Two weeks after it was revealed that State Department employees were found snooping on five different occasions in the passport files of all three Presidential candidates, a State Department official tells NBC that the top official for Passport Services is being replaced.
The department intends to name a new acting Deputy Assistant Secretary of State for Passport Services to replace Ann Barrett who will be stepping aside.
The official declined to offer an explanation as to why Barrett is being replaced, but the timing comes in the midst of a State Department Inspector General investigation into the passport breaches.
The individual set to take over as acting Deputy Assistant Secretary is Lawrence Baer. State Department phone records indicate Baer is currently in a management position in the Consular Affairs bureau.
A complaint to police alleges that federal human-rights investigators used an unwitting woman's wireless Internet connection to log on to white supremacist websites and make postings to chat groups.
The complaint to the RCMP and Ottawa police was made this week by Toronto resident Mark Lemire, who runs a website that has been the subject of a long-standing hate case before the Canadian Human Rights Commission.
Among other things, Lemire's complaint alleges that commission investigators breached sections of the Criminal Code by "wilfully and with malicious intent" using the woman's connection without authorization and "committed theft of telecommunication service."
The sections makes it an offence to wilfully interfere with the lawful use of data, fraudulently obtain a computer service, or fraudulently use any telecommunication facility or telecommunication service.
As of Friday, April 4, 2008, at least 4,012 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,273 died as a result of hostile action, according to the military's numbers.
The AP count is the same as the Defense Department's tally, last updated Friday at 10 a.m. EDT.
As of Friday, April 4, 2008, at least 422 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures March 29 at 10 a.m. EDT.
Of those, the military reports 289 were killed by hostile action.
Network administrators are complaining that Apple's recent decision to offer users its Safari Web browser as part of an iTunes and QuickTime update has made their lives harder, as they struggle to remove the software from PCs on their networks.
For Cody Wilson, the trouble began a few weeks ago, when he noticed that Safari had popped up as a download option with his Apple Software Update, the program that is used to update iTunes and QuickTime.
Wilson, a network administrator with Soy Capital Bank and Trust in Decatur, Illinois, soon found out that many of the users on his network had installed the software without realizing it. "I went into work the next day and I scanned my network, and my inventory software said I have Safari on 30 PCs," he said.
The preponderance of cyberattacks against the U.S. military still comes from individual hackers, not nation-states, a senior defense official said.
Robert Lentz, deputy assistant secretary for information and identity assurance at the Pentagon, spoke this week to a federal computer security conference in Washington.
His comments on challenges facing the Defense Department in the Information Age were reported by Government Technology news.
Despite the rising threat of attempted intrusions and other attacks from potential nation-state adversaries, Lentz told the FOSE conference, it was hard to ascertain the origin of most attacks against the Department of Defense, which he called the "No. 1 target" among U.S. government agencies.
Nonetheless, individual "hackers are still the preponderance of network issues seen day to day," he said.
Note: I personally think Mr. Lentz is either (a) woefully underestimating the situation, (b) has been given partial or incorrect information, (c) is politically spinning the situation, or perhaps (d) is in denial. -ferg
Windows systems may be the most frequently attacked by malicious hackers, but they certainly are not the only targets.
Serving as the latest reminder of that fact is Antioch University in Yellow Springs, Ohio, which recently disclosed that Social Security numbers and other personal data belonging to more than 60,000 students, former students and employees may have been compromised by multiple intrusions into its main ERP server.
The break-ins were discovered Feb. 13 and involved a Sun Solaris server that had not been patched against a previously disclosed FTP vulnerability, even though a fix was available for the flaw at the time of the breach, university CIO William Marshall said today.
The FBI is on track to deploy the second phase of its Sentinel case file management system within weeks, said FBI Director Robert Mueller.
Lockheed Martin Corp. is developing Sentinel under a six-year contract for $335 million, Muller said. Full costs may be as high as $425 million, however, because the FBI is using a spiral-development strategy allowing for incremental changes and adjustments to new technologies along the way, he said.
Mueller said the FBI is satisfied with the Phase One products developed thus far, including a Web-based portal and work boxes that summarize cases and leads. But the products are likely to be used more frequently by FBI employees once Phase Two is implemented, he said.
Full capabilities are expected to be available by 2010. But the FBI also may develop some phases more quickly than expected through the use of spiral development and push those improvements out to the field.
The two Sacramento sheriff detectives tailed their suspect, Rolando Gallego, at a distance. They did not have a court order to compel him to give a DNA sample, but their assignment was to get one anyway — without his knowledge.
Recently, the sheriff’s cold case unit had extracted a DNA profile from blood on a towel found 15 years earlier at the scene of the murder of Mr. Gallego’s aunt. If his DNA matched, they believed they would finally be able to close the case.
On that spring day in 2006, the detectives watched as Mr. Gallego lit a cigarette, smoked it and threw away the butt. That was all they needed.
The practice, known among law enforcement officials as “surreptitious sampling,” is growing in popularity even as defense lawyers and civil liberties advocates argue that it violates a constitutional right to privacy. Mr. Gallego’s trial on murder charges, scheduled for next month, is the latest of several in which the defense argues that the police circumvented the Fourth Amendment protection against unreasonable search and seizure.
A former software engineer for a telecommunications company based near Chicago was indicted for allegedly stealing trade secrets worth an estimated $600 million and trying to take the documents to China.
The FBI said Wednesday that Hanjuan Jin of Schaumburg, Ill., a naturalized U.S. citizen who was born in China, was stopped at Chicago's O'Hare International Airport on Feb. 28, 2007, in a random search.
According to an affidavit filed by FBI special agent Michael R. Diekmann, Jin was traveling on a one-way ticket to Beijing at the time. She declared that she had $10,000 in U.S. currency in her carry-on luggage. Customs and Border Protection officers found about $30,000 in cash.
An AP newswire article by Felicia Fonseca, via Salon.com, reports that:
The thousands of Navajo Nation residents who rely on the Internet to work, study and communicate across their 27,000-square-mile reservation will be out of luck Monday, if their service provider is shuttered as planned.
"It's going to be a sad day," said Ernest Franklin, director of the tribe's Telecommunications Regulatory Commission.
A tribal audit last year revealed that Utah-based provider OnSat Network Communications Inc. may have double-billed the tribe, and it raised questions about how the tribe requested bids for the Internet contract.
Those discoveries led the Universal Service Administration Co., which administers the service under the Federal Communications Commission's E-rate program, to tell the tribe March 28 that it would withhold $2.1 million from OnSat.
As of Thursday, April 3, 2008, at least 4,012 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,272 died as a result of hostile action, according to the military's numbers.
The AP count is one more the Defense Department's tally, last updated Thursday at 10 a.m. EDT.
Cyber Cafes in Akure in the state of Ondo, and Onitsha, in the state of Anambra were raided today. The locals have a term for the type of cyber criminal who lurks in these cafes. They call them "Yahoo Boys".
In Akure, agents of the EFCC (Economic and Financial Crimes Commission), acting as customers, mingled about the crowd, bought airtime, and began using computers themselves while observing the activities of those around them. Once their suspicions were confirmed, they rose and identified themselves, requiring each of the users of the cafe to remain on site until they had confirmed what email addresses they had been using, and what activities those email addresses had been performing.
"This Day" in Lagos reports that at least one Yahoo Man jumped out the window when the raid began. This Day reports that the following day the cyber cafes were nearly empty, "leaving only those with serious business".
The banking industry has re-affirmed a policy that makes online banking customers responsible for losses if they have out of date anti-virus or anti-phishing protection. New Banking Codes for consumers and businesses took effect on Monday.
The Banking Code produced by the British Bankers' Association (BBA), and followed by most banks, makes it clear that banks will not be responsible for losses on online bank accounts if consumers do not have up to date anti-virus, anti-spyware and firewall software installed on their machines.
"If you act without reasonable care, and this causes losses, you may be responsible for them," says the Code. "This may apply, for example, if you do not follow section 12.5 or 12.9."
Section 12.9 says: "Keep your PC secure. Use up-to-date anti-virus and spyware software and a personal firewall."
The BBA said that it was not aware that any bank had ever invoked that clause of the Code to avoid covering a consumer's online banking losses. The new Code came into effect at the beginning of this week. The latest edition of the Business Banking Code took effect the same day.
Dollar losses to cybercrime increased to $240 million in 2007, a $40 million jump from 2006, according to the IC3's newly released 2007 Internet Crime Report. The IC3 received 206,884 reports of Internet crime last year, 90,000 of which were then picked up by law enforcement, according to the report.
And that’s not including the cybercrimes that went unreported to the IC3.
But lest anyone think VoIP vulnerabilities are nothing to be concerned about, consider the rather shocking tidbit shared last month at the Black Hat hacker conference in Washington, D.C. by Jerry Dixon, former head of the Department of Homeland Security's National Cyber Security Division. Dixon warned that VoIP vulnerabilities are opening dangerous new avenues of exposure for the companies that own and operate our nation's most critical networks, such as those that support the electric power, water and manufacturing systems.
To lower costs and increase efficiency, most utilities these days use the Internet to keep tabs on and manage their far-flung substations and networks. These control networks, known as supervisory control and data acquisition (SCADA) networks, naturally expose these very sensitive and complex systems to extreme risk of degradation or destruction if they are not properly secured. One important aspect of securing SCADA systems involves separating them the administrative networks that utility employees use for everyday work, such as e-mail and browsing the Web.
Dixon said that while a great many SCADA operators he has spoken with claim they carefully segregate their SCADA and administrative networks, far too many have gone ahead and set up their VoIP systems on the same network that manages their SCADA systems.
Microsoft plans to release eight security bulletins on April 8 to patch multiple security vulnerabilities affecting Windows, Microsoft Office and Internet Explorer users. As part of its pre-release advance notice mechanism, the Redmond, Wash., software vendor said five of the eight bulletins will be rated "critical," Microsoft's highest severity rating.
The remaining three bulletins will be rated "important."
A cybercrime investigator at the U.S. Secret Service has been named to head the Department of Homeland Security's National Cyber Security Division, Security Fix has learned.
Cornelius F. Tate, a graduate of University of Mississippi, currently heads up the Technical Security Division at Secret Service. Tate also is a member of the Electronic Crimes Special Agent Program, a Secret Service team made up of agents who conduct forensic analysis of computer systems. DHS established the NCSD to serve as a 24/7 watch center to share information between the private sector and the government about the latest cyber attacks.
Department of Commerce Secretary Carlos Gutierrez plans to tell Congress on Thursday that the next constitutionally mandated count of the U.S. population will be taking place, once again, via old-fashioned pencil and paper, according to a report by National Journal's NextGov blog.
Census officials had been hoping to introduce handheld computers into the process of collecting and transmitting data, but numerous glitches along the way have stymied those plans.
That means, in part because of "recent increases in gas prices, postage, and printing" and the need to hire more Census workers, Congress will need to allocate as much as $3 billion in additional taxpayer dollars for the 2010 Census, Gutierrez was expected to tell a House of Representatives subcommittee that oversees such spending matters. That means the entire pricetag for the decennial process could climb as much as $14.5 billion.
Secret Memo Raises New Questions on Domestic Spying
Justin Rood writes on ABC News' "The Blotter" Blog:
Shortly after the Sept. 11, 2001 attacks, the Bush administration concluded constitutional protections against unreasonable searches did not apply if they were done as part of “domestic military operations,” the Wall Street Journalreports this morning.
The American Civil Liberties Union, which unearthed that tidbit, called it a "radical interpretation" of the Fourth Amendment. A Justice Department spokesman said the administration has since changed its thinking on the matter. However, the legal reasoning was in place from 2001 until possibly as late as 2006, the Journal says.
The reasoning is contained in a still-classified 37-page memo dated Oct. 23, 2001, from the Justice Department Office of Legal Counsel. Another document, recently obtained by the ACLU, mentioned the October 2001 memo’s findings on the Fourth Amendment.
Chinese Spy, Chi Mak, 'Slept' In U.S. for 2 Decades
Joby Warrick and Carrie Johnson write in The Washington Post:
Prosecutors called Chi Mak the "perfect sleeper agent," though he hardly looked the part. For two decades, the bespectacled Chinese-born engineer lived quietly with his wife in a Los Angeles suburb, buying a house and holding a steady job with a U.S. defense contractor, which rewarded him with promotions and a security clearance. Colleagues remembered him as a hard worker who often took paperwork home at night.
Eventually, Mak's job gave him access to sensitive plans for Navy ships, submarines and weapons. These he secretly copied and sent via courier to China -- fulfilling a mission that U.S. officials say he had been planning since the 1970s.
Mak was sentenced last week to 24 1/2 years in prison by a federal judge who described the lengthy term as a warning to China not to "send agents here to steal America's military secrets." But it may already be too late: According to U.S. intelligence and Justice Department officials, the Mak case represents only a small facet of an intelligence-gathering operation that has long been in place and is growing in size and sophistication.
In 2005, The New York Times revealed that the National Security Agency had initiated wiretaps and other forms of surveillance without court orders. It was a story the Bush administration hoped to keep under wraps, says Eric Lichtblau, one of the two reporters who pushed for the publication of the story.
Lichtblau's new book, Bush's Law: The Remaking of American Justice, details how the administration used the "war on terror" to push for controversial surveillance programs.
Lichtblau is a Washington correspondent for The New York Times. In 2006, he won a Pulitzer Prize for his coverage of domestic spying.
PayPal seems to be having technical difficulties with a debit card that allows users instant access to the money in their PayPal accounts, as multiple users are reporting they are unable to activate the cards or they are being denied transactions.
The problems seem to go back at least a month, based on message board postings on eBay, which owns PayPal. One user on March 5 reported debit card transactions being denied over the phone, online and in-person “for vague security reasons.” Several other users have reported similar problems.
People are more likely to realistically assess these incidents if they don't contradict preconceived notions about how the world works. For example: It's obvious that a wall keeps people out, so arguing against building a wall across America's southern border to keep illegal immigrants out is harder to do.
The other thing that matters is agenda. There are lots of people, politicians, companies and so on who deliberately try to manipulate your feeling of security for their own gain. They try to cause fear. They invent threats. They take minor threats and make them major. And when they talk about rare risks with only a few incidents to base an assessment on — terrorism is the big example here — they are more likely to succeed.
Web 2.0 applications have certainly made the user experience more interactive, but organizations need to be mindful of their impact on Web site security.
Certainly, there are a number of reasons Web sites become an attractive target for hackers; sometimes sites are built prior to an attack being known about, or the developers were in a hurry. Still, some researchers say the Web 2.0 rush has had an impact on security as well, opening up new possibilities for attackers.
"The Web used to be a very static delivery method," said Mary Landesman, senior security researcher at ScanSafe. "All we could do is go to a site and read it. We couldn't interact with it."
But in today's dynamic Web 2.0 environment, there is a lot of give-and-take of information, from visitors leaving comments to third-party advertising being pushed in by affiliate ad programs, Landesman said.
"There's a lot of Web applications that are now involved," she said. "It just opens the door for exploits, either within the Web application, or through social engineering or by a hostile person inserting themselves at some point in this chain of affiliate relationships."
Months before UCLA Medical Center caught its staffers snooping in the medical records of pop star Britney Spears, '70s TV icon Farrah Fawcett learned that a hospital employee had surreptitiously gone through records of her cancer treatments there, documents and interviews show.
Fawcett's lawyers said they are concerned that the information was subsequently leaked or sold to tabloids, including the National Enquirer.
Shortly after UCLA doctors told Fawcett that her cancer had returned -- and before she had told her son and closest friends -- the Enquirer posted the news on its website. Indeed, alarming headlines regularly cropped up in the Enquirer and its sister publication, the Globe, within days of Fawcett's treatments at the UCLA hospital.
An AP newswire article by Mark Jewell, via MSNBC, reports that:
Discount retailer TJX Cos. could pay as much as $24 million in a settlement Wednesday with MasterCard Inc. over a massive breach that exposed tens of millions of payment card numbers to hackers.
The pact came as a group that tracks U.S. data breaches reported the number of cases in the first three months of this year was more than double the total in last year's first quarter.
The MasterCard agreement, which follows a similar $40.9 million pact in November with Visa Inc., hinges on banks that issue MasterCards agreeing to waive rights to sue TJX in exchange for being paid for breach-related costs.
A British researcher has developed a biometric keylogger [.pdf] of sorts that can capture fingerprints required to unlock building doors or gain access to computer networks or other restricted systems.
For now, the Biologger is a proof-of-concept aimed at showing the insecurity of many biometric systems, according to Matthew Lewis, who demonstrated the tool at last month's Black Hat Amsterdam conference. But the researcher, who works for Information Risk Management, warns the attack could become commonplace if current practices don't change and could be used to log images of retinas, facial features and any other physical characteristics used by biometric systems.
You'd think by this point House Democrats would be a little leery when the Bush administration comes up a new threat that it says can only be combated by a secret, warrantless NSA surveillance program requiring assistance from the private sector.
But it's official: TCP is the new WMD, and at least one prominent Democratic lawmaker is now eager to help the intelligence community prevent Cybarmageddon.
In a jointly-authored op-ed in today's Wall Street Journal, intelligence director Mike McConnell joins with Congresswoman Anna Eshoo (Calif.), a subcommittee chair on the House Intelligence Committee, to warn that "a cyber attack could be more devastating economically than Sept. 11."
Major League Baseball's MLB.TV online broadcasting service encountered serious technical difficulties for the second straight day on Tuesday, as affected paying subscribers fumed about missing games.
At around 7 p.m. Eastern Time, minutes prior to the start of Tuesday's first games, MLB disabled its Mosaic media player, the application that gives premium-level MLB.TV subscribers the advanced viewing features they pay for.
Mosaic remained unavailable for about three hours, but even after it became operational again, an undetermined number of subscribers still were unable to watch games due to technical problems affecting MLB.TV's log-in process.
MLB on Wednesday didn't immediately respond to a request for comment about the outstanding technical issues affecting MLB.TV, whose premium-level subscription costs either $19.95 per month or $119.95 per year. A lower-level subscription tier costs $14.95 per month or $89.95 per year.
What do the U.S. Army Corps of Engineers and video-game giant Sega have in common? The answer is that both exposed sensitive data via their File Transfer Protocol (FTP) sites. While the impact on Sega was only to force the company to release information on a new game earlier than it wanted to, in the former case it could have cost the lives of soldiers in Iraq.
FTP may be a dinosaur these days, but it's being used -- or, perhaps, misused -- regularly by employees who are simply trying to do their jobs, but who lack the adequate tools, according to John Thielens, vice president of technology for Tumbleweed, a vendor of content-security solutions.
Before heading out for a weekend trip to Seattle with his wife, Aaron Reed checked his bank account online.
Puzzled by a credit card authorization from the Lloyd Center shop Things Remembered, Reed walked to the bedroom to ask his wife whether she had bought any jewelry or gifts lately. By the time he returned to his computer, more unusual transactions had popped up: a $15 Broadway cab fare and $270 for five nights in an Econo Lodge Motel.
"It weirded me out because I had my card," said Reed, 35. "It wasn't like I had lost my card."
The thief didn't need Reed's bank or debit cards, financial records, mail or credit card receipts. She hit on his account number by chance.
Like mathematicians searching for the right formula, such thieves painstakingly try out combinations of 16 digits until they come up with a series that fits someone's card number.
Untangle, a company that makes a security gateway based on open source, next Wednesday plans what it's calling the "Deep Throat Fight Club" in a San Francisco bar to beat on Web filters of six competing vendors.
At the Thirsty Bear in downtown San Francisco at about noon next Wednesday, Untangle says it will pummel six Web filters with test scripts to show how well the filters can block porn sites. Untangle says the six Web filters selected to undergo this rough treatment are from WatchGuard, SonicWall, Fortinet, Barracuda, WebSense and ScanSafe.
It won't be pretty, says Raul Mujica, Untangle's vice president of marketing. In fact, anyone attending will need to sign a waiver explaining they could be seeing some pretty awful porn.
Security pros, take heed: If you don't do your job, you may not only be fired -- you may end up in court.
A Billings, Mont., law firm has filed a class-action lawsuit in federal court against Davidson Companies, claiming the company was negligent when it allowed a hacker to penetrate its systems, resulting in a data security breach and the exposure of some 226,000 customer records, according to a report.
The breach, which was revealed in January, occurred when a hacker broke into a Davidson Companies database and obtained the names and Social Security numbers of virtually all of the Montana-based financial services company's clients. Details on how the hacker accessed the database weren't published.
The FBI's Criminal Justice Information Service today unveiled the long-planned first increment of the National Data Exchange information sharing web.
"N-DEx will enable all law enforcement agencies to share incident reports, correlate crime data and collaborate on criminal justice investigations on a national basis," according to a Raytheon press announcement cleared by the bureau.
The bureau's Criminal Justice Information Division, based in Clarksburg, W.Va., sponsored the system. The network is intended to enable law enforcement agencies at the federal, state and local level to collaborate on their investigative work by sharing information held in one another's data systems.
The FBI and prime contractor Raytheon have relied on advice from the fledgling system's prospective users in law enforcement agencies nationwide to set the priorities of the N-DEx capabilities that will be progressively rolled out over the next three years.
The Council of Europe plans to vote this week on drafted guidelines that call for more cooperation from Internet service providers (ISPs) in combatting online attacks.
During the Council of Europe's Octopus 2008 Conference on Cybercrime -- which is taking place in Strasbourg, France -- participants will be asked to adopt a set of guidelines to speed response to cyberattacks and share more information, especially between Internet service providers and government agencies. The guidelines have been proposed by Estonia and other nations following the attacks on the northern European country last spring.
"The draft guidelines build upon the existing Council of Europe Convention on Cybercrime -- to which many countries in Europe and beyond have acceded -- and call for formal partnerships between Internet service providers (ISPs) and law enforcement," the Council of Europe said in a statement published about the conference.
Journalists covering the Arab summit from the Damascus media center on Saturday morning were astonished to find access to many official Syrian websites blocked. Access was denied to the official Syrian news agency, SANA, newspapers like al-Thawra and Tishrine and news websites such as Syria News, Sham Press and Zaman al-Wasel.
Rumors quickly spread among journalists that Syria was under a computer attack, probably originating in France, Turkey or Lebanon. Officials at the Ministry of Communications preferred not to divulge the source of the hacking, instead releasing an official statement saying, "The attack on the websites hosted by foreign companies came from outside the Syrian territories with no specific source."
The Ministry later said that the Telecommunications Institution and the Syrian Scientific Association were collaborating with the host companies to solve the problem and put the websites back online. Backup copies of the websites were being transported to the Syrian Scientific Association in anticipation of another attack.
Robert O'Harrow Jr. writes in The Washington Post:
Intelligence centers run by states across the country have access to personal information about millions of Americans, including unlisted cellphone numbers, insurance claims, driver's license photographs and credit reports, according to a document obtained by The Washington Post.
One center also has access to top-secret data systems at the CIA, the document shows, though it's not clear what information those systems contain.
Dozens of the organizations known as fusion centers were created after the Sept. 11, 2001, terrorist attacks to identify potential threats and improve the way information is shared. The centers use law enforcement analysts and sophisticated computer systems to compile, or fuse, disparate tips and clues and pass along the refined information to other agencies. They are expected to play important roles in national information-sharing networks that link local, state and federal authorities and enable them to automatically sift their storehouses of records for patterns and clues.
Though officials have publicly discussed the fusion centers' importance to national security, they have generally declined to elaborate on the centers' activities. But a document that lists resources used by the fusion centers shows how a dozen of the organizations in the northeastern United States rely far more on access to commercial and government databases than had previously been disclosed.
FBI Director Robert Mueller on Tuesday heard sharp complaints from lawmakers about the bureau's past failures but found no opposition to plans for a big budget increase.
House Appropriations Committee Chairman David Obey, D-Wisconsin, led criticisms of the FBI's serious errors in issuing secret "national security letters."
Obey and other Democrats on the House panel expressed disappointment that the FBI did not appear to have fully fixed how the sensitive letters -- sent to financial institutions, Internet service providers and other businesses that hold private citizen information -- are issued.
"Is this the last time we're going to hear about NSL violations?" Obey demanded.
"That is my hope and expectation," Mueller replied.
Recent events have raised the concerns about hidden backdoors and malicious code inside of counterfeit hardware -- all the way down to the integrated circuit level.
In fact, a 2005 report by the Pentagon's Defense Science Board addresses this issue. While this report assessed the problem, recent events have now raised the anxiety over cyber sabotage in bogus hardware. In fact, many consider the use of compromised counterfeit hardware as a strategic tactic in cyber warfare.
In January of 2008, a joint task force seized $78 million of counterfeit Cisco networking hardware. This international effort resulted in over 400 seizures of counterfeit networking hardware that was shipped between China, Canada and the United States. This international effort between the Federal Bureau of Investigations (FBI), U.S. Immigration and Customs Enforcement (ICE), US Customs and Border Protection (CBP), the Royal Canadian Mounted Police (RCMP) and supported by other agencies within the Department of Homeland Security (DHS) clearly shows the criminal efforts that are underway.
On the heels of an internal report criticizing the FBI for abusing its power to issue National Security Letters (NSLs), newly unredacted documents released today as a result of an American Civil Liberties Union and New York Civil Liberties Union lawsuit reveal that the Department of Defense (DoD) is using the FBI to circumvent legal limits on its own NSL power and may have overstepped its authority to obtain private and sensitive records of people within the United States without court approval.
The previously withheld records also reveal that the military is secretly accessing these private records without providing training, guidance, or any real record keeping.
When a shadowy Nigerian national with the nickname Mr. O finagled his way into the vast files of data broker ChoicePoint in 2003, he struck a mother lode of confidential information -- by internal ChoicePoint estimates, records of up to 4.3 million individuals.
By the time ChoicePoint publicly disclosed what was then the largest data-security breach, the FBI and Los Angeles police were investigating, lawmakers demanded hearings, and ChoicePoint vowed to remake itself. Some privacy advocates insisted the incident would underscore the dangers of data theft and ID fraud.
And yet, data breaches got bigger and broader in the intervening years, as Internet-based commerce and social networking inexorably expand. Since ChoicePoint, online scammers have repeatedly victimized corporations and their customers. The most audacious was the theft of records of as many as 94 million credit card transactions from giant retailer TJX, parent of 2,500 TJ Maxx and Marshall's stores.
Amid the wholesale rip-off of consumer data through cybercrime, USA Today reporters Byron Acohido and Jon Swartz began investigating the evolution of hacking from harmful pranks to a $100 billion-per-year criminal enterprise worldwide. Their resulting book, Zero Day Threat, examines the con men and cybercrooks who are exploiting security holes in online banking and shopping services.
As of Monday, March 31, 2008, at least 4,011 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,264 died as a result of hostile action, according to the military's numbers.
The AP count is eight more than the Defense Department's tally, last updated Monday at 10 a.m. EDT.
A New Zealand teenager accused of leading an international ring of computer hackers which skimmed millions of dollars from bank accounts was today convicted of illegal computer hacking.
Owen Thor Walker, 18, pleaded guilty yesterday to six charges related to using computers for illegal purposes. Police allege that he led a group of hackers who took control of 1.3m computers around the world without their owners' knowledge.
Hackers routinely send out viruses, worms and malicious Trojan horse programs which allow them to take control of a victim's machine. Linked through the internet to form a "bot-net" network, the infiltrated computers are used to access personal bank accounts, steal credit card details or bombard users with spam.
Police alleged that Walker wrote software that evaded normal computer anti-spyware systems, and then sold his skills to criminals around the world.
Advance Auto Parts, a leading auto parts retailer, has begun sending letters to customers impacted by a data breach that may have exposed financial information of up to 56,000 people.
The retailer reported Monday that a "network intrusion" had exposed financial information and was the subject of a criminal investigation. Fourteen of the retailer's stores, including locations in Georgia, Ohio, Louisiana, Tennessee, Mississippi, Indiana, Virginia and New York, are believed to have been affected.
Advance Auto Parts did not specify how customer financial information had been revealed or how access had been gained to its network. In response to the incident, the company notified its credit, debit and check processors.
Customers of the 14 locations listed in an advisory who do not receive a letter can call a toll-free-number provided by the company to find out if they were affected, according to the company.
The security of RCMP computers used to process evidence for a looming multimillion-dollar trial was breached from outside the agency, exposing sensitive files to the possibility of theft and tampering, Crown documents reveal.
The police computers were also used to view pornography and download music and illegal software, a letter from senior Kamloops Crown prosecutor Don Mann states.
The three-page letter, obtained by the Kamloops Daily News Thursday, was provided to four men accused of being part of a national auto-theft ring during a court hearing Wednesday.
The information in the letter relates to six computers that handled the massive volumes of Project Eau evidence.
The computers, which stored and processed more than 250,000 pieces of evidence, were exposed to viruses and the possibility of tampering after an officer with the investigating unit hooked the computers to the Internet, contrary to orders.
As of Sunday, March 30, 2008, at least 4,010 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,261 died as a result of hostile action, according to the military's numbers.
The AP count is 10 more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.
The federal agency that helps protect Canadians against epidemics came down with a devastating case of computer cramps last year that could have put lives at risk.
Hundreds of computers at the Public Health Agency of Canada fell victim to a "worm,'' a bit of malicious software that nearly brought operations to a halt.
The infection began with just a few computers but spread like a Prairie grass fire, eventually knocking out 1,308 work stations in three cities and taking more than a month to eradicate, say newly released documents.
The "worm'' also spread to Health Canada when infected agency computers tapped into the bigger department's data network, disabling 543 additional work stations in five of Health Canada's Ottawa-area offices.
Personal information supplied by job applicants to online recruitment agency Jobs.ie has been illegally accessed by internet hackers, writes Olivia Kelly .
CVs submitted by the applicants were downloaded in bulk through a non-Irish web address last Thursday.
Jobs.ie would not say how many of its clients had been affected, but said it had now fixed the security breach.
The clients whose information was taken are at risk from identity fraud and "phishing", where criminals, often posing as a well-known, legitimate company, use the information gleaned to try to extract further personal and financial information from their victims.
It is understood that the hackers used an illegally obtained log-in and password given to employers who are registered with Jobs.ie to access the job applications area of the site. They then downloaded personal information from CVs submitted, along with job applications.
Islamic Jihad operatives have been able to hack into several Israeli websites, the London-based Arabic-language newspaper al-Sharq al-Awsat reported Sunday.
"The electronic surveillance unit of the media warfare division has been able to hack into several Israeli websites and take them over," said a statement by the al-Quds Brigades, quoted by the paper.
According to the report, the operatives were able to plant images of Hassan Shakura, the former head of the Jihad's media warfare division in Gaza, who was killed by the IDF, on the sites; along with other images and Jihad videos.
Hacking "Zionist websites," said the statement "was part of our response to the elimination of the head of the media warfare office in Gaza, as well as a token of our allegiance to the blood of our troops."