Saturday, December 26, 2009

How Do You Feel About Christmas Now?

Do something good this holiday season.

I did -- and I wish I could do more. I made a US$120 donation to an African family for a goat (seriously). I challenge you to do so, too.

- ferg

Why Can't the Law Get the Crooks?

Lincoln Spector writes on NetworkWorld:

Victor Rodriguez wants to know why law enforcement agencies can't stop the criminals infecting our PCs.

Believe it or not, authorities do occasionally catch cybercriminals. Just last month, British detectives arrested two suspects who may have been involved with the ZeuS/Zbot Trojan.

Not that it did much good. A few weeks later, security researcher Troy Gill declared a new variant of Zbot "the most predominant virus/phishing campaign right now."

And that's a big part of the problem. As with drugs and prostitution, if there's money to be made in an illegal activity, people will be there to make it. Arrest two, and 20 more are waiting to take their place.

More here.

Happy Boxing Day!

Boxing Day is a public holiday celebrated in the United Kingdom, Canada, New Zealand, Australia, and many other members of the Commonwealth of Nations on December 26, the day after Christmas Day.


- ferg

Friday, December 25, 2009

Merry Christmas to All of Our Men and Women in Uniform

We Salute All of Our American Fighting Men and Women in the U.S. Military, especially those who are separated from friends, family, and loved ones & away from home this holiday season.

You are not forgotten.

Merry Christmas and Happy Holidays.

Thursday, December 24, 2009

Classic xkcd: December 25th

Click for larger image.

We love xkcd.

- ferg

In Passing: George Michael

George Michael
March 24, 1939 – December 24, 2009

California Office of Information Security Wins $4.7 Million Grant

Russel Nichols writes on

As the number of stolen Social Security numbers rise and computer hackers continue to breach restricted databases that contain personal information, California's Office of Information Security received a crucial last-minute gift this holiday season to help improve cyber-security.

The California Emergency Management Agency awarded the office $4.7 million in U.S. Department of Homeland Security grants for cyber-security projects. The federal funding will help Teri Takai, the state's CIO, and her team conduct a statewide cyber-security risk assessment. The goal is to create a standardized assessment framework across all state agencies and streamline all IT operations.

Part of the grant will also go toward the Secure Domain Name System (DNS) Project, which will upgrade the current infrastructure to improve protection for state Web sites and guard against cyber-hackers.

The remaining $1 million in the grant will be used for statewide digital mapping system, which will use GIS and plot critical infrastructures and key resources on a common map to improve emergency management and responses across the state.

More here.

DDoS Attack on DNS Hits Amazon and Others

Peter Sayer writes on InfoWorld:

Internet users in Northern California were unable to reach properties including and Amazon Web Services for a time Wednesday evening, as their DNS provider was targeted by a distributed denial-of-service attack. The attack came as North American consumers rushed to finish online shopping ahead of the end-of-year holiday season.

Amazon Web Services (AWS) was the first to signal something was amiss. Its status page indicates that at 5:43 p.m. Pacific Time on Wednesday its staff was investigating reports of DNS (Domain Name System) resolution errors from customers trying to reach its S3 cloud storage service. The problem persisted until 6:38 p.m. Pacific Time, but in the meantime the S3 service continued to operate, AWS said.

However, staff at Neustar, the owner of Amazon's DNS provider UltraDNS, was aware of the problem around an hour earlier, at 4:45 p.m. Pacific Time.

"At 7:45 p.m. Eastern Time we noticed an abnormal spike in queries and immediately identified it as a DDoS attack," said Allen Goldberg, vice president of corporate communications at Neustar, in an e-mail.

The company was able to analyze the attack pattern and take steps to limit its effects within minutes of identifying the problem, he said.

More here.

Quote of the Day: Will Chen

"I love It's a Wonderful Life because it teaches us that family, friendship, and virtue are the true definitions of wealth."

- Will Chen, writing on his blog Wise Bread (props, Boing Boing). He continues that " 1947, however, the FBI considered this anti-consumerist message as subversive Communist propaganda."

This has become a Christmas tradition with me now -- Merry Christmas.

- ferg

Wednesday, December 23, 2009

One Thing I Love About The Holidays: Fruitcake

That's right, you read that correctly.

I love the stuff.

Happy Holidays, and Merry Christmas.

- ferg

Happy Festivus!

Happy Festivus!

Tuesday, December 22, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Dec. 22, 2009, at least 4,370 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,477 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is three fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

As of Tuesday, Dec. 22, 2009, at least 857 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EDT.

Of those, the military reports 662 were killed by hostile action.

More here and here.

Honor the Fallen.

As Cyber Attacks Increase, U.S. Struggles to Recruit Computer Security Experts

Ellen Nakashima and Brian Krebs write in The Washington Post:

The federal government is struggling to fill a growing demand for skilled computer-security workers, from technicians to policymakers, at a time when network attacks are rising in frequency and sophistication.

Demand is so intense that it has sparked a bidding war among agencies and contractors for a small pool of special talent: skilled technicians with security clearances. Their scarcity is driving up salaries, depriving agencies of skills, and in some cases affecting project quality, industry officials said.

The crunch hits as the Pentagon is attempting to staff a new Cyber Command to fuse offensive and defensive computer-security missions and the Department of Homeland Security plans to expand its own "cyber" force by up to 1,000 people in the next three years. Even President Obama struggled to fill one critical position: Seven months after Obama pledged to name a national cyber-adviser, the White House announced Tuesday that Howard Schmidt, a former Bush administration official and Microsoft chief security officer, will lead the nation's efforts to better protect its critical computer networks.

The lack of trained defenders for these networks is leading to serious gaps in protection and significant losses of intelligence, national security experts said. The Government Accountability Office told a Senate panel in November that the number of scans, probes and attacks reported to the Department of Homeland Security's U.S. Computer Emergency Readiness Team has more than tripled, from 5,500 in 2006 to 16,840 in 2008.

More here.

Mark Fiore: Ho! Ho! Whoa!

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Happy Holidays.

- ferg

Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack

Kim Zetter writes on Threat Level:

The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison.

While accused TJX hacker kingpin Albert Gonzalez awaits a possible sentence of 17 years or more in prison, one of his best friends and accomplices was sentenced on Tuesday in Boston to two years for his role in what the feds are calling “the largest identity theft in our nation’s history.”

Stephen Watt, a 25-year-old former Morgan Stanley software engineer, pleaded guilty last December to creating a custom sniffing program dubbed “blabla” that Gonzalez and other hackers used to siphon millions of credit and debit card numbers from TJX’s network. The breach cost TJX $200 million, according to its 2009 SEC filing.

Watt’s lawyer had sought a sentence of probation.

But instead the 7-foot-tall coder who once had a bright professional future got two years in federal prison and three years of probation. A spokeswoman for the U.S. attorney’s office in Massachusetts said the judge also ordered Watt to pay restitution to TJX in the amount of $171.5 million.

More here.

Saying Goodbye to 2009 Using Google Wave

Hat-tip: Scott Beale

I'm Shipping Up To Boston - Dropkick Murphys


- ferg

Monday, December 21, 2009

Chinese Plan to Meter Traffic Called 'Bad for Internet'

Via The China Post/Asia News Network.

China wants to meter all Internet traffic that passes through its borders, it has emerged.

The move, which would allow countries that currently receive no payment for use of their lines to generate income, would require international agreement.

It is being discussed by the United Nations (U.N.) body in charge of Internet standards, reported BBC News.

But a European Union cyber security expert has warned that the plan could threaten the stability of the entire Internet, said the report.

Mr. Andrea Servida, deputy head of Unit at the European Commission's (EC) Information Society and Media directorate-general, told a House of Lords committee that China could have a hidden agenda in wanting to monitor data flows.

More here.

FBI Probes Hack at Citibank

Siobhan Gorman and Evan Perez write on The Wall Street Journal:

The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials.

The attack took aim at Citigroup's Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties.

The attack underscores the blurring of lines between criminal and national-security threats in cyber space. Hackers also assaulted two other entities, at least one of them a U.S. government agency, said people familiar with the attack on Citibank.

The Citibank attack was detected over the summer, but investigators are looking into the possibility the attack may have occurred months or even a year earlier. The FBI and the National Security Agency, along with the Department of Homeland Security and Citigroup, swapped information to counter the attack, according to a person familiar with the case. Press offices of the federal agencies declined to comment.

More here.

Jack Bauer Interrogates Santa

Hat-tip: Dvorak Uncensored

White House (Finally) Picks New Cyber Czar

An AP newswire article, via, reports that:

After months of wrangling and delays, President Barack Obama has chosen a national cyber security coordinator to take on the formidable task of organizing and managing the nation's increasingly vulnerable digital networks.

Obama has tapped Howard A. Schmidt, longtime computer security executive who worked in the Bush administration and has extensive ties to the corporate world, according to a senior White House official, who spoke on condition of anonymity because the announcement will not be made until Tuesday.

Schmidt's selection comes more than 10 months after Obama declared cyber security a priority and ordered a broad administration review.

The official said Obama was personally involved in the selection process and chose Schmidt after an extensive search because of his unique background and skills. Schmidt will have regular and direct access to the President for cybersecurity issues, the official said.

More here.

7-Eleven Hack From Russia Led to ATM Looting in New York

Kevin Poulsen writes on Threat Level:

Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days. After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards. A lucky traffic stop catches two more plunderers who’d driven in from Michigan. Another pair are arrested after trying to mug an undercover FBI agent on the street for a magstripe encoder. In the end, there are 10 arrests and at least $2 million dollars stolen.

The wellspring of the dramatic megaheist turns out to be more prosaic than imagined: It started with a breach of the public website of America’s most famous convenience store chain:

In his most-recent plea agreement, filed in court Monday, confessed hacker Albert Gonzalez admitted conspiring in the 7-Eleven breach and fingered two Russian associates as the direct culprits. The Russians are identified as “Hacker 1″ and “Hacker 2″ in Gonzalez’s plea agreement, and as “Grigg” and “Annex” in an earlier document inadvertently made public by his attorney.

The Russians, evidently using an SQL injection vulnerability, “gained unauthorized access to 7-Eleven, Inc.’s servers through 7-Eleven’s public-facing internet site, and then leveraged that access into servers supporting ATM terminals located in 7-Eleven stores,” the plea agreement reads. “This access caused 7-Eleven, Inc., on or about November 9, 2007, to disable its public-facing internet site to disable the unauthorized access.”

More here.

Attackers Buying Own Data Centers for Botnets, Spam

Dennis Fisher writes on

The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers.

IP address space allocation is handled by five regional Internet registries (RIR), each of which is responsible for a particular group of countries. The RIRs work with large enterprises, ISPs, telecoms and other organizations that need large blocks of IP space. These organizations typically have to go through an application and screening process in order to get these allocations, including providing legal documentation listing the officers of the company, its business and why the address space is needed.

And that's the way it's supposed to work everywhere. Applicants who can't show a need for the IP space are told politely to take a walk. But in some cases, criminals have found a way around this by going through local Internet registries (LIR) or by taking advantage of RIRs that don't have the resources to investigate every application as fully as they'd like.

The criminals will buy servers and place them in a large data center and then submit an application for a large block of IP space. In some cases, the applicants are asked for nothing more than a letter explaining why they need the IP space, security researchers say. No further investigation is done, and once the criminals have the IP space, they've taken a layer of potential problems out of the equation.

More here.

Sunday, December 20, 2009

Classic xkcd: Researcher Translation

Click for larger image.

Instant classic.

We love xkcd.

- ferg

In Passing: Brittany Murphy

Brittany Murphy
November 10, 1977 – December 20, 2009