Saturday, December 13, 2008

The Whistleblower Who Exposed Warrantless Wiretaps

Michael Isikoff writes on

Thomas M. Tamm was entrusted with some of the government's most important secrets. He had a Sensitive Compartmented Information security clearance, a level above Top Secret. Government agents had probed Tamm's background, his friends and associates, and determined him trustworthy.

It's easy to see why: he comes from a family of high-ranking FBI officials. During his childhood, he played under the desk of J. Edgar Hoover, and as an adult, he enjoyed a long and successful career as a prosecutor. Now gray-haired, 56 and fighting a paunch, Tamm prides himself on his personal rectitude. He has what his 23-year-old son, Terry, calls a "passion for justice." For that reason, there was one secret he says he felt duty-bound to reveal.

In the spring of 2004, Tamm had just finished a yearlong stint at a Justice Department unit handling wiretaps of suspected terrorists and spies—a unit so sensitive that employees are required to put their hands through a biometric scanner to check their fingerprints upon entering. While there, Tamm stumbled upon the existence of a highly classified National Security Agency program that seemed to be eavesdropping on U.S. citizens. The unit had special rules that appeared to be hiding the NSA activities from a panel of federal judges who are required to approve such surveillance. When Tamm started asking questions, his supervisors told him to drop the subject. He says one volunteered that "the program" (as it was commonly called within the office) was "probably illegal."

Tamm agonized over what to do. He tried to raise the issue with a former colleague working for the Senate Judiciary Committee. But the friend, wary of discussing what sounded like government secrets, shut down their conversation. For weeks, Tamm couldn't sleep. The idea of lawlessness at the Justice Department angered him. Finally, one day during his lunch hour, Tamm ducked into a subway station near the U.S. District Courthouse on Pennsylvania Avenue. He headed for a pair of adjoining pay phones partially concealed by large, illuminated Metro maps. Tamm had been eyeing the phone booths on his way to work in the morning. Now, as he slipped through the parade of midday subway riders, his heart was pounding, his body trembling. Tamm felt like a spy. After looking around to make sure nobody was watching, he picked up a phone and called The New York Times.

More here.

South Africa: Cops Reel in Greedy Hackers

Via The Mercury.

A syndicate of Internet thieves has stolen more than R400-million [roughly $39,705,000 U.S. -ferg] from government departments, including the Presidency.

Two computer identity-theft hackers, believed to be the masterminds of the cyber gang, were nabbed by the police this week.

These follow the earlier arrests of 13 people involved in stealing millions of rands from government departments and employees across the country.

The syndicate allegedly hacked into computer systems linked to the Presidency using specialised spy software (spyware) programs.

The Internet-based syndicate, which had operatives in banks and government departments, is alleged to be behind the theft of R400-million from bank accounts of the departments of Home Affairs and Public Works, the licensing department, several parastatals and financial institutions, as well as from staff working in the various organisations over the past two years.

The syndicate, the members of which have been arrested over the past month, was bust during an operation conducted by the South African Police Service's Covert Intelligence Collective Directorate and the Commercial Crime Unit.

More here.

Hat-tip: Pogo Was Right

Friday, December 12, 2008

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Dec. 12, 2008, at least 4,209 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,397 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is two fewer than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Dec. 12, 2008, at least 557 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EST.

Of those, the military reports 405 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Toon of The Day: Dead Duck

Image source: / Tom Toles

Premier/Diebold Tabulation Software Drops More Votes - This Time in Ohio

Kim Zetter writes on Threat Level:

Officials in Montgomery County in Ohio discovered this week that tabulation software used with touch-screen voting machines in the presidential election failed to count five votes in the city of Trotwood. The voting system in question is made by Premier Election Solutions (formerly Diebold Election Systems).

Montgomery County officials discovered that although the five votes were recorded to a memory card inside the voting machine, the votes weren't counted by the tabulation software when the memory card was uploaded to the tabulation server. Premier's Global Election Management System (or GEMS) is the tabulation software that counts votes from memory cards.

The company's GEMS software is currently at the center of an investigation into dropped votes in a California county and was also the source of a previous problem found in Ohio in Montgomery and Butler counties during the May primary.

More here.

Virginia Attorney General Seeks Reinstatement of Spam Law

Sue Walsh writes on All Spammed Up:

The Virginia Attorney General is petitioning the U.S. Supreme court in an effort to get the state’s anti-spam law reinstated. It was overturned in September by the Virginia Supreme Court. The court deemed it unconstitutional and a violation of the First Amendment because it prohibited the anonymous sending of bulk mail. They feared the possibility of an individual being prosecuted for sending religious or political emails.

In his petition, Attorney General Bob McDonald argued that the justices based their decision on a hypothetical situation that isn’t likely to happen. That decision led to the conviction of one of the world’s worst spammers being thrown out. Jeremy Jayne had been first person in the country convicted of a felony for spamming. He allegedly sent close to 10 million emails a day from his home.

More here.

Friday Monkey Blogging: Monkey Jockeys Riding Dogs

As I mentioned last month, I have started a regularly recurring blog entry meme every Friday afternoon, inspired by Bruce Schneier's regular series of "Friday Squid Blogging" posts, and my very own maddening Monkey Theory.

Here is this week's installment.

Via Boing Boing.

Banana Derby is a "family show" in Greenville, South Carolina that stages races with monkey jockeys riding on dogs. For a fee, you can have them come to your next party or public event.

Seen here is Bobo The Jockey Monkey riding on George the dog.

More here.

Image source: Boing Boing / Banana Derby

Hackers Plundering Brazilian Rain Forest

David Kravets writes on Threat Level:

Brazilian authorities are investigating a hacking ring controlled by logging companies that allowed harvesters to plunder rain forest resources protected under government quotas.

The authorities — who have arrested more than 30 people implicated in the scandal and are said to be eying 200 more — allege hackers from logging and charcoal concerns have unlawfully accessed government logging databases. The intrusions allowed them to obtain extra "transport permits" to remove resources from the Amazon. Permits are tied to a set amount of volume.

Environmental group Greenpeace estimates 1.7 million cubic meters of illegal timber has been harvested because of the hacks. The group says that's enough wood to fill 780 Olympic-size swimming pools.

Federal authorities are also suing timber companies to recoup an estimated $883 million in purloined resources, Greenpeace said.

More here.

Thursday, December 11, 2008

Zero-Day Vulnerability Hits Microsoft's SQL Server

Dan Goodin writes on The Register:

Yet another zero-day vulnerability has been identified in a popular Microsoft product, this time in its SQL Server database. The revelation comes as miscreants are stepping up attacks on a particularly nasty bug in the latest version of Internet Explorer.

The SQL Server bug could allow the remote execution of malicious code, according to researchers at Austria-based SEC Consult. The company said attackers exploiting the flaw would have to be authenticated users on the system, a requirement that a Microsoft spokesman also said minimizes the risk. But an SEC Consult advisory warned it's still possible for outsiders to target the vulnerability remotely on websites that link search boxes, customer data bases or other web apps to SQL Server.

"The vulnerability can be exploited by an authenticated user with a direct database connection, or via SQL injection in a vulnerable web application," the advisory said. "The vulnerability has been successfully used to execute arbitrary code on a lab machine."

SEC Consult has confirmed the flaw in the 2000 and 2005 versions of SQL Server. It has not yet tested version 2008. It triggers the rewriting of a computer's memory by supplying several uninitialized variables to the sp_replwritetovarbin stored procedure. Microsoft was alerted to the bug in April, according to SEC Consult.

There are no reports of the bug being attacked in the wild, a Microsoft spokesman said.

More here.

T-Mobile, AT&T Agree to Stop Saying Mobile Voicemail is Safe

Robert McMillan writes on ITWorld:

Mobile service providers AT&T and T-Mobile have been banned from saying that their voicemail systems are safe from sabotage after agreeing to permanent injunctions filed in a Los Angeles court.

The cell-phone providers falsely advertised the security of their systems, according to the Los Angeles District Attorney's Office. During an investigation, "cell phones purchased by undercover investigators were easily hacked into, enabling the voicemail to be changed at will," the district attorney said in a statement Thursday.

"Hacking into voicemail allowed messages to be changed or erased. Important information could be removed from the voicemail and phony information could be inserted," the district attorney said. "Imagine the havoc that could result."

More here.

Retail Fraud Rates Plummeted the Night McColo Went Offline

Brian Krebs writes on Security Fix:

One month after the shutdown of hosting provider McColo Corp., spam volumes are nearly back to the levels seen prior to the company's take down by its upstream Internet providers. But according to one noted fraud expert, spam wasn't the only thing that may have been routed through the Silicon Valley based host: New evidence found that retail fraud dropped significantly on the same day.

It is unsure whether the decrease in retail fraud is related to the McColo situation, but after speaking with Ori Eisen, founder of 41st Parameter, he said close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt.

Eisen, whose company provides anti-fraud consulting to a number of big retailers and banks, told me at least two of the largest retailers his company serves reported massive declines in fraud rates directly following McColo's termination.

"It stopped completely that night," Eisen said, referring to a drop in fraudulent activity linked to purchases of high-value merchandise with stolen credit and debit cards on Nov. 11, the day McColo was shut down. "Yet, it will come back after [the scammers] erect their new infrastructure."

More here.

China Downplays 'Cyber Attack' on French Embassy Website

An AFP newswire article, via, reports that:

China downplayed Thursday an alleged cyber attack on the website of the French Embassy in Beijing, saying there was no clear link between the shutdown and a diplomatic row with France over Tibet.

"From the perspective of the Chinese government, China is against the hacking of the websites of the embassies of other nations," foreign ministry spokesman Liu Jianchao told journalists.

"We have not seen any questions or concerns raised by France."

However a French diplomat told AFP the embassy website had been inaccessible for several days due to a massive cyber attack following President Nicolas Sarkozy's weekend meeting with exiled Tibetan spiritual leader the Dalai Lama.

More here.

Chinese Security Researchers Mistakenly Released Unpatched IE7 Exploit

Jeremy Kirk writes on ComputerWorld:

Chinese security researchers mistakenly released the code needed to hack a PC by exploiting an unpatched vulnerability in Microsoft Corp.'s Internet Explorer 7 (IE7) browser, potentially putting millions of computer users at risk -- but it appears some hackers already knew how to exploit the flaw.

At one point, the code was traded for as much as $15,000 on underground criminal markets, according to iDefense, the computer security branch of VeriSign Inc., citing a blog post from the Chinese team.

The problem in IE7 means a computer could be infected with malicious software merely by visiting a Web site, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP, regardless of the service pack version.

Microsoft has acknowledged the issue but has not indicated when it will release a patch.

More here.

UK: Unknown Intruder Shuts Down Coal Power Station

John Vidal writes on The Guardian:

The £12m defences of the most heavily guarded power station in Britain have been breached by a single person who, under the eyes of CCTV cameras, climbed two three-metre (10ft) razor-wired, electrified security fences, walked into the station and crashed a giant 500MW turbine before leaving a calling card reading "no new coal". He walked out the same way and hopped back over the fence.

All power from the coal and oil-powered Kingsnorth station in Kent was halted for four hours, in which time it is thought the mystery saboteur's actions reduced UK climate change emissions by 2%. Enough electricity to power a city the size of Bristol was lost.

Yesterday the hunt was on for the man dubbed "climate man" or the "green Banksy". Climate activists responsible for hijacking coal trains and breaking on to runways said they knew nothing about the incident.

Even veterans of some of the most audacious direct actions, such as the scaling of the Kingsnorth chimney, are mystified. The station operator E.On professed astonishment that a lone activist would be daring enough to try to do something so potentially dangerous. Medway police said they had no suspects but were still investigating the incident, which took place on November 28.

More here.

Props: Jake Brodsky

When Hackers Attack: Practicing Cyber Security at Home

Brian Krebs writes on Popular Mechanics:

While Barack Obama has selected key members of his national security team—Defense Secretary, National Security Adviser and Secretary of State—there are calls for the president-elect to make another security appointment. The bipartisan Commission on Cybersecurity for the 44th Presidency suggests that there is a dire need to create a National Office for Cyberspace to protect our nation’s most sensitive computer networks.

The need for national cyberspace security is a no-brainer, but who is going to protect us from the digital devices that organize our lives and leaves personal information vulnerable to theft? Here, a behind-the-scenes look at how hackers are unearthing the private details of our lives by attacking our web browsers, cell phones, and personal electronics.

More here.

What is

The Open Source Information System (OSIS) is an unclassified network serving the intelligence community with open source intelligence.

The real question is why don't they cloak their activities better than an amateur snooper?

Hello? Guys? Get more professional. Cloak.

And Win2k? And JavaScript enabled? Jeesh.

Just an FYI.

- ferg

p.s. Troll bait:*

Wednesday, December 10, 2008

Mark Fiore: Dr. Decline

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Toon of The Day: Workload

We love Mr. Fish.


- ferg

Cyber Attack Linked to Company of Former Russian Spies

Jennifer Griffin writes on FOX News:

The recent cyber attack on the U.S. military's classified computer network has been traced to a front company run by several former Russian KGB or Federal Security Service spies, FOX News has learned.

The attack led the Pentagon to ban the use of external hardware devices, such as flash drives, because that's how the "worm" got into the classified military network.

FOX News has learned the intrusion was discovered by the U.S. military in Afghanistan -- and that the attack came through the local Internet service provider that the Afghans (under U.S. supervision) contracted out to a front company run by former Russian spies.

The U.S. military relies on this Internet service provider. Homeland Security Secretary Michael Chertoff on Wednesday warned the Russians had already used cyber warfare in Georgia.

"There was a preceding effort in denial of service ... by let us say sympathizers to the Russian side of the dispute. That was a prelude and an adjunct to the military attack where Russian troops entered Georgia," Chertoff said. "I think this is a harbinger of what's to come, the use of cyber attacks -- preparing the battlefield, so to speak."

Russia's Federal Security Service (FSB) has denied any involvement in the recent cyber attack, and some Pentagon officials worry the former Russian spies might actually have been working for some other entity.

More here.

'The Great Cyber Crimeware Boom of 2008'

Angela Gunn writes on BetaNews:

Looking for a recession-proof career that's booming? No one's recommending that you actually go into the malware business, of course, but the numbers for 2008 are perversely upbeat. There's even some genuinely good news for you.

The Anti-Phishing Working Group reports [.pdf], for instance, that phishing-related malware (or "crimeware," as they call the stuff) had an absolute boom in the second quarter of 2008. The group's analysis found a remarkable 9,529 URLs spreading phishing warez by the end of June; that's 258% higher than the number recorded during the same period last year.

The apps that power such sites were burgeoning too, hitting a record high of 442 in May '08. Dan Hubbard, CTO of Websense, says that's largely attributable to an upsurge of code used in SQL injection attacks, which have made a big splash in '08.

Phishers often target very specific brands, and AWPG evidence suggests that phisher R&D on how best to do that is reaping fine returns. The number of brands targeted, according to AWPG researchers, continued to rise through the period examined. Meanwhile, the number of "brand-domain pairs" -- a legit URL and the fake URL used to scam the real business' would-be customers -- has dropped.

That sounds like good news, but a closer look suggests that the phishers have simply gotten better at their work. (Bait the hook better and you need fewer hooks.) 294 brands experienced hijacking during the quarter, also a new record.

More here.

Symantec: Underground Economy Booming Online

Carol Ko writes on ComputerWorld:

An online underground economy has recently matured into an efficient, global marketplace to trade stolen goods and offer fraud-related services.

According to Symantec Corp.'s recently released 'Report on the Underground Economy', the estimated value of goods offered by individual traders within the online black market is measured in the millions of dollars.

The report is derived from data gathered by Symantec's Security Technology and Response (STAR) organization from underground economy servers between July 1, 2007, and June 30, 2008.

More here.

Zero-Day Exploit Hits Internet Explorer

Robert Vamosi writes on C|Net News:

One flaw not addressed in yesterday's Patch Tuesday is a heap overflow within the XML parser reported on Wednesday by Bojan Zdrnja of the SANS Internet Storm Center.

The exploit in the wild on Wednesday creates an XML tag, then waits 6 seconds in an attempt to thwart antivirus engines. The exploit could then crash the browser and run malicious code when the browser is restarted. The user must be running Windows XP or Windows Server 2003, and using Internet Explorer 7.

Zdrnja writes that "at this point in time, it does not appear to be wildly used, but as the code is publicly available, we can expect that this will happen very soon."

A Microsoft representative said the company is "investigating new public claims of a possible vulnerability in Internet Explorer. Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update, or additional guidance to help customers protect themselves."

More here.

Note: See also "Zero-Day IE7 Flaw Being Actively Exploited". -ferg

New Hampshire: Credit Card Numbers Stolen From Movie Theater Computer


Hackers broke into a Merrimack movie theater's servers and stole customers' credit card information, police said Wednesday.

Investigators said that after receiving numerous reports of fraudulent use of credit cards, police determined that a majority of the victims used their credit cards over the summer and early fall at a Zyacorp Entertainment Cinemagic Stadium movie theater in Merrimack.

Police and the Secret Service determined that a security breach was made into the company's server, allowing someone access to customers' information. The server has since been replaced, and new security measures put in place, police said.

More here.

Props: Pogo Was Right

Computer Malware the New 'Weapon of Mass Destruction'

Kim Zetter writes on Threat Level:

Forget nuclear, chemical and biological weapons, the new weapon of mass destruction is computer malware and botnets, according to authors of a new report from the conservative Hoover Institution, who claim credit for coining the term "electronic Weapons of Mass Destruction" or eWMD.

Since, as the New York Times told us last week, malware is seriously on the rise and "spreading faster than ever," this would make the proliferation of eWMD more horrific than any other WMD to date.

More here.

Study: PC Infections Plague Wire-Transfer Shops

An AP newswire article by Jordan Robertson, via, reports that:

For immigrants who send money to their home countries, wire-transfer shops are backbones of their neighborhoods. On some blocks in San Francisco's Mission District, every third or fourth business might offer some sort of money transfer service, and they're always bustling, even on a Sunday morning.

The customers probably don't suspect one danger that apparently often lurks in the storefronts: a startling number of viruses on the computers used to transmit their financial information.

Some 60 percent of the PCs examined in 300 wire-transfer businesses in Los Angeles and Las Vegas were infected with nasty viruses, according to a study due to be released Thursday by Spanish software vendor Panda Security.

The viruses Panda found included the worst kinds: keyloggers that record the users' every keystroke, and other types of malicious programs that give hackers backdoor access to the compromised machines. Some infected machines held troves of private data, from Social Security numbers to credit card numbers to tax documents.

More here.

FTC: Court Halts Bogus Computer Scans


At the request of the Federal Trade Commission, a U.S. district court has issued a temporary halt to a massive “scareware” scheme, which falsely claimed that scans had detected viruses, spyware, and illegal pornography on consumers’ computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of those responsible for the scheme, to preserve the possibility of providing consumers with monetary redress.

According to the FTC’s complaint, the defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements. The defendants falsely claimed that they were placing Internet advertisements on behalf of legitimate companies and organizations. But due to hidden programming code that the defendants inserted into the advertisements, consumers who visited Web sites where these ads were placed did not receive them. Instead, consumers received exploitive advertisements that took them to one of the defendants’ Web sites. These sites would then claim to scan the consumers’ computers for security and privacy issues. The “scans” would find a host of purported problems with the consumers’ computers and urge them to buy the defendants’ computer security products for $39.95 or more. However, the scans were entirely false.

According to the complaint, the two companies charged in the case – Innovative Marketing, Inc. and ByteHosting Internet Services, LLC – operate using a variety of aliases and maintain offices in various countries. Innovative Marketing is a company incorporated in Belize that maintains offices in Kiev, Ukraine. ByteHosting Internet Services is based in Cincinnati, Ohio.

The complaint alleges that these two companies, along with individuals Daniel Sundin, Sam Jain, Marc D’Souza, Kristy Ross, and James Reno, violated the FTC Act by misrepresenting that they conducted scans of consumers’ computers and detected a variety of security or privacy issues, including viruses, spyware, system errors, and pornography. The complaint also names a sixth individual, Maurice D’Souza, as a relief defendant who received proceeds from the scheme.

More here.

Tuesday, December 09, 2008

Cyber Crime: Account Hackers - From Russia to New Hampshire

Pat Grossmith writes on The New Hampshire Union Leader:

A Hampton man is charged in New York in an international theft ring that hacked into computers and stole log-in information, gaining access to users' online bank and brokerage accounts.

Alexey Mineev's role in the 15-month international scam, which allegedly involved a New York man and a Russian, is outlined in indictments issued Nov. 25 in U.S. District Court in Manhattan.

The gang of thieves was caught when federal investigators, using a confidential informant, duped them into transferring funds to a "drop" account under their control.

Mineev, along with Aleksey Volynskiy of Manhattan and Alexander Bobnev of Volgograd, Russia, are charged with conspiracy to defraud the United States and multiple counts of bank fraud/money laundering.

More here.

'The Google Threat?' Indian Court Asked to Ban Google Earth

Rhys Blakely writes on Australian IT:

Google Earth should be banned amid suspicions that the online satellite imaging tool was used in planning the attacks that killed more than 170 people in Mumbai last month, an Indian court heard.

The demand from Amit Karkhanis, an Indian lawyer, came as a new school of “tech-savvy jihadis” make use of data freely available online and other web-based services to plot and execute their strikes, a phenomenon dubbed “the Google threat” by military commanders.

The case filed at the Mumbai High Court alleges that Google Earth and similar services, “aid terrorists in plotting attacks” by supplying detailed bird’s-eye images that are used to acquaint militants with their targets.

The British Army is already thought to have taken up the issue with the company. It emerged last year that Iraqi insurgents planning attacks on a British base in Basra had used Google Earth images in which individual buildings inside the camp could be seen clearly.

Google replaced the images with photographs that predated the construction of the base. The Indian authorities do not appear to have cracked down so swiftly. Yesterday the layout of India’s most important atomic research facility remained accessible on Google despite officials voicing concern more than a year ago.

More here.

Bad Economy Helps Web Crooks Recruit 'Mules'

An AP newswire article by Jordan Robertson, via, reports that:

The worsening economy appears to be helping computer crooks with one of their toughest tasks: tricking people into opening their homes and bank accounts and becoming "mules" for laundering money or stolen goods.

The scams themselves aren't new. They're pitched in spam e-mails as "work-at-home" jobs that promise excellent part-time money for helping companies pay clients in other countries. The victims are asked to open new bank accounts in their names, agree to accept anonymous payments into those accounts, and forward those payments by way of money transfer, usually to locations in Eastern Europe.

The scam is classic money laundering with an Internet twist. The money is generally real, and the middle man is promised a cut. What those middle men may not know is they're trafficking in ill-gotten gains and helping criminals pay each other while disguising the source. And the mules are often the ones at the greatest risk of arrest.

More here.

Online Merchants Concerned Over Increase In Credit Card Fraud

Larisa Redins writes on ReveNews:

Fraud definitely is on the minds of online merchants this season. In fact, a survey sponsored by the Merchant Risk Council (MRC) conducted by the 41st Parameter Inc., revealed that 84% of the respondents believed that there will be a slight or substantial increase in online fraudulent activity this holiday season.

When asked about some of the largest challenges in fighting this type of fraud, two-thirds of the respondents stated that the increase in fraud ring activity and botnets (computers used to commit eFraud) are of utmost concern. Further, a full 30% of the respondents stated that a lack of money for the technology to fight online fraud is another formidable challenge.

More here.

Cyber Crime: Time to Exclude Bad ISPs

Oliver Day writes on SecurityFocus:

It is hard to argue that such takedowns, which took the command-and-control servers for several major botnets offline, would not benefit everyone who uses the Internet. Estimates of the decrease in spam from the McColo takedown ran from 40 to 80 percent, even if it lasted only for a short time. More importantly, as bulletproof hosting providers drop bad actors from their client list, the cost of hosting the command-and-control servers go up. Increasing the transaction costs to commit cybercrime is one of the best strategies to reduce it.

The takedown strategy, however, shows the weakness of the current system, rather than its strength. In both the McColo and Atrivo cases, shame seemed to be the only real trigger for action. Traditional law enforcement was absent, despite reports that alleged that computers hosted on those services' networks were responsible for many crimes.

While the hosting providers themselves may be protected as common carriers, it is still puzzling why agencies like the FBI weren't at least corroborating these claims. McColo and Atrivo were based in the United States, and thus under the jurisdiction of the nation's laws.

More here.

McAfee Releases Virtual Criminology Report, Edition 4

David Marcus writes on the McAfee AVERT Labs Blog:

Today McAfee released its Virtual Criminology Report, our annual study of global cybercrime. We found that cybercriminals are targeting their scams to play off of the economic recession, and governments need to be doing more collaboration to face the problem.

The economic downturn affected cybercrime scams almost immediately. As soon as banks started struggling and mergers and acquisitions became commonplace, we started seeing an immediate increase in banking scams asking users to ‘update their account information’ before the bank changed hands. With almost all of today’s malware being financially motivated, even cybercriminals are looking for more business in tough economic times and are really stepping up their game.

More here.

Monday, December 08, 2008

Serious Error in Diebold Voting Software Caused Lost Ballots in California County

Kim Zetter writes on Threat Level:

Election officials in a small county in California discovered by chance last week that the tabulation software they used to tally votes in this year's general election dropped 197 paper ballots from the totals at one precinct. The system's audit log also appears to have deleted any sign that the ballots had ever been recorded.

An investigation shows that the paper mail-in ballots were scanned properly by officials into the central-count optical-scan system made by Premier Election Solutions (formerly Diebold Election Systems) -- a receipt printed out by the machine at the time they were scanned on November 1, three days before the election, indicates that the machine recorded the ballots.

The ballots even showed up in preliminary tallies counted on election night on November 4 and in a report printed out on November 23. But some time after this point, the tabulation software inexplicably deleted the ballots without election officials ever knowing.

More here.

U.S. Customs May Be Forced To Leave Electronic Devices Alone

Joelle Tessler writes on The New Zealand Herald:

Mohamed Shommo, an engineer for Cisco Systems, travels overseas several times a year for work, so he is accustomed to opening his bags for border inspections upon returning to the US. But in recent years, these inspections have gone much deeper than his luggage.

Border agents have scrutinised family pictures on Shommo's digital camera, examined Koranic verses and other audio files on his iPod and even looked up Google keyword searches he had typed into his company laptop.

"They literally searched everywhere and every device they could," said Shommo, who now minimises what he takes on international trips and deletes pictures off his camera before returning to the US "I don't think anyone has a right to look at my private belongings without my permission. You never know how they will interpret what they find."

Given all the personal details that people store on digital devices, border searches of laptops and other gadgets can give law enforcement officials far more revealing pictures of travellers than suitcase inspections might yield. That has set off alarms among civil liberties groups and travellers' advocates - and now among some members of Congress who hope to impose restrictions on the practice next year.

More here.

India: 'Don't Use Gmail', Says Prime Minister's Office

Via the

The Prime Minister’s Office (PMO) has instructed its officials not to use Google mail for official communication after Chinese hackers accessed the PMO’s internal networking systems.

The Chinese also hacked the Ministry of External Affairs’ internal communications network, and the National Informatics Centre (NIC) also fell victim to an attack supposedly aimed at the National Security Council.

The Chinese hacked the communication networks of officials and accessed emails used by the officials to communicate policy and decisions to other ministries and sectors of the government. The cyber attacks are believed to have been launched from dial-up internet connections in China. Up to four cyber attacks by Chinese hackers are reported on Indian servers daily.

The NIC traced the IP addresses used for attacking the PMO’s communication networks to China. They found that Google mail or Gmail was the main target of the Chinese hackers. Following this, the PMO has instructed its officers and staff to refrain from using Gmail for official communication.

More here.

Props: The Dark Visitor

Thailand Unrest: Secret Government Files Plundered

Via The Bangkok Post.

Government House will reopen in about two weeks but investigators now believe that PAD protesters stole sensitive national security files.

Data including computer and server hard disks from National Security Council offices were stolen and damaged during the People's Alliance for Democracy's occupation of the seat of government from late August until last week.

A team including police from the Scientific Crime Detection Division inspected the offices after the PAD vacated Government House where the NSC offices are located.

Government House will reopen in about two weeks after a major clean-up of its buildings and premises, a senior official said.

More here.

U.S. Role As Internet Hub Starts To Slip

Bobbie Johnson writes in The Guardian:

America is losing its position at the centre of the internet, according to a new study.

The survey by communications analysts TeleGeography Research, based in Washington DC, shows a rapid growth in internet capacity around the rest of the world over the past year - particularly in Latin America and Asia.

As a result, America's traditional role as the internet's traffic policeman is drifting away as other parts of the world become less reliant on it.

"The US used to be a primary hub for many regions," said Eric Schoonover, a senior analyst at TeleGeography. "A lot of data still comes through the US, and a lot of content there is served out to other countries … but its importance is declining, though it has by no means gone away."

More here.

Most Companies Are Far Too Optimistic Regarding Security

Angela Gunn writes on BetaNews:

The Enterprise Strategy Group, which conducted the Database Security Controls study in conjunction with Application Security Inc., spoke in October to 179 IT decision-makers working in enterprise-class organizations (meaning those with 1,000 employees or more). The 27-item questionnaire inquired about security budgets, breaches, controls and audits.

It's not pretty. Tom Bain, director of marketing and communication for Application Security, notes that 84% of the companies surveyed said that all or most of their confidential data is protected...and 56% percent said they'd suffered at least one breach in the previous 12 months. Another 5% said they weren't sure or didn't know.

The picture's even more gruesome when you ask about failure to comply with standards such as PCI-DSS and Sarbanes-Oxley. Some 38% of the companies queries said they'd failed at least one audit in the previous twelve months, with 11% more unsure or not talking. 18% of those queried had failed a PCI audit; 11% missed SOX compliance; 16% fell down on HIPAA, GLBA or FISMA, and 21% managed to biff general security/IT internal checks.

"These companies aren't even taking non-optional measures seriously," said Bain, "let alone protecting sensitive data."

More here.

China Irks U.S. With Computer Security Review Rules

An AP newswire article by Joe McDonald, via, reports that:

The Chinese government is stirring trade tensions with Washington with a plan to require foreign computer security technology to be submitted for government approval, in a move that might require suppliers to disclose business secrets.

Rules due to take effect May 1 require official certification of technology widely used to keep e-mail and company data networks secure. Beijing has yet to say how many secrets companies must disclose about such sensitive matters as how data-encryption systems work. But Washington complains the requirement might hinder imports in a market dominated by U.S. companies, and is pressing Beijing to scrap it.

"There are still opportunities to defuse this, but it is getting down to the wire," said Duncan Clark, managing director of BDA China Ltd., a Beijing technology consulting firm. "It affects trade. It's potentially really wide-scale."

Beijing tried earlier to force foreign companies to reveal how encryption systems work and has promoted its own standards for mobile phones and wireless encryption.

More here.

Sunday, December 07, 2008

'Russian Mafia is Largest Cyber Crime Syndicate'

Via The Times of India.

While cyber criminals world-over are driven by similar knowledge of technology, the key difference lies in the "motivation behind the crime", says Chris Goggans, a celebrated American hacker and computer security expert.

Pointing out that internet security issues are as a rising concern all over the world, Goggans said that the Russian mafia account for the "most organized" cyber crimes. "The most serious cyber crimes are from Russia and China. While most of the cyber crimes from Russia are financial in nature (stealing credit card number, bank account details), crimes emanating from China are related to theft of intellectual property, government information and military data," Goggans said.

"The cyber criminals in South America, Brazil, Korea, Europe are not involved in very sinister crimes. They are mainly into hacking for proving themselves," he added.

Goggans has the unique distinction of having broken into the system of America's Federal Bureau of Investigation (FBI) within six hours to uncover potential security threats for the US government. "Often, making leeways in the norms set by the parent company for small comforts creates major hurdles in the security system," Goggans said.

More here.

New U.S. Cyber Security Push Is Urged

Siobhan Gorman writes in The Wall Street Journal:

A commission of technology experts will propose consolidating cyber security work under a top White House official and using diplomatic, intelligence and military tools to confront threats in cyberspace.

The new White House post is likely to be the most controversial of the commission's recommendations [.pdf], which will be released Monday. In its report, the commission compared the job to that of the director of national intelligence. The cyber chief would report to the president and have his own staff of 10 to 20 people who would work with a beefed-up National Security Council cyber staff and federal agencies to implement the president's cyber policies.

U.S. agencies from the Pentagon to the Department of Homeland Security as well as Pentagon contractors have experienced major cyber break-ins. Intelligence officials estimate U.S. losses from cyber breaches to be in the multiple billions of dollars.

Under the Bush administration, the Department of Homeland Security has been the public face of cyber-security efforts, but the commission concluded it isn't equipped to handle a threat with military, criminal and intelligence components.

More here.

U.S. Congressional Panel to Call for Probe Into Wiretapping of Scholar

Eric Lichtblau and James Risen write in The New York Times:

A Congressional oversight panel plans to ask the National Security Agency to start an investigation into new evidence that the agency illegally wiretapped a Muslim scholar in Northern Virginia and concealed the eavesdropping during a 2005 trial in which the scholar was convicted on terrorism charges.

Representative Rush Holt, a New Jersey Democrat and chairman of the Select Intelligence Oversight Panel, said in an interview that he planned to ask the inspector general of the N.S.A. to open what would be the first formal investigation by the agency into whether its eavesdropping program had improperly interfered with an American’s right to a fair trial.

Mr. Holt said he was responding to new evidence presented to him and other Congressional leaders by the Muslim scholar’s lawyer indicating that the Bush administration tried to hide the full extent of the government’s illegal spying in the criminal case.

If the N.S.A. inspector general begins an inquiry, analysts said, that could also signal a new willingness by the agency, under a new administration, to examine its own operations in the eavesdropping program.

More here.

Report: 21M German Bank Account Details On Black Market

An AFP article, via, reports that:

The details of bank accounts held by 21 million Germans are for sale on the black market for 12 million euros (15 million dollars), a German magazine reported Saturday.

In an investigative report, two reporters for the Wirtschaftswoche magazine met last month with two individuals, arranged through an intermediary, who offered to sell a CD-ROM containing the names, addresses, bank name and account numbers of 21 million people, the magazine said.

"We took away with us the first delivery, a CD with 1.2 million accounts, that we couldn't imagine," said the editors in charge of the investigation, which has caused an uproar in Germany.

The economic weekly has given authorities the file, which supposedly would allow someone to commit fraud on a large scale.

More here.

Props: Pogo Was Right

In Remembrance: Pearl Harbor

USS California sinking.
Pearl Harbor Collection of pictures taken by military personnel.

Image source: Wikimedia

You Are Not Forgotten

On this day in 1941 -- a day that will live in infamy -- the Imperial Japanese Navy made its attack on Pearl Harbor.

The surprise attack on Pearl Harbor, Oahu, Hawaii, was aimed at the Pacific Fleet of the United States Navy and its defending Army Air Corps and Marine air forces. The attack damaged or destroyed twelve U.S. warships, destroyed 188 aircraft, and killed 2,403 American servicemen and 68 civilians.

Admiral Isoroku Yamamoto planned the raid as the start of the Pacific Campaign of World War II, and it was commanded by Vice Admiral Chuichi Nagumo, who lost 64 servicemen. However, the Pacific Fleet's three aircraft carriers were not in port and so were undamaged, as were oil tank farms and machine shops. Using these resources the United States was able to rebound within six months to a year.

The U.S. public saw the attack as a treacherous act and rallied strongly against the Japanese Empire, resulting in its ultimate defeat.

It absolutely "...awakened the sleeping U.S. behemoth".

Sixty-seven years later, we haven't forgotten.

- ferg