Saturday, November 29, 2008

Worker Safety: Bush Aides Rush to Enact a Safety Rule Obama Opposes

Robert Pear writes in The New York Times:

The Labor Department is racing to complete a new rule, strenuously opposed by President-elect Barack Obama, that would make it much harder for the government to regulate toxic substances and hazardous chemicals to which workers are exposed on the job.

The rule, which has strong support from business groups, says that in assessing the risk from a particular substance, federal agencies should gather and analyze “industry-by-industry evidence” of employees’ exposure to it during their working lives. The proposal would, in many cases, add a step to the lengthy process of developing standards to protect workers’ health.

Public health officials and labor unions said the rule would delay needed protections for workers, resulting in additional deaths and illnesses.

More here.

Off Topic: The Last Starfighter

Click for larger image.

Has it really been 24 years?

In any event, I always loved this flick, and HBO ran it tonight, much to my enjoyment. Nothing better than a solid SciFi space flick on a long weekend to make you feel a bit nostalgic.

What a really fun movie...

- ferg

The Last Starfighter theatrical poster, via Wikipedia.

UK: Russia's Teapot Gift to Queen 'Could Have Been Bugged'

Matthew Moore writes on The Telegraph:

The urn was identified as a possible spying device on a recent security sweep of the royal residence, according to reports.

The ornate 2ft samovar was presented to the monarch around 20 years ago, and had been kept in the corner of a drawing room on the Aberdeenshire estate.

But now British anti-surveillance experts have insisted that it be removed, amid fears that its arcane Eastern Bloc wiring could contain a listening device.

Any bug inside the teapot could have picked up details of the Queen's conversations with prime ministers and other world leaders, as well as private discussions between members of the Royal Family.

More here.

You’re Leaving a Digital Trail. What About Privacy?

John Markoff writes in The New York Times:

Propelled by new technologies and the Internet’s steady incursion into every nook and cranny of life, collective intelligence offers powerful capabilities, from improving the efficiency of advertising to giving community groups new ways to organize.

But even its practitioners acknowledge that, if misused, collective intelligence tools could create an Orwellian future on a level Big Brother could only dream of.

Collective intelligence could make it possible for insurance companies, for example, to use behavioral data to covertly identify people suffering from a particular disease and deny them insurance coverage. Similarly, the government or law enforcement agencies could identify members of a protest group by tracking social networks revealed by the new technology. “There are so many uses for this technology — from marketing to war fighting — that I can’t imagine it not pervading our lives in just the next few years,” says Steve Steinberg, a computer scientist who works for an investment firm in New York.

In a widely read Web posting, he argued that there were significant chances that it would be misused, “This is one of the most significant technology trends I have seen in years; it may also be one of the most pernicious.”

More here.

Analysis: China's Cyber Warriors a Challenge for India

Abanti Bhattacharya writes on The Asia Times Online:

India's External Affairs Minister Pranab Mukherjee, in a speech to the National Defense College in New Delhi on November 3, said China posed a new set of challenges to India with its growing capabilities in outer space and its frenzied search for new resources. But an equally potent and dangerous challenge the minister overlooked is the new threat of Chinese cyber-nationalism.

China has in recent times witnessed staggering growth in cyber-nationalism, a new kind of nationalism with immense and sometimes dangerous power. This cyber-nationalism could be also described as a part of China's psychological warfare. It encapsulates the strategy of China's Sun Tzu (722-481 BC) of defeating the enemy without waging a war.

More here.

Hat-tip: China Digital Times

Friday, November 28, 2008

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Nov. 28, 2008, at least 4,206 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,394 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is three fewer than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Nov. 28, 2008, at least 556 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EST.

Of those, the military reports 404 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Friday Monkey Blogging: Real-Life Furbys Rediscovered

As I mentioned last month, I have started a regularly recurring blog entry meme every Friday afternoon, inspired by Bruce Schneier's regular series of "Friday Squid Blogging" posts, and my very own maddening Monkey Theory.

Here is this week's installment

Alan Boyle writes for

A primate species that looks like a living, breathing version of the Furby electronic toy has been found alive in the forested highlands of an Indonesian island for the first time in more than 70 years, scientists announced Tuesday.

Three specimens of the pygmy tarsier, a nocturnal creature about the size of a small mouse, were trapped and tracked this summer on Mount Rorekatimbo in Lore Lindu National Park in Central Sulawesi, Texas A&M University reported.

More here.

Image source: Texas A&M /

Computer Virus Hits U.S. Military Base in Afghanistan

Anna Mulrine writes on U.S. News & World Report:

The largest U.S. military base in Afghanistan was hit by a computer virus earlier this month that affected nearly three quarters of the computers on the base, U.S. News has learned.

This wasn't the first such cyberattack, and officials said that earlier incarnations of the virus had exported information such as convoy and troop movements here. It was not clear precisely what information, if any, was being pulled from Department of Defense computers by this latest virus, they said.

Officials familiar with the computer attack characterized it as extremely aggressive and said that it originated in China. However, they haven't been able to determine whether the viruses are part of a covert Chinese government effort or the work of private hackers.

U.S. military officials on the base took the step of prohibiting the use of portable flash memory, or "thumb drives," as they learned more about the virus. The move reflects the concern that the portable drives can inadvertently spread viruses through separate computer networks in the field. Late last week, Pentagon officials also banned the use of thumb drives because of concerns that they were spreading a virus through the Department of Defense computer networks.

U.S. military spokesmen at Bagram declined to comment, citing operational security.

More here.

UK: London Hospitals Still Battling Computer Virus

Nick Heath writes on

Three London hospitals are trying to flush a virus out of computer systems 11 days after it first struck.

Engineers at Barts and The London NHS Trust are still trying to restore full network access for all trust staff and to clean the virus from remaining PCs.

The W32/Mytob.gen@mm virus was detected on a network at the trust - which covers St Bartholomew's in the City, The Royal London in Whitechapel and The London Chest in Bethnal Green - on Monday 17 November.

The trust has launched an investigation into how the infection was introduced and then spread throughout the network.

More here.

UK: Network Outage Leaves Hospital in Chaos

Siobhan Chapman writes on Computerworld UK:

A network failure left a Norfolk hospital staff unable to access patient record systems for over four days.

The problems started at Dereham Hospital in Norfolk from last Thursday and lasted through to Monday. There was a second breakdown of the system on Wednesday this week.

Initially, the problems were blamed on SystmOne, one of the systems in the National Programme for IT system that is being deployed through Trusts in the North, Midland and East. SystmOne has been rolled out to Dereham Hospital in the last few weeks.

But NHS Norfolk said the fault was due to a network failure from supplier BT. While the SystmOne computer system was affected, it was not the cause.

A spokesperson from NHS Norfolk said: “The issue was caused by a BT network failure on Thursday 20 November, which both BT engineers and NHS engineers worked together to correct. The computer systems were functional again on Monday 24 November."

But the spokesperson said the hospital may not have been the only building affected by the fault.

More here.

Note: This recent disruption of UK hospital network services comes on the heels of a Mytob worm infection that effectively shut down three other UK hospitals two weeks ago. -ferg

Celebrate 'Buy Nothing Day 2008'

U.S. Intelligence Focuses on Pakistani Group

Mark Mazzetti writes in The New York Times:

American intelligence and counterterrorism officials said Friday there was mounting evidence that a Pakistani militant group based in Kashmir, most likely Lashkar-e-Taiba, was responsible for the deadly attacks in Mumbai.

The American officials cautioned that they had reached no hard conclusions about who was responsible for the operation, nor on how it had been planned and carried out. Nevertheless, they said that evidence gathered over the past two days has pointed to a role for Lashkar-e-Taiba, or possibly another Pakistani group focused on Kashmir, Jaish-e-Muhammad.

The American officials insisted on anonymity in describing their current thinking and declined to discuss the intelligence information that they said pointed to Kashmiri militants.

Lashkar-e-Taiba on Thursday denied any responsibility for the terrorist strikes. The group is thought by American intelligence agencies to have received some training and logistical support in the past from Pakistan’s powerful spy service, the Inter-Services Intelligence agency, or ISI, but American officials said Friday that there was no evidence that the Pakistani government had any role in the Mumbai attacks.

More here.

UK Institute for Public Policy Research: IT Is A Key Terrorist Tool

Tom Young writes on Computing:

The embedding of IT in the UK's critical national infrastructure, and the country's increasing reliance on that infrastructure, poses serious national security concerns for the country, according to one of the Labour Party's favourite think tanks.

In addition to forming the backbone of the communications infrastructure, IT is now also heavily embedded in the running of more traditional infrastructures such as water, power and transport systems.

"The significance of this is all the greater when one considers the extent to which we have become an infrastructure-reliant society more generally," says a report by the Institute for Public Policy Research (IPPR).

Over the last decade, companies around the world have taken steps to adopt a lean approach to business operations.

Ast a consequence, the supply chains of businesses have become globally stretched. This has increased efficiency but it also comes with a downside in terms of an increased reliance on a smoothly functioning set of infrastructures in energy, transportation and communications.

"In other words, the more efficiently we operate, the less slack there is in the system to cope with major disruption," says the IPPR report.

The Titan Rain campaign of coordinated cyber attacks on US computer systems since 2003 and attacks on Estonian financial infrastructure in May 2007 have highlighted the dangers of cyber warfare.

More here.

Thursday, November 27, 2008

World Bank Removes Chief Information Officer Following Cyber Attacks

Via FOX News.

The World Bank has effectively dumped a vice president who served as its chief information officer while it scrambles to deal with a series of embarrassing hacker attacks, which were first reported on

Robert Van Pulley, a computer security director, will take responsibility for the institution’s embattled information system “effective immediately and until more permanent arrangements are in place,” according to an e-mail sent to staffers Tuesday evening by Juan Jose Daboub, one of three managing directors at the World Bank.

Van Pulley will report to a new executive council on computer security that includes Daboub and two other top World Bank officials. He replaces World Bank Vice President Guy-Pierre De Poerck, who was not mentioned in Daboub's e-mail and whose fate remains unclear.

World Bank officials would say Wednesday only that De Poerck's employment had not changed; they declined to offer any further information.

More here.

Cyber Attack on U.S. Defense Department Computers Raises Concerns

Julian E. Barnes writes in The Los Angeles Times:

Senior military leaders took the exceptional step of briefing President Bush this week on a severe and widespread electronic attack on Defense Department computers that may have originated in Russia -- an incursion that posed unusual concern among commanders and raised potential implications for national security.

Defense officials would not describe the extent of damage inflicted on military networks. But they said that the attack struck hard at networks within U.S. Central Command, the headquarters that oversees U.S. involvement in Iraq and Afghanistan, and affected computers in combat zones. The attack also penetrated at least one highly protected classified network.

Military computers are regularly beset by outside hackers, computer viruses and worms. But defense officials said the most recent attack involved an intrusive piece of malicious software, or "malware," apparently designed specifically to target military networks.

"This one was significant; this one got our attention," said one defense official, speaking on condition of anonymity when discussing internal assessments.

Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary.

Bush was briefed on the threat by Navy Adm. Michael G. Mullen, chairman of the Joint Chiefs of Staff. Mullen also briefed Defense Secretary Robert M. Gates.

More here.

NASA Curbs Removable Media Use

Wyatt Kash writes on

NASA chief information officer Jonathan Pettus clarified the agency’s policy curbing the use of removable media in the wake of recent security concerns. The policy appeared in an internal memo.

New details about security concerns at NASA, independent of the memo, emerged in a report by BusinessWeek published last weekend. It details a series of significant and costly cyberattacks on NASA systems in the past decade.

The memo from Pettus instructs employees not to use personal USB drives or other removable media on government computer systems. It also directs employees not to use government-owned removable devices on personal machines or machines that do not belong to the agency, department or organization. And it warns employees not to put unknown devices into any systems and to ensure that systems are fully patched and have up-to-date antivirus software.

The directive is not as sweeping as one issued by the Defense Department, which temporarily forbids the use of USB drives and other removable media devices of all types as a step toward mitigating the spread of detected malware.

More here.

Hat-tip: Dissent

Estonian ISP Cuts off Control Servers for Srizbi Botnet

Jeremy Kirk writes on PC World:

An Estonian ISP that temporarily hosted the command-and-control servers for the Srizbi botnet, responsible for a large portion of the world's spam, has cut off those servers, according to computer security analysts.

Starline Web Services, based in Estonia's capital Tallinn, had hosted four domain names identified as the control points for Srizbi, according to researchers from computer security firm FireEye.

Hundreds of thousands of PCs around the world infected with Srizbi, a difficult-to-remove rootkit that is used for sending spam, were programmed to seek new instructions from servers in those domains.

Srizbi is considered one of the more powerful botnets, with at least 450,000 PCs infected. It is estimated that half of the world's spam originated from computers infected with Srizbi. Spam remains a profitable business for cybercriminals.

More here.

More Thanksgiving Fun: Palin's Turkey Interview - The Outtakes

Enjoy. Your. Turkey.

- ferg

For Thanksgiving: Thanks, G.I. Joe

To Whoever You Are: Thank you.

I give thanks that we have men & women in this country that hear the call, and follow it, regardless of the mindless politics -- regardless of the controversy over whether it is right or wrong.

They are unassuming Heroes, following orders, part of a machinery that must function.

And they make it so.

And on this day of thanks, and as a former Soldier, I thank you.

Whoever you are. Wherever you are.

If you've worn the uniform, you know the drill.

I salute you.

"De Oppresso Liber."

- ferg

p.s. Hit the mess hall and grub on some of that turkey dinner when you get a chance...

Happy Thanksgiving 2008

Happy Thanksgiving!

Image source:

Wednesday, November 26, 2008

It's What's For Dinner: Turkey Spam!

Happy Thanksgiving!

Okay, but seriously, we're all seeing spam levels increase as the Russian criminal operation controlling several botnets (and other criminal infrastructure) make every attempt to regain some of the botnet infrastructure that they lost when McColo was disconnected and seed new botnet zombies.

Click for larger image.

As you can see in the graph above (snapshot of earlier this evening -- courtesy SpamCop), the level of spam has been slowly creeping higher over the course of the past few days.

But we are diligently watching & tracking their activities.

Of course, this is the busy season for cyber criminals -- and with the Christmas shopping season right around the corner, spammers certainly want to give consumers every opportunity to be (unwillingly) parted from their money.

Let' be careful out there, and enjoy the long weekend.

- ferg

How Spyware Nearly Sent a Teacher to Prison

Robert McMillan writes on

If there's a poster child for the dangers of spyware, it's Julie Amero.

The 41-year-old former substitute teacher was convicted of four felony counts of endangering minors last year, stemming from an Oct. 19, 2004, classroom incident where students were exposed to inappropriate images.

Prosecutors had argued that Amero put her students at risk by exposing them to pornography and failing to shield them from the pop-up images after they appeared on her classroom computer.

Amero was an unlikely porn surfer. Four months pregnant at the time, she said she had only just learned to use e-mail. She says she was well-liked by teachers and students at Kelly Middle School in Norwich, Connecticut, where the incident occurred. "I was the cool teacher everybody liked," she remembers.

Amero said she did everything she could to protect her kids, but school officials, reacting to angry calls from parents, went to the police, who soon pressed criminal charges.

The case ruined her life.

More here.

Mark Fiore: Clap On, Clap Off

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Olympic Ticket Scam Mastermind Arrested

Jennifer Cooke writes on The Age:

Five people have been arrested in London including the alleged mastermind behind the Beijing online ticketing scam in which Australians and others around the world lost tens of thousands of dollars after buying but not receiving tickets for the Olympic Games.

Online customers from 60 countries were among those who paid for but did not receive tickets bought via, including the former NSW Opposition leader, Kerry Chikarovski, and the relatives of British olympic competitors.

Britain's Serious Fraud Office (SFO) announced late last night, Sydney time, that the group, four men aged 41, 50, 51 and 54 and a 49-year-old woman were arrested, questioned and released on unconditional bail.

The arrests by members of the SFO and the Metropolitan Police Service are part of an ongoing investigation into a suspected online fraud by companies including Xclusive Tickets Limited and Xclusive Leisure & Hospitality Limited (XL&H) which are both in liquidation and allegedly linked to Terence Frank Shepherd, of Blackheath in London.

More here.

Note: Previous reports of bogus Beijing Olympics ticket websites here. -ferg

Berlin: A Russian Mafia Hub

A UPI newswire article by Stefan Nicola, via The Middle East Times, reports that:

Berlin has become a European hub for the Russian mafia, according to security experts in the German capital.

If you own a BMW X5 or a Porsche Cayenne, you shouldn't park it in the streets of Berlin too often, because these fancy SUVs top the list from which the Russian mafia is "shopping" in Germany's capital. The criminals cruise the rich neighborhoods until they find their car of choice, then open, short-circuit and load it onto a truck -- in less than two minutes. Chances are the owners won't see their cars again.

"Such vehicles are brought into nearby body shops … where they are tuned or taken apart completely," Bernd Finger, the head of the Berlin Criminal Office, said earlier this month in an interview with the Sueddeutsche Zeitung newspaper. "From there they are taken to intermediate traders in Lithuania, Poland, Czech Republic, Slovenia. And from there they are taken into the buyer's country, most often Russia or Asia."

Finger is Berlin's chief anti-mafia czar, and he raised eyebrows when he recently revealed that Berlin, along with London and New York, has turned into a hub for the Russian mafia.

More here.

Deccan Mujahideen Claims Responsibility For Horrific Mumbai Terror Attacks

Via Reuters AlertNet.

An organisation calling itself the Deccan Mujahideen has claimed it was behind attacks in India's financial capital Mumbai that have left at least 80 people dead, television channels reported on Thursday.

The previously unknown or little known group sent an email to news organisations claiming responsibility.

India has suffered a wave of bomb attacks in recent years. Most have been blamed on Islamist militants, although police have also arrested suspected Hindu extremists thought to be behind some of the attacks.

More here.

No Court Order Needed to Spy on Americans Overseas, Appeals Court Rules

Ryan Singel writes on Threat Level:

The Fourth Amendment’s shield against invasive searches reaches only partially across the border, a federal appeals court ruled this week, finding that the nation’s spies don't need a court order to wiretap an American overseas, though there has to be a good reason for listening in.

The 2nd U.S. Court of Appeals ruling [.pdf] fills in a gap in surveillance law and could complicate cases challenging both the government’s warrantless wiretapping program and a newly passed surveillance law that gives the government wide latitude to snoop from inside the United States without getting court orders.

The unsigned opinion found that wiretapping overseas was invasive, but that it made no sense to require a court order to wiretap or search an American overseas, since the warrant would have “dubious legal significance” in another country. The test, the court says, is whether the search is reasonable.

More here.

Indian, Pakistani Hackers Deface Government Websites

Via The Times of India.

Indian and Pakistani hackers are engaged in a round of tit-for-tat defacing of government-run websites of the two countries, targeting such major organisations as India's oil and gas major ONGC and its Pakistani counterpart OGRA.

The cyber warfare began in mid-November when an Indian group of hackers known as HMG or "Guards of Hindustan" defaced the website of Pakistan's Oil and Gas Regulatory Authority and deleted all its data.

The move created a buzz in cyberspace as HMG had earlier hacked a number of Pakistani communities on the social networking website Orkut.

Apparently acting in retaliation, a group calling itself the Pakistan Cyber Army (PCA) yesterday hacked five Indian websites, including those of ONGC, Indian Institute of Remote Sensing (IIRS), Indian Railways and the Kendriya Vidyalaya in Ratlam.

While the websites of ONGC and Indian Railways were quickly restored, the IIRS website is still blank. In a message posted briefly on the ONGC website, PCA said the hacking was carried out in retaliation for the hacking of the OGRA website.

More here.

ID Thieves Hit Federal Credit Unions, Consumers

Richard Adhikari writes on

An international identity theft ring is being accused of stealing funds from the credit unions for the U.S. Senate, Navy, Pentagon and State Department, while also having separately made off with millions from consumers' home equity lines of credit.

Several arrests have already been made in a case that has prompted U.S. attorneys in several states to join forces with the FBI, the Secret Service, U.S. Postal Inspectors and local police departments to hunt the crooks, according to Department of Justice (DoJ) officials.

So far, four men in three states have been arrested on charges of engaging in an international conspiracy relating to the theft of money from home equity lines of credit.

The suspects are Derrick Polk, 45, of Los Angeles. Calif.; Oludola Akinmola, 37, and Oladeji Craig, 39, both of Brooklyn, N.Y., and Oluwajide Ogunbiyi, 32, of Springfield, Ill., according to the DoJ's Public Affairs Office for the district of New Jersey.

More here.

U.S. Army Goes Bot Hunting

Thomas Claburn writes on InformationWeek:

Most people whose computers have been turned into bots and linked to a botnet have no idea that their machines have been commandeered by cybercriminals. Their PCs send spam, steal information, and participate in denial-of-service attacks without any obvious sign.

But new software, funded by a grant from the U.S. Army Research Office and developed by SRI International, promises to provide users with more insight into what their computers are doing.

BotHunter, announced on Monday, is a free malware-detection application for Mac OS X, Linux/Unix, and Windows that monitors network activity. Unlike intrusion detection system (IDS) tools that scan only incoming data, BotHunter looks for patterns that indicate malware activity in both incoming and outgoing data.

More here.

Tuesday, November 25, 2008

Spam is Inching Up...

We're working on it...

- ferg


Classic xkcd: Induced Current

Click for larger image.

We love xkcd.


- ferg

Spam Levels Fluctuate As Crooks Try To Revive Botnets

Gregg Keizer writes on ComputerWorld:

Two weeks after a hosting firm's shutdown sent global spam volumes plummeting, some researchers continue to claim that junk mail rates remain dramatically down, while others say spam has already bounced back.

The shutdown of California-based McColo Corp., a company that hosted a staggering variety of cybercriminal activity, on Nov. 11 cut spam by as much as 75% in the first few days after its upstream Internet providers pulled the plug. The shutdown slashed spam volumes because some of the planet's biggest spam-sending botnets were controlled from servers hosted by McColo, according to security researchers who had long urged the company's disconnection from the Web.

While spam initially slid off a digital cliff, two weeks later it's unclear whether spammers have resumed their usual practices.

More here.

Spam Is Silenced, But Where Are The Feds?

Robert McMillan writes on PC World:

On Oct. 14, the U.S. Federal Trade Commission, with help from the U.S. Federal Bureau of Investigation and New Zealand police, announced that it had shut down a vast international spam network known as HerbalKing.

It was a triumphant moment for the FTC, which said that the group had been linked to as much as a third of the junk e-mail on the Internet. In an interview with The New York Times, FTC Commissioner Jon Leibowitz was modest in his appraisal of the situation. "They were sending extraordinary amounts of spam," he said. "We are hoping at some level that this will help make a small dent in the amount of spam coming into consumers' in-boxes."

The FTC's HerbalKing operation grabbed a lot of headlines, but it didn't do much to reduce the amount of spam on the Internet, researchers say. Within a week, spam was as big of a problem as ever.

Instead, it took another operation, two weeks later, against the ISP (Internet service provider) McColo in San Jose, California, to really reduce the amount of spam. But although McColo appears to have been a playground for Internet criminals, no federal agency, not the FTC, not the FBI, not the Secret Service or the Department of Justice, was involved in shutting it down.

More here.

The Onion: Sword-Wielding Man Shot At Scientology Building

Click for larger image.

We love The Onion, too.


- ferg

Quote of The Day:

"If GCHQ and the Whitehall securocats cannot even keep information of a 'personal nature'" about a British Prime Minister's 'private life' out of the clutches of foreign intelligence agency phone interception system, then why should they be trusted with the massive Communications Traffic Data centralised database, which Home Secretary Jacqui Smith is planning to inflict on tens of millions of innocent British people?"

-, on the news that U.S. Intelligence Agencies eavesdropped on British Prime Minister Tony Blair's private communications.

281,000 Domains to be Transferred from EstDomains to Directi


An estimated 281,000 domain names held by EstDomains will be transferred to ICANN-accredited registrar Directi Internet Solutions following the termination of EstDomains' registrar accreditation yesterday.

Customers of EstDomains will be contacted directly by Directi and receive notice of the transfer plus instructions for continued management of their names. There will be no cost to the registrants for this transfer.

EstDomains was informed on 28 October 2008 that ICANN was terminating the company's accreditation due to its president's conviction for credit card fraud, money laundering and document forgery. ICANN stayed that termination following correspondence with EstDomains. However, after further investigation, ICANN decided to go ahead with the termination, effective yesterday, 24 November 2008.

In accordance with the De-Accredited Registrar Transition Procedure, ICANN put out a request for statements of interest from registrars interested in receiving a bulk transfer of the names formerly managed by EstDomains.

As part of that procedure, EstDomains is permitted to designate a gaining registrar. It chose to use that option and identified ICANN-accredited registrar Directi. ICANN reviewed that request and approved it.

More here.

McColo Takedown: Changes in International Spam Distribution and Asprox Botnet Activity

Ralf Iffert, John Kuhn, and Holly Stewart write on the IBM Frequency X Blog:

Since the takedown of the California-based web hoster McColo, we've noticed some significant changes in our spam and asprox-related botnet activity.

From a spam perspective, everyone has noted the overall drop. After the Nov. 11th takedown, spam volume in our spam traps was down to around 25% of previous levels. More interesting, perhaps, is the marked change we noticed in the origins of spam (the country location of the spam bot, generally).

The United States has, for years, maintained a top spot in the spam origin list. Six days before the takedown, it was in the number one spot.

Six days after the takedown, spam production coming out of the US was reduced to a mere 14% of its original capacity. So, it wasn't a terrible surprise when the US finally lost its top spot on the list on this sixth day after the takedown.

More here.

Off Topic: 'The Twenty Scariest Minutes of TV I've Seen This Year'

Big hat-tip: David Isenberg / BoingBoing

National Disgrace: Our Country Gives Thanks — But Cuts Benefits — To Disabled Veterans

David Zucchino writes in The Los Angeles Times:

Marine Cpl. James Dixon was wounded twice in Iraq -- by a roadside bomb and a land mine. He suffered a traumatic brain injury, a concussion, a dislocated hip and hearing loss. He was diagnosed with post-traumatic stress disorder.

Army Sgt. Lori Meshell shattered a hip and crushed her back and knees while diving for cover during a mortar attack in Iraq. She has undergone a hip replacement and knee reconstruction and needs at least three more surgeries.

In each case, the Pentagon ruled that their disabilities were not combat-related.

In a little-noticed regulation change in March, the military's definition of combat-related disabilities was narrowed, costing some injured veterans thousands of dollars in lost benefits -- and triggering outrage from veterans' advocacy groups.

More here.

Big hat-tip: Chronicles of Dissent

Monday, November 24, 2008

Network Security Breaches Plague NASA

Keith Epstein and Ben Elgin write on BusinessWeek:

America's military and scientific institutions—along with the defense industry that serves them—are being robbed of secret information on satellites, rocket engines, launch systems, and even the Space Shuttle. The thieves operate via the Internet from Asia and Europe, penetrating U.S. computer networks. Some of the intruders are suspected of having ties to the governments of China and Russia, interviews and documents show. Of all the arms of the U.S. government, few are more vulnerable than NASA, the civilian space agency, which also works closely with the Pentagon and American intelligence services.

In April 2005, cyber-burglars slipped into the digital network of NASA's supposedly super-secure Kennedy Space Center east of Orlando, according to internal NASA documents reviewed by BusinessWeek and never before disclosed. While hundreds of government workers were preparing for a launch of the Space Shuttle Discovery that July, a malignant software program surreptitiously gathered data from computers in the vast Vehicle Assembly Building, where the Shuttle is maintained. The violated network is managed by a joint venture owned by NASA contractors Boeing and Lockheed Martin.

Undetected by the space agency or the companies, the program, called stame.exe, sent a still-undetermined amount of information about the Shuttle to a computer system in Taiwan. That nation is often used by the Chinese government as a digital way station, according to U.S. security specialists.

More here.

Australia: Commonwealth Bank Computer Error Duplicates Customer Withdrawals

Chris Zappone writes on The Age:

As many as 200,000 Commonwealth Bank customers across Australia have found themselves short of money today after an online glitch mistakenly duplicated withdrawals from their accounts.

The double-up, caused by an overnight processing error, has affected NetBank customers, the bank said this morning.

It hoped to rectify the glitch later today but admitted it could take until tomorrow morning.

Meanwhile, the bank has been deluged by calls from people "seeking clarification" about their accounts.

More here.

Facebook Awarded $873 Million in Spam Case

Elinor Mills writes on C|Net News:

Facebook has been awarded $873 million in damages against a Canadian man accused of sending spam messages to its members.

The default judgment was issued in federal court in San Jose, Calif., on Friday against Adam Guerbuez, of Montreal, and his company, Atlantis Blue Capital. The ruling also forbids Guerbuez from using Facebook or interacting with its members ever again.

Facebook doesn't expect to necessarily collect the money because "it's unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them," Max Kelly, Facebook's director of security, wrote in a blog posting on Monday. "We are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users."

Neither Guerbuez, who has made money selling videos showing people attacking the homeless in Montreal, nor Atlantis Blue Capital could be reached for comment.

More here.

Pharmacy Extortionists Take on CIA, DoD, FBI, NSA

Brian Krebs writes on Security Fix:

Extortionists targeting clients of Express Scripts -- one of the nation's largest pharmacy benefits management firms -- may have inadvertently picked a fight for which they were ill-prepared. Security Fix has learned that among the company's biggest customers is the federal government, and specifically almost every federal law enforcement, military and intelligence agency in the country.

Last month, St. Louis-based Express Scripts said extortionists are threatening to disclose personal and medical information about millions of Americans if the company fails to meet payment demands.

Express Scripts is the third-largest U.S. pharmacy benefit management firm, which processes and pays prescription drug claims. Working with more than 1,600 companies, it handles roughly 500 million prescriptions a year for about 50 million Americans.

The company has refused to pay the demand, and since then the extortionists have moved on to targeting clients of its member companies directly.

More here.

Terry Christensen Sentenced to Three Years in Pellicano Case

Joanna Lin writes in The Los Angeles Times:

A prominent Los Angeles attorney was sentenced today to three years in federal prison and fined $250,000 for conspiring with Hollywood private investigator Anthony Pellicano to wiretap billionaire Kirk Kerkorian's former wife.

Terry Christensen, 67, also was ordered by U.S. District Judge Dale S. Fischer to three years on supervised release after his prison term. He will remain free pending an appeal.

Christensen was found guilty by a federal jury in August. The former Century City attorney was known for his hardball litigation tactics and represented the Las Vegas casino mogul in 2002 in a contentious child support battle that grabbed tabloid headlines.

Prosecutors said Christensen hired Pellicano to wiretap Kerkorian's former wife, Lisa Bonder Kerkorian, who was seeking $320,000 in monthly child support for her then-4-year-old daughter, to gain an edge in the high-stakes legal battle.

More here.

Whistleblower: U.S. Snooped on Tony Blair, Iraqi President

Brian Ross, Vic Walter, and Anna Schecter write on the ABC News' "The Blotter" Blog:

A former communications intercept operator says U.S. intelligence snooped on the private lives of two of America's most important allies in fighting al Qaeda: British Prime Minister Tony Blair and Iraq's first interim president, Ghazi al-Yawer.

David Murfee Faulk told he saw and read a file on Blair's "private life" and heard "pillow talk" phone calls of al-Yawer when he worked as an Army Arab linguist assigned to a secret NSA facility at Fort Gordon, Georgia between 2003 and 2007.

Last month, Faulk and another former military intercept operator assigned to the NSA facility triggered calls for an investigation when they revealed U.S. intelligence intercepted the private phone calls of American journalists, aid workers and soldiers stationed in Iraq.

Faulk says his top secret clearance at Ft. Gordon gave him access to an intelligence data base, called "Anchory," where he says he saw the file on then-British prime minister Tony Blair in 2006.

More here.

Phishers Expand Number of Top Level Domains Abused, Policy Changes Found Effective in Prevention


The new Global Phishing Survey released by the Anti-Phishing Working Group (APWG) this month reveals that phishing gangs are concentrating their efforts within specific top level domains (TLDs), but also that anti-phishing policies and mitigation programs by domain name registrars and registries can have a significant and positive effect.

For this new study [.pdf], covering the first half of 2008, Rod Rasmussen of Internet Identity and Greg Aaron of Afilias surveyed 47,324 unique phishing attacks located on 26,678 unique domain names. The number of TLDs abused by phishers for their attacks expanded 7 percent from 145 in H2/2007 to 155 in H1/2008. The proportion of Internet-protocol (IP) number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008.

More here.

Sunday, November 23, 2008

Symantec: Internet Underground Economy is Organized (And Lucrative)

Elinor Mills writes on C|Net News:

Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.

For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category. Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from $10 to $1,000 depending on the balance and location of the account.

This is a lucrative business, Symantec has discovered. If the sellers were able to sell everything they were offering, the amount would reach more than $275 million. That represents just the sales amount. Factoring in the emptying of victims' accounts and maxing out credit cards, the potential worth of credit card information and bank credentials for sale would be $7 billion, the report estimates.

More here.

SCADA Watch: Pelindaba - Brazen Nuke Facility Raid An Inside Job?

Via CBS News/60 Minutes.

The assault on Pelindaba would make quite a movie. But it's a thriller that is all too real, with consequences that might have threatened the world. It was a daring break-in at a heavily guarded nuclear plant that holds enough weapons grade uranium to build a dozen atomic bombs. The story is little known, but after months of reporting, 60 Minutes can tell the tale, for the first time, through the eyes of the one man who stopped the plot. What happened at Pelindaba is the kind of thing that keeps presidents awake at night.

Pelindaba is nestled in the African bush, not far from the capital of South Africa. It is where the former Apartheid regime secretly built nuclear weapons. In the 1990s, South Africa chose to disarm. The bombs were dismantled, but the highly enriched uranium, known as HEU - the fuel for the bombs - is still there. South Africa assures the world that Pelindaba is a fortress. But, last year, on the night of Nov. 7, it was the scene of the boldest raid ever attempted on a site holding bomb grade uranium.

More here.