U.S. Electrical Grid Penetrated By Foreign Cyber Spies
Siobhan Gorman writes in The Wall Street Journal:
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."
The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."
More
here.
Industry Group Calls For Public-Private Cyber Security Standards
Jill R. Aitoro writes on NextGov:
The federal government should establish minimum standards of cybersecurity for both public and private organizations, rather than focus primarily on requirements for protecting government computer networks, according to recommendations from an association of intelligence and security professionals.
A comprehensive cybersecurity plan, coordinated by the White House, should include a common set of standards defining the level of cyber defense that private sector organizations use for their computer systems and networks based upon the sensitivity of information, and providing guidelines for assessing cyber preparedness, concluded a report [.pdf] from the Arlington, Va.-based Intelligence and National Security Alliance. INSA formed a task force with representatives from 26 companies to provide recommendations for a national cybersecurity plan to Melissa Hathaway, senior director for cyberspace for the administration's national security and homeland security councils. Hathaway is nearing the end of a 60-day review of federal cybersecurity initiatives the Obama administration ordered.
Private sector organizations typically oversee their own network security, or follow industry standards for protecting information. Common standards for the public and private sectors would ensure a base level of security across all industries, said Frank Blanco, INSA's executive vice president. He added that the federal government could encourage compliance by soliciting input from industry on effective minimum standards.
"There's always the danger" that government recommendations will face pushback from industry, Blanco said. "But if industry and government are in a room together, talking about what the minimum standards should include and what that would mean for everyone involved, industry would be more receptive."
More
here.
DoD: Cyber Security is Each User's Responsibility
David Perera writes on FCW.com:
Securing the Defense Department's networks from attacks will require wide ranging changes to military culture, conduct and capabilities, said Air Force Gen. Kevin Chilton, commander of the Strategic Command.
The users of the networks "are making it too easy for our adversaries" to exploit weaknesses, he said before a conference on cybersecurity sponsored by Armed Forces Communications Electronics Association International.
“We know we don’t have the answers and oftentimes don’t even know what the right questions are to ask,” he said.
The military still does not have a good grasp of which machines are connected to the Secret Internet Protocol Router Network, a classified DOD intranet, Chilton said. There’s no comprehensive situational awareness of network status and incident response requires more real-time automatic intervention than exists today, he added. A culture of treating information technology as a convenience rather than an essential platform persists, despite the fact that local vulnerabilities can create global effects.
“People think that the rules don’t apply to them, for whatever reason," he said. "There are adversaries today out there who are taking advantage of that misbehavior and that lack of discipline.”
More
here.
Pentagon Bill To Fix Cyber Attacks: $100M
An AP newswire article, via CBS News, reports that:
The Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems, military leaders said Tuesday.
Air Force Gen. Kevin Chilton, who heads U.S. Strategic Command, said the military is only beginning to track the costs, which are triggered by constant daily attacks against military networks ranging from the Pentagon to bases around the country.
"The important thing is that we recognize that we are under assault from the least sophisticated - what I would say the bored teenager - all the way up to the sophisticated nation-state, with some pretty criminal elements sandwiched in-between," said Chilton, adding that the motivations include everything from vandalism to espionage. "This is indeed our big challenge, as we think about how to defend it."
According to Army Brig. Gen. John Davis, deputy commander for network operations, the money was spent on manpower, computer technology and contractors hired to clean up after both external probes and internal mistakes. Strategic Command is responsible for protecting and monitoring the military's information grid, as well as coordinating any offensive cyber warfare on behalf of the U.S.
More
here.
Hat-tip: Elinor Mills
FBI Defends Disruptive Raids on Texas Data Centers
Kim Zetter writes on Threat Level:
The FBI on Tuesday defended its raids on at least two data centers in Texas, in which agents carted out equipment and disrupted service to hundreds of businesses.
The raids were part of an investigation prompted by complaints from AT&T and Verizon about unpaid bills allegedly owed by some data center customers, according to court records. One data center owner charges that the telecoms are using the FBI to collect debts that should be resolved in civil court. But on Tuesday, an FBI spokesman disputed that charge.
"We wouldn’t be looking at it if it was a civil matter," says Mark White, spokesman for the FBI's Dallas office. "And a judge wouldn’t sign a federal search warrant if there wasn’t probable cause to believe that a fraud took place and that the equipment we asked to seize had evidence pertaining to the criminal violation."
In interviews with Threat Level, companies affected by the raids say they've lost millions of dollars in equipment and business after the FBI hauled off gear belonging to phone and VoIP providers, a credit card processing company and other businesses that housed equipment at the centers. Nobody has been charged in the FBI's investigation.
More
here.
Virginia Universities 'Hotbeds of Terrorist Activity'? Give Me a Break
Via ACLU.org.
A recently published “terrorism threat assessment” from a Virginia fusion center says the state’s universities and colleges are “nodes for radicalization” and encourages law enforcement to monitor First Amendment-protected activities of educational and religious foundations as terrorism threats. The document, which drew concern today from the American Civil Liberties Union over its constitutional implications, also characterizes the “diversity” surrounding a Virginia military base and the state’s “historically black” colleges as possible threats. The March 2009 document, which claims there are currently at least fifty active “terrorist and extremist” groups in Virginia, is posted on the website www.cryptome.com.
The federal government has facilitated the growth of a network of fusion centers since 9/11 to expand information collection and sharing practices among law enforcement agencies, the private sector and the intelligence community. There are currently 70 fusion centers in the United States.
“If we are to believe this exaggerated threat assessment, Virginia’s learning and religious institutions must be hotbeds of terrorist activity,” said Caroline Fredrickson, Director of the ACLU Washington Legislative Office. “This document and its authors have displayed a fundamental disregard for our constitutional rights of free expression and association. Unfortunately, it’s not the first time we’ve seen such an indifference to these basic rights from local fusion centers. Congress must take the necessary steps to institute real and thorough oversight mechanisms at fusion centers before we reach a point where we are all considered potential suspects.”
The Virginia threat assessment comes on the heels of two recently publicized and troubling documents from Texas and Missouri fusion centers. From directing local police to investigate non-violent political activists and religious groups in Texas to advocating surveillance of third-party presidential candidate supporters in Missouri, there have been repeated and persistent disclosures of troubling memos and reports from local fusions centers. Last week, the ACLU sent five letters to the Department of Homeland Security (DHS) Office of Civil Rights and Civil Liberties urging investigations into five troubling incidents, several of which have stemmed from DHS-funded fusion centers.
More
here.
Crypto-Politics Creep Into DNSSEC
Brenden Kuerbis writes on the Internet Governance Project Blog:
While the fight over using cryptography to protect personal communications was allegedly "won" during the late 1990s, the battle over using it to protect critical Internet resources is just heating up. News from the recent IETF in San Francisco and RANS conference in Moscow suggests that national crypto laws are now complicating efforts to secure the DNS.
Specifically, supporters of .ru have noted that while they are interested in deploying DNSSEC, there are legal and operational constraints surrounding the current crypto specs in the standard (i.e., RSA signature and SHA digest algorithms) that could make it difficult for Russian based organizations to deploy the protocol. There are now efforts being made to introduce the Russian developed GOST family of algorithms into the protocol.
In developing DNSSEC, the DNSEXT Working Group recognized the need and designed the protocol to support different algorithms simultaneously. Nonetheless, the protocol documents have mostly made a habit of recommending the use of the RSA signing and SHA hashing algorithms. To some extent this simply reflects the fact that RSA has been incorporated into protocols worldwide (e.g., SSL) and has broad market acceptance. But arguably it is also an artifact of the relatively small social network of authors and mostly American organizations involved in publishing DNSEXT RFCs to date.
More
here.
U.S. Toll in Iraq, Afghanistan
Iraq and Afghanistan statistics via The Boston Globe (AP).
As of Sunday, April 5, 2009, at least 4,266 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.
The figure includes eight military civilians killed in action. At least 3,425 military personnel died as a result of hostile action, according to the military's numbers.
The AP count is two more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.
As of Sunday, April 5, 2009, at least 601 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Thursday at 10 a.m. EDT.
Of those, the military reports 444 were killed by hostile action.
More
here and
here.
And as always, the
Iraq Coalition Casualty Count keeps the grim watch on their website
here.
Honor the Fallen.
SCADA Watch: NIST Ramps Up Work on Standards for Smart Grid
William Jackson writes on GCN.com:
Spurred by economic stimulus spending that will support the development of a nationwide Smart Grid for intelligent energy distribution, the National Institute of Standards and Technology is stepping up efforts to identify or create interoperability and security standards for the new infrastructure.
In March, NIST established a full-time position to lead Smart Grid activities and hopes to recommend a suite of standards by the end of the year, said George Arnold, NIST deputy director of technical services, who is leading the effort.
“We’re doing this on a very fast track,” Arnold said. “This is doable.” Industry already has done a lot of the work, and much of NIST’s job will be to prioritize needs and identify existing standards that meet them.
More
here.
Classic xkcd: Security Question
Click for larger image.
We
love xkcd.
- ferg
Humans Prove Weak Link in Japanese Warning Network
Martyn Williams writes on NetworkWorld:
If there's one thing the Japanese government learned on Saturday -- the first of a five-day launch period for a North Korean rocket -- it's that the government's emergency information network works.
At 12:16 p.m. local time, terminals at government agencies, municipalities and media organizations across Japan flashed news from the government: "North Korea appears to have launched a projectile." Almost immediately TV stations broke into programming to deliver the news and soon after it flashed around the world.
Too bad North Korea hadn't actually launched anything. Five minutes later the same network was used to retract the warning.
The error was blamed on a misunderstanding between military staff. A radar station near Tokyo had detected something over the Sea of Japan, which separates the two countries and over which the rocket was expected to fly, and this was relayed to Japan's Air Defense Command. But there, according to local media reports, it was mistaken for data from a U.S. early warning satellite and passed on to the Defense Agency and central government and the alert was issued.
More
here.
NORAD: N. Korean Rocket Launch a Failure
An AP newswire article, via The Army Times, reports that:
North Korea claims the rocket it sent up Sunday put an experimental communications satellite into space and that it is transmitting data and patriotic songs. The U.S. military says whatever left the launch pad ended up at the bottom of the sea.
North Korea has a history of hyperbole. In creating a cult of personality for its leader, Kim Jong Il, its media rewrote the story of his birth along biblical lines and once said that when he took up golf, he was firing holes-in-one with regularity.
The North’s official Korean Central News Agency said the three-stage rocket “accurately” put a satellite into orbit nine minutes and two seconds after launch. It provided details on an elliptical orbit that it said was taking the satellite around the Earth every 104 minutes and 12 seconds.
“The satellite is transmitting the melodies of the immortal revolutionary paeans ‘Song of Gen. Kim Il Sung’ and ‘Song of Gen. Kim Jong Il’ as well as measurement data back to Earth,” KCNA said, referring to the country’s late founder and his son, the current leader.
More
here.
Report Says Interior Dept. Failed to Secure Network
Brian Krebs writes on The Washington Post:
Years after the Interior Department was warned that its computer network was dangerously exposed to hackers and was ordered by a federal judge to fix the problem, the vulnerabilities remained, to the point that the department probably could not tell if outsiders had gained access to its data, according to a newly disclosed internal report.
The report was written last spring by Interior's then-inspector general, Earl A. Devaney, but it became public only Wednesday, when it was filed with a federal appeals court as part of a decade-old, multibillion-dollar lawsuit by Native Americans against the federal government.
"It is unfathomable anyone could give assurance the Department's network is secure," Devaney wrote, adding that the department had "persistently failed to meet minimum standards in information security."
"According to the Department's own analysis, nearly 70% of the network traffic leaving the Department through a single one of its Internet gateways during the month of January 2008 was bound for known hostile countries and the Department lacked the capability to even determine what the traffic was," the report reads.
The report by Devaney appears to challenge statements Interior officials made last summer in federal court that the department's computer network security had been sufficiently improved.
More
here.
Picure of The Week: G20 Protests
Click for larger image.Protesters photograph riot police outside a Lloyds Bank in London, on April 1, 2009.
(ADRIAN DENNIS/AFP/Getty Images)
Via The Boston Globe's "Big Picture".
A Few Quiet Days… and a New Exploit of MS08-067 Has Been Identified
Via The Microsoft Malware Protection Center Blog.
April 1st is behind us and nothing really happened with Conficker. But it is never boring in the antimalware world. We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against this new malware. We added information about mitigations against this malware at the end of this blog post.
Neeris is a worm that has been active for a few years. Some of its variants used to exploit MS06-040 which addressed a vulnerability in the same Server service as MS08-067. However it looks like the authors of Neeris have been taking notes from Conficker. A new variant of the Neeris worm has been launched this week. It has some interesting similarities to Conficker:
- The new variant of Neeris has been updated to exploit MS08-067. Also, after the successful exploitation, the victim machine downloads a copy of the worm from the attacking machine using HTTP.
- Neeris spreads via autorun. The new Neeris variant even adds the same ‘Open folder to view files’ AutoPlay option that Conficker does.
- Neeris uses a driver to patch the TCP/IP layer of the system in order to remove the outgoing connection limits from XPSP2
It is interesting to note that this new variant of Neeris spiked on late March 31st and during April 1st. However it was not downloaded by any Conficker variant and there’s no evidence that it’s related to Conficker.D’s April 1 domain algorithm activation.
The earliest samples of Neeris date back to May of 2005, so it seems the Conficker authors may be the copycats here. But the Neeris authors added the MS08-067 vector later. Therefore it is possible that these miscreants somehow collaborate or at least are aware of each other’s "products".
Our current definition files were already detecting this new variant with a generic signature: Worm:Win32/Neeris.gen!C. Neeris began as an IRC bot which spreads itself by sending links through MSN Messenger. It still operates as an IRC bot, but over time, new spreading methods have been added. The latest variants can spread via removable drives, SQL servers with weak passwords, exploiting MS06-040, and finally exploiting MS08-067 in the latest variant.
The new variant tries to connect to a command and control server over port 449. The server password it uses to log-in was used by other bots last February.
More
here.
'Tenuous' Trail Leads From GhostNet to Hacker
Rob Lemos writes on SecurityFocus:
A telltale e-mail address in the GhostNet report led two researchers to the online home of a seemingly low-level Chinese hacker, according to an analysis posted on Thursday, but an author of the original report stressed that the cyber criminal is likely only related to a lesser piece of malware.
The latest analysis follows the online trail from an e-mail address turned up by researchers as part of their investigation into GhostNet, a cyber espionage network that spanned 1,295 compromised systems including computers belonging to embassies and dissident groups. The e-mail address led to a twenty-something Chinese hacker born in Chengdu City in the Chinese province of Sichuan, according to a blog post by Scott Henderson, a blogger who follows the Chinese hacking community.
However, the e-mail address was found only on two of the computers analyzed for the investigation, said Nart Villeneuve, a researcher at the CitizenLab and one of the authors of the GhostNet report. Both computers had been infected with a second piece of malware, separate from the gh0st remote access tool (gh0stRAT) that formed the backbone of the surveillance network, he said.
"That is a valid piece of malware but it is not the one related to the malware that connected to the admin interface for the gh0stRAT," Villeneuve said.
More
here.
Bill Would Give Obama Power to Shut Down Internet, Networks During Cyber Attacks
John Fontana writes on NetworkWorld:
Federal legislation introduced in the Senate this week would give President Obama the power to declare a cybersecurity emergency and then shut down both public and private networks including Internet traffic coming to and from compromised systems.
The proposed legislation [.pdf], introduced April 1, also would give the President the power to “order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security.”
Some critics of the bill say that phrase needs to be more clearly defined.
“We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected.,” said Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), which promotes democratic values and constitutional liberties for the digital age.
Harris and the CDT don’t think such sweeping power is good news for anyone, including private networks that could be shut down by government order. Those same networks would be subject to government mandated security standards and technical configurations.
More
here.
Quote of The Day: Nick Thompson
"First, god bless the National Security Archive."
- Nick Thompson, writing in the "Danger Room" Blog.
New U.S. Spy Satellite Program Sought
An AP newswire article by Pamela Hess, via MSNBC, reports that:
The national intelligence director and defense secretary are asking the Obama administration to approve a new top-secret U.S. spy satellite program that could cost more than $10 billion, according to government, military and industry officials.
The program calls for building two sophisticated satellites equal to or better than the huge, high-resolution secret satellites now in orbit. At the same time, the government would also commit to spend enough money on commercial satellite imagery sufficient to pay for the construction and launch of two new commercial satellites.
The proposal is going to the White House for discussion and a decision was expected as soon as next week, the officials said.
In opting to go with what they describe as the "2+2" program," National Intelligence Director Dennis Blair and Defense Secretary Robert Gates rejected an alternate satellite proposal from military officials at the Pentagon.
More
here.
Three Spammers Sentenced in US for Advance Fee Fraud
Jeremy Kirk writes on PC World:
Two Nigerians and a Frenchman were sentenced to prison Thursday for swindling people out of more than US$1.2 million in a massive e-mail scam, the U.S. Department of Justice said.
Nnamdi Chizuba Anisiobi, 31, of Nigeria was sentenced to 87 months in prison, while Anthony Friday Ehis, 34, of France and Kesandu Egwuonwu, 35, of Nigeria were sentenced to 57 months. They were sentenced in U.S. District Court for the Eastern District of New York.
After being arrested in Amsterdam in February 2006, all three were extradited to the U.S. The DOJ said all three pleaded guilty to one count of conspiracy, eight counts of wire fraud and one count of mail fraud. Mail and wire fraud carry maximum possible sentences of 20 years in prison, while conspiracy has a maximum penalty of five years.
The three men executed so-called advance fee frauds. Victims were told their help was needed distributing money for charity. In exchange, victims were promised they would get a commission that would go to the charity of their choice, the DOJ said.
More
here.
FBI Raids Dallas Internet Service Provider Core IP
Robert McMillan writes on PC World:
U.S. Federal Bureau of Investigation agents have raided a Dallas ISP, knocking the company and almost 50 of its clients offline.
The early morning Thursday raid closed down the operations of Core IP Networks, which operated out of two floors of a Telx collocation facility at 2323 Bryan Street in Dallas. The raid had to do with the activities of a former customer, according to Matthew Simpson, Core IP's CEO. "The FBI is investigating a company that has purchased services from Core IP in the past," he wrote in a note posted to a Google Sites page. "This company does not even collocate with us anywhere, much less 2323 Bryan Street Datacenter."
He did not name the company that is allegedly at the center of the FBI investigation.
FBI spokesman Mark White confirmed that agents had executed a search warrant at the 2323 Bryan Street address on Thursday, but declined to comment further on the matter.
More
here.
Schneier: Who Should be in Charge of U.S. Cybersecurity?
Bruce Schneier:
U.S. government cybersecurity is an insecure mess, and fixing it is going to take considerable attention and resources. Trying to make sense of this, President Barack Obama ordered a 60-day review of government cybersecurity initiatives. Meanwhile, the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology is holding hearings on the same topic.
One of the areas of contention is who should be in charge. The FBI, DHS and DoD -- specifically, the NSA -- all have interests here. Earlier this month, Rod Beckström resigned from his position as director of the DHS's National Cybersecurity Center, warning of a power grab by the NSA.
Putting national cybersecurity in the hands of the NSA is an incredibly bad idea. An entire parade of people, ranging from former FBI director Louis Freeh to Microsoft's Trusted Computing Group Vice President and former Justice Department computer crime chief Scott Charney, have told Congress the same thing at this month's hearings.
Cybersecurity isn't a military problem, or even a government problem -- it's a universal problem. All networks, military, government, civilian and commercial, use the same computers, the same networking hardware, the same Internet protocols and the same software packages. We all are the targets of the same attack tools and tactics. It's not even that government targets are somehow more important; these days, most of our nation's critical IT infrastructure is in commercial hands. Government-sponsored Chinese hackers go after both military and civilian targets.
More
here.
Expert: Fusion Centers Should Be Dismantled
Matthew Harwood writes on Security Management:
A constitutional and international lawyer told lawmakers yesterday that the United States should dismantle state-run intelligence fusion centers, which have grown dramatically since 9-11 with the assistance of the federal government. Police and federal officials defended fusion centers and described measures being taken to protect citizens’ privacy and civil liberties.
Bruce Fein, of Bruce Fein & Associates and The Lichfield Group, compared [.pdf] state fusions centers to the Soviet Union’s KGB and East Germany’s Stasi and called for the United States to “abandon fusion centers that engage 800,000 state and local law enforcement officers in the business of gathering and sharing allegedly domestic or international terrorism intelligence."
Fusion centers bring together law enforcement and intelligence personnel from state, local, and federal government to collect, analyze, vet, and disseminate intelligence to first responders on the ground in an effort to disrupt terrorist or criminal activity. The Department of Homeland Security recognizes 70 fusion centers nationwide but because states operate fusion centers, no two are exactly alike.
Fein was also critical of suspicious activity reports (SARs), whereby police officers and concerned citizens report unusual behavior that may indicate a terrorist or criminal conspiracy. These reports typically flow to fusion centers.
“To an intelligence agent, informant, or law enforcement officer,” Fein said, “everything unconventional or unorthodox looks like at least a pre-embryonic terrorist danger.”
More
here.
Australia: Chinese Spies Target PM's e-Mail
Patrick Walters writes on Australian IT:
Chinese spies have directly targeted Kevin Rudd, repeatedly attempting to infiltrate prime ministerial email and mobile phone communications.
The Australian understands Mr Rudd and his travelling party were under constant cyber attack during his latest trip to China, in August last year, with authorities trying to access the laptop computers and mobile phones used by the Australians.
The blatant nature of Beijing's electronic espionage is understood to have alarmed the Rudd Government and led to a further tightening of communications security procedures for senior government figures travelling to China.
Intelligence sources said Beijing had made repeated attempts to break into government and business IT networks, as well as foreign embassies based in Canberra.
More
here.
Microsoft Warns of Attacks on PowerPoint Vulnerability
Brian Prince writes on eWeek:
Hackers are launching attacks against an unpatched vulnerability in Microsoft Office PowerPoint, the company's popular presentation program.
Microsoft described the attacks in an advisory as “limited and targeted” in scope, but cautioned that a successful exploit could allow a hacker to execute arbitrary code with the rights of the logged on user.
“The vulnerability is caused when Microsoft Office PowerPoint accesses an invalid object in memory when parsing a specially-crafted PowerPoint file,” according to the advisory. “This creates a condition that allows the attacker to execute arbitrary code.”
According to Microsoft, the malicious PowerPoint files are detected by the Windows Live OneCare safety scanner as Exploit:Win32/Apptom.gen. The products impacted by the bug are: Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3 and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is unaffected.
More
here.
Cyber-Crime, Internet Fraud on Upswing as Lawmakers Discuss Strategy
Brian Prince writes on eWeek:
While U.S. lawmakers discuss new data security requirements, cyber-thieves are making a killing.
Statistics [.pdf] released by the FBI on Internet fraud contain more bad news. In a report issued earlier this week, the FBI revealed that Internet fraud complaints to the agency by consumers increased more than 33 percent last year. A total of 275,284 complaints were filed in 2008 with the Internet Crime Complaint Center (IC3), a joint effort between the FBI and the National White Collar Crime Center. In 2007, the IC3 received 206,844 complaints.
Of the total, 72,940 cases of fraud were referred to federal, state and local law enforcement. The total loss suffered by consumers in those cases was $246.6 million, up from $239.1 million in reported losses in 2007. According to the report, the highest median dollar losses came from check fraud, to the tune of $3,000 per incident. Confidence fraud and the well-known West African 419 scams were second and third, with median dollar losses of $2,000 and $1,650, respectively.
More
here.
Conficker May Be More Widespread Than Previously Thought
Robert McMillan writes on InfoWorld:
The Conficker worm may have infected more machines than previously thought, according to Internet infrastructure provider OpenDNS.
The company said Wednesday that 500,000 of its users have been infected with the latest variant of the worm, called Conficker.C. OpenDNS has more than 10 million users worldwide, the company said.
OpenDNS wouldn't say exactly what percentage of its users were infected by the worm, but the Conficker.C infections it counted were much higher than expected, according to David Ulevitch, the founder of OpenDNS.
Conficker.C began using a new algorithm on Wednesday to look for instructions from its creator, prompting speculation that it might be readying for an attack. According to security experts, however, the worm has been quiet so far.
Previous estimates had placed the number of Conficker infections, including all variants, at anywhere between a few million and 10 million PCs, but according to Ulevitch the worm is "probably bigger than people think, based on what we're seeing here."
More
here.
Mark Fiore: Barry's Auto Emporium
More Mark Fiore brilliance.
Via The San Francisco Chronicle.
If it were only an April Fool's joke...
- ferg
Senate Legislation Would Federalize Cyber Security
Joby Warrick and Walter Pincus write on The Washington Post:
Key lawmakers are pushing to dramatically escalate U.S. defenses against cyberattacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.
The proposals, in Senate legislation that could be introduced as early as today, would broaden the focus of the government's cybersecurity efforts to include not only military networks but also private systems that control essentials such as electricity and water distribution. At the same time, the bill would add regulatory teeth to ensure industry compliance with the rules, congressional officials familiar with the plan said yesterday.
Addressing what intelligence officials describe as a gaping vulnerability, the legislation also calls for the appointment of a White House cybersecurity "czar" with unprecedented authority to shut down computer networks, including private ones, if a cyberattack is underway, the officials said.
How industry groups will respond is unclear. Jim Dempsey, vice president for public policy at the Center for Democracy and Technology, which represents private companies and civil liberties advocates, said that mandatory standards have long been the "third rail of cybersecurity policy." Dempsey said regulation could also stifle creativity by forcing companies to adopt a uniform approach.
More
here.
Note: Somehow, this strikes me as a very, very bad idea.
-ferg
