Saturday, January 24, 2009

Mark Fiore: Inauguration 2009

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

Clerical Error Foiled Sumitomo Bank Hack

John E. Dunn writes on TechWorld:

The largest near heist in banking history failed because the men accused of trying to carry it out didn't properly fill in a single field in an electronic transfer form.

This is one of the extraordinary details that have emerged in the trial of three men accused of having tried in September and October 2004 to rob Japan's Sumitomo Mitsui bank of an eye-watering £229 million ($318 million at today's exchange) from inside its office, in the City of London.

The three men directly involved - Kevin O'Donoghue, a bank security supervisor and two Belgian software experts, Jan Van Osselaer, 32 and Gilles Poelvoorde, 34 - admit their role in the attempted theft.

Far from using a sophisticated remote hacking scheme, the accused men chose a much simpler way of breaking into the bank's systems - they walked in the front door.

More here.

Spy Satellites Turn Their Gaze Onto Each Other


Spy satellites have a new role: as well as watching us they are now spying on each other.

The Pentagon admitted last week that it is using two covert inspection satellites developed for the Defense Advanced Research Projects Agency to assess damage to a failed geostationary satellite - something no one suspected the U.S. could do. If such satellites can get that close to a target, they could probably attack it.

The Department of Defense says its Mitex micro-satellites, which were launched in 2006, have been jetting around the geostationary ring and have now jointly inspected DSP 23, which was designed to pinpoint clandestine missile launches and nuclear tests, but which stopped working a year after its November 2007 launch. The micro-satellites are trying to nail the problem.

Theresa Hitchens, who becomes director of the UN Institute for Disarmament Research in Geneva this week, is troubled by the secrecy surrounding launch of the Mitex craft. It raises questions about their future use, including potential anti-satellite missions, she says.

More here.

Gary McKinnon Wins Right to Fight Extradition to U.S.

Gary McKinnon

An AFP newswire article, via, reports that:

A Briton accused of hacking into computers owned by the US military and NASA space agency got the green light Friday for a fresh legal challenge against a bid to extradite him to the United States.

Gary McKinnon, 42, faces spending the rest of his life in prison if convicted by a US court of gaining access to 97 computers in 2001 and 2002, following the September 11, 2001 attacks in the United States.

He says he was looking for evidence of unidentified flying objects (UFOs), while his supporters say he has Asperger's Syndrome -- a form of autism -- and could attempt suicide if he is forced to go to the United States.

Two judges at London's High Court gave McKinnon's lawyers permission Friday to seek a judicial review of Home Secretary Jacqui Smith's decision last October that he should be extradited.

More here.

Obama Administration: Wiretapping Legal Challenge Must Die

David Kravets writes on Threat Level:

The Obama administration urged a federal judge on Friday to stay enforcement of a ruling favoring the plaintiffs in a lawsuit challenging President George W. Bush's warrantless eavesdropping program.

Justice Department special counsel Anthony Coppolino told U.S. District Judge Vaughn Walker during a 60-minute hearing here that the appellate courts should review his Jan. 5 decision allowing classified evidence into the case, a position the Obama administration took in court documents the day before.

Without the classified evidence, Coppolino said, the government wins the case by default, and two American lawyers who claimed they were unlawfully spied upon can't pursue their lawsuit.

"If we are right about this, the case gets dismissed," Coppolino said.

But Judge Walker said he wanted more briefing on the matter. He refused to immediately stay enforcement of his order, which requires the government to allow the plaintiffs' attorneys, and the court, to review a highly-classified document that purportedly shows that the lawyers for a now-defunct Saudi charity had their telephone conversations wiretapped without warrants in 2004.

More here.

Feds Identify Overseas Suspect In Heartland Case

Evan Schuman writes on StorefrontBacktalk:

The Secret Service has identified an overseas suspect in the Heartland data breach case and the matter has been turned over to the U.S. Justice Department, according to someone close to the investigation.

Few additional law enforcement details were immediately available, other than that the government believes it has identified the cyber thief involved, has “pinpointed” that suspect’s location and that it’s outside of North America, the source said.

A little more background on the case was also disclosed Friday (Jan. 23) by Heartland itself. The processor first learned of the breach (when alerted by Visa and Mastercard) in late October/early November, said Heartland spokesman Jason Maloni. Previously, the only comment had been that it had been alerted in late Fall, which could have been as late as Dec. 20.

Maloni also revealed that when the sniffer software had been discovered by Heartland, the application had already been deactivated, presumably by the cyber thieves who had planted it. “It was inactive when we found it,” Maloni said.

More here. Reports Theft of User Data

Nancy Gohring writes on is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database.

The break-in comes just as the swelling ranks of the unemployed are turning to sites like to look for work.

The company disclosed on its Web site that it recently learned its database had been illegally accessed. user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence. The information does not include Social Security numbers, which said it doesn't collect, or resumes. posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, said Nikki Richardson, a spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday.

More here.