Saturday, October 25, 2008

Russian Coder: 'I Hacked Georgia's Sites in Cyber War'

Noah Shachtman writes on Danger Room:

Government and independent investigators are still trying to figure out who, exactly, hit Georgia's websites during its August war with Russia. Now, one of the hackers who claims to be behind some of the cyberattacks is telling all.

When the online assaults against Georgia began, everyone from the Russian government to a defunct, Moscow-based criminal consortium was blamed. A recent, preliminary report from the "Grey Goose" collection of online sleuths alleged that nationalistic Russian hackers, working largely on their own, bore a great deal of responsibility for the cyberstrikes.

The account from Leonid "R0id" Stroikov, in the latest edition of Xakep ("Hacker") magazine, appears to confirm the Grey Goose hypothesis. In the article, Stroikov talks about how he hit the website of the Georgian parliament — and why he decided to do it.

Countries today, Stroikov writes, "actively use the Internet for transmitting their point of view." So when Stroikov's "peaceful drink of beer" was "unexpectedly interrupted with the news of the developing situation in the Georgian-Ossetian conflict," he decided to strike a blow for Russia in the information war.

More here.

Image source: Danger Room

Thursday, October 23, 2008

PATCH NOW: Microsoft Security Bulletin MS08-067 – Critical


Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability over RPC without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.

More here.

Wednesday, October 22, 2008

Hacker Paid in Dodgy Web Tools for U.S. Attack

Via The New Zealand Herald.

The American man jailed yesterday for hacking a University of Pennsylvania computer server "effectively hired" a New Zealand teenager to carry out an attack on internet chat groups, a prosecutor says.

Ryan Goldstein, 22, a student at the university, online offered Whitianga teenager Owen Thor Walker log-in rights to a website and malicious "trojan horse" software, Michael Levy, chief of computer crimes with the US Attorney's Office for the Eastern District of Pennsylvania.

In return Walker, known online as AKILL, agreed to train his botnet on Goldstein's targets.

"Did he pay him? It's in internet currency: 'Here's some tools for your kit bag,"' he said. "Did he send him money through this Paypal account? No."

Internet news website said today Goldstein wanted to wage an online war with three IRC (Internet Relay Chat) networks and a now-defunct website called,

He was angry after being banned from at least one of the forums, and he talked the 18 year-old New Zealander into launching a distributed denial-of-service attack against these networks.

More here.

Hackers' Mind-Set: They've Done Nothing Wrong

Jon Swartz writes on USA Today:

Albert Gonzalez appeared to be a reformed hacker. But the onetime government informant was a central character in what Justice Department officials claim was an international cybercrime syndicate that ripped off tens of millions of credit and debit card numbers from large U.S. retailers.

Irving Jose Escobar seemed nothing more than a tough Miami kid with a long rap sheet. Yet last year, he pleaded guilty to his role in a multimillion-dollar scam in Florida tied to Gonzalez's exploit.

What they shared, based on indictments in their separate cases, are key roles in the massive cyberheist at TJX, parent of retailers T.J. Maxx and Marshalls, and the credit card scams that resulted. First disclosed by TJX in January 2007, it is believed to be the largest such theft.

It is unclear whether Gonzalez and Escobar know each other. But each was involved in different scams tied to TJX, according to their respective indictments. The divergent sagas of the hacker Gonzalez and streetwise Escobar represent bookends of the vast digital crime. According to psychiatrists, hackers and computer-security experts, they represent the vanguard of cybercrooks: young, misguided males who rationalize that they've done nothing wrong.

More here.

Off Topic: Russians Watching U.S. Presidential Race

Via The Other Russia.

At a meeting in Moscow this Tuesday, Russian experts turned the conversation to presidential politics in the United States, the news agency reports. With a fascinating electoral campaign taking place in the US, many Russians have taken a key interest in the competition between Senators John McCain and Barack Obama.

Participants in the discussion, largely Russian experts on the United States, disagreed widely on what the result of the American election would mean for Russia.

The event was held in line with a presentation of The Audacity of Hope, a memoir and policy book written by Obama.

Valery Garbuzov, the deputy director of the Institute of USA and Canada in Russia’s Academy of Sciences, said that people in US have been “living by these elections” for over a year. In his opinion, the active nationwide discussion of the problems facing the US in recent years shows that American democracy is not in crisis. “These grueling, expensive, exhausting American elections still accomplish their goal after all,” he said.

More here.

Unconvicted Kiwi Hacker's Partner in Crime Gets Jail Time

Maryclaire Dale writes in The New Zealand Herald:

A federal judge questioned why a white college student, who the FBI says worked with a New Zealand teenager to hijack computers worldwide and who was found with thousands of images of child pornography, was spared a decade-long prison sentence that a black convicted child pornographer faced at the same hearing.

University of Pennsylvania student Ryan Goldstein, 22, was sentenced to three months in prison and five years of probation for a hacking scheme that caused a Penn engineering school server to crash in 2006.

Assistant US Attorney Michael Levy said the decision not to charge Goldstein for the child pornography was appropriate given his extensive cooperation.

Voicing concerns about fairness, the judge took the unusual step of sentencing Goldstein alongside a Philadelphia man, Derrick Williams, who was facing eight to 10 years in prison for child pornography in an unrelated case.

Both men were found with several thousand images of child pornography, and each had copied some of the images, though Williams had also posted about 15 of them on a website, prosecutors said.

The judge said he could not help noting that Williams is black and Goldstein is white.

More here.

Ohio Election Site Back up Amid Fraud Fights

Kenneth Corbin writes on

The voter-registration Web site in the key swing state of Ohio may be back online following a data breach earlier this week, but the partisan fights over voter fraud allegations rage on.

The Web site of Ohio Secretary of State Jennifer Brunner, the state's top elections official, contains logs of voter records, campaign contributions and other election information.

Personnel in the information technology division noticed the site breach on Monday and it was then moved into a static mode, said Jeff Ortega, a spokesman for the Democrat's office. Most services had been restored Tuesday morning, Ortega told, and IT personnel were scrambling to get the final components back online.

The security breach is the latest attack against Brunner's office, which has become a lightning rod in Ohio politics lately, having to fend off accusations that her office is turning a blind eye to the potential for widespread voter fraud.

More here.

Voters Allege e-Voting Machines Switching Votes

Grant Gross writes on InfoWorld:

A handful of early voters in West Virginia have complained that electronic voting machines there switched their votes, but voting officials and the e-voting vendor discounted the problem.

Three voters in Putnam County and three voters in neighboring Jackson County told the Charleston Gazette that e-voting machines from Election Systems & Software (ES&S) had switched their votes from a Democratic to a Republican candidate during recent early voting. But county election officials said they've been unable to replicate the problems, and the voters were eventually able to vote for the candidates they wanted.

In some cases, the voters told the newspaper that their attempts to vote for Democratic Senator Barack Obama for president was switched to Republican Senator John McCain. In other cases, votes for other Democratic candidates were switched, they told the newspaper.

More here.

Experts: Next President Will Need to Make Cyber Security a Priority

Jaikumar Vijayan writes on ComputerWorld:

In an election season dominated by concerns over the economy and the war in Iraq, cybersecurity hasn't exactly been a top issue for the candidates or voters.

But it's a topic the next administration will need to focus on -- and as a high priority, according to several tech industry representatives, including two former officials at the U.S. Department of Homeland Security (DHS) and a former White House cybersecurity czar.

Driving that urgency is the growing danger of cyberattacks against critical networks and systems that run the financial services and energy sectors, as well as those used by the government and the military. Those attacks could come from opportunistic nation-states as well as from criminal adversaries, they said.

"There is not a doubt in my mind that the time for action, and dramatic action, is now," said Amit Yoran, former director of the National Cyber Security Division (NCSD) of the DHS and now CEO of NetWitness Corp. "Without a comprehensive national cybersecurity initiative, things are going to end up in a very bad way."

More here.

Monday, October 20, 2008

Programming Note: Very Few (If Any) Blog Posts This Week

I'm headed to Washington, D.C., later this morning for meetings that will run almost all week, so I doubt I will have much time to post to the blog.

Things should be back to normal by the weekend.


- ferg

In Memoriam: Abha Ahuja

Abha Ahuja
1972 - October 20, 2001

We miss you, Abha.

Sunday, October 19, 2008

In Passing: Mr. Blackwell

Richard Blackwell
August 29, 1922 - October 19, 2008

Toon of The Day: Powell to The People

We love Mr. Fish.


New Zealand: Beware of 'Outsourcing' Spies, Gov't Agencies Told


Government agencies should weigh up the risks to security and New Zealand's wider economic interests before outsourcing IT systems overseas, says the State Services Commission.

The commission has been developing guidelines for agencies considering "offshoring" information processing for 18 months.

An IT industry executive at one multinational says the upshot is that while departments could send processing overseas, it would probably be easier for them to "pass their datacentres through the eye of a needle".

Commission spokesman Jason Ryan says the advice stresses the dangers of offshoring, but also sets out how they could be managed.

"That was the intention - to make people well aware of what the risks were and how they could think about mitigating them."

More here.

Report: Power Attacks On Credit Cards Still A Major Threat

Evan Schuman writes on StorefrontBacktalk:

It's hardly a new payment card security threat, but what has become known as differential power analysis (DPA) is still very much a threat on most payment smart cards, according to a report in this week's Nilson Report, a well-respected newsletter cover payment issues.

A DPA attack, as described in the report, takes advantage of the electrical impulses inherent in any smart card.

"The silicon chips embedded in smart cards consume power whenever they process payment data and it is possible for criminals to
measure these power fluctuations surreptitiously and then analyze them to decode the secret keys that secure the data," the report said.

The report also made its argument for the risks if such card capabilities are not restricted.

More here.

Thieves Steal From French President's Bank Account

A Reuters newswire article, via The International Herald Tribune, reports that:

Fraudsters took money from French President Nicolas Sarkozy's personal account after managing to get hold of his bank details, a newspaper reported Sunday.

Sarkozy complained to police in September after "small amounts" were stolen from his account, the Journal du Dimanche newspaper said, quoting sources close to the investigation.

Sarkozy's office confirmed the details, the paper said. Criminal and financial fraud squads and a prosecutor in the Paris suburb of Nanterre were investigating the case.

More here.

UK: Passports Will Be Needed to Buy Mobile Phones

Via The Times Online.

Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance.

Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

A compulsory national register for the owners of all 72m mobile phones in Britain would be part of a much bigger database to combat terrorism and crime. Whitehall officials have raised the idea of a register containing the names and addresses of everyone who buys a phone in recent talks with Vodafone and other telephone companies, insiders say.

The move is targeted at monitoring the owners of Britain’s estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details.

More here.

This is the craziest fucking thing I've ever heard of in my entire lifetime. -ferg