Saturday, September 25, 2010

Proposed Secure Network for Critical Infrastructure Draws Fire

Henry Kenyon writes on

The leader of the U.S. Cyber Command wants to develop a secure computer network to defend civilian government agencies and critical civilian infrastructure and industries.

Gen. Keith Alexander, who has dual responsibilities as commander of the Cyber Command and director of the National Security Agency, testified Sept. 23 before the House Armed Services Committee about the new command’s role in defending federal and commercial networks. He suggested the creation of a restricted network that would allow the government to provide greater protection to vital online operations and critical infrastructure — such as financial networks, commercial aviation systems and the national power grid — from Internet-based attacks.

The New York Times reported that the proposed network, which Alexander referred to as “a secure zone, a protected zone,” would provide essential civilian government and commercial networks with protection similar to secret military and diplomatic communications networks. However, he did not say where the boundaries between this new secure network and the Internet would be or how appropriate user access would be granted. He added that the White House is working on a policy review to determine the best approach and whether it will require Congress to grant new powers.

But Alexander's proposal skimps on specifics, said Martin Libicki, a senior management scientist at Rand Corp.

More here.

Friday, September 24, 2010

Nine Years After 9/11, Intelligence Sharing Is Still Hobbled

Mark Hosenball writes on

More than nine years after 9/11, America’s intelligence-sharing system continues to be impeded by legal and technical difficulties. As a result, important intelligence reports may be slow to reach those officials who could to take action on them. One such problem surfaced in Congress earlier this week: a glitch in the wording of the Freedom of Information Act.

The trouble is that when frontline agencies like the CIA and National Security Agency transfer “operational” files to the national intelligence director’s office—or to the National Counterterrorism Center (NCTC), a branch of the intelligence czar’s office created to ensure greater sharing of intelligence on terror threats—those files are more vulnerable to FOIA disclosure than they were before they left the originating agency.

More here.

FBI Targets Anti-War Protesters as Part of Terrorism Probe


Political and anti-war activists in the Midwest said they were the target Friday of searches the FBI called part of an investigation into the "material support of terrorism."

Warrants led to the search of five residences and one office in Minneapolis, Minnesota, said FBI spokesman Steve Warfield, who said there were no arrests. Two other searches were conducted in Chicago, Illinois.

Activist Tom Burke in Chicago said he and others in Minnesota, Illinois and Michigan were served subpoenas to testify before a grand jury. He also said computer hard drives were taken from locations in both cities, as well as a cell phone in Minneapolis.

Warfield would not comment on that statement or provide details of the searches.

He also would not discuss the investigation, other than indicating it is the work of a joint task force on terrorism.

More here.

Cyber Fraud Ring Dismantled in Ukraine

Lucian Constantin writes on Softpedia Security News:

A group of five hackers were arrested by Ukrainian authorities this month under suspicion of stealing millions from the bank accounts of foreign companies.

The cyberfraud ring was operating out of Odessa, a city in Southern Ukraine, and according to the investigators its members were raking up between 300 and 500 thousand dollars per month.

The hackers allegedly used malware to obtain unauthorized access to the bank accounts of foreign companies, organizations or institutions and siphon cash out.

The arrests were the result of a joint operation between the Ukrainian police, the Anti-Corruption Bureau of the General Directorate of Combating Organized Crime and the Ministry of Internal Affairs (MIA).

HostExploit reports that local authorities believe the group might be responsible for stealing $1 million from the accounts of Sony Europe alone.

When raiding the hackers' hideout, the police seized servers, computers, printers, stamps, forms, credit cards, fake documents, fake passports and 350 thousand dollars.

More here.

Debate Heats Up Over Police Access to Data in The Cloud

Aliya Sternstein writes on

Law enforcement officials told Congress on Thursday that restricting data in the cloud from surveillance would jeopardize public safety.

Authorities "must have reasonably expeditious access to stored information that may constitute evidence of a crime committed, or about to be committed, regardless of the technology platform on which it resides or is transferred," said Kurt F. Schmid, executive director of the Chicago High-Intensity Drug Trafficking Area, which is part of the Office of National Drug Control Policy. "Without these constitutionally tested authorities, the safety of the public is put at significant risk." Schmid testified at a hearing of the House Constitution, Civil Rights and Civil Liberties Subcommittee.

His warning comes at a time when the House and Senate are considering updating the 1986 Electronic Communications Privacy Act, which extends wiretapping restrictions to electronic communications such as e-mails. The current law protects communications from interception by law enforcement only when they are stored on computers, not when they are stored on the Internet.

Lawmakers argue the rise of Web mail and other cloud computing services -- applications third-parties provide to users online and on-demand -- has created uncertainty and confusion among law enforcement, the business community and U.S. consumers about the privacy of Web-based transactions. Justice Department officials contend that before the advent of the cloud, the law helped authorities find drug traffickers, child predators, terrorists and other criminals. Privacy advocates say it now fails to adequately protect huge amounts of personal information.

More here.

Man Gets 10 Years for VoIP Hacking

Robert McMillan writes on ComputerWorld:

A Venezuelan man was sentenced to 10 years in prison Friday for stealing and then reselling more than 10 million minutes of Internet phone service.

Edwin Pena, 27, was convicted in February of masterminding a scheme to hack into more than 15 telecommunications companies and then reroute calls to their networks at no charge. He must also pay more than $1 million in restitution, and will be deported once his sentence is served.

Pena was sentenced by Judge Susan Wigenton in U.S. District Court for the District of New Jersey on computer hacking and wire fraud charges.

The scam cost his victims, including VoIP sellers Net2Phone, NovaTel and Go2Tel, more than $1.4 million in losses.

More here.

Thursday, September 23, 2010

Software Vulnerabilities Reaching 'Unacceptable' Levels

Shaun Nichols writes on

Developers are failing to meet industry security standards when creating new software, according to testing firm Veracode.

Data collected on 2,900 applications by the company's security verification service suggests that more than half of tested applications contain " unacceptable" levels of vulnerabilities.

Financial sector applications had the lowest vulnerability levels, and mission-critical applications in general were found to be less vulnerable.

Web-based applications were found to be particularly vulnerable, however. More than 80 per cent of submitted web applications contained errors listed in the Open Web Application Security Project's Top 10 risk list.

Sam King, vice president of product marketing at Veracode, told that the high number of vulnerabilities in web applications could be down to the skill of the developer and heightened interest in testing web applications.

More here.

Here We Go Again: Proposed Bill Would Give President Emergency Cyber-Superpowers

Via Government Technology.

The bad guys who troll America’s digital infrastructure looking for networks to attack may have some problems coming their way if a proposed bill circulating through Capitol Hill goes through. The legislation would give the president the power to declare a national cyber-emergency if a huge network attack happened.

Reuters reported Tuesday, Sept. 21, that the presidential declaration, in case of an imminent threat to critical things like the electrical grid or water supply, could require companies to shut down temporarily or take certain steps, like enhancing their cyber-defenses. The declaration would last for 30 days, though the president could renew it, it couldn’t go longer than 90 days without congressional action.

The legislation in its current form merges two other cyber-security bills that came before. A spokesperson for Senate Majority Leader Harry Reid said backers in Congress hope to pass it before year’s end.

Some companies worry the bill would give the government too much power over their businesses, since it could give the public sector power to designate whether a company’s — or industry’s — technology operations would be shut down or altered, or just certain portions. Private-sector opposition could make it difficult for the bill to get through Congress before the year is over.


Google Warning Gmail users on China Spying Attempts

Paul Roberts writes on ThreatPost:

Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply random attacks. Victims include one leading privacy activist.

Warnings appeared when users logged onto Gmail, encountering a red banner reading "Your account was recently accessed from China," and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn't seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government's censorship of its citizens.

A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March when it introduced features to identify suspicious account activity.

Alexander Hanff of Privacy International in the UK said he saw the warning when he accessed a GMAIL account Thursday morning. Hanff set up the personal account, which he created in 2005 when he operated the Torrent Web site DVDR-Core, an early target of the Motion Picture Association of America in its battle to stop copyright piracy. Hanff said he immediately changed the password, at Google's suggestion, and said the attempts to access his account from China were recent - occurring within the past couple months.

He only rarely accesses the account and does not use it for e-mail related to his work for Privacy International. Still, he said the account is easily discoverable online for those looking to contact him via e-mail, which might have made it a target.

More here.

The Great Firewall of... America?

Milton Mueller writes on The Internet Governance Project Blog:

Frustrated with the contradiction between the limits of jurisdictional authority and the Internet’s globalized access to information, more and more governments are instituting measures to block access to web sites which are deemed illegal in their territory but are located outside their jurisdiction. A bill introduced in the U.S. Senate on Monday would start to put into place an infrastructure for maintaining a black list of censored domain names. The purpose is not political censorship but blocking in the name of copyright and brand protection. The proposed bill is called the Combating Online Infringement and Counterfeits Act (COICA). It’s a radical change in internet policy masquerading as a strengthening of copyright enforcement

Keep in mind those words “block access... in their territory.” In debating this issue, we must never lose sight of the fact that COICA and similar measures are not designed to identify and catch the perpetrators of crimes or even, primarily, to take down the illegal web site or content. No, they are designed to prevent ordinary users of the internet from being able to connect to or transact with the infringing sites. In other words, they substitute regulation of the general public’s internet access for prosecution of crimes committed by specific people in specific locations.

That’s why it is not unfair to call it “censorship” – it manages and restricts what all of us can see instead of pursuing and catching the law-breakers. This trade off is becoming increasingly common around the world, and it is a huge mistake. The effect is to re-territorialize communications access; as such it strikes serious blows against the great social, economic and political advances created by the globalization of communications access and the ability to “innovate without permission” that went along with it. If the Internet as a global system sustains collateral damage, well, the copyright interests don’t care, and as long as that powerful lobby is satisfied, neither do the legislators. The process of carving up the Net into 200 separate fiefdoms is well underway, and now, alas, the U.S. is joining in on it.

More here.

Wednesday, September 22, 2010

Mark Fiore: Cashocracy

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Tuesday, September 21, 2010

Cyberwar Risk Poses Specter Of Cyberwar Crimes

Tom Gjelten writes on

It may come as a surprise to some war victims, but there actually is a body of international law that establishes when and how nations can legally engage in armed conflict.

Various treaties — the United Nations Charter, and the Hague and Geneva conventions — distinguish between victims and aggressors, and put forward combat guidelines that, when honored, provide some protection to civilians. Professional militaries train with the rules of war in mind, recognizing that abiding by them works to their benefit as much as to the enemy's.

It is no surprise, then, that many legal experts, diplomats and military commanders around the world are now debating how to extend the law of war to cyberspace. The emergence of electronic and cyberwar-fighting capabilities is the most important military development in decades, but it is not yet clear how existing treaties and conventions might apply in this new domain of conflict.

We don't know when or if a cyberattack rises to the level of an 'armed attack.'

Uncertainty about the legal and ethical limits of state behavior in cyberspace could have disastrous consequences.

More here.

Sunday, September 19, 2010

eNom to Begin Screening Bogus Drug Sales

Joe Menn writes in The Financial Times:

In a victory for the fight against criminal networks distributing counterfeit and adulterated drugs over the internet, the world’s second-biggest seller of website addresses is to begin screening customers for unapproved drug sales.

Under pressure from security professionals, the internet governance group ICANN and the White House, the domain-name seller eNom last week quietly retained LegitScript, a company that vets internet pharmaceutical concerns to make sure they are licensed to do business in the US.

While GoDaddy, the world’s biggest seller of domain names, and other registrars have knocked thousands of rogue pharmacies offline, until now eNom, owned by Demand Media of Santa Monica, had refused to act without a court order or law-enforcement directive.

The changed approach was disclosed in an amended securities filing for Demand Media’s planned initial public stock offering. The filing says LegitScript will assist eNom “in identifying customers who are violating our terms of service by operating online pharmacies in violation of US state or federal law”.

eNom came under fire in June, when security research concern KnujOn accused it of handling registrations for 4,000 bogus pharmacies.

More here.

Interpol Chief Has Facebook Identity Stolen

John E. Dunn writes on

He’s one of the most powerful people in world policing, but on Facebook Interpol chief Ronald K. Noble is just as vulnerable to identity theft as anyone else.

At last week’s inaugural Interpol Information Security Conference in Hong Kong, secretary general Noble revealed that criminals had set up two accounts impersonating him on the networking site during this summer’s high-profile global dragnet, ‘Operation Infra-Red’.

The fraud was discovered only recently by Interpol’s Security Incident Response Team.

“One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra-Red," Noble told delegates.

More here.

Why does a Flash Cookie from keep getting set on my machine?

I use a Firefox Plug-In called Better Privacy, which I check regularly to keep track of -- and delete -- Flash Cookies which secretly try to track my browsing.

I noticed a few days ago that I keep on deleting a Flash cookie from, but it keeps reappearing.

Anyone have any ideas? This one has me stumped, but I admit I have not spent much time investigating this. It doesn't appear to be overtly malicious... but I would sure love to know what keeps setting it.

Comments appreciated.


- ferg

Update: Sunday, 19 Sept. 2010, 10:29 PDT: Never mind. I figured it out... :-)