Saturday, November 10, 2007

Toon of the Day: Dr. Strange Cheney

Click for larger image.

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Saturday, Nov. 10, 2007, at least 3,861 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,146 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Saturday, Nov. 10, 2007, at least 391 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Nov. 3, 2007, at 10 a.m. EST.

Of those, the military reports 262 were killed by hostile action.

More here and here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Maliciously Coded Online Ad Caused Arizona Star's Website Problems

Jack Gillum writes in The Arizona Daily Star:

A maliciously coded online advertisement was responsible for causing problems for Tucson Newspapers' Web sites this week, the company said Friday.

The ads, which the company said were purchased with a fraudulent credit-card number, directed some Web visitors to sites that could have installed harmful software, or "malware."

The problem was reported Wednesday by the Pima County Department of Environmental Quality, which advised its employees not to visit the Arizona Daily Star Web site over computer-safety concerns. When their employees visited the Star's site, anti-virus software alerted them of trouble.

More here.

Note: Although this item is a week old (3 November 2007), it highlights an ongoing problem.

(Hat-tip: Richard)

Update: Russian Hacker Gang Vanishes Day After Moving to China

Gregg Keizer writes on ComputerWorld:

The shadowy hacker and malware hosting network that only recently fled Russia to set up operations in China has now pulled the plug there and vanished yet again, researchers said late Friday.

The latest disappearing act of the Russian Business Network (RBN) has left researchers scratching their heads. "Where have they gone, that's the question," said an analyst with VeriSign's iDefense Labs, who wanted to remain anonymous, leery of retribution from the gang. "What's really interesting is how fast they shut everything down."

More here.

Note: Oh, they're still out there -- just a little more difficult to track. -ferg

Microsoft Drops IE's 'Click to Activate' ActiveX Controls

Gregg Keizer writes on ComputerWorld:

Microsoft Corp. will strip a "click to activate" warning from Internet Explorer 7 starting next month, a company product manager said yesterday, a side benefit of the settlement that Microsoft struck with Eolas Technologies Inc. in August.

Next month, Microsoft will preview the modified Internet Explorer (IE) that eliminates the warning that's been popping up on screens when users select multimedia content, such as clicking on a link to a Flash file or a PDF document. That notice first appeared in IE in April 2006, when Microsoft began requiring users to approve ActiveX controls the first time they were run from the browser.

More here.

Note: So, does this mean that malicious ActiveX controls can now be installed automagically? -ferg

Warnings of Cyber Crimes on Job Websites

Via ABC7/KGO-TV News.

When Shoku-Faye Fadavi of Concord lost her job recently, she applied for state unemployment benefits.

"One of the steps was you had to go on CalJobs and post your resume there," said Fadavi.

The rule appears on the state's Web site, so Shoku-Faye complied. Three days later she got an e-mail from Corporate Evaluation Consultants, who had seen her resume and wanted to hire her as a "mystery shopper."

"That might be fun, let's see what it is," said Fadavi.

Shoku-Faye figured it was legit, since it came through the state-run Web site. So she went for it, and soon after, she got a check in the mail.

More here.

(Props, Flying Hamster.)

In Passing: Norman Mailer

Norman Mailer
January 31, 1923 – November 10, 2007

Friday, November 09, 2007

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Nov. 9, 2007, at least 3,860 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,146 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, Nov. 9, 2007, at least 391 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Nov. 3, 2007, at 10 a.m. EST.
more stories like this

Of those, the military reports 262 were killed by hostile action.

More here and here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Diwali Surprise: IndiaTimes Website 'Attacks Visitors'

Dan Goodin writes on The Register:

Visitors to the IndiaTimes website are being bombarded by malware, some of which appear to target previously unknown vulnerabilities in Windows, a security researcher warns.

In all, the English-language Indian news site is directly or indirectly serving up at least 434 malicious files, many of which are not detected by antivirus software, according to Mary Landesman, a senior security researcher at ScanSafe. She said at least 18 different IP addresses are involved in the attack.

"The end result of the compromise is that the user, going through their normal course of activities, is subject to a really massive installation of malicious files," she told us. "Coupled with the low detection by antivirus vendors, it does put the end user in a very vulnerable position."

Visitors can be infected even if they have up-to-date systems and they don't fall victim to tricks to install software or browser add-ons, she said. She urged people to avoid the site until it's been cleaned up.

More here.

Note: With Diwali upon us, this is a very, very serious issue... - ferg

The Mercury News: 'Ghosts in the Browser'

Ryan Blitstein is the journalist behind the first of a three part article series today on organized cyber crime, and the threats it presents, in The San Jose Mercury News.

This neat video & slide set, complete with sound, also accompanies the series.

I thought I looked like I had been up for two days without sleep chasing cyber crooks. :-)


- ferg

Image source: The Mercury News

Rhode Island State Website Compromised


A computer hacker temporarily shut down a state Web site run by the secretary of state's office, forcing the cancellation of a local meeting.

A spokesman for Secretary of State Ralph Mollis says the Web site was taken off-line on Wednesday, after an in-house technology staff detected an unusual amount of Web site traffic and suspected a virus.

When problems continued, Mollis' staff brought in outside experts, who detected an attack by a computer hacker. Mollis spokesman Chris Barnett says no personal information is kept on the Web site, which posts information about public officials and records.

More here.

Botmaster Cops to Four Felonies - UPDATE

Dan Goodin writes on The Register:

An American computer security consultant has agreed to plead guilty to four felony counts related to a series of schemes that used botnets to steal PayPal and online banking identities of Windows users and install malware on more than 250,000 machines.

John Kenneth Schiefer, 26, of Los Angeles, faces a maximum sentence of 60 years in federal prison and a fine of $1.75m, according to documents filed Friday in federal court. He pleaded guilty to accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud.

Schiefer, who went by names such as "Acid" and "Acidstorm," has long been a fixture in underground hacking circles. He sometimes adorned his instant message handles with phrases such as "remember the name or feel the pain" and "crime pays, and it also has an excellent benefits package." He was employed at a Los Angeles-based security firm known as 3G Communications, where he sometimes carried out his crimes, according to court documents.

The plea agreement caps an investigation involving the FBI that began in 2005, said Assistant US Attorney Mark Krause. He declined to say if charges would be filed against several conspirators mentioned in court documents, who went by names including "revolt," "Harr0," "butthead," "pr1me" and "dynamic". The case is the first time a crime related to botnets has been charged under US wiretap statutes.

More here.

UPDATE: 19:20 PST: Reuters coverage here, via MSNBC. - ferg

In 2005, Visa Agreed To Give TJX Until 2009 To Get PCI Compliant

Evan Schuman writes on StorefrontBacktalk:

Back in late 2005, Visa knew of the extensive security problems at TJX but decided to give the retailer permission to remain non-compliant through Dec. 31, 2008, according to documents filed in federal court Thursday.

The Dec. 29, 2005, letter from Joseph Majka, a fraud control vice president for Visa, was written months after cyberthieves had already secretly infiltrated TJX's systems, starting the work that would ultimately become the worst data breach in credit card history.

More here.

Web Scammer Targets Senior U.S. Executives

Christopher Rhoads writes in The Wall Street Journal:

For months, a sophisticated hacker has been stealing the personal data of American corporate executives.

Hot on the hacker's trail is Joe Stewart. The former bass-guitarist-turned-cyber-sleuth stumbled onto the case in February. Since then, the 36-year-old Mr. Stewart has spent weeks in his office, in a nondescript building next to a half-abandoned strip mall here, virtually chasing the mysterious perpetrator across several continents. Mr. Stewart early on thought he had traced the scammer to China, then realized it was a false lead. Only when the perpetrator stumbled did Mr. Stewart get a break in the case.

Mr. Stewart, a top researcher for Atlanta-based Internet security firm SecureWorks Inc., says most of the scammed executives declined requests to discuss their experience. He says they include senior executives at Fortune 500 companies, working in industries from airlines and banks to manufacturing and pharmaceuticals. The number of those affected is likely in the thousands. In May, Mr. Stewart, who works closely with law enforcement, says he found one cache of data stolen by the scam from more than 1,400 executives.

More here.

Quote of the Day: Ed Felten

"To put it another way, although our national cybersecurity strategy might be announced in Washington, our national cybersecurity practice will be defined in the average Silicon Valley cubicle. It’s hard to see what government can do to affect what happens in that cubicle."

- Ed Felten, writing on Freedom to Tinker, regarding "How Can Government Improve Cyber-Security?"

DoJ Cracks Down on Internet Pharmacy

Grant Gross writes on InfoWorld:

Six men face charges of illegally distributing drugs through an Internet pharmacy, and the U.S. Department of Justice is seeking forfeiture of more than $40 million in profit from the operation.

The men, from the U.S. and Puerto Rico, were indicted Thursday in U.S. District Court for the Northern District of Iowa in Cedar Rapids, according to the DOJ.

The men, allegedly connected with, were charged with conspiring to illegally distribute more than 12 million narcotic pain pills and other controlled-substance medications through more than 246,000 prescriptions. They also face charges of maintaining a drug-involved premises and employing minors in a drug offense, the DOJ said in a news release.

The site was down Friday morning.

More here.

Bush Administration Plans To Classify Passenger Data

Ellen Nakashima writes in The Washington Post:

The Bush administration said yesterday that it probably would keep secret many documents requested by a privacy group about the negotiations between the United States and European officials concerning the sharing of airline passenger data.

At a hearing in U.S. District Court, government lawyers told Judge Ellen Segal Huvelle that they expected many of the 2,300 pages of documents sought would be classified and withheld.

More here.

Cybercrime: How Online Crooks Are Costing Us Billions of Dollars

Ryan Blitstein writes in The Mercury News:

Somewhere in St. Petersburg, Russia's second city, a tiny start-up has struck Internet gold. Its dozen-odd employees are barely old enough to recall the demise of the Soviet Union, but industry analysts believe they're raking in well over $100 million a year from the world's largest banks, including Wells Fargo and Washington Mutual.

Their two-year rise might be the greatest success story of the former Eastern Bloc's high-tech boom - if only it weren't so illegal. But the cash may be coming from your bank account, and they could be using the computer in your den to commit their crimes.

More here.

Thursday, November 08, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Nov. 8, 2007, at least 3,860 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,144 died as a result of hostile action, according to the military's numbers.
more stories like this

The AP count is five higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

xkcd: Making Up is Hard To Do

Click for larger image.

We love xkcd.

Pentagon Forecast: Cloudy, 80% Chance of Riots

Noah Shachtman writes on Danger Room:

The Pentagon is paying Lockheed Martin to try to predict insurgencies and civil unrest like the weather. It's part of a larger military effort to blend forecasting software with social science that has some counterinsurgency experts cringing.

Lockheed recently won a $1.3 million, 15-month contract from the Defense Department to help develop the "Integrated Crises Early Warning System, or ICEWS. The program will "let military commanders anticipate and respond to worldwide political crises and predict events of interest and stability of countries of interest with greater than 80 percent accuracy," the company claims. "Rebellions, insurgencies, ethnic/religious violence, civil war, and major economic crises" will all be predictable. So will "combinations of strategies, tactics, and resources to mitigate [against those] instabilities."

More here.

Note: That's a pretty dubious claim... using some software algorithm to predict civil unrest? Right.

Oh, wait -- this one goes one step further into unbelievability. - ferg

Military Spooks Need to Understand: JavaScript Reveals Your Activities, Too

Fun & games time.

Being an ex-Army COMSEC guy myself, who has worked for over 20 years in the networking & security industry, it never really ceases to amaze me that people don't really understand how to adequately cover their tracks.

I mean, the Bad Guys (tm) learned this a long time ago, so why haven't the assorted military and intelligence people also learned?

I ran across this log entry in my super-secret JavaScript tracker logs tonight:

Click for larger image.

So, having lived & worked in the Washington, D.C. area, and also being familiar with the "military industrial complex" -- as well as the "special" relationships between Beltway-area spook activities and other military command operations-- there's an interesting turn of events that can be gleaned in these two log entries.

First, it's pretty easy to connect the dots here -- clearly the people sitting behind computers at these locations are passing along information to one another, or came across the same memo, for reasons unknown (well, you can guess). Or maybe just a red flag on a widely cast net trawling for open source intelligence, who knows.

But I digress.

Both log entries -- first a host in Silver Springs, MD/Wash.D.C. area, and then immediately followed by a host located outside of Ft. Polk, Louisiana (Leesville, Louisiana) -- reference an Able Danger article I linked to by Shane Harris back in July 2007. Shane writes feature and investigative stories about intelligence, homeland security, and counterterrorism.

The Washington, D.C. Beltway Area, highlighting Silver Springs, MD.

It's anyone's guess who is actually behind the Silver Spring Verizon FiOS-connected host in Silver Springs [area map above], but just as an aside, Ft. Polk [area map below] is the home of the U.S. Military's Joint Readiness Training Center (JRTC).

Proximity of Leesville, LA. and Ft. Polk.

One further bit -- the system in Leesvile, LA, is has a static IP address, strongly suggesting that it is no home/consumer user:


Tracing route to []
over a maximum of 30 hops:


7 16 ms 17 ms 17 ms []
8 13 ms 14 ms 34 ms []

9 47 ms 35 ms 21 ms []
10 28 ms 34 ms 35 ms []

11 63 ms 69 ms 55 ms []
12 54 ms 66 ms 53 ms []
13 57 ms * * []

14 * 63 ms 60 ms [
15 88 ms 105 ms 87 ms []
16 79 ms 77 ms 89 ms []
17 97 ms 78 ms 87 ms []
18 90 ms 73 ms 75 ms [
19 74 ms 80 ms 77 ms [208.
20 86 ms 85 ms 82 ms []
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.

Lesson: Guys, please learn to cover your tracks a bit better.

- ferg

Skynet: UK Set For Military Space Launch

Jonathan Amos writes for The BBC:

The UK is due to continue the upgrade to its military satellite communications system with the launch of a new spacecraft.

The Skynet 5B platform will ride into orbit atop an Ariane 5 rocket from the Kourou spaceport, in French Guiana.

It will join the 5A satellite lofted successfully in March and which is already handling secure traffic for UK forces in Iraq and Afghanistan.

The £3.6bn Skynet project represents the UK's single biggest space venture.

More here.

Russian Business Network, Chinese Web Space, and Misdirection

Via RBN Exploit.

There has been recent speculation concerning the Russian Business Network (RBN) and its increasing use of Chinese web space. By way of discussing this topic it is useful to quantitatively view this aspect via a practical example. We can kill 2 birds with one stone and do this via a requested update on “iFrame Cash”.

The iFrame Cash is an active RBN enterprise we call here part of the RBN “Retail Division”. Simply the RBN pays webmasters or small web hosts a commission for planting or injecting IFrame exploits on web sites, this is done via the web site and others.

Iframedollars has recently changed its IP location as it has done regularly since 2004...

Much more here.

New York Indicts 17 on Trafficking, ID Thefts - UPDATE

An AP newswire article, via The Seattle Post-Intelligencer, reports that:

A grand jury has indicted 17 people and a corporation on charges of identity theft, worldwide trafficking in stolen credit card numbers and other crimes committed using the Internet, prosecutors said Wednesday.

The 173-count indictment, resulting from the second phase of a two-year investigation, says the defendants trafficked in more than 95,000 stolen credit card numbers and caused more than $4 million in credit card fraud.

The defendants ran Internet ads saying they had countless credit card numbers and other identifying information to sell to crooks, according to Manhattan Assistant District Attorney John Bandler. One of their Web sites was titled "The International Association for the Advancement of Criminal Activity."

Two of the defendants are a married couple, Vadim Vassilenko, 40, and Yelena Barysheva, 42, who pleaded guilty in September 2006 to falsifying business records and violating New York banking law by running an unlicensed check cashing and money transfer business.

More here.

UPDATE: 19:48 PDT: Additional info here. (Props, Dragos.) - ferg

DHS: Secure Flight Budget Holdups Could Keep Air Travelers Playing Name Game

Ben Bain writes on

What’s in a name? For some travelers flying to, from and around the United States since the 2001 terrorist attacks, it’s everything.

And fliers whose names resemble or match those on the government’s no-fly list, which officials use to ground air passengers, won’t catch a break at the check-in counter as long as the Bush administration’s Secure Flight initiative goes unfunded, the Homeland Security Department’s screening chief said today.

More here.

Ukrainian eBay Scam Turns Down Syndrome Man Into Cash Machine

Dan Goodin writes on The Register:

In late September, Mark Hartman received an email from eBay's Trust and Safety department informing him that his bid on a high-end road bike had been canceled because the auction was suspected to be fraudulent. There was only one problem: He had already mailed a cashiers check for for more than $1,500 to a man 2,300 miles away.

"I had a sinking feeling after I got the email that if I didn't intercept [the check] in this person's hands I'd never see it again," said Hartman, who lives in Sammamish, Washington. "I'm the type of person who does not like to be duped."

Hartman soon realized he was on the losing end of a scam that plays out regularly at the online auction house. In it, eBay accounts with immaculate user feedback scores are hijacked by overseas con artists who figure out a way to crack the user's password. The scammers then fleece unsuspecting buyers with sham auctions for cars, exercise equipment and other pricey merchandise.

More here.

Hackers Infect Alicia Keyes’s MySpace Page - UPDATE

Brad Stone writes on the NYT Bits Blog:

The MySpace page of singer Alicia Keyes has become the latest vehicle for malware on the Web.

Researchers at the Atlanta, GA-based Exploit Prevention Labs have discovered multiple hacked MySpace pages, including the personal page of the R&B artist. Also hacked were pages for Greements of Fortune, a French funk band, and Dykeenies, a rock band from Glasgow.

When visitors click almost anywhere on these infected site, they are directed to, which appears to be a Chinese malware site. The visitors then see a box on their screen telling them they need to install a special codec to view the video – a legitimate possibility on any site rich in media. But if the visitor clicks ‘yes’, the site installs software that appears to be a rootkit and DNS changer. This would allow the hackers to take over what you see on your browser and what you download onto your computer.

More here.

UPDATE: 19:31 PDT: While Roger Thompson & Exploit Prevention Labs gets the high-five for publicizing this particular hack, Christopher Boyd over at started discovering these MySpace Background Hacks a few days ago.

Props, paperghost. - ferg

UPDATE: 10:09 PDT, 9 November 2007: paperghost is pretty pissed. - ferg

U.S. Lawmakers Defer FISA Legislation Vote For A Week

A Dow Jones newswire article, via CNN/Money, reports that:

Lawmakers on the U.S. Senate Judiciary Committee Thursday deferred a vote on controversial legislation underpinning the government's warrantless wiretapping program until next week.

Sen. Arlen Specter, R-Pa., the ranking minority member of the panel, made the request to delay consideration of the bill after the Committee Chairman Sen. Patrick Leahy, D-Vt., proposed a lengthy series of amendments to the bill at a mark-up.

The committee leadership had already determined that any decision on the most contentious aspect of the legislation - whether to grant telephone companies immunity for participating in the warrantless wiretapping program - would not be made until next week.

More here.

(Props, Pogo Was Right.)

Website for Computer Security Experts Hacked

Click for larger image.

John Leyden writes on The Register:

First Forensic Forum - a UK based association of computer security professionals - has been hacked.'s website was defaced [screen shot above] with a message poking fun at the association of computer forensic experts. The timing of the defacement on Thursday was fortuitous (or well planned) since the organisation is coming to the end of a two day conference.

More here.

Image source: The Register

Internet Governance: U.S. Control Over Internet Debated

An AP newswire article by Anick Jesdanun, via The Globe and Mail, reports that:

Debate over U.S. control of core Internet systems threatens to overtake an international meeting in Brazil next week that was meant to cover topics including spam, free speech and cheaper access.

The Internet Governance Forum is the result of a compromise world leaders reached at a UN summit in Tunisia two years ago. They agreed to let the United States remain in charge.

But they established an annual forum to discuss emerging issues, including whether control of how Internet addresses are assigned — and thus how people use the Internet — should remain with the U.S. government and an American non-profit.

Many countries complained U.S. dominance wasn't discussed enough during the first forum last year, in Athens. In meetings leading to the second round opening in Rio de Janeiro on Monday, China, Iran, Russia and Brazil, among others, won an opening-day panel devoted to “critical Internet resources.”

More here.

New Paper: 'Net Neutrality as Global Principle for Internet Governance'

Brenden Kuerbis writes on the Internet Governance Project Blog:

As a contribution to the 2007 UN Internet Governance Forum (IGF), IGP has released a new paper [.pdf] showing how network neutrality can serve as a globally applicable principle to guide Internet governance. The paper defines network neutrality as the right of Internet users to access content, services and applications on the Internet without interference from network operators or overbearing governments.

It also encompasses the right of network operators to be reasonably free of liability for transmitting content and applications deemed illegal or undesirable by third parties. Those aspects of net neutrality are relevant in a growing number of countries and situations, as both public and private actors attempt to subject the Internet to more control.

More here.

Votes Flipped in Ohio Race that Used E-voting Machines

Kim Zetter writes on Threat Level:

Votes cast yesterday on e-voting machines made by Election Systems & Software went to the wrong candidates, according to officials in Lawrence County, Ohio.

Although a tally printed from the machines at the end of the day and posted on the door of a county precinct got the numbers correct -- 374 votes for Bill Robinson in the Hamilton Township trustee position and 170 votes for Allan Blankenship -- a tabulation machine at the county's headquarters flipped the numbers and gave 374 to Blankenship and 170 to Robinson. Officials noticed the problem when they compared the two tallies.

Lawrence County Election Director Catherine Overbeck told me that officials have called in technicians from ES&S to investigate the problem. She didn't say how they determined that the report from the voting machines was correct and the one from the tabulation machine incorrect. The votes on the tabulation machine are tallied from memory cartridges retrieved from the voting machines.

More here.

EU Presses U.S. to Change Internet Gambling Law

Doug Palmer writes for Reuters:

The United States must change an Internet gambling law that discriminates against European companies by preventing them from offering services in the U.S. market, the European Union's top trade official said on Thursday.

"What we need to see is a change in U.S. legislation that removes that discrimination against EU operators," EU Trade Commissioner Peter Mandelson told reporters before heading to Capitol Hill to discuss the issue with U.S. lawmakers.

More here.

FBI: Al Qaeda May Strike U.S. Shopping Malls in LA, Chicago

Richard Esposito and Vic Walter report on ABC News' "The Blotter":

The FBI is warning that al Qaeda may be preparing a series of holiday attacks on U.S. shopping malls in Los Angeles and Chicago, according to an intelligence report distributed to law enforcement authorities across the country this morning.

The alert said al Qaeda "hoped to disrupt the U.S. economy and has been planning the attack for the past two years."

Law enforcement officials tell that the FBI received the information in late September and declassified it yesterday for wide distribution.

The alert, like similar FBI and Department of Homeland Security terror alerts issued over the past five years at holiday times, raised questions about the credibility of the information.

More here.

Note: As if Christmas shopping weren't horrifying enough already... - ferg

Wednesday, November 07, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Nov. 7, 2007, at least 3,858 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,140 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Gapingvoid: All Control...

Via Enjoy!

Specter Floats 'Compromise' on FISA Telecom Immunity

Manu Raju writes on The Hill:

The top Republican on the Senate Judiciary Committee is drafting a compromise to resolve the thorny issue of whether to provide retroactive liability protections for the phone companies that allegedly participated in the Bush administration’s secret wiretapping program.

At a markup on a bill to overhaul the 1978 Foreign Intelligence Surveillance Act (FISA), Sen. Arlen Specter (R-Pa.) plans to offer an amendment that would make the federal government — instead of the phone companies — the defendant in about 40 pending lawsuits across the country.

The mark up starts Thursday and will continue next week.

More here.

Note: SAY NO! to any compromise on telecom immunity. - ferg

Opinion: Mukasey’s Homeland Security Kangaroo Court

Michael Hampton writes on Homeland Stupidity:

One of the requirements for a totalitarian police state is a system of kangaroo courts, star chambers which operate in secret and in parallel to the existing judicial system to convict political prisoners of pretended crimes against the state, which could never survive in the regular courts. And former judge Michael Mukasey, nominee for U.S. Attorney General to replace Alberto Gonzales, has proposed that the United States adopt such a system of courts.

In a little-noticed opinion piece in the Wall Street Journal in August, Mukasey argued that terrorism trials in regular courts exposed too much information to the enemy, undermining national security. The existing legal system, he says, is “strained and mismatched” to the task of dealing out justice to those accused of terrorism.

Mukasey cites two proposals, one by former deputy attorney general George Terwilliger to authorize detention of suspects before they have committed any crime, and one by Andrew C. McCarthy and Alykhan Velshi of the Center for Law & Counterterrorism to create national security courts which would try suspects — foreigner and American alike — in secret. The McCarthy-Velshi proposal would apply to “international terrorism and other national security issues.”

More here.

Image of the Day [2]: Welcome to the 700 Club, Rudy

Go figure.

Image source:

Surveillance Infrastructure Creeps Forward in D.C.

Jim Harper writes on The Technology Liberation Front:

The D.C. Examiner reported yesterday that the D.C. Department of Motor Vehicles plans to embed drivers’ licenses with SmarTrip chips, the RFID chips increasingly used to access the Metro system.

This is another step taken to make Metro access more convenient - oh, and more subject to surveillance.

The SmarTrip card is an RFID-chipped card that controls access to Metro stations and deducts fares from users’ card-based accounts.

Metro has long encouraged people to register their cards, because this allows lost cards to be cancelled and new ones issued, preserving the value of the lost card. Registration of the card, of course, allows Metro to correlate use of the card with a particular person. It’s a bearer document, but a SmarTrip card is usually used by the same person, which is usually the person who registered it.

More here.

Encrypted E-Mail Company Hushmail Spills to Feds

Ryan Singel writes on Threat Level:

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."

But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

A September court document [.pdf] from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.

The court revelation demonstrates a privacy risk in a relatively-new, simple webmail offering by Hushmail, which the company acknowledges is less secure than its signature product.

More here.

Note: If you want e-mail privacy, get yourself a copy of PGP, and use it. - ferg

15,000 People Want Off The U.S. Terror Watch List

Mimi Hall writes on USA Today:

More than 15,000 people have appealed to the government since February to have their names removed from the terrorist watch list that delayed their travel at U.S. airports and border crossings, the Homeland Security Department says.

The complaints have created such a backlog that members of Congress are calling for a speedier appeal system that would help innocent people clear their names so they won't fall under future suspicion. Among those who have been flagged at checkpoints: toddlers and senior citizens with the same names as suspected terrorists on the watch list.

The Homeland Security Department says it gets about 2,000 requests a month from people who want to have their names cleared. That number is so high that the department has been unable to meet its goal of resolving cases in 30 days, says Christopher White, spokesman for the Transportation Security Administration, which handles the appeals. He says the TSA takes about 44 days to process a complaint.

In February, the TSA launched the Traveler Redress Inquiry Program, a one-stop shop for people to appeal links to the watch list, which flags anyone with potential ties to terrorism. The list has more than 750,000 names.

More here.

Quote of the Day: Russ Feingold

"If we want companies and the government to follow the law in the future, retroactive immunity sets a terrible precedent."

- Russ Feingold, U.S. Senator from Wisconsin, writing in a letter to the editor of the New York Times.

RBN Goes Dark to Relocate; May Be Moving to China

Gregg Keizer writes on ComputerWorld:

The Russian Business Network (RBN), a notorious hacker and malware hosting organization that operates out of St. Petersburg, Russia, has gone off the air, security researchers said today.

According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. "The routing information for their IP addresses has been withdrawn," said Paul Ferguson, a network architect at Trend Micro. "That's significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they've been voluntarily withdrawn."

"This is not the result of someone, such as their ISP, blackholing their traffic," Ferguson continued. "This was done voluntarily." Another report, however, on The Washington Post's Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October.

More here.

Senator Dodd Posts Video of Interview with AT&T Whistleblower Mark Klein

Via The EFF.

Senator Chris Dodd has posted a YouTube video of an interview with AT&T Whistleblower Mark Klein...


Image of the Day: Don't Phase Me, Bro!

Via LOLbots.

Criminal Hackers Gaining Advantage

David Finlayson writes in The Edmonton Journal:

Technology's becoming so fast and complex it's outstripping our ability to keep out hackers and criminals, computer security guru Bruce Schneier said Monday.

"Complexity is the worst enemy of security," Schneier told the Canadian Information Processing Society (CIPS) conference Monday. "It's getting worse faster than security is getting better, and we have no idea how to fix this."

More here.

(Props, Flying Hamster.)

Russian Business Network: Down, But Not Out

Brian Krebs writes on Security Fix:

A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be building a new home for itself elsewhere on the Web.

The Russian Business Network, an ISP and Web hosting provider long based in St. Petersburg, Russia, this week relinquished most of its allocated Internet addresses after a number of its main upstream Internet providers severed ties with the group.

More here.

Tuesday, November 06, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Nov. 6, 2007, at least 3,858 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,138 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Surveillance Story: Former Technician 'Turning In' AT&T Over NSA Program

Ellen Nakashima writes in The Washington Post:

His first inkling that something was amiss came in summer 2002 when he opened the door to admit a visitor from the National Security Agency to an office of AT&T in San Francisco.

"What the heck is the NSA doing here?" Mark Klein, a former AT&T technician, said he asked himself.

A year or so later, he stumbled upon documents that, he said, nearly caused him to fall out of his chair. The documents, he said, show that the NSA gained access to massive amounts of e-mail and search and other Internet records of more than a dozen global and regional telecommunications providers. AT&T allowed the agency to hook into its network at a facility in San Francisco and, according to Klein, many of the other telecom companies probably knew nothing about it.

More here.

Gapingvoid: The Flow

Via Enjoy!

Developments in The Hans Reiser Murder Case

David Kravets gives us the update over on Threat Level:

As Linux engineer Hans Reiser's murder trial ended its first day here Tuesday, the rift between the defendant and his attorney appeared to be fracturing even more.

William DuBois, who is Reiser's chief defense attorney, was clearly agitated by his client as proceedings finished up here about 4:30 p.m. Pacific. "My client was once again interrupting me," DuBois told Superior Court Judge Larry Goodman, who was listening to DuBois' motion in a bid to exclude evidence from jurors.

Dubois also told the judge, outside the jury's presence, that he hoped Reiser, who has pleaded not guilty, "keeps his insistences to a minimum."

More here.


RBN: 'I See Alive IFRAMEs Everywhere' - UPDATE

Dancho Danchev:

During the weekend, the entire which is among the most popular Russian news portals, was marked as as "this site may harm your computer" by due to an IFRAME embedded link pointing to where else if not to the RBN.

Considering that each and every embedded malware attack during 2007 that I assessed in previous posts, had something to do with the RBN in the form of a single RBN IP which was used in numerous malicious activities all at once, different sites get embedded with it, blackhat SEO postings at different forums etc. in this one the parties behind the attack dedicated a special IP with what looks like as a clean IP reputation.

More here.

Note: Oddly enough, IP prefixes from RBN strangely disappeared from the global routing system today... stay tuned. - ferg

No Safe Corner of The Web: Thousands Snared by Malware Warning From Big-Name Websites

Dan Goodin writes on Channel Register:

Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns.

The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code hardwired into the ads prompts a pop-up that warns of a bogus security threat on the visitor's machine. It offers to fix the problem in exchange for a fee and for credit card information. The ad then attempts to install a back door on the victim's machine.

More here.

Judge Orders Telcos to Preserve Evidence in Government Surveillance Cases

Via The EFF.

A federal judge today ruled on a preservation motion filed by the Electronic Frontier Foundation (EFF), ordering that telecommunications companies must preserve any evidence of collaborating with the government in illegal spying on ordinary Americans.

In his ruling, U.S. District Court Judge Vaughn Walker ordered the telecommunications companies to halt any routine destruction of documents or to arrange for the preservation of accurate copies. On December 14, each party must provide the court with confirmation that the court's order has been carried out. The court order did not require the government or the carriers to reveal whether or not they had any relevant evidence.

The government and the carriers had opposed the preservation motion, claiming that the government's invocation of the state secrets privilege made it impossible to proceed with a preservation order. In litigation, parties are typically required to preserve all relevant evidence.

More here.

Microsoft Fires CIO

An AP newswire article, via, reports that:

Microsoft Corp. has fired its chief information officer, saying he violated company policies, but a spokesman declined to give the exact reason for the dismissal.

Stuart Scott's employment with Microsoft was terminated after an investigation for violation of company policies," said Microsoft spokesman Lou Gellos, reading from a company statement Tuesday.

Gellos said Scott was dismissed Friday. He would not elaborate further.

More here.

FBI to Bolster Employee Internet Access

Ben Bain writes on

The FBI will begin issuing BlackBerry smart phones to an additional 7,000 employees kicking off a series of initiatives that during the next two years will bolster the number of agents and analysts with Internet access at their desks.

Nearly all employees have a computer that links to the FBI’s classified network at their workstations, but only about a third have access to the public Internet, because of security concerns. FBI policy prohibits using the same operating system to access the Internet and the agency's classified network.

More here.

White House Asks For $154M in New Cyber Security Spending

Jason Miller writes on

White House officials today asked Congress for more than $436 million in new cybersecurity and counterterrorism programs in the Homeland Security and Justice departments’ fiscal 2008 spending bills.

“These amendments are necessary to enhance Federal civilian agency cybersecurity and strengthen defenses to combat terrorism,” President George Bush wrote in a letter to House speaker Nancy Pelosi (D-Calif.).

More here.

India: Man Wrongly Detained for 50 Days Has ISP to Thank

Dan Goodin writes on The Register:

Police in India wrongfully arrested and detained a Bangalore man for 50 days after internet service provider Airtel mis-identified him as the person who posted images on Orkut that insulted a revered historical figure.

Lakshmana Kailash K., a 26-year-old techie, was arrested at his home on August 31 and transported to Pune, more than 10 hours away, according to news reports. He was held for 50 days and was released three weeks after police claimed to have apprehended the real people responsible for the posting.

More here.

Deploying Encryption to Protect Against ISPs

Andreas M. Antonopoulos writes on NetworkWorld:

An old cipherpunk saying goes, “There’s power in numbers — large prime numbers.” Encryption is a very powerful tool that's used by almost all companies to secure data in transit over untrusted networks. Up to now we’ve used encryption to protect against criminal elements, but what about using it to protect our data from service providers?

Encryption can shield our data from overzealous “traffic management,” which is what some providers are calling it when they send a TCP RST to both ends of traffic that they don’t like. I call that denial of service.

More here.

Four Horsemen Alert: Can Extremist Web Sites Be Stopped?

A Reuters newswire article by Michael Holden, via PC World, reports that:

From behind a computer keyboard at his London home, student Younes Tsouli used the Internet to spread al Qaeda propaganda, recruit suicide bombers and promote Web sites that encouraged the killing of non-Muslims.

The Moroccan-born student and two accomplices, one of whom he had never met in person, went on to become the first to be jailed in Britain for inciting terrorism over the Internet.

In September, a Scottish student described as a "wannabe suicide bomber" was imprisoned for eight years for owning terrorism material and distributing it via Web sites.

The two cases are examples of what Western authorities believe is the dangerous and growing role the Internet plays in spreading extremist propaganda and recruiting sympathizers to Islamist militant causes.

More here.

Note: The "Four Horsemen of the Information Apocalypse" is a term originally coined by Bruce Schneier, referring to terrorists, drug dealers, kidnappers, and child pornographers, and the ways in which governments can frighten the public into granting it additional powers it doesn’t really need. - ferg

Image source: Sheri Gordon

Dutch Government Admits Spying on News Agency

Via Spiegel Online International.

The Dutch government admitted Monday that some of its officials had illicitly accessed the computer system of Dutch news agency GPD, which supplies more than a dozen newspapers in the Netherlands and Belgium. The agency's editor-in-chief, Marcel van Lingen, accused the government of spying, telling the Dutch broadcaster NOS that the Social Affairs Ministry had "used stolen information to influence (our) reporting."

In a letter to parliament, Social Affairs Minister Piet Hein Donner confirmed that several employees in his ministry's communications department had been accessing the GPD network since the middle of 2006.

More here.

F-Secure: Mac OS DNS Changer Trojan 'Not an Isolated Incident'

Mikko Hyppönen writes on the F-Secure "News from the Lab" Blog:

Looks like the Mac Trojan we posted about last week was not an isolated incident.

The gang behind it seems serious about targeting Mac users as well as Windows users. And they keep putting out slightly modified versions of the trojan for the Mac too...

More here.

Pentagon: New Robot Army Will Be Controlled by Malware

Lewis Page writes on The Register:

A US defence department advisory board has warned of the danger that American war robots scheduled for delivery within a decade might be riddled with malicious code. The kill machines will use software largely written overseas, and it is feared that sinister forces might meddle with it in production, thus gaining control of the future mechanoid military.

The most eye-catching of the equipment mentioned is the lineup of the US Army's Future Combat Systems (FCS) programme. FCS was originally supposed to include a wide range of deadly unmanned systems, including a small, possibly rocket-firing flying Dalek, a heavily armed autonomous helicopter gunship, and a robot tank packing guided missiles and cannon. There would also be intelligent sensor minefields, droid-mule transport systems and loads of other stuff; and all of it is supposed to be linked together by a data network.

More here.

Note: Can anyone say "Skynet"? - ferg

Quote of the Day: Declan McCullagh

"I wish Lantos was as enthusiastic about free speech and privacy for Americans as he is for Chinese citizens, but his record on those topics isn't great."

- Declan McCullagh, live-blogging the U.S. Congressional hearing entitled "Yahoo! Inc.'s Provision of False Information to Congress."

CQ: Hoping To Catch Terrorists, FBI Followed Falafel Trail

Justin Rood writes on ABC News' "The Blotter":

Hoping to catch Iranian terrorists in the United States, the FBI analyzed California grocery sales records to find patterns in the sales of Middle Eastern items, according to Congressional Quarterly's Jeff Stein.

The veteran national security writer reported that in 2005 and 2006, FBI agents "sifted through customer data collected by San Francisco-area grocery stores," with the idea that "a spike in, say, falafel sales, combined with other data, would lead to Iranian secret agents."

An FBI spokesman declined to confirm or deny whether the FBI conducted such a data-mining effort. "It sounds pretty sensational to me," Stein quoted spokesman Paul Bresson as saying.

More here.

Image source:

WabiSabiLabi Founder Arrested in Italy

Robert McMillan writes on ComputerWorld:

A founder of security start-up WabiSabiLabi Ltd. was among those arrested by Milan police in connection with an ongoing spying scandal at Telecom Italia, according to published reports.

Roberto Preatoni was charged Monday with unauthorized access to computer systems and wiretapping, said the reports (in Italian). Sources confirmed he is the same Roberto Preatoni who is a founder and director of strategy at WabiSabiLabi. A representative of the security start-up declined to comment today. He said the company would send an e-mail statement later in the day.

Preatoni's company was launched in July, billing itself as an online marketplace for exploit code that could be used to hack into computer systems. Legitimate companies such as 3Com Corp. and VeriSign Inc. have paid for this type of code in the past, but WabiSabiLabi was the first open marketplace for such software. Preatoni, who spoke at Microsoft's Blue Hat security conference just weeks ago, billed his marketplace as a mechanism that would allow independent security researchers to get paid for their work.

More here.

Monday, November 05, 2007

Image of the Day: It Takes a Lot of Faith

Image source: Something Awful

Quote of the Day: Philip Baruth

"Chuck Schumer and Dianne Feinstein just green-lighted torture."

- Philip Baruth, a blogger quoted in this MSNBC article on the unconscionable Democratic response in the Michael Mukasey confirmation.

House Committee Chair Blasts Yahoo! On Chinese Journalist Case


A House committee chairman angrily rejected Sunnyvale-based Yahoo Inc.'s explanation for why it provided incomplete information to Congress about its role in the arrest of a Chinese journalist.

Foreign Affairs Committee Chairman Tom Lantos said Monday that Yahoo's behavior was "inexcusably negligent" at best and "deliberately deceptive" at worst.

Yahoo's general counsel will appear before the committee on Tuesday.

More here.

Background here. - ferg

Seattle Man Admits to ID Theft via File-Sharing

An AP newswire article, via Yahoo! News, reports that:

A Seattle man charged with using online file-sharing programs such as Limewire to commit identity theft pleaded guilty Monday in federal court.

Gregory Kopiloff, 35, pleaded guilty to one count each of mail fraud, accessing a protected computer without authorization to further fraud, and aggravated identity theft.

As part of a plea agreement, another count of aggravated identity theft was dropped.

Kopiloff acknowledged using file-sharing programs to invade victims' computers to get access to their personal information in tax returns, credit reports, bank statements and student financial aid applications. He then used that information to open credit lines and shop online.

Kopiloff admitted using the personal information of more than 50 people to fraudulently purchase and resell more than $73,000 in merchandise.

More here.