Saturday, February 21, 2009

Programming Note: Off to Taiwan for a Week...

Taipei, Taiwan and the Taipei 101 Skyscraper

Blogging will be mostly nonexistent for about a week (beginning today) while business calls me away to Taiwan.

Thins should be back to normal next weekend.

Thanks for reading, and apologies for the brief hiatus.

- ferg

Friday, February 20, 2009

Bill Proposes ISPs, Wi-Fi Keep Logs for Police

Declan McCullagh writes on C|Net News:

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates.

"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level."

Joining Cornyn was Texas Rep. Lamar Smith, the senior Republican on the House Judiciary Committee, and Texas Attorney General Greg Abbott, who said such a measure would let "law enforcement stay ahead of the criminals."

Two bills have been introduced so far--S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act.

More here.

Hackers Zero in on New Adobe Reader, Acrobat Vulnerability

Brian Prince writes on eWeek:

Hackers have once again turned to PDF files to spread their wares, this time assaulting a zero-day flaw affecting Adobe Reader and Acrobat.

Fortunately, the unpatched bug is on the company’s radar, and fixes for Adobe Reader 9 and Acrobat 9 are slated to be available March 11. Updates for earlier versions will come later, company officials said in an advisory.

The bug is due to an error in the parsing of certain structures in PDF files. If exploited successfully, the bug could allow a hacker to take complete control of a vulnerable system.

More here.

Thursday, February 19, 2009

Mark Fiore: Chains We Can Believe In

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Classic xkcd: Self Righteous Over DRM

Click for larger image.

We love xkcd.

Rock & roll.

- ferg

Commentary: U.S. Needs New Cyber Security Leaders to Protect Nation

James Jay Carafano and Eric Sayers write for UPI:

Efforts to safeguard the U.S. homeland tend to focus solely on the unrealistic task of protecting infrastructure. However, the politically charged "failure is not an option" approach to classify all infrastructure as "critical" is detrimental to prioritizing national security missions.

Instead, the United States needs leaders who understand the need for creating and implementing strategies of resiliency, or methods for ensuring that basic structures and systems of global, national and local economies remain strong even after a cyberattack, other malicious acts or acts of war, as James Jay Carafano pointed out in his paper "Resiliency and Public-Private Partnerships to Enhance Homeland Security," Heritage Foundation Backgrounder No. 2150, published June 24, 2008.

A strategy of resiliency does not mean abandonment of preventive measures. At its core, resiliency is far more complex -- and effective -- than simply protecting critical infrastructure against natural and man-made threats. Protection alone cedes the initiative to the enemy.

The United States needs cyber-strategic leaders. Because of the vulnerability of cyberspace, one initiative that should be prominent in constructing a resiliency strategy for the 21st century is a cyber-strategic leadership program. Cyber-strategic leadership is not a specific technical skill or person, but a set of knowledge, skills and attributes essential to all leaders at all levels of government and in the private sector.

More here.

Former CIA Officer Describes Retribution for Whistle Blowing

Jeff Stein writes on the CQ Polictics "SpyTalk" Blog:

Ilana Sara Greenstein, a highly praised CIA operations officer for six years until quitting in disgust in 2008, says she was punished for complaining about gross mismanagement in the agency's Baghdad station, which CIA censors are still trying to suppress.

"What I witnessed there was nothing short of disastrous--operationally and ethically," says Greenstein, who in 2005 was cited by the U.S. military command in Baghdad for work that "directly saved lives"--the only CIA staff employee to be so honored.

Greenstein's complaints about Baghdad station not only went unanswered, she alleges, she was punished by CIA managers whom she had singled out for criticism. And now, CIA censors are trying to suppress a book she is writing about her experience, she says.

More here.

Leon Panetta Gets a Rock Star Welcome at CIA Headquarters

Siobhan Gorman writes in Washington Wire:

So much for fears that Leon Panetta would be seen as an outsider at the Central Intelligence Agency because didn’t grow up through the spy ranks. The new CIA director and former Clinton administration chief of staff got a rock star’s welcome today at Langley headquarters during his formal swearing-in ceremony.

As Panetta entered the lobby of the main headquarters building, where the agency seal is inlaid in the floor, hundreds of CIA employees greeted their new leader with shouts, applause, and even some whistles. Cheers again when he was about to take the oath of office. Again after he completed the oath. More cheers when Panetta offered personal reflections, including a mention that he and his wife, Sylvia, met “at a mixer” 50 years ago. And of course more raucous applause when the ceremony ended and Panetta worked the crowd.

More here.

FBI: Computer Hacker Fugitive Apprehended and Indicted for Fraud that Victimized Phone Service Providers


A Miami man charged in 2006 with secretly hacking into the computer networks of unsuspecting Internet phone service providers was indicted today by a federal grand jury, Acting U.S. Attorney Ralph J. Marra announced.

The indictment of Edwin Andres Pena follows his apprehension on Feb. 6 in Mexico, where he now is in custody and awaits extradition. Pena has been a fugitive since posting bond and fleeing prosecution after his arrest in June 2006 in Miami.

Pena, 26, was indicted on fraud and computer hacking charges for his role in a scheme to defraud Voice Over Internet Protocol (VoIP) telephone service providers. Pena, who purported to be a legitimate wholesaler of these Internet-based phone services, allegedly sold discounted service plans to his unsuspecting customers. The Indictment alleges that Pena was able to offer such low prices because he would secretly hack into the computer networks of unsuspecting VoIP providers, including one Newark-based company, to route his customers’ calls.

Through this scheme, Pena is alleged to have sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates, causing a loss of more than $1.4 million in less than a year. The victimized Newark-based company, which transmits VoIP services for other telecom businesses, was billed for more than 500,000 unauthorized telephone calls routed through its calling network that were “sold” to the defendant’s unwitting customers at those deeply discounted rates, according to the Indictment.

Pena, 26, a permanent legal resident of the United States of Venezuelan origin, allegedly enlisted the help of others, including a professional “hacker” in Spokane, Washington. The hacker, named in the Indictment as Robert Moore, 24, pleaded guilty in the District of New Jersey on March 7, 2007, to federal hacking charges for assisting Pena in this scheme. Moore was sentenced to 24 months in prison on March 8, 2008, and is currently incarcerated. Moore admitted at his plea hearing to conspiring with Pena and to performing an exhaustive scan of computer networks of unsuspecting companies and other entities in the United States and around the world, searching for vulnerable ports to infiltrate their computer networks to use them to route calls.

Pena was first charged on June 6, 2006, in the District of New Jersey in a criminal Complaint that set forth the scheme described in today’s indictment. He was arrested on that Complaint on June 7, 2006, and released the next day on $100,000 bail set by a federal magistrate judge in Florida. Pena appeared in Court in New Jersey on June 29, 2006, and on approximately Aug. 12, 2006, Pena allegedly fled the country to avoid prosecution. He was apprehended by Mexican authorities on Feb 6, 2009, and is currently being held in Mexico on the District of New Jersey’s charges. The United States intends to seek extradition.

More here.

New Hacking Method Stealthily Attacks Macs With Malware

Neil Roiter writes on

The good news, those Macs, especially the notebooks in the C-Suite, are getting very popular. The bad news is the days when it was redundant to say "Mac" and "secure" are probably gone.

Mac vulnerabilities are starting to draw attention. With valuable data on corporate notebooks and with a lot more home Mac users shopping and banking online, they are likely to draw attention from Internet criminals.

They're already drawing attention from Internet security researchers, like Italian researcher Vincenzo Iozzo, who showed a Black Hat crowd Wednesday how to inject malicious code into Mac OS X memory. The method leaves no trace of the code, his presence or any sign the attack occurred, frustrating forensics investigators.

"The OS kernel doesn't know about it," he said. "If we list processes on the victim's computer, you won't see our infected binary. And, this means we can write payloads in a high-level language."

The technique subverts the Mach-O file format, which is used to store OS X binaries on disk. The attack binary changes the protection flags on Mach-O's PAGE_ZERO segment, which is used to store malicious code. Iozzo, a student at the Politecnico di Milano University, said the attack can also overcome the address pace layout randomization for libraries introduced with Leopard. ASLR is designed to defeat attacks like his by randomizing memory locations of executables.

More here.

Wednesday, February 18, 2009

Hackers Break Into U.S. Government Travel Site, Feed Users Attack Code

Gregg Keizer writes on ComputerWorld:

A travel reservations Web site used by several federal agencies was hacked last week, and it shunted unsuspecting users to a malicious domain, according to information that Computerworld has obtained.

The site,, is currently unavailable to federal employees through their offices' intranet; the version accessible via the public Internet is also offline.

Sometime before Feb. 11, hackers breached the site, then modified it to redirect users to a rogue URL that in turn directed attack code against their systems, according to the General Services Administration (GSA) and e-mail sent to federal workers that Computerworld has seen.

"Last week, some users of GovTrip, when logging on to the GovTrip site, were redirected to a site that delivered malicious software to their computers," an e-mail sent to employees of the U.S. Environmental Protection Agency (EPA) read. "The incident, which also affected other federal agencies, was quickly identified by systems security. At this time, the GovTrip site is not safe to use and should not be accessed."

Today, GSA spokesman Robert Lesino confirmed the GovTrip hack and said the redirect hit users on Feb. 11. "The incident was quickly identified," said Lesino, who declined to answer specific questions, citing the ongoing investigation. He also said that no user information was believed to have been compromised by the hack.

More here.

Tuesday, February 17, 2009

DHS Aided Maryland State Police in Tracking Activist Groups

Lisa Rein writes in The Washington Post:

The U.S. Department of Homeland Security tracked the protest plans of a peaceful Washington area antiwar group and passed the information to the Maryland State Police, which had previously labeled the activists as terrorists in an intelligence file.

The federal agency obtained two e-mails containing plans for upcoming demonstrations at a military recruiting center in Silver Spring in 2005, the first indication that DHS might have worked with the police to monitor advocacy groups. The notification by DHS appears in a state police file on the DC Anti-War Network, or DAWN, provided to The Washington Post under the Public Information Act.

The file is one of five created by the state police on the antiwar group in 2005 and 2006. Along with 53 individuals and about two dozen other protest groups, including Amnesty International and CASA of Maryland, the network was labeled a terrorist group in an internal police database. Police have said the names were not put on federal anti-terrorism lists.

An entry in the D.C. network's file dated June 21, 2005, notes that the DHS office in Atlanta forwarded two e-mails from an affiliate of the group, the name of which was redacted from the document provided to The Post. The state police file states: "Activists [from DAWN] are going to stage several small (12-15) weekly demonstrations at the Silver Spring Armed Forces Recruitment Center. If there is enough support these will become weekly vigils." According to the file, the protests were peaceful.

More here.

Reported Cyber Attacks on Federal Computer Data Soars

Pete Eisler writes on USA Today:

Reported cyberattacks on U.S. government computer networks climbed 40% last year, federal records show, and more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.

Federally tracked accounts of unauthorized access to government computers and installations of hostile programs rose from a combined 3,928 incidents in 2007 to 5,488 in 2008, based on data provided to USA TODAY by the U.S. Computer Emergency Readiness Team (US-CERT).

"Government systems are under constant attack," says Joel Brenner, counterintelligence chief in the Office of the Director of National Intelligence. "We're seeing … a dramatic, consistent increase in cyber crime (and) intelligence activities."

The government does not publicly detail the number or types of attacks that succeed. A commission of government officials and private experts reported in December that the departments of Defense, State, Homeland Security and Commerce all have suffered "major intrusions" in which sensitive data were stolen or compromised.

"The damage from cyberattack is real," says the report, issued by the Center for Strategic and International Studies with Reps. Jim Langevin, D-R.I., and Michael McCaul, R-Texas.

The new data on attacks represent a small sampling — just 1% of federal agencies have fully developed tracking systems — and some of the increase may reflect better reporting, says Mischel Kwon, who heads US-CERT at the Department of Homeland Security. Still, the reports are the best public accounting of such attacks and underscore concerns driving federal cybersecurity initiatives.

Director of National Intelligence Dennis Blair told Congress last week that government networks are targeted by foreign nations seeking intelligence, such as China and Russia, as well as criminal groups and individuals who may want to disrupt power, communication or financial systems.

More here.

Hat-tip: The Office of Inadequate Security

Opinion: A Small, Necessary, Legal Change For National Cybersecurity

Rich Mogull writes on Securosis:

I loved being a firefighter. In what other job do you get to speed around running red lights, chops someone’s door down with an axe, pull down their ceiling, rip down their walls, cut holes in their roof with a chainsaw, soak everything they own with water, and then have them stop by the office a few days later to give you the cookies they baked for you.

Now, if you try and do any of those things when you’re off duty and the house isn’t on fire, you tend to go to jail. But on duty and on fire? The police will arrest the homeowner if they get in your way.

Society has long accepted that there are times when the public interest outweighs even the most fundamental private rights. Thus I think it is long past time we applied this principle to cybersecurity and authorized appropriate intervention in support of national (and international) security.

One of the major problems we have in cybersecurity today is that the vulnerabilities of the many are the vulnerabilities of everyone. All those little unpatched home systems out there are the digital equivalent of burning houses in crowded neighborhoods. Actually, it’s probably closer to a mosquito-infested pool an owner neglects to maintain. Whatever analogy you want to use, in all cases it’s something that, if it were the physical world, someone would come to legally take care of, even if the owner tried to stop them.

More here.

Monday, February 16, 2009

Where Are the Feds on Cyber Security?

Ira Winkler writes on

A couple of recent events have shown how purposefully useless the U.S. government is with regard to cybersecurity. Every so often, the FBI parades some success stories through the media. Unfortunately, what's behind them are prosecutions for show rather than true demonstrations of tackling cybercrime.

For example, U.S. law enforcement had nothing to do with the takedown of McColo, the ISP that was home to major botnet controllers. It's telling that foreign criminal gangs felt comfortable enough to use a U.S.-based service to host their critical servers.

Despite the fact that the crimes enabled by McColo included child pornography, cyberextortion, distribution of malware, identity theft -- really, just about every cybercriminal act known to law enforcement -- the FBI had nothing to do with taking down the hosting service or making any arrests of those profiting from criminal behavior. It was up to independent malware researchers to identify McColo and work with upstream ISPs to cut it off from the Internet. That is despicable.

More here.

Reckless Driving on the Internet

Earl Zmijewski writes on The Renesys Blog:

This weekend, John Markoff wrote an interesting piece for the New York Times entitled Do We Need a New Internet? While his emphasis was largely on security, or rather the lack there of, the central point Markoff makes is that the Internet may be so hopelessly broken that it could be better to start over, rather than continue to apply band-aids.

As if to emphasize this point, SuproNet, a local Czech provider, single-handedly caused a global Internet meltdown for upwards of an hour today. SuproNet accomplished this feat by sending out a rather unusual routing update, one which a lot of routers did not handle very well. The result was Internet bedlam.

More here.

Note: Danny McPherson has some additional information over on the Arbor Networks Blog. -ferg

Sunday, February 15, 2009

Wikileaks Slams Arrest, Releases Latest Afghan Death Data


A confidential NATO report from January reveals that civilian deaths from the war in Afghanistan have increased by 46% over the past year.

The 12 page report was authenticated and released today in full by the transparency group Wikileaks.

The report shows a dramatic escalation of the war and civil disorder. Coalition deaths increased by 35%, assassinations and kidnappings by 50% and attacks on the Kabul based Government of Hamid Karzai also more than doubled, rising a massive 119%.

Other significant NATO/International Security Assistance Force figures from the 2009 report are:

  • IED related attacks rose 27% and deaths 29%.
  • Rifle and rocket fire increased 40%.
  • Surface to air fire increased 67%.

Outside of the capital Kabul:

  • Only one in two families had access to even the most basic health care
  • Only one in two children had access to a school

According to UK media reports, a British Army officer, Colonel McNally, was arrested for passing civilian death toll figures for 2006-2007 to Human Rights Watch analyst and former BBC radio reporter Rachel Reid. Human Rights Watch published a report based around the data last September.

The London Times, stated that American military officials were "seething" over the leaks.

More here.

Scientists: Pace of Climate Change Exceeds Estimates

Kari Lydersen writes in The Washington Post:

The pace of global warming is likely to be much faster than recent predictions, because industrial greenhouse gas emissions have increased more quickly than expected and higher temperatures are triggering self-reinforcing feedback mechanisms in global ecosystems, scientists said Saturday.

"We are basically looking now at a future climate that's beyond anything we've considered seriously in climate model simulations," Christopher Field, founding director of the Carnegie Institution's Department of Global Ecology at Stanford University, said at the annual meeting of the American Association for the Advancement of Science.

Field, a member of the United Nations' Intergovernmental Panel on Climate Change, said emissions from burning fossil fuels since 2000 have largely outpaced the estimates used in the U.N. panel's 2007 reports. The higher emissions are largely the result of the increased burning of coal in developing countries, he said.

More here.

Props: Rich Koman

Online Health Data in Remission

Anita Huslin writes in The Washington Post:

The $19 billion prescribed in Congress's economic stimulus package to bring America's health-care records into the electronic age is a welcome opportunity for information technology firms seeking to build market share in a still-young industry.

Although the federal government set a goal five years ago of creating an electronic health record for every American by 2014, the effort has lagged for several reasons. Roadblocks include concerns over lack of universal protocols for collecting data as well as rules that establish how, with whom and under what circumstances the data can be shared. Many health-care providers -- physician practices, testing facilities, hospitals and clinics -- fear liability if private information gets into the wrong hands. Embedded in all these issues is the cost, an estimated $150 billion, which has proven to be a significant barrier to that 2014 target.

Few expect the new spending to change things immediately. "The incentives for doctors and hospitals to use these tools have months of regulatory processes to go through," said David Brailer, former head of the Office of the National Coordinator for Health Information Technology, created under the Bush administration to establish standards for the collection and use of electronic medical records. "I don't think doctors will go out tomorrow and buy electronic records because there is a little bit of money coming."

More here.

Note: Let's hope not. In fact, without the proper digital protection being in place, unauthorized access to sensitive medical information could be just as damaging -- or perhaps even more so -- than unauthorized access to any other private & sensitive information (think Social Security numbers, financial data, etc.), as the good folks over at Personal Health Information Privacy Blog continually remind us. -ferg

Orbital Collision Won't Be The Last

Frank Morring, Jr., Amy Butler, and Michael Mecham write on Aviation Week:

Satellite operators are at risk of a loss to orbital debris like the one experienced by Iridium Satellite LLC last week about twice a decade, and the danger grows every time there is another collision involving orbiting objects.

The collision between an operational Iridium communications satellite and an old Russian military store-and-dump satcom bird was the first between intact spacecraft. But it was the fourth known accidental collision between man-made space objects since 1991, and "it was by far the most severe," says Nicholas Johnson, who monitors orbital debris at NASA's Johnson Space Center.

The Iridium 33 satellite - one of 66 in the "Big LEO" low Earth orbit satcom constellation - and the 16-year-old Russian Cosmos 2251 - a Stela-2M communications spacecraft - collided broadside over northern Siberia with a closing velocity of about 7 mi. per second shortly before 5 p.m. GMT (noon EST) Feb. 10 at an altitude of about 790 km. (491 mi.).

Both spacecraft - the 800-kg. (1,764-lb.) Cosmos and the 689-kg. Iridium - shattered into debris clouds that continued on the paths of their respective circular orbits, spreading out along the original directions of flight and extending upward and down into a region of space heavily used by civilian and military weather satellites and other Earth-observation spacecraft.

More here.

Neil deGrasse Tyson: The World Will (Not) End in 2012

Hat-tip: The Daily Galaxy

Indian Ministry of External Affairs Suffers Malware Security Breach

Via The Indian Express.

At a time when all its energy is focused on post-Mumbai diplomacy with Pakistan and the world, the Ministry of External Affairs (MEA) has been hit by a cybersecurity nightmare.

Sources have confirmed to The Sunday Express that “several” of its over 600 computers have been infected by “spyware,” a programme that surreptitiously gets installed on a computer to track or take control of the user’s actions.

A detailed investigation is on to determine the damage as initial reports suggest the spyware is linked to a server located in China. Sources said the computers affected include those in the Ministry’s sensitive Pakistan section and in the offices of senior Secretaries and Joint Secretaries.

While the MEA, when contacted, had no official comment, sources said one of the glaring glitches was that each time an email would be sent from an “infected” computer, a copy of it would automatically go to another email ID. The problem was first noticed in the computers of one of the Ministers of State that is usually operated by the Minister’s personal staff.

More here.

Note: It is worthwhile to mention, at this point, that just because the "malware" mentioned above is somehow linked to an IP address in China, it does not mean that someone in China is somehow linked to this "attack". In fact, we have witnessed a lot of eastern European cyber criminals either exploiting hosts or weak/inefficient policies (think domain registrations) in China to perpetrate their crimes. -ferg

Props: The Dark Visitor