Friday, June 25, 2010

Pentagon Spies Build New Database on Foreign and Domestic Threats

Mark Hosenball writes on

The Pentagon’s main spy outfit, the Defense Intelligence Agency, is building a new database which will consolidate in one system “human intelligence” information on groups and individuals—potentially including Americans—collected by DIA operatives in United States and abroad.

A notice published earlier this week in the government’s regulatory bulletin, the Federal Register, says the manager of the system will be a little-known DIA unit called the Defense Counterintelligence and Human Intelligence Center (DCHC).

Records held in the database, the notice says, could include information on “individuals involved in, or of interest to, DoD intelligence, counterintelligence, counterterrorism, and counternarcotic operations or analytical projects as well as individuals involved in foreign intelligence and/or training activities.” Among the data to be stored: “information such as name, Social Security Number (SSN), address, citizenship documentation, biometric data, passport number, vehicle identification number and vehicle/vessel license data.” Actual intelligence reports from the field and analytical material which would help “identify or counter foreign intelligence and terrorist threats to the DoD and the United States” will also be included.

“That’s potentially a lot of information,” Donald Black, chief spokesman for DIA, acknowledged in an interview with Declassified. But he said that material entered into the new database would be carefully reviewed—as regularly as every 90 days—to ensure that out-of-date, discredited, or irrelevant data on individuals would be destroyed if there was no longer a good reason to keep it.

More here.

ATM Security Flaws Could be a Jackpot for Hackers

Jom Finkle writes for Reuters:

Barnaby Jack, head of research at Seattle-based, security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference in Las Vegas that starts on July 28.

"ATMs are not as secure as we would like them to be," Jeff Moss, founder of the Black Hat conference and a member of President Obama's Homeland Security Advisory Council said. "Barnaby has a number of different attacks that make all the money come out."

Jack declined to discuss his techniques before the conference. The world's biggest ATM manufacturers include Diebold Inc and NCR Corp. Officials with those companies could not be reached for comment.

Banks may cringe when he speaks, fearing would-be crooks will adopt his methods. But Moss said that going public will raise awareness of the problem among ATM operators and prompt them to tighten security.

More here.


Thursday, June 24, 2010

700-Plus Credit Cards Stolen from Hotel Chain

Scott Mayerowitz writes on ABC News:

Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests' credit card information, Texas police officials told ABC News today.

Destination Hotels & Resorts had its computer system hacked and the credit card data of more than 700 guests across the country was stolen, according to Austin, Texas, police. The Englewood, Colo., company manages more than 30 upscale hotels, resorts and conference centers in places such as Washington, D.C., Denver, San Diego, Santa Fe, Aspen, Colo., Los Angeles, Palm Springs, Calif., Houston and Lake Tahoe.

In Austin, more than three dozen guests and diners at the posh Driskill Hotel had their data stolen after spending a night there or eating at the hotel's two restaurants.

The police said the security hole has been fixed but that the unknown criminals had access to the data for months.

More here.

U.S. Senators Seek to Defuse Criticism of Cybersecurity Bill

A CongressDaily article by Chris Strohm, via, reports:

Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., and ranking member Susan Collins, R-Maine, plan to fight back Thursday against criticism that their sweeping cybersecurity bill goes too far in allowing the government to shut down Internet services during emergencies.

The bill, which their committee plans to mark up Thursday, has come under fire in the blogosphere and from some privacy-rights advocates because it would give the president authority to declare a national cybersecurity emergency and take critical information technology systems offline in dire situations when no other option is available.

Under the bill, the emergency declaration could last for 30 days and then be renewed.

But Lieberman and Collins, along with Sen. Tom Carper, D-Del., another principal sponsor of the measure, plan to introduce a manager's amendment Thursday that would require a congressional resolution of approval if the president wants to impose emergency measures longer than 120 days.

The senators also issued a document Wednesday to counter what they said are myths being spread about their bill.

More here.

Wednesday, June 23, 2010

Mark Fiore: Lifestyles of The Rich & Fossil Fueled

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

Tuesday, June 22, 2010

Domain Registrars Push Back on Law Enforcement Changes

Kieren McCarthy writes on The Register:

The companies that sell domain names have pushed back on proposals made by law enforcement yesterday to change their contracts to make cybercrime more difficult.

Calling the proposals “policy by the back door”, the registrars complained to members of ICANN’s Board in Brussels that the Registrar Accreditation Agreement (RAA) should only be changed through the organization’s official policy-development process. And they asked for the Board’s help in making sure they weren’t used as the fall-guys for online crime.

In a main session yesterday at the ICANN meeting in Brussels, the international police, including the UK’s Serious Organised Crime Agency, argued for changes to the contract that defines what registrars are obliged to do, in an effort to make sure there were “mandatory minimum standards” in the registration of domain names.

But the registrars themselves feel that publicizing changes to their main contract without going through the proper processes put them into a defensive position and made their business environment difficult.

More here.

Cyber Cops Want Stronger Domain Rules

Kevin Murphy writes on The Register:

International police have called for stricter rules on domain name registration, to help them track down online crooks, warning the industry that if it does not self-regulate, governments could legislate.

The changes, which are still under discussion, would place more onerous requirements on ICANN-accredited domain name registrars, and would likely lead to an increase in the price of domains.

Here in Brussels at the 38th public meeting of ICANN, police from four agencies said that registrars need to crack down on criminals registering domains with phoney contact info.

Law enforcement has long argued that weaknesses in the domain name industry allow criminals such as fraudsters and child abusers to remain anonymous and evade the law.

More here.

Australia: Inquiry Calls for 'Cyber Czar', Compulsory Anti-Virus

Liz Tay writes on

A parliamentary inquiry into cybercrime has recommended the Government appoint a Cyber Security Coordinator to lead whole-of-Government activities.

In a report presented to the Federal House of Representatives yesterday, the Standing Committee on Communications highlighted a need to consolidate Australian security efforts.

The Committee called for the establishment of an 'Office of Online Security', which would be located in the Department of Prime Minister and Cabinet and headed by the Cyber Security Coordinator.

Working with State and Territory governments, regulators, departments, industry and consumers, the Office would be tasked with bringing together the current "plethora" of Government organisations responsible for tackling cyber crime.

The Committee considered advice from Microsoft and the Australian Communications Consumer Action Network (ACCAN) in its Recommendation 3, which called for a Cyber Security Coordinator.

More here.

Monday, June 21, 2010

Domain Registrars Accused Of Supporting Online Criminals

Thomas Claburn writes on InformationWeek:

Even as ICANN CEO Rod Beckstrom on Monday called for greater international cooperation to secure the Internet's Domain Name System, a report issued by an independent security research group claims that ICANN-accredited Internet Registrars are violating their contracts with ICANN to support online criminals.

The Internet Corporation for Assigned Numbers and Names accredits Internet Registrars under specific contractual terms. Accredited Registrars in turn may sell domain names to companies and individuals.

The report [.pdf] published on Monday by KnujOn, which identifies itself as an independent Internet policy and security research group located in Boston and Vermont, claims that 162 of Internet Registrars may be violating their agreements with ICANN and that 80 of them are blocking access to WHOIS data about their customers.

The report singles out eNom, one of the largest sellers of Web addresses, for knowingly facilitating traffic in illegal pharmaceuticals online.

More here.