Saturday, January 19, 2008

Can U.S. Government Use NSA Spy-Wiretaps Against Citizens in Court?


Dan Scott writes on Seattle Indy Media:

It is not surprising the Telecom Industry wants “Retroactive Immunity” from at least forty law suits after they helped government spy on Americans’ personal phone calls, faxes and emails? But Not so obvious or discussed by major media is what happens to NSA’s millions of illegally collected emails, faxes and phone call information that belong to U.S. Citizens? Will that information be deleted or copied? Or Used In Court against Americans?

Depending on the legal scheme the U.S. Government devises to let the phone companies off the hook for spying on its Citizens, could set NSA free—to share its “illegally collected wiretap information” with local, state and federal police in order to initiate almost any kind of criminal investigation.

Determining what NSA electronic surveillance can be used by police or introduced into court by the Government, may be the next battle Americans have to fight.

More here.

Friday, January 18, 2008

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Jan. 18, 2008, at least 3,927 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,194 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Jan. 18, 2008, at least 412 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EST.

Of those, the military reports 280 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

'The Doctor Will See Your Credit Now'

Bob Sullivan writes on The Red Tape Chronicles:

The folks who invented the credit score for lenders are hard at work developing a similar tool for hospitals and other health care providers.

The project, dubbed “MedFICO” in some early press reports, will aid hospitals in assessing a patient’s ability to pay their medical bills. But privacy advocates are worried that the notorious errors that have caused frequent criticism of the credit system will also cause trouble with any attempt to create a health-related risk score. They also fear that a low score might impact the quality of the health care that patients receive.

Fair Issac Corp., developer of the FICO credit score, is one of several investors in Healthcare Analytics, the Massachusetts start-up that is developing the hospital risk tool. Another investor is Tenet Healthcare Corp, one of the nation's largest hospital operators. Stephen Farber, who resigned as chief financial officer of Tenet in 2004, is the CEO of Healthcare Analytics.

More here.

Jihadi Software Promises Secure Web Contacts

Via Reuters.

An Islamist Web site often used by al Qaeda supporters carried updated encryption software on Friday which it said would help Islamic militants communicate with greater security on the Internet.

The Mujahideen Secrets 2 was promoted as "the first Islamic program for secure communications through networks with the highest technical level of encoding".

The software, available free on the password-protected Ekhlaas.org site which often carries al Qaeda messages, is a newer version of Mujahideen Secrets issued in early 2007 by the Global Islamic Media Front, an al Qaeda-linked Web-based group.

"This special edition of the software was developed and issued by ... Ekhlaas in order to support the mujahideen (holy war fighters) in general and the (al Qaeda-linked group) Islamic State in Iraq in particular," the site said.

More here.

Wanted By The FBI: Spy Busters

Roberto Santiago writes in The Miami Herald:

Twice a year, after hours in the FBI building in North Miami, a select group of South Florida citizens gets to hear unclassified details on cases like this and many others, getting a first-hand look into a secret world often only seen in the movies or in documentaries.

The FBI Citizens' Academy, a six-week-long series of three-hour seminars -- with a separate firearms training and a SWAT team demonstration session -- is for South Florida citizens who have no prior criminal convictions and can pass an FBI background check. There is no charge for the classes.

Currently, there are FBI Citizens' Academies based out of all of the FBI's 56 field offices, nationwide.

More here.

Life is Good, Except When the FTC is Investigating You

Scott Nichols writes on the Today@PC World Staff Blog:

The moral of this blog: Don't always trust sites that promise top-notch security.

Clothing retailer Life is Good, which also runs a popular Life is Good Web site, settled with the Federal Trade Commission Thursday over charges it did not properly secure shoppers' personal information. The FTC alleges the company stored credit card information indefinitely on computers, without using proper encryption software or sufficient access controls. The FTC also claimed the company violated federal law by allegedly making security claims on its Web site that were false.

More here.

SCADA Watch: CIA: Hackers to Blame for Power Outages

An AP newswire article by Ted Bridis, via SFGate.com, reports that:

Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.

All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in "several regions outside the United States."

"In at least one case, the disruption caused a power outage affecting multiple cities," Donahue said in a statement. "We do not know who executed these attacks or why, but all involved intrusions through the Internet."

A CIA spokesman Friday declined to provide additional details.

More here.

SANS Director: China Has Already Penetrated Key U.S. Databases

Jack Rogers writes on SC Magazine US:

An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks “to find the enemy within,” SANS Institute Director of Research Allan Paller told SCMagazineUS.com.

“They are already in and we have to find them,” Paller said.

Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China's People's Liberation Army.

More here.

Drawing a (Scary) Face On Malicious Software


Brian Krebs writes on Security Fix:

If the phishing scams, computer viruses and worms that land in our inboxes each day take the form of hostile-looking beasts, we might all want to avoid them like the plague. Such is the vision of Romanian artist Alex Dragulescu, whose stunning renderings of some of the more prevalent nasties out there helps put a menacing face to malware such as "Storm," and "Netsky."

Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, created his so-called "threat art" in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art.

More here.

Image source: Security Fix / Alex Dragulescu

In Passing: Bobby Fischer



Bobby Fischer
March 9, 1943 - January 17, 2008

Thursday, January 17, 2008

Corrupt U.S. Customs Agent Sentenced For Data Deals

A C|Net News article by Declan McCullagh, via ZDNet Australia, reports that:

A recent court case demonstrates, once again, the dangers of assembling massive police databases and trusting that law enforcement officers with access are paragons of virtue.

In this case, the unvirtuous Fed is named Rafael Pacheco, an agent with the US Customs Service in Florida. And the database in question is the Treasury Enforcement Communications System, or TECS, which contains more than a billion records used by Customs and other federal police.

Pacheco was, to put it bluntly, a corrupt cop. He sold access to TECS for money.

More here.

Web Security Watch: Automated SQL Injection Engine Now Freely Available

Via Darknet.org.uk.

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

More here.

Note: ...and this is very, very bad news for any publicly-accessible SQL databases, especially when it is well-known that there are somewhere in the neighborhood of ~500,000 of them.

Bad news for a lot of people.

- ferg

DHS to Replace 'Duplicative' Anti-Terrorism Data Network

So much for "Fusion".

Spencer S. Hsu and Robert O'Harrow Jr. write in The Washington Post:

The Homeland Security Department spent more than $90 million to create a network for sharing sensitive anti-terrorism information with state and local governments that it has decided to replace, according to an internal department document.

The decision was made late last year but was not announced. It was outlined in an Oct. 27 memorandum that listed the network's flaws and asserted that DHS's counterterrorism, immigration enforcement and disaster management missions were hampered by the proliferation of more than 100 Web "portals" that provide poorly coordinated information.

"Most are duplicative in capabilities" and lack innovation, noted the memo by DHS Undersecretary for Management Paul A. Schneider. He said that as a result, the department "will replace" the current system, known as the Homeland Security Information Network.

The decision underscores recurring criticism about the department's effectiveness at meeting the core need to better share information with government and private partners involved in counterterrorism efforts five years after it was formed, according to lawmakers and independent experts. The department also has repeatedly rushed crucial technology initiatives, leading to delays and millions of dollars in additional costs.

More here.

Image of the Day: The Mod Squad





Via Crooks and Liars.

U.S. Dept. of State, Homeland Security Aim to 'Better Integrate' Systems to Watch International Travel

Alice Lipowicz writes on Washington Technology:

The departments of Homeland Security and State should better integrate their information technology systems that handle international business travel to foster greater efficiency and fewer errors in processing, according to a new report [.pdf] from a DHS travel advisory panel.

The Secure Borders and Open Doors Advisory Committee issued a 51-page study urging the United States to be more welcoming to foreign travelers while also maintaining security. The group aims to reverse a downward trend in overseas travel to the United States. Such travel fell by 17 percent between 2000 and 2006.

One of the reasons for the decrease in foreign visitors was difficulty and delays in obtaining visas, the advisory group said. To improve things, one recommendation is for DHS and State to work together better and to set up an integrated electronic file and a joint program for business visa applicants.

More here.

Yahoo's CAPTCHA Security Reportedly Broken

Thomas Claburn writes on InformationWeek:

Yahoo may soon see a surge in spam coming from Yahoo Mail accounts.

"John Wane," who identifies himself as a Russian security researcher, has posted software that he claims can defeat the CAPTCHA system Yahoo uses to prevent automated registration of free Yahoo Mail accounts.

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It's a technique that presents an image depicting distorted text that people, but not machines, can identify.

Large e-mail service providers like Google, Microsoft, and Yahoo present CAPTCHA images to users signing up for new accounts to make sure that there's a real person behind the registration information. These companies do so to discourage spammers from using automated methods to register thousands of free online accounts to send spam.

More here.

'Internet forces' in China and Taiwan Step Up Cyber Attacks

Tsuyoshi Nojima writes on The Asahi Shimbun:

Cyber attacks between China and Taiwan are believed to have escalated in recent years by troops of hackers, called "Internet forces."

Their mission is apparently to steal confidential information from the computers of the governments or important officials.

Taiwan is on alert, saying that China's Internet forces are the strongest in the world. China, on the other hand, claims that it is a victim of attacks from Taiwanese hackers.

A senior official of Taiwan's National Security Council (NSC) said, "The problem is one of the most important 'hidden' issues for the security of Taiwan."

More here.

Hat-tip: FIRST.org Global Security News

Foreign Hackers Seek to Steal Americans' Health Records

Nancy Ferris writes on FCW.com:

Foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst.

Mark Walker, who works in DHS’ Critical Infrastructure Protection Division, told a workshop audience at the National Institute of Standards and Technology that the hackers’ primary motive seems to be espionage.

“They’ve been focused on the [Department of Defense] – the military – but now are spreading out into the health care private sector,” Walker said.

More here.

Many 'Hacker Safe' Web Sites Found Vulnerable

Thomas Claburn writes on InformationWeek:

More than 60 Web sites certified to be "Hacker Safe" by McAfee's ScanAlert service have been vulnerable to cross-site scripting (XSS) attacks over the past year, including the ScanAlert Web site itself. While the XSS hole in the ScanAlert site and others have been addressed, some apparently have not, leaving visitors potentially vulnerable to client-side attacks.

Kevin Fernandez and Dimitris Pagkalos, two computer scientists who maintain XSSed.com, a site that has been tracking XSS vulnerabilities since February 2007, provided InformationWeek with a list of 62 Web sites certified as "Hacker Safe" on which XSS holes have been reported. The list includes brookstone.com, cafepress.com, cduniverse.com, gnc.com, mysecurewallet.nl, petsmart.com, and sportsauthority.com, among other familiar brands.

More here.

Note: The recent compromise of geeks.com, where customer credit card numbers were illegally accessed, was another "Hacker Safe" branded website. -ferg

Geopolitical Climate Makes Going After Cyber Criminals Almost Impossible

Brian Krebs writes on Security Fix:

Dmitri Alperovitch, director of intelligence analysis and hosted security for San Jose, Calif.-based Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside.

In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation -- the
Russian Business Network.

Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang.

More here.

SCADA Watch: U.S. FERC Defines Cyber Defense Posture for Power Grid

Ellen Messmer writes on NetworkWorld:

The Washington-based Federal Energy Regulatory Commission today approved eight "critical infrastructure protection" (CIP) standards intended to protect the electric-power grid operated by the nation's utilities from coming under cyberattack because of poor access control, software vulnerabilities or other weaknesses in their data-control systems.

FERC, which has regulatory authority over U.S. electric and gas utilities, decided in a unanimous vote to require that users, owners and operators of what's called the "bulk power system" for electricity, to establish policies and plans to safeguard physical and electronic access to control systems, according to the eight CIP principles.

More here.

Arbor Networks Buys Ellacoya

Grant Gross writes on InfoWorld:

Network security vendor Arbor Networks has reached an agreement to acquire Ellacoya Networks, a provider of broadband optimization products, the companies announced Thursday.

The acquisition allows Arbor to take advantage of an increased focus on traffic and service management by broadband providers, the company said. Arbor focuses on protecting service provider networks from security threats such as denial-of-service attacks, botnets and worms, while Ellacoya focuses on deep packet inspection products and services, allowing service providers to prioritize traffic on a per-subscriber and per-application basis. Service providers also use Ellacoya products to deliver digital video and other broadband services.

The companies did not disclose the terms of the deal. The privately owned Ellacoya is based in Merrimack, N.H.

More here.

Wednesday, January 16, 2008

More Fiore Magic: Surgetopia!




Another fantastic Mark Fiore creation, via The San Fransisco Chronicle.

Enjoy!

- ferg

Shift of FBI Focus Puts Hurt on Policing of Cyber Crime

Paul Shukovsky writes in The Seattle Post-Intelligencer:

A continuing shift of FBI agents to counterterrorism units has saddled police chiefs in the Puget Sound region with new crime-fighting responsibilities they're ill-equipped to handle.

And some criminals aren't getting caught and prosecuted as a result, the chiefs told Sen. Patty Murray on Wednesday.

Hoping to counter a post- 9/11 trend, law enforcement officials called for an increase in the number of FBI agents assigned to Washington to help handle complex cases, such as fraud, identity theft, cybercrime and interstate or international crime.

More here.

Note: As someone is deeply engaged in combating Cyber Crime, I see that this has indeed become an issue for concern. We're seeing the "most major" Cyber Crime issues fall completely through the cracks, going completely ignored by law enforcement. This is -- in my opinion -- a major, major oversight. - ferg

With Trials Beginning, Yet Another Estonian Cyber Attack

Robert McMillan writes on InfoWorld:

With the trial starting for four ethnic Russians charged in connection with rioting last year, the Estonian news site Delfi.ee has weathered a two-week-long DoS attack.

The attack, which ended Tuesday, was minimally disruptive, according to Hillar Aarelaid, manager of Estonia's Computer Emergency Response Team (CERT). He described it as an "ordinary DDoS" attack in which the news agency's servers were flooded with Internet traffic, in an attempt to crash them.

More here.

North Dakota Judge Rules That DNS Zone Transfers Are Illegal

Al Iverson writes on CircleID:

Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?

No? Well, David Ritz has. And amazingly, he lost the case.

Here are just a few of the gems that the court has the audacity to call ”conclusions of law.” Read them while you go donate to David’s legal defense fund. He got screwed here, folks, and needs your help.

“Ritz’s behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law.” You might not know what a zone transfer is, but I do. It’s asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.

More here.

Study: Online Privacy Concerns Increase

An AP newswire article by Anick Jesdanun, via PhysOrg.com, reports that:

Privacy concerns stemming from online shopping rose in 2007, a new study finds, as the loss or theft of credit card information and other personal data soared to unprecedented levels.

Sixty-one percent of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47 percent in 2006. Before last year, that figure had largely been dropping since 2001.

People who do not shop online tend to be more worried, as are newer Internet users, regardless of whether they buy things on the Internet, according to the survey from the University of Southern California's Center for the Digital Future.

The study, to be released Thursday, comes as privacy and security groups report that an increasing number of personal records are being compromised because of data breaches at online retailers, banks, government agencies and corporations.

More here.

Intell Group Renamed to Reflect Mission Changes

Wilson P. Dizard III writes on GCN.com:

The trade association that represents some of the intelligence community’s most futuristic IT has adopted a new name that reflects changes in the mission of the agencies and companies that practice the tradecraft.

The Measurement and Signal Intelligence Association (Masint) recently announced that it has changed its name to the Advanced Technical Intelligence Association (ATIA).

Practitioners of high-tech spycraft share information and collectively mull the status and prospects of their discipline via the group’s monthly and annual meetings. The ATIA’s Web site names 29 corporate sponsors, all presumably active vendors in the field.

More here.

Tuesday, January 15, 2008

U.S. Seeks to Force Suspect to Reveal Password in Child Porn Case

Ellen Nakashima writes on The Washington Post:

The federal government is asking a U.S. District Court in Vermont to order a man to type a password that would unlock files on his computer, despite his claim that doing so would constitute self-incrimination.

The case, believed to be the first of its kind to reach this level, raises a uniquely digital-age question about how to balance privacy and civil liberties against the government's responsibility to protect the public.

The case, which involves suspected possession of child pornography, comes as more Americans turn to encryption to protect the privacy and security of files on their laptops and thumb drives. FBI and Justice Department officials, meanwhile, have said that encryption is allowing terrorists and criminals to communicate their plots covertly.

Criminals and terrorists are using "relatively inexpensive, off-the-shelf encryption products," said John Miller, the FBI's assistant director of public affairs. "When the intent . . . is purely to hide evidence of a crime . . . there needs to be a logical and constitutionally sound way for the courts" to allow law enforcement access to the evidence, he said.

More here.

RBN Never 'Went Away' - They Just Flew Lower Under The Radar

This is also the opinion that I have had since the withdrawal of RBN routes originated by AS40989.

Dancho Danchev:

There's indeed a connection between the RBN, Storm Worm and the The New Media malware gang. The malware gang is either a customer of the RBN, partners with the RBN sharing know-how in exchange for infrastructure on behalf of the RBN, or RBN's actual operational department.

Piece by piece and an ugly puzzle picture appears thanks to everyone monitoring the RBN that is still 100% operational.

More here.

New Zealand May Join FBI-Led Global Database to Fight Crime, Terror

Elizabeth Binning writes in The New Zealand Herald:

New Zealand is likely to join an FBI-led consortium that plans a global database of personal information to catch criminals and terrorists.

Overseas reports have listed this country as a member of the database project, known as Server in the Sky.

It would enable biometric details and measurements - such as irises, palms and fingerprints - as well as personal information of suspects to be swapped between countries.

But officials say this country is still considering joining the consortium and has no plans at this stage to join the database.

The FBI is said to be keen to urge police forces of allied countries to work together to improve international security.

More here.

$20,000 Bounty Placed on Windows Flaws, Exploits

Ryan Naraine writes on the eWeek "Security Watch" Blog:

A private company has placed a $20,000 bounty on exploitable vulnerabilities in Microsoft's Windows operating system, a move that significantly raises the value of software flaw research.

Billed as a Hacker Challenge, the $20,000 "special prize" is being offered by Digital Armaments, one of several companies that pay hackers who agree to give them exclusive rights to advance notification of unpublished vulnerabilities or exploit code.

More here.

Programming Note: Light Posting Today

I'm in meetings most of the day, so posting will be light until later this evening.

Thanks!

- ferg

Monday, January 14, 2008

FBI Wants Instant Access to British Identity Data

Owen Bowcott writes in The Guardian:

Senior British police officials are talking to the FBI about an international database to hunt for major criminals and terrorists.

The US-initiated programme, "Server in the Sky", would take cooperation between the police forces way beyond the current faxing of fingerprints across the Atlantic. Allies in the "war against terror" - the US, UK, Australia, Canada and New Zealand - have formed a working group, the International Information Consortium, to plan their strategy.

Biometric measurements, irises or palm prints as well as fingerprints, and other personal information are likely to be exchanged across the network. One section will feature the world's most wanted suspects. The database could hold details of millions of criminals and suspects.

The FBI is keen for the police forces of American allies to sign up to improve international security. The Home Office yesterday confirmed it was aware of Server in the Sky, as did the Metropolitan police.

More here.

Hat-tip: Pogo Was Right

Dancing U.S. Spychief Wants to Tap Into Cyberspace

Siobhan Gorman (NSA Beat Reporter at The Baltimore Sun) writes in The Wall Street Journal:

Spychief Mike McConnell is drafting a plan to protect America’s cyberspace that will raise privacy issues and make the current debate over surveillance law look like “a walk in the park,” McConnell tells The New Yorker in the issue set to hit newsstands Monday. “This is going to be a goat rope on the Hill. My prediction is that we’re going to screw around with this until something horrendous happens.”

At issue, McConnell acknowledges, is that in order to accomplish his plan, the government must have the ability to read all the information crossing the Internet in the United States in order to protect it from abuse. Congressional aides tell The Journal that they, too, are also anticipating a fight over civil liberties that will rival the battles over the Foreign Intelligence Surveillance Act.

Part of the lawmakers’ ire, they have said, is the paltry information the administration has provided. The cyberspace security initiative was first reported in September by The Baltimore Sun, and some congressional aides say that lawmakers have still learned more from the media than they did from the few Top Secret briefings they have received hours before the administration requested money in November to jump start the program.

More here.

New Mass Hack Strikes Sites, Confounds Researchers

Gregg Keizer writes on ComputerWorld:

A massive hack of legitimate Web sites has been spreading malware to visitors' PCs, using a new tactic that has made detection "extraordinarily difficult," security experts said today.

According to the researcher who broke the news, the hack, which involves several hundred sites, may be related to a November 2007 break-in at Fasthosts Internet Ltd., a U.K.-based hosting service that in early December acknowledged that some clients' log-in credentials had been pinched.

More here.

Convicted Hacker Charged With Extortion After Attack On Model's MySpace Account

Kevin Poulsen writes on Threat Wire:

A Southern California man convicted last year of hacking into the Lexis-Nexis owned consumer database Accurint was arrested on charges on extortion Friday after allegedly hijacking the MySpace account of an internet celebrity.

Jeffrey Robert Weinberg, 22, was arrested by LAPD detectives in Southern California early Friday morning, a department spokeswoman confirmed. While police aren't discussing the particulars, the arrest follows a detailed blog post by "Amor Hilton" an 18-year-old Los Angeles woman who says she helped detectives build a case against Weinberg after he hijacked her MySpace account and demanded nude photos and "phone sex" in exchange for its return.

More here.

Sunday, January 13, 2008

Quote of the Day: Nancy Trejos

"The rent was due soon -- this was not a good time for money to disappear."

- Nancy Trejos, writing in The Washington Post, on the thriving, and ongoing identity theft business.

U.S. Toll In Iraq


Via The Boston Globe (AP).

As of Sunday, Jan. 13, 2008, at least 3,923 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,186 died as a result of hostile action, according to the military's numbers as of Friday.

The AP count is eight higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

UK: Prisoners 'To Be Chipped Like Dogs'


Brian Brady writes in The Independent:

Ministers are planning to implant "machine-readable" microchips under the skin of thousands of offenders as part of an expansion of the electronic tagging scheme that would create more space in British jails.

Amid concerns about the security of existing tagging systems and prison overcrowding, the Ministry of Justice is investigating the use of satellite and radio-wave technology to monitor criminals.

But, instead of being contained in bracelets worn around the ankle, the tiny chips would be surgically inserted under the skin of offenders in the community, to help enforce home curfews. The radio frequency identification (RFID) tags, as long as two grains of rice, are able to carry scanable personal information about individuals, including their identities, address and offending record.

The tags, labelled "spychips" by privacy campaigners, are already used around the world to keep track of dogs, cats, cattle and airport luggage, but there is no record of the technology being used to monitor offenders in the community. The chips are also being considered as a method of helping to keep order within prisons.

More here.

Hat-tip: Chronicles of Dissent

Tackling Cyber Criminals Face-to-Face


Mark Ward writes for The BBC:

Typically those involved in net crime do one thing well. Some plunder web shop databases and steal credit card numbers. Some hack business networks so they can be used by spammers. Some are phishers who send out e-mail trying to fool people into handing over their banking details. Others have the bank accounts to help people move cash without being caught.

The hackers lack the skills to do anything with the data they steal and the old-time criminals lack the technical skills to get the data. This is where they meet.

More here.