Saturday, October 03, 2009

Ken Burns on PBS: The National Parks

The premier on PBS of Ken Burns' wonderful new film "The National Parks: America's Best Idea" was shown over a course of a few nights this past week. I recorded them all on my DVR to watch today, and I have to tell you, it is a magnificent & triumphant film.

If you missed it, you can watch all of it online at

It is surely worth every minute.


- ferg

Friday, October 02, 2009

India: Spooks Want Govt to Block Skype

Mohua Chatterjee writes on The Times of India:

Intelligence agencies have asked the government to consider blocking Skype as operators of the popular global VoIP (Voice over Internet Protocol) engine are refusing to share the encryption code that prevents Indian investigators from intercepting conversations of suspected terrorists.

The Cabinet Committee on Security has accepted the recommendation in principle but has not set a date for initiating action. The urgency to track Skype calls stems from the fact that terrorists -- as the 26/11 attacks in Mumbai showed -- are increasingly using VoIP services. The shift to VoIP has been prompted by the growing ability of intelligence agencies to intercept mobile and other calls.

Sources said Skype has shared its encryption code with the US, China and other governments but is refusing to accept similar Indian requests.

Since Skype is not registered here, Indian authorities have been forced to mull the drastic option of blocking its gateways here. This, however, may not be entirely effective as Skype can route traffic through other service providers. The agencies feel blocking the gateways will at least serve as a signal to local service providers against carrying traffic from Skype or any other similar service provider which does not share the encryption code with the government.

More here.

Thursday, October 01, 2009

Soldiers' Data Still Being Downloaded Overseas, Firm Says

Ellen Nakashima writes on The Washington Post:

The personal data of tens of thousands of U.S. soldiers -- including those in the Special Forces -- continue to be downloaded by unauthorized computer users in countries such as China and Pakistan, despite Army assurances that it would try to fix the problem, according to a private firm that monitors cybersecurity.

Tiversa, which scours the Internet for sensitive data, discovered the data breaches while conducting research for private clients. The company found, as recently as this week, documents containing Social Security numbers, blood types, cellphone numbers, e-mail addresses, and the names of soldiers' spouses and children.

The availability of such data, security experts say, exacerbates the threat of identity theft and retaliation against troops on sensitive missions. In addition to using the information to drain financial accounts, hackers could pose as soldiers in an effort to ferret out sensitive data, including passwords to government systems.

Such disclosures represent a "major security risk" to the service members and the military, said Rep. Edolphus Towns (D-N.Y.), chairman of the House Oversight and Government Reform Committee, which was informed of the data breach by Tiversa.

More here.

Yet Another Cyber Theft: $50K Stolen from New York Non-Profit

Mary Perham writes in The Corning Leader/Bath Courier:

The FBI has been called to investigate the alleged cyber-theft last week of roughly $50,000 from the Arc of Steuben, in Bath.

Arc Executive Director Bernie Burns said the theft occurred last week after a hacker gained access to an unidentified Arc employee’s personal e-mail at work. The employee also was authorized to handle Arc’s financial information at Five Star Bank, and hackers gained enough details to access the bank funds, Burns said.

Arc’s insurance is expected to recoup the loss, Burns said.

Steuben County Chief Deputy Noel Terwilliger said Wednesday the theft was reported Sept. 23 after information technology staff and fraud investigators at Five Star Bank noticed the illegal transfer of funds. Bank officials took immediate action to prevent a larger sum from being moved out of the Arc account, Terwilliger said.

Although early reports indicated as much as $200,000 had been re-moved from the Arc account, Terwilliger said all but about $50,000 has been recovered.

The theft in Bath could be a part of larger nationwide scheme to steal millions from corporations and schools over the past few months. Several health care providers, including non-profit organizations that cater to the disabled and the uninsured have been recent targets, according to The Washington Post.

More here.

SCADA Watch: Australian Energy Company's Virus Outbreak a Threat to Power Grid

Asher Moses writes in The Age:

A virus outbreak is wreaking havoc with Integral Energy's computer network, forcing it to rebuild all 1000 of its desktop computers before the "particularly sinister" bug spreads to the machines controlling the power grid.

A spokesman for Integral Energy, a major energy supplier, confirmed that the company had called in external information security experts to "rebuild all desktop computers to contain and remove the virus".

The malware had not affected power supplies to customers or business data and was "contained within Integral Energy's information technology network", the spokesman said.

But Chris Gatford, a security consultant at Hacklabs who has conducted penetration testing on critical infrastructure, said there was often "ineffective segregation" or "more typically none at all" between the IT network and the network that monitors and controls the infrastructure.

He said the two networks often needed to be connected in some way in order to share data such as usage information that is used in the billing process or quality of service measuring.

"The risk of having a virus in this type of environment is it might affect the operation of the power grid if the virus was to infiltrate the process control network," said Gatford.

More here.

Wednesday, September 30, 2009

Mark Fiore: Feelin' Fine

More Mark Fiore brilliance.

Via The San Francisco Chronicle


- ferg

Australia: Credit-Card Fraud Soars

Nick Gardner writes on Adelaide Now:

Identity theft has reached epidemic proportions in Australia, more than one in five people falling victim to credit-card fraudsters or computer hackers.

The Identity Crimes Report, commissioned by Veda Advantage and conducted by Galaxy Research, found more than 1.5 million people had their credit cards skimmed, and 1.2 million had their bank accounts illegally accessed.

Many more had their post intercepted containing their pin numbers or other crucial information that can be used to create a false identity.

Australia's lapse in deploying anti-fraud technology, and the economic slowdown, are blamed for the rapid rise in crimes – up at least 23 per cent on a year ago.

"Desperate times create desperate people," said Kelvin Kirk of Veda Advantage. "Higher unemployment creates more crime, we know that," he said.

More here.

Hat-tip: Data Los db Blotter

FCC Panel: Cyber Security Needs Incentives

Kenneth Corbin writes on

With the Federal Communications Commission marching through nearly three-dozen workshops planned to gather information for its national broadband plan, it was only a matter of time before the agency took on cybersecurity.

FCC officials heard suggestions from an array of experts in academic, public and private sectors of the broadband community about how to address security concerns as the agency mulls strategies to spur greater expansion and adoption of broadband networks.

Don Welch, president and CEO of the nonprofit research group Merit Network, told the commission that the incentives for commercial ISPs to justify investments in network security are largely absent from the current broadband market.

"The real difficulty in the commercial world is it's very difficult to point to an ROI," Welch said. "If we're successful, nothing happens."

More here.

Hackers Breach Payroll Giant, Target Customers

Brian Krebs writes on Security Fix:

Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm's customers in a scheme to steal passwords and other information.

Morrestown, N.J. based PayChoice, provides direct payroll processing services and licenses its online employee payroll management product to at least 240 other payroll processing firms, serving 125,000 organizations.

Last Wednesday, a number of PayChoice customers received an e-mail warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to, the portal for PayChoice's online payroll service. The supposed plug-in was instead malicious software designed to steal the victim's user names and passwords.

Unlike typical so-called "phishing" scams -- which are sent indiscriminately to large numbers of people in the hopes that some percentage of recipients are customers of the targeted institution -- this attack addressed PayChoice customers by name in the body of the message. The missives also included reference to each recipient's user name and a portion of his or her password for the site.

In a statement e-mailed to Security Fix, PayChoice said the company discovered on Sept 23 that its online systems had been breached. The company said it immediately shut down the site and instituted fresh security measures to protect client information, such as requiring users to change their passwords.

More here.

Express Scripts: 700,000 Notified After Extortion

Robert McMillan writes on ComputerWorld:

Nearly a year after being hacked by computer extortionists, pharmacy benefits management company Express Scripts now says hundreds of thousands of members may have had their information breached because of the incident.

Last November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism for being vague about how many of its customers' records were accessed. Now the company says that about 700,000 have been notified.

The trouble started for the St. Louis-based company in October 2008, when it received a letter containing the names, birth dates, Social Security numbers and prescription data of 75 patients. The extortionists threatened to turn the information public if they weren't paid. Express Scripts refused and instead notified the U.S. Federal Bureau of Investigation. The company is now offering a US$1 million reward for information leading to the arrest of the perpetrators.

Express Script has not said how the criminals managed to get hold of the data, but in an e-mailed statement the company said that "there have been no reported cases of misuse of member information resulting from the incident."

In a June court filing, the company said that three of its customers have also been approached by the extortionists.

More here.

At Least One Part of The Economy is Growing: Cyber Crime

Maria Bruno-Britz writes on Bank Systems & Technology:

In case anyone thought it was getting easier to keep customer data safe, here are a few studies that will bring you back to reality.

The APWG (Anti-Phishing Working Group) released its latest Phishing Activity Trends Report and found that new records were being reached in a variety of areas, such as rogue anti-virus software, phishing websites and crimeware designed to target financial institutions' customers.

According to a release, the APWG H1, 2009 report [.pdf] found that the numbers of detected rogue anti-malware programs—fake security software that actually infects computers to animate assorted electronic crimes—grew 585 percent between January and the end of June 2009.

The number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement.

More here.

Tuesday, September 29, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Sept. 29, 2009, at least 4,346 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,473 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is three fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

As of Tuesday, Sept. 29, 2009, at least 773 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EDT.

Of those, the military reports 594 were killed by hostile action.

More here and here.

Honor the Fallen.

Conficker Showdown: No End In Sight

Kelly Jackson Higgins writes on Dark Reading:

Security researchers have picked it apart, vendors have banded together to fight it, and most users have at least heard of it after it made the mainstream media for a possible April 1 activation that never happened -- but the Conficker worm just won't go away. Its bot count has remained steady at around 6 million machines since this summer. And no one really knows what its operators have in store for all of that firepower.

"We continue to see infection rates at a very high level, especially for the A and B variants [of Conficker]," says Andre DiMino, director of the Shadowserver Foundation, which tracks Conficker infections for the Conficker Working Group. "We've done a good job at getting a grasp on Conficker itself and its architecture, and have also had great response from groups within the Conficker Working Group. Now we just need to be a little more aggressive in remediation and with more awareness to really make a concerted effort to get this thing cleaned up."

What concerns security researchers is that despite all of the resources and attention being poured into eradicating Conficker -- Microsoft even offers a $250,000 bounty to catch the people behind the worm -- infections just keep coming worldwide. "It continues to be a giant engine idling, and we wait and see what they're going to do with it," DiMino says.

DiMino worries that all of the hype surrounding the April Fool's Day Conficker event that never was lulled users into a false sense of security that they are immune to Conficker, and that it's considered old hat now compared with other threats.

More here.

Banking Trojan Steals Money From Under Your Nose

Elinor Mills writes on C|Net News:

Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn't just steal your bank log in credentials but actually steals money from your account while you are logged in and displays a fake balance.

The bank Trojan, dubbed URLzone, has features designed to thwart fraud detection systems which are triggered by unusual transactions, Yuval Ben-Itzhak, chief technology officer at Finjan, said in an interview on Tuesday. For instance, the software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available.

The specific Trojan Finjan researchers analyzed targets customers of unnamed German banks. It was linked back to a command-and-control server in Ukraine that was used to send instructions to the trojan software sitting infected PCs. Finjan has notified German law enforcement authorities, Ben-Itzhak said.

"It's a next generation bank trojan," he said. "This is part of a new trend of more sophisticated Trojans designed to evade antifraud systems."

More here.

Quote of The Day: Bob Sullivan

"If credit cardholders feel worse off since the passage of the law designed to protect them from banks, that's because they are. An avalanche of new fees, interest rate hikes and other costly changes since the law was signed in May suggest the Credit Card Accountability, Responsibility and Disclosure Act, or the CARD Act, has backfired."

- MSNBC's Bob Sullivan, writing on the "Red Tape Chronicles" Blog.

Monday, September 28, 2009

School Boards Hit With Cash-Stealing Trojan

Robert McMillan writes on PC World:

The U.S. Federal Bureau of Investigation is probing a rash of reported online computer intrusions that have resulted in hundreds of thousands of dollars being stolen from school districts in Illinois.

FBI investigators are working on a computer intrusion case at the Crystal Lake School District in Crystal Lake, Illinois, said Ross Rice, a spokesman with the FBI's Chicago office. But several other school districts also believe that they have been hit by the same malicious software, Rice said.

The FBI believes that the Clampi virus, already associated with a rash of banking thefts throughout the U.S., may be to blame, Rice said.

Rice declined to provide more information on the case because it is still under investigation, but local reports say that as much as US$350,000 may have been taken from the Crystal Lake District alone. The district's superintendent, Donn Mendoza, did not return a call seeking comment for this story.

Three Illinois school districts are thought to have been hit over the summer, but other school boards nationwide have been targeted by the scam.

More here.

Cyber Gangs Hit Healthcare Providers

Brian Krebs writes on Security Fix:

Organized cyber thieves that have stolen millions from corporations and schools over the past few months recently defrauded several health care providers, including a number of non-profit organizations that cater to the disabled and the uninsured.

The victims are the latest casualties of an online crime wave being perpetrated against U.S.-based organizations at the hands of cyber thieves thought to be based out of Eastern Europe.

On Sept. 9, crooks stole $30,000 from the Evergreen Children's Association (currently doing business as Kids Co.), a non-profit organization in Seattle that provides on-site childcare for public schools.

Kids Co. chief executive and founder Susan Brown said the attackers tried to send an additional $30,000 batch payment out of the company's account, but that her bank blocked the transfer at her request.

"Now we're in this battle with our bank, because my staff accountant checks the account every day, and we notified the bank before this money was stolen and the transfer still went out," Brown said.

More here.

Sunday, September 27, 2009

Australian Court Slams Bottle Domains' Lax Security


The Victorian Supreme Court has chastised Bottle Domains for its "extraordinary indifference to the effect of credit card fraud on its victims" over attempts to downplay to customers the seriousness of a security breach.

The domain registrar had its accreditation terminated by the domain name regulator auDA in April when it emerged the company didn't disclose a 2007 security breach.

iTnews has contacted Bottle owner Nicholas Bolton for comment.

The incident came to light after Bottle Domains suffered a more serious incident last January in which its database was hacked and sold on the internet.

AuDA said Bottle's failure to notify it at the time of the earlier incidents breached its obligations and was grounds for termination of its registrar agreement, which would mean Bottle would no longer be able to sell domain names or continue trading as a domain name registrar.

More here.

In Passing: William Safire

William Safire
December 17, 1929 – September 27, 2009