Saturday, August 30, 2008

Off Beat: Bush Seeks to Affirm a Continuing War on Terror

Eric Lichtblau writes in The New York Times:

Tucked deep into a recent proposal from the Bush administration is a provision that has received almost no public attention, yet in many ways captures one of President Bush’s defining legacies: an affirmation that the United States is still at war with Al Qaeda.

Seven years after the Sept. 11 attacks, Mr. Bush’s advisers assert that many Americans may have forgotten that. So they want Congress to say so and “acknowledge again and explicitly that this nation remains engaged in an armed conflict with Al Qaeda, the Taliban, and associated organizations, who have already proclaimed themselves at war with us and who are dedicated to the slaughter of Americans.”

The language, part of a proposal for hearing legal appeals from detainees at the United States naval base at Guantánamo Bay, Cuba, goes beyond political symbolism. Echoing a measure that Congress passed just days after the Sept. 11 attacks, it carries significant legal and public policy implications for Mr. Bush, and potentially his successor, to claim the imprimatur of Congress to use the tools of war, including detention, interrogation and surveillance, against the enemy, legal and political analysts say.

Some lawmakers are concerned that the administration’s effort to declare anew a war footing is an 11th-hour maneuver to re-establish its broad interpretation of the president’s wartime powers, even in the face of challenges from the Supreme Court and Congress.

More here.

Credit Card Companies Successfuly Gag Mythbusters Episode Exposing RFID Insecurities



Via Arphid Watch.

CSI Stick Grabs Data From Cell Phones


Marc Weber Tobias writes on C|Net News:

There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.

I recently attended and lectured at the Techno-Security conference in Myrtle Beach, Fla. About 1,500 law enforcement and security professionals participated and were briefed on the latest in cybersecurity vulnerabilities from participating federal agents, manufacturers, and cyber-consultants. The CSI Stick caught my attention because of the potential to rapidly and covertly download all of the information contained in many cell phones.

This device connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.

More here.

Image source: C|Net / Marc Weber Tobias

Internet Traffic Begins to Bypass the U.S.

John Markoff writes in The New York Times:

The era of the American Internet is ending.

Invented by American computer scientists during the 1970s, the Internet has been embraced around the globe. During the network’s first three decades, most Internet traffic flowed through the United States. In many cases, data sent between two locations within a given country also passed through the United States.

Engineers who help run the Internet said that it would have been impossible for the United States to maintain its hegemony over the long run because of the very nature of the Internet; it has no central point of control.

And now, the balance of power is shifting. Data is increasingly flowing around the United States, which may have intelligence — and conceivably military — consequences.

More here.

Friday, August 29, 2008

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Aug. 29, 2008, at least 4,151 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,371 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, Aug. 29, 2008, at least 512 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Aug. 23 at 10 a.m. EDT.

Of those, the military reports 364 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

USAF Officers Probed Over Missile Documents

Via The Washington Post.

The Air Force announced Thursday that two officers who worked at a missile base in North Dakota have been taken off the job while the military investigates allegations that they took home classified components used in underground launch control centers.

The officers were supposed to have destroyed the two devices and had signed documents stating that they had, said Maj. Laurie A. Arellano, an Air Force spokeswoman. The Band-Aid-size devices, now obsolete, were used on equipment inside the launch center to detect equipment tampering.

"There is no risk to the security of the weapon system, and no possibility of an inadvertent launch as a result of this being taken from the weapon facility," Arellano said.

The officers, whose names have not been released, are no longer stationed at Minot. "They are not, obviously, working missile alert duties until the investigation is complete," Arellano said.

The Air Force also announced that three members of a ballistic missile crew from Minot Air Force Base who fell asleep while holding classified launch code devices have been sanctioned and "decertified from missile operations."

More here.

Hat-tip: The Project on Government Oversight (POGO) Blog

Phantom Registrars, Fake Pharmacies, and the Secret Infrastructure

Via KnujOn.com.

In our continuing effort to shed light on the dark corners of the Internet we have produced this report on the Directi Group, a fairly large player in the Registrar world. We have highlighted their use of the controversial service PrivacyProtect.org, their association with EstDomains, their continued sponsorship of fake pharmacy domains, and their apparent ability to get Registrar accreditations for 48 Phantom Companies.

KnujOn has found at least 48 ICANN-accredited Registrars that do not seem to exist. All of the Registrars in question are affiliated with the Directi Group...

Much, much more here.

Note: And people wonder why we complain about the the ICANN accreditation process... -ferg

Quote of The Day: Vincent Hanna

"At almost every Internet security conference, or law enforcement seminar on cyber-crime, a presentation will detail some attack, exploit, phish or financial crime that has some nexus at Atrivo/Intercage."

- Vincent Hanna, Spamhaus.org

Thursday, August 28, 2008

Hackers Attack Iraq's Vulnerable Computers

Charles Levinson writes on USA Today:

Maj. Ahmed Khathem, the head of Iraq's newly formed cybercrimes division, sits in a borrowed office, at a borrowed desk, working at a borrowed laptop one of his subordinates brought from home.

It is his unit's lone computer, highlighting the country's vulnerability to a community of Iraqi hackers defacing websites and attempting to hack into sensitive internal networks.

Iraq's government is engaged in a bloody struggle against al-Qaeda, and its computers make a prime target for global terror networks that have added hacking to their arsenal.

"We could have the most powerful anti-hacking force in the world, but we'd still have no computers, so we couldn't do anything," says Ali Hussein, one of 12 computer science graduates added to the cybercrime team last month. "The government thinks about guns, tanks and raiding houses. Hackers just aren't a priority."

More here.

Classic xkcd: Kiss a Wookie


Click for larger image.


We love xkcd.

- ferg

'Trusted' Third Parties Responsible For Almost Half Of All Break-Ins

Prachi Patel-Predd writes in IEEE Spectrum:

If you’re the owner of a retail-store chain or a financial-services company, it is your responsibility to keep your customer’s credit card number or social security number safe. But how can you control what goes on outside your company’s doors? Your credit card machine’s vendor could overlook a software vulnerability. Or an employee at the call center handling your customer-service calls could turn sour on his employer.

Data breaches involving trusted third parties—business partners, vendors, suppliers, and contractors—are alarmingly on the rise, according to a recent investigation by the security team at Verizon Business. While studying about 500 incidents worldwide between 2004 and 2007, the RISK Team found that cases involving partner organizations, willing or unwitting, went up fivefold, reaching 44 percent in 2007. Hackers and other outsiders, meanwhile, were directly responsible for close to 80 percent of the breaches. (There was some overlap among the cases.)

More here.

Image of The Day: Enzyte Scammer Gets 25 Years in Prison



Via The Consumerist.

Steve Warshak, founder of the company responsible for "Enzyte," has been sentenced to 25 years in prison and ordered to pay a fine of $93,000, says the AP. U.S. District Judge S. Arthur Spiegel also ordered the company, along with other defendants, to forfeit more than $500 million that it bilked from consumers.

According to federal prosecutors the scam involved preying on customer's reluctance to admit that they had ordered the "male enhancement" pills. Customers ordered the pills, but were unable to cancel or get a refund. A former VP of the company testified that Warshak required customers to provide notarized documents from a doctor proving that they had small genitals in order to get a refund.

More here.

Image source: The Consumerist

Police State: ABC News Reporter Arrested in Denver

Via The ABC News "The Blotter" Blog.

Lawyers for an ABC reporter and civil rights groups are demanding that Denver police drop all charges against a reporter who was arrested yesterday while trying to shoot video on a public sidewalk outside the Brown Palace Hotel in Denver.

Asa Eslocker and a camera crew were attempting to film and talk to Democratic senators and VIP donors leaving a private meeting at the hotel as part of a nightly news series on the corporate lobbyists and wealthy donors at the Democratic National Convention. Police arrested Eslocker and charged him with trespassing, failure to follow a lawful order, and interference with a police officer.

Eslocker's attorneys said Thursday that their client is "innocent of all three crimes."

"He and his news crew were standing on public sidewalks covering an event of public significance and performing a press function protected by the First Amendment," said a statement issued today by Eslocker's attorneys, Daniel Recht and Steven Zansberg.

More here.

Spammers Bypass Filters With SWF File Redirects

Via SC Magazine US.

Spammers are stepping up their use of Shockwave Flash (SWF) file redirects to avoid detection, security researchers said this week.

Alex Eckelberry, president of Sunbelt Software, a security software provider, said the SWF files embed a barely visible box that pushes the installment of a trojan.

“Previously what they have done was have a direct link to the trojan,” Eckelberry told SCMagazineUS.com on Thursday. “But because those URLs are now blacklisted so rapidly, the spammers needed a way to bypass the filters. They use these little SWF files.”

Like other spammer ploys, the purpose of the SWF redirect is to trick users into installing malicious software.

More here.

Microsoft Warns of IE8 Lock-In With XP SP3

Gregg Keizer writes on ComputerWorld:

Microsoft Corp. yesterday warned users of Windows XP Service Pack 3 (SP3) that they won't be able to uninstall either the service pack or Internet Explorer 8 (IE8) under some circumstances.

The warning was reminiscent of one Microsoft made in May, when Windows XP SP3 had just been made available for downloading. At the time, the company told users they wouldn't be able to downgrade from IE7 to the older IE6 browser without uninstalling the service pack.

In a post to the IE blog today, Jane Maliouta, a Microsoft program manager, spelled out the newest situation, which affects users who downloaded and installed IE8 Beta 1 prior to updating Windows XP to SP3. If those users then upgrade IE8 to Beta 2, which Microsoft unveiled today, they will be stuck with both IE8 and Windows XP SP3.

A warning dialog will appear to alert users. "If you chose to continue, Windows XP SP3 and IE8 Beta 2 will become permanent," Maliouta said. "You will still be able to upgrade to later IE8 builds as they become available, but you won't be able to uninstall them."

More here.

Studies Find Websites Rife With Unpatched Vulnerabilities

William Jackson writes on GCN.com:

Although the overall number of vulnerabilities being discovered in software appears to be leveling off or even dropping, two recent reports on Web security say that the overwhelming majority of Web sites studied still have unpatched vulnerabilities that could expose visitors to malicious code.

“It’s part of a trend that has been going on since 2006,” Tom Stracener, senor security analyst at Cenzic’s Intelligent Analysis Lab, said of the focus on Web vulnerabilities. “There is a tremendous focus on it in the research community.”

According to a trend report for the second quarter of 2008 released this week by Cenzic, seven of 10 Web applications analyzed engaged in unsafe communications practices that could lead to exposure of sensitive information during transactions. Cross-site scripting is the most common injection flaw, with 60 percent of sites analyzed being vulnerable to the attacks. About 20 percent had SQL injection applications.

Meanwhile, WhiteHat Security reported similar findings released its fifth Web site Security Statistics Report this week, also covering the second quarter of the year. It reported that cross-site request forgery vulnerabilities are present in about 75 percent of Web sites.

More here.

Security Fix: Report Slams U.S. Host as Major Source of Badware

Brian Krebs writes on Security Fix:

Last week, I examined a series of Web services that make profiting from cyber crime a point-and-click exercise that even the most novice hackers can master. Today, I'd like to highlight the activities of Atrivo, a Concord, Calif., based network provider that hosts some of these services.

Several noted security researchers are releasing a report today that stems from many months of investigating malicious activity emanating from Atrivo's customers. Security experts say that Atrivo, also known as "Intercage," has long been a major source of spyware, adware, viruses and fake anti-virus products.

The report is an exhaustive and well-researched analysis of Atrivo and its operations. Some of the statistics on active exploits cited in that report come from data sets I commissioned during my own investigation of Atrivo and later shared with Jart Armin, the principal author of the report and curator of the blog hostexploit.com.

Looking back several years, Atrivo's various networks were used heavily by the Russian Business Network, an ISP formerly based in St. Petersburg, Russia. RBN had gained notoriety for providing Web hosting services catering exclusively to cyber criminals. But after increased media attention, RBN dispersed its operations to other, less conspicuous corners of the Internet.

More here.

U.K. Hacker Gary McKinnon Plays the Asperger's Card

Kevin Poulsen writes on Threat Level:

Admitted Pentagon hacker Gary McKinnon lost his appeal to the European Court of Human Rights on Thursday, and is expected to be on a plane to Virginia within three weeks. But -- surprise! -- he's now been diagnosed at 42 with Asperger's syndrome, and his lawyers are asking Home Secretary Jacqui Smith to keep him in London for medical reasons.

McKinnon is accused of breaching over 90 unclassified Pentagon and NASA systems in 2001 and 2002, and crashing some of them, causing $900,000 in damage.

More here.

UK: Hackers Prepare Supermarket Sweep

Via The BBC.

A BBC investigation has unearthed a plan hatching online to loot US bank accounts via the checkout systems.

Fake credit cards loaded with details from the accounts will be used to get cash or buy high value goods.

The supermarkets targeted said there was little chance the fraudsters would make significant gains with their plan.

With the help of computer security experts the BBC found a discussion on a card fraud website in which hi-tech thieves debated the best way to strip money from the US accounts.

The thieves claim to have comprehensive details of US credit and debit cards passed to them from an American gang who tapped phone lines between cash machines and banks.

More here.

Wednesday, August 27, 2008

Contractors Account For A Quarter Of U.S. Spy Operations

Greg Miller writes in The Los Angeles Times:

Private contractors account for more than one-quarter of the core workforce at U.S. intelligence agencies, according to newly released government figures that underscore how much of the nation's spying work has been outsourced since the Sept. 11 attacks.

The CIA and other spy agencies employ about 36,000 contractors in espionage-related jobs, in addition to approximately 100,000 full-time government workers, said Ronald Sanders, head of personnel for the U.S. intelligence community.

Contractors carry out missions including collecting intelligence in Iraq and Afghanistan as well as operating classified computer networks for the 16 spy agencies that make up the U.S. intelligence community.

Sanders said the number of contractors remained steady over the last year, after surging in the years following the Sept. 11 attacks.

More here.

Mark Fiore: Bible Thumper



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Enjoy!

- ferg

Quote of The Day: Dennis Kucinich

"They’re asking for another four years — in a just world, they’d get 10 to 20."

- A great line -- edited out of Rep. Dennis Kucinich's (D-Ohio) speech at the 2008 Democratic National Convention in Denver.

U.S. Judges Consider Whether FBI Violated Free Speech

A Reuters newswire article, via ABC News, reports that:

A panel of federal appeals court judges pushed a U.S. government lawyer on Wednesday to answer why FBI letters sent out to Internet service providers seeking information should remain secret.

A panel of three judges from the U.S. Second Circuit Court of Appeals heard arguments on whether a provision of the Patriot Act, which requires people who are formally contacted by the Federal Bureau of Investigation for information to keep it a secret, is constitutional.

The American Civil Liberties Union filed suit in 2004 on behalf of an undisclosed Internet service provider against the U.S. government challenging the so-called National Security Letters (NSL) as well as gag orders placed on the recipients.

The appeals courts on Wednesday questioned a lawyer representing the U.S. government on whether the FBI violated free speech rights in placing the gag orders.

More here.

MSN Norway Serving Flash Exploits Via Malvertising

Dancho Danchev writes on the ZDNet "Zero Day" Blog:

Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs.

The recent wave of malvertising that also targeted Digg, MSNBC and Newsweek, is very similar to the malvertising campaigns that took place in February which were targeting popular sites as Expedia, Excite, Rhapsody and MySpace. The only thing the malvertisers keep changing are the fake security software domains that they push through their campaigns.

More here.

Corrupt File Brought Down FAAs Antiquated IT System

Chris Preimesberger writes on eWeek:

The FAA (Federal Aviation Administration's) flight plan IT network, which went down for about two-and-a-half hours Aug. 26 and fouled up the takeoff plans of thousands of travelers in more than 40 airports across the country, was back up and running Aug. 27.

IT staff were still troubleshooting it today in Hampton, Ga., where the agency's primary data center is located.

But for how much longer is it going to be running? The FAA's antiquated system consists of two 20-year-old redundant mainframe configurations -- the primary one in Georgia, the backup in Utah -- that apparently are hanging on for dear life until the reinforcements arrive in the form of a new, state-of-the-art system this winter.

More here.

Taiwan Cracks Major Hacking Ring, Data on President Stolen

An AFP newswire article, via PhysOrg.com, reports that:

Police in Taiwan have arrested six people suspected of stealing personal data from state firms, including information about the island's current and former presidents, officials said Wednesday.

An official at Taiwan's Criminal Investigation Bureau said the hackers had tapped into data held by government agencies, state-run firms, telecom companies and a television shopping network.

He called it the biggest hacking operation of its kind in Taiwan.

The suspects are believed to have stolen more than 50 million records of personal data, including information about President Ma Ying-jeou, his predecessor Chen Shui-bian and police chief Wang Cho-chiun, the official said.

They then offered to sell the information for 300 Taiwan dollars (10$US) per entry, he said.

The hackers, based in Taiwan and China, also swindled victims out of millions of Taiwan dollars through their online bank accounts, he said.

They will face up to five years in prison on charges of hacking and fraud.

More here.

Russian Hackers Hit Warwick Valley Telephone

Matt King writes in The Time Herald-Record:

A Russian criminal syndicate has been trying to hack into Warwick Valley Telephone's Internet service for weeks, resulting in several service interruptions and, for some users, the complete destruction of their e-mail accounts.

"For three weeks, on an hourly basis, Russians were trying to hack into our e-mails," WVT President Duane Albro said Tuesday. "They were successful five times and we had to shut them down."

It might sound fantastical, but Internet security experts said the Russian criminal element is constantly attacking companies in an effort to extort them. The idea is to take control of a network and demand payment to give it back.

More here.

Hat-tip: SecureWorks

Tuesday, August 26, 2008

Quote of The Day: Stacy Bernards

"I'm sure Mr. Hoyer didn't even know who the [party] sponsor was."

- Stacy Bernards, spokesperson for House Majority Leader Steny Hoyer (D-Md.), on Representative Hoyer's attendance at a lavish AT&T party in Denver while in attendance at the Democratic National Convention. In June, Mr. Hoyer led in crafting a compromise bill that shielded telecommunications companies from lawsuits arising from the government's terrorism-era warrantless eavesdropping.

A New Breed Of Hackers Tracks Online Acts of War

Kim Hart writes in The Washington Post:

Here in the Citizen Lab at the University of Toronto, a new breed of hackers is conducting digital espionage.

They are among a growing number of investigators who monitor how traffic is routed through countries, where Web sites are blocked and why it's all happening. Now they are turning their scrutiny to a new weapon of international warfare: cyber attacks.

Tracking wars isn't what many of the researchers, who call themselves "hacktivists," set out to do. Many began intending to help residents in countries that censor online content. But as the Internet has evolved, so has their mission.

Ronald J. Deibert, director of the Citizen Lab, calls the organization a "global civil society counterintelligence agency" and refers to the lab as the "NSA of operations."

More here.

FBI Blames Phone Flap on Miscommunication

Ben Conery writes in The Washington Times:

The FBI's top lawyer said miscommunication - not malevolence - led the bureau in 2004 to improperly obtain the telephone records of newspaper reporters writing about Islamic terrorism in Indonesia.

Valerie E. Caproni, the FBI's general counsel, told The Washington Times in an interview that her explanation was based on a preliminary review of e-mails sent among agents at the time.

It was the first time an FBI official described any circumstances surrounding the situation, though the explanation seems unlikely to sway critics.

A more definitive account of the situation is expected to be included in a forthcoming report from the Justice Department's Inspector General (IG) into the use of so-called "exigent letters."

The FBI used such letters to request telephone toll-billing records and subscriber information, but not the content of the calls. The letters sent to the phone companies simply stated the information was being requested because of an emergency.

"Exigent letters" are similar to the controversial National Security Letters (NSLs), which allow agents to gather certain information without normal judicial oversight.

More here.

BGP: The Internet's Biggest Security Hole

Kim Zetter writes on Threat Level:

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.

The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network.

Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can't always vacuum in traffic within a network -- say, from one AT&T customer to another.

More here and here.

Attackers Targeting Linux Infrastructures With Rootkit to Steal SSH Keys

Brian Prince writes on eWeek:

Hackers are launching attacks against Linux-based computing infrastructures using compromised SSH keys and installing rootkits, according to a warning by the U.S. Computer Emergency Readiness Team (US-CERT).

According to US-CERT, the attack uses stolen SSH keys to access a system, and then local kernel exploits to gain root access. At that point, a rootkit known as phalanx2 is installed.

“Phalanx2 appears to be a derivative of an older rootkit named phalanx,” the US-CERT advisory reads. “Phalanx2 and the support scripts within the rootkit are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.”

The attacks could be related to a flaw that was discovered earlier this year in the random number generator in Debian's OpenSSL package. The flaw makes cryptographic material guessable.

More here.

Estonia Hosts Georgian Websites to Halt Hackers

An AP newswire article, via SFGate.com, reports that:

The government of Estonia is temporarily hosting the Web sites of Georgia's central bank and Foreign Ministry to try to protect them from cyber attacks, officials said Tuesday.

Georgia has transferred key Web sites to servers in other countries, including Poland and France, after some came under attack following the outbreak of war with Russia, the state-run Estonian Informatics Center said.

"This is a way to help Georgia make their Web pages visible to the world," said Katrin Pargmae, a spokeswoman for the Estonian center. Estonia is also hosting a Georgian English-language news portal.

Estonia has experience coping with similar attacks: Its government and private sector Web sites were targeted in May 2007, just days after the Baltic state decided to relocate a Soviet war memorial and grave, angering Estonia's ethnic Russian minority and neighboring Russia.

More here.

Virus Infects Space Station Laptops (Again)

Ryan Singel writes on Threat Level:

Viruses intended to steal passwords and send them to a remote server infected laptops in the International Space Station in July, NASA confirmed Tuesday.

And according to NASA, this wasn't the first infection.

"This is not the first time we have had a worm or a virus," NASA spokesman Kelly Humphries said. "It's not a frequent occurrence, but this isn't the first time."

That suggests that even in the future where space travel becomes an experience to complain about, rather than get dressed up for, computer viruses will still be tagging along uninvited.

NASA declined to name the virus, but SpaceDef.com, which broke the story, reported that the worm was W32.Gammima.AG worm - a worm first detected in August 2007 that installs software that steals credentials for online games.

More here.

Laptop Sold on eBay Exposes 1M Bank Customer Details

A Reuters newswire article, via eWeek, reports that:

Account holders' personal details have been found on a computer sold on eBay, banks said on Tuesday, adding to fears over data security.

Media reports said details of more than a million customers of Royal Bank of Scotland, American Express and NatWest were found on the computer sold for 35 pounds on the auction and shopping website.

RBS said the information included historical data related to credit card applications and data from other banks, but would not disclose further details.

The Daily Mail said names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures had been left on the hard drive.

The information was being held by archiving firm Graphic Data, which copies paperwork from some of Britain's biggest financial organisations and stores it digitally.

More here.

Public, Private Sectors at Odds Over Cyber Security

Joseph Menn writes in The Los Angeles Times:

Three very big and very different computer security breaches that have dominated recent headlines did more than show how badly the Internet needs major repairs. They also exposed the huge rift between corporate America and the federal government over who should fix it, cyber-security experts say.

In the last few months, law enforcement officials cracked an international ring that tapped customer databases and trafficked in tens of millions of credit card numbers; a researcher uncovered a major flaw that permits hackers to steer some Web surfers to fake versions of popular websites filled with malicious software; and computer assaults, which some researchers said they had traced back to Russia's state-run telecommunications firms, crippled websites belonging to the country of Georgia.

Yet the episodes did little to boost cyber security higher on the agendas of the federal government or the two major presidential candidates.

"Nothing is happening," said Jerry Dixon, the former director of the National Cyber Security Division at the Department of Homeland Security. "This has got to be in the top five national security priorities."

Dixon is just one of hundreds of technology executives and experts who have been saying for years that Washington needs to do much more to protect consumers, businesses and the government itself from attacks by criminal hackers and those supported by rival nations.

The government has largely argued that the private sector is better suited to tackle the broader problem.

More here.

Monday, August 25, 2008

Best Western: 1 Hotel, 1 Log-On, 10 Customers

Via Pogo Was Right.

This statement is intended to provide further detail on the largely erroneous story originated by The Sunday Herald newspaper in Scotland, concerning the breach of Best Western's Central Reservations System.

We can confirm that on August 21, 2008, three separate attempts were made via a single log-on ID to access the same data from a single hotel. The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel's anti-virus software. The compromised log-in ID permitted access to reservations data for that property only. The log-in ID was immediately terminated, and the computer in question has been removed from use.

We can also confirm that we have been able to narrow down the number of customers affected by this breach to ten. We are currently contacting those customers and offering assistance as needed.

We are working with the FBI and international authorities to investigate further.

Points of note:

  • The compromised user ID permitted access only to the reservations at a single hotel, and there is no evidence of unauthorized access to data for any other Best Western hotel.
  • Best Western purges reservations data within seven days of guest departure, thereby limiting potential data exposure to (1) guests who departed up to one week prior to the exposure; (2) current guests; and (3) future guests of that particular hotel.
  • There is no evidence of any unauthorized access to any other customer data.


More here.

Phishers Bite Back With Malware Exploits

Brian Prince writes on eWeek:

Criticize the people behind the Asprox botnet, and they take it personal – so much so that they will bombard you with malware, according to a report by SecureWorks.

The botnet, now at least 50,000-strong with bots, is sending out phishing emails posing as messages from banks in the U.S. and U.K. The links inside the email lead to a page with a phishing form that reacts to both incomplete forms and forms containing certain keywords, including profanity or the word "phish." If users who filled out the form improperly click on the “confirm” button, their computers are assaulted with malware in retaliation.

Interestingly, the botnet does not seem to infect people merely for clicking on the link in the email, and if the form appears to be filled out with legitimate log-in data the phishers can steal the victim is re-directed to the main page of their banking Web site, according to SecureWorks.

Those who fill it out with illegitimate data however are hit with a number of exploits targeting vulnerabilities in Microsoft Windows.

More here.

U.S. Terror Watchlist 'Upgrade' is 'Imploding'

Julian Sanchez writes on ARS Technica:

The database used to produce the government's terror watch lists is "crippled by technical flaws," according to the chairman of a House technology oversight subcommittee—and the system designed to replace it may be even worse.

In a letter to the inspector general at the Office of the Director of National Intelligence last week, Rep. Brad Miller (D-NC) complained that the National Counterterrorism Center's "Railhead" initiative, designed to upgrade the government's master database of suspected terrorists, "if actually deployed will leave our country more vulnerable than the existing yet flawed system in operation today."

Miller, who chairs the Investigations and Oversight Subcommittee of the House Science and Technology Committee, cited "severe technical troubles, poor contractor management, and weak government oversight," which he said had brought the Railhead program to the "verge of collapse."

More here.

Sunday, August 24, 2008

U.S. General: Recent Cyber Attacks Serve as Lesson

Via DefenseLink News.

Recent cyber attacks against government information systems overseas should serve as a lesson that the United States needs to continue to strengthen its defenses against those who would target the country’s financial, business and military systems, the commander of U.S. Northern Command said today.

Appearing on C-Span’s “Newsmakers,” Air Force Gen. Victor E. Renuart Jr., who leads both NorthCom and North American Aerospace Defense Command, cited recent cyber attacks against the former Soviet republic of Georgia in which government Web sites were intermittently knocked offline, as well as last year’s cyber attacks against government computer systems in the Baltic nation of Estonia.

“We need to ensure that we learn the lessons of those two events, and that we continue to strengthen an integrated process to defend ourselves against these kinds of intrusion,” Renuart said.

Since early this month, hackers have attacked Georgian servers and Web sites, forcing the government to relocate the sites to other servers. Some sites were defaced, while others were simply rendered unavailable.

The general said NorthCom relies on space- and land-based sensors to identify threats, and that intrusions into its computer networks could disrupt the command’s ability to provide warning of an attack.

More here.