Saturday, July 10, 2010

Trusted IDs Face Fearful Response


The level of fear, uncertainty and doubt (FUD) that has always been a factor in online business has taken a turn for the worse — courtesy of the federal government, no less.

In late June, the Obama administration released a draft strategy for creating a system aimed at protecting individuals against identity theft, Internet scams and other malicious activity, whether someone is buying a book or downloading an electronic health record.

The gist of the proposal is simple: Develop a process for providing individuals with secure personal identifiers, such as digital certificates or smart cards, which they can use when conducting online transactions.

More here.

Friday, July 09, 2010

Ukrainian Brought to NYC to Face Cybercrime Charge

Via The Sydney Morning Herald.

A Ukrainian man has been brought to New York to face charges of selling stolen credit-card numbers as part of an international cybercrime ring.

Egor Shevelev is being held without bond after pleading not guilty Friday to enterprise corruption and other charges. The 24-year-old from Kiev was arrested while vacationing in Greece in 2008. He was extradited to New York last week.

Manhattan prosecutors say he amassed 75,000 stolen credit-card numbers. They say his customers used the information to steal money and identities.

His lawyer's name wasn't immediately available Friday evening.

Prosecutors say Shevelev was linked to an identity theft and fraud group centered on New York-based Western Express Inc.

Company President Vadim Vassilenko has pleaded not guilty.


Thursday, July 08, 2010

Microsoft Opens Source Code to Russian Secret Service

Tom Espiner writes on ZDNet UK:

Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state.

The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre 'Atlas', a government body controlled by the Ministry of Communications and Press, according to Vedomosti.

Microsoft Russia president Nikolai Pryanishnikov told Vedomosti that employees of Atlas and the FSB will be able to share conclusions about Microsoft products.

The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti.

More here.

SCADA Watch: Official Calls Securing Critical Infrastructure Against Cyber Attack Impractical

Jill R. Aitoro writes on

Securing the nation's power grid and other computer systems that operate the nation's critical infrastructure against cyberattack is unrealistic, because companies cannot afford to check if suppliers have provided trustworthy products, said an intelligence official from the Energy Department on Thursday.

"If you give me influence or control of your hardware or software supply chain, I control your systems," said Bruce Held, director of intelligence and counterintelligence with Energy. "We're going to have to develop strategies [for managing the supply chain] that are consistent with [the assets] that we're trying to protect."

Systems that pose a national threat if compromised, including military command-and-control systems and networks managing weapons, must be built using equipment from trusted companies. The hardware and software must be checked for security vulnerabilities and possible malicious code that could cause problems, Held said. To vet the products would cost more than what private sector organizations likely can afford, he added.

"Cost considerations are going to make a security strategy impractical" for computer systems that are critically important but owned and operated by the private sector, including those that support the power grid, and the transportation and financial sectors, and other industries that make up the nation's critical infrastructure, Held said.

More here.

Boeing Acquires Narus


On July 7, the same day that GSN published a guest column on its Web site by Greg Oslan, CEO and President of Narus, The Boeing Company announced it had reached an agreement to purchase Narus. The terms were not disclosed.

Boeing unveiled a plan to acquire Narus, a leading provider of real-time network traffic and analytics software used to protect against cyber-attacks and persistent threats aimed at large Internet Protocol (IP) networks.

The acquisition follows a successful partnership between the two companies and advances Boeing’s strategy to offer world-class, scalable, state-of-the-art cyber-security solutions.

Narus, which employs 150 people globally, is headquartered in Sunnyvale, CA, and has a strong presence in Bangalore, India.

More here.

Sew 'Cyberwar' Rhetoric, Reap The NSA's 'Big Brother'

Sean Lawson writes on the "Firewall" Blog:

Today we learned from the Wall Street Journal that the National Security Agency, with the help of defense contractor Raytheon, has been developing a system dubbed 'Perfect Citizen' and designed "to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants."

Disturbingly, a Raytheon email obtained by The Wall Street Journal "stated flatly that "Perfect Citizen is Big Brother." Such comments no doubt contribute to "Some industry and government officials familiar with the program see[ing] Perfect Citizen as an intrusion by the NSA into domestic affairs."

Revelations about the NSA's Perfect Citizen/Big Brother system come on the heals of an early version of the Cybersecurity Act of 2009 that would have given the President emergency powers over the Internet.

While a so-called Internet "kill switch" for the President was removed from that bill, it has found it's way back into the more recent Protecting Cyberspace as a National Asset Act. In response to concerns about the "kill switch," chief sponsor of the bill, Senator Joseph Lieberman, suggested to CNN's Candy Crowley that the U.S. should follow China's lead and develop the ability to "disconnect parts of its Internet in a case of war."

More here.

NSA Program Sparks Big Brother Fears

Amber Corrin writes on

The National Security Agency's (NSA) new program to shield the networks of privately owned utilities and other critical infrastructure companies has caused some people to fear it's a step toward a surveillance state or a government power grab.

Named "Perfect Citizen," the plan is designed to detect cyber assaults that could potentially threaten critical infrastructure, which includes the electric grid, power companies, nuclear power plants, transportation, health care facilities and other necessities of modern life, according to a report in the Wall Street Journal (WSJ). It would also deal with the networks of defense contractors and companies such as Google, which asked NSA for help after a major cyberattack last year.

The government would deploy sensors on the privately owned networks to identify unusual activity that could signal a potential intrusion or threat, but would not necessarily continuously monitor the networks.

According to the report, Raytheon has received a $100 million classified contract to start work on the program. No comment was available from either the NSA or Raytheon.

More here.

Monday, July 05, 2010

Prosecutor: Hackers Harassed FBI Tipster With Threats, Sex Toys

Scott Gordon writes on NBC Dallas/Ft. Worth:

Members of a shadowy group of computer hackers, including one in prison, tried to obstruct an FBI investigation and harassed a government tipster with emailed threats, attacks online, and even sex toys sent to his home address, according to a court document.

The allegations were included in a search warrant, authorizing agents to search the houses and seize computer equipment of four suspected members of a group known as the Electronik Tribulation Army.

The searches were conducted late last month in Texas, Ohio, Kansas and California.

ETA’s former leader, Jesse William McGraw, of Arlington, pleaded guilty in May in a high-tech scheme to manipulate the air conditioning system of the Dallas medical clinic where he worked as a security guard.

More here.

Security Expert Pulls Presentation After Legal Threats

Lucian Constantin writes on Softpedia News:

Raoul Chiesa, a renowned European security expert, was forced to cancel his presentation at the Hack in the Box (HITB) Security Conference after legal threats from ATM vendors. His was supposed to present the results of years of research into the underground economy.

Mr. Raoul Chiesa is an Italian white hat hacker, who works with with several international crime fighting organizations. The researcher is a permanent stakeholder at the European Network & Information Security Agency (ENISA) and a senior advisor with the Global Crimes Unit of the United Nations Interregional Crime & Justice Research Institute (UNICRI).

Mr. Chiesa was scheduled to give a presentation entitled "The Underground Economy," which is based on research done by UNICRI in the past several years. Some of the research has already served as basis for ENISA report called "ATM Crime: Overview of the European situation and golden rules on how to avoid it" that was released in September 2009. According to this report ATM crimes in the European Union increased in frequency by 149 percent and resulted in losses over 485 million euros in 2008.

According to Byte Mods, Chiesa's talk was canceled at the last minute and replaced by Job de Haas' presentation called "Side Channel Analysis on Embedded Systems." The cited reason were legal threats and pressure from ATM vendors, because his presentation included info on how cybercrooks exploited vulnerabilities in ATMs.

More here.

Note: Raoul is a close personal friend of mine -- I can understand his frustration on this issue. - ferg

Sunday, July 04, 2010

Happy 234th Birthday, America

Happy Independence Day, America.