Friday, May 08, 2009

Programming Note: Barcelona

Barcelona, Spain

So the blog will probably be quiet for the next two-to-three weeks -- I plan to wrap some needed vacation time around my travels to Barcelona (and beyond) and the APWG Counter eCrime Operations Summit (CeCOS) May 12-14.

The blog should be back to normal in late May -- sorry for the necessary interruption.


- ferg

Wednesday, May 06, 2009

Mark Fiore: Party Purifier

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Emerging Threats: Focus on Terrorism Misleading?

Via UPI.

Governments should focus less on fighting terror because that might mean losing sight of other important issues, Germany's potential next foreign minister said.

"We have reached a point in time when we have to emancipate ourselves from Sept. 11, 2001, as the decisive event for international politics," said Guido Westerwelle, the head of the opposition Free Democrats and one of the top candidates for the foreign minister post after this year's elections, speaking in Berlin.

Focusing on the anti-terror fight has caused governments to miss or see too late important issues such as energy security or education.

More here.

QinetiQ North America To Acquire Cyveillance

David Hubler writes on Washington Technology:

QinetiQ North America has signed an agreement to acquire Cyveillance Inc., a provider of technology that helps companies protect their operations in cyberspace.

Under the terms of the deal, QinetiQ North America will acquire 100 percent of Cyveillance in an all-cash transaction the details of which have not been publicly announced. There could be further fiscal consideration depending on the company’s financial performance during the two-year period ending Dec. 31, 2010.

Cyveillance is a venture capital-backed company in Arlington, Va., that seeks to ensure the success of risk-management professionals in securing their enterprises against the growing number of Internet threats, QinetiQ officials said.

The company’s family of cyber-intelligence solutions delivers the timely, reliable, relevant and actionable information required to manage Internet-based risks, they said.

More here.

New Cyber-Security Standards for N. American Power System

Joan Goodchild writes

Revised cyber-security standards for the North American bulk power system were approved by the North American Electric Reliability Corporation's (NERC) independent board of trustees Wednesday.

The revised standards were passed by the electric industry last week with an 88 percent approval, according to NERC officials, which noted the majority approval indicated strong support in the industry for the more stringent standards.

"The approval of these revisions is evidence that NERC's industry-driven standards development process is producing results, with the aim of developing a strong foundation for the cyber security of the electric grid," said Michael Assante, Vice President and Chief Security Officer at NERC, in a statement.

The standards, according to the statement, are comprised of approximately 40 'good housekeeping' requirements designed to lay a solid foundation of sound security practices. The revisions approved address concerns raised by the Federal Energy Regulatory Commission when it conditionally approved the standards currently in effect. The revisions notably include the removal of the term "reasonable business judgment," said NERC officials.

More here.

U.S. Air Traffic Faces 'Serious Harm' From Cyber Attackers

Dan Goodin writes on The Register:

The United States' air traffic control system is vulnerable to serious cyber attack, according to a watchdog report that detailed several recent security breaches that could have been used to sabotage mission-critical networks.

One of the most serious attacks came last August, when hackers took control of Federal Aviation Administration computers in Alaska. By exploiting the administration's interconnected networks, the miscreants then stole an administrator's password and finally took control of a domain controller in the Western Pacific region. That gave them access to more than 40,000 login credentials used to control part of the FAA's mission-support network.

Two separate attacks in 2006 hit the FAA's remote maintenance monitoring system and its air traffic control systems. The latter forced the FAA to shut down a portion of ATC systems in Alaska.

"These web vulnerabilities occurred because (1) web applications were not adequately configured to prevent unauthorized access and (2) web application software with known vulnerabilities was not corrected in a timely manner by installing readily available security software patches released to the public by software vendors," the report, which was prepared by Assistant Inspector General Rebecca Leng, concluded.

More here.

Cyber Breaches: Worse Than You Think

Jill R. Aitoro writes on the "Tech Insider" Blog:

It may seem as if a new breach of some computer system or network is reported every couple of months; but actually, one security expert says it's worse than that.

According to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, reports of about 17 significant security incidents were released in the last two years - which averages to one report every 6 weeks.

The list isn't perfect. One report that made the list was released in November 2008, but focuses on a cyber intrusion that occurred in 2005, for example. Still, Lewis argues that a collective list of all breaches that occurred would be far longer -- particularly if you included the countless smaller targets than government. What this instead represents is the collective failures of governments around the world to properly respond to a growing threat.

"If Chinese or Russian spies backed a truck up to the State Department, smashed the glass doors, tied up the guards and spent the night carting off file cabinets it would be an act of war," Lewis said, "but when it happens in cyberspace, we barely notice."

More here.

Tuesday, May 05, 2009

U.S. Military to House Cyber Command at Ft. Meade

An AP newswire article by Lolita C. Baldor, via, reports that:

The U.S. military must reorganize its offensive and defensive cyber operations and will use a new command at a Maryland Army facility to create a digital warfare force for the future, the director of the National Security Agency says.

Lt. Gen. Keith Alexander, also the Pentagon's leading cyber warfare commander, said the U.S. is determined to lead the global effort to use computer technology to deter or defeat enemies, while still protecting the public's constitutional rights.

In testimony prepared for delivery Tuesday to a House Armed Services subcommittee, Alexander and other military leaders in cyber matters outlined the challenges to keeping up with rapidly changing technologies and the need for more resources and training. In blunt comments, Alexander acknowledged that cyber training for the Pentagon's work force is inadequate and must be improved.

In separate prepared testimony, Lt. Gen. William Shelton, the Air Force's chief of warfighting integration, said the Pentagon relies heavily on industry efforts to respond to cyber threats. That approach, he said, does not keep pace with the threat.

More here.

SCADA Watch: Cyber Spies Hack Power Grid - Those in the Know, Knew!

Elan Winkler writes on the McAfee Security Insights Blog:

Last month the press was abuzz with the news that the US electric grid has been hacked by foreign operatives. To anyone who has studied security in the power industry, this isn’t much of a surprise.

Last fall (Aug/Sept 08), I conducted a survey of 200 critical infrastructure operators (the people who actually work in the industry and KNOW what’s what) on what they thought of the safety of our power grid. 60% of them told me that the energy sector was unprepared to stave off a major attack. They also felt that the power grid was the number one target ripe to be exploited (27%). 50% of them told me that our critical infrastructure had already been successfully attacked.

So, if the people in the know, knew, how come we’re still vulnerable? I asked them that question as well. The number one answer: cost. Number two: complacency. No real surprises there; those are the same answers that we used to get from IT departments 15 years ago on why they didn’t have defense in depth technologies set up to protect servers and databases.

More here.

Conficker Worm Strikes ANZ Bank

Suzanne Tindal writes on

Australia and New Zealand Banking Group today confirmed it had become the victim of a computer virus attack, with sources saying it was the much-hyped Conficker worm.

"We have detected a known virus affecting some internal desktop services on the ANZ network," a spokesperson for the bank told today, saying that the virus had been contained and there hadn't been any disruption to its business or implications for information security.

The spokesperson did not specify which virus had infected the bank's desktops, but believes it is a variation of the Conficker worm.

More here.

Swedish Man Indicted in 2004 Cisco Code Theft

Stephen Lawson writes on ComputerWorld:

A Swedish man was indicted on Tuesday in connection with the alleged 2004 theft of source code for Cisco Systems' IOS (Internetwork Operating System) software.

Philip Gabriel Pettersson, 21, was indicted on one count of intrusion and two counts of misappropriation of trade secrets. He was also indicted on two counts of intrusion involving NASA. The U.S. Department of Justice's Criminal Division and Joseph Russoniello, attorney for the Northern District of California, announced the indictment after an investigation by the Federal Bureau of Investigation and other agencies.

IOS runs Cisco's routers, which handle most of the routing of packets on the Internet. Versions of the code are also at the heart of Cisco LAN switches and other products. In May 2004, parts of the IOS source code were briefly posted to a Russian Web site. Some observers said then that the theft might threaten the Internet by giving malicious hackers a glimpse into Cisco's proprietary software.

The Justice Department identified Pettersson as "Stakkato," the name used by a hacker linked to numerous attacks around the same time. It said Pettersson intentionally intruded into Cisco's network between May 12 and May 13, 2004, and misappropriated IOS code. Cisco has said it believes no customer information, partner information or financial systems were affected. Company officials were not immediately available for comment.

Pettersson is also accused of intrusions in 2004 at NASA facilities, including the Ames Research Center and the NASA Advanced Supercomputing Division, which are located in Silicon Valley. Those crimes allegedly took place on May 19, May 20 and Oct. 22 of that year.

More here.

In Passing: Dom DeLuise

Dom DeLuise
August 1, 1933 – May 4, 2009

Monday, May 04, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Monday, May 4, 2009, at least 4,284 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,438 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is the same as the Defense Department's tally, last updated Monday at 10 a.m. EDT.

As of Monday, May 4, 2009, at least 607 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Monday at 10 a.m. EDT.

Of those, the military reports 447 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Hackers Break Into Virginia Health Professions Database, Demand Ransom

Brain Krebs writes on Security Fix:

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on, an online clearinghouse for leaked documents.

Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:

"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI.

More here.

Botnet Probe Turns Up 70GB of Personal, Financial Data

Jeremy Kirk writes on ComputerWorld:

Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data.

The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials.

The researchers were able to monitor more than 180,000 hacked computers by exploiting a weakness within the command-and-control network used by the hackers to control the computers. It only worked for 10 days, however, until the hackers updated the command-and-control instructions, according to the researchers' 13-page paper.

Still, that was enough of a window to see the data-collecting power of Torpig/Sinowal. In that short time, about 70GB of data were collected from hacked computers.

More here.

Sunday, May 03, 2009

UK Spy Chiefs Secret Plan to Carry on Internet Snooping

David Leppard and Chris Williams write in The Times:

Spy chiefs are pressing ahead with secret plans to monitor all internet use and telephone calls in Britain despite an announcement by Jacqui Smith, the home secretary, of a ministerial climbdown over public surveillance.

GCHQ, the government’s eavesdropping centre, is developing classified technology to intercept and monitor all e-mails, website visits and social networking sessions in Britain. The agency will also be able to track telephone calls made over the internet, as well as all phone calls to land lines and mobiles.

The £1 billion snooping project — called Mastering the Internet (MTI) — will rely on thousands of “black box” probes being covertly inserted across online infrastructure.

The top-secret programme began to be implemented last year, but its existence has been inadvertently disclosed through a GCHQ job advertisement carried in the computer trade press.

More here.

Star Trek: 'The Cage' - 1966

Captain Christoper Pike (Jeffrey Hunter) and Mr. Spock (Leonard Nimoy) in the original pilot episode of "Star Trek".

I just saw "The Cage" again tonight, for the first time in a very long time.

It's amazing how far Star Trek has come in 43 years.

And we still adore it.

- ferg