Saturday, July 17, 2010

New Virus Targets Industrial Secrets

Robert McMillan writes on PC World:

Siemens is warning customers of a new and highly sophisticated virus that targets the computers used to manage large-scale industrial control systems used by manufacturing and utility companies.

Siemens learned about the issue on July 14, Siemens Industry spokesman Michael Krampe said in an e-mail message Friday. "The company immediately assembled a team of experts to evaluate the situation. Siemens is taking all precautions to alert its customers to the potential risks of this virus," he said.

Security experts believe the virus appears to be the kind of threat they have worried about for years -- malicious software designed to infiltrate the systems used to run factories and parts of the critical infrastructure.

Some have worried that this type of virus could be used to take control of those systems, to disrupt operations or trigger a major accident, but experts say an early analysis of the code suggests it was probably designed to steal secrets from manufacturing plants and other industrial facilities.

More here.

Friday, July 16, 2010

Feds Look for Wikileaks Founder at NYC Hacker Event

Declan McCullagh writes on C|Net News:

Federal agents appeared at a hacker conference on Friday morning looking for Julian Assange, the controversial figure who has become the public face of Wikileaks, an organizer said.

Eric Corley, publisher of 2600 Magazine and organizer of The Next HOPE conference in midtown Manhattan, said that five Homeland Security agents appeared at the conference a day before Assange was scheduled to speak.

The conference program lists Assange -- who has been at the center of a maelstrom of positive and negative publicity relating to the arrest of a U.S. serviceman and videos he may have provided the document-sharing site -- as speaking at 1 p.m. ET on Saturday.

"If he shows up, he will be questioned at length," Corley told CNET. Assange did not immediately respond to questions late Friday.

More here.

Thursday, July 15, 2010

Possible New Rootkit Has Drivers Signed by Realtek

Dennis Fisher writes on ThreatPost:

Security researchers have identified a new suspicious program that is copying itself to PCs via USB mass storage devices and is digitally signed with the certificate of Realtek Semiconductor, a major manufacturer of computer products based in Taiwan.

The program, known as Stuxnet, looks like a somewhat standard-issue piece of malware, with a couple of key exceptions. Stuxnet uses an LNK file to launch itself from infected USB drives onto PCs. LNK files are used by Windows programs as a shortcut or reference to an original file, and this is thought to be the first instance of a piece of suspected malware using a LNK file to infect machines.. Secondly, and far more worrisome, is the fact that the two drivers associated with the Trojan are digitally signed with the Realtek certificate.

"However, sometimes cybercriminals do somehow manage to get their hands on their very own code signing certificate/ signature. Recently, we’ve been seeing regular instances of this with Trojans for mobile phones. When we identify cases like this, we inform the appropriate certification authority, the certificate is revoked, and so on," Aleks Gostev of Kaspersky Lab said in a blog post on the Trojan. "However, in the case of Stuxnet, things look very fishy indeed. Because the Trojan isn’t signed with a random digital signature, but the signature of Realtek Semiconductor, one of the biggest producers of computer equipment."

More here.

Talk on Chinese Cyber Army Pulled From Black Hat

Dennis Fisher writes on ThreatPost:

A talk on China's state-sponsored offensive security efforts scheduled for the Black Hat conference later this month has been pulled from the conference after concerns were raised by some people within the Chinese and Taiwanese government about the talk's content.

The presentation was to be delivered by Wayne Huang, CTO of Armorize, an application security company with R&D operations in Taiwan. The talk was billed as an in-depth, historical look at the offensive capabilities and operations of China's so-called cyber-army. The description of the presentation on the Black Hat site promises an interesting presentation.

"Operation Aurora, GhostNet, Titan Rain. Reactions were totally different in the US and in Asia. While the US media gave huge attention, Asia find it unbelievable and interesting, that cyber warfare and government-backed commercial espionage efforts that have been well established and conduced since 2002, and have almost become a part of people's lives in Asia, caused so much "surprise" in the US. Here we'll call this organization as how they've been properly known for the past eight years as the "Cyber Army," or "Wang Jun" in Mandarin. This is a study of Cyber Army based on incidences, forensics, and investigation data since 2001. Using facts, we will reconstruct the face of Cyber Army (CA), including who they are, where they are, who they target, what they want, what they do, their funding, objectives, organization, processes, active hours, tools, and techniques."

Caleb Sima, Armorize's CTO and co-founder, said on his Twitter feed yesterday that the talk had been pulled. "I had to pull our blackhat talk. Taiwanese gov is prohibiting it due to sensitive materials. Unreal."

More here.

Wednesday, July 14, 2010

Mark Fiore: Little Green Man

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

TSA To Require Passenger Screening For U.S. Overflights


TSA's Secure Flight program intends, by the end of this year, to require passenger information for all flights over the U.S. - even commercial airline flights which cross U.S. airspace but don't land at a U.S. airport. Canada's airlines, which would be disproportionately affected by the rule, are not amused. Nor are some of its media or political parties.

The Washington Times notes that an editorial last week in the Calgary Herald included this analysis. "The American obsession with security has literally reached new heights of paranoia. The thought of the U.S. government denying boarding passes to travelers on outbound Canadian flights direct to Puerto Vallarta, Cancun, Jamaica or Havana is another example that the terrorists have won."

More here.

Alleged Spy Worked as a Software Tester at Microsoft

Jeremy Kirk writes on ComputerWorld:

The 12th person detained for allegedly spying for Russia worked as an entry-level software tester at Microsoft for nine months, the company confirmed Wednesday.

Alexey Karetnikov was deported to Russia on Tuesday after he admitted to an immigration judge to being in the U.S. illegally, according to a report in the Washington Post, citing anonymous federal law enforcement officials.

Microsoft then issued a short statement confirming the status of Karetnikov's employment.

One law enforcement official told the Post there was insufficient evidence to charge Karetnikov with a crime. The Russian had "just set up shop" and was in the early stages of his mission.

More here.

Tuesday, July 13, 2010

Former NSA Executive May Pay High Price For Media Leak

Ellen Nakashima writes in The Washington Post:

For seven years, Thomas A. Drake was a senior executive at the nation's largest intelligence organization with an ambition to change its insular culture. He had access to classified programs that purported to help the National Security Agency tackle its toughest challenges: exploiting the digital data revolution and countering terrorism.

Today, he wears a blue T-shirt and answers questions about iPhones at an Apple store in the Washington area. He is awaiting trial in a criminal media leak case that could send him to prison for 35 years. In his years at the NSA, Drake grew disillusioned, then indignant, about what he saw as waste, mismanagement and a willingness to compromise Americans' privacy without enhancing security.

He first tried the sanctioned methods -- going to his superiors, inspectors general, Congress. Finally, in frustration, he turned to the "nuclear option": leaking to the media.

Drake, 53, may pay a high price for going nuclear. In April he was indicted, accused of mishandling classified information and obstructing justice. His supporters consider him a patriotic whistleblower targeted by an Obama administration bent on sealing leaks and on having something to show for an investigation that spans two presidencies. Many in the intelligence community, by contrast, view Drake as the overzealous one, an official who disregarded his oath to protect classified information so he could punish the agency for scrapping a program he favored.

It's classic Washington: disgruntled officials sharing inside information with a reporter and an administration seeking to rein that practice in. Drake's attorney maintains he broke no laws.

More here.

In Passing: George Steinbrenner

George Steinbrenner
July 4, 1930 – July 13, 2010