Friday, March 19, 2010

To Fight Scammers, Russia Cracks Down on .RU Domain

Robert McMillan writes on ComputerWorld:

In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures.

Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers. Right now, domains can be set up with no verification -- a practice that has allowed scammers to quickly set up .ru domains under bogus names.

The changes will help Russia align its rules with international best practices, said Olga Ermakova, informational projects manager with the Coordination Center for the .ru top-level domain, in an e-mail interview. The .ru administrators care about the "cleanness" of the domain, she added. "We don't need negative content, and such content is often [created] by unknown users."

Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified.

More here.

Unprecedented 25-Year Sentence Sought for TJX Hacker

Kevin Poulsen writes on Threat Level:

Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night.

“[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest and most costly series of identity thefts in the nation’s history,” wrote Boston-based assistant U.S. attorney Stephen Heymann. “He knowingly victimized a group of people whose population exceeded that of many major cities and some states.”

The government also disputed a defense claim that Gonzalez suffers from Asperger’s disorder, a mild form of autism that was grounds for a slightly reduced sentence in a previous hacking prosecution.

Gonzalez, 28, is set for sentencing next week on three indictments covering virtually every headline-making bank-card theft in recent years, including intrusions at TJX, DSW Shoe Warehouse, Office Max, Hannaford Brothers, 7-Eleven, and Heartland Payment Systems, which alone exposed magstripe data on 130 million credit and debit cards. He performed the intrusions while an informant for the Secret Service.

More here.

Malware Infects Memory Cards of 3,000 Vodafone Mobiles

Jeremy Kirk writes on ComputerWorld:

Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said today.

The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.

Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.

Vodafone said it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's Web site in the same week as the first phone, according to Panda.

It is unclear how the batch of memory cards became infected and an investigation is under way, said a spokesman for Vodafone in Spain. There are no problems with either the HTC Magic phone or its Android OS. The malware only affected phones sold in Spain.

More here.

Police Want Tighter Domain Registration Rules

Jeremy Kirk writes on Computerworld UK:

Law enforcement officials in the UK and US are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system.

Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations for the UK's Serious Organised Crime Agency (SOCA). Domain names can be used for all kinds of criminal activity, ranging from phishing to trademark abuse to facilitating botnets. Law enforcement often run into difficulty when investigating those domains, as criminals use false details and stolen credit cards.

The FBI and SOCA have submitted a set of recommendations to ICANN for how it could strengthen Registration Accreditation Agreements (RAAs). The agreement is a set of terms and conditions that a registrar, an entity that can accept domain name registrations, would be subject to in order to run their business. ICANN's RAA applies to registrars for generic top-level domains (gTLDs), such as ".com."

The ideas from the FBI and SOCA have not been publicly revealed but include stronger verification of registrants' name, address, phone number, e-mail address and stronger checks on how they pay for a domain name, Hoare said. Those financial checks are already done for e-commerce transactions, so "there's no reason why the registries and domain registrars can't do the same thing," Hoare said. Many registrars and registries already do this, he said.

More here.

Thursday, March 18, 2010

FBI Faces New Setback in Computer Overhaul

Eric Lichtblau writes in the New York Times:

The Federal Bureau of Investigation has suspended work on parts of its huge computer overhaul, dealing the agency the latest costly setback in a decade-long effort to develop a modernized information system to combat crime and terrorism.

The overhaul was supposed to be completed this fall, but now will not be done until next year at the earliest. The delay could mean at least $30 million in cost overruns on a project considered vital to national security, Congressional officials said.

F.B.I. officials said that design changes and “minor” technical problems prompted the suspension of parts of the third and fourth phases of the work, which is intended to allow agents to better navigate investigative files, search databases and communicate with one another.

The decision to suspend work on the $305 million program is particularly striking because the current contractor, Lockheed Martin, was announced to great fanfare in 2006 after the collapse of an earlier incarnation of the project with the Science Applications International Corporation.

“This is terribly frustrating,” Senator Charles E. Grassley, the Iowa Republican who has been a frequent critic of the F.B.I.’s computer systems, said in an interview Thursday. “We’ve been through this song and dance before. Wouldn’t you think after hundreds of millions of dollars being wasted that they’d finally get it right?”

More here.

Dismantling of Saudi-CIA Website Illustrates Need for Clearer Policies

Ellen Nakashima writes on The Washington Post:

By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.

"We knew we were going to be forced to shut this thing down," recalled one former civilian official, describing tense internal discussions in which military commanders argued that the site was putting Americans at risk. "CIA resented that," the former official said.

Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon's plan, several key princes were "absolutely furious" at the loss of an intelligence-gathering tool, according to another former U.S. official.

Four former senior U.S. officials, speaking on the condition of anonymity to discuss classified operations, said the creation and shutting down of the site illustrate the need for clearer policies governing cyberwar. The use of computers to gather intelligence or to disrupt the enemy presents complex questions: When is a cyberattack outside the theater of war allowed? Is taking out an extremist Web site a covert operation or a traditional military activity? Should Congress be informed?

More here.

In Passing: Fess Parker

Fess Parker
August 16, 1924 – March 18, 2010

Wednesday, March 17, 2010

Mark Fiore: Un-Gay

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

Revised Cyber Security Bill Introduced in U.S. Senate

Jaikumar Vijayan writes on ComputerWorld:

A revised version of a cybersecurity bill first proposed last year was introduced again in the U.S. Senate today, notably without a controversial provision that would have given the President authority to disconnect networks from the Internet during a national emergency.

The bill, called the Cybersecurity Act, is sponsored by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). It seeks to improve national cybersecurity preparedness by fostering a closer collaboration between the government and the private sector companies, which own a vast portion of the country's critical infrastructure.

The bill contains several provisions designed to encourage the growth of a trained and certified cybersecurity workforce, promote public awareness of cybersecurity issues and to foster and fund research leading to the development of new security technologies.

It would require agency heads to provide information on their cybersecurity workforce plans including recruitment, hiring and training details.

More here.

Hackers Attacked Colombian Vote Count

An AFP newswire article, via TechTrust Technology News, reports that:

Unidentified hackers struck the computerized system used to transmit voting data in Colombia's legislative elections, disrupting the vote count, the private contractor responsible for the system charged Wednesday.

Ivan Ribon, spokesman for Arolen, a company hired to transmit results of Sunday's voting over the Internet, told local media Wednesday that hackers struck at the moment polls closed at 2100 GMT.

"Early reviews show that there were 75,000 hits a second, which does not happen even on the busiest sites in the world," Ribon told RCN radio.

"That went on all night Sunday into Monday, which forced us ... in order to safeguard the integrity and confidentiality of the data, to downgrade service on Internet results," he explained.

Three days after the polls, final results still have not been released.

More here.

Hacker Disables More Than 100 Cars Remotely

Kevin Poulsen writes on Threat Level:

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

More here.

Tuesday, March 16, 2010

'Operation Aurora' Changing The Role Of The CISO

Kelly Jackson Higgins writes on Dark Reading:

The Operation Aurora attacks that hit Google, Adobe, Intel, and other U.S. companies was not only a wake-up call for businesses in denial about persistent targeted attacks and cyberespionage, but they also have forced the chief information security officer (CISO) to step out of the corporate confines and reach out to peers at other organizations.

Some CISOs, such as members of the Bay Area CSO Council -- whose members arguably were one of the worst-hit by Aurora -- had already been confidentially sharing various types of attack information among one another long before Aurora. Gary Terrell, president of the council and CISO at Adobe, says the CISO's job has mostly been about governance, risk, compliance, and some operational aspects. "It was sometimes associated with incident response. Now it's becoming more [associated] with incident response and will be into the future," he says, who was speaking on behalf of the council.

Terrell says the CISO's role is moving toward engagement: "In the past, the CISO had more of a technical role. Now the CISO has to understand legal and privacy issues and how to engage outside the company to gather intelligence, like with the Bay Area CSO Council," he says. "The CISO has to understand emerging markets if with an international company" and any associated threats in specific regions, he says.

More here.

Measure Would Force White House, Private Sector to Collaborate in Cyber-Crisis

Ellen Nakashima writes in The Washington Post:

Key members of Congress are pushing legislation that would require the White House to collaborate with the private sector in any response to a crisis affecting the nation's critical computer networks.

The Cybersecurity Act, drafted by Senate commerce committee Chairman John D. Rockefeller IV (D-W.Va.) and committee member Olympia J. Snowe (R-Maine), is an attempt to prod the Obama administration and Congress to be more aggressive in crafting a coordinated national strategy for dealing with cyberthreats. It is to be unveiled Wednesday.

The senators also sponsored the National Cybersecurity Advisor Act, which would create a Senate-confirmed, Cabinet-level position to lead efforts to protect the nation's computer systems, elevating the role of the cyber coordinator's job that President Obama filled late last year. That bill is pending in the Senate.

Rockefeller and Snowe are members of the intelligence committee, which might draft legislation of its own, and they are privy to classified briefings on cyberthreats.

More here.

San Francisco Lawyer Awarded $7K From e-Mail Spammer

Bob Egelko writes in The San Francisco Chronicle:

A judge has awarded a San Francisco attorney $7,000 in damages in a rare trial under California's anti-spam law - $1,000 for each unsolicited, misleading commercial e-mail he received.

Daniel Balsam, who started suing spammers even before he graduated from law school in 2008, filed suit against Trancos Inc., a Redwood City advertising company, over a series of ads that showed up in his personal e-mail in-box in 2007.

The "from" line in each e-mail named a nonexistent source - for example, "Your Promotion," "Paid Survey" or "Join Elite." At least one message had a subject line, promising recipients $5 to complete a survey, that the judge described as misleading. None of the advertising e-mails named Trancos, which sent all the messages.

The ads violated California's 2004 anti-spam law, Judge Marie Weiner of San Mateo County Superior Court said in a March 10 ruling. The law prohibits sending an uninvited commercial e-mail from California, or to a California recipient, that misrepresents either the source or the subject.

More here.

eBanking Victim? Take a Number.

Brian Krebs:

Over the past nine months, I have spent a substantial amount of time investigating and detailing the plight of dozens of small businesses that have had their bank accounts cleaned out by organized criminals. One of the most frequent questions I get from readers and from my journalist peers is, “How many of these stories are you going to tell?”

The answer is simple: As many as I can verify. The reason is just as plain: I’m finding that most small business owners have no clue about the threats they face or the liability they assume when banking online, even as the frequency and sophistication of attacks appears to be increasing.

I am now hearing from multiple companies each week that have suffered tens of thousands or hundreds of thousands of dollar losses from a single virus infection (last week I spoke with people from four different companies that had been victimized over the past two months alone). In each of these dramas, the plot line is roughly the same: Attackers planted malicious software on the victim’s PC to steal the company’s online banking credentials, and then used those credentials to siphon massive amounts of money from the targeted accounts. The twists to the stories come in how the crooks evade security technologies, how the banks react, and whether the customers are left holding the (empty) bag.

More here.

SEC: Hacker Manipulated Stock Prices

David Kravets writes on Threat Level:

U.S. regulators are moving to freeze the assets and trading accounts of a Russian accused of hacking into personal online portfolios and manipulating the price of dozens of stocks listed on the Nasdaq Stock Market and New York Stock Exchange.

A New York federal judge on Tuesday sided with the Securities and Exchange Commission and froze the assets of Broco Investments, believed to be a one-trader operation based in St. Petersburg, Russia. The SEC said Broco capitalized by artificially moving prices of more 38 thinly traded securities — enabling Broco to profit from up-or-down price swings.

“These transactions have created the appearance of legitimate trading activity and have artificially affected the prices of at least 38 issuers,” [.pdf] the Securities and Exchange Commission said in court filing.

The so-called “hack, pump and dump” scheme is among the latest illicit methods of gaming the market though hacking.

More here.

Sunday, March 14, 2010

In Passing: Peter Graves

Peter Graves
March 18, 1926 - March 14, 2010