Saturday, June 25, 2011

In Passing: Nick Charles


Nick Charles
June 30, 1946 - June 25, 2011

Friday, June 24, 2011

Power Grid Change May Disrupt Clocks (And Other Stuff)

An AP newswire article by Seth Borenstein, via SFGate.com, reports:

A yearlong experiment with the nation's electric grid could mess up traffic lights, security systems and some computers — and make plug-in clocks and appliances like programmable coffeemakers run up to 20 minutes fast.


"A lot of people are going to have things break and they're not going to know why," said Demetrios Matsakis, head of the time service department at the U.S. Naval Observatory, one of two official timekeeping agencies in the federal government.


Since 1930, electric clocks have kept time based on the rate of the electrical current that powers them. If the current slips off its usual rate, clocks run a little fast or slow. Power companies now take steps to correct it and keep the frequency of the current — and the time — as precise as possible.


The group that oversees the U.S. power grid is proposing an experiment would allow more frequency variation than it does now without corrections, according to a company presentation obtained by The Associated Press.


Officials say they want to try this to make the power supply more reliable, save money and reduce what may be needless efforts. The test is tentatively set to start in mid-July, but that could change.


More here.

Citi Hackers Made $2.7 Million

Robert McMillan writes on Computerworld.com.au:

Citigroup suffered about US$2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges.


Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers.


Until now, it wasn't clear how much -- if any -- fraud had occurred as a result of the theft. But Citi confirmed Friday that there were losses of $2.7 million from about 3,400 accounts.


The bank has said its customers will not be liable for the losses.


More here.

In Passing: Peter Falk


Peter Falk
September 16, 1927 – June 23, 2011

LulzSec Releases Arizona Police Documents

Kevin Poulsen writes on Threat Level:

The hacker group LulzSec published 700 confidential documents Thursday apparently stolen from the Arizona Department of Public Safety.


LulzSec announced its latest conquest on Twitter and released the document cache through BitTorrent. The files are a mix of intelligence bulletins and presentations — including some issued by the FBI, DHS and DEA — private e-mail, training manuals and other material, some it marked “law enforcement sensitive” or “For Official Use Only.”


The group claimed it targeted the Arizona cops because LulzSec is opposed to Arizona’s SB1070, the state’s broad and controversial anti-illegal immigration measure.


Immigrant rights is only the latest in LulzSec’s growing policy platform, which already included support for WikiLeaks and the right to tinker with Sony Play Station consoles, and opposition to the Fox talent show The X-Factor.


More here.

Thursday, June 23, 2011

90% of Companies Say They've Been Hacked

Jaikumar Vijayan writes on InfoWorld:

If it sometimes appears that just about every company is getting hacked these days, that's because they are.


In a recent survey [.pdf] of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90 percent of the respondents said their organizations' computers had been breached at least once by hackers over the past 12 months.


Nearly 60 percent reported two or more breaches over the past year. More than 50 percent said they had little confidence of being able to stave off further attacks over the next 12 months.


Those numbers are significantly higher than findings in similar surveys, and they suggest that a growing number of enterprises are losing the battle to keep malicious intruders out of their networks.


More here.

Ukraine Disrupts $72M Conficker Hacking Ring

Jeremy Kirk writes on ComputerWorld:

Ukraine's security service said Thursday it had disrupted a cybercrime ring that cost the banking industry more than $72 million using Conficker, a fast-spreading worm unleashed in 2008.


The hackers allegedly used Conficker to spread antivirus software, according to a translation of a news release from the SBU, the Ukraine's state security service. The antivirus software, however, contained malware that collected online banking details.


The SBU said it conducted 19 raids on Tuesday in tandem with law enforcement in other countries. Latvian police arrested two people, and more than 40 financial accounts were frozen in banks in Cyprus and Latvia.


The U.S. Federal Bureau of Investigation also participated in the investigation along with agencies in the U.K., the Netherlands, France, Germany, Cyprus, Latvia and two other unnamed countries, according to the release. Thirty servers were seized in countries outside the Ukraine.


Ukrainian authorities questioned 16 people and have seized computer equipment, documents and money. SBU and FBI officials with knowledge of the case could not be immediately reached.


More here.

Wednesday, June 22, 2011

FBI Targets Two 'Scareware' Rings in U.S., Europe

Via Reuters.

Police in the United States and seven other countries seized computers and servers used to run a "scareware" scheme that has netted more than $72 million from victims tricked into buying fake anti-virus software.


Twenty-two computers and servers were seized in the United States and 25 others in France, Germany, Latvia, Lithuania, the Netherlands, Sweden and the United Kingdom, the U.S. Justice Department said in a statement on Wednesday.


The suspects involved in the scheme, who were not identified, planted "scareware" on the computers of 960,000 victims. The scareware would pretend to find malicious software on a computer. The goal is to persuade the victim to voluntarily hand over credit card information, paying to resolve a nonexistent problem.


Latvian authorities seized at least five bank accounts believed to have been used by the leaders of the scam, and the Justice Department said nothing about arrests.


U.S. authorities also said on Wednesday they disrupted a second scam, charging two Latvians with running a similar scareware scheme that led to $2 million in losses through an advertisement placed on a Minnesota newspaper's website.


More here.

Tuesday, June 21, 2011

DHS Official Says ISPs Would Likely Be Covered By Obama Cybersecurity Plan

Gautham Nagesh writes on The Hill:

A top Department of Homeland Security cybersecurity official told lawmakers Internet Service Providers (ISPs) would likely be among the private-sector firms that would be subject to federal oversight under the White House's proposed cybersecurity legislation.


At a hearing in front of the Senate Judiciary Subcommittee on Crime and Terrorism, DHS acting Deputy Under Secretary Greg Schaffer acknowledged that under the White House's plan, ISPs would likely be among the private firms deemed critical infrastructure and therefore subject to federal security standards.


Schaffer emphasized that the administration's legislative proposal doesn't explicitly lay out which industries would be deemed critical and core critical infrastructure, but witnesses at Tuesday's hearing mentioned transportation, financial services, utilities and healthcare providers as among those sectors that could be included.


Subpanel Chairman Sheldon Whitehouse (D-R.I.) noted that ISPs are in a unique position to know when consumers' computers are under attack or have been enslaved by malicious botnets. He suggested ISPs should take action against infected devices in the event consumers are not aware of the breach.


More here.

Still on Vacation: The National D-Day Memorial

The Overlord Arch at the National D-Day Memorial, Bedford, Virginia


I'm still on vacation this week, but just wanted to mention a worthwhile side-trip I made earlier today to the National D-Day Memorial in Bedford, Virginia. Bedford is only about an hour-and-a-half drive from where I grew up, and it is the first time that I have been there since the Memorial was dedicated in 2001 (this year is its tenth anniversary).

If you are ever in that neck of the woods, I would highly recommend a visit.

Cheers,

- ferg