Saturday, June 07, 2008

American Airlines Warns of Phishing Ploy

Via The

American Airlines has warned members of its AAdvantage frequent flier program of a phishing scheme that uses a bogus AAdvantage Web site to reap personal financial information, which can be used in identity theft and other financial fraud.

The message offers $50 for completion of a survey.

Clicking on the link redirects computer users to a Web site in Russia, American spokesman Tim Wagner said.

The link should not be opened, and the e-mail deleted, American said.

More here.


Lufthansa Admits Spying on Journalist

Dinah Deckstein writes on Spiegel Online:

Germany's flag airline carrier has admitted it spied on a journalist for a major financial daily in order to identify the source of leaks from Lufthansa's company board.

The latest development is part of a massive wave of spying and corruption scandals that have massively tarnished the image of some of Germany's biggest companies.

More here.

In Passing: Jim McKay

Jim McKay
September 24, 1921 – June 7, 2008

Friday, June 06, 2008

Shocker: SOCA Issues Warnings on Phishing, Malware and Online Fraud

Nick Heath writes on

A government report on serious criminal threats to the UK has warned of the growing danger from international gangs of online and credit card fraudsters.

The UK Threat Assessment of Serious Organised Crime pinpoints a surge in attempts to hijack bank accounts using email phishing and key logging malware.

The report by the Serious Organised Crime Agency (SOCA) says groups of criminals worldwide are collaborating over the web, specialising in roles from spamming to trading stolen personal data.

It says the criminal market for stolen data has boomed with the growth of the internet, with information stolen through phishing, hacking or malware traded in large quantities online.

More here.

Note: Nothing personal here, but SOCA is about a year behind if they are just now noticing that this is a problem. Maybe even two or more years behind. -ferg

Quote of The Day: Tim Wilson

"I'm not saying we shouldn't plan for the future -- we should. But when we see large Army hospitals that can't find P2P vulnerabilities and key Internet service providers who can't stop teenage hackers from wrecking their Websites, you have to wonder: Isn't it a little blue-sky to be worrying about unborn mobile threats and hacks from other planets?"

- Tim Wilson, writing on Dark Reading's "Firewalled".

India: Cyber Attack Target 10 Government Websites

Via Daily News & Analysis India (DNA).

Hackers have struck again with nearly 10 websites belonging to various ministries and departments of the government of India coming under attack in the last 24 hours. The hackers are suspected to be from China, though there was no official confirmation.

Confirming the cyber attack, a senior IT ministry official told DNA, "Low to medium intensity cyber intrusions into web servers maintained by the Indian government have been reported."

The IT ministry’s computer emergency response team downplayed the violations calling them routine efforts by other parties to map out networks.

"Nearly 7,000 websites are hacked every year in India which means that on an average 19 sites are hacked a day. For us this is routine business, not a cyber attack," a top CERT official told DNA.

Government officials, who tried to access the websites, reported problems like not being able to log into the email servers and not being able to transfer files through the networks. A few websites had to be shut down.

More here.

Hat-tip: José

June 6, 1944: Operation Overlord - D-Day in Normandy

A United States Navy LCVP disembarks troops at Omaha Beach, Normandy, France on D-Day, June 6, 1944.

Via Wikipedia.

The Battle of Normandy was fought in 1944 between the German forces occupying Western Europe and the invading Allied forces as part of the larger conflict of World War II. Over sixty years later, the Normandy invasion, codenamed Operation Overlord, still remains the largest seaborne invasion in history, involving almost three million troops crossing the English Channel from England to Normandy in then German-occupied France.

The majority of the Allied forces were composed of American, British, Canadian, and French units. Other countries including Australia, Belgium, Czechoslovakia, Greece, the Netherlands, New Zealand, Norway, and Poland also took a major part.

The Normandy invasion began with overnight airborne paratrooper and glider landings, massive air attacks and naval bombardments, and an early morning amphibious assault on June 6, "D-Day". The battle for Normandy continued for more than two months, with campaigns to establish, expand, and eventually break out of the Allied beachheads. It concluded with the liberation of Paris and the fall of the Falaise Pocket.

You Are Not Forgotten.

More here.

Image source: Wikimedia

Thursday, June 05, 2008

VeriSign: Spear-phishing Attacks Have Hooked 15,000

Robert McMillan writes on PC World:

Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted "spear-phishing" e-mail attacks, according to researchers at Verisign.

Verisign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95 percent of the incidents.

Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake Web sites, spear-phishing emails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by Verisign, victims are tricked into visiting malicious Web sites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.

After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.

More here.

Australian Federal Police Deny 'Screwing Up' Child Porn Probe

Via The Sydney Morning Herald.

Australian Federal Police deny they "screwed up" by releasing details of a global investigation into child pornography before it was completed.

However Queensland police say they "don't know" why the AFP revealed details of the operation yesterday, while investigations are continuing.

More than 90 men across Australia, including 42 Queenslanders, have been arrested and hundreds more remain under suspicion as part of the six-month Operation Centurion.

News Ltd today quoted senior Queensland police sources as saying the AFP effectively tipped off nearly half the suspects and compromised the six-month investigation by telling the media about the probe.

"They're expecting accolades but they've screwed up," a police source told News Ltd.

More here.

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Thursday, June 5, 2008, at least 4,092 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,332 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

As of Thursday, June 5, 2008, at least 443 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Saturday at 10 a.m. EDT.

Of those, the military reports 308 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

CACI Contracted for U.S. Army Intelligence Database Support

Via UPI.

CACI International Inc. has been contracted to continue providing technical support for a classified U.S. Army intelligence database.

The $26 million follow-on subcontract from Arinc Engineering Services is for CACI to continue work on the facilities, infrastructure and engineering systems program. Under the deal, CACI will acquire and provide information for the classified Army intelligence database among other technical support.

Officials say the database's classified network includes the Army's geospatial technologies that go to support Army personnel and the U.S. intelligence community in the war on terrorism.

More here.

McCain Campaign Staffed By Telecom Immunity Lobbyists


Senator John McCain's presidential campaign has strong connections to the high-powered lobbyists employed by AT&T and other telecommunications companies to escape from responsibility for violations of federal law, with paid lobbyists occupying prominant positions in the upper echelons.

Last fall Newsweek reported on the telecom's "secretive lobbying campaign to get Congress to quickly approve a measure wiping out all private lawsuits against them for assisting the U.S. intelligence community's warrantless surveillance programs." The magazine named some of the chief telecom immunity lobbyists:

Among the players, these sources said: powerhouse Republican lobbyists Charlie Black and Wayne Berman (who represent AT&T and Verizon, respectively), former GOP senator and U.S. ambassador to Germany Dan Coats (a lawyer at King & Spaulding who is representing Sprint) ...

All three are now working with McCain.

More here.

DOJ Staffer Tapped to Head US-CERT

Robert McMillan writes on PC World:

The U.S. Department of Homeland Security has chosen a new head of its U.S. Computer Emergency Readiness Team (US-CERT).

Mischel Kwon, will start as director of US-CERT on June 24, a DHS spokeswoman said Thursday. She is presently acting deputy director of IT security and the chief IT security technologist at the U.S. Department of Justice. She is also an adjunct professor at The George Washington University, where she runs the school's Cyber Defense Lab.

She replaces Cheri McGuire, who left in March, and will report to Cornelius Tate, director of the DHS's National Cyber Security Division.

More here.

Leaked Report: ISP Secretly Added Spy Code To Web Sessions, Crashing Browsers

Ryan Singel writes on Threat Level:

An internal British Telecom report on a secret trial of an ISP eavesdropping and advertising technology found that the system crashed some unsuspecting users' browsers, and a small percentage of the 18,000 broadband customers under surveillance believed they'd been infected with adware.

The January 2007 report [.pdf] -- published Thursday by the whistle blowing site Wikileaks -- demonstrates the hazards broadband customers face when an ISP tampers with raw internet traffic for its own profit. The leak comes just weeks after U.S. broadband provider Charter Communications told users it would be testing a technology similar to what's described in the BT document.

The report documents BT's partnership with U.K. ad company Phorm, which specializes in building profiles of ISP customers, then serving targeted ads on webpages the user visits.

From late September to early October 2006, British Telecom secretly partnered with Phorm to let the company monitor and track 18,000 of the BT's customers. Phorm installed boxes on BT's network that redirected web requests through their proxy server.

More here.

ACLU Says No Deal on an Unconstitutional FISA Compromise


As news continues to trickle down from Capitol Hill regarding a deal on surveillance legislation, the American Civil Liberties Union once again voiced its fervent opposition to any attempt to undercut the Fourth Amendment or allow the telecommunications companies to gain blanket immunity for illegal spying. Before the Memorial Day recess the ranking member of the Senate Select Committee on Intelligence, Senator Christopher Bond (R-MO) floated what he claims is a compromise on surveillance legislation that will allow for sham court proceedings, virtually guaranteeing immunity to telecommunications companies. The ACLU strongly opposes this unconstitutional proposal.

"Congress should remember that the majority of Americans are against unwarranted and warrantless surveillance," said Caroline Fredrickson, director of the ACLU Washington Legislative Office. "They are against slamming the courthouse doors and letting the phone companies off the hook for selling out their privacy. If that’s where most Americans stand, who exactly is Congress representing?"

More here.

Revealed: Bush Administration Plans for Permanent Presence in Iraq

Patrick Cockburn writes in The Independent:

A secret deal being negotiated in Baghdad would perpetuate the American military occupation of Iraq indefinitely, regardless of the outcome of the US presidential election in November.

The terms of the impending deal, details of which have been leaked to The Independent, are likely to have an explosive political effect in Iraq. Iraqi officials fear that the accord, under which US troops would occupy permanent bases, conduct military operations, arrest Iraqis and enjoy immunity from Iraqi law, will destabilise Iraq's position in the Middle East and lay the basis for unending conflict in their country.

But the accord also threatens to provoke a political crisis in the US. President Bush wants to push it through by the end of next month so he can declare a military victory and claim his 2003 invasion has been vindicated. But by perpetuating the US presence in Iraq, the long-term settlement would undercut pledges by the Democratic presidential nominee, Barack Obama, to withdraw US troops if he is elected president in November.

The timing of the agreement would also boost the Republican candidate, John McCain, who has claimed the United States is on the verge of victory in Iraq – a victory that he says Mr Obama would throw away by a premature military withdrawal.

More here.

TSA IT Contract Bidding Heats Up

Alice Lipowicz writes on Washington Technology:

Bidders and prospective subcontractors are lining up to be part of the Transportation Security Administration’s massive $2 billion Information Technology Infrastructure Program (ITIP). The procurement is considered one of the largest and highest-profile IT contracts this year for the Homeland Security Department.

The TSA IT infrastructure contract is a follow-on to the $1 billion IT Managed Services contract, which aims to install and modernize IT networks and infrastructure. Unisys Corp. held the contract from 2002 to 2006. The company then won a bridge contract to extend the work through 2008.

Unisys has submitted a bid for the new contract, said spokesman Brad Bass. “This has been a very successful contract for Unisys, and we would like to continue the relationship,” he said.

More here.

Note: You may also recall that Unisys has recently been under investigation for allegedly failing to protect the DHS computer network from intrusions. -ferg

Cyber Incident Blamed for Nuclear Power Plant Shutdown

Brian Krebs writes in The Washington Post:

A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.

The incident occurred on March 7 at Unit 2 of the Hatch nuclear power plant near Baxley, Georgia. The trouble started after an engineer from Southern Company, which manages the technology operations for the plant, installed a software update on a computer operating on the plant's business network.

The computer in question was used to monitor chemical and diagnostic data from one of the facility's primary control systems, and the software update was designed to synchronize data on both systems. According to a report filed with the Nuclear Regulatory Commission, when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant's radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown.

More here.

Wednesday, June 04, 2008

User Friendly: Security Tech Support Hell

Click for larger image.


Ain't it the truth...


- ferg

Australia: Recruiters Auto-Forward Trojan-Infected Resumes

Liam Tung writes on ZDNet Australia:

Hackers are exploiting an email-forwarding feature offered by many recruitment firms, which automatically sends relevant resumes to customers when a new applicant uploads their CV to the recruitment firm's website.

Security firm MessageLabs first detected the scam after blocking an outbound Word (RTF) document from the recruitment company, a customer of MessageLabs. The Word document included an embedded PDF file, containing details about a candidate claiming to apply for an accounts officer position — but it also contained an executable file which installs a backdoor trojan on recipients' PCs.

More here.

Researchers Say Notification Laws Are Not Lowering ID Theft Incidents

Robert McMillan writes on ComputerWorld:

Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis [.pdf] of data supplied by the U.S. Federal Trade Commission (FTC).

"There doesn't seem to be any evidence that the laws actually reduce identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors.

Romanosky's team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California's SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month.

More here.

Mark Fiore: Sh-- Happened - Confessions of a Lap Dog

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Germany to Give Police More Surveillance Powers

A Reuters newswire article, via The International Herald Tribune, reports that:

The German government decided on Wednesday to give police more rights to monitor homes and phones, fueling a heated debate about privacy laws in a country shocked by a snooping scandal at Deutsche Telekom.

Interior Minister Wolfgang Schäuble said the draft law, which still must be approved by Parliament, would strengthen the means available to Germany's Federal Crime Office, known as the BKA, to investigate terrorist suspects and fight international crime.

"The threat to our country has made it necessary to give the BKA such rights to counter threats," Schäuble said at a news conference presenting the so-called BKA law.

The draft law extends police rights to conduct online searches, video surveillance of homes and phone monitoring.

More here.

Quote of The Day: Bruce Schneier

"This pegs the stupid meter."

- Bruce Schneier, commenting the EU's decision to study the effectivness of an airplane-seat camera system that tries to detect terrorist behavior of passengers.

Australia: 70 Arrested in Nation's Largest Child Porn Dragnet

Tom Allard writes on

Dozens of men - including community leaders, a police officer, a teacher and a youth worker - have been arrested over child pornography and abuse offences after the nation's biggest anti- pedophile investigation.

The six-month joint operation by the Australian Federal Police and state police forces uncovered several cases of child molestation and highlighted the astonishing way in which pedophiles form secret communities in cyberspace and use the global reach of the internet to trade child-exploitation images.

To date, 70 arrests have been made across Australia. A further 20 people have been issued with summonses to appear in court, where they will be charged with possessing child-exploitation material. More arrests are expected.

Dubbed Operation Centurion, the investigation was triggered after a hacker infiltrated a respectable European website and inserted 99 degrading and explicit images of young girls from Eastern Europe, the US and Paraguay.

More here.

Sweden On Verge Of Passing Draconian Wiretap Bill

Dan Goodin writes on The Register:

Sweden is on the verge of passing a far-reaching wiretapping program that would greatly expand the government's spying capabilities by permitting it to monitor all email and telephone traffic coming in and out of the country.

So far, hacks from the mainstream Swedish press seem to be on holiday, so news about the proposed law is woefully hard to come by. That leaves us turning to this summary from the decidedly left-leaning Swedish Pirate Party for details. We'd prefer to rely on a more neutral group, but that wasn't possible this time.

More here.

Wal-Mart Website Hit By SQL-Injected Flash Hole

John E. Dunn writes on

Wal-Mart's admins have come in to work to find .swf Flash files on their website being used to help serve malware. The famously upstanding Sam Walton would not be amused.

According to researchers, Wal-Mart’s website has fallen to an SQL injection attack that exploits a vulnerability in versions of the browser Flash player plug-in, possibly including the latest update of April Unatched visitors could find themselves redirected to a maze of cross-referenced criminal domains and hit with a variety of malware as a result.

More here.

Note: This is a double-whammy for two reasons -- the massive number of websites that have been injected with these malicious Flash exploits, and the fact that Microsoft just released the Windows XP SP3 update which automagically reverts installed Flash players to a previously vulnerable version.

Also, the folks over at SecureWorks have a great technical analysis on these exploits on their blog here. -ferg

Windows XP SP3 Omits Critical Security Update

Gregg Keizer writes on InfoWorld:

Microsoft Tuesday confirmed that Windows XP SP3 (Service Pack 3) omits a critical security update issued by the company in November 2006.

The company acknowledged the omission while attempting to clarify the impact XP SP3 has on existing installations of Flash Player, an add-on that Microsoft bundled with Windows XP when it first shipped in 2001. Microsoft has patched Flash Player in the past using Windows Update, notably with the security update MS06-069 it issued Nov. 14, 2006.

MS06-069, the AWOL update, patched five vulnerabilities in Adobe's Flash Player, and was rated "critical" by Microsoft, the company's highest threat ranking.

Microsoft did not explain why the patch is missing from the service pack, which it has billed as including "all previously released updates."

More here.

Study Secretly Tracks Cell Phone Users Outside U.S.

An AP newswire article by Seth Borenstein, via The Mercury News, reports that:

Researchers secretly tracked the locations of 100,000 people outside the United States through their cell phone use and concluded that most people rarely stray more than a few miles from home.

The first-of-its-kind study by Northeastern University raises privacy and ethical questions for its monitoring methods, which would be illegal in the United States.

It also yielded somewhat surprising results that reveal how little people move around in their daily lives. Nearly three-quarters of those studied mainly stayed within a 20-mile-wide circle for half a year.

The scientists would not disclose where the study was done, only describing the location as an industrialized nation.

More here.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA


Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. This security advisory outlines details of these vulnerabilities:

  • Crafted TCP ACK Packet Vulnerability
  • Crafted TLS Packet Vulnerability
  • Instant Messenger Inspection Vulnerability
  • Vulnerability Scan Denial of Service
  • Control-plane Access Control List Vulnerability

The first four vulnerabilities may lead to a denial of service (DoS) condition and the fifth vulnerability may allow an attacker to bypass control-plane access control lists (ACL).

More here.

Tuesday, June 03, 2008

In Passing: Mel Ferrer

Mel Ferrer
August 25, 1917 – June 2, 2008

McCain: I'd Spy on Americans Secretly, Too

Ryan Singel writes on Threat Level:

If elected president, Senator John McCain would reserve the right to run his own warrantless wiretapping program against Americans, based on the theory that the president's wartime powers trump federal criminal statutes and court oversight, according to a statement released by his campaign Monday.

McCain's new tack towards the Bush administration's theory of executive power comes some 10 days after a McCain surrogate stated, incorrectly it seems, that the senator wanted hearings into telecom companies' cooperation with President Bush's warrantless wiretapping program, before he'd support giving those companies retroactive legal immunity.

As first reported by Threat Level, Chuck Fish, a full-time lawyer for the McCain campaign, also said McCain wanted stricter rules on how the nation's telecoms work with U.S. spy agencies, and expected those companies to apologize for any lawbreaking before winning amnesty.

But Monday, McCain adviser Doug Holtz-Eakin, speaking for the campaign, disavowed those statements, and for the first time cast McCain's views on warrantless wiretapping as identical to Bush's.

More here.

NASA Office Is Criticized on Climate Reports

Andrew C. Revkin writes in The New York Times:

Two years after James E. Hansen, the leading climate scientist at NASA, and other agency employees described a pattern of distortion and suppression of climate science by political appointees, the agency’s inspector general has concluded that such activities occurred and were “inconsistent” with the law that established the space program 50 years ago.

In a 48-page report issued on Monday as a result of a request in 2006 by 14 senators, the internal investigative office said the activities appeared limited to the headquarters press office.

No evidence was found showing that officials higher at NASA or in the Bush administration were involved in interfering with the release of climate science information, the report said.

It also credited Michael Griffin, the agency administrator, for swiftly ordering a review and policy changes when the pattern came to light after articles in The New York Times early in 2006.

More here.

Walter Reed Patient Data Exposed Via p2p File-Sharing

Mary Mosquera writes on

Sensitive data on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals might have been compromised, Walter Reed spokesman Chuck Dasey said.

The names of the patients, who are enrolled in the Military Health System, their Social Security numbers and birth dates were among the personally identifiable information in a computer file that was shared without authorization, officials said June 2.

The disclosure of the information raises the possibility that individuals named in the file could become victims of identity theft, so the hospital will offer them free credit-monitoring services, Dasey said.

More here.

UK: Beauty Queen Loses £10,000 in Phishing Scam

Antony Savvas writes on

Miss Scarborough has become the latest victim of online phishing fraudsters, with the the beauty contest winner having had £10,000 stolen from her bank account.

Jade Saunders, a 20-year-old student, was crowned Miss Scarborough in April this year, and is also a semi-finalist for Miss England 2008.

Saunders reportedly clicked on a link in an e-mail purporting to be from her bank, which took her to a genuine-looking, but fake, website.

By entering her security log-in details on the fake site, Saunders provided the cybercriminals with all they needed to set up a standing order on her account for £10,000.

More here.

Fusion Centers Face 'Insufficient' Terrorist Activity

Steven Aftergood writes on Secrecy News:

Fusion centers are collaborative law enforcement and intelligence organizations that were established all over the country after 9/11 to share intelligence and counterterrorism information. But in the absence of a widespread domestic terrorist threat, they have not consistently demonstrated their value, according to a recent study.

"Fusion centers emerged almost spontaneously in response to a need by state and local law enforcement for useful and usable intelligence related to the evolving terrorist threat," observed Milton Nenneman, a Sacramento police officer, in a master’s thesis [.pdf] based on a survey of California fusion centers.

But the terrorist threat has turned out to be "insufficient" to justify or sustain the new fusion centers.

"There is, more often than not, insufficient purely 'terrorist' activity to support a multi-jurisdictional and multi-governmental level fusion center that exclusively processes terrorist activity," Lt. Nenneman wrote.

More here.

Monday, June 02, 2008

Spying Telecoms Receive Billions in Government Contracts

Kurt Opsahl writes on

The telecoms who are being sued for their cooperation in the government's illegal warrantless surveillance program have received billions in government contracts. According to Washington Technology magazine, Verizon received $1.3 billion, Sprint $839 million and AT&T $505 million in federal prime contract revenue for fiscal 2007, for a total of $2.6 billion. While the companies have been government contractors for a long time, it still represents a significant increase in revenue.

Telecom apologists like to suggest that the communications companies' motivation was not financial. As Judge Walker noted when examining EFF's allegations of dragnet surveillance: "AT&T cannot seriously contend that a reasonable entity in its position could have believed that the alleged domestic dragnet was legal." Yet, the prospect of $2.6 billion per year can go a long way to explaining why an industry might cooperate with a program far outside the limitations of the Foreign Intelligence Surveillance Act (FISA), despite the difficulty of believing it was legal.

More here.

Image of The Day: Imported Goods

Via The Atlanta Journal-Constitution's "Window on Washington" Blog.


- ferg

Look Beyond Executable Files, Botnet Researchers Warn

Tim Wilson writes on Dark Reading:

After years of education and awareness training, most users -- and their antivirus applications -- know to be suspicious of email attachments that carry the ".exe" suffix. But users and AV tools are fairly trusting of other types of files -- and botnet operators are beginning to take advantage of that trust.

According to a report being published today by Damballa -- an anti-botnet technology and research firm -- many bot herders are now recruiting their "zombie" participants or levying targeted attacks by hiding malware in real-looking documents that arrive in everyday formats such as Microsoft Office or Adobe Acrobat Reader.

More here.

In Passing: Bo Diddley

Bo Diddley
December 30, 1928 – June 2, 2008

Beware of Error Messages At Bank Sites

Brain Krebs writes on Security Fix:

If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when trying to access your company's bank account online, you might want to give the bank a call: A criminal group that specializes in deploying malicious software to steal banking data is presenting victims with fake maintenance pages and error messages as a means of getting around anti-fraud safeguards erected by many banks.

Dozens of banks now require business customers to log in to their accounts online using so-called "two factor authentication" methods, which generally require the customer to enter something in addition to a user name and password, such as a random, one-time-use numeric code generated by a key fob or a scratch-off pad.

But one of this past year's most prolific cyber gangs -- which targets virus-laden e-mail attacks against specific individuals at small to mid-sized businesses -- has devised a simple but ingenious method of circumnavigating these security measures.

More here.

Sunday, June 01, 2008

In Passing: Yves Saint Laurent

Yves Saint Laurent
August 1, 1936 – June 1, 2008

Botnet Cyber-Attack Costs Company 300 Million Yen

Kenichiro Tanaka writes in The Yomiuri Shimbun:

A type of blackmail is increasing in Japan in which a blackmailer bombards companies' Web sites with data sent from tens of thousands of virus-infected personal computers to hamper browsing of their sites.

Attackers demand money in return for stopping their cyber-attacks. A source said one major Tokyo company suffered more than 300 million yen [US$2.84 Million] in damage because access to its site was halted for a week due to the repeated "denial of service" attacks.

On Dec. 27, it became impossible to browse the Tokyo company's site for its normal offerings of travel, bar and restaurant information and the sale of daily commodities. Immediately afterward, a person claiming to be from a Net security company sent a e-mail in Japanese to the site operator.

The mail read: "Is your company's Web site still inaccessible? There is a problem with your site so we're offering to fix it. The repair fee is 480,000 yen. If you don't pay the fee, you may suffer [further] attacks."

The denial-of-service attacks continued for a week as the site operator ignored the perpetrator's demand for money.

A check of communication records found the denial-of-service attack had sent data at a rate of as much as 6 gigabytes a second. This means that tens of thousands of personal computers were accessing the site simultaneously, causing the operator's telecommunication lines to break down.

More here.

Hat-tip: Dave Farber's "Interesting People" mailing list

Zombies and Botnets: OECD Warns of Hidden Armies in Cyber Wars

An AFP newswire article, via MSN News, reports that:

The simple act of using a computer for email or the Internet can mobilise armies of hidden agents and criminals out to subvert the system and business, the OECD says in a study [.pdf] on cyber crime.

The report, entitled "Malicious software (malware): a security threat to the Internet economy," gives an impression of two worlds engaged in an uneven war of virus invasion and belated defence.

Cyber crime, to steal data, spy and attack government and business computer systems "is a potentially serious threat to the Internet economy," the study, published on Friday, warns.

Organisations involved in "fighting malware offer essentially a fragmented local response to a global threat," the Organisation for Economic Cooperation and Development says.

"Over the last 20 years, malware has evolved from occasional 'exploits' to a global multi-million-dollar criminal industry ... Cyber criminals are becoming wealthier and therefore have more financial power to create larger engines of destruction."

In the last five years there has been a upsurge in such criminal activity to attack systems and steal information, money and identities.

More here.