Saturday, November 14, 2009

Fort Hood Fallen: A Final Salute

You are not forgotten.

Image source: Steve Gooch / AP

Friday, November 13, 2009

California Plans to Launch Information Security Operations Center

Steve Towns writes on Government Technology:

California intends to create a state-of-the-art information security operations center to monitor cyber-threats and protect state and local government networks from attack.

The proposal is part of a sweeping five-year plan [.pdf], released Thursday, Nov. 12 by state Chief Information Security Officer (CISO) Mark Weatherford, which is designed to safeguard government data and critical technology resources from increasingly sophisticated cyber-criminals.

The plan calls for creating a California Information Security Operations Center (CA-ISOC) that would provide real-time detection of cyber-attacks and security intrusions across all state government agencies. The center also would support local government networks that need assistance.

The CA-ISOC would watch for attacks on the state government's critical information infrastructure, including attempts to disrupt automated control networks for dams, power plants and other physical facilities. The plan also envisions creating a California Computer Incident Response Team that would work in concert with the state's Emergency Management Agency and Fusion Center, as well as the U.S. Department of Homeland Security.

More here.

DNS Problem Linked to DDoS Attacks Gets Worse

Robert McMillan writes on PC World:

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an "open recursive" or "open resolver" system. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said Cricket Liu, vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. "The two leading culprits we found were Telefonica and France Telecom," he said.

In fact, the percentage of DNS systems on the Internet that are configured this way has jumped from around 50 percent in 2007, to nearly 80 percent this year, according to Liu.

More here.

U.S. Cyber War Plans Not Just Defensive

A National Journal article by Shane Harris, via, reports that:

In May 2007, President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb.

At the request of his national intelligence director, Bush ordered an NSA cyberattack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The devices allowed the fighters to coordinate their strikes and, later, post videos of the attacks on the Internet to recruit followers. According to a former senior administration official who was present at an Oval Office meeting when the president authorized the attack, the operation helped U.S. forces to commandeer the Iraqi fighters' communications system. With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers.

Former officials with knowledge of the computer network attack, all of whom requested anonymity when discussing intelligence techniques, said that the operation helped turn the tide of the war. Even more than the thousands of additional ground troops that Bush ordered to Iraq as part of the 2007 "surge," they credit the cyberattacks with allowing military planners to track and kill some of the most influential insurgents. The cyber-intelligence augmented information coming in from unmanned aerial drones as well as an expanding network of human spies. A Pentagon spokesman declined to discuss the operation.

More here.

Thursday, November 12, 2009

Classic xkcd: iPhone or Droid?

Click for larger image.

We love xkcd.

- ferg

14 Tech Firms Form Cyber Security Alliance for U.S. Government

Wyatt Kash writes on Defense Systems:

Thirteen leading technology providers, together with Lockheed Martin, today announced the formation of a new cybersecurity technology alliance. The announcement coincided with the opening of a new NexGen Cyber Innovation and Technology Center in Gaithersburg, Md., designed to test and develop new information and cybersecurity solutions for government and commercial customers.

The alliance represents a significant commitment on the part of competing technology companies to work collaboratively on new ways to detect and protect against cyber threats and develop methods that could automatically repair network systems quickly after being attacked.

The companies participating in the Cyber Security Alliance include APC by Schneider Electric, CA, Cisco, Dell, EMC Corp. and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware.

More here.

Mark Fiore: Learn to Speak Tea Bag

More Mark Fiore brilliance.

Via The San Francisco Chronicle

- ferg

How to DDoS a Federal Wiretap

Robert McMillan writes on ComputerWorld:

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper [.pdf], set to be presented Thursday at a computer security conference in Chicago.

Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.

More here.

Wednesday, November 11, 2009

Veteran's Day November 2009: Every Day Is A Bonus

We Salute You.

- ferg

Salute: Veterans Day 2009

You Are Not Forgotten.

Tuesday, November 10, 2009

SCADA Watch: PG&E Sued Over New SmartMeters, Soaring Bills

David R. Baker writes in The San Francisco Chronicle:

SmartMeters, which Pacific Gas and Electric Co. have been installing throughout its territory, are the subject of a lawsuit by a Bakersfield man who blames them for his soaring electric bills.

Pete Flores has sued PG&E over the meters, claiming they caused his monthly bill to jump from less than $200 to more than $500. The class-action suit, filed on Oct. 16 in Kern County Superior Court, alleges that the meters aren't accurate and lead to overcharges that PG&E should be forced to refund.

"Whatever the problem is needs to be sorted out and fixed now," said attorney Michael Louis Kelly, representing Flores.

Residents of Bakersfield, Fresno and the surrounding area have been complaining for months about the SmartMeters.

The devices are designed to track electricity and gas usage with precision and transmit their data to the utility via wireless.

More here.

Eight Indicted in $9M RBS WorldPay Heist

Brian Krebs writes on Security Fix:

Eight men have been indicted on charges that they hacked into credit card processing firm RBS Worldpay, and helped steal more than $9 million in a highly coordinated heist nearly a year ago, the U.S. Justice Department said Tuesday.

The 16-count indictment, which names individuals from Estonia, Moldova and Russia, is the first major break in a case federal investigators are calling "perhaps the most sophisticated and organized computer fraud attack ever conducted."

The men are accused of cracking the data encryption that RBS WorldPay used to protect customer data on payroll debit cards, allowing them to clone the cards. Some companies use payroll cards in lieu of paychecks by depositing employee salaries or hourly wages directly into payroll card accounts, which can then be used as debit cards at ATMs. According to the government, the hacking ring also was able to raise the daily withdrawal limits on compromised accounts.

The Justice Department alleges that 44 counterfeit payroll debit cards were used to withdraw more than $9 million from at least 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The money was stolen over a period of less than 12 hours, investigators say.

Dozens of accomplices -- also known as "cashers" -- who were hired to pull the money out of ATMs remain at large. The indictment alleges that the cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of the money back to the men named in the indictment.

More here.

Nov. 10, 1983: Computer 'Virus' Is Born

Kim Zetter writes on Wired:

Fred Cohen, a University of Southern California graduate student, gives a prescient peek at the digital future when he demonstrates a computer virus during a security seminar at Lehigh University in Pennsylvania. A quarter-century later, computer viruses have become a pandemic for which there’s no inoculation.

Cohen inserted his proof-of-concept code into a Unix command, and within five minutes of launching it onto a mainframe computer, had gained control of the system. In four other demonstrations, the code managed to seize control within half an hour on average, bypassing all of the security mechanisms current at the time. It was Cohen’s academic adviser, Len Adleman (the A in RSA Security), who likened the self-replicating program to a virus, thus coining the term.

But Cohen’s malware wasn’t the first of its kind.

Others had theorized about self-replicating programs that could spread from computer to computer, and a couple of tinkerers had already successfully launched their own digital infections prior to Cohen’s presentation. But his proof-of-concept program put computer scientists on notice about the potential scourge of an intentionally malicious attack.

Much more here.

Note: I know Dr. Cohen both personally & professionally, and he looks just a tad different today. :-)

Monday, November 09, 2009

SCADA Win: U.S. Army Says It Stopped Pueblo Mustard Leak

An AP newswire article, via The Army Times, reports that:

The Army says it has finished work containing a leak of mustard agent at the Pueblo Chemical Depot.

The leak was discovered in August by a sensor at one of the “igloos” containing the deadly toxin. The Army then sorted through the stored projectiles and found one leaking liquid mustard and one leaking mustard vapor.

The Army said Monday that the leaky projectiles were moved to a more secure igloo Nov. 5. No one was hurt.

The Army is in talks with Colorado health officials to settle a state lawsuit calling for increased monitoring of how chemical weapons are stored. Congress has set a 2017 deadline to have the weapons destroyed to meet international treaty obligations.


20 Years Later: The Fall of The Wall

It actually started with Hungary in August, 1989, but today is celebrated as the day it really came down in Berlin.

Being a soldier in the former West Germany, I can tell you it was a major significant event in world history, even though I became a civilian when it came down.

The world was changed forever.

- ferg

Sunday, November 08, 2009

SCADA Security: Abuse of Objective Mailing List Abuse

Sure, sometimes people don't like contrarian opinions.

And sure, sometimes there are intelligent arguments that are created by opposing opinions.

But it is another thing entirely to control a mailing list, and censor contrary opinions, which discussed critical SCADA infrastructure and selectively choose which posts to publish, and which ones do not get published.

Yet that is exactly what is happening with the SCADAsec Mailing list, being operated out of Australia.

Cry Foul.

The folks that run this list need to (a) own up to their financial interests in running that mailing list, (b) explain their rationale for "moderating" posts which do not align with their corporate interests, and (c) provide complete transparency in their objectives in the running th mailing list in the first place.

In fact, I will be prodding the U.S. Government to run a new list that will absorb this context.

Everything was going fine until we reached this "issue" wherein 60 Minutes ran their story this week on the Brazilian electrical system disturbances.

I made several comments that did not reference the SCADA Security issues, but rather the fact that cyber criminals are indeed being successful on other fronts.

My comments were censored.

Now, I fight back.

- ferg

p.s. Corporate protectionists, I'm coming after you. Be warned.

Quote of The Month: Robert Graham

"Hackers are like witches in Salem in the 1600s. When crops failed, people blamed it on the witches, who were burned at the stake. These people believed they were acting intelligently. The witches were convicted in 'fair' trials, with 'proof beyond a reasonable doubt'. For example, victims would testify how the accused witch would curse them, or give them the Evil Eye. Why would they lie about being cursed?"

"Now, when computers fail, people are immediately suspicious of hackers."

- Robert Graham, Errata Security.