Saturday, October 27, 2007

Thousands March Against The War in San Francisco, Across The Country


Jim Doyle, Susan Sward, & other staff write in The San Francisco Chronicle:

On cue from a bullhorn's blast, thousands of protesters fell to the pavement on Market Street in a symbolic "die-in" Saturday as part of a coordinated protest staged in cities across the country against the war in Iraq.

For three minutes the demonstrators lay on the pavement, representing what organizers said were more than 1 million Iraqis killed since the war began in 2003. The protesters then resumed their march from San Francisco's Civic Center to Dolores Park.

March organizers put their number at 30,000 - old, young, workers, students, religious leaders. Police declined to give a formal estimate, but onlookers said the demonstrators definitely numbered more than 10,000. They filled up Market Street for several blocks, shouting that U.S. troops should be brought home and carrying banners decrying the war.

At the head of the marchers was a band of Native American drummers who pounded a steady beat as protesters chanted, "No more war!"

More here.

Image source: San Francisco Chronicle / Kurt Rogers

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Saturday, Oct. 27, 2007, at least 3,840 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,127 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Saturday, Oct. 27, 2007, at least 383 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Oct. 20 at 10 a.m. EDT.

Of those, the military reports 256 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Kremlin Seeks To Extend Its Reach in Cyberspace

Anton Troianovski and Peter Finn write for The Washington Post Foreign Service:

After ignoring the Internet for years to focus on controlling traditional media such as television and newspapers, the Kremlin and its allies are turning their attention to cyberspace, which remains a haven for critical reporting and vibrant discussion in Russia's dwindling public sphere.

Allies of President Vladimir Putin are creating pro-government news and pop culture Web sites while purchasing some established online outlets known for independent journalism. They are nurturing a network of friendly bloggers ready to disseminate propaganda on command. And there is talk of creating a new Russian computer network -- one that would be separate from the Internet at large and, potentially, much easier for the authorities to control.

More here.

Security Experts Blast New Jersey's Anti-Phishing Effort

Robert McMillan writes on PC World:

Security experts are saying that a well-intentioned effort by the New Jersey Office of the Attorney General to combat phishing may backfire.

Earlier this week, State Attorney General Anne Milgram called on four banks -- Bank of America, Citibank, Washington Mutual, and New Jersey-based Sun National Bank -- to provide her with details on how they respond to phishing incidents.

This is a good move that will probably raise awareness about phishing, observers say. However, Milgram also asked the banks to send e-mail to their online customers, warning them that the bank has been a recent target for phishing scams and offering advice on how to tell fake e-mails form the real thing.

That raised a red flag with anti-phishing experts.

More here.

U.S. Senators Aim to Bolster Fight Against Cyber Crimes

Theresa Poulson writes on GovExec:

A new Senate measure aims to close the gaps in current federal laws to address cyber crimes, including hacking, the theft of confidential information, and the transmission of computer worms and viruses. The measure was one of several technology-related bills filed this week.

The legislation, S. 2213, would make it illegal to threaten to reveal confidential information illegally obtained from computers and to creation "botnets" -- networks of computers that are used to remotely intrude on other machines.

The bill also would change felony requirements so hackers could be charged for damaging 10 or more computers. Current rules force investigators to prove at least $5,000 worth of harm to file felony charges.

More here.

TJX Now PCI Compliant

Ross Kerber writes for The Boston Globe:

TJX Cos. now meets credit card security rules, a company spokeswoman said yesterday, putting the Framingham retailer among a growing number of companies catching up with a Sept. 30 deadline to tighten how they handle consumer information.

Credit card security compliance by the nation's largest companies has risen sharply this year amid growing scrutiny of hackings such as the one that took place through last year at TJX, parent of the TJ Maxx and Marshalls chains. Court papers this week showed the intrusion affected more than 94 million credit and debit card accounts.

More here.

FBI Opens Investigation Into 'Attack' on Rockies Ticket System

An AP newswire article, via ESPN, reports that:

The FBI has opened an investigation after the Colorado Rockies claimed an "external, malicious attack" on computer servers brought down the club's first attempt to sell World Series tickets.

Computer servers handling the online-only sale were overwhelmed by 8.5 million hits in the first 90 minutes Monday, paralyzing the system and forcing the Rockies to suspend the sale.

"We are going to be opening up a case looking into the possible compromise of the Web server in Irvine," said Laura Eimiller, a spokeswoman for the FBI in Los Angeles.

The Irvine, Calif., Web servers are operated by Paciolan Inc., which handled the ticket sale.

More here.

Friday, October 26, 2007

Oh, Snap: Shortage of Beer Ingredients May Mean Higher Prices


An AP newswire article by Shannon Dininny, via The Seattle Times, reports that:

Fans of Snipes Mountain Brewery's cloudy Hefeweizen relish the subtle wheat flavor of the bright, summery brew, and like beer drinkers everywhere, they know when their favorite brew tastes a little too hoppy or bitter.

Connoisseurs could be in for a surprise this year, and they may not be alone.

Small brewers from Australia to Oregon face the daunting prospect of tweaking their recipes or experimenting less with new brews thanks to a worldwide shortage of one key beer ingredient and rising prices for others.

Oh, and one other thing: Beer prices are likely to climb. How high is anybody's guess. Craft brewers don't have the means to hedge against rising prices, like their industrial rivals.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Oct. 26, 2007, at least 3,839 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,127 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

USAF: No Timeline to Pick Cyber Command HQ

Via UPI.

The Air Force secretary says he has no timeline for making a decision on where the new U.S. cyber-space military command will be based.

Testifying before the House Armed Services Committee this week, Secretary Michael Wynne was asked about a timeline for standing up the new command, and when a decision might be made on where it will be based.

More here.

Japan to Take Fingerprints, Photos of Foreigners

Isabel Reynolds writes for Reuters:

Japan is to fingerprint and photograph foreigners entering the country from next month in an anti-terrorism policy that is stirring anger among foreign residents and human rights activists.

Anyone considered to be a terrorist - or refusing to cooperate - will be denied entry and deported.

More here.

(Props, Flying Hamster.)

Bush to Give Senate Panel Some Domestic Spying Docs

Ryan Singel writes on Threat Level:

Just days before the Senate Judiciary committee begins deliberating a bill expanding the government's spying power, the White House announced that the Committee can see some legal memos justifying and approving the government's secret, warrantless spying program.

But the White House will not extend that privilege to the House Intelligence or Judiciary committees, according to the New York Times, since their bill doesn't include retroactive immunity for the telcos that likely violated federal privacy laws by helping the government spy on Americans without warrants.

More here.

SBInet Off to Inauspicious Start

Ben Bain writes on Washington Technology:

Guards along the U.S. border with Mexico have not yet begun using the first phase of a multiyear, multibillion-dollar program for securing the border four months after lawmakers expected it to be operational.

The delays in the Secure Border Initiative Network (SBInet) stem from difficulties that Boeing, the lead contractor, has had integrating software. The first phase, called Project 28, is meant to fortify a 28-mile section of the border near Sasabe, Ariz., and demonstrate SBInet’s ability to secure larger stretches of the border.

Angered by the delays, lawmakers lashed out at officials from Boeing and Gregory Giddens, executive director of the Homeland Security Department’s SBI Program Management Office, at a joint hearing Oct. 24 of the House Homeland Security Committee’s Border, Maritime and Global Counterterrorism Subcommittee and the Management, Investigations and Oversight Subcommittee.

More here.

Utah: Bank, Computer Fraud and Aggravated ID Theft Charges

Via Technology News Daily.

A federal grand jury in Salt Lake City returned a three-count indictment charging a Utah man with bank fraud, computer fraud, and aggravated identity theft in connection with an alleged scheme to obtain money from his fiance’s credit union account, the Justice Department announced today.

John Bradley Egan, 42, of Bountiful, Utah, is currently in custody in Miami and will be transferred to Utah to face the federal charges.

More here.

'Bot Master' Gets 12 Months In Federal Prison

Thomas Claburn writes on InformationWeek:

On Tuesday, Jason Michael Downey, operator of a network of compromised PCs, received a 12-month sentence in federal prison for unlawful computer intrusion, U.S. Attorney Stephen J. Murphy said in a statement.

Downey, 24, of Dry Ridge, Ky., was sentenced to serve 12 months in prison, three years on suspended release, and was ordered to pay $21,110 in restitution and to perform 150 hours of community service.

According to the U.S. Department of Justice, information presented in court indicates that that defendant owned the Rizon.Net Internet Relay Chat (IRC) network from mid-June 2004 through early September 2004.

During this time, Downey was found to have operated a bot network. By directing compromised PCs to attack and subvert other computers, he managed to increase the size of his bot network to about 6,000 machines. Thereafter, he used the IRC network known as Yotta-byte.net to launch denial-of-service attacks that impaired various computer systems on the Internet. The DoJ puts the financial damage caused by these attacks at over $20,000.

More here.

U.S. Senate Wants Probe on ISP Content Blocking

An AP newswire article by Dibya Sarkar, via The Globe and Mail, reports that:

Two U.S. Senators on Friday called for a congressional hearing to investigate reports that phone and cable companies are unfairly stifling communications over the Internet and on cellphones.

Byron Dorgan and Olympia Snowe said the incidents involving several companies, including Comcast Corp., Verizon Wireless and AT&T Inc., have raised serious concerns over the companies' "power to discriminate against content."

They want the Senate Commerce, Science and Transportation Committee to investigate whether such incidents were based on legitimate business policies or unfair and anticompetitive practices and if more federal regulation is needed.

More here.

Draft of NIST Cybersecurity Document Open for Public Comment

Via Government Technology.

Widely recognized as the engine that drives the U.S. economy, information technology enables the vast majority of organizations to carry out their missions and business operations more efficiently and effectively. Along with their power and usefulness, however, information systems face serious man-made and natural threats that can adversely affect their associated organization's mission, operations, image and reputation.

In order to provide guidelines for addressing these potential threats, the National Institute of Standards and Technology (NIST) has issued a draft of Special Publication 800-39, Managing Risk from Information Systems: An Organizational Perspective, for public comment.

More here.

UK: Government Hints at New National Computer Crime Force

Via OUT-LAW.com.

The UK Government is considering setting up a new national police unit to tackle computer crime, just two years after the National High Tech Crime Unit (NHTCU) was disbanded.

The NHTCU was dissolved into the Serious and Organised Crime Agency (SOCA) when it was formed in 2005, but critics have said that the change resulted in a loss of focus on computer crime, which some experts claim is growing faster than any other kind of crime.

More here.

Thursday, October 25, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Oct. 25, 2007, at least 3,838 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,126 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Famous Fraudster Claims ID Cards Help Criminals

Tom Espiner writes on ZDNet UK:

Frank Abagnale, a one-time fraudster who now works with law-enforcement agencies, said national ID card schemes make it "100 times easier" to steal personal information.

Speaking at the RSA Conference Europe 2007, Abagnale said that one weak link in an organisation can compromise the whole system.

"With the ID cards scheme, all it takes is one weak civil servant to be bought off, and one weak link can [compromise the system]," said Abagnale. "I'm not big on ID cards -- you're giving the government information that someone else can access. ID cards make it 100 times easier to steal that information, because it's concentrated in one place."

More here.

Storm Worm Can Befuddle NAC

Tim Greene and Jim Duffy write on NetworkWorld:

A newly discovered capability of the Storm worm could invalidate results churned out by NAC products, attendees at Interop New York learned last week.

This new trick is Storm’s ability to interrupt applications as they boot up and either shut them down or allow them to appear to boot, but disable them, says Josh Corman, host protection architect for IBM/ISS.

Users will see that, for example, antivirus is turned on, but actually it isn’t scanning for viruses, or as Corman puts it, it is brain dead. “It’s running but it’s not doing anything. You can brain-dead anything," he says.

More here.

TJX Intruder Moved 80-GBytes Of Data And No One Noticed

Evan Schuman writes on StorefrontBacktalk:

Citing new information about the TJX data breach, attorneys suing the clothing retail chain amended their complaints on Thursday and wants a jury to evaluate TJX's security professionalism.

New details that emerged from documents filed in federal court Thursday include:

A TJX consultant found that not only was TJX not PCI-compliant, but that it had failed to comply with nine of the 12 applicable PCI requirements. Many were "high-level deficiencies," the consultant said.

"After locating the stored data on the TJX servers, the intruder used the TJX high-speed connection in Massachusetts to transfer this data to another site on the Internet" in California. More than "80 GBytes of stored data improperly retained by TJX was transferred in this manner. TJX did not detect this transfer."

In May 2006, a traffic capture/sniffer program was installed on the TJX network by the cyber thieves, where it remained undetected for seven months, "capturing sensitive cardholder data as it was transmitted in the clear by TJX."

More here.

QinetiQ Buys Secure-Messaging Company

Alice Lipowicz writes on Washington Technology:

QinetiQ Group plc announced it has completed its purchase of Boldon James Holdings Ltd., a United Kingdom provider of secure messaging solutions for military and government customers.

QinetiQ paid $32 million cash, and plans to pay an additional $8.8 million for the performance of specific criteria. It did not spell out the criteria.

More here.

Quote of the Day: Jake Vinson

"The transfer was approved. John smiled, having successfully circumvented the ISP's security armed with sophisticated hacking tools like MS Word templates and a crappy LaserJet printer."

- Jake Vinson, writing on Worse Than Failure, on getting a domain name transfer accomplished via "Security by Letterhead".

TJX Waging Legal Battle To Keep Security Details Secret

Evan Schuman writes on eWeek:

The TJX data breach has been a veritable data dynamo of details that, if carefully pieced together, say virtually nothing.

But those details have typically hinted at a wide range of security problems, including weak firewall protection, encryption irregularities, wireless problems and a Trojan horse that may have been planted.

After months of motions and arguments, filings have begun for the argument that frightens TJX the most: Whether U.S. District Court Judge William Young will order that TJX reveal publicly exactly how it believes the breaches occurred and why they happened.

In hearings in a Boston court the week of Oct. 22, attorneys representing banks that are suing TJX specifically asked Young for permission to make public reports that TJX had prepared detailing the mishaps. TJX is aggressively fighting such efforts.

More here.

Visa Rolls Out New Payment Application Security Mandates

Jaikumar Vijayan writes on ComputerWorld:

Amid signs of growing frustration in the retail community over the credit card industry's payment card industry (PCI) data security requirements, Visa on Tuesday quietly rolled out an additional set of Payment Application Security Mandates for all companies that handle credit and debit card transactions.

Under the multi-phase initiative, covered entities will [have] three years to ensure that all their payment applications are compliant with a set of security requirements mandated by Visa. The rules apply to any third-party payment software used by companies for storing, processing or transmitting cardholder data.

For many companies, especially large ones using older payment applications, Visa's mandate could mean "tens of millions of dollars" in upgrades to new technologies over the next few years, said Jim Huguelet, an independent consultant in Bolingbrook, IL. The mandates will also "by proxy" force vendors of payment applications to finally start implementing security features that have been recommended by Visa and others for some time now, he said.

More here.

RBN: The Internet Service Provider Used by Criminals

Via BBC Radio 4's "You and Yours".

A company believed to be based in Russia stands accused of hosting websites devoted to child pornography, spamming and identity theft.

Guests:
Richard Cox, CIO, Spamhaus
Andrew Miller MP, Chair of the Parliamentary Internet Committee

Listen to this report here.

Wednesday, October 24, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Oct. 24, 2007, at least 3,838 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,125 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Problems? We Don’t Need No Steenking Problems!


Criminal activity in The Internet is largely being conducted brazenly, openly, and apparently without fear of being pursued & prosecuted by law enforcement. Why?


My opening slide for the ACM Workshop on Recurring Malcode (WORM 2007) next month.

Enjoy.

- ferg

The Politics of Eavesdropping

Michael Isikoff and Mark Hosenball write on Newsweek:

A White House campaign to win quick passage of a major surveillance bill has hit a new snag in recent days: four Democratic presidential candidates have signaled their intention to oppose the measure as it is currently written.

Sen. Chris Dodd of Connecticut took the lead last week when he vowed to filibuster a version of the bill overwhelmingly approved by the Senate Intelligence Committee. The bill gives retroactive immunity from lawsuits to major telecommunications companies that cooperated with the Bush administration's warrantless surveillance program after 9/11. In a statement blasting the program as "unconscionable," Dodd said he would "do everything in my power to stop Congress from shielding this president's agenda of secrecy, deception, and blatant unlawfulness."

More here.

Deutsche Telecom Prepares for Two-Tier Internet

Saul Hansell writes on The NYT "Bits" Blog:

In the discussion about net neutrality, the phone and cable companies in the United States never said they would charge some companies more money for better access to their networks. They just said they don’t want rules to prevent them from doing so.

Dave Burstein, the editor of DSL Prime, a telecom newsletter, just came back from Europe where he found that Deutsche Telecom is preparing to charge a fee to companies that want to deliver video to its Internet service customers. In a speech at the Broadband World Forum Europe, Wolfgang Schmitz, a senior executive vice president of Deutsche Telecom, said the phone company’s DSL network, which is rated for speeds much faster than most networks in the United States, can’t handle the demands of Internet video.

More here.

860,000 Names on Terror Watch List Scrutinizes Americans Most


Ryan Singel writes on Threat Level:

The nation's centralized watch list has grown to include 755,000 names suspected of having terrorist ties, resulting in nearly 20,000 positive matches of persons against the list in 2006, according to a new report from Congress's investigative reporting arm. Since the list is now used in nearly all routine police stops and for domestic airline travel, Americans made up the bulk of those matches.

The Government Accountablity Office's report was presented in a hearing to the Senate's Homeland Security Committee Wednesday, causing senators to express concern about the size and effectiveness of the list.

More here.

Image source: GAO / Threat Level

How Are U.S. Businesses and Lawmakers Responding to Data Breaches?

Melanie Rodier writes on Wall Street & Technology:

There were 305 publicized data breaches affecting nearly 77 million individuals in the United States in the first nine months of 2007, according to the Identity Theft Resource Center, a nonprofit that works to prevent identity theft. Of these incidents, 6.2 percent were reported by banking, credit and financial services institutions.

Law firm Scott + Scott, which recently conducted a separate survey on data breaches with privacy and information management research firm The Ponemon Institute, reports that almost half the data breaches it recorded were attributed to lost or stolen equipment, such as laptops, PDAs and memory sticks. The second largest threat, according to the Colchester, Conn.-based firm, arose from negligent employees, temporary employees and/or contractors. The survey, "The Business Impact of Data Breach," examined the responses of more than 700 U.S.-based C-level executives, managers and IT security officers in midsize to large businesses spanning all industries.

But despite the frequency of such security failures, 42 percent of respondents to the Scott + Scott survey whose companies have suffered data breaches claimed their organization's IT security spending will remain the same in the coming year. Even after suffering a data breach, 46 percent of businesses failed to implement encryption solutions, and 82 percent did not seek legal counsel prior to responding to the incident -- even though they had no prior response plan in place.

More here.

The Cost of Irresponsibility: $2,400,000,000,000

Via Forbes.com.

The total cost, including debt servicing, of the US wars in Iraq and Afghanistan could reach $2.4 Trillion USD by 2017, a report by the Congressional Budget Office found.

The report, by the body which provides non-partisan budget analysis for Congress, said higher estimates for total spending for the wars could top out at $1.7 Trillion USD by 2017.

Under the most intense scenarios of US military activity, a further $705 Billion USD could be added to the cost by interest payments, assuming the wars continue to be largely financed by government borrowing, the report said.

More here.

Note: That makes it somewhere in the neighborhood of $8,000 for every man, woman and child in the U.S. Astoundingly irresponsible. - ferg

Estonia's CTO Speaks Out on Cyber Attacks

Tom Espiner writes on ZDNet UK:

Speaking to ZDNet.co.uk at the RSA Conference Europe 2007 in London, Mikhel Tammet, director of the Estonian communication and information technology department, said he believes forces within the Russian government may have initiated and sponsored attacks against his country's critical national infrastructure earlier this year.

In May this year the Estonian critical national infrastructure (CNI) came under sustained cyberattack from perpetrators whose identity remains unknown. However, Tammet said he suspected the forces behind the attacks to be linked to the Russian government.

"It was a political campaign induced by the Russians; a political campaign designed to destroy our security and destroy our society," said Tammet on Tuesday. "The attacks had hierarchy and co-ordination."

More here.

Mozilla Rushes to Fix Regression Bugs in Firefox

Gregg Keizer writes on ComputerWorld:

Mozilla Corp. will rush another version of Firefox to users as early as next week, the company's user interface designer said Tuesday, to fix five bugs it introduced in last Wednesday's security update.

Firefox 2.0.0.8 patched ten vulnerabilities, including three critical flaws, but also shipped with five regression bugs -- problems unintentionally introduced when code was changed to plug other holes.

According to notes from a weekly Mozilla meeting on Firefox, the regression reports began accumulating over the weekend. Firefox 2.0.0.8 was posted for download late Wednesday, Oct. 17. Three of the five problems were limited to Windows, but two page rendering issues affected all versions of the browser, including those for Mac OS X and Linux.

More here.

Quote of the Day: Noah Shachtman

"Feel free to talk smack about the FBI around here. The chances of a G-Man actually reading this are pretty small."

- Noah Shachtman, writing on Danger Room, regarding a USA Today On Deadline atricle that catches the Bureau's Willie Hulon admitting to the Senate Intelligence Committee that only a third of the Agency's desks have computers that can access the Internet.


Password-Cracking Chip Causes Security Concerns

Andrew Brandt writes on New Scientist:

A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community.

Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of the "massively parallel processing" capabilities of a graphics processing unit (GPU) - the processor normally used to produce realistic graphics for video games.

Using an $800 graphics card from nVidia called the GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov.

The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - less powerful than the nVidia 8800 card - Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.

More here.

Storm Worm Botnet Lobotomizing Anti-Virus Programs

Lisa Vaas writes on eWeek:

The ever-mutating, ever-stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing anti-virus products on target systems, it's now doing a hot fix with a memory patch to render them brain-dead.

The finding was made by Sophos and was mentioned by Joshua Corman, a principal security strategist for IBM Internet Security Systems, Oct. 23 in his presentation here at Interop on the challenge of evolving cyber-threats.

According to an Oct. 22 posting by Sophos analyst Richard Cohen, the Storm botnet—Sophos calls it Dorf, and it's also known as Ecard malware—is dropping files that call a routine that gets Windows to tell it every time a new process is started. The malware checks the process file name against an internal list and kills the ones that match—sometimes. But Storm has taken a new twist: It now would rather leave processes running and just patch entry points of loading processes that might pose a threat to it. Then, when processes such as anti-virus programs run, they simply return a value of 0.

More here.

CastleCops PIRT Has Prevented Over $150M in Stolen Funds

Via CastleCops.com.

Since May 2006, our Phishing Incident Reporting and Termination team has directly prevented more than $80 million in credit card losses, and indirectly an additional $75 million by working with our partners. We've shut down not only phish sites, but drops all the while preserving evidence for law enforcement. And we need your help by donating your time as handlers to keep on investigating phish crimes so we can continue to prevent even greater numbers.

PIRT right now is receiving around 47,000 unique phish submissions per month. Our PIRT handlers are doing amazing work and trailblazing new roads in phish investigations and intelligence.

Link.

Note: The folks over at CastleCops and the PIRT volunteers do an amazing job, and I salute each and every one of them. - ferg

Hounded by Spyware Charges, DirectRevenue Shuts Down

Robert McMillan writes on InfoWorld:

Notorious adware maker DirectRevenue has closed shop.

The company, which was recently doing business as Best Offers, gave no reason for its sudden closure, which was announced on its Web site. "Best Offers and Direct Revenue have ceased operations. To service legacy consumers, we are maintaining this page of uninstall instructions, an uninstall software tool, and an e-mail based support service."

E-mail sent to the Gmail address listed on the company's Web site was returned as undeliverable.

More here.

UK: Anti File-Sharing Laws Considered

Via The BBC.

The UK government could legislate to crack down on illegal file-sharers, a senior official has told the BBC's iPM programme.

Lord Triesman, the parliamentary Under Secretary for Innovation, Universities and Skills, said intellectual property theft would not be tolerated.

"If we can't get voluntary arrangements we will legislate," he said.

The comments could prove controversial with privacy advocates and internet service providers.

Lord Triesman called on internet service providers to take a "more activist role" in the problem of illegal file-sharing.

More here.

Insider Domain Name Snatching Probed

An AP newswire article by Anick Jesdanun, via The Washington Post, reports that:

The Internet's key oversight agency is investigating suspicions that insider information is being used to snatch desired domain names before an individual or business can register them.

The Security and Stability Advisory Committee of the Internet Corporation for Assigned Names and Numbers termed the practice "domain name front running" and likened it to a stock broker buying or selling shares ahead of a client's trade, in anticipation of a movement in price.

More here.

Security Firm: Hackers Can Divert Vonage Calls

Via Reuters.

Internet phone service from Vonage Holdings Corp is vulnerable to attacks by hackers, who are able to intercept calls to the company's subscribers, a security firm said on Wednesday.

Sipera Systems of Richardson, Texas, said it had informed Vonage of the problem more than a month ago, but the company had not responded to the warning.

Vonage spokesman Charles Sahner declined comment.

More here. Details here.

Tuesday, October 23, 2007

xkcd: Foreplay


Click for larger image.


We love xkcd.

Politics: White House Cut Warming Impact Testimony

An AP newswire article, via The New York Times, reports that:

The White House severely edited congressional testimony given Tuesday by the director of the Centers for Disease Control and Prevention on the impact of climate change on health, removing specific scientific references to potential health risks, according to two sources familiar with the documents.

Dr. Julie Gerberding, director of the Atlanta-based CDC, the government's premier disease monitoring agency, told a Senate hearing that climate change ''is anticipated to have a broad range of impacts on the health of Americans.''

But her prepared testimony was devoted almost entirely to the CDC's preparation, with few details on what effects climate change could have on the spread of disease. Only during questioning did she describe some specific diseases that likely would be affected, again without elaboration.

Her testimony before the Senate Environment and Public Works Committee had much less information on health risks than a much longer draft version Gerberding submitted to the White House Office of Management and Budget for review in advance of her appearance.

''It was eviscerated,'' said a CDC official, familiar with both versions, who spoke on condition of anonymity because of the sensitive nature of the review process.

More here.

Net Neutrality Sleight of Hand: Wireless Carriers Still Push 'Tiered' Arguments

Susan Kuchinskas writes on internetnews.com:

If wireless telecommunications providers don't clean up their act, State legislators may have no choice but to bow to pressure from their constituents to regulate. A panel on wireless regulation here today focused on the tension between consumers' demands and the industry's business models.

The panel, part of the Cellular Telecommunications Industry Association (CTIA) Wireless IT and Entertainment show, held this week in San Francisco, discussed hot topics for the industry. And regulation was the hottest.

The group touched on net neutrality only briefly. Michael Small, CEO of Centennial Communications, acknowledged that the industry had brought scrutiny on itself. "Carriers were trying to arrange data to make it easy to find on the phone. We were trying to simplify it and got into a lot of trouble."

But AT&T insisted network operators needed to be able to prioritize IP traffic on their networks. "All bits are not equal," he said. "One bit is porn, another bit is heart surgery. We have to be able to manage traffic to keep everything flowing."

More here.

TJX Breach More Than Twice As Bad As Had Been Reported


Evan Schuman writes on StorefrontBacktalk:

Despite TJX having reported some 46 million consumers impacted, new documents now identify that number as about 96 million, including about 29 million MasterCard victims and 65 million Visa victims, according to documents filed with the federal court on Tuesday.

The new numbers came to light in filing from attorneys representing some of the banks now suing TJX.

"Beginning in July 2005, TJX experienced a massive intrusion into its computer systems, resulting in the largest data security breach in history and the compromise of an unprecedented amount of confidential nonpublic consumer personal data," said the plaintiff filing. "Although TJX suggests that the breach only affected approximately 45.7 million accounts, in fact the breach during a period of 17 months affected more than 94 million separate accounts. To date, Visa has calculated the fraud losses experienced by issuers as a result of the breach to be between $68 million and $83 million on Visa accounts alone."

Plaintiffs based their new numbers on depositions from Visa and MasterCard that had been confidential until Tuesday.

More here.

Ex-Webmaster Arrested, Accused Of Hacking College of Southern Nevada

Via Fox5Vegas.com.

Police have arrested a man in connection with hacking into the College of Southern Nevada, blocking the university from its own site.

Albert Catafamo has been charged with eight counts of unlawful use of a computer. Catafamo was the former webmaster for CSN, police said.

A few weeks prior to the attack, university officials released Catafamo from his position. This caused the CSN site to be shut down for several days.

In what authorities call a retaliatory attack, police said Catafamo hacked into the CSN Web site and rerouted users to another unauthorized site.

More here.

Quote of the Day [2]: Milt Mueller

"Q: When is a policy adopted unanimously in ICANN not really a consensus policy?"

"A: When the US Government says it isn't."

- Milt Mueller, writing on the Internet Governance Blog.


Video: George Carlin Makes Sense of The World


George Carlin has always had his head screwed on straight.

He's one of my true heroes -- telling it straight.

Video snippet here.

- ferg

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Oct. 23, 2007, at least 3,836 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,125 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Financial Firms Continue to Struggle to Plug Security Loopholes

Melanie Rodier writes on Wall Street & Technology:

More than four out of every five (85 percent) U.S. businesses have experienced a data breach, according to a recent study by Colchester, Conn.-based law firm Scott + Scott, putting millions of consumers' Social Security numbers and other sensitive information in the hands of criminals. Last summer, TD Ameritrade became the latest financial firm in a long list -- that also includes JPMorgan, Fidelity Investments and Ameriprise Financial -- to report an incident. Not surprisingly, the growing problem is taking a toll on consumer confidence.

Experts suggest that while financial firms may be securing the front doors of their companies with encryption and authentication technologies, hackers are constantly looking for new ways to compromise systems through unguarded, and sometimes not so obvious, side doors. But how can financial institutions plug hidden security gaps and protect their customers' data and assets?

More here.

Google Under Fire Over Orkut

A Wall Street Journal article by Antonio Regalado and Kevin J. Delaney, via Media Info Center, reports that:

Google Inc. makes billions marrying advertising to the Web. Just yesterday, it reported yet another surge in revenue and profit.

But here in Brazil, the Internet powerhouse is embroiled in an embarrassing episode over its efforts to profit from social networking, one of the fastest- growing activities online.

Google has gotten in hot water over its Web site Orkut, which like other social-networking sites allows people to swap information and create personal Web pages. While many Americans have never heard of it, Orkut is a powerhouse overseas, with more than half its 25 million monthly visitors in Brazil. By some measures, it ranks among the top 10 sites on the Web in popularity, alongside other heavily used social-networking sites such as News Corp.'s MySpace and Facebook Inc.

A central challenge for all these companies is how to turn the usage into cash. All of the big players are looking to advertisers to generate revenue. For most of its history Orkut was ad-free.

Then, when Google tried putting ads on the site, it ran into trouble. Critics in Brazil released a report showing advertisements on Orkut alongside pictures of naked children and abused animals. Google immediately suspended the ads, but the Mountain View, Calif., company is still grappling with the fallout from critics' Orkut campaign.

More here.

Winning Web Scanning Firm Gets DDOSed

Via Dark Reading.

Remember that Web application security scanning report that stirred so much debate last week?

Well, NTObjectives, the company whose relatively unknown NTOSpider scanner swept IBM/Watchfire’s AppScan and HP/SPI Dynamics’ WebInspect in the report, has been hammered by several distributed denial-of-service (DDOS) attacks ever since the report started spreading around the blogosphere.

More here.

Controversial Cyber Security 'De-Perimeterization' Plan Gets Legal Review

Ellen Messmer writes on NetworkWorld:

The notion of removing the security perimeter around corporate information – a concept known as deperimeterization – expounded by the Jericho Forum has been a hot technology debate, but now what could be controversial legal aspects of it are being brought up as well.

The American Bar Association’s Committee on Cyberspace Law yesterday published a white paper on legal aspects of deperimeterization security with the Jericho Forum’s secretariat, the Open Group. In it, the legal experts who wrote the paper, titled “Information Security Strategy: A Framework for Information-Centric Security Governance,” say protecting critical data may entail businesses demanding greater ability to monitor each other’s content security practices.

More here.

Quote of the Day: James X. Dempsey

"Finding a terrorist is much harder than finding a card counter, and the consequences of being wrongly labeled a terrorist are much more severe than being excluded from a casino."

- James X. Dempsey, Policy Director for the Center for Democracy and Technology, commenting on the aspects that Las Vegas is the technology incubator for surveillance technology.

Bizarre Story of the Day: Terrorist Tomato Jiuce


Via WCBSTV.com.

Tempers grew short at LaGuardia Airport Saturday. The American Airlines terminal was brought to a near-standstill because of an equipment malfunction, but it was the reason for the malfunction that really had people fuming.

People were welcomed to Terminal D of LaGuardia Airport with a line so long, it was difficult to tell where it began, or where it ended - all because someone spilled tomato juice on an x-ray machine.

When CBS 2 HD told one woman the reason for the delays, she asked if we were "kidding," but it was no joke. The Transportation Safety Administration confirmed the spill knocked out one of the five units that screen thousands of passengers here each day.

"That's insane," said Dallas bound passenger Pat Jones. "That shouldn't be our problem, should it?"

But it was.

More here.

Envisat Captures California Ablaze


Via ESA News.

This Envisat image captures fierce easterly desert winds blowing smoke from wildfires in Southern California. Gale-force winds have fed more than a dozen fires from Santa Barbara to the Mexican border since breaking out on Sunday, killing one person and forcing the evacuation of a quarter of a million people.

Image acquired 22 October 2007 at 17:52 UTC by the MERIS (Medium Resolution Imaging Spectrometer) instrument aboard ESA’s Envisat satellite while working in Full Resolution mode to provide a spatial resolution of 300 metres. MERIS images are available on ESA’s MIRAVI website, which gives access to Envisat’s most recently acquired images.

More here.

RBN: The Top 20, Fake Anti-Spyware and Anti-Malware Tools

Via The RBN Exploit Blog.

In a continuation of the discovery of the RBN’s “Retail Division” one of the most important exploit delivery methods is the fake; anti-spyware and anti-malware for PC hijacking and personal ID theft, this is a source of revenue for the RBN also from a direct sale.

For example, MalwareAlarm is a dangerous fake anti-spyware software and it is an update version of Malware Wiper. MalwareAlarm is stealth based malware, according to McAfee’s Site Advisor they tested 279 “bad” downloads. The methodology is to get the user to use a “free download”, MalwareAlarm then displays a warning message to purchase the paid version of MalwareAlarm, and of course the damage is done with the initial action.

The purpose of this article is to demonstrate the multiplicity of nodes, connections and delivery routes. However, it is a prompt for the community of the need for real-time CYBERINT based blocking and shield services. As is shown below, many are either or both SBL and XBL blacklisted, but this is only the core IP address and not the multiplicity of other mirrored hosts and servers.

More here.

Federal Security Breaches Double in Four Months

Jill R. Aitoro writes on GovExec:

Federal agencies report an average of 30 incidents a day in which Americans' personally identifiable information is exposed, double the incidents reported early this summer, according to the top information technology executive in the Bush administration.

The Office of Management and Budget issued a memo in July 2006 requiring agencies to report security incidents that expose personally identifiable information to the U.S. Computer Emergency Readiness Team within one hour of the security incident. In June 2007, 40 agencies reported almost 4,000 such security incidents, an average of about 14 per day. As of this week, the average had increased to 30 a day, said Karen Evans, administrator of the Office of Electronic Government and Information Technology at OMB.

More here.

Austria Becomes First Country to Officially Sanction Trojan Horse Surveillance

John Leyden writes in The Register:

Austria has become one of the first countries to officially sanction the use of Trojan Horse malware as a tactic for monitoring the PCs of suspected terrorists and criminals.

The measures were reportedly discussed in an Austrian cabinet meeting last week and turned over to a group of legal and technical experts to thrash out the details of the scheme. Pending approval, Austrian law enforcement officers could begin using the tactic as early as next year.

Austrian measures would parallel those under consideration by Germany thereby "facilitating the international sharing of data found in secret online searches", Heise reports.

The policy - announced last week by the Austrian Interior Minister Gunther Plater - is fraught with difficulties, according to security watchers.

More here.

Monday, October 22, 2007

AT&T Suit Against Vonage Makes Mockery Of U.S. Patent System

Alexander Wolfe:

Is the U.S. patent system irretrievably broken, or are aggrieved parties justifiably defending their turf against infringement by companies unfairly trying to benefit from the fruits of their labors? Looking at AT&T's lawsuit against Vonage, it definitely seems to me like it's the former.

On first glance, I figured I'd have to be crazy to defend Vonage, given how they've been batted around by the legal system lately. The VoIP vendor is already oh-for-two in patent lawsuits, having previously agreed to pay Sprint-Nextel some $80 million. Vonage is also appealing a jury finding in favor of Verizon.

However, when I got into it a little deeper, it became apparent that it's not Vonage, but rather the patent system, which has the problem.

More here.

Senators Say White House Cut Deal With Panel on FISA

Ellen Nakashima writes in The Washington Post:

Senate Judiciary Committee members yesterday angrily accused the White House of allowing the Senate Intelligence Committee to review documents on its warrantless surveillance program in return for agreeing that telecommunications companies should get immunity from lawsuits.

Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) and Sen. Arlen Specter (Pa.), the ranking Republican, said any such agreement would be "unacceptable," signaling that legislation granting immunity to certain telecom carriers could run into trouble. Leahy and Specter demanded that the documents, which were provided only to the Intelligence Committee, be turned over to the Judiciary Committee as well.

At issue is a White House-endorsed measure that would give immunity to telecom carriers being sued for allegedly helping the National Security Agency spy on Americans after September 11, 2001. It is part of a larger bill to rework the Foreign Intelligence Surveillance Act (FISA). The Intelligence Committee has approved the bill and sent it to the Judiciary Committee for deliberation.

More here.

Toon of the Day: The Network


Click for larger image.


U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Oct. 22, 2007, at least 3,834 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,122 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

NeuStar Wins Contract for .US ccTLD

Via DomainNews.com.

NeuStar announced that it has been awarded the contract to operate and administer the .US Internet domain name registry. The official country-code top level domain (ccTLD) for the United States, .US is overseen by the United States Department of Commerce.

The original .US registry contract was awarded to NeuStar in June 2001, and is due to expire on October 25, 2007. The new contract term is for a base of three years beginning October 26, 2007, with the possibility of two one-year extensions.

More here.

Phishers (Almost) Scam Grocery Giant Out of $10M

Jaikumar Vijayan writes on ComputerWorld:

Apparently it's not just unwary individuals that fall victim to online scammers. Even large corporations, it seems, can get suckered into parting with their money by devious phishers.

Case in point: Eden Prairie, MN.-based grocery chain Supervalu Inc., which earlier this year got conned into depositing more than $10 million into two fraudulent bank accounts before recognizing the ruse. Details of the case are contained in court documents filed in connection with two forfeiture cases stemming from the incident.

More here.

The Disruptive Effect of DDoS Attacks

Dancho Danchev:

DDoS attacks happen inside Russia too, compared to the inside-to-outside stereotype only. The most recent case of hacktivism in the form of a DDoS attack is for instance the attack on Politcom.Ru Information and Analytic. Summary in English :

"Politcom.Ru Information and Analytic site operations have been halted because of intensive DDoS-attacks. The attacks started on October, 12th and lasted for six days with various intensity. The hosting support service has undertaken attempts to resume the site operations tree-four times a day. But in several hours the attacks would resume. The change of the hosting provider IP-address did not give any positive results, as the attacks removed from the old IP-address to the new one."

More here.

Immunity for Telecoms May Set Bad Precedent, Legal Scholars Say

Dan Eggen writes in The Washington Post:

When previous Republican administrations were accused of illegality in the FBI and CIA spying abuses of the 1970s or the Iran-Contra affair of the 1980s, Democrats in Congress launched investigations or pushed for legislative reforms.

But last week, faced with admissions by several telecommunication companies that they assisted the Bush administration in warrantless spying on Americans, leaders of the Senate intelligence committee took a much different tack -- proposing legislation that would grant those companies retroactive immunity from prosecution or lawsuits.

The proposal marks the second time in recent years that Congress has moved toward providing legal immunity for past actions that may have been illegal. The Military Commissions Act, passed by a GOP-led Congress in September 2006, provided retroactive immunity for CIA interrogators who could have been accused of war crimes for mistreating detainees.

More here.

AT&T Television Service Crashes

An AP newswire article by Michelle Roberts, via The Globe and Mail, reports that:

Customers of AT&T Inc.'s premium television service, U-verse, were hit with outages nationwide on Sunday, the company has confirmed.

The problems started everywhere early Sunday morning and, while AT&T was able to restore some local channels and popular cable news and sports networks within a few hours, full service wasn't restored until Sunday night, AT&T spokesman Michael Coe said Monday. Some customers had to reboot their cable box to get service restored.

The cause of the disruption remains under investigation, Coe said. He said the company was also reviewing its customer service policies after some users complained on Internet forums that they were unable to get customer service help when they needed it Sunday.

The outage is the latest glitch — and among the highest-profile — for U-verse, which uses a relatively untested technology to deliver television over a high-speed Internet connection.

More here.

Law Enforcement at Disadvantage in War on Cyber Crime

William Jackson writes on GCN.com:

The two things law enforcement and government need to combat the epidemic of cybercrime is better information sharing and better information to share, a panel of security experts on Capitol Hill concluded Monday.

The panel was put together by the Advisory Committee to the Congressional Internet Caucus to discuss cybersecurity threat assessment. The picture they painted was a familiar one of increasingly sophisticated online criminals responsible for a global crime wave that law enforcement has neither the technical nor legal resources to combat.

“Information sharing is one of the keys to solving this problem,” said Gary Warner, of the computer and information sciences department of the University of Alabama at Birmingham.

Warner said that when some banks began sharing lists of compromised IP addresses to compare with fraudulent account activity, they were able to prevent some losses. But that kind of cooperation still is not common, especially in government, said Keith Rhodes of the Government Accountability Office’s Center for Technology and Engineering.

More here.

World Series Ticket Demand Crashes Colorado Rockies' Web Servers - UPDATE

An AP newswire article, via MSNBC, reports that:

The Colorado Rockies suspended World Series ticket sales Monday after overwhelming demand crashed their computer system.

“Right now we’re shutting the system down,” club spokesman Jay Alves announced outside Coors Field, drawing boos from fans. “We expect to be online at some point.”

Alves had said last week that the Rockies were prepared for any computer problems.

On Monday, there were 8.5 million attempts to connect with the computers in the first 90 minutes after sales started, he said, and only several hundred tickets had been sold before the system had to be shut down.

More here.

UPDATE: 11:19 PDT, 23 October 2007: A spokesperson for the Colorado Rockies now says the outage was due to a "cyber attack". Details here.

Does Senate FISA Bill Immunize FBI 'Black-Bag Jobs'?

Declan McCullagh writes on C|Net's Iconoclast Blog:

A few decades ago, the FBI regularly conducted "black-bag jobs" that involved sneaking into homes, hotel rooms and offices with the cooperation of the building's owner or even a neighbor with a spare key. Locks were picked otherwise.

Because no judge had authorized the FBI's black-bag job, they were incredibly illegal. In the mid-1970s, the Church Committee famously disclosed the bureau's clandestine operations.

Now President Bush is backing a bill that seems to encourage the FBI to revert to some of its old habits.

The FISA Amendments Act, approved by a Senate committee last week, seems to immunize people who cooperated with the FBI, the CIA, the National Security Agency--and other even more shadowy agencies--that conduct black-bag jobs.

More here.

Spineocrat: A Dietary Supplement for Congressional Democrats



So very apropos.

By Mark Fiore. Via Mother Jones.

U.S. Official: International Hackers Going After Government Networks

Jeanne Meserve writes for CNN:

About 140 foreign intelligence organizations are trying to hack into the computer networks of the U.S. government and U.S. companies, a top counterintelligence official said.

Joel Brenner, the national counterintelligence executive, told CNN it is not accurate to blame only the Chinese government for recent penetrations of government computer systems.

"We get intrusions from all point of the compass. It is really misleading to focus on one country," he said. "They are coming from everywhere now. It is a pervasive problem."

Because it's easy for hackers to disguise where an attack originates, Brenner said, the best course of action is to tighten up one's own networks rather than to place blame.

More here.

Details of Hijacked 24/7 Ad Server Emerge

Gregg Keizer writes on ComputerWorld:

Hackers have hijacked a server operated by Internet advertising company 24/7 Real Media Inc. and are using it to seed legitimate Web sites with ads carrying attack code, Symantec Corp. said Friday.

Windows users who visited sites with the attacking ads were infected if they browsed with Microsoft Corp.'s Internet Explorer and had RealNetworks Inc.'s popular RealPlayer media player program installed on their PCs, Symantec said in an analysis written by three company researchers. This is the first time that malware has piggybacked on Internet ads served from a major advertising firm.

The attack should be a warning to the Web, said Andrew Storms, director of security operations at nCircle Network Security Inc. "So much of the content we consume today comes from many syndication services," Storms said in an e-mail interview. "We trust that the content provided to us by Internet 'blue chips' is safe from malware. "

More here.