Saturday, January 26, 2008

Bush Threatens Veto in FISA Reforms

Dan Eggen writes in The Washington Post:

The White House warned Democratic leaders yesterday that President Bush would veto a proposal to extend an expiring surveillance law by 30 days, saying that Congress should quickly approve a Senate bill favored by the Bush administration.

The move is aimed at forcing Congress to renew and expand the Protect America Act -- which is due to expire at the end of the day Thursday -- and escalates a national security showdown between Democrats and the White House just before the president's annual State of the Union address.

A senior administration official, who spoke on the condition of anonymity because of ongoing negotiations with Congress, said lawmakers "have had six months to not pass a bill -- they don't need 30 more days to not pass a bill."

The veto threat prompted a swift condemnation from Senate Majority Leader Harry M. Reid (D-Nev.), who called the warning "irresponsible" and said Bush was "posturing" just before Monday night's speech.

More here.

Compromised SAIC Computer Puts Corporate CC Data at Risk

Via Pogo Was Right.

On Jan. 18, the Science Applications International Corporation (SAIC) notified [.pdf] the New Hampshire DOJ that one of their computers was compromised by malware that went undetected until a "regularly scheduled inventory of software." The presence of malware was reportedly not detected because the malware "intercepted keystrokes" and evaded their security precautions. The infected computer was used in corporate customer transactions involving lease or purchase of equipment from the Environmental Equipment and Supply Division.

SAIC's report noted that they were searching for evidence as to what information the software may have captured and transmitted outside of the network, but information may have included credit card name, billing and shipping address, telephone and fax number, and credit card number and security code.

The notification provides an interesting glimpse into SAIC's cybersecurity, as they also note that although they have "a wide number" of IPs blocked for outbound transmissions, the malware may have been able to transmit to unblocked IPs.


U.S. Spy Satellite May Hit Earth Next Month

An AP newswire article by Eileen Sullivan, via The Minneapolis-St. Paul Star Tribune, reports that:

A large U.S. spy satellite has lost power and could hit the Earth in late February or March, government officials said Saturday.

The satellite, which no longer can be controlled, could contain hazardous materials, and it is unknown where on the planet it might come down, they said. The officials spoke on condition of anonymity because the information is classified as secret.

More here.

Skype and The Bavarian 'Trojan in the Middle'

Via WikiLeaks.

[Files] obtained by Wikileaks and also released by the political party Piraten, contains two scanned documents relating to activities of the Bavarian police, Ministry of Justice and the Prosecution office in intercepting encrypted data submitted via SSL or Skype via the internet.

The first one, presenting a communication on splitting cost between Bavarian police and the prosecutors offices, the second one presenting the related offer for the software by a German company called Digitask.

The technology, in high-level explained in the offer of Digitask, works via a local installation of a malware on the clients computer.

The offer dating September 4th 2007, replies an inquiry by Bavarian officials on the possibility of Skype interception, introduces a basic description of the cryptographic workings of Skype, and concludes that new systems are needed to spy on Skype calls.

It continues to introduce the so-called Skype Capture Unit. In a nutshell: a malware installed on purpose on a target machine, intercepting Skype Voice and Chat. Another feature introduced is a recording proxy, that is not part of the offer, yet would allow for anonymous proxying of recorded information to a target recording station. Access to the recording station is possible via a multimedia streaming client, supposedly offering real-time interception.

Another part of the offer is an interception method for SSL based communication, working on the same principle of establishing a man-in-the-middle attack on the key material on the client machine. According to the offer this method is working for Internet Explorer and Firefox web browsers. Digitask also recommends using over-seas proxy servers to cover the tracks of all activities going on.

More here.

Hat-tip: /.

Friday, January 25, 2008

Bush Order Expands Network Monitoring

Ellen Nakashima writes in The Washington Post:

President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems.

The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies -- including ones they have not previously monitored.

Until now, the government's efforts to protect itself from cyber-attacks -- which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data -- have been piecemeal.

Under the new initiative, a task force headed by the Office of the Director of National Intelligence (ODNI) will coordinate efforts to identify the source of cyber-attacks against government computer systems. As part of that effort, the Department of Homeland Security will work to protect the systems and the Pentagon will devise strategies for counterattacks against the intruders.

More here.

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Jan. 25, 2008, at least 3,932 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,200 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Jan. 25, 2008, at least 412 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EST.

Of those, the military reports 280 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Spammers Cloak Scams by Redirecting Through Google Services

Gregg Keizer writes on ComputerWorld:

Spammers are using thousands of Google accounts to camouflage their scams from antispam filters, a security researcher said today. He dubbed the practice "Spam 2.0."

Rather than inserting links to the actual pages touting their products, some junk mailers are sticking in links from domains registered with Google Page Creator -- the search engine's free Web page maker -- or accounts with Google's service, said Dan Hubbard, vice president of security research at Websense Inc.

"They'll send out a big long spam run, and include the URL they registered with Google Page or a blog service," said Hubbard. "But there's nothing on that page but a bunch of obfuscated JavaScript." The JavaScript redirects the user to the actual destination, where the spammer shills his products or services.

More here.

U.S. Attorney General Mukasey Has Orwellian Inspiration

A Reuters newswire article, via The Boston Globe, reports that:

The top law enforcement official said on Friday he keeps in his office a portrait of George Orwell, whose book "1984" envisioned a futuristic technology security state overseen by a prying "Big Brother."

But the inspiration comes from Orwell's writing style, not the dystopian world the English writer depicted, an aide said.

Attorney General Michael Mukasey, in his first extensive meeting with reporters since taking office in November, said he selected two portraits for his office, the first being Robert Jackson, a former Supreme Court Justice, U.S. attorney general and Nuremberg war crimes prosecutor.

More here.

Wow. You can't even make this stuff up... -ferg

Spamford Wallace's MySpace Riches Come Under Attack

Dan Goodin writes on The Register:

Anybody who says crime doesn't pay obviously hasn't talked to Sanford Wallace. In just six months' time, the prolific purveyor of spam and spyware engineered a scam on MySpace that netted at least $555,850, according to court documents filed this week.

The brazen scheme used a combination of malware and social engineering to push MySpace users onto porn- and gambling-related websites under Wallace's control. It began in late 2006, just months after Wallace and business associate Walter Rines settled charges related to spyware by agreeing to pay the Federal Trade Commission just $50,000 combined.

Now the FTC is trying to grow a pair. In a motion underscoring the difficulty of stopping spyware purveyors like Wallace, attorneys from the agency asked the federal judge overseeing the settlement to find the men in contempt for violating the terms of the settlement agreement. The commission seeks an order requiring the men to surrender their profits in the MySpace scheme.

More here.

Defense Tech Video Fix: Sukhoi Su-30 MKI


Via Defense Tech.

CIA Has Also Issued National Security Letters (NSLs)

Joby Warrick writes in The Washington Post:

For three years, the Bush administration has drawn fire from civil liberties groups over its use of national security letters, a kind of administrative subpoena that compels private businesses such as telecommunications companies to turn over information to the government. After the 2001 USA Patriot Act loosened the guidelines, the FBI issued tens of thousands of such requests, something critics say amounts to warrantless spying on Americans who have not been charged with crimes.

Now, newly released documents shed light on the use of the letters by the CIA. The spy agency has employed them to obtain financial information about U.S. residents and does so under extraordinary secrecy, according to the American Civil Liberties Union, which obtained copies of CIA letters under the Freedom of Information Act.

More here.

Societe General's 'Hacker' Trader Had Only Limited Computer Skills

Paul McDougall writes on InformationWeek:

The Societe General banker accused of operating a multibillion-dollar fraudulent trading scheme had only basic computing and programming skills -- a fact that deepens the mystery of how he managed to circumvent layers of highly sophisticated security software designed to prevent unauthorized activity.

On a copy of his resume that's widely circulating on the Internet, Jerome Kerviel lists Microsoft Office and Microsoft Visual Basic as his only IT-related skills. It also shows he performed some light programming work at Societe General that involved using Visual Basic to create macros for some of the French bank's trading and business applications.

While those skills might make Kerviel, a finance major, more computer-literate than many of his colleagues, they would hardly equip him for the kind of black hat hacking that would ordinarily be associated with a campaign of illicit, electronic trading that went undetected for months.

Kerviel's lack of advanced IT skills raises a pair of troubling possibilities. One is that Societe General's security systems were outdated or not properly maintained.

More here.

Quote of The Day: Helen A.S. Popkin

"AT&T’s big plan, which CEO Randall Stephenson shared this week at the World Economic Forum in Switzerland, is to monitor traffic over its online network in what he claims is an effort to stamp out theft of copyrighted material. He failed to mention that such a plan is also unethical, impractical, insane, and given the CEO’s explanation, probably more than a little dishonest."

- Helen A.S. Popkin, writing on MSNBC's "Netiquette: Internet Commentary With Attitude".

Greece Arrests Man Suspected of Major Data Hacks

A Reuters newswire article, via C|Net News, reports that:

Greek police said on Friday they have arrested a man suspected of selling corporate secrets from France's Dassault Group, including data on weapons systems.

"This 58-year-old mathematician was wanted since 2002 after Dassault contacted Greek authorities," a police official, speaking on condition of anonymity, told Reuters.

"He is responsible for causing damages in excess of $361 million to the company and he has sold this corporate data, including information on weapons systems, to about 250 buyers through the Internet," the official said.

Police suspect the man of selling the data to buyers in Germany, Italy, France, South Africa, Brazil, as well as countries in Asia and the Balkans.

More here.

'Money Mules' Help Haul Cyber Criminals' Loot

Brian Krebs writes in The Washington Post:

The e-mail offer of a work-at-home job was a godsend to Deena Monroe, a Statesville, N.C., single mom who had just been laid off from her position as a warehouse supervisor. The prospective employer said Monroe's resume had been spotted on job search site and offered her the chance to make a few hundred dollars a week completing sales for a marketing company based in Australia.

Monroe said she researched the company named in the solicitation -- Adamant Global Pty Ltd. -- and concluded it was a legitimate firm. In mid-September, she decided to take the offer. She was asked to add an e-mail address to her account at PayPal, which the Adamant rep explained that she needed to transfer money on the company's behalf.

Soon after, Monroe received a deposit of $2,601 into her PayPal account, with instructions to transfer the money to her checking account, withdraw it and wire the bulk of the amount via Western Union to two separate addresses in India. She was told to keep 10 percent as her commission.

Less than two weeks later, Monroe received a terse e-mail from an eBay user who was curious when he might receive the new computer he'd won at auction, the one for which he'd sent precisely $2,601 to her PayPal account.

More here.

Note: Accompanying Security Fix blog entry here.

Thursday, January 24, 2008

Image of The Day: Stop Spying On Our Family

Via Boing Boing.

Employee's Silent Rampage Wipes Out $2.5M Worth of Data

Dan Goodin writes on The Register:

A Florida woman who believed she was about to get fired has been accused of deleting $2.5m worth of computer files to seek revenge on her employer.

Jacksonville Sheriff's officials say Marie Lupe Cooley, 41, used her own account credentials to access the server of Steven E. Hutchins Architects and delete seven years' worth of drawings. The firm's alarm company said someone entered the premises at 11 p.m. on Sunday and was there for about four hours.

Cooley went on her silent rampage after finding a help-wanted ad placed by her boss. It described an open administrative assistant position that sounded remarkably similar to hers.

More here.

Toon of The Day: State of The Union


Siemens Prepares to Pay $2B Fine to Clear Up Slush Fund Scandal

David Gow writes on The Guardian:

Siemens, Europe's biggest technology group, is in talks with the securities and exchange commission, the US market regulator, and the department of justice on a settlement of the long-running bribery scandal that could have brought a record multibillion dollar fine.

Gerhard Cromme, Siemens chairman, told 10,000 shareholders at the annual meeting yesterday in a crammed Olympiahalle that negotiations would begin next month with the aim of reaching "a comprehensive and fair settlement". Estimates of any fine range from $2bn to $5bn.

As internal and external investigations pointed to the involvement of former senior executives in the scandal and future damages claims by Siemens, Cromme appealed for SEC leniency regarding "prosecution and punishment" given the group's cooperation during the extensive inquiries. The chairman said the discussions could last several months as his aides said both sides expected a settlement.

More here.

Google to Kill Domain Tasting?

Jay Westerdal writes on the DomainTools Blog:

A confidential informant says Google will stop monetizing all domains if they are less then five days old. This potential new policy change by Google could stop all Domain Tasting in its tracks.

The Add Grace Period (AGP) is a time period when registrars can delete a domain at no cost, but in this time frame a registrant could register millions of these temporary domains and place Google Adsense for Domains on them. The result is the ability to produce millions of temporary websites that literally generate millions of dollars in income per week for Google. It was disclosed in court that one partner that Google had was generating as much as $3 million dollars a month from the practice and that was after Google’s revenue share. and other companies have been using this practice for years and it will have a direct impact on them.

The gravy train of free money might be coming to a halt very fast. This policy change at Google should be announced to the channel partners soon and it will have a huge echoing impact on the Industry.

More here.

Oops: Charter Empties 14,000 E-Mail Accounts

An AP newswire article by Jim Salter, via, reports that:

Charter Communications officials believe a software error during routine maintenance caused the company to delete the contents of 14,000 customer e-mail accounts.

There is no way to retrieve the messages, photos and other attachments that were erased from inboxes and archive folders across the country on Monday, said Anita Lamont, a spokeswoman for the suburban St. Louis-based company.

"We really are sincerely sorry for having had this happen and do apologize to all those folks who were affected by the error," Lamont said Thursday when the company announced the gaff.

Charter, one of the nation's largest cable TV operators, also provides telephone and high-speed Internet service. It has applied a $50 credit to the bill of each customer whose account was affected by the mistake, Lamont said.

More here.

Senate Votes to Kill Anti-Immunity, More Limited Spying Bill

Ryan Singel writes on Threat Level:

The Senate rejected Thursday a proposal to expand the government's wiretapping powers without giving retroactive legal immunity to telecoms that helped the government spy on Americans without warrants, preferring instead a bill with less oversight and explicit immunity for companies like AT&T. The Republican opposition, joined by some Democrats, garnered 60 votes to the Democrats 34.

The Senate Judiciary's version of the bill was offered as an amendment to the Bush-supported Senate Intelligence Committee bill. Civil libertarians supported the Judiciary bill as the least evil of the two. However, the Intelligence version - which grants wide warrantless wiretapping power to the government -- was given the nod as the primary bill by Senate Majority leader Harry Reid (D-Nevada).

The defeat sets the stage for a promised filibuster from Christopher Dodd (D-Connecticut), who already derailed this legislative process once.

More here.

Hackers Steal OmniAmerican Bank Account Data

Barry Shlachter writes on

An international gang of cyber criminals hacked into OmniAmerican Bank's records, the bank's president disclosed Wednesday.

They stole scores of account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, including Russia and Ukraine, as well as in Britain, Canada and New York.

"It was a pretty sophisticated scheme," said Tim Carter, president of the Fort Worth-based bank.

The amount stolen is not yet known, he said, describing it only as "minimal." No depositors will lose money, he said.

More here.

Hat-tip: Pogo Was Right

Terrorism Probe Points to Reach Of Web Networks

Mary Beth Sheridan writes in The Washington Post:

In April 2005, police swarmed the U.S. Capitol to confront an erratic Australian man, carrying two suitcases, who they feared was a suicide bomber. After blowing up one of the bags, officers realized he was harmless.

The police never noticed the two nervous young men on a nearby sidewalk filming the Capitol during the standoff. But they might have been the real threat, according to newly released documents.

The men, ultraconservative Muslims from Georgia, were making surveillance videos that could help extremists plan "some kind of terrorist attack," as one man later acknowledged, according to court documents disclosed last week. One of their videos was sent to a notorious al-Qaeda publicist in London, authorities said.

New details about the videos -- featuring such sites as the World Bank headquarters, the Pentagon, fuel tanks and the George Washington Masonic Memorial in Alexandria -- emerged in pretrial hearings in Atlanta. The pair are charged with providing support to foreign terrorists and could be sentenced to 60 years in prison if convicted. They have pleaded not guilty.

More here.

SecureWorks: Mass Attack on Apache Servers Running Linux Can Be Stopped by Disabling Server's Dynamic Loading

Jim Carr writes on SC Magazine US:

Security vendor SecureWorks reported this week that the mass attack launched against Apache web servers running on the open-source Linux operating system can be thwarted by disabling dynamic loading in the Apache configuration.

The attack, originally thought to have impacted several hundred websites, actually has infected about 10,000 websites, including some in the United States but mostly in the United Kingdom and India, according to SecureWorks.

The compromised websites, mostly hobby and travel sites without security administrators to keep them updated, can infect their visitors with malicious JavaScript code that can steal a variety of personal information, including bank user names and passwords, Social Security and credit card numbers and online payment accounts, according to SecureWorks.

The malicious JavaScript takes advantage of flaws in QuickTime and a host of other applications and services, including SuperBuddy and Yahoo Messenger's GetFile, SecureWorks researchers said.

More here.

Virus Writer Arrested in Japan

Via news.

IT security and control firm Sophos is reminding businesses of the importance of defending their networks from malware attack, following the first ever arrest by Japanese authorities of a virus writer.

Police in Kyoto have arrested three men, who are said to have been involved in a plot to infect users of the P2P file-sharing network Winny with a Trojan horse that displayed images of popular anime characters while wiping MP3 and movie files. The malware, which has been dubbed Harada in media reports, is believed to be related to the Pirlames Trojan horse which Sophos reported intercepting in Japan last year.

According to Japanese media reports, the three men have admitted their involvement in the crime. One of the men is said to have written the malware, while the other two are believed to have distributed the malicious code via Winny.

More here.

Student Fined for Attack Against Estonian Web Site

Jeremy Kirk writes on CSO Online:

A 20-year-old Estonian student has been fined for participating in a cyberattack that paralyzed Estonian Web sites and soured the country’s relationship with Russia, a government official said Thursday.

Dmitri Galushkevich used his home PC to launched a denial-of-service attack that knocked down the Web site for the political party of Estonia’s prime minister for several days, said Gerrit Maesalu, spokesman for the Northeast District Prosecutor’s Office in Tallinn, Estonia’s capital. Galushkevich must pay 17,500 kroons (US$1,642).

Galushkevich is the only person who has been convicted since the cyberattack in April and May 2007 crippled the Web sites of banks, schools and government agencies.

More here.

Bake-Off: Many AV Products Can't Detect Rootkits

Kelly Jackson Higgins writes on Dark Reading:

Indie antivirus testing organization has released its quarterly comparison test of 28 antivirus products, and the results show that one thing's for sure: Few are good at sniffing out rootkits.

There were no big surprises when it came to how the products performed in standard signature detection, generating false positives, proactive detection, and their response time to malware attacks. "Products which performed well last time did perform well this time, too -- the changes are usually plus or minus three percent or so at the maximum," says Andreas Marx, CEO and managing director for the Germany-based

More here.

Florida ISP Said to Host Terrorist Software

Andy Patrizio writes on

A few days ago, Paul Henry, vice president of technology evangelism at Secure Computing began tracking a software package called Mujahideen Secrets 2, an update to an encryption tool used by al-Qaeda and other terrorist groups to communicate on the Internet.

Henry tracked it down to a password-protected Web site that belongs to an Islamic forum known as al-Ekhlaas. al-Ekhlaas's domain,, traces back to a hosting company, Noc4Hosts, which in turn is run by Hi Velocity, a hosting provider based in Tampa, Florida.

Henry, who lives in Tampa, was upset when he found out.

"I'm appalled that someone is willing to risk these types of actions just to make a few dollars," he told

More here.

Wednesday, January 23, 2008

Defense Tech: Viability of Software for Army Weapons System Questioned

Alec Klein writes in The Washington Post:

"Magic under the hood" is what Boeing engineer Paul D. Schoen, one of the project leaders, calls the software. Others in the military call it Windows on steroids. John Williams, a chisel-jawed sergeant stationed at the Boeing plant who has served in both wars with Iraq, isn't interested in what it's called. "Soldiers don't care about software," he said. What they care about is "if it's going to work."

There's some debate about that. Boeing says the project is on track, but congressional investigators have questioned whether the software will perform as intended. Military experts question the ability of the code to withstand an onslaught of attacks -- from hackers, worms and Trojan horses -- that could leave soldiers vulnerable.

More here.

FISA Revision Called 'Atrocious' Privacy Violation

Monisha Bansal writes on

With Congress working on legislation to revise the Foreign Intelligence Surveillance Act (FISA) before the sunset provision in the Protect America Act expires on Feb. 1, privacy advocates say the proposal being offered by the Senate Select Committee on Intelligence is "atrocious."

In August, Congress passed and the president signed the Protect America Act, which allows the attorney general and the director of national intelligence (DNI) to "authorize the acquisition of foreign intelligence information" without the approval of the special court established by FISA.

According to the liberal American Civil Liberties Union, Senate Majority Leader Harry Reid (D-Nev.) is likely to bring an amendment to the floor this week written by the Intelligence Committee.

"We're back pretty much where we were in August," said Caroline Fredrickson, director of the ACLU Washington Legislative Office, during a conference call with reporters.

More here.

Also: Very good summary of the issues by Ryan Singel over at Threat Level here. -ferg

EU Crime Wesite Taken Over By Bandidos

Ambrose McNevin writes on The Inquirer:

A site which took over the address of an EU-funded, anti-crime project is now pumping out malware.

At instead of getting data on how to investigate crime you get directed to an odd collection of services offering everything from hotel reservations to insurance. Attempting to move around the site throws up virus and Trojan warnings. (Cyber Tools On-line Search for Evidence), originally part of an attempt to establish an international framework for computer investigations, was set up by the EU in 2003.

The web site now claims it is still offering information on the CTOSE project but instead carries sponsored links, along with lots of stuff in Spanish including a link to When asked to examine it, Sophos said the site looked “spammy” and that there was some dodgy looking java script on it.

More here.

Hacked Embassy Websites Found Pushing Malware

Dan Goodin writes on The Register:

Add embassy websites to the growing list of hacked internet destinations trying to infect visitor PCs with malware.

Earlier this week, the site for the Netherlands Embassy in Russia was caught serving a script that tried to dupe people into installing software that made their machines part of a botnet, according to Ofer Elzam, director of product management for eSafe, a business unit of Aladdin that blocks malicious web content from its customers' networks. In November the Ministry of Foreign Affairs of Georgia and Ukraine Embassy Web site in Lithuania were found to be launching similar attacks, he says.

More here.

AT&T May Begin Monitoring Online Traffic

An AP newswire article, via MSNBC, reports that:

AT&T Inc. may begin monitoring traffic over its online network in an effort to stamp out theft of copyrighted material, its chief executive said Wednesday.

CEO Randall Stephenson told a conference at the World Economic Forum that the company was still evaluating what it would do about peer-to-peer networks, one of the largest drivers of online traffic but also a common way to illegally exchange copyright files.

More here.

Tuesday, January 22, 2008

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Jan. 22, 2008, at least 3,931 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,197 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

In Passing: Heath Ledger

Heath Ledger
April 4, 1979 – January 22, 2008

DOE Under Cyber Siege

Susan M. Menke writes on

Inspector General Gregory Friedman hopes to lock down security on the Energy Department's interconnected computer networks, after auditors called 132 security breaches serious enough to report to law enforcement in fiscal 2006 — 22 percent more than in the prior year.

The department's 69 organizations support as many as eight separate intrusion and analysis groups, which do not use a common incident-reporting format and do not always retain crucial information about cyberattacks, the IG said in a report released today. Some sites opt out of monitoring their networks or even disable the sensor equipment.

Energy has found such cyber weaknesses before but "does not specifically require that incidents be reported to law enforcement or counterintelligence officials" [...]

More here.'s Privacy Tool Tracks Users, Groups Tell Feds

Ryan Singel writes on Threat Level:

A coalition of privacy groups filed a federal complaint Saturday against, alleging that AskEraser - the company's recently unveiled search engine history anonymization tool - doesn't actually protect users' privacy and could be used to track people when they thought they were anonymous.

The groups, which include the Electronic Privacy Information Center, are asking the Federal Trade Commission to find that is engaged in unfair trade practices by making false promises to users. The groups want the FTC to force the company to modify the program.

Specifically, the groups charge that even when the search anonymization tool is turned on,'s advertising partners -- which include Google -- are able to see and store search terms and identifiers that tie a search to an individual.

More here.

Mr-Brain: Stealing Phish from Fraudsters

Paul Mutton writes on Netcraft:

A recurrent group of Moroccan fraudsters calling themselves Mr-Brain has launched a website dedicated to offering easy-to-use phishing site code, email templates and other hacking tools. The website offers phishing kits for many of the most common targets, such as Bank of America, eBay, PayPal and HSBC.

The tools and code provided by Mr-Brain are designed to make it extremely easy for other fraudsters to deploy realistic phishing sites. Only a very basic knowledge of programming is required to configure the PHP scripts to send victims' details to the fraudsters' chosen electronic mail address. Deploying one of these fully working kits can be done in as little as one minute – another factor that adds to their appeal.

More here.

Websense: 51 Percent Of Malicious Web Sites Are Hacked

Brian Krebs writes on Security Fix:

The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals, according to a report [.pdf] released today.

San Diego based security firm Websense says that roughly 51 percent of all the malicious sites it found in the second half of 2007 were legitimate sites that were compromised by attackers. Malicious, compromised Web sites are especially dangerous because they usually already have a steady stream of trusting visitors. Many of these visitors may not have the latest patches for their Web browser of choice.

More here.

Monday, January 21, 2008

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Jan. 21, 2008, at least 3,929 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,194 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Is My Bank The Biggest Scammer Out There?

Liam Tung writes on the ZDNet Australia "Securify This!" Blog:

Under the British Bankers' Association code -- a voluntary code of practice similar to Australia and New Zealand's banking association structure -- the onus is on the bank to prove users have acted fraudulently or without reasonable care before they become liable for the misuse of the card. If it can't, the user isn't liable.

But since the introduction of chip and PIN cards, consumers are increasingly being turned away by banks when making a compensation claim.

That's because chip and PIN technology prevents cards from being cloned through card skimming scams. But so sure are the banks of this bulletproof technology that some are assuming that if a fraudulent transaction occurs where a PIN has been used, it must have been the cardholder's fault.

Bulletproof it's not though. Researchers at Cambridge University recently showed that you don't need to clone a card to compromise it.

More here.

Hackers Bring Down Panama Assembly's Web Site

Via Reuters.

Internet hackers crashed the Web site of Panama's National Assembly and briefly posted an American flag there, four months after the legislature elected as its leader a man accused of murdering a U.S. soldier.

Officials at the assembly, declining to be quoted by name, said the site,, has been down since January 9, when a U.S. flag briefly appeared there. One said the cyber attack almost certainly came from the United States.

Pedro Miguel Gonzalez was elected president of Panama's legislature in September, despite being wanted in the United States for the 1992 murder of U.S. Army Sgt. Zac Hernandez.

His candidature was strongly opposed by Washington, which warned the move would hurt relations between the two countries.

More here.

Sunday, January 20, 2008

Military Hackers Turn To Commercial Electronic Attack Tools

David A. Fulghum and Robert Wall write on Aviation Week:

China’s integrated air defenses—based on cheap, sometimes stolen digital technology—are now considered potentially more threatening to the U.S. than Russia’s. The wholesale use of commercial products has made Chinese networks flexible, easy to upgrade and tough to exploit.

That opinion, rapidly taking hold in the U.S. electronic warfare community, is part of the tsunami of air defense ana­lysis following Israel’s demonstration of its ability to shut down Syria’s Russian-built air defenses long enough to conduct a bombing raid—and then allowed the radars to come back on in time to see the Israeli aircraft disappearing over the border.

China’s air defense expenditures are calculated by aerospace officials as only one-tenth of what’s invested by the U.S. The Chinese systems are affordable, in part, because of the regular use of stolen U.S. technology—described as “Cisco in Chinese,” by one specialist. The telecom companies that conduct and exploit the thefts are run by former People’s Liberation Army generals. The low cost allows rapid updating and proliferation of these defenses, which is one of the best ways to confound attack planners.

More here.

RIAA Website Wiped Clean by 'Hackers'

Via TorrentFreak.

Apparently the RIAA is so busy suing consumers that they forgot to hire a decent programmer. With a simple SQL injection, all their propaganda has been successfully wiped from the site.

It started out on the social news website Reddit, where a link to a really slow SQL query was posted. While the Reddit users were trying to kill the RIAA server, someone allegedly decided to up the ante and wipe the site’s entire database.

More here.

Scientology vs. The Internet, Part XVII - UPDATE

Matthew Ingram writes on The Globe and Mail's "Ingram 2.0" Blog:

By now, anyone who is even remotely interested in Tom Cruise (arguably a fairly large group) and specifically his interest in Scientology has probably seen the video clip of the popular Hollywood actor talking about his beliefs -- how the religion developed by failed science-fiction author L. Ron Hubbard is the answer to most (if not all) of the world's problems, how Scientologists are "experts on the human mind" and so on. If you haven't seen the video yet, you can watch a version of it here -- at least until the church has it removed (as they have most of the YouTube versions).

When it comes to the Cruise video, it's easy enough to get YouTube to take the clip down, because the company is already extra-sensitive to claims of copyright infringement (Scientology says the video is copyrighted content meant for internal church use) as a result of being sued for $1-billion by Viacom, and so it essentially pulls videos down as soon as it gets a letter from someone who looks like a lawyer. Other websites aren't so easily cowed, however.

More here.

Update: 16:00 PST: Actually, the series of events in the story above has apparent led to an online attack against the Church of Scientology website, as reported on here.

FBI Invites Australia to Join Big Brother Crime Database

Mark Russell writes on The Age:

The FBI wants Australia to take part in an international database to be used to hunt down major criminals and terrorists.

A working group called the International Information Consortium has been formed by allies in the war against terror — the US, Australia, UK, Canada and New Zealand — to look into setting up the database.

The program, known as Server in the Sky, would involve the exchange of information about wanted criminals, including their biometric measurements (irises or palm prints) and fingerprints.

More here.

In Passing: Suzanne Pleshette

Suzanne Pleshette
January 31, 1937 - January 19, 2008