for a cable to Hawaii, to reduce its dependency on foreign-owned cables.

The move comes as Pipe Networks is expressing confidence that its plan to build a cable, to increase competition on the route, will come to fruition. The key factor is securing commitment from carriers and ISP customers. Telstra may now be approaching these same customers, but unlike Pipe it competes with them so they may still lean strongly towards Pipe's offering.

More here.

Secret Government Contracts? Qwest Chief Knew U.S. Fiber Optic Needs

An AP newswire article, via The New York Times, reports that:

At a time when Qwest faced challenges in meeting 2001 financial targets, Joseph P. Nacchio, then its chief executive, described the government’s need for fiber optic network capacity and hoped the company would win lucrative contracts to meet that demand, a former Qwest finance chief testified Tuesday.

The executive, Robin R. Szeliga, told jurors in Mr. Nacchio’s insider trading trial that he made the statement when she asked him why Qwest was buying assets abroad.

She said Mr. Nacchio told her that he could not explain because the information was classified, but that he had access to it through his membership on a government telecommunications panel. A defense lawyer, Herbert J. Stern, described the government’s capacity need as “mind-blowing, mind-boggling.”

It was the first time at trial that jurors heard details about the possibility of secret government contracts that Mr. Nacchio has said gave him hope for the telephone company’s future and proved that the stock sales at issue were legal.

More here.

Siemens Executive Arrested

Mark Landler writes in The New York Times:

German prosecutors arrested one of the top-ranking executives at Siemens on Tuesday in an investigation into suspected bribery, dealing the troubled company another blow in what has become a steady drumbeat of corruption accusations.

The executive, Johannes Feldmayer, was detained as prosecutors searched company offices in Munich, where Siemens is based, and two other German cities, a spokeswoman for Siemens said.

A member of the Siemens management board, Mr. Feldmayer, 50, is the most senior executive to be arrested in a raft of investigations into Siemens, the engineering giant, which began last year and has grown into a far-reaching corporate scandal in Germany.

More here.

Report: Microsoft in Talks to Acquire DoubleClick

A Reuters newswire article, via Yahoo! News, reports that:

Online advertising firm DoubleClick Inc. is exploring a sale and is in talks with Microsoft Corp. and other potential suitors, according to people familiar with the matter, the Wall Street Journal reported on its Web site.

The New York-based company is using investment bank Morgan Stanley to help sound out its options, including a possible stock market listing, the Journal reported.

No one at DoubleClick was immediately available for comment.

More here.

Why Are Text Messages Marked Up 7314%?

Ben Popkin writes on Comsumerist:

Verizon and other cellphone companies mark up the cost of text messages by at least 7314% when compared to their rates for data transfer services.

Verizon's max text message size is 160 characters. At 7 bits per character, that's 1120 bits or 140 bytes. Without a text messaging plan, those 140 bytes run you $.15 (fifteen cents), according to Verizon's website.

Compare that to the rate for data transfer (like when you would use your cellphone as modem). That rate is $.015 (one point five cents) every 1024 bytes.

That's $.015 per data kilobyte versus $1.09 per text message kilobyte. In other words, a markup of 7314%. Other cellphone companies charge comparable rates.

More here.

RFID Feared as Possible Terrorist Target

Lisa Vaas writes on eWeek:

As if RFID chips in driver's licenses and passports weren't scary enough already, London's Royal Academy of Engineering is suggesting that someday a terrorist will be able to read personal details from a distance and, given the right antennas and amplification, set a bomb to go off when a particular person gets within range.

It's already widely acknowledged that unencrypted data stored on an RFID chip in a passport can be read covertly by anybody with a pass-by reader.

More here.

Business Frets Over Impact of China Spy Case

Josh Gerstein writes in The New York Sun:

A major Chinese espionage case set to open today is causing concern among attorneys for major defense contractors and exporters, who contend that one of the prosecution's key legal arguments upsets a long-standing interpretation of export laws and could wreak havoc in industry and elsewhere.

Opening arguments from the prosecution and defense are expected in federal court here this morning in the case of Chi Mak, an engineer accused, along with four of his family members, of conspiring to transfer naval technology to China.

More here.

Dateline NBC: On The Hunt for ID Thieves

I'm very happy to see this issue getting more mainstream coverage.

It's actually airing right now (California local time) on Dateline NBC:

It happens so often TV commercials joke about it: a faceless stranger is able to get a hold of your credit card and go to town.

But for real people, it’s no joke at all.

Full transcript and additional detail here.

Air-Space Tech: Jet's Flaming Space Junk Scare - UPDATE

Jano Gibson writes in The Sydney Morning Herald:

Pieces of space junk from a Russian satellite coming out of orbit narrowly missed hitting a jetliner over the Pacific Ocean overnight.

The pilot of a Lan Chile Airbus A340, which was travelling between Santiago, Chile, and Auckland, New Zealand, notified air traffic controllers at Auckland Oceanic Centre after seeing flaming space junk hurtling across the sky just five nautical miles in front of and behind his plane about 10pm.

According to a plane spotter, who was tuning into a high frequency radio broadcast at the time, the pilot "reported that the rumbling noise from the space debris could be heard over the noise of the aircraft."

More here.

UPDATE: 19:30 03/28/2007: Follow-up story here in The Sydney Morning Herald: "It Was A Meteorite, Not a Satellite, Says Russia".

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, March 27, 2007, at least 3,242 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,614 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Third Time Not So Charming for Gmail Meltdown

Juan Carlos Perez writes on ComputerWorld:

For at least the third time this month, Google Inc. is grappling with performance and availability problems in the Gmail service of Google Apps, the suite of hosted services that many consider a potential threat to Microsoft Corp.'s Office suite of desktop software.

The latest problem began affecting users on Tuesday morning (U.S. Eastern Time). It remained unresolved Tuesday evening, affecting also regular Gmail users who aren't on Google Apps, according to a company spokesman.

More here.