Saturday, April 03, 2010

'Cyber Attack' Aimed At Texas Electricity Provider

Robert Arnold writes on

Local 2 Investigates has uncovered details about a so-called "cyber attack" on one of Texas' largest electricity providers, Local 2 reported.

A confidential e-mail obtained by Local 2 explains a "single IP address in China" tried 4,800 times to log in to the Lower Colorado River Authority's computer system.

In the e-mail the Electricity Reliability Council of Texas reports all login attempts failed and went on to term the incident a "suspected sabotage event." The e-mail explained the FBI had been notified.

According to its Web site the LCRA provides electricity to more than a million Texans in rural cities and towns. When contacted by Local 2, officials with the LCRA would "neither confirm, nor deny" the incident or the contents of the e-mail.

Officials with the FBI's Houston office also declined to comment.

When Local 2 contacted ERCOT we were referred to the North American Electricity Corp., which sets and oversees reliability standards, including cyber security, for the nation's electricity providers.

A spokesperson for NERC has yet to respond to our request for a comment, citing the holiday weekend.

More here.

Friday, April 02, 2010

Web Site of China-Based Journalist Club Attacked

An AP newswire article, via, reports:

An organization for foreign journalists based in China has become the latest victim of cyberattacks targeting the Web sites or e-mail accounts of human rights groups and reporters focused on China.

Cyberattacks linked to China have gained more attention since Google Inc. accused Chinese hackers in January of trying to plunder its software coding and of hijacking the Gmail accounts of human rights activists protesting Beijing's policies.

The Foreign Correspondents' Club of China said in an e-mailed statement Friday that its Web site was taken down because of denial-of-service attacks apparently launched over the last two days by computers within China and in the United States.

"We do not know who is behind these attacks or what their motivation is," the statement said.

Denial-of-service attacks involve a flood of computers all trying to connect to a single site at the same time, overwhelming the server that handles the traffic.

More here.

In Passing: John Forsythe

John Forsythe
January 29, 1918 – April 1, 2010

Thursday, April 01, 2010

Personal Traits Will Be Used To Screen U.S.-Bound Air Passengers

David S. Cloud writes in The Los Angeles Times:

The Obama administration will announce Friday a new screening system for flights to the United States under which passengers who fit an intelligence profile of potential terrorists will be searched before boarding their planes, a senior administration official said.

The procedures, which have been approved by President Obama, are aimed at preventing another attack like the one attempted by Umar Farouk Abdulmutallab, the Nigerian suspected of ties to Al Qaeda who allegedly tried to blow up an airliner Christmas Day with a bomb hidden in his underwear, the official said.

After that attempt, the administration began mandatory screening of airline passengers from 14 high-risk countries, including Pakistan, Saudi Arabia and Nigeria.

Under the new system, passengers on flights from all countries could be subject to special screening before boarding if they have personal characteristics that match the latest intelligence information about potential attackers, the official said.

U.S. officials would not describe all the categories of information that would be included under the new procedures.

More here.

DHS Studying Global Response to Conficker Botnet

Robert McMillan writes on ComputerWorld:

One year after the Conficker botnet was front-page news around the world, the U.S. Department of Homeland Security is preparing a report looking at the worldwide effort to keep it in check.

The report, to be published within the month, shows how an ad hoc group of security researchers and Internet infrastructure providers banded together into an organization they called the Conficker Working Group. Its goal was to address what was at the time the world's most serious cyberthreat.

"We said, 'This was a very good example of the private sector, globally, working together to try to solve a cybersecurity attack, so let's fund the creation of a lessons-learned report to just document what worked, what didn't work,'" said Douglas Maughan, a program manager with the Department of Homeland Security's Science & Technology Directorate.

The report could provide a template for future cyber-responses, security experts say.

More here.

Wednesday, March 31, 2010

Mark Fiore: NarcoMex, Inc.

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Spam Site Registrations Flee China for Russia

Brian Krebs:

A crackdown by the Chinese government on anonymous domain name registrations has chased spammers from Chinese registrars (.cn) to those that handle the registration of Russian (.ru) Web site names, new spam figures suggest. Yet, those spammy domains may soon migrate to yet another country, as Russia is set to enforce a policy similar to China’s beginning April 1.

In mid-December 2009, the China Internet Network Information Center (CNNIC) announced that it was instituting steps to make it much harder to register a Web site anonymously in China, by barring individuals from registering domains ending in .cn. Under the new policy, those who want to register a new .cn domain name need to hand in written application forms, complete with a business license and an identity card.

Chinese authorities called the move a crackdown on phishing and pornographic Web sites, but human rights and privacy groups marked it as yet another effort by Chinese leaders to maintain tight control over their corner of the Internet. Nevertheless, the policy clearly caught the attention of the world’s most profligate spammers, who spam experts say could always count on Chinese registrars as a cheap and reliable place to buy domains for Web sites that would later be advertised in junk e-mail.

According to data obtained from two anti-spam experts, new registrations for sites advertised in spam began migrating from .cn to .ru just a few weeks after the Chinese domain policy took effect.

More here.

Court Says Bush Illegally Wiretapped Two Americans

David Kravets writes on Threat Level:

A federal judge on Wednesday said the George W. Bush administration illegally eavesdropped on the telephone conversations of two American lawyers who represented a now-defunct Saudi charity.

The lawyers alleged some of their 2004 telephone conversations to Saudi Arabia were siphoned to the National Security Agency without warrants. The allegations were initially based on a classified document the government accidentally mailed to the former Al-Haramain Islamic Foundation lawyers. The document was later declared a state secret and removed from the long-running lawsuit weighing whether a sitting U.S. president may create a spying program to eavesdrop on Americans’ electronic communications without warrants

“Plaintiffs must, and have, put forward enough evidence to establish a prima facie case that they were subjected to warrantless electronic surveillance,” U.S. District Judge Vaughn Walker ruled, in a landmark decision. Even without the classified document, the judge said he believed the lawyers “were subjected to unlawful electronic surveillance” (.pdf) in violation of the Foreign Intelligence Surveillance Act, which requires warrants in terror investigations.

It’s the first ruling addressing how Bush’s once-secret spy program was carried out against American citizens.

More here.

Tuesday, March 30, 2010

Report: Fighting Identity Theft Not A Priority

Terry Frieden writes on

Ten million Americans a year are victims of identity theft. It's a growing problem in the United States, but fighting it doesn't appear to be a priority, a new report says.

A report by the Justice Department Inspector General released Tuesday cites the wide-ranging costs and dangers of ID theft. Although the report has no new numbers, the financial losses are believed to be substantially higher than the $15.6 billion documented in 2005.

Inspector General Glenn Fine found the effort to combat the problem, however, has lagged since the President's Task Force on ID Theft was established in 2007.

"We found that to some degree identity theft initiatives have faded as priorities," said Fine. He said the Justice Department has not developed a coordinated plan to combat ID theft and that some recommendations of the President's Task Force have not been addressed. No one has been appointed to oversee the efforts, the report says.

More here.

Monday, March 29, 2010

Ukrainian Hacker Liable in SEC Insider Trading Case

Dan Margolies writes for Reuters:

A Ukrainian national who traded on insider information he obtained by hacking into a secure computer network was ordered by a U.S. judge to forfeit $580,000 in profits, interest and civil penalties, U.S. securities regulators said on Monday.

The U.S. Securities and Exchange Commission had accused Oleksandr Dorozhko of gaining access to material nonpublic information about IMS Health Inc's third-quarter 2007 earnings by infiltrating the computer network of Thomson Financial. IMS had planned to announce negative earnings after the market closed that day.

Minutes after the hack and just before IMS's earnings release, Dorozhko purchased 630 put options on IMS's common stock, the SEC said in a statement.

After IMS's stock dropped a record 28 percent the next day, Dorozhko sold the put options and pocketed $287,346, the SEC said.

More here.

TJX Accomplice Sentenced to 7 Years in Prison

Kim Zetter writes on Threat Level:

A hacker who helped TJX hacker Albert Gonzalez and others gain access to corporate networks was sentenced to 7 years and one day on Monday .

Christopher Scott, 27, pleaded guilty to breaching the wireless access points of several retailers between 2003 and 2007 to siphon credit and debit card numbers, which he then passed to Gonzalez. Prosecutors say that together the men pilfered nearly 20 million credit and debit cards, which retailers say led to $200 million in losses from fraud.

They used the cards to obtain cash advances from ATMs or sold the account information to other carders, who encoded the data to blank and counterfeit bank cards for fraudulent use. Scott’s take from the crimes was at least $400,000, according to prosecutors. He was paid in cash and with pre-paid bank cards and used the money to rent limos and partied with up to 10 women at a time, prosecutors say, and later bought a car, jewelry and $400,000 house.

The government is seeking forfeiture of $400,000, nine computers and an array of other electronic goods from Scott. Restitution will be determined at a future hearing.

More here.