Saturday, December 15, 2007

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Saturday, Dec. 15, 2007, at least 3,892 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,168 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Saturday, Dec. 15, 2007, at least 401 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Dec. 8, 2007, at 10 a.m. EST.

Of those, the military reports 271 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Wackenhut Fired After 'Sleeping Guards' Discovered at U.S. Nuclear Facility


Via CBS3.com.

Exelon Corp. said Friday it will replace Wackenhut Corp. with an in-house security force at its 10 nuclear power plants following the discovery earlier this year that guards at a Pennsylvania plant were sleeping on the job.

The announcement came 2 1/2 months after Exelon terminated its contract with Wackenhut at the Peach Bottom nuclear power plant in south-central Pennsylvania after security officers were videotaped nodding off or dozing.

Exelon said it was acting even though a review of security at its other plants found "no significant deficiencies." The change is to be made by next July.

The Chicago-based company was under pressure to take the action following an uproar over the video and other alleged sleeping incidents.

On Thursday, the U.S. Nuclear Regulatory Commission directed operators of commercial nuclear power plants to provide it new information about their security practices after reports of recent lapses.

More here.

Hat-tip: Flying Hamster

Remember - Honor - Teach


Via Wreaths Across America.

The Wreaths Across America story began over 15 years ago when Worcester Wreath Company (a for-profit commercial business from Harrington, Maine) began a tradition of placing wreaths on the headstones of our Nation's fallen heroes at Arlington National Cemetery.

Over that period of time, Worcester Wreath has donated 75,000 wreaths which were placed by volunteers in a wreath-laying ceremony each December.

More here.

Image source: Wreaths Across America


You Are Not Forgotten.

U.S. Bill of Rights Day: Let's See Where We Stand...


Tim Lynch writes on CATO@Liberty:

Since today is Bill of Rights Day, it seems like an appropriate time to pause and consider the condition of the safeguards set forth in our fundamental legal charter.

Let’s consider each amendment in turn.

Much more here.

Wider Spying Fuels Aid Plan for Telecom Industry


Eric Lichtblau, James Risen, and Scott Shane write in The New York Times:

For months, the Bush administration has waged a high-profile campaign, including personal lobbying by President Bush and closed-door briefings by top officials, to persuade Congress to pass legislation protecting companies from lawsuits for aiding the National Security Agency’s warrantless eavesdropping program.

But the battle is really about something much bigger. At stake is the federal government’s extensive but uneasy partnership with industry to conduct a wide range of secret surveillance operations in fighting terrorism and crime.

The N.S.A.’s reliance on telecommunications companies is broader and deeper than ever before, according to government and industry officials, yet that alliance is strained by legal worries and the fear of public exposure.

To detect narcotics trafficking, for example, the government has been collecting the phone records of thousands of Americans and others inside the United States who call people in Latin America, according to several government officials who spoke on the condition of anonymity because the program remains classified.

More here.

UK: Chinese Hackers Break Into Olympic Sports Databases

Owen Slot writes on The Times Online:

Computer hackers in China have broken into the information databases of the governing bodies of two British Olympic sports and, The Times can reveal, the Olympic family in the UK has been alerted that, with the Beijing Games less than eight months away, those threatening their security may be doing so to gain an illegal competitive advantage.

The first sport targeted was GB Canoeing, which was hit in October. The other Olympic sports in Britain were immediately informed, but the IT system of the Amateur Boxing Association of England (ABAE) was then subject to eight attacks over a three-week period and two investigations have traced all this activity back to internet protocol (IP) addresses in China. “This wasn’t kids mucking around,” Paul King, the ABAE chief executive, said. “This was a real professional job.”

More here.

Hat-tip: Flying Hamster

Another Subtle Sign That The PLA Places High Value in Cyber Warfare...


Via The Peoples Daily Online.

A total of 116 civilian universities in China have trained 65,000 reserve military officers for the People's Liberation Army (PLA) in the last eight years, in line with the government's strategy of "using science and technology to strengthen the army".

The figures were revealed on Thursday at a conference on training reserve military officers in civilian universities, jointly held by the Ministry of Education (MOE) and the PLA General Political Department.

More here.

Hat-tip: Haft of the Spear

Friday, December 14, 2007

Details of CIA Tapes Inquiry Now Being Withheld From Congress

U.S Attorney General Michael Mukasey.


An AP newswire article, via MSNBC, reports that:

Attorney General Michael Mukasey refused Friday to give Congress details of the government's investigation into interrogations of terror suspects that were videotaped and destroyed by the CIA. He said doing so could raise questions about whether the inquiry is vulnerable to political pressures.

In letters to leaders of the House and Senate Judiciary committees that oversee the Justice Department, Mukasey said there is no need right now to appoint a special prosecutor to lead the investigation. The preliminary inquiry is being handled by the Justice Department and the CIA's inspector general.

More here.

Air Amerika: Boeing Subsidiary Accused of Helping CIA Rendition Program


An AP newswire article by Jason Dearen, via The Boston Globe, reports that:

A Boeing subsidiary accused of helping the CIA secretly fly terrorism suspects to be tortured in overseas prisons openly acknowledged its role in the "extraordinary rendition" program, a former employee of the smaller company said in court papers Friday.

The American Civil Liberties Union has filed a federal suit claiming Jeppesen Dataplan Inc. enabled the clandestine transportation of five terrorism suspects to overseas locations where they were subjected to "forms of cruel, inhuman and degrading treatment."

The U.S. government has asked a federal judge to throw out the lawsuit on the basis that trying the case would result in the release of sensitive state secrets.

More here.

Image source: b00mb0x.org

India: Hacker Caught in Police Net in Bangalore

Via The Hindu.

The cyber crime police arrested a man who allegedly hacked the internet banking accounts of several customers after stealing data from computers they had used at cyber cafés and siphoned off lakhs of rupees from their accounts.

Director-General of Police (Corps of Detectives) Ajai Kumar Singh on Friday said Joseph of Virudanagar in Tamil Nadu, who had a diploma in computer science, was the kingpin of the 12-member gang they had arrested.

The police had found 100 bank account numbers, passwords and other details of individual customers from Joseph’s three email accounts. HDFC Bank, Citibank, Axis Bank and ICICI Bank had confirmed the authenticity of about 70 existing accounts and passwords that were found in these accounts, Dr. Singh said in a press release. Joseph’s accomplices approached cellphone holders in Karnataka, Kerala and Mumbai and offered them currency recharge at huge discounts. They provided the cellphone numbers to Joseph who recharged them by hacking into bank accounts and transferring funds online.

More here.

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Dec. 14, 2007, at least 3,891 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,168 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Dec. 14, 2007, at least 401 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Dec. 8, 2007, at 10 a.m. EST.

Of those, the military reports 271 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

European Parliament: Anti-Terror Efforts Have Gone Too Far


Via UPI.

The European Parliament says the EU Commission and member states have overreached in their reaction to terrorism, endangering citizens' privacy and rights.

In a broad-ranging resolution this week, the Parliament opposed the establishment of a European air passenger personal data system like the one run in America by the U.S. Department of Homeland Security.

The resolution, passed Wednesday 359-293 with 38 abstentions, called any form of profiling or data-mining in EU counter-terrorism measures "unacceptable."

It expressed concern about the growing use of existing EU immigration databases, including one of asylum-seekers, for counter-terrorism purposes; and about the European Commission's proposal to collect Passenger Name Records from the airlines as the United States and Canada currently do.

More here.

Image of the Day: Incompetence? Or Capitulation?




Image source: Scholars & Rogues.

Story: Threat Level.

Deloitte Partner, Principal Confidential Information on Stolen Laptop

Dan Kaplan writes on SC Magazine US:

A laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and other employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents, SCMagazineUS.com learned today.

The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates, according to a Dec. 6 letter Deloitte sent to victims. Some of the information belonged to people working at Deloitte subsidiaries.

The laptop, stolen during Thanksgiving week, was protected by a password but was not encrypted, according to the letter. Deloitte has no evidence any of the data has been used for fraudulent purposes, and police are investigating.

A company spokeswoman, in an email to SCMagazineUS.com, declined to reveal specifics about the incident.

More here.

University of Michigan-Flint Computers Compromised

Josh DeVine writes on ABC12.com:

A security alert on the University of Michigan-Flint campus has been issued after someone hacked several servers, perhaps putting personal information at risk.

It's a slow time of year on campus, but the university's computer experts, as well as the FBI, are on the case.

The University of Michigan-Flint e-mailed students, staff and faculty a "security alert."

The university learned of the problem December 6. Someone, "gained access to several servers."

The university told the campus community that it's working to determine the scope of the breach, but for now, can't say what type of information may have been jeopardized.

More here.

(Props, Pogo Was Right.)

UNIX Admin Faces Prison for Trying to Axe California Power Grid


Robert McMillan writes on PC World:

A California man pleaded guilty Friday to charges that he shut down the data center responsible for managing the state's electrical supply.

Lonnie Denison, 33, is now facing as much as five years in prison and a US$250,000 fine after admitting to breaking a glass cover and hitting the emergency "off" switch at the California Independent System Operator (Cal-ISO) data center in Folsom, California, on April 15. By doing so, he shut off the power in the data center. He was formerly a contract Unix system administrator at the center.

More here.

Judge: Man Can't Be Forced to Divulge PGP Passphrase

Declan McCullagh writes on the C|Net "Iconoclast" Blog:

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide "any passwords" used with the Alienware laptop. "Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him," the judge wrote in an order dated November 29 that went unnoticed until this week. "Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop."

U.S. v. Boucher promises to be a landmark case, especially if this ruling is upheld on appeal.

More here.

Note: I hate that this case involves some scumbag who may have been involved with kiddie pr0n, but if this ruling is allowed to stand, it has broad implications which could indeed be viewed as a positive for privacy rights. -ferg

Malware, Compromise Issues Get Worse With iPowerWeb

Dan Goodin writes on The Register:

A moment of narcissism by a blogger who covers kink, multiple sex partners and other topics has uncovered a sophisticated attack that secretly installed malware on end user machines by compromising thousands of websites maintained by a large webhost and ginning search results on Google.

Ipower, a US-based webhost at the center of at least one previous wide-scale breach, is once again having to explain why it was hosting a fleet of sites that redirected visitors to sites that attempt nasty drive-by installations. The company's CEO said in an email the problem has been fixed, but as of press time we were still able to identify Ipower-hosted sites that were redirecting to malicious servers.

More here.

Background here.

Cracking Open the Cybercrime Economy


Tom Espiner writes on C|Net News:

"Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don't think we are really winning this war."

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

There seems to be some serious evidence then for the idea of an evolution from hacking and virus writing for fun to creating malicious code for profit. Security experts are increasingly pointing to the existence of a "black" or "shadow" cybereconomy, where malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors.

More here.

U.S. Government Effort to 'Consolidate Internet Gateways' Draws Concern

Jason Miller writes on FCW.com:

A decision by the Office of Management and Budget to sharply reduce the number of Internet gateways government-wide has created anxiety among some federal employees worried about being able to access Web sites.

OMB officials said they are working to allay those fears.

Karen Evans, OMB’s administrator for information technology and e-government, said employees who manage Web sites or other online services would not notice a difference from having fewer gateways to the Internet “if we do this right.”

More here.

Comcast Sues The NFL For Breach Of Contract

Meg Marco writes on The Consumerist:

Comcast has sued the NFL for breach of contract alleging that the league is breaking its contract with Comcast by encouraging the cable giant's customers to switch to other providers.

This suit follows a cease and desist letter sent by Comcast warning the NFL to stop trying to coerce the company into placing the channel on a different package.

More here.

Background here. -ferg

FTC Head Won't Recuse From Google Deal

An AP newswire article by Christopher S. Rugaber, via SFGate.com, reports that:

The head of the Federal Trade Commission said Friday she won't remove herself from an antitrust review of Google Inc.'s purchase of online advertising company DoubleClick, rebuffing requests from privacy groups opposed to the transaction.

Deborah Platt Majoras, chairwoman of the FTC, said she has reviewed a petition from the groups with the agency's ethics official and other staff, and determined that "the relevant laws and rules...neither require nor support recusal."

The Electronic Privacy Information Center and the Center for Digital Democracy said in a petition Wednesday that Majoras' husband, John M. Majoras, is a partner at the Jones Day law firm. The groups alleged that DoubleClick hired Jones Day to represent the company before the FTC on its acquisition by Google, the leading Internet search company.

More here.

Death Toaster: Man Uses Toaster to Hack Computer


Tim Wilson writes on Dark Reading:

We've heard of hackers using computers to hack toasters or soda machines, but until this week, we'd never heard of a hacker using a toaster to hack a computer.
Now we've heard everything.

Any kitchen appliance can be used to attack your computer system, said Dror Shalev, a hacker and security expert who works at Check Point Software in Israel, during ClubHACK 2007, an international convention of hackers held earlier this week in India.

Shalev said he felt challenged by a recent statement by another security expert, according to a report from the event. "I read a senior scientist from Google saying there was no need to be afraid of a toaster at home," he said. "But as a hacker, I came up with a toaster that could actually hack a computer. I call it a ‘Crazy Toaster.'"

More here.

Attorney: TJX Knew Of Data Breach Much Earlier Than It Claims


Evan Schuman writes on Storefront Backtalk:

TJX learned of its massive data breach on Oct 3, 2006, more than two months earlier than TJX has told the government it first learned of the breach, according to one of the attorneys representing one of the banks suing the retail chain.

Getting to the bottom of these he said/she said exchanges—which is necessary to put these pieces of information into meaningful context—is made difficult because so much of the supporting material being referenced is still classified as confidential in the lawsuits surrounding the worst data breach in credit card history.

This allows representatives of both sides to make cryptic (and very carefully worded) comments that sometimes suggest more than the facts support.

Here's the latest parsing of words. Plaintiff attorney Joe Whatley this week told U.S. District Court Judge William Young in open court that TJX knew of the incident much earlier than it had disclosed.

More here.

Thursday, December 13, 2007

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Thursday, Dec. 13, 2007, at least 3,889 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,167 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Report: Israel Used Cyber War Techniques Against Syria

Via UPI.

The Israeli military used cyberwar techniques to help blind Syrian air defenses prior to its strike on an alleged nuclear facility at Dayr az-Zawr.

The magazine Aviation Week recently reported that the main attack by the Israeli Defense Forces was preceded by an engagement with a single Syrian radar site at Tall al-Abuad near the Turkish border.

The radar station "was assaulted with what appears to be a combination of electronic attack and precision bombs," causing the whole Syrian air defense radar system to go offline "for a period of time that included the raid," the magazine reported, citing unnamed U.S. intelligence and Israeli military sources.

The sources said the Israeli attack "involved both remote air-to-ground electronic attack and penetration through computer-to-computer links."

More here.

Rudy's Firm Got $30 Million for Pimping Data-Miner


Noah Shachtman writes on Danger Room:

It was never exactly clear how Hank Asher, the database whiz and former cocaine smuggler, managed to get some of the government's highest-ranking officials to back MATRIX, his controversial info mining project. A 2004 Vanity Fair profile said that Florida governor Jeb Bush was Asher's "introducer" at a Roosevelt Room presentation that included in the audience Vice President Dick Cheney, FBI director Robert Mueller, Department of Homeland Security chief Tom Ridge. But the story didn't say how Asher was able to get the attention, in the first place.

Now, it appears, we have an answer. Rudy Guiliani hooked Asher up.

Time magazine reports that Guiliani Partners in December 2002 agreed to represent Asher's company, Seisint, for "$2 million a year, plus a percentage of revenue from company sales to government and corporate buyers."

More here.

Image source: Prose Before Hos

Image of the Day: Blind Faith





Via Military Motivator.

Wednesday, December 12, 2007

Reality: Combating Unrestricted Warfare


My colleague, Dancho Danchev:

It's February, 1999, and two senior colonels from China's PLA, namely Qiao Liang and Wang Xiangsui depressed the world's military thinkers by coming up with a study on the future developments and potential of asymmetric warfare in a surprising move next to the overall.

The study itself entitled "Unconventional Warfare" [.pdf] is an ugly combination of Sun Tzu's 3D perspective on warfare in combination with guerrilla approaches to achieve one of Sun Tzu's most insightful quotes - "One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful."

Much more here.

Image source: The Economist

Quote of the Day: Rich Stiennon

"I wish I could learn how to harness the power of a meme for marketing purposes."

- Richard Stiennon, writing on his ZDNet "Threat Chaos" Blog, regarding some of the rhetoric espoused by the U.S. Department of Homeland Security over Cyber Threats.

DHS Planning Cyber Storm II Exercise in March 2008

Ryan Naraine writes on the ZDNet "Zero Day" Blog:

A Department of Homeland Security official said Cyber Storm II, a national cyber security exercise, is slated for March 2008.

In comments before the New York Metro Infragard Alliance Security Summit on Tuesday, Greg Garcia, assistant secretary of cybersecurity and communications at the DHS, said planning is underway for a March 2008 cyber security exercise, dubbed Cyber Storm II.

More here.

FTC Chair Asked To Recuse Herself In Google Case

An AP newswire article, via CBS5.com, reports that:

Two consumer groups on Wednesday asked the chair of the Federal Trade Commission to remove herself from the agency's antitrust review of Google Inc.'s $3.1 billion purchase of DoubleClick because her husband works at the law firm representing DoubleClick.

Deborah Platt Majoras, FTC chairwoman, is married to John M. Majoras, a partner at the Jones Day law firm and who specializes in antitrust, the groups said in a petition to the agency. Deborah Majoras was a partner at the firm before leaving to take the FTC position.

More here.

Most Disturbing Image of the Week: Simmons Holiday Duets




When you are finished shrieking, go scrub your eyeballs with ammonia. -ferg


Image source: worth1000.com, via Neatorama.

Mark of The Beast Alert: RFID Chips in Your Magazines


Thomas Wailgum writes on CIO.com:

One of the most vexing problems for magazine publishers is trying to figure out just how many people read printed copies of magazines, rather than letting them languish in stacks of unread mail. Other questions have been raging since the dawn of the printing press, such as: How long and often do readers spend reading the pages? Do readers skip around among the articles? Do they read from front to back or from back to front? And does anybody look at the advertisements?

Historically, these have been mostly unanswerable questions, left to estimates and guesswork. But a marketing research company, Mediamark Research & Intelligence (MRI), announced in early December that it is testing radio frequency identification (RFID) technology to measure magazine readership in public waiting rooms. The project is a joint effort between MRI, DJG Marketing and Waiting Room Subscription Services (WRSS) and will launch in early 2008.

More here.

Tuesday, December 11, 2007

'We Hate You': Airlines Fight Against Passenger Bill Of Rights


Click for larger image.



Via CBS5.com.

A New York Law says passengers have a right to basic needs like food, water, and sanitary bathrooms in planes when they sit on a tarmac for more than three hours.

But now, the airline industry has asked for the law to be scrapped before it takes effect January 1, 2008. The Air Transport Association says the industry can only be regulated by Federal – not state – rules.

More here.

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Tuesday, Dec. 11, 2007, at least 3,888 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,165 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Over 13,000 Santas Converge in Derry For World Record





Via Laughing Squid.

Off Topic: NFL Network Fight Goes to Texas Capitol

Reagan Hackleman writes on News 8 Austin:

The fight between the NFL and large cable companies was taken to the Texas Capitol on Monday.

NFL Commissioner Roger Goodell and Dallas Cowboys owner Jerry Jones made their pitch to the Texas House Regulated Industries Committee to get their fledgling NFL Network into more households. They want lawmakers to force the network and the nation's two largest cable companies into arbitration.

The NFL Network wants both Time Warner Cable (parent company of News 8 Austin) and Comcast to include the network on standard cable at a cost of $.70 per subscriber, per month. Both cable companies want to put the network on a sports tier. Time Warner Cable hasn't come to terms with the network.

More here.

Background here.

And yes, this issue is a sensitive one for NFL fans everywhere. -ferg

FISA Court Won't Release Eavesdropping Documents

An AP newswire article, via MSNBC, reports that:

The nation's spy court said Tuesday that it will not make public its documents regarding the Bush administration's warrantless wiretapping program.

The Foreign Intelligence Surveillance Court, in a rare public opinion, said the public has no right to view the documents because they deal with the clandestine workings of national security agencies.

The American Civil Liberties Union asked the court to release the records in August. Specifically, the organization asked for the government's legal briefs and the court's opinions on the wiretapping program.

More here.

'w00t' Crowned Word of The Year by Merriam-Webster

Jason Szep writes for Reuters:

"w00t," an expression of joy coined by online gamers, was crowned word of the year on Tuesday by the publisher of a leading U.S. dictionary.

Massachusetts-based Merriam-Webster Inc. said "w00t" -- typically spelled with two zeros -- reflects a new direction in the American language led by a generation raised on video games and cell phone text-messaging.

It's like saying "yay," the dictionary said.

"It could be after a triumph or for no reason at all," Merriam-Webster said.

More here.

EFF Obtains Government Documents on Congressional Intelligence Briefings

Via The EFF.

The Electronic Frontier Foundation (EFF) has received a second set of records from the Office of the Director of National Intelligence (ODNI) detailing behind-the-scenes briefings for lawmakers working to make substantial changes to the Foreign Intelligence Surveillance Act (FISA).

EFF requested release of the records under the Freedom of Information Act (FOIA) earlier this year, but ODNI dragged its feet in response. Last month, a federal judge ordered ODNI to release all documents by December 10. The first batch of records, made public on November 30, detailed contentious negotiations between Director of National Intelligence Mike McConnell and members of Congress that resulted in the passage of the Protect America Act -- an expansion of spying powers that undermined the Constitution and the privacy of Americans.

The second set of records contains more correspondence between McConnell and members of Congress, as well as heavily redacted versions of classified testimony delivered to the Senate Select Committee on Intelligence, and an FAQ detailing how the National Security Agency performs electronic surveillance. Withheld records include ODNI presentation slides used to brief Congress on foreign intelligence issues, and other classified documents.

More here.

Note: Declan McCullagh has additional analysis on the C|Net Iconoclast Blog here. -ferg

Ex-Student Sentenced For Hacking Into A&M

An AP newswire article, via Click2Houston.com, reports that:

A federal judge in Houston sentenced a 2006 Texas A&M computer science graduate Tuesday to five months in prison for hacking the Aggie computer system.

U.S. District Judge Kenneth Hoyt also ordered 23-year-old Luis Castillo to serve five months of house arrest, to be followed by three years of supervised release.

Castillo had admitted in September to hacking into the A&M system. He had faced up to five years in prison for recklessly accessing and causing damage to the computer system.

More here.

Quote of the Day: Eric Bangeman - UPDATE


"After several years of litigation and nearly 30,000 lawsuits, making a copy of a CD you bought for your own personal usage is still a concept that the recording industry is apparently uncomfortable with."

- Eric Bangeman, commenting in an article on ARS Technica regarding the fact that an RIAA spokesperson stated in court that "When an individual makes a copy of a song for himself, I suppose we can say he stole a song."

UPDATE: Mike Masnick has a couple clarifying comments over on techdirt.com -ferg

Report: Government Info at Your Fingertips? Not Quite

Justin Rood writes on ABC News' "The Blotter":

Looking for information on grandparents' visitation rights? Wondering how to obtain a farm loan? Want to know more about federal radiation monitoring in New York City?

The U.S. government has the answers to questions like these, and they are mostly online. But you won't find them using Google, Yahoo or other major search engines, according to an Internet-age Washington, D.C.-based watchdog group.

By accident or by design, millions of pages of potentially useful, publicly-funded information are blocked from major search engines, the Center for Democracy and Technology says in a new report.

More here.

Web 2.0 Services Can Be Abused For Botnet C&C

Via heise Security News.

A new approach to the command and control of bots has been identified by Finjan. In its 4th quarter 2007 Web Security Trends Report, the vendor describes how public Web 2.0 services can be exploited by bot operators. Instead of command and control servers communicating directly or via Fast Flux networks with individual bot computers, they can now send instructions and receive data indirectly via legitimate public blogs and RSS feed aggregators.

The attacker infects a suitable number of hosts with a trojan using well-established techniques such as Iframe injection exploits. The trojan accepts its commands over an RSS feed and posts its output, suitably formatted, to a legitimate public blog that the attacker has access to. The botnet comand and control server also signs up with a different legitimate public blog. Its commands are posted to the blog and relayed unwittingly over RSS from that blog via an RSS aggregation service subscribed to by the trojans on the bots.

More here.

U.S. Secret Service Busts $5.7M Cisco Scam on eBay

Brad Reese writes on NetworkWorld's "Cisco Subnet" Blog:

California's Orange County Register is reporting that the U.S. Secret Service has busted a $5.7 million scam on eBay selling illegally obtained Cisco replacement parts.

Placentia, California resident - Thong Quoc Tran - has been arrested by U.S. Secret Service agents for allegedly filing more than 1,000 phony warranty claims on Cisco routers.

According to an affidavit by Special Agent Steven Kulpaca, Tran would obtain the serial numbers of routers legally purchased from Cisco by companies around the country.

Tran would then buy warranties on those routers, claim they were broken, and resell the replacement parts sent by Cisco at a discount on eBay.

More here.

DNS Attack Could Signal Phishing 2.0

Robert McMillan writes on InfoWorld:

Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.

The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks.

More here.

California Appoints A New CIO

William Welsh writes on GCN.com:

California’s new chief information officer Teresa (Teri) Takai faces an uphill battle as she tries to help a state that has struggled historically to manage its vast and varied information technology resources. She replaces Clark Kelso, who served as state CIO for the past four years.

Takai served as director of Michigan’s Information Technology Department and state CIO since 2003. During her tenure, she restructured and consolidated Michigan’s resources by merging the state’s IT resources into one centralized department servicing 19 agencies with more than 1,700 employees.

She is well-known throughout the state and local technology community, having previously served as president of the Lexington, Ky.-based National Association of State Chief Information Officers. California Gov. Arnold Schwarzenegger announced Takai’s appointment Thursday.


More here.

Monday, December 10, 2007

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Monday, Dec. 10, 2007, at least 3,887 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,165 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Image of the Day: You Missed





Via Military Motivator.

Atlas 5 Rocket Launches Classified NRO Satellite From Cape

Via Spaceflight Now.

An Atlas 5 rocket roared away from Cape Canaveral's Complex 41 at 5:05 p.m. EST (2205 GMT) today.

The rocket placed a classified spacecraft into orbit for the National Reconnaissance Office.

More here.

Bradley Whitford on Telecom Immunity: Call Your Senators Now




Bradley Whitford took time out from a film shoot in Calgary to make this video on the importance of opposing retroactive immunity for telecom companies that wiretapped Americans without a warrant. He is calling on all of us to contact our Senators and ask them to support Sen. Dodd’s promised filibuster.

Telecom immunity is scheduled to be discussed this week and it is crucial that all of our Senators hear from us before they vote. We need 40 votes to sustain Sen. Dodd’s filibuster, if it comes to that.

Via Crooks and Liars.

Vivid Entertainment Sues PornoTube

Joseph Menn writes in The Los Angeles Times:

A major porn producer filed a lawsuit today against an X-rated knockoff of YouTube, accusing it of profiting from piracy by allowing its users to post videos that can include copyrighted material.

Vivid Entertainment Group filed the lawsuit in Los Angeles federal court against PornoTube and its parent, Data Conversions Inc., which does business in Charlotte, N.C. as AEBN Inc.

The suit is apparently the first of its kind in the adult film industry, which has historically done a better job than the major Hollywood studios in finding ways to profit from putting their entertainment products on the Internet.

More here.

SF Court: Patriot Act Provisions Unconstitutional

Via CBS5.com (AP).

A federal appeals court ruled Monday that some portions of the U.S. Patriot Act that govern dealings with foreign terrorist organizations are unconstitutional because the language is too vague to be understood by a person of ordinary intelligence.

The ruling released Monday by the 9th U.S. Circuit Court of Appeals in San Francisco affirms a 2005 decision by U.S. District Judge Audrey Collins.

Collins ruled on a petition seeking to clear the way for U.S. groups and individuals to assist organizations in Turkey and Sri Lanka with training on applying for disaster relief or conducting peace negotiations.

Collins said language in the Patriot Act was vague on matters involving training, expert advice or assistance, personnel and service to foreign terrorist organizations.

More here.

CIA No Role Model For CIOs

Grant Gross writes on InfoWorld:

The recent news that the U.S. Central Intelligence Agency destroyed videotapes of interrogations of two terrorist suspects may offer a timely reminder for CIOs at private companies in the United States, tasked with electronic evidence preservation rules since last December.

The e-discovery rules, amendments to U.S. courts' Federal Rules of Civil Procedure, don't apply to the CIA, but the agency's decision to destroy videotapes showing harsh interrogation techniques may show private companies how not to handle evidence, some e-discovery experts said.

The e-discovery rules require U.S. companies to keep electronic records when they're faced with a civil lawsuit or the likelihood of a lawsuit. In effect, what this means is that companies should archive e-mail and other electronic records, said Ralph Harvey, CEO of Forensic & Compliance Systems, an e-mail archiving vendor based in Dublin, Ireland. "The lesson learned is you keep everything for a finite period," he said.

More here.

CSC Contracted to Support U.S. Navy NETWARCOM

Via UPI.

The U.S. Navy announced it has contracted California-based Computer Sciences Corp. for program management and information technology services.

The U.S. Navy contracted CSC to lead a team of subcontractors for support at the Naval Network Warfare Command Cyber Asset Reduction Security and Task Force program for $66 million if all options are exercised.

Officials say the CSC team will include Georgia-based C4 Planning Solutions LLC and Smartronix Inc. based in Virginia.

More here.

Fusion Watch: DoJ Tests Suspicious-Activity Reporting System

Jason Miller writes on FCW.com:

The Justice Department is prototyping a new system to share unclassified data with state and local law enforcement officers.

Through the Law Enforcement Online (LEO) system, E-Guardian will use the National Information Exchange Model (NIEM) standard to improve suspicious-activity reporting among federal, state and local law enforcement agencies.

Richard Beauchamp, FBI’s interim information technology portfolio manager at the Chief Information Officer’s Office, said last week that Justice is prototyping the system to gauge whether it will work.

More here.

Sunday, December 09, 2007

Australia: Queensland Network Connection 'Hijacker' Apprehended

Mark Schliebs writes on Australian IT:

A man who allegedly tried to extort money by hijacking the internet connections of unsuspecting users to send threatening emails has been arrested in an undercover police sting.

For several months, the 22-year-old man allegedly accessed other Rockhampton residents’ wireless connections to send emails that could not be traced back to him, police in the northern Queensland city said.

According to police, the man allegedly used his PDA, the unsecured connections and a “masking” service that allowed him to send the alleged threats to a variety of people using a magazine editor’s email address.

Police in Queensland, New South Wales and Victoria - as well the Australian Federal Police - were involved in investigating the emails.

More here.

Theft of Personal Data More Than Triples This Year

Byron Acohido writes in USA Today:

Thieves are systematically pilfering sensitive personal data from companies, government agencies, colleges and hospitals like never before.

More than 162 million records have been reported lost or stolen in 2007, triple the 49.7 million that went missing in 2006, according to USA TODAY's analysis of data losses reported over the past two years.

This year, news stories have been written about data losses disclosed by 98 companies, 85 schools, 80 government agencies and 39 hospitals and clinics, according to a database at tech security website Attrition.org.

Arrests or prosecutions have been reported in just 19 cases.

More here.

Image of the Day: Urban Collectables



Each Urban Collectable car is completely unique and has been individually hand burnt. The range includes The Joy ridden 2-door Hatchback, The Mini Van/Insurance Scam and The Petrol Bombed Jeep.

Via Neatorama.

Quote of the Day: Bob Schieffer



"Is that our message to the world? That we are a government of laws except when it is inconvenient? If so, then what was done in the name of security has greatly harmed security. Weapons keep our enemies at bay, but our real security risks are whether the rest of the world comes to share our values, or the values of those who oppose us."

- Bob Schieffer, in commentary on today’s Face The Nation. Via Crooks & Liars.

Four Million Britons Have Fallen Victim to Identity Fraud. Are You Next?

Mark Townsend writes in The Observer Magazine.

For one so young, he seemed a peculiarly precocious convert to retail therapy. Mobile phones, iPods, swish suits and fancy holidays. You name it, he bought it. The detectives asked to investigate his strangely spendthrift ways would, though, soon find themselves facing a conundrum. Their big spender was dead. In fact, he had succumbed to a childhood brain disease when seven months old.

In total, the identities of hundreds of dead babies would be plundered by businessman Anton Gelonkin in one of the largest identity theft networks uncovered in the UK. Hiding behind the stolen identities of deceased infants, Gelonkin's gang would, in the space of a decade, amass a fortune worth millions. The ease and rapidity with which his team stole so many identities perturbed officers investigating a case which provides a rare insight into the modus operandi of those perpetrating Britain's fastest-growing crime: identity theft.

Much more here.

TSA Screener, Baggage Handlers Arrested And Charged at JAX


Jim Schoettler writes on Jacksonville.com:

Three baggage handlers and a federally employed baggage screener have been arrested and charged in a series of thefts from fliers’ luggage, the U.S. Attorney’s Office announced this afternoon [7 December 2007].

Indictments charging the men with theft were unsealed today. They are accused of stealing laptop computers, computer software and other computer-related supplies. The thefts occurred in October and November.

Charged were Craig Hannan, 34, of Kingsland, Ga., and Jacksonville residents Evedge Moore, 21, Quintin Davis, 25, and Racardi Lamar, 18. Hannan was a screener for the Transportation Security Administration, while the other men were employed by a private service that handles baggage.

The thefts were from baggage sent through Continental, Delta and United Airlines.

More here.

See also: Aero-News Network