Saturday, July 04, 2009

In Passing: Steve McNair

Steve McNair
February 14, 1973 - July 4, 2009

Independence Day 2009: Born in The USA

Happy Birthday, USA.

- ferg

Independence Day 2009 - Lest We Forget

You Are Not Forgotten.

Happy 233rd Birthday, USA.

- ferg

Friday, July 03, 2009

U.S. Toll In Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, July 3, 2009, at least 4,322 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,456 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is one more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

As of Friday, July 3, 2009, at least 642 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Thursday at 10 a.m. EDT.

Of those, the military reports 475 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

EyeWonder Malware Incident Affects Popular Web Sites

Dancho Danchev writes on the ZDNet "Zero day" Blog:

During the last couple of hours, visitors of popular and high trafficked web sites such as CNN, BBC, Washington Post, Gamespot, WorldOfWarcraft, Mashable,,, AndroidCommunity; Engadget and, started reporting that parts of the web sites are unreachable due to malware warnings appearing through the EyeWonder interactive digital advertising provider.

Let’s assess the butterfly effect of a single malware incident affecting an ad network whose ads get syndicated across the entire Web.

What originally started as “we have been mistakenly flagged as malware“, briefly turned into “appears the domain was potentially maliciously “hacked” causing these errant and erroneous alerts to appear” malware incident.

Is the EyeWonder attack a typical malvertising campaign where malicious content is pushed on legitimate sites through the ad network, or did their web site actually got compromised in the ongoing Cold Fusion web sites compromise attack?

Sadly, it could be an indication of both, since I managed to reproduce the actual exploit serving attack at the Washington Post, using the exact link given by an affected reader within the comments of the article. However, what might have triggered the actual badware alert appears to a compromise of the site itself.

More here.

Thursday, July 02, 2009

NSA to Build Huge Facility in Utah (Utah?)

Via The Salt Lake City Tribune.

Hoping to protect its top-secret operations by decentralizing its massive computer hubs, the National Security Agency will build a 1-million-square-foot data center at Utah's Camp Williams.

The years-in-the-making project, which may cost billions over time, got a $181 million start last week when President Obama signed a war spending bill in which Congress agreed to pay for primary construction, power access and security infrastructure. The enormous building, which will have a footprint about three times the size of the Utah State Capitol building, will be constructed on a 200-acre site near the Utah National Guard facility's runway.

Congressional records show that initial construction -- which may begin this year -- will include tens of millions in electrical work and utility construction, a $9.3 million vehicle inspection facility, and $6.8 million in perimeter security fencing. The budget also allots $6.5 million for the relocation of an existing access road, communications building and training area.

More here.

Hat-tip: CIA Examiner

Cyber Security Plan to Involve NSA, Telecoms

Ellen Nakashima writes in The Washington Post:

The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials.

President Obama said in May that government efforts to protect computer systems from attack would not involve "monitoring private-sector networks or Internet traffic," and Department of Homeland Security officials say the new program will scrutinize only data going to or from government systems.

But the program has provoked debate within DHS, the officials said, because of uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency's involvement in warrantless wiretapping during George W. Bush's presidency would draw controversy. Each time a private citizen visited a "dot-gov" Web site or sent an e-mail to a civilian government employee, that action would be screened for potential harm to the network.

More here.

ZeuS: PC Invader Costs Kentucky County $415,000

Brian Krebs writes on Security Fix:

Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks.

Bullitt County Attorney Walt Sholar said the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country (some individuals received multiple payments). On June 29, the county's bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said.

"Our bank told us they would know by Thursday how many of those transactions would be able to be reversed," Sholar said. "They told us they thought we would get some of the money back, they just weren't sure how much."

Sholar said the unauthorized transfers appear to have been driven by "some kind computer virus." Security Fix has been communicating with a cyber crime investigator who is familiar with the case. What follows is a description of the malicious software used, a blow-by-blow account of how the attackers worked the heist, as well interviews with a couple of women hired to receive the stolen funds and forward the money on to fraudsters in Ukraine. This case also serves as an example of how e-mail scams can be used to dupe unknowing victims in serving as accomplices in their plan.

According to my source, who asked not to be identified because he's still investigating different sides of this case, the criminals stole the money using a custom variant of a keystroke logging Trojan known as "Zeus" (a.k.a. "Zbot") that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

More here.

Retrospect: John Mellencamp - Cherry Bomb

Go figure.

- ferg

Retrospect: John Mellencamp - Small Town

Yeah, me too.

- ferg

Retrospect: Springsteen: The River

It haunts me.

Retrospect: Springsteen: She's The One

No reason to stop now. Rock it.

- ferg

Retrospect: Springsteen: Human Touch


- ferg

Retrospect: All American - Tunnel of Love

All American Music.

- ferg

Retrospect: Man in The Mirror

You gotta admit, the man was ultra-talented.

- ferg

Wednesday, July 01, 2009

Mark Fiore: Square Wheel Roll

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

FTC Opens All Out Assault on Economic Cyber-Scammers

Michael Cooney writes on NetworkWorld:

The Federal Trade Commission today announced a wide-ranging attack on cyber-vultures looking to feast on the current moribund economic situation.

Dubbed “Operation Short Change,” the law enforcement sweep announced today includes 15 FTC cases, 44 law enforcement actions by the Department of Justice, and actions by at least 13 states against those looking to bilk consumers through a variety of schemes, such as promising non-existent jobs; promoting overhyped get-rich-quick plans, bogus government grants, and phony debt-reduction services; or putting unauthorized charges on consumers’ credit or debit cards.

“Thousands of people have been swindled out of millions of dollars by scammers who are exploiting the economic downturn,” said David Vladeck, Director of the FTC’s Bureau of Consumer Protection during a press conference today. “Their scams may promise job placement, access to free government grant money, or the chance to work at home. In fact, the scams have one thing in common--they raise people’s hopes and then drive them deeper into a hole.”

At the heart of Operation Short Change, are new FTC cases against companies the agency says have conned consumers out of millions of dollars. In each case, the FTC alleged that the defendants’ practices were deceptive or unfair and/or made illegal electronic funds transfers or violating the Telemarketing Sales Rule.

More here.

Kremlin May 'Tighten Up' Internet Use in Russia

Luke Harding writes on The Guardian:

Russia is not China. And so far there has been no attempt by the Kremlin to crack down on the web, which is the last remaining source of free information for ordinary Russians in an otherwise controlled media landscape.

The authorities keep an iron grip on television, ensure that most newspapers toe a pro-government line, and keep critics off the airwaves.

Recently, however, there are signs that the Russian government is reconsidering its laissez-faire attitude towards the internet, especially in the wake of Iran's web-driven "green revolution".

Several Russian bloggers who have posted critical articles have found themselves charged with extremism. One is in jail. Another was arrested after comparing Russia's prime minister Vladimir Putin to a penis.

The Kremlin also uses other darker strategies for getting its PR message out, employing dozens of young, patriotic bloggers to flood chatrooms with a pro-Kremlin message, and to attack its enemies.

More here.

UK: Conficker Left Manchester Unable to Issue Traffic Tickets

John Leyden writes on The Register:

Manchester City Council was prevented from issuing hundreds of motoring penalty notices in time after the infamous Conficker worm knocked out parts of its IT systems.

Drivers caught on camera driving in bus lanes escaped punishment after the town hall fine processing system was taken offline in February, following infection by the infamous worm. Failure to issue 1,609 tickets within the statutory limit of 28 days left the city £43,000 out of pocket.

Clean up costs and consultancy fees were a far more significant cost, resulting in costs estimated at £600k. In additional, council IT chiefs spent a further £600k on Wyse thin client terminals as part of an enhanced backup strategy.

Town hall chiefs also spent a further £169,000 on extra staff needed to handle a backlog of benefits claims. Compensation payments to benefit claimants piled on the financial pain.

In total the incident cost the council an estimated £1.5m, the Manchester Evening News reports. Infection by the worm left council workers unable to send emails or print documents, and struggling with extra red tape after they were obliged to keep additional back-up paper records in case data was lost.

More here.

INTERPOL and FIRST Join Hands to Fight Cyber Crime


INTERPOL today became the latest and biggest law enforcer to join FIRST, the Forum of Incident Response and Security Teams, in the battle against cyber crime.

The global police network's membership of FIRST was announced at the Forum's 21st annual conference in Kyoto.

Noboru Nakatani, INTERPOL's Director of Information Systems and Technology, hailed the move as "one of the most important bridges we've ever built" bringing the chance at last to close a gap between forensic techniques through which criminals have been able to escape justice.

While computer emergency response teams almost always try to disable attacks immediately, without waiting to trace aggressors who can then move on to fresh targets, police forces have preferred to watch crimes develop, hoping to pick up a trail that will lead to detection and a successful prosecution.

But, said Derrick Scholl, chairman of the FIRST steering committee, the problem of that approach is that "probably in no other area of criminal activity is it so easy to lay a false trail."

More here.

SCADA Watch: Texas Security Guard Arrested on Federal Charges for Hacking into Hospital's Computer System


A man from Arlington, Texas, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, has been arrested on felony charges outlined in a criminal complaint, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas.

Late Friday evening, agents with the FBI arrested Jesse William McGraw, a/k/a "GhostExodus," "PhantomExodizzmo," "Howard Daniel Bertin," "Howard William McGraw," and "Howard Rogers," age 25. McGraw appeared yesterday afternoon before U.S. Magistrate Judge Wm. F. Sanderson, Jr., for his initial appearance. He was detained until his probable cause and detention hearing set for Wednesday, July 1, 2009, at 2:30 p.m., before Judge Sanderson.

According to the affidavit filed in support of the criminal complaint, McGraw is the leader of the hacker group, "Electronik Tribulation Army." He was employed as a security guard for United Protection Services, in Dallas, and worked the night shift, from 11:00 p.m. to 7:00 a.m. at the Carrell Clinic hospital.

The affidavit alleges that between April and June 2009, McGraw committed computer intrusions of several computers in the Carrell Clinic hospital building, including computers controlling the Heating, Ventilation and Air Conditioning (HVAC) system and computers containing confidential patient information. The HVAC system intrusion presented a health and safety risk to patients who could be adversely affected by the cooling if it were turned off during Texas summer weather conditions. In addition, the hospital maintained drugs which could be adversely affected by the lack of proper cooling. McGraw, who used the online nickname "GhostExodus," posted pictures on the Internet of the compromised HVAC system and videos of himself compromising a computer system in a hospital.

More here.

In Passing: Karl Malden

Karl Malden
March 22, 1912 – July 1, 2009

Tuesday, June 30, 2009

Toon of The Day: The Long Goodbye

By Pat Bagley (Salt Lake Tribune), via

Classic xkcd: Qwertial Aphasia

Click for larger image.

We love xkcd.

- ferg

ICANN: Web Filters Will 'Embarrass' Aussie Govt

Darren Pauli writes on Computerworld AU:

An Internet Corporation for Assigned Names and Numbers (ICANN) chief has said the Australian government will “embarrass itself” if it pushes ahead with plans to install a national Internet content filter.

The group is a non-profit corporation that oversees management of domain names and IP addresses, Internet Protocol address space allocation and generic Top Level Domains.

ICANN board chair Peter Dengate Thrush said national Internet content filters are ineffective at law enforcement. The plan was introduced by federal Communications Minister Stephen Conroy ostensibly as a mechanism to control distribution and access to child pornography.

“The government has set itself up for embarrassment,” Thrush said.

More here.

Chinese Registrars Need Rap on Knuckles, Expert Says

Jeremy Kirk writes on Computerworld AU:

A computer security expert is calling for action against two Chinese companies that he and other analysts allege are facilitating spam and cybercrime on the Internet.

Both of the companies, eName and Xin Net Technology, are domain name registrars. They sell domain names and the corresponding registration services that allow a Web site to be found on the Internet, said Gary Warner, director of research in computer forensics at the University of Alabama's computer and information sciences department.

Warner, who runs a research project dedicated to tracking trends in spam, said both companies accept domain name registrations from bad actors who can be traced to illegal activity and spam.

Xin Net came in at the top spot on a list of the most abused registrars released earlier this year by KnujOn, an organization dedicated to fighting spam. It garnered the same rank last year.

More here.

U.S. Teams With Italy to Fight Cyber Crime

Philip Willan writes on ComputerWorld:

The head of the U.S. Secret Service on Tuesday signed a memorandum of understanding with the head of the Italian police and the chief executive officer of the Italian Postal Service to set up an international task force to combat cyber crime.

The European Electronic Crime Task Force -- not to be confused with the private study group of the same name that began operating in 2003 -- will tackle identity theft, hacking and other computer-based crime from a headquarters in Rome, Italian officials said. The initiative will be open to contributions from other European countries, private IT operators and academic institutions, the Italian police said in a prepared statement.

"This is not a borderless crime and we believe there needs to be a reaction at an international level. We'll provide all our resources to make that happen," Mark Sullivan, the director of the U.S. Secret Service, said after signing the accord at a ceremony at the Italian interior ministry.

More here.

Feds Arrest Man Allegedly Behind DDoS Attacks Against Rolling Stone

Matt Hamblen writes on ComputerWorld:

A Pennsylvania man has been charged with allegedly launching distributed denial-of-service (DDoS) attacks against at least nine Web sites, including Rolling Stone magazine's site, which was attacked multiple times for nearly a year.

Bruce Raisley, of Monaca, Penn., has been charged with intentionally causing damage to a protected computer. Raisley, who surrendered to authorities, is scheduled for a court hearing this afternoon in U.S. District Court in Newark, N.J.

According to FBI Special Agent Susan Secco, writing in a criminal complaint, Raisley allegedly launched repeated DDoS attacks against a list of Web sites for close to a year. All of the sites targeted ran one of two articles about the controversial organization Perverted Justice, which works to identify sexual predators and pedophiles. The group worked with the producers of Dateline NBC's popular To Catch a Predator reality TV show, which aimed to catch adults in the act of contacting minors for sexual liaisons.

More here.

Newborns' Blood Samples Are Used for Research Without Parents' Consent

Rob Stein writes in The Washington Post:

Matthew Brzica and his wife hardly noticed when the hospital took a few drops of blood from each of their four newborn children for routine genetic testing. But then they discovered that the state had kept the dried blood samples ever since -- and was making them available to scientists for medical research.

"They're just taking DNA from young kids right out of the womb and putting it into a warehouse," said Brzica, of Victoria, Minn. "DNA is what makes us who we are. It's just not right."

The couple is among a group of parents challenging Minnesota's practice of storing babies' blood samples and allowing researchers to study them without their permission. The confrontation, and a similar one in Texas, has focused attention on the practice at a time when there is increasing interest in using millions of these collected "blood spots" to study diseases.

Michigan, for example, is moving millions of samples from a state warehouse in Lansing to freezers in a new "neonatal biobank" in Detroit in the hopes of helping make the economically downtrodden city a center for biomedical research. The National Institutes of Health, meanwhile, is funding a $13.5 million, five-year project aimed at creating a "virtual repository" of blood samples from around the country.

More here.

Doctors Reluctant to Prescribe Painkillers After Virginia Security Breach

An AP newswire article, via The (Lynchburg, Virginia) News & Advance, reports that:

A state official says there are reports that some doctors are reluctant to prescribe powerful painkillers after an April hacker attack on a massive state-run drug database.

Legislators also learned that the former head of the Virginia Information Technologies Agency was dismissed after refusing to pay a bill from the agency’s contracted partner for work months past due.

Department of Health Professions Director Sandra Ryals told a House committee today that she has reports that some doctors are withholding prescriptions for powerful painkillers.

With the database intended to flag drug abuse and theft still offline, she said, some are being highly cautious about issuing the prescriptions. She said there have been no patient complaints about missing necessary drugs.

She said 35 million of the most sensitive prescription records were accessed on April 30.

More here.

Props: Personal Health Information Privacy

Monday, June 29, 2009

Juniper Networks Gags 'ATM Jackpot' Researcher

Patrick Gray writes on

A demonstration in which security researcher Barnaby Jack would "jackpot" an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer.

Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or "jackpot".

"The affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected," a statement issued by Juniper Networks reads. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research."

Risky.Biz understands the ATM vendor had been given notification of the upcoming presentation, and Juniper Networks was initially happy for Mr. Jack to present his research findings publicly.

More here.

U.S. Cyber Command: 404 Error, Mission Not (Yet) Found

Noah Shachtman writes on Danger Room:

Earlier this week, Defense Secretary Robert Gates ordered the military to start setting up a new “U.S. Cyber Command.” It’s a move that’s been discussed in defense circles for more than a year. But despite the announcement — and despite the lengthy debate – no one in the military-industrial complex seems all that sure what this new fighting force is supposed to do, exactly.

Officially, the Pentagon still has a few months to figure things out. Gates told his troops in a Tuesday memo that they have until September 1st to come up with an “implementation plan” for the new command. But there’s a ton to figure out in the next ten weeks. As Gates notes, that plan will have to “delineate USCYBERCOM’s mission, roles and responsibilities,” detail the command’s “minimum requirements” to get up and running, and sort out its “relationships” with the rest of the military – and the rest of the government.

In other words, just about everything.

More here.

San Francisco Hacker Pleads Guilty to Federal Wire Fraud Charges

Jason Cato writes in the Pittsburgh Tribune-Review:

A San Francisco man pleaded guilty today in Pittsburgh this afternoon to federal charges of hacking into computer systems of financial institutions and other hackers to steal nearly 2 million credit card numbers, which were used to rack up more than $86 million in fraudulent charges.

Max Ray Vision, formerly Max Ray Butler, pleaded guilty to two counts of wire fraud. Senior U.S. District Judge Maurice Cohill scheduled sentencing for Oct. 20. Vision faces up to 60 years in prison and substantial restitution.

Prosecutors in Pittsburgh charged Vision in 2007 after he sold credit card numbers and related information to a Secret Service informant living in Western Pennsylvania. Another informant, also from Western Pennsylvania, infiltrated Vision's criminal network, said Assistant U.S. Attorney Luke Dembosky.

Vision, who used the Internet alias "Iceman," and a partner in Los Angeles, Christopher Aragon, established as a way to acquire, sell and use stolen credit card and other identity-related information, a practice known as "carding," Dembosky said. The Web site at its peak had approximately 4,500 members worldwide.

Secret Service agents arrested Vision in September 2007 after raiding his safehouse apartment in San Francisco. He apartment was rented under a fake name and was packed with computer equipment storing approximately five terabytes of encrypted data and 1.8 million stolen credit card accounts. The loss to Visa, Mastercard, American Express and Discover was approximately $86.4 million, Dembosky said.

"These losses were borne by the thousands of banks that issued the cards in question," Dembosky said.

More here.

Hat-tip: The Office of Inadequate Security

Blind Hacker Sentenced to 11 Years in Prison

Kevin Poulsen writes on Threat Level:

A legally blind Massachusetts phone hacker was sentenced Friday to over 11 years in federal prison, following his guilty plea on computer intrusion and witness intimidation charges earlier this year.

Matthew Weigman, 19, was sentenced in Dallas by U.S. District Judge Barbara M.G. Lynn, according to the U.S. Attorney’s Office there. There is no parole in the federal system, and little time off for good behavior, so the 135 month term will likely keep Weigman behind bars until 2018.

Known in the telephone party-line scene as “Li’l Hacker,” Weigman is widely considered one of the best phone hackers alive. Relying on an ironclad memory and detailed knowledge of the phone system, the teenager is known for using social engineering to manipulate phone company workers and others into divulging confidential information, and into entering commands into computers and telephone switching equipment on his behalf.

The FBI had been chasing Weigman since he was 15 years old, at times courting him as an informant. He was finally arrested last May, less than two months after celebrating his 18th birthday.

More here.

Sunday, June 28, 2009

Registrars Under Fire in Domain Disputes

Robert L. Mitchell writes on ComputerWorld:

Sarah Deutsche is on a crusade against cybersquatters. As vice president and associate general counsel at Verizon Communications Inc., she has sued many businesses involved in the illicit activity. Along the way she has recovered thousands of domain names that play off of Verizon's brands. But what really irritates her, she says, is who the perpetrators are.

Deutsche says that all of the companies Verizon has sued for cybersquatting are domain-name registrars that have been accredited by the Internet Corporation for Assigned Names and Numbers, the organization that oversees the Internet's domain-naming system. "They pay a $4,000 fee to ICANN and it puts them in business," she says.

More here.

In Passing: Billy Mays

Billy Mays
July 20, 1958 – June 28, 2009