Saturday, March 07, 2009

Dont' Forget to Spring Forward: Daylight Saving Time Begins Tonight

Don't forget - it's time to turn the clock ahead an hour (at 02:00 AM, Sunday morning, 8 February 2009) as daylight-saving time begins. At least for most of us in the U.S, that is.

- ferg

Local: San Jose Police Withheld Uncertainties in Fingerprint Cases

Tracy Kaplan writes on The Mercury News:

For years, San Jose police never told anyone when fingerprint technicians could not agree about whether a suspect's prints matched those taken from the crime scene.

Instead, the police department's Central Identification Unit generated a report indicating that two technicians agreed the suspect's prints had been positively identified, while omitting that a third technician dissented.

The police stuck to that policy even after prosecutors and outside experts warned them they could not legally withhold the information from defense attorneys, and urged them to change their procedures. Last month, the department finally finished a slow-paced review dating back to mid-2007 and overhauled the policy so that the doubts are reflected, soon after the Mercury News filed Public Record Act requests about the issue.

"They were trying to suppress favorable evidence to the defense, it's clear as day," said Michael Kresser, director of the Sixth District Appellate Program. "How any law enforcement agency didn't understand that that is not legal is beyond me," said Kresser, referring to the U.S. Supreme Court mandate in Brady vs. Maryland that members of the prosecution team must provide defense attorneys with any evidence that could potentially help their clients.

The revelation of the withheld evidence comes on the heels of a controversy about withheld medical examination videotapes of children believed to be victims of sexual abuse; the Santa Clara County District Attorney's Office is belatedly notifying defense attorneys in hundreds of cases that ended in conviction, dating back to 1991, that videotapes that potentially could help their clients exist.

More here.

Taiwan: Malicious Software Enables Cellphone Surveillance

Via The Taipei Times.

The Criminal Investigation Bureau (CIB) on Friday took into custody a manager of a company that sold illegal software allowing those interested in obtaining private information to send unidentified SMS text messages to infect cellphones.

Once a phone has been infected, the sender could listen in on private conversations and view the recipient’s text messages, police said, adding that people with cellphones using the Symbian 60 operating system were at the greatest risk of becoming infected.

Members of the National Communications Commission (NCC) and other law enforcement agencies on Friday searched the company after receiving information from the Taoyuan District Prosecutors Office, and discovered the illegal software along with chips.

A manager by the surname Koo (古) was taken into custody on charges of breaking the Communications Act (通訊傳播法) and violating privacy.

The CIB said that bugs in the Symbian operating system were exploited by the software, which was first invented in China in 2007, replacing more traditional methods of phone tapping where a chip had to be physically inserted into a phone.

More here.

Hat-tip: Homeland Reading List

Big Plans in China for Revolution's 60th Anniversary

Barbara Demick writes in The Los Angeles Times:

The Chinese Communist Party loves its anniversaries, so it comes as no surprise that the bosses in Beijing are planning a blowout to commemorate the 60th year since the nation's founding.

President Hu Jintao has commissioned an extra-stretch limousine, 19 feet long, for the October festivities. A year before the occasion, the Beijing municipality put out advertisements for women between the ages of 17 and 25 (height between 5'3" and 5'7") to perform in the parade; rehearsals began in December.

"This is the tradition in Communist culture. They use these grand occasions to justify their existence," said Li Datong, former editor of the youth supplement of the China Youth Daily, and now a pro-democracy activist.

But critics of the Communist Party love anniversaries too, and 2009 is fraught with sensitive ones: Tuesday is the 50th anniversary of an uprising in Tibet that led to the flight of the Dalai Lama to India. On June 4, the 20th anniversary of the bloody crackdown on student demonstrations at Tiananmen Square. And on July 22, the 10th-year anniversary since the banning of the spiritual group called Falun Gong.

At the same time, the Oct. 1 anniversary festivities, which are supposed to re-create some of the glitz of the 2008 Summer Olympics, carry the same risks as the Games -- in that anything in China that occasions large crowds also triggers protests. Just as happened last year in the run-up to the Olympics, extra troops and armed police are being deployed in probably trouble spots.

More here.

Note: And we can fully expect these issues to spill over into cyber space... -ferg

Image source: Susan Spano / Los Angeles Times

Mininova Hit By Massive DDoS Attack

Via TorrentFreak.

Mininova, one of the leading BitTorrent sites, has been suffering from a massive DDoS attack over the past few days. Originating from a botnet spanning three continents, the attacks vary in strength and are causing the site to be completely inaccessible at times. The Mininova team is working on a solution.

DDoS attacks are not an unusual event for BitTorrent sites, with smaller sites suffering the effects more often than they’d like. However, to take out one of the big players requires some serious power, and that is exactly what Mininova is up against right now.

Mininova co-founder Niek confirmed to TorrentFreak that they have been suffering from a DDoS attack over the past few days. The site is currently being pounded by a botnet of hundreds of computers which is slowing the site down significantly and at times making it completely inaccessible.

Niek said that he has no idea who’s behind the attack or why they chose to target Mininova. This is not the first time the site has had to deal with a Denial of Service attack, but they haven’t witnessed one of this magnitude before.

More here.

Image source: TorrentFreak

Friday, March 06, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, March 6, 2009, at least 4,255 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,421 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is the same as the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, March 6, 2009, at least 589 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EST.

Of those, the military reports 434 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Friday Monkey Blogging: Gorillas Know Sign Langauge From Birth

As I mentioned a few months ago, I started a regularly recurring blog entry meme every Friday afternoon, inspired by Bruce Schneier's regular series of "Friday Squid Blogging" posts, and my very own maddening Monkey Theory.

Here is this week's installment.

Claire Bates writes on The Mail Online:

Gorillas are born with an international sign language of gestures that they use to communicate.

The largest scientific study of the great apes revealed they had a repertoire of 102 different signals - more than any other mammal.

Many of these such as 'disco arm shake' and 'tapping other' were common in all the gorillas studied despite being in different continents.

The researchers from St Andrews University also found each gesture was carried out with close attention to their audience: silent signals were only given when other apes could see them.

Lead author Professor Byrne said: 'As we added more populations to the study, most gestures that had seemed specific to one individual or one site almost always turned up elsewhere.

'Any two populations are likely to differ a lot in the repertoire of gestures shown, but all are drawn from a very large, species-wide ‘pool’ of possible gestural signals.'

The team concluded that the gestures do not need to be learnt, because they are
already part of the natural gorilla communicative repertoire.

More here.

Image source: The Mail Online

Conficker Worm Strikes Back With New Variant

Erik Larkin writes on PC World's "Security Alert" Blog:

The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.

Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm's mysterious creators haven't abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.

Vincent Weafer, Vice President, Symantec Security Response, says the company has only seen the new variation as an update that was sent to an existing worm on a honeypot (a machine that's purposely left infected to watch for updates and changes). Symantec hasn't yet seen this functionality in a new worm variant that can spread on its own, Weafer says, but that may be coming.

In addition to the strike against security software, which is a common tactic for malware, the new functionality also expands the lists of domains Conficker will check each day for updates from 250 to 50,000. This is a clear attempt to counter an industry coalition that attempts to block access to those domains each day.

More here.

Behind The Estonia Cyber Attacks

Robert Coalson writes on Radio Free Europe/Radio Liberty:

In the spring of 2007, a cyberattack on Estonia blocked websites and paralyzed the country's entire Internet infrastructure. At the peak of the crisis, bank cards and mobile-phone networks were temporarily frozen, setting off alarm bells in the tech-dependent country -- and in NATO as well.

The cyberattacks came at a time when Estonia was embroiled in a dispute with Russia over the removal of a Soviet-era war memorial from the center of Tallinn. Moscow denied any involvement in the attacks, but Estonian officials were convinced of Russia's involvement in the plot.

A new blog post for Ekho Moskvy makes a startling revelation about the 2007 attacks. The post, by journalist Nargiz Asadova -- a columnist for RIA Novosti based in Washington, and an Ekho Moskvy host -- describes a March 3 panel discussion between Russian and American experts on information warfare in the 21st century.

Asadova, who was moderating the discussion, asked why Russia is routinely blamed for the cyberattacks in Estonia and Georgia, where government sites were seriously disrupted during the August war.

She might not have been expecting the answer she got from Sergei Markov, a State Duma Deputy from the pro-Kremlin Unified Russia party: "About the cyberattack on Estonia... don't worry, that attack was carried out by my assistant. I won't tell you his name, because then he might not be able to get visas."

Markov, a political analyst who has long been one of Vladimir Putin's glibbest defenders, went on to explain that this assistant happened to be in "one of the unrecognized republics" during the dispute with Estonia and had decided on his own that "something bad had to be done to these fascists." So he went ahead and launched a cyberwar.

"Turns out it was purely a reaction from civil society," Markov reportedly said, adding ominously, "and, incidentally, such things will happen more and more."

In Russia, Markov's confession is all over the blogosphere, but has yet to be picked up by the Russian media.

More here.

Hat-tip: IntelFusion

U.S. Cyber Security Czar Quits Amid Fears of NSA Takeover

Noah Shachtman writes on Danger Room:

Rod Beckström, the Department of Homeland Security's controversial cybersecurity chief, has suddenly resigned amid allegations of power grabs and bureaucratic infighting.

Beckström — a management theorist, entrepreneur, and author — was named last year to head up the new National Cybersecurity Center. To some, it seemed an odd choice since Beckström isn't an expert in security. But the hope was that he could use his management skills to help coordinate the nation's often-dysfunctional network defenses.

Part of the Department of Homeland Security — for now, the government's lead agency for cyber protection — the Center was supposed to be the one place where the defense of civilian, military, and intelligence network could all be marshaled together.

At least, that was the idea. But the Center never had a chance to even start doing its job, Beckström complained in a resignation letter to DHS Secretary Janet Napolitano that has been obtained by Danger Room. The Center "did not receive appropriate support" from the Department of Homeland Security to help coordinate network defenses, he said.

More here.

Thursday, March 05, 2009

MI6: Veteran Intelligence Officers Being Asked to Stay Beyond Retirement

An AP newswire article, via, reports that:

When 007 hits 65, should he be deep-sixed?

No, say British intelligence chiefs, who want their older officers to keep working, even if it means Her Majesty's secret service has spies who hobble in from the cold.

Lawmakers disclosed Thursday that veteran intelligence operatives are being asked to keep working after their usual retirement date to tackle an unrelenting threat from terrorism.

Britain's veteran spies — like all senior government staff — must step down at the age of 65, according to government policy — but are instead being kept in their posts as exceptions to the rule.

In testimony to lawmakers published in a new report, the head of Britain's overseas intelligence agency MI6, John Scarlett, said the knowledge and skills of veterans is crucial to his agency's work.

More here.

Classic xkcd: Correlation

Click for larger image.

We love xkcd.

- ferg

Quote of The Day: Andrew Allemann

"I’ve been duped."

"When ICANN announced it was commissioning a report on the effect of price caps on new TLDs, I assume it would seek an unbiased report. Instead, ICANN used domain owner’s money to hire an economist to defend its views."

- Andrew Allemann, writing on Domain Name Wire.

Embassies of Malta Servers Compromised


The information security and risk management department of the Malta IT Agency (MITA) on Wednesday identified unauthorised software on a server used for the storage of user credentials of personnel in embassies of Malta abroad.

MITA said [.pdf]the unauthorised software was identified by security monitoring and alerting tools recently deployed by the agency as part of an overall framework of security tightening.

Immediately upon detection MITA requested its US-based IT security advisory firm to provide it with an assessment of the potential breach based on the evidence collected by MITA.

Preliminary analysis indicates that the software only had the potential to extract user names and passwords on the embassies server.

Although MITA has no evidence that any breach occurred, throughout Wednesday night, to ensure absolute safety of the integrity of data in its responsibility, MITA carried out an operation which entailed the disabling of all accounts of users on the embassies’ server and users occupying sensitive positions.

More here.

Botnet Hacker Gets Four Years - UPDATE

Via Threat Level.

A Los Angeles man was sentenced late Wednesday in federal court to four years in prison after pleading guilty last year to infecting as many as 250,000 computers and stealing thousands of peoples' identities and hijacking their bank accounts.

The Los Angeles authorities said John Schiefer, 27, was the nation's first defendant to plead guilty to wiretapping charges [.pdf] in connection to using botnets.

Schiefer, who went by the online handle "acidstorm," faced as many as 60 years in prison and acknowledged using a botnet to remotely control computers across the United States. Once in control of the computers, the authorities said [.pdf], his spybot malware allowed him to intercept computer communications. He mined usernames and passwords on accounts such as PayPal and made purchases totaling thousands of dollars without consent.

The authorities said he worked by day as an information security consultant with 3G Communications.

The defendant was among eight individuals indicted or successfully prosecuted in a crack down on black hat hackers who use armies of zombie computers to commit financial fraud, attack web sites with floods of traffic and send spam. The crimes at issue involved more than $20 million in losses, according to the FBI.

More here.

UPDATE: 16:54 PST: Rafe Needleman writes over on C|Net News that Mr. Schiefer is currently working at Mahalo until his incarceration begins. -ferg

Wednesday, March 04, 2009

Mark Fiore: Hopping Mad!

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Image of The Day: Cisco Upgrade Grid

Kevin Pope, for Juniper Networks.

Many more over on Brad Reese's Blog here.


- ferg

Cyber Criminal Leads Ukranian Political Party

Graham Cluley writes:

Meet Dmitry Golubov, leader of the Internet Party of the Ukraine (IPU).

The party held its first official congress on March 1st (you can see some photographs of the event here), where Golubov no doubt reaffirmed his party's platform of rooting out public corruption, returning nuclear weapons to the Ukraine and "electronic government against bureaucracy".

What Golubov may not have talked about in his address to a packed conference room was that in July 2005 he was arrested in Odessa, and accused of being "Script", the mysterious hacker who ran the CarderPlanet website that became a mecca for cybercriminals interested in trading information about how to make money from stolen credit card numbers and identities.

Millions of dollars are said to have been lost by American financial institutions because of, and Golubov was eventually jailed for his involvement.

Curiously, the tale didn't end there however. In December 2005 two Ukranian politicians managed to convince a judge to release Golubov from prison claiming there was insufficient evidence of his guilt. Golubov has strongly denied his guilt, claiming that he was himself the victim of "identity theft" that framed him.

More here.

Image source: Graham Cluley's Blog

Hackers Break In To Spotify

Bobbi Johnson writes on The Guardian:

Much-vaunted online music service Spotify has been dealt a blow, after revealing that thousands of users' personal details may have been stolen by hackers.

According to an announcement by the service – which now has more than a million users worldwide – a group of computer criminals found a loophole in the program that gave them access to some users' passwords.

Although the passwords are encrypted, Spotify confirmed that they were still potentially vulnerable to a so-called "brute force" attack to try and guess them.

"Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed," the company said. "Credit card numbers are not stored by us and were not at risk."

It said that the bug in the system was spotted and fixed shortly before Christmas, meaning that only users who signed up before December 19 could be affected. It is not clear how many people were using the service at that time, since Spotify was still an invitation-only service and has grown more rapidly in the subsequent months.

It is a troubling moment for Spotify, which is based in Sweden and London, and has been hailed by some as the future of online music.

More here.

Firefox 3.0.7 Released

Fixed in Firefox 3.0.7:

MFSA 2009-11 URL spoofing with invisible control characters
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability
MFSA 2009-07 Crashes with evidence of memory corruption (rv:

Get it here.

- ferg

War Dialing Gets An Upgrade

Via SecurityFocus.

The co-founder of the Metasploit Project aims to upgrade wardialers this week, speeding surveys of blocks of phone numbers using voice-over-IP lines and storing data on who — or what — answers the phone at each number.

Dubbed Warvox, the software makes war dialing — which, today, involves expensive software and modem banks to efficiently check numbers — much less expensive and less time-consuming by using voice-over-IP lines. With only about 4 percent of numbers leading to modems, traditional war dialing misses the point, said HD Moore, the author of Warvox and project lead of the Metasploit Project.

"There are not that many modems out there," he said. "So they go through ten thousands numbers just to find a few hundred modems, at most."

War dialing remains popular among penetration testers because corporate security frequently misses problems such as unsecured modems, unauthorized wireless access points and other asset issues, Moore said. In 2002, one hacker claimed that 90 percent of companies could be attacked through modem lines. Today, modems are still a problem for some companies — especially infrastructure firms that employ modems as part of their SCADA network.

The Warvox software, which waits on a final bug fix before before being released, uses pay-per-minute voice-over-IP lines to dial roughly ten lines at the same time and record 20 seconds of any answer. The additional audio data makes war dialing a lot more interesting, because it does not just look for lines connected to modems but also classifies other lines as well, Moore said. For example, by comparing the pauses between words, the security researcher was able to pick out numbers that used the same voicemail system.

More here.

German Police Shut Down Hacker Forum

Via The H Online.

As our fellow heise Security German language web site reports, special internet investigators of Baden-Württemberg's (Landeskriminalamt, LKA) have closed down a forum for sharing malicious software. The platform was used for selling password stealers and offered information about how to find and steal sensitive data and how to forge credit cards. The forum's admin and operator is said to have been a 22-year-old Swiss from the Canton of Lucerne, Switzerland, who reportedly also developed and sold the "Codesoft PW Stealer 0.5" malware under his nickname "tr1p0d".

Following a mutual assistance request by public prosecutors in Offenburg, Swiss criminal investigators searched the 22-year-old's flat on the 25th of February, 2009, and seized two PCs with several terabytes of storage capacity as well as comprehensive documentation. According to the LKA, the forum's user database "including all accessible contacts and users' IP addresses" was saved. These will now be examined. Traces of are still to be found on the Blackhat forum.

The investigators had previously found illegally obtained data which had been sent by infected PCs and temporarily deposited in a "drop zone" on a German provider's server. The LKA's internet investigators analysed the accesses to this server and managed to identify two main suspects, a 25-year-old from the Ortenaukreis district and a 27-year-old from Lower Saxony. The two men are suspected to have infected more than 80,000 PCs worldwide with the "Codesoft PW Stealer" software since September 2008.

The Codesoft trojan collected users' sensitive data, such as user names and passwords from infected PCs. This illegally obtained information is then said to have been sold profitably via relevant internet forums. The LKA says that it is also investigating a currently unknown number of suspects, who allegedly used the stolen data for fraudulent internet purchases.

More here.

China Readies Military Space Station – Launch Coincides With Shuttle Phaseout

Craig Covault writes on Spaceflight Now:

China is aggressively accelerating the pace of its manned space program by developing a 17,000 lb. man-tended military space laboratory planned for launch by late 2010. The mission will coincide with a halt in U.S. manned flight with phase-out of the shuttle.

The project is being led by the General Armaments Department of the People's Liberation Army, and gives the Chinese two separate station development programs.

Shenzhou 8, the first mission to the outpost in early 2011 will be flown unmanned to test robotic docking systems. Subsequent missions will be manned to utilize the new pressurized module capabilities of the Tiangong outpost.

Importantly, China is openly acknowledging that the new Tiangong outpost will involve military space operations and technology development.

More here.

Image source: Spaceflight Now

Tuesday, March 03, 2009

Classic xkcd: Etch-a-Sketch

Click for larger image.

We love xkcd.

- ferg

Legacy Futures in Cyber Space: To Deal With Future Problems, It Helps to Look Forward

Adam Elkus writes on Threats Watch:

At the information security convention Black Hat DC, homeland security expert Paul Kurtz argued in favor of developing sophisticated cyberweapons to deter attacks on American networks. However, as ThreatsWatch's own Michael Tanji observes, cyber-deterrence makes as much sense as trying to ban math. With anyone with a computer science degree able to develop malicious code, Cold War concepts of deterrence and non-proliferation are useless.

Nebulous concepts of cyber-deterrence are but one isolated symptom of a severe problem within the cyber-industrial complex: the pervasive reach of "legacy futures."

Futurist Jamais Cascio writes that legacy futures are old conceptions of the future that act as a deadweight drag on the policy planning process:

"Legacy futures are rarely still useful, but have so thoroughly colonized our minds that even new scenarios and futures models may end up making explicit or implicit references to them."

Cyberspace is a radically new battlespace, but security experts and strategists increasingly draw on the legacy future of the Cold War for strategic concepts and solutions. But can one really deter Russian hackers hiding behind a wall of botnets and proxy servers or contain stateless global guerrillas in an era of porous borders? Applied to the brave new world of cyber-conflict and networked insurgency, Cold War concepts muddle rather than clarify.

More here.

From Left Field: From a Belarus Prison, U.S. Lawyer's Last Battle

Bob Drogan writes in The Los Angeles Times:

One of post-Soviet Russia's most powerful oligarchs, Badri Patarkatsishvili, left a business empire worth billions of dollars when he died of a heart attack in England on Feb. 12 last year.

What he didn't leave, according to his family, was a will.

But two days later, an obscure New York lawyer named Emanuel Zeltser appeared at the wake and told the grieving widow that her late husband had signed a secret will, given him power of attorney, and named a half-cousin in Florida as executor.

The news stunned the family. So did the events that followed.

Over the next month, Zeltser and the half-cousin sought access to the mogul's investments around the globe. The family sued in U.S. federal court, accusing the two Americans of trying to loot the huge estate with forged documents.

Then Zeltser flew -- or was kidnapped -- to Belarus, a former Soviet republic. He was immediately arrested and charged with economic espionage and use of false official documents to defraud the estate. He denied the charges, but was sentenced in a closed-door trial to three years in prison, where he remains today.

How Zeltser landed in Penal Colony #15 in eastern Belarus involves more than a bare-knuckle legal battle. It is a startling tale of a hard-charging U.S. lawyer who has fought allegations of fraud and forgery in the past, and now is ensnared in a case that may cost him his life.

That has turned the situation into an official U.S. concern.

More here.

Note: This story is rather fascinating to me, for some odd reason, perhaps because there seems to be a lot of details missing about some of the events described in this article. Maybe I'll poke around a bit more... -ferg

Gartner: Financial Fraud Hits 7.5 Percent of U.S. Adults

Elinor Mills writes on C|Net News:

About 7.5 percent of U.S. adults lost money as a result of financial fraud last year, mostly due to data breaches, according to a new Gartner study to be released on Tuesday night.

In the survey of nearly 5,000 consumers, 70 percent said they had never been a victim of identity theft fraud. Meanwhile 14 percent said they had had their credit card information used to charge purchases or get money, 7 percent said their debit card was used, 6 percent said a new account had been opened in their name, 5 percent had money transferred out of their account, and 4 percent had had checks forged.

Recovering losses was easier for people victimized by brokerage, credit card, and debit card account fraud compared to victims of new loan account fraud, check forgery, and checking/savings account fraud, partly because victims didn't try to recover money.

Of those who had new accounts opened in their name, 35 percent suffered from a damaged credit rating and slightly more than half were able to restore their rating, usually in less than one month. For about 20 percent it took more than a year, and for 9 percent it took three to five years, the survey found.

Overall, less than one-third of the victims reported the crimes to law enforcement and about 5 percent reported it to the U.S. Federal Trade Commission.

Not only do many victims not report the crime, but many of the crimes go unprosecuted. There were only 564 convictions made for about 800 identity-theft-related fraud cases in 2007, according to the National Institute of Justice's Electronic Crime Program, a part of the U.S. Justice Department.

"The chances of a criminal getting arrested and convicted for identity theft-related fraud are much less than a half of 1 percent," the study said.

More here.

Nigerian Accused in Scheme to Swindle Citibank

Benjamin Weiser writes in The New York Times:

Swindles in which someone overseas seeks access to a person’s bank account are so well known that most potential victims can spot them in seconds.

But one man found success by tweaking the formula, prosecutors say: Rather than trying to dupe an account holder into giving up information, he duped the bank. And instead of swindling a person, he tried to rob a country — of $27 million.

To carry out the elaborate scheme, prosecutors in New York said on Friday, the man, identified as Paul Gabriel Amos, 37, a Nigerian citizen who lived in Singapore, worked with others to create official-looking documents that instructed Citibank to wire the money in two dozen transactions to accounts that Mr. Amos and the others controlled around the world.

The money came from a Citibank account in New York held by the National Bank of Ethiopia, that country’s central bank. Prosecutors said the conspirators, contacted by Citibank to verify the transactions, posed as Ethiopian bank officials and approved the transfers.

Mr. Amos was arrested last month as he tried to enter the United States through Los Angeles, a prosecutor, Marcus A. Asner, said in Federal District Court in Manhattan.

More here.

Note: Not sure how I missed this earlier, but probably due to business travel. Enjoy. -ferg

Security Fix: From (& To) Russia, With Love

Brian Krebs writes on Security Fix:

If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that U.S. authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity.

But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?

As Security Fix documented in When Cyber Criminals Eat Their Own, a common misconception about hacker groups in Russia and the former Soviet nations is that they avoid targeting their own people. On the contrary, aggregate statistics from recent attacks and outbreaks strongly suggest that perception no longer matches reality.

One gradual but notable shift on this front has been the increasing willingness of Russian and Eastern European cyber gangs to target companies in their home countries in virtual shakedowns known as distributed-denial-of-service (DDoS) attacks, according to exclusive data provided by cyber security research firm Team Cymru (pronounced kum-ree).

More here.

In Passing: Jim Bound

Jim Bound

I received word today that a friend & colleague of mine -- Jim Bound -- has died.

This is very sad news for me, as I knew Jim very well, and worked with him in the IETF for most of the latter half of the 1990's. Jim was very well respected -- and sometimes ridiculed -- for his tough positions and outspoken nature.

Aside from being a friend & colleague, Jim was an Hewlett Packard Fellow, and CTO of the IPv6 Forum.

He will be missed.

- ferg

Update: 17:35 PDT, 5 March 2009: NetworkWorld has a very nice article on Jim's passing here. -ferg

Monday, March 02, 2009

U.S. Government Continues to Keep Its .Gov Domain Names Secret

Thomas Claburn writes on InformationWeek:

President Obama in January promised "an unprecedented level of openness in government." But the government has yet to get the memo.

Asked in a Freedom of Information Act (FOIA) request to provide a list of the .gov domains, including the agency registering the domain, the General Services Administration declined, citing 2007 Department of Justice FOIA guidelines.

The GSA claims that "release of the requested sensitive but unclassified information presents a security risk to the top level Internet domain enterprise."

The decision comes despite an explicit directive by the president to agency heads in January that FOIA requests should be decided in favor of openness.

"All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open government," the president's memo states. "The presumption of disclosure should be applied to all decisions involving FOIA."

In January, there were 4,657 .gov domains, a number that, according to the GSA, has been growing at a rate of about 10% annually for the past few years. Some 1,724 of the domains are associated with federal agencies and 2,424 are associated with cities and counties. Native American tribes have about 107.

More here.

'Thumb Drives Are Like Unsafe Sex'

Bob Brewin writes on GovExec:

That's the view of Joel Brenner, national counter-intelligence executive, who said he views the use of thumb drives on national security information systems as "the electronic equivalent of unprotected sex and the biggest sources of what I call ETDs, or electronically transmitted diseases."

Brenner, who was speaking at the 4th annual Multi-INT conference, sponsored by the Institute for Defense and Government Advancement in Vienna, Va., said [.pdf] thumb drives allow potential spies to steal more data than any spy in history, such as Aldrich Ames, Christopher Boyce, or Andrew Daulton Lee, who had to laboriously copy paper files before handing them over to Soviet intelligence agents.

Today, Brenner said, "You can walk into may corporate and government offices, slip a thumb drive into a USB port and download in seconds more information than all those traitors stole together. We've come a long way from Whittaker Chambers stuffing information in a hollow pumpkin."

More here.

U.S. Judge Orders Defendant to Decrypt PGP-Protected Laptop

Declan McCullagh writes on C|Net News:

A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.

In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.

"Boucher is directed to provide an unencrypted version of the Z drive viewed by the ICE agent," Sessions wrote in an opinion last week, referring to Homeland Security's Immigration and Customs Enforcement bureau. Police claim to have viewed illegal images on the laptop at the border, but say they couldn't access the Z: drive when they tried again nine days after Boucher was arrested.

Boucher's attorney, Jim Budreau, already has filed an appeal to the Second Circuit. That makes it likely to turn into a precedent-setting case that creates new ground rules for electronic privacy, especially since Homeland Security claims the right to seize laptops at the border for an indefinite period. Budreau was out of the office on Thursday and could not immediately be reached for comment.

The Fifth Amendment says nobody can be "compelled in any criminal case to be a witness against himself," which Magistrate Judge Jerome Niedermeier ruled in November 2007 prevented Boucher from being forced to divulge his passphrase to prosecutors.

More here.

Note: I originally missed this last week due to business travel, but here it is now. -ferg

UK's Poor Record on Prosecuting Hackers Revealed

Sarah Hilley writes on

Experts have called for more police resources to fight computer crime, after it emerged that only 299 hackers have been charged under the UK's computer crime law over the past four years.

Computer Weekly has discovered that only 110 cases involving unauthorised access and virus writing reached magistrates' courts across the country last year from November 2007 to October 2008, 59 cases reached court in the year to October 2007, while 49 cases were brought to court in the year to October 2006.

The figures, obtained by CW under the Freedom Of Information Act, pale in comparison with the estimated amount of computer crime taking place.

The DTI Information Security Breaches Survey showed that 96% of large companies suffered a security incident last year, and 13% of all companies detected unauthorised access on their networks.

There were 144,500 cases of computer misuse in the UK in 2006, according to a survey by online identity firm Garlik. The study found a further six million virus incidents took place during the same period.

More here.

ICANN President to Step Down by Year's End

Grant Gross writes on ComputerWorld:

Paul Twomey, president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN) since March 2003, will step down at the end of the year, the organization announced Monday.

Twomey told the ICANN board he does not want to renew his contract for another three-year term, he said in an ICANN statement. Twomey announced his departure during an ICANN meeting in Mexico City.

His decision to leave comes as ICANN, the nonprofit organization created in 1998 to oversee the Internet's Domain Name System, is moving away from long-time ties with the U.S. government. ICANN's long-time memorandum of understanding with the U.S. Department of Commerce expires in September, and ICANN leaders have said they want to remove the perception that they are controlled by the U.S. government.

More here.

Sunday, March 01, 2009

Romanian Hacker Being 'Head Hunted' While in Jail

Nick Farrell writes on The Inquirer:

A Romanian hacker who stole cash from an Italian bank has become a star student at a local university and is being courted by several software security firms.

Gabriel Bogdan Ionescu is currently doing three years and one month's porridge in Bassone di Como for writing software to steal money from Poste Italiane's accounts.

Four months ago the 22-year-old enrolled in the Faculty of Engineering of the Politecnico di Milano, and passed exams in computer science and mathematical analysis with top marks.

The Italian press are a little concerned that software companies are lining up to hire the hacker when he gets out. It seems that trying to rob a bank was the best career move he ever made.

More here.

UK: Medical Records of Gordon Brown and Alex Salmond 'Hacked'

Mark Aitken writes on The Sunday Mail:

A hacker attack on the health records of Gordon Brown and Alex Salmond has sparked a huge security alert.

Confidential computer files on the Prime Minister and Holyrood's First Minister were illegally targeted along with the records of scores of other high-profile Scots.

We can reveal former Labour leader Jack McConnell and his culture chief wife Bridget have also had their sensitive files hacked.

BBC stars, including newsreader Jackie Bird, and Old Firm footballers have also been victims.

The breach was discovered on a national database called the Emergency Care Summary system, which holds the details of 2.5million people in Scotland.

It contains personal data such as names, ages, addresses, current medication and any adverse reactions to prescribed medicines.

More here.

Estonian Jailed Over 'Biggest Spy Scandal in NATO History'

James Blitz and Tony Barber write in The Financial Times:

An Estonian official who passed NATO and other defence and diplomatic secrets to Russia was jailed for more than 12 years yesterday, ending what investigators called "the biggest ever spy scandal in NATO history".

Herman Simm, 61, handed over more than 2,000 pages of information to his handlers in Russia's SVR Foreign Intelligence Service, according to documents linked to the investigation.

EU diplomats said the Estonian spy had also seriously compromised the EU's internal security procedures. "He had total access to NATO and EU stuff and was handing everything he could find to his Russian handlers," one EU diplomat said.

Mr Simm worked at the Estonian defence ministry from 1995 to 2006 and had access to top secret documents, including those related to NATO, which Estonia joined in 2004.

An Estonian district court said it had convicted Mr Simm of state treason and passing on classified information and jailed him for 12 years and six months.

More here.