Saturday, October 18, 2008

In Passing: Edie Adams



Edie Adams
April 16, 1927 – October 15, 2008

Friday, October 17, 2008

Image of The Day: Mini McBush





Enjoy. Not.

- ferg

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Oct. 17, 2008, at least 4,185 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,385 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is the same as the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

As of Friday, Oct. 17, 2008, at least 542 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Thursday at 10 a.m. EDT.

Of those, the military reports 390 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

al-Qaeda Web Forums Abruptly Taken Offline

Ellen Knickmeyer writes in The Washington Post:

Four of the five main online forums that al-Qaeda's media wing uses to distribute statements by Osama bin Laden and other extremists have been disabled since mid-September, monitors of the Web sites say.

The disappearance of the forums on Sept. 10 -- and al-Qaeda's apparent inability to restore them or create alternate online venues, as it has before -- has curbed the organization's dissemination of the words and images of its fugitive leaders. On Sept. 29, a statement by the al-Fajr Media Center, a distribution network created by supporters of al-Qaeda and other Sunni extremist groups, said the forums had disappeared "for technical reasons," and it urged followers not to trust any look-alike sites.

For al-Qaeda, "these sites are the equivalent of pentagon.mil, whitehouse.gov, att.com," said Evan F. Kohlmann, an expert on online al-Qaeda operations who has advised the FBI and others. With just one authorized al-Qaeda site still in business, "this has left al-Qaeda's propaganda strategy hanging by a very narrow thread."

At the same time, in an apparently unrelated flare-up of online sectarian hostility, Shiite and Sunni hackers have targeted Web sites associated with the other sect, including that of a Saudi-owned television network and of Iraq's most revered Shiite cleric.

More here.

In Passing: Levi Stubbs



Levi Stubbs
June 6, 1936 – October 17, 2008





Pictured Above (Left-to-Right): Lawrence Payton, Renaldo "Obie" Benson, lead singer Levi Stubbs and Abdul "Duke" Fakir - all four original Four Tops.

Friday Monkey Blogging: Chimps 90% Gone in a 'Final Stronghold'


As I mentioned last Friday, I have started a regularly recurring blog entry meme every Friday afternoon, inspired by Bruce Schneier's regular series of "Friday Squid Blogging" posts, and my very own maddening Monkey Theory.

This week's installment via National Geographic News.

West African chimpanzees have declined by 90 percent in the last 18 years in an African country that is one of the subspecies' "final strongholds," a new study stays.

Scientists counting the rare chimps in Côte d'Ivoire (Ivory Coast) found only about 800 to 1,200 of the apes—down from about 8,000 to 12,000 in 1989-90. Before the new survey, the country had been thought to harbor about half of all West African chimps.

"We were not expecting such a drastic decrease," said lead author Geneviève Campbell, a doctoral candidate at the Max Planck Institute for Evolutionary Anthropology in Germany.

The 1989-90 survey had itself represented a significant decline from 1960s estimates of about a hundred thousand West African Chimps in Côte d'Ivoire.

More here.

Image source: Michael Nichols / National Geographic News

U.S. Teen Admits to 'Anonymous' DDoS Attack on Scientology

Dan Goodin writes on The Register:

A New Jersey man has admitted he participated in January's high-profile cyber attack on the Church of Scientology that took its website offline and caused as much as $70,000 worth of damage.

Dmitriy Guzner, 18, of Verona, New Jersey, helped carry out the crippling distributed denial of service (DDoS) assault because he believed it furthered the goals of the anti-Scientology group "Anonymous," to which he claimed to belong, according to court documents filed in federal court. He has agreed to plead guilty to a single felony charge of unauthorized impairment of a protected computer.

He agreed to pay $37,500 in restitution, a fee he is "jointly and severally liable" for with others who participated in the attack. He faces a maximum of 10 years in federal prison. A sentencing hearing has not been scheduled. Guzner is a student who participated in, but did not organize, the attacks, said his attorney, Jeffrey Chabrowe, of The Branch Law Firm in New York.

The attacks, which at times rendered Scientology's website unreachable, were said to be in retaliation for its misuse of copyright and trademark law in censorship of criticism against the church. The DDoS attacks, which take websites offline by bombarding them with more traffic than they can handle, were largely unsophisticated brute force, floods, security experts have said.

More here.

Alleged Hackers Charged With Highway Robbery, Literally

Kevin Poulsen writes on Threat Level:

In this week's Fed Blotter, Nicholas Lakes and Viachelav Berkovich are charged with computer fraud for a man-in-the-middle attack that allegedly let them run a profitable trucking company without the hassle of driving a truck.

For over three years the Russian immigrants repeatedly hacked a Department of Transportation website called Safersys.org, which maintains a list of licensed interstate trucking companies and brokers, according to an affidavit filed by a department investigator. There, the pair would temporarily change the contact information for a legitimate trucking company to an address and phone number under their control.

The men then took to the web-based "load boards" where brokers advertise cargo in need of transportation. They'd negotiate a deal, for example, to transport cargo from American Canyon, California, to Jessup, Maryland, for $3,500.

But instead of transporting the load, Lakes and Berkovich would outsource the job to another trucking company, the feds say, posing as the legitimate company whose identity they'd hijacked. Once the cargo was delivered, the men allegedly invoiced their customer and pocketed the funds. But when the company that actually drove the truck tried to get paid, they'd eventually discover that the firm who'd supposedly hired them didn't know anything about it.

More here.

Cyber Finance Threats: Toxic Information

Shane Harris:

Not that we need it, but here's yet another reason to worry about havoc in financial markets: U.S. intelligence officials increasingly fear that computer hackers could wreck banks and large financial institutions, or send stock markets into one more panicked frenzy, by covertly manipulating data and spreading false information.

In interviews and speeches over the past few months, senior counterintelligence and security officials laid out some dire scenarios. They're all predicated on a determined individual or small group fabricating information in such a way that the public sees a different picture of financial health than exists, either at a particular company or in broad markets.

For example, imagine a large brokerage finds itself suddenly saddled with huge losses because a disgruntled employee falsified information in the company's accounting systems, thus ensuring that billions of dollars in losses never show up on the books. Or think about the tumult that would ensue if someone hacked into a stock exchange and changed individual share prices, unleashing a flood of buy and sell orders.

These kinds of nightmare events shape the thinking of the senior Bush administration officials in charge of protecting the nation's computer infrastructure. They're concerned that financial institutions, while aware of the risks posed by lax information security, haven't taken bold enough steps to tighten up their own defenses and thus are imperiling a global system that is utterly dependent on accurate information.

More here.

Criminal Profit-Driven Attacks Present Increased Threats for Businesses and Government

Via SecurityPark.co.uk.

According to the Information Security Forum (ISF), targeted and organised, profit-driven attacks are replacing random individual hacker attacks and presenting increased threats for businesses and government. This new breed of attack, designed to steal valuable and sensitive information or customer data for major financial gain is being orchestrated by criminal networks that bring together specialist skills and expertise. Many even place sleepers within organisations to provide inside knowledge and access.

According to the ISF, profit-driven attacks have five phases: Reconnaissance to identify targets; Development to plan the attack and write malware; Extraction of the data; Exploitation by advertising and selling stolen information; and finally Laundering of the profits. Normally, there is a different person or team running each phase, often operating from different parts of the world, making it extremely difficult to track and trace. Each group takes a slice of the profits with the criminal ringleaders reaping the largest rewards - that can run into millions.

"It's not dissimilar to the process of robbing a bank," says Nick Frost, senior research consultant at the ISF. "The difference is that this cybercrime is more sophisticated and harder to trace. Most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces such as deleting system logs and advanced attack kits such as Limbo 2 Trojan are available online with non-detection-warranties."

"Most organisations do not have the necessary controls in place to deal with these attacks and the financial profits from successful breaches are simply used to fund more sophisticated and malicious attacks, creating a vicious cycle," adds Frost.

More here.

Atrivo Shutdown Hastened Demise of Storm Worm

Brian Krebs writes on Security Fix:

The infamous Storm worm, which powered a network of thousands of compromised PCs once responsible for sending more than 20 percent of all spam, appears to have died off. Security experts say Storm's death knell was sounded by the recent shutdown of Atrivo, a California based ISP that was home to a number of criminal cyber crime operations, including at least three of the master servers used to control the Storm network.

The Storm network consisted of a complex hierarchy of servers designed to balance the load of sending spam and and to hide the location of the master servers that the Storm worm authors used to operate the network.

Three out of four of those control servers were located at Atrivo, a.k.a. Intercage, said Joe Stewart, a senior security researcher with Atlanta based SecureWorks who helped unlock the secrets of the complex Storm network. The fourth server, he said, operated out of Hosting.ua, an Internet provider based in the Ukraine.

More here.

NIST Releases Final 'Guide to Securing Microsoft Windows XP Systems for IT Professionals'

Via NIST.gov.

Special Publication (SP) 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals, has been published as final. It seeks to assist IT professionals in securing Windows XP Professional systems running Service Pack 2 or 3.

The guide provides detailed information about the security features of Windows XP and security configuration guidelines. SP 800-68 Revision 1 updates the original version of SP 800-68, which was released in 2005.

More here.

Telecom Spying Amnesty Unconstitutional, EFF Tells Court

Ryan Singel writes on Threat Level:

The government's attempt to give retroactive immunity to the companies that helped the Bush administration's warrantless spying program violates the Constitution by ripping from the courts the power to hear citizens' grievances against the government, a rights group told a federal court Thursday.

The Electronic Frontier Foundation is also challenging the government's assertion to the court that the program wasn't a "dragnet" that pulled in the contents of millions of Americans, arguing that the government is playing word games.

The filing late Thursday night comes three months after the Democratically-controlled Congress gave in to political pressure and gave the Attorney General the power to tell a court to dismiss lawsuits against the nation's phone and internet companies.

More here.

Thursday, October 16, 2008

Toon of The Month: Mums The Word

Click for larger image.

Brilliant.

We love Mr. Fish.

- ferg

Want Palin's e-Mails? That'll Be $15 Million

Bill Dedman writes on MSNBC.com:

Sarah Palin's office has discovered a new renewable resource to bring millions of dollars into Alaska's economy: the governor's e-mails.

The office of the Republican vice-presidential nominee has quoted prices as high as $15 million for copies of state e-mails requested by news organizations and citizens. No matter what the price, most of the e-mails of the governor, her senior staff and other state employees won't be made public until at least several weeks after the Nov. 4 presidential election, her office told msnbc.com on Thursday.

More here.

TSA Names New Assistant Administrator

Via UPI.com.

The U.S. Transportation Security Administration has named a new assistant administrator for security operations.

TSA officials announced that former Orlando International Airport federal security director Lee Kair will become the new assistant administrator for security operations at the agency. The TSA assistant administrator is in charge of executive management, including compliance and budget oversight and the development of strategic plans at more than 450 airports in the United States, among other responsibilities, the TSA reported.

Kair, who has worked at the TSA since 2004, was responsible for the development and implementation of new explosives training initiatives, the visible intermodal prevention and response teams along with decentralizing the hiring process, among other projects.

More here.

Quote of The Day: Me

"It's amazing that California almost out-wingnut'ed Texas."

- Me, on a twist by Forrest Wilder on the Texas Observer blog. "This week the Sacramento County, California, Republican Party had to yank from its Web site some highly offensive content, including a call to 'Waterboard Barack Obama' and a statement that 'The Only Difference Between Obama and Osama is BS.'"

Pretty sick stuff. But Texas proves it has a whole different breed of wingnuts.

Report: Russian Hacker Forums Fueled Georgia Cyber Attacks

Brian Krebs writes on Security Fix:

An exhaustive inquiry into August's cyber attacks on the former Soviet bloc nation of Georgia finds no smoking gun in the hands of the Russian government. But experts say evidence suggests that Russian officials did little to discourage the online assault, which was coordinated through a Russian online forum that appeared to have been prepped with target lists and details about Georgian Web site vulnerabilities well before the two countries engaged in a brief but deadly ground, sea and air war.

The findings come from an open source investigation launched by Project Grey Goose, a volunteer effort by more than 100 security experts from tech giants like Microsoft and Oracle, as well as former members of the Defense Intelligence Agency, Lexis-Nexis, the Department of Homeland Security and defense contractor SAIC, among others.

More here.

Off Topic: Hate and Fear in America



To see Americans so embittered in a campaign of ignorance, hate, and fear, leaves me with a sick feeling that I cannot describe.

- ferg

Hat-tip: Crooks and Liars


Image of The Day: Complexity of Credit Crunch Explanations




Via GraphJam.com.

FBI Says Dark Market Sting Netted 56 Arrests

Robert McMillan writes on PC World:

A two-year undercover FBI sting operation targeting online fraudsters has netted 56 arrests and prevented millions of dollars in economic losses, the FBI said Thursday.

The FBI said it had infiltrated online "carder" forums hosted on the DarkMarket.ws Web site, which was widely used by online scammers to buy and sell stolen credit card numbers, other financial information, and even the devices used to make fake banking cards. Before it was shut down earlier this month, the Web site had registered more than 2,500 members.

The FBI ran its sting in cooperation with the U.K.'s Serious Organized Crime Agency and authorities in Turkey and Germany. "The arrests this week in the U.K. are a good demonstration of the coordination taking place today between the FBI, the Serious Organized Crime Agency... and other law enforcement agencies around the globe," FBI Cyber Division Assistant Director Shawn Henry said Thursday in a statement.

In addition to the drawing the 56 arrests, the sting helped the FBI seize compromised accounts and prevent the loss of about US$70 million in fraud, the FBI said. It has also generated new leads that are being tracked down by international law enforcement.

More here.

DHS to Hold 'Industry Day' on Cyber Initiative

Ben Bain writes on FCW.com:

Industry will learn more in the coming months about what the Homeland Security Department wants from vendors as DHS implements its part of the multiyear, multibillion-dollar cybersecurity initiative.

DHS plans to hold a vendor day in December or January to provide contractors with an overview of its program plans under the Comprehensive National Cybersecurity Initiative (CNCI), a senior DHS official said today. In general, DHS will look to industry for new services and augmenting existing ones and for help with analytics and operations, the official added.

Michael Brown, DHS’ deputy assistant secretary for cybersecurity and communications, said operational requirements for DHS' CNCI efforts have been developed and will be reviewed by the department's leadership. He added that the operational requirements will inform DHS’ upcoming CNCI-related acquisitions.

Once the program is approved, DHS will be able to better articulate its expectations and needs to vendors, Brown said at a breakfast hosted by the Armed Forces Communications and Electronics Association’s chapter in Bethesda, Md.

More here.

The Trouble With 'Deep Packet Inspection'

Bob Sullivan writes on the MSNBC "Red Tape Chronicles" Blog:

Deep down, most Net users realize that everything they do online can be watched and tracked. Most, however, forget this on a day-to-day basis. That's why a new technology called deep packet inspection is potentially very disturbing.

The data is already dismal when it comes to people peeking at your Internet travels. Twenty percent of U.S. companies hire employees specifically to snoop at employee e-mail and 41 percent perform some kind of e-mail monitoring, according to a survey published earlier this year by Proofpoint. Two-thirds of companies monitor Web surfing, and 12 percent even monitor outside blog activity. Even if your company doesn't watch you as a matter of policy, employees might be sneaking a peek anyway. In a survey published in June by security firm Cyber-Ark, one-third of IT workers confessed to abusing their administrative passwords to read colleagues’ e-mail and compare salaries, and the like.

Still, people at work often realize their time is not their own, and their expectation of privacy -- at least according to under U.S. law -- is low. But now, a technology called deep packet inspection offers similar kind of monitoring capabilities that can be used on all Internet users -- at home, at work, even when using mobile devices.

Until recently, the concept of peeking at every data packet while it flew into and out of an Internet service provider’s networks quickly ran into practical problems. There was just too much data to inspect; doing so would bog down even the most robust network. But recent technology advances have made deep packet inspection both practical and affordable, and the technology began finding its way into ISPs around the world this year.

More here.

GAO: Gaps in Bometric Data-Sharing Leaves U.S. Open to Attack

William Jackson writes on GCN.com:

Failure to share biometric data collected by military personnel in combat areas with counterterrorism agencies at home could endanger homeland security, the Government Accountability Office concluded in a new report [.pdf].

Although the Defense Department collects biometric data on suspicious persons in combat areas in Iraq and Afghanistan, the type of data being collected is inconsistent and is not always shared, despite policies calling for sharing of such data.

“Gaps in DOD’s and other agencies’ biometrics collection and sharing processes can increase the risk that terrorists will avoid identification in subsequent encounters with U.S. personnel during military operations, the visa application process and U.S. border crossings,” GAO said.

Efforts are under way to develop the technical and organizational framework needed to enable such sharing, but until this is in place the gap must be filled with greater interagency cooperation, GAO added.

More here.

ISPs Are Pressed to Become Child Porn Cops

Bill Dedman and Bob Sullivan write on MSNBC.com:

New technologies and changes in U.S. law are adding to pressures to turn Internet service providers into cops examining all Internet traffic for child pornography.

One new tool, being marketed in the U.S. by an Australian company, offers to check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.

The company caught the attention of New York's attorney general, who has been pressing Internet companies to block child porn. He forwarded the proposal to one of those companies, AOL, for discussion by an industry task force that is looking for ways to fight child porn. A copy of the company's proposal was also obtained by msnbc.com.

Privacy advocates are raising objections to such tools, saying that monitoring all traffic would be an unconstitutional invasion. They say companies can't start watching every customer's activity, and blocking files thought to be illegal, even when the goal is as noble as protecting children.

More here.

High-Security Research Labs Not So High Security

An AP newswire article by Larry Margasak, via SFGate.com, reports that:

Intruders could easily break into two U.S. laboratories where researchers handle some of the world's deadliest germs, according to congressional investigators. The Associated Press identified the vulnerable lab locations as Atlanta and San Antonio.

The serious security problems at the two labs were described by the Government Accountability Office in a report expected to be released publicly as early as Thursday. The GAO, Congress' investigative and auditing arm, did not identify the labs except to say they were classified as Biosafety Level 4 facilities, but the report included enough details for the AP — and others knowledgeable about such labs — to determine their locations.

Biosafety Level 4 labs conduct research on deadly germs and toxins.

In Texas, the Southwest Foundation for Biomedical Research features an outside window that looks directly into the room where the deadly germs are handled. The lab, which is privately run, also lacks many security cameras, intrusion detection alarms or visible armed guards at its public entrances. Officials there said they will tighten security.

More here.

Woman is First to Plead Guilty in Notorious Spam Case

Robert McMillan writes on ComputerWorld:

A woman accused of helping spam kingpin Alan Ralsky send out tens of millions of unwanted e-mail messages each day has pleaded guilty to spam charges.

Judy Devenow pleaded guilty to fraud and conspiracy charges Tuesday in federal court in Michigan. She was arrested in January and charged with participating in a complex pump-and-dump stock scam that artificially inflated the prices of Chinese penny stocks.

With her guilty plea, Devenow has agreed to cooperate with the U.S. Department of Justice as it pursues its case against 10 other people, including Ralsky, who were allegedly involved in the scam. "She felt it was in her best interest to dispose of this case in this way and not go through a trial," said her attorney, Richard Zuckerman, of Honigman Miller Schwartz and Cohn.

Devenow is facing 33 to 41 years in prison on the charges, but the sentence could be reduced if the government feels she has fully cooperated, he said.

More here.

U.S. Treasury Office Faults IRS Computer Security

An AP newswire article by Jim Abrams, via SFGate.com, reports that:

Two new IRS computer systems that will eventually cost taxpayers almost $2 billion are being put into service despite known security and privacy vulnerabilities, a Treasury watchdog said in a report coming out Thursday.

The office of the Treasury Inspector General for Tax Administration said Internal Revenue Service officials failed to ensure that identified weaknesses had been addressed before putting the new systems into use.

Inspector General J. Russell George said it was "very troublesome" that the IRS "was aware of, and even self-identified, these weaknesses."

More here.

In Memoriam: Jon Postel

"Be liberal in what you accept, and conservative in what you send."



Jon Postel
August 6, 1943 – October 16, 1998

Wednesday, October 15, 2008

Cyber Security Threats Grow in Sophistication, Subtlety, and Power

John Cox writes on NetworkWorld:

The annual report from Georgia Tech Information Security Center identifies five evolving cyber security threats, and the news is not good.

GTISC interviewed a range of industry security experts to explore the threats and the available countermeasures. The five are malware, botnets, cyber warfare, threats to VoIP and mobile devices, and the "evolving cyber crime economy."

In all five areas, attackers are becoming increasingly sophisticated, increasingly subtle, and increasingly adept at exploiting new Web developments, such as the rise of social network sites. Industry and government need to become equally concerted and sophisticated to contain these threats if the Internet is to be a trusted communications medium.

The just-released report, "Emerging Cyber Threats Report for 2009: Mobility and Questions of Responsibility will Drive Cyber Threats in 2009 and Beyond," is online [.pdf].

More here.

FBI: Several Nations Eyeing U.S. Cyber Targets

Grant Gross writes on PC World:

About two dozen nations have developed cyber-attack capabilities and have their eyes on targets inside the U.S. government or businesses, the top cybercrime law enforcement official in the U.S. said.

"There are countries who have an interest in obtaining information from the U.S., in terms of the electronic theft of data," said Shawn Henry, the assistant director in charge of the U.S. Federal Bureau of Investigation's Cyber Division.

Henry declined to name countries, but he called organized attacks on U.S. cyber targets a "significant threat" during a press conference Wednesday. Over the past year, cyber attacks against U.S. targets have become increasingly sophisticated, said Henry, appointed to the top post in the Cyber Division in September.

The FBI has thousands of open investigations into cybercrime and organized cyber attacks, said Henry, who's investigated cybercrime for the FBI on and off for the past nine years. The FBI has also tracked terrorist groups that use cybercrime such as identity theft to fund their operations, he added.

More here.

Mark Fiore: Palin's Afghanistan




More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Enjoy!

- ferg

Programming Note: Out-of-Pocket Today

As you may have noticed, there has been no blogging today -- I was busy up in San Francisco today in meetings.

Sorry for the stoppage in the flow of posts, but things should pick back up tonight and tomorrow.

Cheers!

- ferg

Tuesday, October 14, 2008

National Cybersecurity Initiative R&D Effort Launched

Ben Bain writes on FCW.com:

The government officially has begun to formulate a national research and development agenda for “game-changing ideas" as part of the multiyear, multibillion-dollar, governmentwide effort to secure cyberspace through the Comprehensive National Cybersecurity Initiative (CNCI).

The National Science Foundation today issued a request for information initiating the National Cyber Leap Year. The Leap Year is meant to seek “the most promising game-changing ideas with the potential to reduce vulnerabilities to cyber exploitations by altering the cybersecurity landscape,” according to the RFI. The project aims to formulate an integrated national approach to making “cyberspace safe for the American way of life.”

Specifically, the project has the dual goals of forming a national research and development agenda that identifies the most promising technologies and how to bring them to fruition and to “jump-start game-changing, multidisciplinary efforts.” The Leap Year will run during fiscal 2009.

More here.

Gary McKinnon Loses Second Home Office Appeal

Gary McKinnon

Tom Espiner writes on ZDNet.co.uk:

The man accused by the US government of accessing more than 73,000 US military machines has lost his second appeal to the Home Office against extradition.

[Gary] McKinnon's recent diagnosis with Asperger's Syndrome, a condition on the autistic spectrum, had not changed home secretary Jacqui Smith's decision that the self-confessed Nasa hacker be extradited, said McKinnon's solicitor Karen Todner on Monday.

"The secretary of state has advised via the treasury solicitors that, despite Mr McKinnon's diagnosis with Asperger's, she will now be making arrangements for his extradition pursuant to her order for extradition of 4 July, 2006," said Todner. "We are now considering whether or not Mr McKinnon has a further judicial remedy and we are urgently investigating this issue."

The home secretary also failed to make any request to the US for McKinnon to be repatriated to the UK to serve his sentence, should he be found guilty by a US court, said Todner.

More here.

Excel Error Leaves Barclays With More Lehman Assets Than It Bargained For

Heather Havenstein writes on ComputerWorld:

A reformatting error in an Excel spreadsheet has cropped up in the largest bankruptcy case in U.S. history, prompting a legal motion by Barclays Capital Inc. to amend its deal to buy some of the assets of Lehman Brothers Holdings Inc.

The law firm representing Barclays filed the motion [.pdf] on Friday in U.S. Bankruptcy Court for the Southern District of New York, seeking to exclude 179 Lehman contracts that it said were mistakenly included in the asset purchase agreement. The firm — Cleary Gottlieb Steen & Hamilton LLP — said in the motion that one of its first-year law associates had unknowingly added the contracts when reformatting a spreadsheet in Excel.

More here.

FTC Shuts Down, Freezes Assets of Vast International Spam E-Mail Network

Via FTC.gov.

A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints about spam messages connected to this operation, and estimates that it may be responsible for sending billions of illegal spam messages.

At the request of the FTC, the court has issued a temporary injunction prohibiting defendants from spamming and making false product claims, and has frozen the defendants’ assets to preserve them for consumer redress pending trial. Authorities in New Zealand also have taken legal action, working in tandem with the FTC.


According to papers filed with the court, the defendants deceptively marketed a variety of products through spam messages, including a male-enhancement pill, prescription drugs, and a weight-loss pill.

More here.

Monday, October 13, 2008

Will the Real Spam King Please Stand Up?

Dan Tynan writes on PC World:

As more and more spammers are arrested, prosecuted, and sued under state and federal antispam statutes, there's one thing you can count on: Someone somewhere will invariably call the targeted spammer a "spam king."

It seems the bulk e-mail industry has more kings than a pinochle deck. But who is really the king of kings? The following ten spammers are all heavyweight contenders for the crown.

Half of them have done time or are still guests of the federal government. Two are dead. Most of the rest have been fined millions by the FTC and/or private companies for their misdeeds.

Which one truly deserves the title of King? Read on to find out.

More here.

Note: The real spam kings are Russian criminals who control the most prolific spam botnets on the planet. -ferg

TSA Airport Screener Steals Over $200,000 in Gadgets, Almost Gets Away With It

Via Gizmodo.

Transportation Security Administration baggage screener Pythias Brown is the reason you hate flying with expensive gear in your bag, especially if you ever flew out of Newark airport. Over the last few years, he stole at least $200,000 worth of electronics. Not just a camcorder here, a laptop there, or an Xbox 360 or two, either.

No, this guy had balls.

Among his biggest hauls—literally—was an HBO employee's $47,900 camera. And the TSA was totally clueless about it. He was finally caught after CNN found a camera he had stolen from them up for sale on eBay.

More here.

Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm

Kevin Poulsen writes on Threat Level:

DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.

Reports from the German national police obtained by the Südwestrundfunk, Southwest Germany public radio, blow the lid off the long running sting by revealing its role in nabbing a German credit card forger active on DarkMarket. The FBI agent is identified in the documents as J. Keith Mularski, a senior cybercrime agent based at the National Cyber Forensics Training Alliance in Pittsburgh, who ran the site under the hacker handle Master Splynter.

The NCFTA is a non-profit information sharing alliance funded by financial firms, internet companies and the federal government. It's also home to a seven-agent FBI headquarters unit called the Cyber Initiative and Resource Fusion Unit, which evidently ran the DarkMarket sting.

The FBI didn't return a phone call Monday.

More here.

DARPA Seeks Technology for Seeing Inside Buildings

Doug Beizer writes on FCW.com:

A new Defense Advanced Research Projects Agency project hopes to give warfighters the ability to see inside buildings in urban environments.

The DARPA pre-solicitation aims to develop a suite of sensing technologies for looking deep inside a building from above- and below-ground. The technologies should be suitable for a broad range of building types.

The technologies must support several intelligence, surveillance and reconnaissance operations including pre-mission planning, assessments of targeted structures and live updates during missions.

“As overseas military and peacekeeping operations have expanded in urban environments, our adversaries have adopted asymmetric strategies such as hiding in and operating out of civilian buildings,” the solicitation states. “To reduce the tactical risk to U.S. forces, it is imperative that we develop technologies to allow U.S. forces to confidently maneuver within building interiors.”

More here.

DHS Not Prepared For Cyber Attacks, House Committee Chair Says

Alice Lipowicz writes on FCW.com:

The Homeland Security Department is severely behind schedule in its core mission of preparing for major cyberattacks, explosive attacks, natural disasters and other scenarios, according to Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee.

Of eight planning scenarios and associated planning documents that are supposed to be the foundation of the National Response Framework, the department has completed only the first step of planning on a single scenario, Thompson wrote in an Oct. 9 letter to DHS Secretary Michael Chertoff.

As of Sept. 23, the department had finished its strategic guidance document for explosive attacks, which was the only scenario for which that document was completed, said a spokesman for Thompson. Strategic plans, concepts of operation, and operational plans were not completed for any of the eight scenarios.

“Since these planning scenarios are at the very core of the department’s mission, it is rather astonishing that these plans have not been completed,” Thompson wrote.

More here.

Toon of The Day: Protection





Image source: Ted Rall / Slate.com

Sunday, October 12, 2008

Classic xkcd: DRM - We All Lose


Click for larger image.

We love xkcd.

Enjoy!

- ferg

I Voted -- Make Sure You Do So, Too



I am very pleased to have just sealed the envelope on my California permanent absentee ballot for the 2008 general election.

This is an important civic responsibility -- please make sure to do the same.

Go to the polls, send your absentee ballot, whatever -- just vote!

- ferg

Hackers Force Al-Arabiya Site Name CIhange

Ian Black writes on The Guardian:

Sectarian cyber warfare in the Middle East has claimed its highest-profile victim yet, forcing a leading pan-Arab TV station to change its internet domain name.

Al-Arabiya Television, based in Dubai, is taking legal action in the US to prevent further hacking after its website was hit by "organized cyber piracy by extremists," the channel said at the weekend.

Last Friday its hacked website displayed a burning Israeli flag and a statement that read: "Serious warning: If attacks on Shia websites continue, none of your websites will be safe."

No group claimed responsibility for the incident, but it followed weeks of hacking that apparently reflects rising tensions between Sunni and Shia Muslims across the region.

More here.

Bush Watch: Only 100 Days Left in Office...




Only 100 days left in office. Yay.

- ferg