Saturday, June 16, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, June 16, 2007, at least 3,522 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,885 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Dutch Police Arrest 111 Over Suspected Internet Fraud

An AFP newswire article, via Yahoo! News, reports that:

Police in Amsterdam arrested more than 100 West Africans Saturday as part of a seven month long investigation into Internet fraud, they said.

Spokeswoman Sita Koenders told AFP that 111 people were arrested for being in the Netherlands illegally and "now we must investigate in what way they are implicated in Internet fraud."

Eight of those arrested were carrying false papers and they have been prosecuted. The others were detained and then released unless there were any extra charges against them, the police said in a statement.

More here.

Stolen Ohio Tape: More Personal Info Than Thought

William Hershey writes in The Dayton Daily News:

After learning that additional personal information might be on a stolen state backup computer tape, Gov. Ted Strickland late Friday called for the State Inspector General to investigate the circumstances surrounding the theft and the state's response to it.

"...We have determined that information pertaining to participants in the state's pharmacy benefits management program, including information such as names, Social Security numbers, addresses and phone numbers of employees and the names and Social Security numbers of their dependents, may be contained in the device," Strickland said in a press release.

Ron Sylvester, spokesman for the Department of Administrative Services, said on Saturday that a preliminary analysis indicated that more than 50,000 employees and about 75,000 dependents could be affected.

Other files with sensitive information may also be on the tape, Sylvester said.

More here.

(Props, Pogo Was Right.)

'Brilliant' Identity Theft Scheme Targets Child Porn Buyers

Joseph Rhee writes on ABC News' "The Blotter":

A ring of European cyber criminals have devised an ingenious scheme that steals the credit card information of internet buyers of child pornography, law enforcement sources say. Officials call it a "brilliant" system because victims rarely complain for fear of being identified as a child porn purchaser.

Authorities say an on-going investigation centers around an East European crime ring that operates numerous child pornography websites. When a person attempts to purchase access to the sites, they are directed to a bogus payment processor page and instructed to enter their credit card information, including CVC code and expiration date. Investigators say the criminal ring uses the credit card information to purchase new child pornography domain names and ISP hosting space. When victims discover the fraud, instead of reporting it to law enforcement, they typically just pay the charge and report the card lost or stolen, officials say.

More here.

U.S. Homeland Security to Detail IT Attacks

Matt Hines writes on InfoWorld:

Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.

In a hearing labeled "Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security," officials including DHS chief information officer Scott Charbo and Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO) are scheduled to detail their findings in response to requests from Congress to test the agency's IT security defenses.

In a letter sent to Charbo on April 30, members of Congress led by Rep. Bennie G. Thompson (D-Miss.), chairman of the House Committee on Homeland Security, asked DHS to conduct a review of its information system security in the wake of news that the departments of commerce and state were successfully hacked during 2006.

Details of those systems intrusions were first revealed at a hearing coordinated by the House Subcommittee on Emerging Threats, Cyber-security, Science, and Technology on April 19.

More here.

7 Sex Offenders Who Use MySpace Arrested in Texas

An AP newswire article by Monica Rhor, via ABC News, reports that:

Seven convicted sex offenders with profiles on MySpace.com have been arrested in what Texas officials said was the country's first large-scale crackdown of registered offenders who use the social networking Web site.

The men were arrested in Houston, Austin, Round Rock, and Glenn Heights during a two-week operation by the Texas Attorney General's Cyber Crimes and Fugitive units.

More here.

Friday, June 15, 2007

Personal Note: Home Again


After two weeks on the road, its nice to be home in San José. :-)

- ferg

Judge Orders FBI to Turn Over Thousands of Patriot Act Abuse Documents

Ryan Singel writes on Threat Level:

Just one day after news that an internal audit found that FBI agents abused a Patriot Act power more than 1000 times, a federal judge ordered the agency Friday to begin turning over thousands of pages of documents related to the agency's use of a powerful, but extremely secretive investigative tool that can pry into telephone and internet records.

The order for monthly document releases commencing July 5 came in response to a government sunshine request by a civil liberties group, which sued in April over the FBI's foot-dragging on its broad request.

More here.

Thursday, June 14, 2007

Bush Administration Attacks 'Shield' for Bloggers

Anne Broache writes on C|Net News:

The Bush administration on Thursday blasted a congressional proposal that would shield a broad swath of news gatherers, including some bloggers, from revealing their confidential sources.

The latest draft of the Free Flow of Information Act would pose a grave threat to national security and federal criminal investigations by protecting far too large a segment of the population, a U.S. Department of Justice official told Congress.

More here.

Security Theater? An Airport Security Story to End All Security Stories - UPDATE

This kind of crap has GOT TO STOP.

No reasonable person can condone this type of behavior by security personnel.

Via NowPublic.com.

If you travel enough, you've seen it all -- and possibly some of the awful things that can happen while traveling will have actually happened to you. But nothing I've read about or experienced comes close to what Monica Emmerson experienced while at Reagan National Airport on June 11th while traveling with her 19-month-old toddler. This isn't one of those Catch-22 bureaucratic snafus; this isn't about rules being applied to the letter.

This story is mostly about what can happen simply because the authorities in charge decide that they're going to exercise their authority because they can, regardless of whether it's legal or right or makes any sense at all.

More here.

Freekin' heads should roll and the people responsible for this behavior should be fired.

(Props, Boing Boing.)

UPDATE: 16:31 PDT 16 June 2007: There is some indication that this entire incident may have been blown out of proportion, or perhaps just downright untrue. More here and here.

Silliness We Love: LOL BOTS


Yes, we are silly enough to love LOL BOTS.

(Props, Gizmodo.)

U.S. May Require European Visitors to Register Online

James Niccolai writes on InfoWorld:

Europeans who visit the U.S. will be required to fill out an online questionnaire two days before they enter the country under a proposal being studied by the U.S. Department of Homeland Security.

The department has been discussing the idea internally for about a month, said Hugo Teufel III, chief privacy officer for the DHS, in a meeting with journalists in Paris on Thursday. He could not say when the registration system might be introduced.

The proposal will likely increase tensions between the U.S. and Europe at a time when the two sides are already in heated debate over U.S. demands for data about air passengers flying from Europe to the U.S.

The U.S. says it needs access to more data to prevent suspected terrorists from entering the country, while European regulators counter that the demands are excessive and worry how the data will be used.

More here.

UK: Online Bank Security Worsens

Matthew Broersma writes on TechWorld:

Banks' online security is getting worse as they rush to offer services online, according to new research.

This year's Annual Security Report from NTA Monitor, a security testing firm, found that 20 percent more security vulnerabilities turned up in the infrastructures of banks, building societies and other financial institutions compared with last year's report. The survey covers networks, applications and systems.

More here.

Website Exposed More Than Paris Hilton

Via The Smoking Gun.

The operators of an X-rated Paris Hilton web site exposed the credit card numbers and identities of about 750 subscribers who signed up after the site recently returned online in the face of a federal court injunction, The Smoking Gun has learned.

After a tip from a visitor who read TSG's June 11 story about the re-launching of the site, parisexposed.com, a reporter was able to easily access the subscriber list by changing a few characters in the web address for the site's sign-up page. Included in the lengthy list are a subscriber's name, e-mail address, password, phone number, mailing address, and credit card number.

More here.

Quote of the Day: Dave Winer

"What a lack of awareness of their relationship with customers. They should do things to reward customers for being smart enough to have chosen AT&T as their Internet service provider. Instead, they would make their customers the stupidest people on the planet, choosing the only ISP that will send you to jail to create a new business model for them."

- Dave Winer, writing on his blog. Background information can be found here.


Network Compromise at University of Virginia Goes Undetected for Two Years

Iain Thomson writes on vnunet.com:

Faculty members at the University of Virginia have had their personal records hacked, including salary details and social security numbers.

The hack, which is believed to have gone undetected for two years, netted details on over 6,000 staff who had taught at the university from 1990 to August 2003.

The hacker defaced a web page on the university's portal and when IT staff cleaned up they found evidence of the attack.

"We sincerely regret the distress this causes to our colleagues," said James Hilton, vice president and chief information officer at the University of Virginia.

"This theft adds greater urgency to our ongoing effort to remove Social Security numbers and other personal information from databases that could be accessed through the internet and potentially abused."

More here.

Computer Failure Reported on Space Station

An AP newswire article, via MSNBC, reports that:

Russian computers that control the international space station's orientation and supply of oxygen and water have failed, potentially extending the space shuttle's mission — or cutting it short.

Russian engineers aren't sure why the computers stopped working. A failure of this type has never occurred before on the space station.

The station is operated primarily by the Russian and U.S. space agencies, with contributions from the Canadian, European and Japanese space agencies.

More here.

China Aims To Top U.S. In Cyberspace

A Reuters newswire article, via InformationWeek, reports that:

China is seeking to unseat the United States as the dominant power in cyberspace, a U.S. Air Force general leading a new push in this area said Wednesday.

"They're the only nation that has been quite that blatant about saying, 'We're looking to do that,"' 8th Air Force Commander Lt. Gen. Robert Elder told reporters.

Elder is to head a new three-star cyber command being set up at Barksdale Air Force Base in Louisiana, already home to about 25,000 military personnel involved in everything from electronic warfare to network defense.

The command's focus is to control the cyber domain, critical to everything from communications to surveillance to infrastructure security.

More here.

FBI Unveils Movable Feast with 'Operation Bot Roast' - UPDATE

Brian Krebs writes on Security Fix:

The FBI said today it has identified more than 1 million personal computers that have been infected with computer worms enabling the attackers to control PCs for criminal purposes such as sending spam, spreading spyware and attacking Web sites.

The FBI used details it gleaned from an ongoing investigation called "Operation Bot Roast" to highlight a few recent arrests of individuals accused of running botnets and to raise public awareness about the problem, which the agency called "a growing threat to national security, the national information infrastructure and the economy."

More here.

UPDATE: 08:07 PDT: Also, an Associated Press (AP) article (via MSNBC) on the topic can be found here.

Wednesday, June 13, 2007

FBI Finds It Frequently Overstepped in Collecting Data

John Solomon writes in The Washington Post:

An internal FBI audit has found that the bureau potentially violated the law or agency rules more than 1,000 times while collecting data about domestic phone calls, e-mails and financial transactions in recent years, far more than was documented in a Justice Department report in March that ignited bipartisan congressional criticism.

The new audit covers just 10 percent of the bureau's national security investigations since 2002, and so the mistakes in the FBI's domestic surveillance efforts probably number several thousand, bureau officials said in interviews. The earlier report found 22 violations in a much smaller sampling.

The vast majority of the new violations were instances in which telephone companies and Internet providers gave agents phone and e-mail records the agents did not request and were not authorized to collect. The agents retained the information anyway in their files, which mostly concerned suspected terrorist or espionage activities.

More here.

Programming Note: Still Traveling

Click for larger image.

Yep.

In London through Friday -- back to California on Friday.

Blogging should get back to normal over the weekend.

Cheers,

- ferg

Sunday, June 10, 2007

Programming Note: Still Traveling

Click for larger image.

Yep.

In Paris now. Too busy to blog.

- ferg