Wednesday, September 16, 2009

Programming Note: ISOI 7

So I'm off to San Diego later this morning for ISOI 7 on Thursday & Friday.

Blogging will be light-to-nonexistent for a few days, but should return to normal early next week (Sunday is NFL football day, so...)


- ferg

Tuesday, September 15, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Sept. 15, 2009, at least 4,344 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,473 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is three fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

As of Tuesday, Sept. 15, 2009, at least 756 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EDT.

Of those, the military reports 579 were killed by hostile action.

More here and here.

Honor the Fallen.

Australian Government Legalises Network Interception

An AAP newswire article, via ZDNet Australia, reports that:

Australia's laws are to be amended to make clear that network operators can undertake network protection activities without breaching telecommunications interception laws.

Information on computer networks could be extremely valuable to cyber-criminals and those who managed security of such networks had an important role in defending against criminal and malicious activities, Attorney-General Robert McClelland said today.

Presently network operators could undertake protective activities once a communication became accessible from a computer server, or at an earlier point with the consent of those using the network, he said.

But as attacks became more sophisticated, there was an increasing need for operators to defend at the earliest point. However, in the absence of knowledge of users, such protection activities were a technical breach of the telecommunication interception legislation.

McClelland said consent could be readily obtained from internal network users, but external users would not be aware their communications were being monitored.

More here.

Fusion Centers To Obtain Access To Classified Military Intelligence


The Department of Homeland Security (DHS) announced Monday that it was giving state and local fusion centers access to the classified military intelligence in Department of Defense (DOD) databases. The federal government has facilitated the growth of a network of fusion centers since 9/11 to expand information collection and sharing practices among law enforcement agencies, the private sector and the intelligence community.

Allowing fusion centers access to DOD classified information appears to be a shift in policy. The New York Times reported in July that “Janet Napolitano, the homeland security secretary, said … that fusion centers were not intended to have a military presence, and that she was not aware of ones that did.”

The American Civil Liberties Union has long warned the government about the dangers posed by fusion centers without proper oversight and, in 2007, released a report entitled, “What’s Wrong With Fusion Centers?” The report, which was updated last year, identifies specific concerns with fusion centers, including their ambiguous lines of authority, the troubling role of private corporations, the participation of the military, the use of data mining and their excessive secrecy.

According to DHS, there were 70 fusion centers in the United States as of February 2009. It is unknown how many include military personnel.

More here.

Company Hosting Joe Wilson Fundraising Site Recovers From DDoS Attack

Jaikumar Vijayan writes on ComputerWorld:

A company providing online payment-processing services for U.S. Rep. Joe Wilson (R-S.C.) is back online after being disrupted by a distributed denial-of-service attack over the weekend.

The attack on Piryx began Friday afternoon and lasted into the early hours of Saturday morning, temporarily disrupting a Wilson fundraising effort that was under way at that time, Piryx CEO Tom Serres said. It also knocked out services for about 150 other Piryx clients, he said.

Piryx is a nonpartisan Austin-based start-up that provides services to help political candidates and nonprofits manage online campaigns and fundraising.

Serres said the company was contacted by Wilson's office last week and asked to manage online donations from supporters rallying behind the congressman after he shouted "You lie!" during President Obama's address to Congress on health care reform Wednesday.

Hours after the company began hosting Wilson's home page on its servers, Piryx found itself the target of a distributed denial-of-service attack, Serres said. Such attacks are designed to render servers and networks inaccessible by flooding them with useless traffic.

More here.

Maine: Scammers Gain Access to Downeast Energy's Cash, Clients

David Hench writes on

A sophisticated e-mail scam cost a Brunswick-based heating fuel company as much as $150,000 and potentially exposed hundreds of customers' checking account information, the company said Monday – a day when the U.S. Senate's Homeland Security Committee held hearings on cybersecurity.

Downeast Energy and Building Supply learned last week that scammers, apparently in Eastern Europe, had gained access to the bank account the company uses to let customers pay for fuel with electronic transfers from their checking accounts.

"We are continuing to work closely with law enforcement and our bank to ensure that our account is secured, but more importantly to protect our customers," said company President John Peters.

The scam started with an innocent-looking e-mail to a Downeast employee that purported to be from the company's bank. A link on the e-mail, which appeared to be from KeyBank, took the employee to a Web site that was identical to the bank's.

When the company's bank-issued user name and password were entered, the information was sent to the scammers, who used it to steal the money.

Federal officials say Internet criminals are increasingly targeting small and mid-sized companies.

More here.

U.S. Intellegence Agencies Plan to Beef Up Cyber Security

Ben Bain writes on

Enhancing cybersecurity is a mission objective for intelligence agencies during the next four years, according to an unclassified version of the 2009 National Intelligence Strategy [.pdf] released today.

The NIS, from the Office of the Director of National Intelligence, lays out what intelligence agencies hope to accomplish over the next four years through mission objectives, and how the agencies plan to do so with enterprise objectives.

Dennis Blair, the director of national intelligence, told reporters today that the country has to be aggressive in protecting its own secrets and stealing those of other nations. Throughout the world, he said, "information is moving to networks and that’s where you have to go to learn what other countries and other groups are up to, and that’s what you have to be able to protect in order to be able to do your own work."

China and Russia in particular are very aggressive in the cyber world, Blair added.

The NIS report said that the architecture of the nation’s digital infrastructure, based largely upon the Internet, is neither secure nor resilient.

More here.

Internet Criminals Leap on Patrick Swayze's Death

Tim Greene writes on NetworkWorld:

Malware ghouls took just a few hours to begin preying on the death of actor Patrick Swayze with a new version of a familiar phony anti-virus scam.

F-Secure’s News from the Lab blog details how one malicious site works, luring visitors to the site to buy anti-virus software that can remove alleged infections.

Unconvincingly disguised as a news report about Swayze’s death, the malicious Web site does contain strings of words that mention Swayze, his illness and death, but are not a comprehensible account of what happened.

More here.

Monday, September 14, 2009

Heartland on Defense at U.S. Senate Hearing

Eric Chabrow writes on

The ranking member of the Senate Homeland Security and Governmental Affairs Committee told the chief executive of Heartland Payment Systems that she was "astonished" a breach the company's information system lasted for nearly 1½ years without being detected.

At a panel hearing Monday on protecting industry against growing cyber threats, Sen. Susan Collins, R.-Maine, asked Heartland CEO Robert Carr to explain how this delay happened. Carr responded that a breach is usually detected when the processing payer is notified of fraudulent use of cards, and that didn't occur until the end of 2008.

"Isn't there software in the systems to detect such a breach?" Collins asked.

"There is, and the cyber criminals are very good at masking themselves," Carr replied. "To be able to scan systems to determine what the malware is, you have to understand something about the attack vector, and you need to know something about the malware to find it. All of us in the industry go through annual assessments, but the bad guys are working together to get around all those assessment."

Carr told the panel Heartland is taking two major steps to prevent this type of breach to reoccur. Working through the Financial Services Information Sharing and Analysis Center, Heartland and other payment processors established Payments Processing Information Sharing, a forum for sharing information about fraud, threats, vulnerabilities and risk mitigation practices.

More here.

Intelligence Analyst Charged With Hacking Top Secret, Anti-Terror Program

Kevin Poulsen writes on Threat Level:

An analyst at a Defense Department spy satellite agency faces federal hacking charges after allegedly poking around in a top-secret system used in a classified terrorism investigation involving the FBI and the U.S. Army.

Brian Keith Montgomery worked on a covert program for the National Geospatial-Intelligence Agency — the spy agency in charge of satellite and aerial image collection. On April 9, he was carrying out his duties when he saw a message that “provided significant detail about a classified operation” that was unrelated to his job, according to an affidavit filed by a Pentagon investigator.

The operation is not detailed in the affidavit [.pdf], but there is a reference to the 902nd Military Intelligence Battalion, an Army counterintelligence unit based at Fort Meade in Maryland, with a presence at more than 50 other locations inside and outside the United States. The 902nd faced controversy in 2005, when NBC News published documents showing the the unit had been spying on American anti-war protesters. Under the guise of fighting terrorism, the group had filed intelligence reports on legal demonstrations, including a weekly protest at an Atlanta recruiting station, and a protest at the University of California at Santa Cruz.

More here.

In Passing: Patrick Swayze

Patrick Swayze
August 18, 1952 - September 14, 2009

Registrars Ignore Domain-Name Abuse

Ellen Messmer writes on NetworkWorld:

For legitimate businesses, a domain name is a way to hang a shingle in cyberspace. In the criminal world, domain names are a key part of botnet and phishing operations, and cyber-criminals are plundering domain-name registrars around the world to get them.

Criminals are amassing domain names by registering them under phony information, paying with stolen credit cards or hard-to-trace digital currencies like eGold, and breaking into legitimate domain-name accounts. To add to the problem of domain-name abuse, some rogue registrars often look the other way as the money rolls in.

“There’s absolutely a big problem,” says Ben Butler, director of network abuse at Go Daddy, an Arizona-based domain-name registrar that’s authorized by the Internet Corporation for Assigned Names and Numbers and the appropriate ICANN-accredited registries to sell domain names based on the generic top-level domains (gTLD) that include .com, .aero, .info, .name and .net.

More here.

Eastern European Cyber Crooks Now Targeting Public & Private Schools

Brian Krebs writes on Security Fix:

A gang of organized cyber criminals that has stolen millions from businesses across the United States over the past month appears to have turned its sights on public schools and universities.

On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different accomplices or "money mules" that the attackers had hired via work-at-home job scams.

A school employee spotted the bogus payments on the morning of the 19th, when the school district learned that $117,000 had been siphoned from its coffers by cyber crooks.

Sanford Superintendent Kevin Edgar said the school successfully reversed two of the transfers totaling $18,000, but that rest of the stolen money remains in limbo.

More here.

Sunday, September 13, 2009

Australia: ISPs Asked to Cut Off Malware-Infected PCs

Ben Grubb writes on

The Internet Industry Association (IIA) has drafted a new code of conduct that suggests Internet Service Providers (ISPs) contact, and in some cases disconnect, customers that have malware-infected computers.

The drafted code, which will not be mandatory, suggested ISPs take a four-step approach to protecting customers.

  • Identification of compromised computers
  • Contact affected customer
  • Provision of information and advice to fix the compromised system; and
  • A reporting function for alerting about serious scale threats, such as those, that may threaten national security.

"Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem," the new code states.

Chief regulatory officer of ISP iiNet, Steve Dalby, said he would adhere to the code if the process could be automated and development costs weren't prohibitive.

More here.