Friday, August 07, 2009

Programming Note: Munich

Munich, Germany

Blog posts will be few or virtually non-existent for a week or so while I travel to Munich on business. Things should be back to normal by next week weekend (August 15).

Thanks for reading, and cheers!

- ferg

Thursday, August 06, 2009

Cyber Attackers Empty Business Accounts in Minutes

Robert McMillan writes on ComputerWorld:

The criminals knew what they were doing when they hit the Western Beaver County School District.

They waited until school administrators were away on holiday, and then during a four-day period between Dec. 29 and Jan. 2, siphoned US$704,610.35 out of two of the school district's bank accounts. Western Beaver's financial institution, ESB Bank, managed to reverse some of the transfers, but the Pennsylvania school district was out more than $441,000.

On July 9, Western Beaver sued ESB to try and recover the money, but security experts say that it's just one of many organizations that have been hit in recent months by a disturbing new type of financial fraud that can often leave the victim holding the bag.

Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals.

In April, ACH fraudsters moved $1.2 million out of a Sugar Land, Texas, importer called Unique Industrial Products, according to a report in the Houston Chronicle. They did this by hacking into the company's computers and then authorizing 39 transfers to move the money out of Unique Industrial's account. Although the bulk of the money was recovered, scammers made $150,000 from the attack -- not bad for 30 minutes of work.

More here.

In Passing: John Hughes

John Hughes
February 18, 1950 – August 6, 2009

Wednesday, August 05, 2009

Mark Fiore: Law & Disorder in The U.S.A.

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Quote of The Week: Andrew Allemann

"It’s clear that the way ICANN has seemed to steamroll dissenters on new gTLDs has been heard loud and clear on Capitol Hill."

- Andrew Allemann, writing on Domain Name Wire, regarding the fact that the U.S. Government is seeking to make it's relationship with ICANN permanent.

China: Hacker Schools Become Big Business

Matthew Harwood writes on Security Management:

Long known as a prominent source of cyberattacks worldwide, China has seen the emergence of online training schools that teach students the skills necessary to either be a network defender or a cybercriminal.

These "hacker schools," as they're known, are also big business, generating $34.8 million last year, reports China Daily.

Students can enroll in online classes for as little as a few hundred yuan.

While some schools advertise themselves as training the next generation of security experts, many worry a percentage of the students will use their skills to commit various cybercrimes, such as identity theft or stealing trade secrets.

More here.

Korean 'Journalists' Booted From DefCon

Robert McMillan writes on ComputerWorld:

Four South Korean journalists were booted from the Defcon hacking conference this week after conference organizers decided their story didn't quite add up.

Conference representatives released few details of the incident. They said Sunday that they'd ejected the journalists two days earlier after deciding that they simply weren't acting like press. They believe that one member of the group was a legitimate journalist, but that the other three were on some sort of intelligence-gathering expedition.

Hackers who the group interviewed at the show said that their questions seemed inappropriate, organizers said. The journalists attended one day of Defcon's Black Hat sister conference before being ejected on Friday.

Defcon did not release the names of the journalists or say who they claimed to work for.

More here.

Tuesday, August 04, 2009

After Links to Cyber Crime, Latvian ISP is Cut Off

Robert McMillan writes on IT World:

A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers.

Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Web site. "This is maybe one of the top European centers of crap," he said in an e-mail interview.

"It was a cesspool of criminal activity," said Paul Ferguson a researcher with Trend Micro.

The ISP was disconnected from the Internet by its upstream provider, Junik, on Monday, after its provider, TeliaSonera told it to stop servicing Real Host or face sanctions Armin said.

More here.

Heads-Up: Russia Places Soldiers on Alert in Georgian Region

A Bloomberg newswire report, via The Georgian Daily, reports that:

Russia placed its soldiers and border guards on alert in the breakaway Georgian region of South Ossetia in response to Georgian “provocations” as the first anniversary of a war between the two countries nears.

Russia routed Georgia’s U.S.-trained army in a five-day war last August over South Ossetia. In the aftermath of the conflict, Moscow recognized South Ossetia and Abkhazia, another separatist region, as sovereign states, a move condemned by the U.S. and many European countries.

“The situation is truly alarming,” Russian Foreign Ministry spokesman Andrei Nesterenko said in a statement on the ministry’s Web site today. “The main thing now is to prevent the shoot-outs from escalating into larger clashes.”

On Aug. 1, Russia’s Defense Ministry accused Georgia of launching mortars and grenades at observation posts near Tskhinvali, South Ossetia’s capital. Georgia denied the claims.

Georgian Interior Ministry spokesman Shota Utiashvili said two shooting incidents had occurred on the Georgian-South Ossetian border, one on July 29 and the second yesterday. “Neither incident resulted in casualties or destruction of property,” he said. “An investigation is under way.”

The European Union Monitoring Mission in Georgia has found “no evidence” that Georgia fired into South Ossetia, spokesman Stephen Bird said by telephone. The mission, which began work last October, is investigating yesterday’s incident, he said.

More here.

Russian Subs Patrolling Off East Coast of U.S.

Russian Akula Class Nuclear Attack Submarine

Mark Mazzetti and Thom Shanker write in The New York Times:

A pair of nuclear-powered Russian attack submarines has been patrolling off the eastern seaboard of the United States in recent days, a rare mission that has raised concerns inside the Pentagon and intelligence agencies about a more assertive stance by the Russian military.

The episode has echoes of the cold war era, when the United States and the Soviet Union regularly parked submarines off each other’s coasts to steal military secrets, track the movements of their underwater fleets — and be poised for war.

But the collapse of the Soviet Union all but eliminated the ability of the Russian Navy to operate far from home ports, making the current submarine patrols thousands of miles from Russia more surprising for military officials and defense policy experts.

“I don’t think they’ve put two first-line nuclear subs off the U.S. coast in about 15 years,” said Norman Polmar, a naval historian and submarine warfare expert.

The submarines are of the Akula class, a counterpart to the Los Angeles class attack subs of the United States Navy, and not one of the larger submarines that can launch intercontinental nuclear missiles.

More here.

U.S. Sentences Three for Military Tech Leaks to China

Owen Fletcher writes on PC World:

The U.S. has sentenced three Chinese men to federal prison for attempting to export technology with potential military applications to China, the U.S. Department of Justice said Tuesday.

In separate cases, two of the men were charged with attempting to export thermal-imaging cameras, and a third was charged with illegally exporting hundreds of integrated circuits that could be used in military radar systems, the department said in a statement.

The men, all from Beijing, were given prison terms of between 20 months and five years in rulings handed down starting last week. Their exports to China were illegal without clearance from the U.S. Department of Commerce because the items have both military and non-military uses, the statement said.

In the case of the integrated circuits, prosecutors argued that the defendant was using a front company in the U.S. to ship items to his company in Beijing, it said. A catalog from the man's Beijing company was found to carry pictures of military craft and state a goal of helping "facilitate the building of the national defense of China," the statement said, citing the sentencing brief.

Prosecutors also argued that the man supplied restricted U.S. technology to several Chinese customers, including one linked to a state-owned company that makes missile systems and spacecraft.

More here.

Feds at DefCon Alarmed After RFIDs Scanned

Kim Zetter writes on Threat Level:

It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.

More here.

Pressure on Obama to Move Fast on Cyber Security Appointment

Jaikumar Vijayan writes on ComputerWorld:

Melissa Hathaway's resignation from her role as acting senior director for cyberspace at the National Security Council is likely to increase the pressure on the Obama administration to quickly appoint someone to serve as the White House cybersecurity coordinator.

The coordinator's position was created by President Obama in May to oversee the development and implementation of a governmentwide cybersecurity strategy. Although eight weeks have passed since Obama's announcement, the White House has yet to name anyone for the job.

Hathaway's resignation is likely to heighten the urgency to do so, however, analysts said.

More here.

Firefox 3.5.2 Released

Get it now.

Fixed in Firefox 3.5.2:

MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:
MFSA 2009-44 Location bar and SSL indicator spoofing via on invalid URL
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

- ferg

Monday, August 03, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Monday, Aug. 3, 2009, at least 4,330 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,464 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is two fewer than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

As of Monday, Aug. 3, 2009, at least 686 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Monday at 10 a.m. EDT.

Of those, the military reports 514 were killed by hostile action.

More here and here.

Honor the Fallen.

BKIS Plans to Sue VNCERT for Defamation


Vietnam’s leading IT firm has threatened to sue a computer security team for damaging the firm’s reputation with a series of complaints about its intervention in cyber attacks that hit the US and Korea this month.

The Vietnam Computer Emergency Response Team (VNCERT) said in a letter that Hanoi-based Bach Khoa Internetwork Security, known as BKIS, had “violated international law” by investigating the cyber attacks and isolating the master server without the consent of parties involved, including VNCERT, which had received a help request from the South Korean side.

Nguyen Tu Quang, general director of BKIS, said “VNCERT’s letter has caused misunderstandings and severely damaged the reputation of BKIS.”

Quang said BKIS, which operates at the Hanoi University of Technology, is consulting a law firm, adding that it was “highly likely” that a lawsuit would be filed against VNCERT. He did not identify the law firm.

He added that content from VNCERT’s letter had been posted on the Internet.

More here.

Top Cyber Security Aide At White House Resigns

Ellen Nakashima writes on The Washington Post:

The White House's senior aide on cybersecurity has decided to resign following delays in the appointment of a coordinator to spearhead the government's efforts to protect the nation's computer networks.

Melissa E. Hathaway, who also served as a cybersecurity aide during the Bush administration, had been a contender for the position of cybersecurity coordinator. But in an interview Monday, she said she had withdrawn her application.

"I wasn't willing to continue to wait any longer, because I'm not empowered right now to continue to drive the change," she said. "I've concluded that I can do more now from a different role," most likely in the private sector.

Hathaway noted that it has been two months since President Obama made a highly acclaimed speech on the importance of cybersecurity and pledged to "personally" select a cybersecurity coordinator.

A colleague close to Hathaway said she had become dismayed by the delay in the appointment. The colleague, who spoke on condition of anonymity, added that Hathaway had "the sense that this was very political, that she has been too closely tied to the Bush administration."

More here.

Black Hat: Cloud Of Doubt Hovers Over Government Initiatives

Tim Wilson writes on Dark Reading:

Cyber czar, cyber schmar. If you're waiting for the government to take the lead in the cybersecurity industry, then you're going to have a long wait.

That was the consensus of cybersecurity experts here this week, including some former government officials and others who are still in prominent government positions. Their message: The security industry should get on with its work, regardless of what Congress and President Obama might (or might not) do.

"A lot of people [in government] don't really want to start any programs because they're afraid that a cyber czar will come in and change everything," said Marchus Sachs, executive director of national security and cyber policy at Verizon, volunteer director of the SANS Internet Storm Center, and a member of the Commission on Cyber Security for the 44th Presidency. "I think it's a mistake to wait for the entrance of a cyber czar riding an elephant with a big parade behind. This country still doesn't have a comprehensive response plan for a cyberattack.

"I think we have to ask ourselves, 'Do we really need a cyber czar to do any of this?' Are we really that hopeless that we have to wait on some sort of second coming? The Internet is not run by one person. These problems are not going to be solved by one person."

More here.