Saturday, March 15, 2008

Late Night Flashback: Blue Oyster Cult - Godzilla


- ferg

'Beware The Ides of March...'

Vincenzo Camuccini (d. 1844), Mort de César, 1798.

Via Wikipedia.

In the Roman calendar, the term ides was used for the 15th day of the months of March, May, July, and October, and the 13th day of the other 8 months.

In modern times, the term Ides of March (Latin Idus Martiae) is best known as the date that Julius Caesar was assassinated, in 44 BC, the story of which was famously retold in William Shakespeare's play Julius Caesar. The term has come to be used as a metaphor for impending doom.

More here.

Image source: Wikimedia

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, March 15, 2008, at least 3,988 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,241 died as a result of hostile action, according to the military's numbers.

The AP count is 10 more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

State Officials Keep e-Mail Hidden From View

An AP newswire article by Tom Hester Jr., via USA Today, reports that:

In New Jersey, the governor's e-mails might shed light on whether he inappropriately conferred with a labor leader he once dated. In Detroit, the mayor's text messages revealed a sexually charged scandal. In California, a fight rages for access to e-mails sent by a city councilwoman about a controversial biological laboratory.

Even the White House has been under pressure from Democrats in Congress over its problem-plagued e-mail system.

While e-mail and text messaging has become a hugely popular way to communicate throughout society, governments at all levels are often unwilling to let the public see the e-mails of their elected officials.

Officially, e-mails in all but a handful of states are treated like paper documents and subject to Freedom of Information requests. But most of these states have rules allowing them to choose which e-mails to turn over, and most decide on their own when e-mail records are deleted.

More here.

Russian Rocket Fails to Deliver U.S. Satellite to Proper Orbit

An AP newswire article, via USA Today, reports that:

An unmanned Russian rocket failed to put a U.S. telecommunication satellite into its target orbit because it developed a booster rocket malfunction after lifting off Saturday from the Baikonur space facility in Kazakhstan.

"The second booster module switched off earlier than expected, which resulted in the craft failing to reach its designated target orbit," said the state-controlled Khrunichev State Research and Production Center, which made the Proton-M rocket carrying the satellite.

A state commission will review the incident, but it may take up to a month to provide a full account of what happened, said Vyacheslav Davidenko, a deputy spokesman for the center.

The Russian federal space agency said that the satellite could still be steered, but that it is 5,000 miles short of its planned altitude of 22,400 miles.

More here.

Friday, March 14, 2008

Late Night Flashback: The Rolling Stones - You Can't Always Get What You Want

Just seemed appropriate tonight for some odd reason.


- ferg

Crimes by Homeland Security Agents Cause For Alert

Jay Weaver and Alfonso Chardy write in The Miami Herald:

Bribery. Drug trafficking. Migrant smuggling.

U.S. Customs and Border Protection is supposed to stop these types of crimes. Instead, so many of its officers have been charged with committing those crimes themselves that their boss in Washington recently issued an alert about the ''disturbing events'' and the ``increase in the number of employee arrests.''

Thomas S. Winkowski, assistant commissioner of field operations, wrote a memo to more than 20,000 officers nationwide noting that employees must behave professionally at all times -- even when not on the job.

''It is our responsibility to uphold the laws, not break the law,'' Winkowski wrote in the Nov. 16 memo obtained by The Miami Herald.

More here.

Hat-tip: Jim Lippard

UCLA Workers Snooped In Britney Spears' Medical Records

Charles Ornstein writes in The Los Angeles Times:

UCLA Medical Center is taking steps to fire at least 13 employees and has suspended at least six others for snooping in the confidential medical records of pop star Britney Spears, who was recently hospitalized in its psychiatric ward, a person familiar with the matter said today.

An additional six physicians also face discipline for peeking at her computerized records, the person said.

Questioned about the breaches, officials acknowledged that it was not the first time UCLA had disciplined workers for looking at Spears' records. Several workers were caught snooping after Spears gave birth to her first son, Sean Preston, in September 2005 at Santa Monica-UCLA Medical Center and Orthopaedic Hospital, officials said. Some were fired.

More here.

Hat-tip: Chronicles of Dissent

'Spam King' Soloway Pleads Guilty to Three Charges Today

Mike Carter writes in The Seattle Times:

Robert Soloway, dubbed the "spam king" for having sent millions of unwanted e-mails around the globe, pleaded guilty today to mail fraud, fraud in connection with electronic mail and failing to file a tax return.

Soloway, 28, was arrested in May. Soloway faces 26 years in prison on all three counts, Sentencing is scheduled for June 20 in U.S. District Court in Seattle.

Soloway has been out of jail since September because of a medical condition, but is barred from accessing the Internet without court approval.

Soloway was indicted last year on 35 counts of mail and wire fraud in connection with junk e-mail, aggravated identity theft and money laundering. In January, prosecutors filed additional counts of wire fraud and aggravated identity theft, as well as two misdemeanor charges stemming from his failure to file income-tax returns.

More here.

Hat-tip: Pogo Was Right

Florida Man Pleads Guilty to Botnet Charges

Dan Goodin writes on The Register:

A US-based hacker has admitted he reaped thousands of dollars by breaking into corporate computers in Europe and making them part of a botnet that automatically installed adware.

Robert Matthew Bentley, 21, of Panama City, Florida, pleaded guilty to two felony charges related to his botnet activities, which took place over a 13-month period starting in October, 2005, according to documents filed in a federal court in Florida. He faces a maximum of 20 years in prison and a fine of $500,000. His sentence hearing is scheduled for May 28.

He sometimes went by the online moniker LSDigital.

The prosecution was part of Operation Bot Roast, an FBI initiative designed to crack down on botnets. It was the result of a multi-year investigation that also involved authorities in Finland and Paris and assistance from the CERT Coordination Center at Carnegie Mellon.

More here.

Kommersant Targeted by Smear Campaign and Hacker Attacks

Via Reporters Sans Frontières.

Reporters Without Borders today voiced its support for the Moscow-based daily Kommersant, which has been the target of a smear campaign and hacker attacks on its website for the past two weeks. The newspapers has filed a complaint with the Moscow prosecutor’s office.

“We urge the authorities to carry out a swift and thorough investigation to identify those responsible this smear campaign,” the press freedom organisation said. “It is an insult to the work of this newspaper’s journalists, whom we fully support in this case. The accusations make it even harder for them to do their job. The public must be able to have access to the reports in Kommersant, which is one of the country’s few remaining independent news media.”

Kommersant has demonstrated a degree of independence despite being owned by the gas giant Gazprom, in which the Kremlin is the leading shareholder. It is often criticised by the government and its journalists are regularly threatened.

More here.

Canada: Insurers Look to Cover Hacking Damage

Janet McFarland writes on The Globe and Mail:

Insurers are betting that an explosion of sophisticated computer hacking will create a new market in Canada for insurance to cover the growing costs of recovering from privacy breaches.

Toronto-based Executive Risk Insurance Services says it is launching a new category of insurance for corporate clients, similar to products offered by U.S. giants like American International Group Inc. and Chubb Corp., to manage the fallout when sensitive data is lost or stolen.

The policies pledge to cover not only the straightforward costs of repairing computer damage, but also the far greater costs of notifying and reimbursing customers or compensating credit card companies for losses that occur from the fraudulent use of data.

More here.

U.S. House Passes Democrat-Backed Surveillance Bill - UPDATE

An AP newswire article, via MSNBC, reports that:

The House on Friday narrowly approved a Democratic bill that would set rules for the government's eavesdropping on phone calls and e-mails inside the United States.

The bill, approved as lawmakers departed for a two-week break, faces a veto threat from President Bush. The margin of House approval was 213 to 197, largely along party lines.

Because of the promised veto, "this vote has no impact at all," said Republican Whip Rep. Roy Blunt of Missouri.

The president's main objection is that the bill does not protect from lawsuits the telecommunications companies that allowed the government to eavesdrop on their customers without a court's permission after the Sept. 11, 2001, terrorist attacks.

More here.

UPDATE: 14:58 PDT: See how your representatives voted here. -ferg

The Threat of the Ajax Super-Worm

Pete Simpson writes on

The rapid evolution of “Web 2.0” has sparked the convergence of social networking on a massive scale and the adoption of new combinations of technologies that significantly increase the so-called ‘attack-surface’. This combination offers irresistible opportunities to organised crime.

In recent years, malware attacks have been targeted and mass worms have been quiet. The days of blockbuster headlines about mass infections such as Slammer are long gone. Or are they? Are we about to face the next Super Worm?

About two years ago, organised criminals discovered around 70% of web applications harboured security flaws and began to switch from targeting OS weaknesses to those in the applications. The web is now the preferred vector for malware. At the same time, the nature of the web has been transformed, through the phenomenon of social networking, and in a sense we have become the ‘we’ in ‘web’.

More here.

Estonia Calls For EU Law to Combat Cyber Attacks

A Reuters newswire article, via, reports that:

Estonia called on the European Union on Wednesday to make cyber attacks a criminal offense to stop Internet users from freezing public and private Web sites for political revenge.

Estonian President Toomas Hendrik Ilves said he believed the Russian government was behind an online attack on Estonia over its decision to move a Red Army monument from a square in the capital Tallin. Russia has denied any involvement.

The decision triggered two nights of rioting by mainly Russian-speaking protesters, who argued that the Soviet-era memorial was a symbol of sacrifices made during World War Two.

The rioting coincided with repeated requests to Web sites, forcing them to crash or freeze. Network specialists said at the time at least some of the computers used could be traced to the Russian government or government agencies.

More here.

Bush Weakens Espionage Oversight

Charlie Savage writes in The Boston Globe:

Almost 32 years to the day after President Ford created an independent Intelligence Oversight Board made up of private citizens with top-level clearances to ferret out illegal spying activities, President Bush issued an executive order that stripped the board of much of its authority.
more stories like this

The White House did not say why it was necessary to change the rules governing the board when it issued Bush's order late last month. But critics say Bush's order is consistent with a pattern of steps by the administration that have systematically scaled back Watergate-era intelligence reforms.

"It's quite clear that the Bush administration officials who were around in the 1970s are settling old scores now," said Tim Sparapani, senior legislative counsel to the American Civil Liberties Union. "Here they are even preventing oversight within the executive branch. They have closed the books on the post-Watergate era."

More here.

Bush Intervenes to Weaken EPA Smog Requirements

An AP newswire article, via MSNBC, reports that:

The U.S. Environmental Protection Agency agreed to weaken an important part of its new smog requirements after being told at the last minute that President Bush preferred a less stringent approach, according to government documents.

They show tense exchanges between the EPA and the White House Office of Management and Budget in the days before the smog air quality standard was announced Wednesday.

Changes directed by the White House were made only hours before the agency issued the regulation. The late activity forced the EPA to delay the announcement for five hours.

More here.

Thursday, March 13, 2008

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, March 13, 2008, at least 3,987 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,238 died as a result of hostile action, according to the military's numbers.

The AP count is 12 more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Certegy Victims Offered Less Than a Buck

Tim Wilson writes on Dark Reading:

Certegy Check Services is proposing to settle a class action lawsuit of last year's security breach on behalf of 8.4 million victims for about $4 million.

According to a report in the St. Petersburg (Fla.) Times, Certegy will also offer free credit monitoring services to some victims and reimbursement of credit monitoring expenses totaling $1 million on a first-come-first-served basis.

The breach was first revealed last fall, when Certegy disclosed that an employee had been caught stealing and selling customer information. Upon investigation, the company found that the theft had been occurring methodically over a five-year period.

More here.

Ukrainian CyberCrime Boss Leads Political Party

Brian Krebs writes on Security Fix:

A Ukrainian man once known as one of the top ringleaders in Eastern Europe-based organized cyber crime is now heading up a new political party there.

Dmitri Ivanovich Golubov, a 24-year-old from Odessa, is leading the upstart "Internet Party of Ukraine," a party he helped create shortly after parliamentary elections in the country last fall. In 2005, Golubov -- a.k.a. "script" -- was arrested and jailed on charges of trading in credit and debit card credentials stolen via computer viruses and password-snatching Trojan horse programs, thefts that caused millions of dollars in losses to banks over several years.

More here.

The Secret China-U.S. Hacking War

Larry Seltzer writes on eWeek:

Recent reports have the U.S. military not quite blaming the Chinese military for a long string of cyber-attacks against U.S. military computers. It sure sounds like they believe it, but they're not quite saying it. Also left unsaid is how much actual damage and compromise has happened already.

A Wall Street Journal article March 12 described how military networks are increasingly the targets of hackers. The targets are not limited to actual Department of Defense networks, but can also include defense industries and think tanks. The full article is available only to subscribers. Another detailed article on the same material is available on DailyTech.

The Journal article quotes Gen. Kevin Chilton, "[t]he top U.S. commander in charge of cyberspace," as saying that the networks are under attack, and that there is significant evidence implicating the Chinese but not outright accusing them. "The thing about China that gives you pause is that they've written openly about their emphasis in particular areas--space and cyberspace," he said.

More here.

Wednesday, March 12, 2008

Atlas 5 Rocket to Loft New U.S. Spy Satellite


The inaugural launch of an Atlas 5 rocket from California's Vandenberg Air Force Base is scheduled for liftoff at 3:02 a.m. local time (6:02 a.m. EDT) on Thursday.

Few details are available about the classified launch, which will place a spy satellite into orbit for the National Reconnaissance Office. In fact, the rocket's ascent is expected to enter a news blackout once the vehicle's protective nose cone is jettisoned about five minutes into flight. Confirmation of the launch's outcome could be announced sometime later in the morning.

This will be the first launch from a rebuilt site on the West Coast following Atlas 5's previous dozen flights from Florida.

More here.

Quote of The Day: Cynthia Brumfield

"One Cisco exec (Cisco was once a key member of a lobbying group that advocated making 100 Mbps connections a national policy goal) is quoted in the article that it's kind of embarassing to explain in Taiwan why his 'premium' Internet connection is half as fast and costs more than the high-speed service in that country. With the amount of Internet video escalating on a daily basis, it's going to become increasingly embarassing to explain that typical U.S. broadband speeds hover around 3 Mbps, with a good chunk of the user base making do on far less than that."

- Cynthia Brumfield, writing on IP & Democracy.

Mark Fiore: It's 3 A.M...

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Hepting vs. AT&T: The Back Story

Ryan Singel writes on Threat Level:

The suit has defied court watchers' expectations by surviving multiple court rounds in front of a judge appointed by former President George H.W. Bush.

It's fate now currently lies in the hands of both Congress and the U.S. Ninth Circuit Appeals Court.

Hepting has mostly been just the name on a docket sheet for the past two years.

But Tash [Hepting] decided to step forward in the last few weeks as he watched Congress taking steps to provide retroactive amnesty to AT&T and heard the President repeatedly deride the lawsuit with his name on it as a money-grab by sleazy plaintiff attorneys.

More here.

FBI Made 'Blanket' Demands for Phone Records

Eric Lichtblau writes in The New York Times:

Senior officials of the Federal Bureau of Investigation repeatedly approved the use of “blanket” records demands to justify the improper collection of thousands of phone records, according to officials briefed on the practice.

The bureau appears to have used the blanket records demands at least 11 times in 2006 alone as a quick way to clean up mistakes made over several years after the Sept. 11, 2001, attacks, according to a letter provided to Congress by a lawyer for an F.B.I. agent who witnessed the missteps.

The F.B.I. has come under fire for its use of so-called national security letters to inappropriately gather records on Americans in terrorism investigations, but details have not previously been disclosed about its use of “blanket” warrants, a one-step operation used to justify the collection of hundreds of phone and e-mail records at a time.

More here.

Former U.S. Cyber Security Czar Sharply Criticizes Bush Cyber Security Plans

Matt Hines writes on the eWeek "Security Watch" Blog:

Former White House cyber-security and anti-terrorism advisor Richard Clarke isn't known as a fan of the current administration, but political loyalties aside, the expert claims that the president's new initiative aimed at bolstering the nation's electronic infrastructure is fundamentally flawed.

As Clarke sees it, the biggest flaw in the portion of the measure devoted to protecting government computing operations is a lack of recognition that most of those systems run on the same infrastructure, and through the same carriers, as the rest of the nation's Internet traffic.

More here.

Pentagon Report on Saddam's Iraq Censored?

Via ABC News' "Rapid Report" Blog.

The Bush Administration apparently does not want a U.S. military study that found no direct connection between Saddam Hussein and al Qaeda to get any attention. This morning, the Pentagon cancelled plans to send out a press release announcing the report's release and will no longer make the report available online.

The report was to be posted on the Joint Forces Command website this afternoon, followed by a background briefing with the authors. No more. The report will be made available only to those who ask for it, and it will be sent via U.S. mail from Joint Forces Command in Norfolk, Virginia.

It won't be emailed to reporters and it won't be posted online.

Asked why the report would not be posted online and could not be emailed, the spokesman for Joint Forces Command said: "We're making the report available to anyone who wishes to have it, and we'll send it out via CD in the mail."

Another Pentagon official said initial press reports on the study made it "too politically sensitive."

More here.

Programming Note: Light Blogging for a Couple of Days

As you can see from the lack of posts today, I've been extraordinarily busy on some other issues today. Tomorrow is likely to be light, too, so please bear with me while I attend to other more pressing issues.

Blogging should be back to full-throttle by Friday.


- ferg

p.s. In the meantime, keep a watchful eye out for malicious social-engineering bait using either Eliot Spitzer or Ashley Alexandra Dupré as a lure.

Tuesday, March 11, 2008

Late Night Flashback: Journey - Don't Stop Believin'


- ferg

xkcd: Dead Pixels in The Sky

Click for larger image.

Yes, we love xkcd!

- ferg

Danchev: More Russian Criminal Activity in The Usual Places

Dancho Danchev:

Apparently, a little more in-depth research acts as public pressure, especially when they're lazy enough to have a great deal of malware variants "phone back home" to their promotional domain.

However, the current one responding to is hosted by SoftLayer, and is using as DNS server provided by Layered Technologies again confirming the Russian Business Network connection since, both, Layered Technologies and SoftLayer are known to have been and continue providing services to the RBN, knowingly or unknowingly. Moreover, the malware infected counter at the stats section continues reporting new additions.

More here.

Note: I have repeatedly notified both Layered Technologies and SoftLayer on malicious (and criminal) activities occurring in their IP address space (their hosting facilities), but it continues to happen on a regular basis (for over a year). Apparently, they don't seem to police their own backyards, so it might be worthwhile to consider blocking these IP blocks until they clean up their act.

See also here.

- ferg

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, March 11, 2008, at least 3,983 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,238 died as a result of hostile action, according to the military's numbers.

The AP count is eight more than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Server in The Sky: U.S., Germany to Share Fingerprint & DNA Data

Via UPI.

The United States and Germany Tuesday agreed to increase cooperation by signing a deal to share access to biometric data from terrorism suspects.

The bilateral agreement was announced at a ceremony in Berlin by top German and U.S. officials including U.S. Attorney General Michael Mukasey, Secretary of Homeland Security Michael Chertoff, U.S. German Interior Minister Wolfgang Schaeuble and Justice Minister Brigitte Zypries. Under the agreement, the two countries will provide mutual access to fingerprint databases for evidence in criminal investigations and share biometric and biographic intelligence on suspected terrorist suspects, the U.S. Justice Department reported.

More here.

Note: For "Server in The Sky" background, check here. -ferg

Client 9 Domains Snatched Minutes After Spitzer Scandal Breaks

Betsy Schiffman writes on

Just minutes after the New York Times published a story online yesterday about a high-class prostitution ring and the involvement of so-called "Client 9," Nick Galbreath, a 37 year-old software engineer in Manhattan, registered the domain for $10.13.

"The original story didn't name [Governor Eliot] Spitzer directly, but I thought [] sounded catchy, so I bought it."

He wasn't alone. Speculators bought up all client 9-related domain inventory yesterday, including,, and

And while (the room where Spitzer reportedly met a prostitute) is taken,, which was registered in October 2007, is for sale for $750. Although there's no shortage of interest in the domains, the profits may not be there yet.

More here.

Off Topic: How They Voted: Torture Bill

An AP newswire article, via, reports that:

The 225-188 roll call Tuesday by which the House failed to override President Bush's veto of a bill that would have prohibited the CIA from using waterboarding and other harsh interrogation techniques on terrorist suspects.

The roll call was 51 votes short of the two-thirds majority required to overturn a veto.

A "yes" vote is a vote to override the veto.

Voting yes were 220 Democrats and 5 Republicans.

Voting no were 3 Democrats and 185 Republicans.

X denotes those not voting.

There are 5 vacancies in the 435-member House.

More here.

Cyber Crime is Big Business


With £361bn of our hard-earned cash up for grabs, it's no wonder that we're worried about online security...

According to a survey by software group VeriSign, 57% of us think that businesses are not doing enough to protect our personal information online. And the stakes are high: now we’re conducting so much of our business over the internet, the research found that the average UK punter has more than £10,000 stashed away in banking, gaming and shopping accounts that could be a target for cyber criminals.

In some ways we’ve only got ourselves to blame. These days we think nothing of handing over a wealth of personal information to banking, social networking and retail sites. We’ve all heard of phishing, email scams that use fake emails to obtain confidential information fraudently. But VeriSign has also identified a new danger that it’s dubbed ‘phoraging’, where the scammers use information that we’ve published online to guess passwords and trick their way into our accounts.

More here.

Hat-tip: Global Security News

Quote of The Day: David Kravets

"With New York Gov. Elliot Spitzer allegedly caught nibbling the fruits of a high-class, tech-savvy prostitution ring, it's clearer than ever the world's oldest profession is doing a fine job of harnessing the latest technology."

- David Kravets, writing on Threat Level.

Third-Party Gmail Application Highlights Google Security Worries

Thomas Claburn writes on InformationWeek:

On Friday, Coding Horror, a popular blog run by programmer Jeff Atwood, published allegations that a Windows shareware application for archiving Gmail messages called G-Archiver steals users' Gmail login details.

The allegations were made by Dustin Brooks, a .Net programmer with a database management company based in the Midwest.

In a phone interview, Brooks confirmed that he had used a programming analysis tool called Reflector to review the application's source code and found that the program's author had hard-coded the e-mail address into the code, along with the password to the account.

As Brooks explained in an e-mail to Atwood, "Having just entered my own information I became concerned. I opened up a browser and logged in to Gmail using his account information. It still worked. Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine."

More here.

Google Closes DoubleClick Deal

An AP newswire article, via, reports that:

Google Inc. says it has taken control of online ad service DoubleClick Inc., completing a deal that the Internet search leader announced 11 months ago.

The Mountain View-based company closed the acquisition Tuesday, just a few hours after European antitrust regulators approved the transaction over the objections of Microsoft Corp. and other companies. Those critics had argued the addition of DoubleClick will give Google too much control of online advertising prices.

More here.

House Democrats Proposing Commission to Investigate Warrantless Spying

Ryan Singel writes on Threat Level:

Not only shouldn't companies that helped the government's warrantless spying on American citizens be given retroactive amnesty, the government should establish a national commission --- similar to the 9/11 Commission --to subpoena documents and testimony in order to find out -- and publish -- what exactly the nation's spies were up to during their five year warrantless, domestic surveillance program.

In other words, House Democrats aren't planning a compromise on telecom amnesty and are actually going on offense to find a way to learn more about President Bush's five-year secret "Total Information Awareness" program.

More here.

Paper: Measuring and Detecting Fast-Flux Service Networks

Via the Honeyblog.

We present the first empirical study [.pdf] of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability.

Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.

More here.

UK Banking Industry Teams Up With Fraud Police

Angelica Mari writes in Computing:

The police have launched a new unit to tackle all types of banking fraud in the UK.

The Payment Industry and Police Joint Intelligence Unit (PIPJIU) is the result of the merger of the banking industry’s Fraud Intelligence Bureau (FIB) and the intelligence function of the Dedicated Cheque and Plastic Crime Unit (DCPCU).

The latter is a joint initiative between UK law enforcement and retail banks to tackle card and cheque crime.

The new unit’s 15-strong workforce includes banking industry fraud specialists, as well as officers from the City of London and Metropolitan police forces.

More here.

Monday, March 10, 2008

Late Night Flashback: Van Halen - Jump


- ferg

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, March 10, 2008, at least 3,980 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,237 died as a result of hostile action, according to the military's numbers.

The AP count is six more than the Defense Department's tally, last updated Monday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

BlackBerry Servers 'Ripe For The Hacking'

John E. Dunn writes on

Many companies running BlackBerry Enterprise Server (BES) could be inadvertently opening a door to attackers, a penetration testing company has found.

Penetration testing consultancy NTA Monitor found that most of its customers running the BlackBerry Server with Microsoft Exchange were taking the path of least resistance by opening unencrypted ports from the heart of their network to service providers. The providers, in turn, opened a return back to the BES that would pass through firewalls without any policies being applied.

This left the network open on several levels, including session hijacking, IP spoofing, or just the interception of unencrypted traffic.

More here.

Anti-Real ID Rebellion Spreads to California

Ryan Singel writes on Threat Level:

California's powerful congressional delegation needs to go back to Congress to reconsider the Real ID Act that requires states to issue driver's licenses that meet federal standards, according to the head of the California Assembly's Transportation Committee.

Assemblyman Pedro Nava (D-35) introduced a non-binding resolution to that effect Monday afternoon in response to concerns about privacy, security and the high price of the federal mandate -- which the government's most recent estimate pegs at $4 billion nationally. The feds are only ponying up a token amount of money, but say states can dip into their federal homeland security grants to help pay down the bill.

Howard Posner, a policy consultant to the Transportation Committee, said that last year the committee contemplated moving legislation to accept Real ID, but reconsidered after "looking at the cost, and the incredible inconvenience for driver's license holder and the privacy issues."

More here.

Danchev: and Getting RBN-ed

Dancho Danchev:

Monitoring last week's IFRAME injection attack at high page rank-ed sites, reveals a simple truth, that persistent simplicity seems to work.

The attack is still ongoing, this time successfully injecting a multitude of new domains into Wired Magazine, and's search engines, which are again caching anything submitted, particularly not validated input to have the malicious parties in the face of the RBN introducing a new malware, in between the pharmaceutical scams that they serve on the basis of an affiliation model.

So, after "CNET stops IFRAME site attacks - who's next?" in terms of high-profile sites, that is and

Much more here.

Goose Knocks Out Sewage Plant Power, Causes Spill

Peter Zuckerman writes on The Oregonian:

An unfortunate Canada goose knocked out power to a sewage treatment plant Saturday, causing about 93,750 gallons of raw sewage to spill into the Willamette River in Milwaukie [Oregon].

The wayward bird flew into a power pole on Saturday evening, knocking off the power and killing the bird. Power to a pump station at the Oak Lodge Sanitary District wastewater treatment plant was knocked off at 7:04 p.m., said plant manager J. Michael Read.

Backup power didn't kick in because of a computer glitch related to the pump station losing only some of its electricity. As a result, raw sewage flowed into the river from 7:10 to 7:55 p.m.

More here.

Quote of The Day: John Murrell

"Turns out Apple’s super-sleek MacBook Air has an undocumented interference issue of particular concern to the business traveler — at airports, under certain conditions, it can suddenly interfere with your ability to catch your flight."

- John Murrell, writing on Good Morning, Silicon Valley.

NY Governor Eliot Spitzer Admits Involvement In Online Prostitution Service - UPDATE

Danny Hakim and William K. Rashbaum write in The New York Times:

Gov. Eliot Spitzer has informed his most senior administration officials that he had been involved in a prostitution ring, an administration official said this morning.

Mr. Spitzer, who was huddled with his top aides inside his Fifth Avenue apartment early this afternoon, had hours earlier abruptly canceled his scheduled public events for the day. He scheduled an announcement for 2:15 after inquiries from the Times.

Mr. Spitzer, a first term Democrat who pledged to bring ethics reform an end the often seamy ways of Albany, is married with three children.

Just last week, federal prosecutors arrested four people in connection with an expensive prostitution operation. Administration officials would not say that this was the ring with which the governor had become involved.

More here.

UPDATE: 13:53 PDT: The Smoking Gun has all the sordid details outlined in an FBI affidavit here. -ferg

Dutch Court Convicts Nigerian Internet Fraudsters

Via Reuters.

A Dutch court on Monday sentenced three members of a Nigerian gang to up to four years in prison for extorting tens of thousands of euros from victims who answered emails promising a stake in unclaimed inheritances.

A spokeswoman for the Haarlem court said judges sentenced one man to four years on charges of fraud, money-laundering and membership of a criminal organization, while two others were sentenced to 18 months and 13 months respectively.

Further sentences were pending, the spokeswoman added.

More here.

Security Fix: When Ads Go Bad

Brian Krebs writes on Security Fix:

A long-time trusted source recently alerted me that some inappropriate advertisements were running on, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of -- major media conglomerate Viacom -- are disavowing responsibility for the racy ads, saying they did not exist on their network and instead were the result of adware or spyware on my source's computer.

Included is a screenshot taken of one of the multiple ads I found on the site, which linked back to Internet dating site A spokesperson said the ads could not have possibly have been served through its site, and that the ads must have been displayed by malicious software.

More here.

Note: If you read the remainder of this article, you'll notice that everyone involved claims to not be responsible, and most likely, the Bad Guys are somehow managing to poison the advertisemnet supply-chain since there is so little quality control in this area. -ferg

Image source: Brian Krebs/Security Fix/The Washington Post

NSA's Domestic Spying Grows As Agency Sweeps Up Data

Siobhan Gorman writes in The Wall Street Journal:

Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans' privacy, even after the Sept. 11 terrorist attacks.

But the data-sifting effort didn't disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system.

The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people's communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks.

More here.

Sunday, March 09, 2008

xkcd: Kilobyte - The Definitive Standard

Click for larger image.

Yes, we love xkcd.

- ferg

2007 Bloggies Website Compromised: Serving Up IcePack Exploits


The website of the Annual Weblog Awards, nicknamed the Bloggies, appears to have been hacked on the eve of the award ceremony at the South By Southwest Interactive Festival.

The 2008 Bloggies nominees website and that of the awards' creator Nikolai Nolan have been taken down after an apparent security breach.

Pages for Bloggies nominees in previous years, hosted on the same domain, were still online last night but contained malicious content that downloaded automatically upon being loaded.

A scan of the 2007 Bloggies page using the online security tool LinkScanner revealed links to exploit software and advised users not to visit the address even if they thought their internet browser was secure.

More here.

Note: The screenshot above of the 2007 Bloggies Webpage was taken about 1/2 hour ago -- you can see the NoScript block icons indicating the embedded iFrame, which would attempt to load an exploit from a third-party server (located in Telekom Malaysia) running an IcePack exploit engine. -ferg