Saturday, April 12, 2008

Computer Glitch In Virginia Delays Northeastern U.S. Flights

An AP newswire article, via The Boston Globe, reports that:

Flights from airports across the Northeast were delayed Saturday by a computer glitch at an air traffic control center in Virginia that handles high-altitude flights.

The main computer at the Washington "en route" center shut down at about 4:45 p.m. for about 10 minutes, said Jim Peters, a Federal Aviation Administration spokesman.

It was not clear how many flights were delayed, and nobody was ever in danger, Peters said.

A backup radar system handled traffic already airborne, but while the computer was down, airports from Virginia to New England were ordered to hold traffic on the ground.

More here.

Friday, April 11, 2008

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, April 11, 2008, at least 4,031 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,288 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

As of Friday, April 11, 2008, at least 423 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures April 5 at 10 a.m. EDT.

Of those, the military reports 290 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Home Confinement for Technician Who Tampered with California Power Grid

An AP newswire article, via, reports that:

A computer technician has been sentenced to six months of home confinement for tampering with California's electric grid.

A federal judge also ordered Lonnie Denison of Sacramento to pay $34,163 restitution.

Dennison pushed an emergency shut-off button at the California Independent System Operator's data center in Folsom a year ago, crashing the computers the state uses to buy and sell energy.

The two-hour shutdown did not cause any blackouts because it happened on a Sunday. Grid operators said it could have disrupted the western United States' power grid if the shut-off occurred during normal business hours.

Denison, 33, who worked under contract at the data center, was upset with his employer, San Diego-based Science Applications International Corporation [SAIC].

More here.

RSA: The Rise Of The Malware Mafia

Dan Goodin writes on The Register:

Policy makers should reject pressure to draft new laws targeting phishing and other types of cyber crime because existing statutes already cover most of the illegal activity, a researcher who investigates online criminals said.

Although phishing, malware attacks, and botnet propagation have all come about in the last decade or so, they are little more than new ways of carrying out much older types of crime, said Dmitri Alperovitch, director of intelligence analysis at a company called Secure Computing.

"These crimes, when you follow the money, when you look at what they're actually trying to do, are really covered by laws that are hundreds of years old," Alperovitch said during a session at the RSA security conference. "It's my belief that new laws for the most part are not only not needed but a lot of times are a waste of paper and a waste of time."

Alperovitch sounded a theme that has been so often repeated in security circles that it's now almost cliche: Cyber crime is no longer the province of teenage hackers holed up in their parents' basement, but rather an enterprise that's been co-opted into the most hardened and powerful organized crime families.

More here.

Bush's Cyber Secrets Dilemma

Andy Greenberg writes on

There's a problem facing the Bush administration: It has $30 billion to spend over the next five to seven years to keep the U.S. safe from hackers and cyberspies. But to extend that protection to the nation's critical infrastructure--including banks, telecommunications and transportation--it needs the cooperation of the private sector.

And among corporate executives, even those who want to help are wary: How can the business world participate in the government's cyber initiative, they ask, if the government remains intensely secretive?

"There's very little transparency as to the government's plans," says Bruce McConnell, a former information technology policy director for the White House's Office of Management and Budget who now works as a private consultant. "To protect critical infrastructure, we need to create trustworthy mechanisms for sharing information. That can't happen when one side's position is secret."

More here.

Hat-tip: Flying Hamster

Colombian Man Sentenced for Computer Fraud

Stephen Lawson writes on PC World:

A Colombian man who used keylogging software in a lucrative identity theft scheme has been sentenced to nine years in prison and ordered to pay restitution of US$347,000.

Mario Simbaqueba Bonilla, 40, pleaded guilty in U.S. federal court in January to conspiracy, access device fraud and aggravated identity theft. His scheme, which he carried out alone and with a co-conspirator between 2004 and 2007, had more than 600 victims worldwide, including employees of the U.S. Department of Defense, according to the Department of Justice.

Bonilla installed keylogging software on hotel business-center computers and Internet lounges in order to steal passwords and other personal data. Then he and his partner used complex computer intrusion methods to steal money from accounts. After transferring the money to credit and debit cards or cash, Bonilla used it to buy electronics and pay for luxury travel to Hong Kong, France, Jamaica, the U.S. and other places, according to the Justice Department. The court pegged the actual and attempted losses from the scheme at $1.4 million.

Bonilla was arrested by federal agents last August when he flew into the U.S. with a laptop, purchased with stolen funds, that contained personal and financial information on more than 600 people.

More here.

RSA: U.S. Still Worries Over Hacker Havens

Robert Lemos writes on SecurityFocus:

While U.S. law enforcement has received aid when pursuing criminal investigations in countries long considered to be hacker havens, the battle is not over, two U.S. prosecutors told attendees at the RSA Security Conference on Friday.

During a presentation on the U.S. Department of Justice's battle with online money laundering sites, two prosecutors with the DOJ's Computer Crime and Intellectual Property Section (CCIPS) outlined recent successes in shutting down sites that allow the transfer of digital cash outside of U.S. banking rules.

More here.

RSA: Security Expert Gives Computer Intruders a Taste of Their Own Medicine

Ryan Singel writes on Threat Level:

Malicious hackers beware: computer security expert Joel Eriksson might already own your box.

Eirksson, a researcher at the Swedish security firm Bitsec, uses reverse engineering tools to find remotely-exploitable security holes in hacking software. In particular, he targets the client-side applications intruders use to control Trojan horses from afar, finding vulnerabilities that would let him upload his own rogue software to intruders' machines.

He demoed the technique publicly for the first time at the RSA conference Friday.

More here.

Advance Auto Parts Breach Included Unencrypted Payment Data From 2001

Evan Schuman writes on StorefrontBacktalk:

Unencrypted customer credit card information dating back to 2001 was among the customer payment data stolen from as many as 56,000 customers of Advance Auto Parts, according to one company official, who added that the chain is not PCI compliant.

The $4.8 billion automotive aftermarket parts chain—which dubs itself the nation's second largest such chain, with 3,261 stores in 40 states, Puerto Rico and the Virgin Islands—said the breach appears to have impacted customers from 14 of its stores in Georgia, Ohio, Louisiana, Tennessee, Mississippi, New York, Virginia and Indiana.

The breach—which revealed check, credit card and debit card data—apparently happened in February 2008 and was discovered "in early March," said Shelly Whitaker, the manager of public communications for Advance Auto Parts.

More here.

Oracle Warns of Critical db Server Vulnerabilities

Ryan Naraine writes on eWeek:

Database server giant Oracle plans to ship a major security update on Tuesday, April 15 to cover more than 40 vulnerabilities in a wide range of products.
The fixes are part of the company's quarterly CPU (critical patch update) and will cover severe vulnerabilities across hundreds of Oracle products.

According to Oracle's advance notice, 17 of the 41 flaws were discovered in its flagship Oracle Database, including two for Oracle Application Express.

"Two of these vulnerabilities may be remotely exploited without authentication, i.e., may be exploited over a network without the need for a username and password," the company warned.

More here.

Canada Bars Sale of Satellite Maker to U.S. Buyer

Ian Austen writes in The New York Times:

The Canadian government blocked the sale of the country’s large space equipment and satellite maker to Alliant Techsystems of Minneapolis on Thursday.

The $1.3 billion bid for the space operations of MacDonald Dettwiler and Associates is the first takeover rejected under Canada’s 23-year-old foreign investment law.

The proposal raised sensitive issues about Canada’s Arctic sovereignty that crossed party lines. It also revived a debate about control of Canada’s aerospace industry that stretches back to a 1959 decision to cancel the development of a Canadian fighter jet in favor of purchasing American aircraft.

More here.

The New E-spionage Threat

Brian Grow, Keith Epstein and Chi-Chu Tschang write on

The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. "It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier.

Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk.

"They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands," Croom says. Cyber attackers "are not denying, disrupting, or destroying operations—yet. But that doesn't mean they don't have the capability."

More here.

Thursday, April 10, 2008

Powerful New U.S. Military Satellite to Debut Over Pacific

A Reuters newswire article, via, reports that:

The United States is set to start operating a powerful new military communications satellite over the Pacific next week, the first of a planned six-satellite network that will boost data flows 10-fold, the Air Force Space Command has said.

On its own, the maiden Boeing Co-built Wideband Global Satellite will provide more capacity for video, data and voice than the entire group of 10 or so satellites it is designed to replace, the command said.

Launched in October, the first satellite must still undergo another three months or so of testing and evaluation even as it starts "real-world" operation [...]

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, April 10, 2008, at least 4,030 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,286 died as a result of hostile action, according to the military's numbers.

The AP count is three more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

RSA: U.S. Presidential Election Can Be Hacked

Robert McMillan writes on

This year, the US will pick a new president using electronic voting machines that can be hacked, security experts said this week at the RSA Conference in San Francisco.

As the November election approaches, the question before officials is not how to fix known bugs in their e-voting systems, but rather, how best to check them for fraud, said David Wagner, an associate professor with the University of California, Berkeley's computer science department.

Wagner was part of the team that audited California's voting systems during the state's review of electronic voting, and the problems his team found affect counties across the US. "The three systems we looked at are three of the most widely used around the nation," he said during an e-voting panel discussion at the show. "They're going to be using them in the 2008 elections; they're still going to have the same vulnerabilities we found."

More here.

FBI Nudges State 'Fusion Centers' Into The Shadows

Declan McCullagh writes on the C|Net "Iconoclast" Blog:

The FBI is pressuring states to become more secretive and limit even routine oversight of the bureau's data-sharing arrangements with local police, a new document shows.

A memorandum of understanding [.pdf] written by the FBI and signed by the state of Virginia in February 2008 aims to curb congressional and press oversight of a joint venture called a Fusion Center. Here's more on Fusion Centers.

The memorandum, obtained by the Electronic Privacy Information Center and released on Friday, says that any "disclosure" to Congress of information shared with the Fusion Center can happen only "after consultation with the FBI." It also says that requests from media organizations even for non-classified material made under Virginia's open government laws will be referred to the FBI and then strongly opposed.

It also indicates that the FBI is responsible for a Virginia state bill called HB1007 -- introduced two days after the FBI signed the memorandum on January 6 -- that would exempt the Fusion Center from open government laws.

More here.

Some Charges Dropped in Pellicano Wiretapping Case

An AP newswire article, via The Los Angeles Times, reports that:

A federal judge granted a prosecution request today to dismiss 28 charges against private investigator Anthony Pellicano and a co-defendant.

Assistant U.S. Attorney Dan Saunders said the government made the request because some of the alleged victims weren't available to testify and other counts were redundant.

More than 35 charges remain against Pellicano and former Los Angeles police Sgt. Mark Arneson.

The dropped counts mostly involved wire fraud that authorities had alleged involved Arneson searching law enforcement databases for Pellicano.

The ruling by U.S. District Judge Dale Fischer came as prosecutors prepared to end their portion of the trial.

More here.

Mark Fiore: Olympic Torch Burnout

More Mark Fiore brilliance, via The San Francisco Chronicle.

Image of The Day: Gas Price Sticker Shock

Milpitas, California, 09 April 2008.

Officials Find Child Pornography on 20,000 Virginia Computers

Chris L. Jenkins writes in The Washington Post:

Law enforcement officials working undercover were sent child pornography files from nearly 20,000 private computers in the state over a 30-month period, according to a report by an expert on the distribution of Internet child porn.

Those computers accounted for 215,197 Internet child pornography transactions between October 2005 and February, according to a state report developed by Flint Waters, a special agent with the Wyoming attorney general's Division of Criminal Investigation. He has developed a national online system to track such activity.

The recorded numbers are just a small percentage of the traffic generated by child pornography distributors, who use peer-to-peer file-sharing networks such as Lime Wire to peddle often violent and hard-core movies and images, Waters said. The program tallies only the files that were distributed to undercover officers. The tracking software investigators use, Operation Fairplay, does not tally files shared between private users.

"Right now there's no way that law enforcement can keep up with all this activity," Waters said, adding that such activity has increased steadily in the United States.

More here.

Wednesday, April 09, 2008

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, April 9, 2008, at least 4,029 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,281 died as a result of hostile action, according to the military's numbers.

The AP count is eight more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

RSA: Wiretapping Powers Debate Still Unsettled

Ryan Singel writes on Threat Level:

In a interconnected, packet-based global telecommunications world, just how far should the nation's spooks be allowed to live inside the nation's communication tubes in order to root out communications of spies and terrorists and how much should they be supervised by courts?

Those were the questions tackled by a keynote panel at the RSA 2008 conference Wednesday that moderated by New York Times reporter Eric Lichtblau, who shared the Pulitizer Prize for disclosing the existence of part of the government's warrantless wiretapping program in 2005.

Predicatably, the panel was just as dividede as Congress, which is still deadlocked over immunity for the telecoms that helped wiretap Americans without warrants.

More here.

SCADA Watch: RSA: Industrial Control Systems Killed Once and Will Again

Ryan Singel writes on Threat Level:

On June 10th, 1999 a 16-inch diameter steel pipeline operated by the now-defunct Olympic Pipeline Co. ruptured near Bellingham, Washington, flooding two local creeks with 237,000 gallons of gasoline. The gas ignited into a mile-and-a-half river of fire that claimed the lives of two 10-year-old boys and an 18-year-old man, and injured eight others.

Wednesday, computer-security experts who recently re-examined the Bellingham incident called its victims the first verified human causalities of a control-system computer incident. They argue that government cybersecurity standards currently under debate might have prevented the tragedy.

More here.

RSA: Top Botnets Control 1M Hijacked Computers

Gregg Keizer writes on ComputerWorld:

Storm is a shadow of its former self, Kraken is just another name for Bobax and the biggest botnet goes by the mouthful of "Srizbi," a noted botnet researcher said today as he released the results of his census of the various armies of hacked computers that spew spam.

Joe Stewart, director of malware research at SecureWorks Inc., presented his survey at the RSA Conference, which opened Monday in San Francisco. The survey ranked the top 11 botnets that send spam. By extrapolating their size, Stewart estimated the bots on his list control just over a million machines and are capable of flooding the Internet with more than 100 billion spam messages every day.

The botnet at the top of the chart is Srizbi. According to Stewart, this botnet -- which also goes by the names "Cbeplay" and "Exchanger" -- has an estimated 315,000 bots and can blast out 60 billion messages a day.

More here.

See also: This report on the SecureWorks Research Blog. -ferg

RSA: The Criminal Underground is Flourishing

Dan Kaplan writes on SC Magazine US:

An underground economy has emerged in which cybercrooks are leveraging freely available tools, sophisticated methods and a chain of specialization that resembles a real corporation to pull off massive digital heists, according to an RSA Conference panel on Wednesday that examined the modern online criminal ecosystem.

Spammers are tapping into the power of massive fast-flux botnets that allow sites hosting phishing and spam attacks to go virtually undetected, the panel said.

“It's almost impossible to take these things down because the DNS (domain name system) changes every five minutes or so,” said Larry, lead investigator at Spamhaus, which tracks spammers. He does not use his last name.

More here.

SCADA Watch: RSA: Experts Hack Power Grid in No Time

Tim Greene writes on NetworkWorld:

Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.

Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines, giving the team the ability to hack into the control network overseeing power production and distribution.

Winkler says he and his team were hired by the power company, which he would not name, to test the security of its network and the power grid it oversees. He would not say when the test was done, but referred to the timeframe as "now." The company called off the test after the team took over the machines.

More here.

RSA: Zombie Computers Decried As Imminent National Threat

Ryan Singel writes on Threat Level:

Across the world, thousands of home computers have been conscripted into zombie computer gangs that cyber criminals use to spam, attack and defraud others on the net, causing considerable consternation to law enforcement and security professionals alike, who count the so-called botnets as the most vexing net threat today.

Today's botnet herders have hundreds of thousands of computers at their command and use technically sophisticated ways to hide their headquarters, making it easy for them to make millions from spam and credit card theft. They can also be used to direct floods of fake traffic at a targeted website in order to bring down a rival, extract protection money or less frequently, used to make a political point in the case of attacks on Estonia and the Church of Scientology,

Security pros and government officials are now describing the latter attacks, known as Distributed Denial of Service attacks, as serious threats to national security --turning packet floods against public websites into the latest face of "cyberwar" hysteria.

Hence, the appearance Tuesday of a panel at the RSA 2008 security conference of a panel discussion entitled "Protecting the Homeland: Winning the Botnet Battle," which was marked by a mix of resignation, indignation and post-9/11 rhetoric.

More here.

UK: e-Crime Unit Funding Revealed

Tom Young writes on Computing:

The Serious Organised Crime Agency’s (SOCA’s) e-crime unit has less staff and half the budget of its forerunner, the National HiTech Crime Unit (NHTCU).

Computing has learned that the unit receives about £4.5m funding annually, less than half of the £9.3m spent on the NHTCU. And in January this year the agency had 51 e-crime staff ­ compared with 54 employed at its predecessor’s peak.

When the NHTCU was rolled into SOCA in April 2006 the fight against cyber crime was dealt a major blow, said shadow home secretary David Davis.

More here.

FBI: Lieberman Campaign, Not Hackers, Caused 2006 Website Crash

Anne Broache writes on the C|Net News Blog:

You may recall that during the heat of the 2006 primary race that prompted then-Democratic Sen. Joe Lieberman to go Independent, the Connecticut politician's Web site, well, dropped dead.

At the time, conspiracy theories abounded. There was twittering that liberal bloggers who backed Lieberman's antiwar Democratic rival, Ned Lamont (who went on to win the primary, by the way) were responsible for the site's inaccessibility, and Lieberman's own campaign maintained that a denial-of-service attack had occurred.

Well, nearly two years later, we finally know whom to blame: the Lieberman campaign's own system configuration.

More here.

Image of The Day: Thousands Gather for San Francisco Torch Run

Image source: San Francisco Chronicle / Dan Kepka

Tuesday, April 08, 2008

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, April 8, 2008, at least 4,025 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,277 died as a result of hostile action, according to the military's numbers.

The AP count is eight more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Outsourcing Blamed for Rising Security Woes

John Dunn writes on TechWorld:

The world has a new culprit to blame for the rising tide of software vulnerabilities – code outsourcing.

The trend to outsource the coding of applications is now a major contributor to making business software more vulnerable, a survey-cum-report has claimed.

According to analyst group Quocirca, which surveyed 250 IT directors and executives in the US, the UK and Germany for Fortify Software, ninety percent of the organisations that admitted to having been ‘hacked’ had outcourced more than 40 percent of their applications to third parties.

But the rush to benefit from the speed, convenience and lower cost of outsourced applications was leaving security as an afterthought in an alarming number of cases.

More here.

New U.S. GPS Satellites Have Anti-Jamming Gear

Via UPI.

Lockheed Martin said this week its new U.S. Air Force GPS satellites carry anti-jamming capabilities.

The company said in a statement Monday that each of its new Global Positioning System IIR-M satellites now carries an upgraded antenna panel that gives them boosted signal power when they transmit to stations on the ground.

The new satellites -- three of which have been successfully launched and deployed in the past six months -- are also equipped to transmit two new military signals to increase their accuracy. They also carry new improved encryption/coding and anti-jamming equipment, Lockheed Martin said.

The GPS satellites are equipped with a second civil signal that will give users an open access signal on a different frequency, the company said.

More here.

Your Credit Card Could Be Funding Terrorism

Via Defense Tech.

When we think of credit card data theft and fraud you don't think about terrorism - but that is indeed the case. Al Qaeda is a skilled practitioner at using the Internet for a multitude of reasons.

According to FBI Director Robert Mueller, "The Internet has been used by the likes of Al Qaeda to recruit, to train, to communicate." The arrest of Al Qaeda's top cyber terrorist provided hard evidence of their use of stolen credit card data for funding. In one case, terrorist groups use the stolen credit card information to purchase $3 million of materials to carry out terrorist attacks.

Al Qaeda's top cyber terrorist 23 year old Younes Tsouli (online name - Irhaby007), recently admitted conspiring to defraud banks, credit card companies and charge card companies.

More here.

EU Report: Search Engine Activities Threat to Privacy

Leigh Phillips writes on

Search engines should not hold on to personal data at the end of six months due to privacy concerns, the European Commission's data protection watchdog has recommended in a report.

In a draft document issued following an extensive inquiry into data retention, the commission's advisory body on data protection said: "Search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for."

More here.

U.S. To Pitch 'Phase One' of Net Monitoring Plan at RSA - UPDATE

Ryan Singel writes on Threat Level:

Secretary of Homeland Security Michael Chertoff is traveling Tuesday to the [RSA] conference to pitch a program the Bush administration calls the Cyber Initiative. Slated for $154 million in funding this year, the plan would put the National Security Agency and DHS in charge of cybersecurity for all federal government agencies.

That would mean that the nation's spies -- who began secretly targeting Americans since shortly after 9/11 -- will be monitoring when Americans visit the IRS or the Social Security Administration online.

This would mark a significant change in the NSA's defensive responsibilities, which have historically been limited to locking down military and classified networks and providing encryption technologies to soldiers and statesmen. Given that the federal government policy largely forbids even the use of cookies on government websites, that's a sea change in how the government monitors Americans' online interactions with the federal government.

More here.

UPDATE: 13:47 PDT: DHS has just posted "Fact Sheet: Protecting Our Federal Networks Against Cyber Attacks". -ferg

Monday, April 07, 2008

A Digital Middle East Sign Of The Times

I regularly scan the logs and monitor reports for visitors to my blog -- in my business, it's a useful intelligence gathering tool.

Or at the very least, it paints an interesting picture sometimes of the Internet landscape that most people do not completely understand, nor appreciate.

Click for larger image.

Aside from a search referrer earlier this evening from Turkey seeking information on small arms (rifle) tracking, these two referrals are perhaps the most iconic: One search from Israel looking for information on how to detect road-side bombs [above], and one from Lebanon looking for information on Isreali warfare techniques [below].

Click for larger image.

Within minutes of one another.

What a world.

- ferg

GOP Blocks FISA Surveillance Extension

J. Taylor Rushing writes on The Hill:

Senate Republicans blocked a Democratic attempt to revive a controversial wiretapping law for 30 days on Monday night, leading to a mini-squabble on the chamber floor over the Bush administration’s program.

Majority Leader Harry Reid (D-Nev.) had asked for unanimous consent for the month-long extension to allow more time for House-Senate negotiations.

Minority Leader Mitch McConnell (R-Ky.) objected, saying the temporary fix was inadequate. The objection essentially blocks Reid’s extension request.

The legislation updating the 1978 Foreign Intelligence Surveillance Act (FISA) has been expired since Feb. 15, when a six-month interim law elapsed.

The House has already passed its version of FISA, but the two chambers have been unable to reconcile their differences over whether to grant telecommunications companies retroactive legal immunity from invasion-of-privacy lawsuits. The House-backed legislation does not include such immunity; a Senate bill that passed by a 68-29 vote on Feb. 12 does.

The move led to a brief exchange between Reid and McConnell, with each leader blaming the others’ party for the impasse.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, April 7, 2008, at least 4,023 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,274 died as a result of hostile action, according to the military's numbers.

The AP count is 10 more than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

'Quantico Circuits' - FBI Data Transfers Via Telecoms Questioned

Ellen Nakashima writes in The Washington Post:

When FBI investigators probing New York prostitution rings, Boston organized crime or potential terrorist plots anywhere want access to a suspect's telephone contacts, technicians at a telecommunications carrier served with a government order can, with the click of a mouse, instantly transfer key data along a computer circuit to an FBI technology office in Quantico.

The circuits -- little-known electronic connections between telecom firms and FBI monitoring personnel around the country -- are used to tell the government who is calling whom, along with the time and duration of a conversation and even the locations of those involved.

Recently, three Democrats on the House Energy and Commerce Committee, including Chairman John D. Dingell (Mich.), sent a letter to colleagues citing privacy concerns over one of the Quantico circuits and demanding more information about it. Anxieties about whether such electronic links are too intrusive form a backdrop to the continuing congressional debate over modifications to the Foreign Intelligence Surveillance Act, which governs federal surveillance.

More here.

Secret U.S. Plan for Open-Ended Military Future in Iraq

Seumas Milne writes on The

A confidential draft agreement covering the future of US forces in Iraq, passed to the Guardian, shows that provision is being made for an open-ended military presence in the country.

The draft strategic framework agreement between the US and Iraqi governments, dated March 7 and marked "secret" and "sensitive", is intended to replace the existing UN mandate and authorises the US to "conduct military operations in Iraq and to detain individuals when necessary for imperative reasons of security" without time limit.

The authorisation is described as "temporary" and the agreement says the US "does not desire permanent bases or a permanent military presence in Iraq". But the absence of a time limit or restrictions on the US and other coalition forces - including the British - in the country means it is likely to be strongly opposed in Iraq and the US.

More here.

DHS Goes After Great Lakes Fishermen

Mimi Hall writes on USA Today:

Rick Ungar's charter fishing service promises a great time on Lake Erie. But there's a catch — and it's not freshwater fish. It's the Homeland Security Department's new anti-terrorism rules.

When the 2008 charter season begins next month, U.S. citizens paying to fish on Lake Erie will have to bring either a passport or two other IDs if they plan to cross the northern border's invisible watery line.

When they get back to shore in the USA, they'll have to drive to a local government reporting station and pose for pictures. They won't be posing with their fish, but for Customs officers via a videophone connection.

That's because half of Lake Erie — as it happens, the half with the deeper and cooler waters that often spawn the best fishing — is in Canada. The Homeland Security Department intends to enforce new border security rules — largely focused on those coming into the country by land and air — on fishermen re-entering the country.

Ungar and many of his fellow charter boat captains — Lake Erie alone has 600-plus — are incensed.

They say the rules are difficult to follow, will dramatically cut down on tourism and won't protect against terrorism.

More here.

Image of The Day: Free Tibet Protestors on The Golden Gate Bridge

Image source: National Geographic News / Associated Press

More Than a Fifth of Users Already Fallen Victim to Online Fraud

Tim Wilson writes on Dark Reading:

More than half of consumers are worried that their account data will be stolen when they bank online, according to a new study published here today.

The study, conducted by TNS Sofres and dubbed the "Digital Trust Barometer," was sponsored by Gemalto, a specialist in token-based authentication technology.

According to the research, 57 percent of Americans are afraid someone will steal account passwords when banking online, and 38 percent do not trust online payments.

Only 22 percent felt "very good" about the security in any of the digital technology they use, according to the study of 1,000 U.S. consumers. Identity theft topped the list of their fears at 74 percent, and 44 percent were afraid of online bank account hijacking. Some 21 percent of respondents had already suffered from bank data theft.

More here.

The Changing Face of Espionage in America

Steven Aftergood writes on Secrecy News:

Financial incentives and external coercion play a diminishing role in motivating Americans to spy against the United States, according to a new Defense Department study [pdf]. But divided loyalties are increasingly evident in recent espionage cases.

“Two thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well: 80% of spies received no payment for espionage, and since 2000 it appears no one was paid.”

“Offenders since 1990 are more likely to be naturalized citizens, and to have foreign attachments, connections, and ties, and therefore they are more likely to be motivated to spy from divided loyalties.” Even so, the majority (65%) of American spies are still native born.

The changing circumstances surrounding the practice of espionage today require revision of the existing espionage laws, the study concludes.

More here.

China Also Claims It Is Victim of Regular Cyber Attacks

Via The Dark Visitor.

In my opinion, it is always important to see how the other guy views the world. Hardly a day goes by that Chinese hackers don’t make the Western news, which is usually accompanied by wild speculation on Beijing’s tacit or active involvement. Well, what happens in China and do they suffer similar attacks?

From an article in the People’s Liberation Army News that comes via Xinhua. In 2005, the CNCERT Processing and Coordination Center found that China had over 220,000 attacks from outside sources. The top offenders attacking China were:

  1. The US with 40% of attacks
  2. Japan with 11% of attacks
  3. Taiwan with 10% of attacks
  4. South Korea with 8% of attacks

It was also discovered that the main source of 27,000 Trojan horse attacks, came from the US, South Korea and Taiwan. The US, South Korea and Taiwan were also mainly responsible for 16,000 IPs that were controlling zombie nets inside China.

China further had 24,477 web pages that had been tampered with and among those, 3,831 were Chinese government websites.

More here.

Confidential U.S. Taxpayer Information Vulnerable to Hacking and Theft

An AP newswire article by Jim Abrams, via MSNBC, reports that:

A week before the tax filing deadline, Treasury Department watchdogs are saying that inadequate controls over the IRS computer system could make confidential taxpayer information more vulnerable to hacking and theft.

The office of the Treasury Inspector General for Tax Administration is warning that the lack of monitoring could allow a disgruntled employee or a hacker to disrupt computer operations and steal taxpayer data.

The IRS, in response to the report, agreed that it needs to improve oversight of who has access to its computers.

More here.

More Snooping Into UCLA Medical Records

An AP newswire article, via The New York Times, reports that:

California first lady Maria Shriver is among more than 30 celebrities and other high-profile patients who had their confidential records breached at UCLA Medical Center, medical officials said.

The woman responsible, whose name was not released, is the same employee who sneaked into actress Farrah Fawcett's medical records, officials told the Los Angeles Times on Sunday.

That worker was fired in May 2007 after UCLA learned of the widespread breaches, but patients were not notified, the hospital said.

In all, the woman improperly looked at 61 patients' medical records in 2006 and 2007, according to state and local medical officials. These included Fawcett, Shriver, and 31 other politicians, celebrities and other well-known people, the paper said. Names of the other patients were not disclosed.

The head of the UCLA Hospital System, Dr. David Feinberg, apologized for the breaches and said the woman behind them had been a ''rogue'' employee.

More here.

Sunday, April 06, 2008

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Sunday, April 6, 2008, at least 4,017 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,273 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

High-Tech Crime Is an Online Bubble That Hasn't Burst

Doreen Carvajal writes in The New York Times:

There are no storefronts or corporate headquarters in the cybercrime industry, just savvy sellers in a murky, borderless economy who are moving merchandise by shilling credit card numbers — “two for the price of one.”

“Sell fresh CC,” promised one who offered teaser credit card numbers. “Visa, MasterCard, Amex. Good Prices. Many countries.”

Electronic crime is maturing, according to security experts, and with its evolution, criminals are adopting conventional approaches like supermarket-style pricing and outsourcing to specialists who might act as portfolio managers or computer technicians.

More here.

Experian to Track Internet Users

James Ashton writes on The Times Online:

Experian, the credit checking company, is braving mounting concerns over internet privacy with plans to launch a service that will track broad-band users’ activity so they can be targeted with advertising.

Through Hitwise, the web-site company it acquired for £120m a year ago, Experian has held talks with internet service providers to sell its monitoring technology.

Observers expect it to compete in part with Phorm, an AIM-listed company that has stirred controversy after being recruited by BT, TalkTalk and Virgin Media to track their 10m customers’ behaviour so they can be sent advertising messages on the websites they are looking at.

However, the key difference is that Hitwise, which describes itself as an “online competitive intelligence service” would play little part in dispatching the advertising to web pages itself, something that Phorm does through its Open Internet Exchange.

More here.

Hat-tip: Flying Hamster

In Passing: Charlton Heston

Charlton Heston
October 4, 1923 – April 5, 2008