Saturday, October 04, 2008

Toon of The Day: Reckless Driver

Via: Chip Bok, Akron Beacon Journal /

Homeland Security Seeks 'Cyber Counterattack' System


First, there was "Einstein," the federal government's effort to protect itself from cyber attacks by limiting the number of portals to government computer systems and searching for signs of cyber tampering.

Then Einstein 2.0, a system now being tested to detect computer intrusions as they happen.

And in the future? Perhaps Einstein 3.0, which would give the government the ability to fight back.

Homeland Security Secretary Michael Chertoff on Friday said he'd like to see a government computer infrastructure that could look for early indications of computer skullduggery and stop it before it happens.

The system "would literally, like an anti-aircraft weapon, shoot down an attack before it hits its target," he said. "And that's what we call Einstein 3.0."

At a meeting with reporters to highlight National Cyber Security Month, Chertoff reiterated his belief that the government should aggressively defend its computer systems, saying that terrorists, if they gain expertise already available to others, would "cause potentially very serious havoc" to government systems.

More here.

Deutsche Telekom Says Data From 17 Million Customers Was Stolen

Via Deutsche Welle.

Deutsche Telekom has confirmed that personal information from 17 million of its mobile phone customers was stolen in 2006, including secret telephone numbers of high-profile politicians and celebrities.

Deutsche Telekom said the stolen data includes customer mobile phone numbers, addresses, dates of birth and, in some cases, email addresses. Bank information or credit card numbers were not accessed, said the Bonn-based firm.

There has reportedly been no indication that the data has been misused, though the Telekom said "extreme criminal energy" was behind the theft.

German newsmagazine Spiegel reported on Saturday, Oct. 4, that is had obtained access to the missing information via a third party. The news apparently came as a surprise to Deutsche Telekom, where the case was considered closed.

More here.

Hat-tip: Pogo Was Right

Quote of The Day: Gary Warner

"Has the current economic crisis caused you personal debt problems? As a cybercrime researcher I'd like to make one recommendation. If you need help with your debt, please DO NOT turn to Russian spammers who use Chinese domain name registrars to create domains they claim to host in Panama."

- Gary Warner, writing on the "Cyber Crime and Doing Time" Blog.

Counterfeit, Defective Computer Components From China Getting Into U.S. Warplanes and Ships

Brian Grow, Chi-Chu Tschang, Cliff Edwards and Brian Burnsed write in

The American military faces a growing threat of potentially fatal equipment failure—and even foreign espionage—because of counterfeit computer components used in warplanes, ships, and communication networks. Fake microchips flow from unruly bazaars in rural China to dubious kitchen-table brokers in the U.S. and into complex weapons.

Senior Pentagon officials publicly play down the danger, but government documents, as well as interviews with insiders, suggest possible connections between phony parts and breakdowns.

More here.

Friday, October 03, 2008

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Oct. 3, 2008, at least 4,177 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,382 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is one fewer than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, Oct. 3, 2008, at least 539 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EDT.

Of those, the military reports 389 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Toon of The Day: Suspended Campaign

By: Steve Kelley, The Times Picayune.

IDC: IT Security is 'Hindering Innovation'

Ross O. Storey writes on Computerworld UK:

Organisations are struggling to strike the right balance between driving new innovations to market and instituting effective IT security practices, according to new research by research group IDC.

Commissioned by RSA, the Security Division of EMC, the research has found that IT security risk is impeding business innovation. Information security concerns have caused 80 percent of those surveyed, to back away from new innovation opportunities.

IDC also found that although 80 percent of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation, only 44 percent of security leaders believe they are being measured on their contributions to innovation.

This finding points to a surprising lack of alignment between the expectations of C-level management and the priorities of security professionals.

More here.

U.S. Government Cracks Down On Online Disaster Scammers

Thomas Claburn writes on InformationWeek:

More than 900 people who aimed to defraud disaster victims and their would-be benefactors have been swept up in a storm of litigation.

On Wednesday, the Hurricane Katrina Task Force, set up in September 2005 to fight disaster-related fraud, said that it had filed federal charges against 907 individuals in 43 federal judicial districts since its inception.

One case brought by the Hurricane Katrina Task force last November resulted in sentences of more than 8 and 9 years for two brothers who operated a Web site that fraudulently claimed to be collecting money for Hurricane Katrina victims on behalf of the Salvation Army. According to the Department of Justice, the two brothers registered "" on Sept. 3, 2005, less than a week after Hurricane Katrina swept through New Orleans. Their Web site directed visitors to donate through PayPal and the brothers collected over $48,000 for victims of Hurricane Katrina, and later Hurricane Rita, before authorities shut the scam down.

More here.

Two Europeans Charged in U.S. Over DDoS Attacks

Jeremy Kirk writes on PC World:

Two European men have been indicted for allegedly orchestrating cyberattacks against two Web sites, a continuation of the first successful U.S. investigation ever into distributed denial-of-service attacks, according to the U.S. Department of Justice.

One of the men, Axel Gembe, 25, of Germany, is believed to be the programmer behind Agobot, a well-known malicious software program used to create a botnet or network of compromised PCs.

Gembe and 24-year-old Lee Graham Walker of Bleys Bolton, England, were indicted Thursday by a grand jury in Los Angeles, California, on one count of conspiracy and one count of intentionally damaging a computer system.

The two men were allegedly hired by Jay R. Echouafni, owner of Orbit Communication, a Massachusetts-based company that sold home satellite systems, to carry out DDOS attacks. Those attacks were directed at the public Web sites of two of Orbit's competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles.

More here.

Thursday, October 02, 2008

'Mafiaboy' Writes Book About Shutting Down The Internet

Via The National Post (Canwest).

The country's most notorious hacker, Mafiaboy, has written a tell-all book about his Internet attack of 2000 when he paralyzed the Web sites of CNN, Yahoo, eBay and other businesses for several hours.

The book, Mafiaboy: How I Cracked the Internet and Why It's Still Broken, is expected to hit bookshelves next week. In it, the infamous hacker, now 23, explains that he was not a computer whiz kid but quickly gained knowledge of computers and got to know other young hackers.

"I felt a strange kinship with these nameless, faceless programmers and online rebels," he writes in an excerpt made available by the publisher. "To me, they were the coolest kids in cyberspace. I wanted to hang with them. I wanted to be a hacker."

The book, co-written with Montreal journalist Craig Silverman, is billed as "a cautionary tale." After a manhunt, the RCMP and FBI apprehended the then-15-year-old student. He pleaded guilty to more than 50 charges.

More here.

Researcher Finds Evidence of Massive Site Compromise

Gregg Keizer writes on ComputerWorld:

Several criminal gangs have acquired administrative log-in credentials for more than 200,000 Web sites -- including the one used by the U.S. Postal Service -- and have used the compromised domains to attack unsuspecting users' PCs with a notorious hacker exploit kit, a researcher said today.

More than a month ago, Ian Amit, director of security research at Aladdin Knowledge Systems Inc., found and infiltrated a server belonging to a long-time customer of Neosploit, a hacker toolkit used by cybercriminals to launch exploits against browsers and popular Web software such as Apple Inc.'s QuickTime or Adobe Systems Inc.'s Adobe Reader.

On that server, Amit uncovered logs showing that two or three hacker gangs had contributed to a massive pool of Web site usernames and passwords. "We have counted more than 208,000 unique site credentials on the server," said Amit, "and over 80,000 had been modified with malicious content."

The site credentials were not the ends, but only the means. The 80,000 modified sites were used as attack launch pads: Each served up exploit code provided by the Neosploit kit to any visitor running a Windows system that had not been fully patched.

By examining the server logs, Amit was able to identify the sites whose log-ins had been compromised; he is now working with law enforcement agencies in both the U.S. and overseas, as well as with organizations like US-CERT, to tell site operators they need to change their administrative passwords, purge the malicious code and secure their sites.

More here.

More Classic xkcd: Flash Games

Click for larger image.

We love xkcd.


- ferg

California Governor Signs Off On New Protections for Free Speech

Via The EFF.

California Governor Arnold Schwarzenegger yesterday signed Assembly Bill 2433 and filled a significant gap in protection for anonymous speech online. Authored by Assemblymember Paul Krekorian and co-sponsored by EFF, the California Anti-SLAPP Project and the California Newspaper Publishers Association, the new law allows speakers who successfully oppose the use of bogus out-of-state litigation to obtain their identities to recover attorneys' fees. Assemblymembers Sally Lieber and Anthony Portantino co-authored the bill.

One of the most pernicious threats to anonymity is the filing of trumped-up lawsuits as an excuse to force ISPs to reveal speakers’ identities. Once such a lawsuit is filed, speakers who want to protect their anonymity must find a way to pay a lawyer to go to court and prevent disclosure of their personal information. That can be a real hardship—in fact, even the threat of having to go to court may discourage many people from speaking out in the first place.

More here.

Politics: Ready To Be Vice President

Via Talking Points Memo.

- ferg

UK Police Probe eBay Sale of MI6 Camera

Via Reuters.

Hertfordshire Special Branch is investigating how a camera holding sensitive information about al Qaeda suspects came to be lost by an MI6 agent, police said on Tuesday.

Media reports said the Nikon digital camera was put up for sale on Internet trading site eBay and sold for just 17 pounds ($30).

Its memory had names of al Qaeda members, fingerprints and suspects' academic records as well as pictures of rocket launchers and missiles, the Sun newspaper reported.

"We can confirm we seized a camera after a member of the public reported it," said a statement by police in Hertfordshire after the camera was handed into Hemel Hempstead police station.

"Intelligence officers are investigating," the statement added.

The Foreign Office confirmed the police investigation, but declined to comment further.

More here.

UK: Spies Take War On Terror Into Cyberspace

Kim Sengupta writes on The Independent:

Britain's security agencies are fighting a covert war in cyberspace against extremist Islamist internet sites as part of a new anti-terrorist strategy, senior Whitehall officials have revealed.

As well running its own sites, the Government gives material support to groups that monitor and combat jihadist material on the web in an attempt to prevent indoctrination of young Muslims. The scheme is part of measures being introduced at a time when the threat level is described as being "at the severe end of severe", with, officials say, extremist groups determinedly attempting new attacks.

The Office for Security and Counter Terrorism (OSCT), recently set up to co-ordinate operations against al-Qa'ida and its supporters, has been tasked with proactive action to disrupt terrorist networks as well as carrying out a "hearts and minds" campaign within Britain's Muslim population.

More here.

Americans Confused As Ever Over Cyber Security

Roy Mark writes on eWeek:

Most American computer users are aware of the dangers of cruising the Internet with the security windows down and they are taking precautions, or at least think they are. The numbers, though, say otherwise.

For instance, according to a study [.pdf] released Oct. 2, more than 80 percent of American computer users claim to have a firewall installed on their systems but, in fact, only 42 percent had adequate firewall protection. The study, conducted by the NCSA (National Cyber Security Alliance) and Symantec, combined polling and computer checkups performed by Symantec's PC Help by Norton.

"We must redouble our efforts to ensure that Americans know how to use all of the tools necessary to protect their computers, themselves and their families from harm, NCSA Executive Director Michael Kaiser said at a National Press Club morning conference. "Too often, cyber security has been made to seem complicated and inaccessible. Staying safe online appears daunting for users."

The NCSA/Symantec study was released to coincide with National Cyber Security Month, an annual education and public awareness campaign focusing on cyber security. The effort enjoys the support of the DHS (Department of Homeland Security), Symantec, McAfee, Cisco and Microsoft.

More here.

U.S. Military to Get Advanced Satellite Modems

Via UPI.

The U.S. Defense Department has contracted ViaSat Inc. for the company's satellite modem technology to support the military's communication requirements.

Under the $25 million contract, ViaSat will supply the military with its LinkWayS2 modems that will be used to support high-speed bandwidth on-demand communications.

Company officials say the LinkWayS2 system can connect terminals directly to each other and also to multiple sites without a relay hub.

More here.

Forever 21: PCI Auditor Missed 5-Year-Old Transaction Data

Evan Schuman writes on StorefrontBacktalk:

As more details drip out from Forever 21's data breach of almost 100,000 payment cards, the chain now says it had been certified PCI compliant, despite having stored complete card information from as far back as 2003.

"The files were inadvertently retained within other data files and this was not uncovered by the assessor," a statement from the chain said. (Our story from last week has been updated with the new information, along with a link to the earlier report of the breach.)

This is proving to be a frightening trend, with retailers believing they are compliant and much later on discovering various pockets of forbidden data scattered through their network.

More here.

UK: Palmtop Computer Stolen From Open Window in MI5 Hideout

Joanna Sugden writes in The Times Online:

A handheld computer containing secret intelligence documents about terrorism has been stolen through the open window of an MI5 hideout, in a fresh data embarrassment.

A burglar who climbed into the property in Greater Manchester on Sunday night got away with the terminal which contained highly sensitive information about national security.

The house was being rented by the national intelligence service but the device was encrypted, so a security breach is thought unlikely.

More here.

Cyber Gang Moles Steal Company Data

Dan Raywood writes on SC Magazine US:

Criminal gangs have been placing staff members in companies to operate as moles, an internet security expert said this week.

In a podcast interview, Peter Wood, member of the ISACA Conference Committee and founder of First Base Technologies, claimed that placing moles is common.

Wood said: “Some people in the banking community have quietly and anonymously said to me over the last year that they have found employees who have been placed in their company by criminal gangs and they have been operating as moles over that period."

Wood said companies often make the mistake of storing sensitive and confidential data in one place, which makes it very easy for criminals to act.

More here.

U.S. Cyber Security Shake Up Would Give White House More Control

John Leyden writes on The Register:

A bill that would see the White House take more involvement and control in leading US cybersecurity efforts has been tabled before Congress. The move follows recent criticism of the Department of Homeland Security (DHS).

The latest DHS authorization bill [.pdf] turns the director of National Cyber Security Center (NCSC) into a presidential appointment. The bill, which allocates a budget of $30m to the DHS over the next financial year, also incorporates provisions for the NCSC director to report directly to the president on key strategies, such as securing the country's critical infrastructure from attack and inter-agency strategy.

Silicon Valley businessman Rod Beckström was appointed as the NCSC director by DHS Secretary Michael Chertoff back in March. Cybersecurity efforts at the DHS - which include running a computer emergency response team as well as the newly-created NCSC - are led on a day to day basis by under secretary Robert Jamison.

The provision of the bill will please critics of the DHS who have called for increased presidential involvement in directing US cybersecurity efforts, some of who have described the DHS as "rudderless".

More here.

Judge Suppresses Report on Voting Machine Security

Andrew Appel writes on Freedom to Tinker:

A judge of the New Jersey Superior Court has prohibited the scheduled release of a report on the security and accuracy of the Sequoia AVC Advantage voting machine. Last June, Judge Linda Feinberg ordered Sequoia Voting Systems to turn over its source code to me (serving as an expert witness, assisted by a team of computer scientists) for a thorough examination. At that time she also ordered that we could publish our report 30 days after delivering it to the Court--which should have been today.

Three weeks after we delivered the report, on September 24th Judge Feinberg ordered us not to release it. This is part of a lawsuit filed by the Rutgers Constitutional Litigation Clinic, seeking to decommission of all of New Jersey's voting computers. New Jersey mostly uses Sequoia AVC Advantage direct-recording electronic (DRE) models. None of those DREs can be audited: they do not produce a voter verified paper ballot that permit each voter to create a durable paper record of her electoral choices before casting her ballot electronically on a DRE. The legal basis for the lawsuit is quite simple: because there is no way to know whether the DRE voting computer is actually counting votes as cast, there is no proof that the voting computers comply with the constitution or with statutory law that require that all votes be counted as cast.

More here.

Wednesday, October 01, 2008

Mark Fiore: John McCain's Fireside Chat

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Quote of The Day: Brian Wingfield and Joshua Zumbrun

"Only in Washington could a $700 billion financial rescue package get $110 billion bigger to protect taxpayers."

- Brian Wingfield and Joshua Zumbrun, writing on, regarding the massive rip-off being perpetrated on Capitol Hill.

Domestic Satellite-Surveillance Program to Begin Despite Privacy Concerns

Siobhan Gorman writes in The Wall Street Journal:

The Department of Homeland Security will proceed with the first phase of a controversial satellite-surveillance program, even though an independent review found the department hasn't yet ensured the program will comply with privacy laws.

Congress provided partial funding for the program in a little-debated $634 billion spending measure that will fund the government until early March. For the past year, the Bush administration had been fighting Democratic lawmakers over the spy program, known as the National Applications Office.

The program is designed to provide federal, state and local officials with extensive access to spy-satellite imagery -- but no eavesdropping -- to assist with emergency response and other domestic-security needs, such as identifying where ports or border areas are vulnerable to terrorism.

Since the department proposed the program a year ago, several Democratic lawmakers have said that turning the spy lens on America could violate Americans' privacy and civil liberties unless adequate safeguards were required.

More here.

Surveillance of Skype Messages Found in China

John Markoff writes in The New York Times:

A group of Canadian human-rights activists and computer security researchers has discovered [.pdf] a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words.

The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service.

The discovery draws more attention to the Chinese government’s Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more “Internet police” monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China.

The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words.

More here.

ICANN: Breach of Contract Notices Sent to and


ICANN has sent breach notices to two ICANN-accredited registrars, Beijing Innovative Linkage Technology Ltd., doing business as and, on 30 September 2008.

These registrars failed to comply with Section 3.7.8 of the Registrar Accreditation Agreement (RAA) which requires registrars to take "reasonable steps to investigate" Whois inaccuracy claims.

Section 3.7.8 of the RAA requires registrars, "…upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate the claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."

In November 2007, ICANN audited registrar compliance with the investigation of Whois inaccuracy claims filed through ICANN's Whois Data Problem Report System (WDPRS). The audit analyzes the complaints as well as complainant follow-up correspondence indicating "no change" to Whois data 45 days after the claim is filed. Registrars that appear to take no action in response to a significant percentage of WDPRS complaints are sent a Notice of Concern that request they provide ICANN with details regarding the steps taken to investigate the claimed Whois inaccuracies - as required by Section 3.7.8 of the RAA.

On 29 May 2008, ICANN sent and Notices of Concern. Both subsequently assured ICANN that they were investigating Whois inaccuracy claims and had suitable processes in place to do so. However, ICANN found compelling evidence leading to a conclusion that both and do not appear to be taking reasonable steps to investigate these claims as required.

Accordingly, on 30 September 2008 ICANN sent and notices of breach of contract. To avoid the commencement of the termination process, and must cure the cited breaches within 15 days. ICANN will pursue all remedies available under the terms of the RAA, including possible termination, if and fail to cure the cited breaches. has over 300,000 domain names under management and has over 600,000 domain names under management.

More here.

U.S. Naval Research Lab SysAdmin Steals Almost 20,000 Pieces of Computer Gear

Via the NetworkWorld "Layer 8" Blog.

Now this is some serious computer theft. We're talking 19,709 pieces of stolen computer equipment from the US Naval Research Laboratory in Washington, DC. The theft included everything from PCs and printer toner to hard drives, software and other office equipment amounting to over $120,000 according to court documents and published reports.

The systems administrator, Victor Papagno plead guilty in federal court today to stealing the items in a period between 1997 and 2007 to benefit Papagno and his friends, reports said.

He took so much stuff that he stored some of it in neighbors' houses, according to a local news outlet. That report indicated that no secret technological information had been taken but that private information from 14 employees and contractors who worked at the laboratory from 1998 to 2002 had been found on CDs or zip drives, and those people were contacted, the agency said.

More here.

Myanmar On The Cyber-Offensive

Brian McCartan writes in The Asia Times Online:

The distributed denial of service attacks, or DDoS, that hit and disabled several exile media websites between September 17 to 19, are widely held to be the latest attempt by Myanmar's military regime to silence its legion of critics.

The cyber-attacks, which flood a website with information requests which block regular traffic and eventually overload and crash it, coincided with the run-up to last year's "Saffron" revolution, in which soldiers opened fire and killed Buddhist monks and anti-government demonstrators. But the junta's cyber-warfare specialists appear to have wider designs than just censoring an uncomfortable anniversary and they are receiving plenty of foreign assistance in upgrading their political dissent-quashing capabilities.

The Defense Services Computer Directorate (DSCD) was set up by the War Office in around 1990, originally with the aim of modernizing the military's communications and administration systems. By the mid-1990s, however, the center had become much more focused on Information Warfare operations, according to a signals intelligence expert who spoke with Asia Times Online.

More here.

Movement by Estdomains/Esthosts

Via Spyware Sucks.

Before: A - ZAO Petersburg Transit Telecom (PTT), Russia (AS31353) A - Ecatel LTD, Amsterdam (AS29073) NS NS NS NS NS NS NS NS A - Ecatel LTD, Amsterdam (AS29073) *C* NS NS NS NS

After: A - ZAO Petersburg Transit Telecom (PTT), Russia (AS31353) A - Agava JSC, Russia (AS39561) (Reverse IP reveals connection with NS NS NS NS A - Ecatel LTD, Amsterdam (AS29073) MX 10 - Cernel NS NS NS NS NS NS (Cernel) - IP sharing A record with,,,,,,

More here.

UK Banking Fraud Losses Rise To £301.7M

John Leyden writes on The Register:

UK banking losses due to fraud in the first half of 2008 hit £301.7m compared to £263.6m in the same period last year, according to the latest figures from UK banking association APACS.

Fraud abroad made up 40 per cent of total card fraud losses reaching £121.2m in the period, up 11 per cent of the £108.8m lost last year. That loss was through tactics such as the use of counterfeit plastic cards with stolen PINs on machines overseas that only check magnetic strips, not chips.

Card-not-present fraud (a category that includes ecommerce fraud as well as phone and mail order scams) also rose 18 per cent to reach £161.9m for the first six months of 2008, according to APACS stats published on Wednesday. This type of fraud has trebled - up 207 per cent - since 2001 but over the same six month period ecommerce transactions increased 415 per cent; so these particular figures, although hardly encouraging, are not quite as bad as they might first appear.

More here.

ICANN Faces Questions Over Accountability, Control

Grant Gross writes on ComputerWorld:

ICANN needs to take steps to ensure it cannot be taken over by governments and other outside entities, and it needs to create more ways to be held accountable to Internet users, constituents of the nonprofit organization said today.

The Internet Corporation for Assigned Names and Numbers, the organization overseeing the Web's top-level domain naming system, heard several concerns during a meeting focused on improving confidence in ICANN. But concerns about outside takeover of the organization and critiques of ICANN's transparency came up several times during the Washington meeting.

An oversight agreement between the U.S. government and ICANN expires in a year, and ICANN officials say they don't plan to sign a new agreement. But in recent years, representatives of several other countries have called for an international organization to oversee the 10-year-old ICANN.

More here.

Finnish Researchers Warn Against Critical TCP/IP Flaw

A WebWereld Netherlands article by Brenno de Winter, via PC World Australia, reports that:

Researchers at Finnish security firm Outpost 24 claim to have discovered a flaw in the Internet Protocol that can disrupt any computer or server. After keeping the flaw quiet for years, the researchers hope that going public will help accelerate the creation of a solution.

The flaw allows attackers to cripple computers and servers by sending a few specially formed TCP/IP packets. The result can be compared to a denial of service attack, in which networks are flooded with traffic. But in the case of the newly revealed flaw, only a minimum of traffic is required. "We're talking 10 packets per second to take down one service," Jack Lewis, a senior researcher with Outpost24 told Webwereld, an IDG affiliate.

More here.

Kevin Mitnick Detained, Released After Colombia Trip

Kevin Mitnick

Elinor Mills writes on C|Net News:

Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate--that is, until he returned from a trip to Colombia two weeks ago.

After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.

The simultaneous incidents gave Mitnick deja vu of his days as a fugitive pursued by the FBI for breaking into computer networks, only this time, he hadn't broken any laws.

"There was uncertainty, fear, and panic because I didn't know what was going on, and I didn't do anything wrong," he said in a recent telephone interview with CNET News. "In my mind, I thought I was being set up for something."

More here.

Tuesday, September 30, 2008

U.S. Military Needs Hackers, StratCom Chief Says

William H. McMichael writes on

Uncle Sam is looking for a few good computer hackers.

The U.S. military needs a two-edged cyber capability that can not only defend its .mil and .smil domains from outside attacks but, if necessary, launch cyber attacks against intruders. To do that, the individual services need to recruit and train more cyber-qualified personnel, Air Force Gen. Kevin Chilton, chief the U.S. Strategic Command, said today.

The military is dependent on its .mil and .smil domains for everything from e-mail exchanges to employment of its nuclear arsenal. StratCom’s vast portfolio includes operating and defending those domains.

The importance, Chilton said, is self-evident.

“On your worst day, you want to be able to make sure that the military network still works so that you can effect either the defense of the United States ... or an offensive action, should they be required,” Chilton said in a meeting with Military Times reporters and editors.

“The hardest thing we’re going to have to do is to be able to operate this network in time of war — as we will be attacked,” Chilton said. “And there’s no perfect firewall.”

More here.

Hacker Compromises Data on 11,000 at University of Indianapolis

An AP newswire article, via The Chicago Tribune, reports that:

A hacker attacked the University of Indianapolis' computer system and gained access to personal information and Social Security numbers for 11,000 students, faculty and staff, the school said.

The 4,300-student university's information technology staff and outside computer security experts are investigating the breach, which was discovered Sept. 18 when another institution warned the school. The FBI also was notified. It was not clear whether any data was stolen in the Sept. 8 attack.

"We don't know that anything was done with this information, just that there was a compromise," university spokesman Scott Hall told The Indianapolis Star on Tuesday.

The compromised records were at least two years old, the school said. University President Beverley J. Pitts -- one of the those whose data was accessed -- said in a campuswide e-mail that the victims would be notified by mail and e-mail in the next few days. The school also will offer victims one year of free credit monitoring.

More here.

Hat-tip: Data Loss Mailing List

Toon of The Day: The Liberator

We love Mr. Fish.


- ferg

IntruGuard Gets DDoS Detection & Mitigation Patent

David Hamilton writes on

Distributed denial-of-service mitigation solution provider IntruGuard application has been granted a patent that covers core elements of an effective DDoS mitigation solution if a hacker tries to cripple a site with a DDoS attack.

According to IntuGuard's announcement Monday, the company was awarded a patent for its "Method and apparatus for rate based denial of service attack detection and prevention" by the US Patent and Trademarks Office. A DDoS attack saturates a victim machine with communications requests so it cannot respond to legitimate traffic. The government of Georgia's website was taken offline possibly by a Russia-based DDoS attack at the onset of Russia's invasion of South Ossetia. Popular movie website IMDB was also taken offline by a DDoS attack this Summer.

IntruGuard states that it has proven it can secure the key elements of any effective DDoS mitigation solution with its SYN and zombie flood detection and prevention mechanism, and its technique of limiting connections and determining adaptive rate thresholds.

More here.

Gov. Schwarzenegger Creates Hospital Privacy Oversight Office

Patrick McGreevy writes in The Los Angeles Times:

Gov. Arnold Schwarzenegger took action today to enable the state to impose stiff fines on hospital employees who snoop in their patients' files, months after California First Lady Maria Shriver was one of several celebrities whose privacy was invaded at UCLA Medical Center.

The governor approved the creation of a new state Office of Health Information Integrity with power to review security plans and violations and assess fines of up to $250,000 against violators of patient privacy.

More here.

UK Government Finally Commits Funding to e-Crime Police Unit

Leo King writes on Computerworld UK:

The government has finally committed funding to a specialist national e-crime unit, twelve months after a proposal was submitted by the Metropolitan Police and following years of pressure from business.

It will provide £3.5 million of funding, leaving the Metropolitan Police to provide £3.9 million in addition, taking total funding to £7.4 million over a three year period.

The original proposal was for £5.3 million, including £1.3 million suggested to start the new centre. The proposal has also been backed by the Association of Chief Police Officers, and the government is seeking extra support from business.

The unit is due to open in spring 2009, and it is understood it will work alongside the new National Fraud Reporting Centre, rather than being part of it. It will tackle all forms of crime involving the internet, but much of its focus is expected to be on fraud cases.

More here.

Kuwait Teenager Arrested in Bank Hack Probe

Graham Cluley:

According to reports, a 17-year-old boy is alleged to have post what is described as an "immoral picture" on a website to attract potential victims, but then silently installed spyware onto their computers, stealing online bank account information and other personal data.

Officers at the Mubarak Al-Kabeer division of the Criminal Investigations Department claim that the young man’s computer contained programs for hacking into other people’s computers.

More here.

Canada: 'Do-Not-Call' Website, Phone Lines Overwhelmed

Via CBC News.

So many people are trying to register their phone numbers on the federal do-not-call list, the website has crashed and the phone lines have a constant busy tone.

The popularity of the list was not unexpected. The Canadian Radio-television and Telecommunications Commission has projected that of Canada's 27 million residential phone lines, which include cellphone numbers, 16 million would be on the do-not-call list within two years.

However, it's possible the CRTC didn't expect millions to try to join the list in the first week. The CRTC confirmed the website went live at 12:01 a.m. Tuesday, and about 200,000 people were able to register before it crashed eight or nine hours later.

More here.

Microsoft's 'Revised' CAPTCHA Busted By Spammers For Mass-Mailing Operations

Via Websense Security Labs.

Spammers are once again targeting Microsoft's Hotmail (Live Hotmail) services. We have discovered that spammers, in a recent aggressive move, have managed to create automated bots that can sign up for and create random Hotmail accounts, defeating Microsoft's latest, revised CAPTCHA system. The accounts are then used to send mass-mailings.

Early this year (2008), as reported by Websense Security Labs, spammers worldwide basis demonstrated their adaptability by defeating a range of anti-spam services offered by security vendors by carrying out the streamlined anti-CAPTCHA operations on Microsoft's Live Mail, Google's Gmail, Microsoft's Live Hotmail, Google's Blogger, and Yahoo Mail (as reported by InformationWeek).

More here.

Russian Police 'Find' Author of Notorious Gpcode Malware - UPDATE

John E. Dunn writes on

The infamous Gpcode 'ransomware' virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld.

The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt victims' files.

Initially sceptical, the company was able to verify that the individual was the author of the latest Gpcode attack - and probably earlier attacks in 2006 and 2007 - using a variety of forensic evidence, not least that he was able to provide a tool containing the RC4 key able to decrypt the work of the malware on a single PC.

The 128-bit RC4 keys, used to encrypt the user's data, are unique for every attack. The part that had stymied researchers was that this key had, in turn, been encrypted using an effectively unbreakable 1024-bit RSA public key, generated in tandem with the virus author's private key. But the tool did at least prove that the individual had access to the private 'master' key and must therefore be genuine.

More here.

UPDATE: 17:12 PDT, 30 September 2008: Also related to this, and worth a read, Dancho Danchev's "Identifying the Gpcode Ransomware Author".

Monday, September 29, 2008

Nasty Web Bug Descends On World's Most Popular Sites

Dan Goodin writes on The Register:

Underscoring the severity of of an exotic form of website bug, security researchers from Princeton University have cataloged four cross-site request forgeries in some of the world's most popular sites.

The most serious vulnerability by far was in the website of global financial services company ING Direct. The flaw could have allowed an attacker to transfer funds out of a user's account, or to create additional accounts of behalf of a victim, according to this post from Freedom to Tinker blogger Bill Zeller.

The vulnerabilities were confirmed for users of Firefox and Internet Explorer browsers, and ING's use of the secure sockets layer protocol did nothing to prevent the attack. ING plugged the hole after Zeller and colleague Ed Felton reported it privately.

Cross-site request forgery (CSFR) vulnerabilities occur when a website carries out an action without first confirming it was requested by the authenticated user. Miscreants can exploit this shortcoming by including code on an attack site that causes the user's browser to send commands to a site such as then carries out the command under the mistaken notion that because it was requested by the browser, it was invoked by the user.

"The vulnerabilities in the websites are severe, demonstrating the pervasiveness and importance of CSRF protection," Jeremiah Grossman, CTO of White Hat Security and an expert in website security, said of the report.

More here.

Bad Advice: U.S. Urged to Go On Offense in Cyber War

A UPI newswire article by Shaun Waterman, via The Washington Times, reports that:

The United States needs to do more to develop an offensive cyberwar capability rather than just focus on defending its networks from attack, says the chairman of the House cybersecurity subcommittee.

"The best defense is a good offense and an offensive [cyberwar] capability is essential to our national defense," Rep. Jim Langevin told United Press International, calling it "a necessary deterrent."

"Warfare is forever changed. ... Never again will we see major warfare without a strong cyber component executed as part of it," the Rhode Island Democrat added, citing the assault on Georgian government Web sites that accompanied Russia's invasion last month.

Mr. Langevin, chairman of the House Homeland Security subcommittee on emerging threats, cybersecurity and science and technology and a member of the House Permanent Select Committee on Intelligence, also called on the White House to declassify much more of its Comprehensive National Cybersecurity Initiative (CNCI) and said the Department of Homeland Security should be stripped of its lead role in defending the nation's computer networks.

His call for a more robust offensive capacity in cyberwarfare highlights an ongoing debate in government about how best to address the complex challenges posed by U.S. dependence on the Internet and other computer networks - a vulnerability that the nation's enemies could exploit.

More here.

South Korean Defense Suppliers Uncover Malicious Code

Dan Raywood writes on SC Magazine Australia:

The South Korean defence industry is facing a hacking risk after malicious codes were found in its major computer systems.

Data from the National Security Research Institute showed that the guided missile manufacturer LIGNex1 Hyundai Heavy Industries uncovered malicious codes planted by hackers.

The National Security Research Institute, which is affiliated with the Electronics and Telecommunications Research Institute, believes hackers have planted vicious codes through which they stolen information.

A spokesperson said: “The research institute suspects the culprits are Chinese or North Korean hackers but doesn't know specifically what information they stole. In the worst case, the blueprints of missiles and Aegis ship could have been stolen."

More here.

Hat-tip: dissent

Australian Police Help Nab Nigerian 419'er

Mahesh Sharma writes on Australian IT:

Queensland police have helped Nigerian authorities nab a 23-year-old Nigerian man who allegedly used a fake female profile on a romance website to defraud a Queensland man of $20,000.

The accused, who was arrested and charged with fraud by the Nigerian Economic Financial Crimes Commission last week, is alleged to have targeted a 45-year-old Queensland resident by posing as a female on an online relationship website and convincing him to send money.

Queensland Police Service Fraud and Corporate Crime Group Detective Superintendent Brian Hay said there had been 10 arrests to date as a result of joint sting operations conducted with the Nigerian authorities.

"It's getting better than it was," Mr Hay said. "It's not where it could be, but a it's darn sight further down the track than it was a couple of years ago.

"We know there are hundreds and thousands of victims out there just by looking at the flood of money leaving Australia. It demands attention."

Romance sites are among the biggest growth areas for advance-fee fraud crime groups, as scammers move beyond spamming millions of email inboxes to find fraud targets.

More here.

Canadian Hacker, 'The Analyzer', Released on Bail - UPDATE

Kim Zetter writes on Threat Level:

Israeli hacker Ehud Tenenbaum (aka "The Analyzer") has been released on $30,000 bail in Canada where he was arrested last month on suspicion of hacking into computers belonging to a financial services company.

The 29-year-old Tenenbaum is accused of hacking into computers belonging to Direct Cash Management of Calgary and increasing the balance on pre-paid debit cards to about CDN $3.5 million, then conspiring with others in Canada and around the world to withdraw the funds in December 2007 and January 2008. The culprits managed to steal CDN $1.8 million of that amount.

Tenenbaum was arrested with three other Canadians, 30-year-old Priscilla Mastrangelo, whom Tenenbaum has identified as his fiancee; 28-year-old Ralph Jean-Francois; and 33-year-old Sypros Xenoulis, said to be Tenenbaum's business partner.

According to the Calgary Herald, Mastrangelo is accused of withdrawing $32,082 in the scam, while Jean-Francois and Xenoulis took considerably less -- $6,585 and $1,001.

A decade ago when Tenenbaum was 19 years old, he hacked into unclassified computer systems belonging to NASA, the Pentagon, the Israeli parliament and others. He was arrested in 1998 along with several other Israelis and two California teens in one of the first high-profile hacker cases that made international news.

More here.

UPDATE: 16:55 PDT, 30 September 2008: Kim Zetter reports that "The Analyzer" in U.S. Provisional Custody in Canada.

Image of The Day: Will The LHC Create a Black Hole?


House Website Overwhelmed as Bailout Bill Fails

An AP newswire article by Stephen Ohlemacher, via, reports that:

The House Web site was overwhelmed Monday as millions of computer users sought information about the financial bailout bill rejected by the House.

"We haven't seen this much demand since the 9/11 commission report" was posted on the site in 2004, said Jeff Ventura, spokesman for the House chief administrative officer. "We're being overwhelmed with Web traffic about the bill."

Ventura said the Web site is working, but many computer users are getting the equivalent of a busy signal when they try to visit the site. Once users are on the site, it works at reduced speed.

"You have to keep trying and eventually you get in," he said.

Ventura said the slowdown is expected to last until Tuesday. In the meantime, technicians planned to work through the night to fortify the system.

"Our computer people aren't going anywhere," Ventura said.

More here.

Malware 2.0's Going to Be Murder

Robert "RSnake" Hansen writes on Internet Evolution:

Back in 1990, Leonard Cohen warned us, "Get ready for the future, brother -- it is murder!" Lately I've come to a deeper appreciation of just how prescient he was. Defending against malware is hard enough: The intersection of malware, computational linguistics, social networks, image analysis, and data mining is even worse.

Imagine that you receive an email from one of your closest friends. "I saw this and thought of you," it says. "It's about a new Michael Mann movie that's coming out soon." Of course you click on the attached PDF, and why shouldn't you? It's from someone you know. How would a malware author know you're a huge Miami Vice fan? It's obviously from your friend.

And yet the instant you click on it, the game's over. You're infected. Your friend never sent you that email. You were suckered in by some advanced technology that is due to appear in tomorrow's malware.

More here.

Malware Attacks Posing in Campaign Videos

Matt Hines writes on the eWeek "Security Watch" Blog:

Apparently Saturday Night Live isn't the only constituency seeking to profit by tying its fortunes to presidential-themed video clips these days.

In addition to the highly-publicized skits that SNL has produced in the last several weeks that have parodied the presidential and vice presidential candidates and generated a torrent of interest online, cybercriminals are also ramping up their efforts to tap into the ongoing race to pad their wallets and add to their networks of infected endpoints.

According to a report published by anti-spyware specialists Webroot on Monday, researchers at the company have charted a rapid increase in the volume of infected files being distributed, in particular via P2P file sharing networks, that have been disguised as campaign-oriented content.

The company specifically warned user to beware of malware files being propagated in files labeled as McCain and Obama campaign videos. Among the P2P networks that the company reported that it has seen large amounts of the infected presidential files trading hands on is Gnutella, which is accessed by many users of FrostWire and LimeWire.

More here.

How 'Carders' Trade Your Stolen Personal Info

Robert Vamosi writes on the C|Net "D3F3NS3 1N D3PTH" Blog:

Debit cards and PINs are hot subjects on the criminal underground forums these days, Tom Rusin said on a recent visit to CNET. Rusin is president of North American operations at Affinion Group, a company that monitors the criminal underground for several thousand banking institutions by lurking in carder chat rooms.

"Carders" are the people who buy, sell, and trade online the credit card data stolen from phishing sites or from large data breaches at retail stores. Affinion is one of the largest identity protection companies in the world, with offices in more than a dozen countries. Over the years, it has provided a wealth of information to the U.S. Secret Service and the FBI. A few weeks ago, Affinion identified .Mac users who found themselves victims of a phishing scam.

While scrolling through posts in an online underground criminal forum on his laptop, Rosin explained that since "every American keeps some money in their savings account," unlike when stealing credit cards, debit cards grant thieves immediate access to cash. Next in demand are usernames and passwords because "most people use the same password on the sites they visit."

More here.

Genius xkcd: The Observable Universe

Click for larger image.

We love xkcd.


- ferg

Sunday, September 28, 2008

Kremlin Can't Pursue War Against Internet Without Hackers, Expert Says

Paul Goble writes on the Georgian Daily:

The Kremlin will not be able to close down Internet sites it doesn't like without using hackers, either those working directly for its security services or those inspired by Moscow's propaganda campaigns, according to a leading Russian specialist on that country's intelligence services.

In an interview posted online yesterday, Andrei Soldatov, the editor of and a frequent commentator on the activities of the FSB and other Russian intelligence services, said that Moscow's campaign against showed the limits of its ability to achieve its goals through legal means.

This week, he noted, the Russian authorities for the first time lifted the domain registration of a site – – in hopes of closing it down. They acted in accordance with the "rules on the registration of domains on dot RU."

Up until this time, the intelligence specialist said, Moscow and regional governments have put pressure on Russian-based providers in efforts to close down sites not through the use of Russian courts but rather by "telephoning" the providers and explaining to them what was necessary.

But like all their previous efforts in the two-year-long campaign to close this independent news portal, the Russian and Ingush powers that be failed because the editors of the site, which is already hosted by an IP abroad, quickly re-registered in the dotORG domain where they can operate freely.

The Russian government has tried to pressure foreign governments to close down sites that Moscow doesn't like in the past. In 2005, Soldatov recounts, the Russian foreign ministry demanded that Sweden shut down the pro-Chechen Kavkaz-Tsentr site, but Sweden refused point blank to do so.

More here.

The Impact of ID Theft: Spokane Firefighter to Sue Over False Child Porn Arrest

An AP newswire article, via The Seattle Post-Intelligencer, reports that:

A firefighter who was arrested and accused by the Washington State Patrol of possessing child pornography, then was released after investigators determined he was innocent, says he will file a lawsuit.

"This still affects us daily. It caused severe damage," Fire Lt. Todd Chism says. "We're doing our best to deal with it, but it has been very difficult."

Patrol investigators said a credit card number linked Chism to a Yahoo account that was used to download hundreds of explicit digital images. After his arrest in January, some of his children's' friends were not allowed to visit the Chisms' home.

The case originated in the patrol's missing and exploited children unit with a tip that included a Yahoo e-mail account associated with downloading hundreds of digital images of child pornography.

Investigators found Todd and Nicole Chism's credit card had been used in one of the Internet protocol addresses associated with the Yahoo account, "but they couldn't definitively link the porn to the Chisms' computer or home address or anywhere," [Capt. Jeffrey] DeVere said.

Detectives found fraudulent activity had been reported on three of the four credit card numbers associated with the Chisms' Bank of America account but not the fourth, which was the one used to buy the porn, DeVere said.

The investigative file includes a letter from Bank of America confirming that a fraud complaint had been made for the fourth number in August 2007, but patrol detectives did not receive the letter until after Chism's arrest, DeVere said.

More here.

Toon of The Day: Working on The Next Bubble

Click for larger image.

Image source: John Darkow, The Columbia Daily Tribune /