Saturday, October 31, 2009
Federal prosecutors in Detroit charged Luqman Abdullah and 10 others "with conspiracy to commit several federal crimes, including theft from interstate shipments, mail fraud to obtain the proceeds of arson, illegal possession and sale of firearms, and tampering with motor vehicle identification numbers." According to DOJ, "Abdullah was the leader of part of a group which calls themselves Ummah ('the brotherhood'), a group of mostly African-American converts to Islam, which seeks to establish a separate Sharia-law governed state within the United States. The Ummah is ruled by Jamil Abdullah Al-Amin, formerly known as H. Rapp Brown, who is serving a state sentence in USP Florence, CO, ADMAX, for the murder of two police officers in Georgia...Abdullah has espoused the use of violence against law enforcement, and has trained members of his group in use of firearms and martial arts in anticipation of some type of action against the government. Abdullah and other members of this group were known to carry firearms and other weapons." Moreover, "At one location, four suspects surrendered and were arrested without incident. Luqman Ameen Abdullah did not surrender and fired his weapon. An exchange of gun fire followed and Abdullah was killed. An FBI canine was also killed during the exchange."
Release Date: October 30, 2009
For Immediate Release
Office of the Press Secretary
Arlington, Va. — Department of Homeland Security (DHS) Secretary Janet Napolitano today opened the new National Cybersecurity and Communications Integration Center (NCCIC) — a 24-hour, DHS-led coordinated watch and warning center that will improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure.
"Securing America's cyber infrastructure requires a coordinated and flexible system to detect threats and communicate protective measures to our federal, state, local, and private sector partners and the public," said Secretary Napolitano. "Consolidating our cyber and communications operations centers within the NCCIC will enhance our ability to effectively mitigate risks and respond to threats."
The new, state-of-the-art facility reflects the shared priority of President Obama and Secretary Napolitano to bolster information sharing and incident response in order to protect and secure the nation's cyber networks and infrastructure.
The NCCIC provides an integrated incident response facility to mitigate risks that could disrupt or degrade critical information technology functions and services, while allowing for flexibility in handling traditional voice and more modern data networks.
The new unified operations center combines two of DHS' operational organizations: the U.S. Computer Emergency Readiness Team (US-CERT), which leads a public-private partnership to protect and defend the nation's cyber infrastructure; and the National Coordinating Center for Telecommunications (NCC), the operational arm of the National Communications System.
In addition, the NCCIC will integrate the efforts of the National Cybersecurity Center (NCSC), which coordinates operations among the six largest federal cyber centers; the DHS Office of Intelligence and Analysis and private sector partners.
The NCCIC was created at the recommendation of the National Security Telecommunications Advisory Committee, the Government Accountability Office and a joint industry-government working group, which together emphasized the need for collocation, integration, and interoperability among existing cyber and communications incident response mechanisms.
Today's ribbon-cutting ceremony marked the culmination of National Cybersecurity Awareness Month—highlighting the shared responsibility among all individuals, the private sector and state, local and federal partners to counter the threat of cyber attacks.
Continuing the back-and-forth battle between Palm and Apple, the latest update also reportedly disables the ability of the Pre to sync with iTunes, according to Precentral.net. With the latest update, iTunes will allegedly launch when a Pre is connected to a computer via USB, but the handset does not show up as a device in the sidebar.
Apple and Palm have battled for months in a cat and mouse game, as Palm has updated its phones to trick iTunes into syncing music, and Apple has updated iTunes to disable it. Both have released numerous updates since the Palm Pre was released this summer.
Apple loves their DRM...
Think back to high school biology. Remember the long, stringy neurons that make up your nervous system? You probably learned that these cells communicate by sending a chemical message across the small gap between them, called a synapse. That's still true, but new research shows that certain brain cells bypass the synapse altogether. Instead, they communicate by spraying a cloud of neurotransmitters into the spaces between cells, blanketing nearby neurons.
A team of Hungarian researchers at the University of Szeged made the discovery by examining a type of neuron called a neurogliaform cell. These cells are common in the brain's cortex, a region that plays a key role in many functions, including memory, attention, awareness, and language. Studies have shown that neurogliaform cells can inhibit the firing of other brain cells by releasing a neurotransmitter called GABA (gamma-aminobutyric acid), which typically transmits messages across synapses. But some studies have suggested that GABA can diffuse into the extracellular space as well, where it carries messages between neurons not connected via synapses. To create enough ambient GABA for this to happen, however, scientists speculated that many neurons would have to fire at once. The researchers set out to test this idea.
The output end, or axon, of a normal neuron is typically long and stringy. But when the Hungarian team used electron and light microscopes to examine brain tissue from rats and humans, they found that neurogliaform cells have bushy axons with many branches. These bushy axons are densely populated with sites where GABA can be released into the extracellular space, the team found. Elsewhere in the brain this occurs mainly at synapses, but only 11 of the 50 release sites examined in neurogliaform cells corresponded to a synapse, the researchers report today in Nature. Additional experiments confirmed that a single neurogliaform cell, when stimulated, releases enough GABA to inhibit the activity of nearby neurons not connected by synapses.
"That's a very striking finding," says Dimitri Kullmann, a neuroscientist at University College London. "Rather than a hose pointing at rose bushes, [the bushy axon is] like a sprinkler on your lawn." Previous studies have shown that neurotransmitters such as serotonin can carry messages to other cells that lack synaptic connections, Kullmann notes, but this is the first study to show that a single neuron can use GABA to communicate with other cells sans synapses.
Texas Instruments (TI) ultimately failed to stand behind their misguided claim that calculator hobbyists violated copyright law by having public, online discussions about techniques to get more functionality from TI calculators. Yet the company continues to dig itself into new holes by issuing more improper take-down letters.
Several weeks ago, TI sent a barrage of letters claiming that the calculator enthusiasts' discussions about the discovery of calculator operating system signing keys -- and the keys themselves -- violated the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA). TI demanded that the posts be taken down. EFF sent a letter to TI on behalf of three such bloggers, explaining why the company's legal claim was wrong, and stated that the men would restore their posts absent legitimate objection from the company. TI ignored both the letter and the deadline, and so the posts are now back online. Mr. Smith's post is here, Mr. Wilson's here, and Mr. Cross's here. You can find EFF's letter to TI here.
While it's no surprise that TI gave up when it found itself in the legal wrong, it is scandalous that the company continues to send its improper demands to other bloggers and hosting companies. In fact, TI has sent an identical take-down demand to Mr. Smith's university complaining about the same OS keys having been posted on our client's student webpage, and demanding that the school take the materials down from that URL. Today, Mr. Smith filed a DMCA Section 512 counternotice to continue the fight. Hopefully other calculator hobbyists who have received TI's baseless demands will consider standing up against the erroneous claim that reverse-engineered OS signing keys are illegal numbers that can not be published, discussed or linked to.
Friday, October 30, 2009
According to a statement released by the US House of Representatives Committee on Standards of Official Conduct, often known as the Ethics Committee, a document describing investigations of over 30 house members and several aides was exposed on a public network because of "...the use of peer-to-peer file sharing software on the personal computer of a junior staffer, who is no longer employed by the committee, while working from home."
The committee statement states that no matter how strong security systems are, humans can make mistakes that bypass them. There's a lot of truth to this, although there are systems in place, often known as data loss prevention or DLP systems, that attempt to prevent the movement of sensitive data off of authorized networks. A Washington Post story on the breach implies that House members and staffers are permitted to take documents home for work, but quotes House administration rules as saying that if they do so they so: "all users of House sensitive information must protect the confidentiality of sensitive information" from unauthorized disclosure.
Those rules do not place any specific security requirements on home computers or others that are used for access of sensitive House data. They state, on the one hand, that sensitive House data should not leave House property. On the other they state that if the data is taken off property, that it should not leave the possession of authorized personnel and that those people need to protect it. This is not an adequately specific policy for computer security. Even assuming that the P2P software on the unfortunate staffer's computer was legal and there intentionally and that saving the document publicly was an error, it's still easy to lose such documents unintentionally through malware or error.
This edition of the X-Force Threat Insight Report provides an exhaustive list of security alerts, breaches and the most commonly seen threats in Q3 2009. It also delivers two new and insightful articles by IBM Internet Security Systems researchers. The first article addresses why "port security" is an important tool to securing an organization's network, and outlines some common commands for configuring port security. Strong port security can enforce security policies - helping to mitigate unauthorized users from accessing the network.
The second article takes the reader on a journey of investigating a malware sample, focusing on the behavioral aspects of malware analysis. If given the task, can you answer the question: "What does this file do?"
Leading cloud-computing services may be vulnerable to eavesdropping and malicious attacks, according to research that shows it is possible for attackers to precisely map where a target's data is physically within the "cloud" and then use various tricks to gather intelligence.
The study probed Amazon's industry-leading Elastic Computer Cloud (EC2) service, but "we firmly believe these vulnerabilities are generic to current virtualization technology and will affect other providers as well," says Eran Tromer, a postdoctoral researcher at MIT's Computer Science and Artificial Intelligence Laboratory, who performed the work with three colleagues from the University of California at San Diego.
Ron Rivest, a computer science professor at MIT and pioneer in cryptography, says the four researchers have "discovered some troubling facts" about cloud-computing services, which rent out computing resources, including storage and processing power, on a by-the-hour basis. Specifically, the potential weaknesses were found in the basic computing infrastructure services that are provided by Amazon and Rackspace and are widely used within many in-house corporate datacenters.
These technologies involve "virtual machines"--remote versions of traditional onsite computer systems, including the hardware and operating system. The number of these virtual machines can be expanded or contracted on the fly to meet demand, creating tremendous efficiencies. But the actual computing is, of course, performed within one or more physical data centers, each containing thousands of computers. And virtual machines of different customers sit on the same physical servers.
The attack involves first figuring out which physical servers a victim is using within a cloud, then implanting a malicious virtual machine there, and finally attacking the victim.
Hunting down a victim who might be on any of tens of thousands of servers might seem a needle-in-haystack enterprise. But the paper concludes that with some simple detective work, "just a few dollars invested in launching [virtual machines] can produce a 40 percent chance of placing a malicious [virtual machine] on the same physical server as a target." They dub this mapping process "cartography."
Tromer and his colleagues demonstrated that, once the malicious virtual machine is placed on the same server as its target, it is possible to carefully monitor how access to resources fluctuates and thereby potentially glean sensitive information about the victim. The researchers said it would be possible to steal data this way, though they did not take this next step.
Pakistani troops are close to surrounding a key town in South Waziristan that is used by members of an Uzbek terror group allied with al Qaeda and the Taliban. Meanwhile, the military found passports linked to senior al Qaeda operatives, one of whom was involved in the 9/11 attack, at a recently seized terror camp.
Eleven Taliban fighters and one soldier were reported killed during the fighting over the past 24 hours. The military claims more than 260 Taliban fighters and 31 soldiers have been killed since the operation was launched against the Movement of the Taliban in Pakistan on Oct 17.
The military is advancing on the town of Kanigorum from Shakai in the southwest, and said it has surrounded it from three directions. The goal is to seal off the exits before launching the final assault. The battle for Kanigoram is expected to be fierce, as fighters belonging to the Islamic Movement of Uzbekistan are known to use the region as a base.
The US has conducted two covert strikes in Kanigoram this year. An attack on Aug. 27 killed eight Taliban fighters and Uzbek fighters. Waliur Rehman Mehsud, the Taliban commander for South Waziristan, was the target of the attack. An April 29 strike on a safe house and a vehicle killed 10 Taliban fighters.
The Pakistani Army is also reported to be about three miles from the town of Sararogha. The military is advancing on Sararogha from Jandola in the southeast. Troops have advanced toward Sararogha after taking control of Kotkai. Waliur Rehman is thought to be directing Taliban operations from Sararogha.
The Pakistani Army also announced that it had seized control of an al Qaeda training camp when it took control of the village of Sherwangi on Oct. 25. Among the items found at the Sherwangi camp was a passport belonging to Said Bahaji, one of the al Qaeda operatives who participated in the 9/11 attacks on the US.
Bahaji was close to Mohammed Atta, the tactical commander of the 9/11 attacks. He was also an aide to Ramzi Binalshibh, who served as the link between 9/11 mastermind Khalid Sheikh Mohammed and Atta. Bahaji is known to have traveled to Karachi from Hamburg on Sept. 3, 2001, just eight days before the attack.
Also recovered at the Sherwangi camp was a passport belonging to Raquel Gacia Burgos, the wife of Amer Azizi, a senior al Qaeda operative who played a role in the train bombings in Madrid, Spain, in March 2004. The deadly attack killed 191 people. Azizi is known to be a senior leader of al Qaeda in Europe and has connections to al Qaeda affiliates in North Africa.
Thursday, October 29, 2009
A British man and his wife were taken hostage by armed pirates who boarded their yacht, the man said in an interview released Thursday.
Paul Chandler told ITV News that he and his wife, Rachel, are being held on a container ship near the Somali coast.
He said three boats came alongside their yacht when he was asleep.
"Men with guns came aboard," he told ITV by a crackly phone connection. "Then we were forced to sail ... toward Somalia."
Chandler said he and his wife were taken off the yacht and were held on a container ship called the Kota Wajah, ITV reported.
Also Thursday, the British navy said it had found the couple's empty yacht in international waters.
A ministry spokesman said it appeared that the couple had been transferred to another vessel.
"There's nothing to indicate that they've been harmed," said the spokesman, who asked not to be named in line with policy.
"We will be using all the methods at our disposal to ensure the safe return of these British nationals," British Foreign Secretary David Miliband said.
British Prime Minister Gordon Brown has called for the release of the couple, according to the UK's Press Association.
Brown said a news conference, "Piracy and the taking of hostages is unacceptable in any circumstances. We call on those people who have taken the British citizens hostage to release them as soon as possible."
The Chandlers set off from the Seychelles for Tanzania on October 21 on their 38-foot-yacht, the Lynn Rival, according to their blog. A distress beacon was activated October 23, according to naval officials.
Britain's Foreign and Commonwealth Office issued a statement Thursday saying "hostage taking is never justified."
It said, "Paul and Rachel are blameless tourists and they should be released immediately and unconditionally. The families are deeply concerned for the safety of their loved ones."
Foreign office staff members have been in close contact with their families, it said.
Pirates have been very active off the east coast of Africa in the past several years, operating out of lawless Somalia.
Two vessels were attacked the day after the Chandlers set sail. One of them, a cargo ship, was boarded and seized off the Seychelles, and the other fought off its attackers near the Kenyan coast.
The federal government will spend an estimated $1.5 billion to build a new data center in Utah to support intelligence and defense agencies’ cybersecurity programs, according to state and federal officials.
The National Security Agency will run the center that Utah Gov. Gary Herbert said would cost $1.5 billion to build and employ 4,000 to 5,000 people statewide. The facility will be built at the Utah National Guard’s Camp Williams, near Salt Lake City.
Glenn Gaffney, deputy director of national intelligence for collection, announced the project Oct. 23 in Utah and he was joined by elected officials from the state. “The new data center we are announcing today will support the intelligence community’s mission in providing foreign intelligence about cybersecurity threats,” Gaffney said.
Gaffney also said the center would also be used for information assurance efforts related to Defense Department networks and to provide technical assistance for the Homeland Security Department as it works to secure the government’s civilian networks.
There will be an industry day for the project Nov. 5 in Salt Lake City, according to a notice published on the Federal Business Opportunities Web site by the Army Corps of Engineers, Baltimore District. The corps estimated the facility will be a million square feet, of which 100,000 will be data center space and 900,000 would be technical support and administrative space.
The U.S. Deputy Director of National Intelligence for Collection gave a press conference on the new Utah data collection facility on Oct 23th 2009: video and transcript.
h/t to Bruce Schneier for the video & transcript link above.
The Department of Defense Tuesday clarified its stance on open source software saying it is equal to commercial software in almost all cases and by law should be considered by the agency when making technology purchase decisions.
The memo was not a policy statement but instead a clarification and guidance on the use of open source software (OSS) within the agency. It was issued by David Wennergren, deputy CIO of the U.S. Department of Defense (DoD).
In terms of guidance, the memo said OSS meets the definition of "commercial computer software" and that executive agencies are required to include open source when evaluating software that meets their computing needs.
In addition, the memo lays out a list of open source positives, including broad peer-review that helps eliminate defects, modification rights that help speed changes when needed, a reduction in the reliance on proprietary vendors, a licensing model that facilitates quick provisioning, cost reduction in some cases, reduction in maintenance and ownership costs, and favorable characteristics for rapid prototyping and experimentation.
"I would consider this a milestone day" said John Scott, director of open source software and open integration for Mercury Federal Systems, a technology consultancy to the U.S. government. Scott helped draft some of the open source guidance contained in the memo, which took about 18 months to draft.
Scott says he believes this is the first time guidance has been issued about sharing the government’s own open source changes with the public.
The memo, an update to a 2003 DoD open source directive, clarified the use of sharing code saying there is a misconception within the agency that modifications must be released to the public.
"In contrast, many open source licenses permit the user to modify OSS for internal use without being obligated to distribute source code to the public," the memo says. It goes on to advise users to understand distribution requirements for open source licenses and mentions the GNU General Public License and its specific distribution rules.
On the other hand, the DoD says code fixes and enhancements developed for the government should be released to the public, but only under certain conditions, such as the absence of export or other federal restrictions.
The memo also makes a distinction between freeware and open source software, which previously was the source of confusion and debate within the agency, Scott said.
The DoD already has open source running as part of classified and unclassified systems. In fact, Scott says from one-third to one-half of the software used inside the DoD is open source.
The DoD memo comes on the heels of the Obama Administration selecting Drupal to power its whitehouse.gov Web site.
Wednesday, October 28, 2009
Two American citizens who have been indicted for plotting terror attacks overseas have direct connections to a senior al Qaeda commander and two Lashkar-e-Taiba operatives.
Chicago natives David Coleman Headley and Tahawwur Hussain Rana have been charged in federal court with plotting to conduct attacks against a newspaper in Denmark, according to a criminal complaint that was unsealed today at the US District Court in Chicago. Headley was in contact with al Qaeda commander Ilyas Kashmiri and two unnamed Lashkar-e-Taiba operatives.
Headley, who changed his name from Daood Gilani in 2006, was detained on Oct. 3 after he attempted to travel to Pakistan. Headley has been charged with "one count of conspiracy to commit terrorist acts involving murder and maiming outside the United States and one count of conspiracy to provide material support to that overseas terrorism conspiracy," according to a press release written by the US Department of Justice.
Rana, a Canadian citizen from Pakistan, was detained on Oct. 18. Rana was was charged with "one count of conspiracy to provide material support to a foreign terrorism conspiracy that involved Headley and at least three other specific individuals in Pakistan."
Both Headley and Rana have been plotting to attack "facilities and employees of Morgenavisen Jyllands-Posten," the Danish newspaper that published controversial cartoons of the Prophet Mohammed in 2005. The publication of the cartoons sparked violence and protest. The Taliban in Afghanistan have vowed to conduct retaliatory attacks in Denmark and Europe after the publication of the cartoons.
The operation was called the "Mickey Mouse Project," and, according to a senior US intelligence official contacted by The Long War Journal, the plot involved "assault teams" assigned to attack the headquarters of Jyllands-Posten and kill the staff. Further arrests in Denmark related to the plot are expected.
The attacks were to be "modeled" on the November 2008 assault in Mumbai and the attacks on police centers in Lahore and the Pakistani Army General Headquarters in Rawalpindi this month, the official said. Kashmiri is known to have played a role in these attacks; he was a commando in Pakistan's army and for years has trained jihadi groups from Kashmir and other allied groups to conduct military operations.
NEFA Foundation: “Target: America” The September 2009 Arrest of Najibullah Zazi and the Ongoing Investigation into his Terror Plot
Via CT Blog -
Najibullah Zazi emigrated with his family from Afghanistan as a child and grew up in Flushing, Queens. He shared the same interests as other typical American teens, including a love of video games and the latest fashions. He dropped out of high school, then started operating a coffee cart in Lower Manhattan. In 2006, he married a cousin in Pakistan. He visited her and their children in Pakistan regularly--Then his behavior and his outward appearance began to change. Once he was friendly to customers, but then he grew cold and combative. He had always been religiously observant, but became even more doctrinal. After his most recent trip to Pakistan, Zazi abruptly moved to Aurora, Colorado. He was arrested there in September 2009 on charges of plotting to attack targets in the U.S. using TATP-based explosives, the ingredients for which he and his co-conspirators purchased in beauty supply shops.
This NEFA Target: America report provides details leading up to Zazi's arrest and sheds light on why this case is considered by many experts to be the most significant terrorist plot to take place on U.S. soil since 9/11. Zazi, and the yet-to-be-named co-conspirators in this case, received training at an al-Qaida camp in Pakistan, and returned back to the United States driven in their effort to acquire the materials needed to fabricated TATP-based explosive devices, which, the evidence suggests, they planned to use on a target, or multiple targets, in New York City.
The full report can be read here.
So next week, Adobe's having aconference here to tell Federal employees why they ought to be using "Adobe PDF, and Adobe® Flash® technology" to make government more open. They've spent what seems to be millions of dollars wrapping buses in DC with Adobe marketing materials all designed to tell us how necessary Adobe products are to Obama's Open Government Initiative. They've even got a beautiful website set up to tout the government's use of Flash and PDF, and are holding a conference here next week to talk about how Government should use ubiquitous and secure technologies to make government more open and interactive.
Here at the Sunlight Foundation, we spend a lot of time with Adobe's products-- mainly trying to reverse the damage that these technologies create when government discloses information. The PDF file format, for instance, isn't particularly easily parsed. As ubiquitous as a PDF file is, often times they're non-parsable by software, unfindable by search engines, and unreliable if text is extracted.
Yet, for some reason, Adobe feels they're essential to the new administration's mission of transparent and open government. I on the other hand feel like picketing the event they're having next week to sell their wares (hey hey! ho ho! your-binary-low-parsable-formats-for-government-data has got to go!) because in fact, they're quite the opposite. Here at Sunlight we want the government to STOP publishing bills, and data in PDFs and Flash and start publish them in open, machine readable formats like XML and XSLT. What's most frustrating is, Government seems to transform documents that are in XML into PDF to release them to the public, thinking that that's a good thing for citizens. Government: We can turn XML into PDFs. We can't turn PDFs into XML.
The fact is, sticking to open, standards based technologies like HTML, XML, JSON and others are far more important and useful in getting your information out to the public than the proprietary formats of Adobe. Here's a hint-- if the data format has an ® by its name, it probably isn't great for transparency or open data.
So don't get me wrong-- I appreciate just like the next guy that I can download a nice PDF file of an IRS form, print it out, and send it in. I think that members of congress publishing their "Dear Colleague" letters with accuracy is great and important, and I think the pie charts on the IT dashboard are really neat. But when it comes down to it, these technologies aren't helping to fully open our government. They have their place, but in terms of transparency and openness, I'm afraid they do more harm than good. Relying on them only yields frustration from the people who use the data government publishes the most, and they should be considered a bell or a whistle on top of the foundation that an agency should do to be fully transparent: putting data online, obeying the 8 principles of Open Data to the fullest extent.
Sunlight Labs is part of the Sunlight Foundation a non-profit, non partisan Washington, DC based organization focused on digitization of government data and making tools and websites to make it easily accessible.
Microsoft has released a free tool designed to harden software applications against attacks that exploit common security vulnerabilities.
EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code isn't available.
EMET also allows specific mitigations to be applied to a particular application process, a granularity that helps when a given process isn't compatible with a given control.
Over the past few years, developers have increasingly focused on adding measures to their applications that make it harder for attackers to exploit vulnerabilities. The approach makes a lot of sense given the inevitability of buffer overflows and other garden-variety vulnerabilities in complex software. Rather than trying to weed out such bugs, mitigation intends to neutralize their harmful effects.
At the moment, EMET is shipping with just four mitigations, including SEHOP, which prevents many structured exception handling exploits; DEP, or data execution prevention, which marks certain parts of process memory as non-executable; NULL page allocation, designed to block NULL dereference exploits in user mode; and heap spray allocation, which pre-allocates certain memory addresses to make it harder for attackers to predict the location of malicious payloads.
Microsoft plans to add new protections to EMET over time. The program adds to the list of free security tools Microsoft has released over the past year, including its threat modeling tool, the !exploitable Crash Analyzer and the Microsoft Minifuzz file fuzzer.
No doubt, EMET shouldn't be viewed as a substitute for baking such security controls into applications at the time of compilation. But the utility makes sense for shops that rely on large amounts of legacy software or commonly used third-party titles that are prone to abuse.
"For applications that haven't turned on some of these security settings, it looks like it gives you the ability to add those security controls after the fact," said Rich Mogull, CEO of security firm Securosis. "I think that's great, because those are some of the better defenses that we have these days." Microsoft engineers say that, had SEHOP been in use, an exploit targeting MS09-034 earlier this year would have failed. But they are quick to point out that EMET isn't for newbies, because many applications rely on precisely the behavior the utility is designed to block.
Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday — a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems.
The company’s new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia.
The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement.
Open-source software allows the public to participate in the actual development of the software. Whereas Sequoia’s public source, or disclosed-source, software only allows the public to see software that its developers have already created.
In the press release announcing the public-source system, a Sequoia vice president is quoted saying that “Security through obfuscation and secrecy is not security.”
“Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved,” said Eric Coomer, vice president of research and product development for Sequoia, in the press release. “Sequoia is proud to be the leader in providing the first publicly disclosed source code for a complete end-to-end election system from a leading supplier of voting systems and software.”
Sequoia in fact has been a champion of security through obscurity since it’s been selling voting systems.
The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software.
Princeton University computer scientist Ed Felten, one of the targets of Sequoia’s legal threats, said he was pleasantly surprised to see the company opening its new system to examination after vehemently resisting it in the past.
“I think Sequoia is recognizing that it won’t do anymore to just urge people to trust them,” Felten said, “and that people want to know that the code that controls these machines is open and that experts have had a full chance to look at it.” Given that Sequoia is now acknowledging the value of code disclosure as something that can lead to better security rather than worse security, as it has claimed in the past, Felten said “it seems that it should follow that they would now be willing to release code for all of their other products as well.”
The Sequoia machines deployed to Union County, New Jersey, also showed that Republican presidential candidates received 61 votes when only 60 ballots had been cast in the Republican primary. About 60 machines showed such discrepancies. When Union County election officials announced that they planned to have Princeton academics examine the machines to determine what went wrong, Sequoia threatened a lawsuit.
Sequoia initially blamed the problem on election officials for pushing the wrong buttons, but later claimed it uncovered a problem in its software that was creating the vote errors and announced that it had fixed the issue.
Earlier this year, in a separate case, Sequoia agreed, after a concerted battle, to hand over its source code to election officials in Washington, DC, to investigate why, during the city’s September 2008 primary election, Sequoia’s optical-scan machines added about 1,500 “phantom” votes to races on ballots cast in one precinct.
Sequoia blamed the problem on “static discharge” or human error.
After the city demanded to look at the source code to determine the problem, Sequoia in turn demanded a $20 million bond from officials guaranteeing they wouldn’t disclose information about the system. Sequoia finally relented to provide the code without a bond, though only after the city agreed to keep the company’s trade secrets confidential.
The election integrity group Voters Unite has compiled a partial list of reported problems (.pdf) with Sequoia voting machines.
Spokeswoman Michelle Shafer said Sequoia’s public source system has been in the works for months, and that the announcement this week was timed for a National Institute of Standards and Technology workshop discussing a common data format for voting systems.
She said the firmware on the company’s new Frontier optical-scan machines is written in C# programming language and runs on Linux. The election management software — which sits on a computer at the election office and is used to create ballots and tabulate votes — runs on Microsoft Windows XP and uses a Microsoft SQL database.
Pamela Smith, president of Verified Voting, a group that has long lobbied for fully auditable voting systems, applauded Sequoia’s efforts.
“It’s good to know the vendors are developing a new transparent optical-scan system,” she said. “That is probably the biggest recognition of the direction that the voting public wants to see the market going.”
Asked if Sequoia’s history of hiding behind its proprietary code taints the sincerity of its public source effort, Smith said, “It’s never too late. If you’re making a step toward a more transparent system, good for you. That’s a good thing.”
Tuesday, October 27, 2009
It's one of the most serious security breaches one computer expert has ever seen. CBS 5 Investigates has discovered a state-run web site may be putting hundreds of thousands of Californians at risk of identity theft.
It started off with a tip from a viewer, a local job seeker who noticed a computer glitch. Once CBS 5 started looking closer at the glitch, it was a gaping hole.
For laid off workers such as Tom Diederich of Pacifica, it's a requirement: To get unemployment benefits you have to post your resume on CalJOBS, the state's job site. "I filled out my employment history and I saved it," said Diederich, who bookmarked it for future reference.
But the next day when he clicked back in he said, "I saw someone else's information. I saw their name, where they live, their email, their phone number. I was shocked, really.
And the next time, again? "I got a different person's information," said Diederich. "There was probably about 5 or 6 different times that I have seen it. It was more frightening because I said 'Who's seeing my information?'"
So how big of a problem is that? Expert Pam Dixon with the World Privacy Forum said, "That is not okay!" Because she said resumes are a gold mine for criminals.
BS 5 asked UC Berkeley computer science professor and privacy expert, Doug Tygar to take a look at Diederich's problem. He said, "I consider that to be a serious security breach."
But it turns out, not the only one. Because just moments after beginning his examination of that website, using Diederich's web link, Tygar was able to get into the site, and look at other applicants' supposedly private data. "I was able to access other people's personal information including their address, their phone numbers, email, personal details," Tygar said.
All by just changing a few numbers in the URL. In fact, Tygar even found he was able to go in and change information on peoples' resumes. "I would in fact have been able to go through and change that if i were a malicious attacker," he said.
Tygar said a hacker looking for identities to steal could have thousands of resumes at his disposal. "They are giving the information out to people who they shouldn't."
Microsoft said today that it plans to open up the PST data format commonly used within Outlook.
In a MSDN blog posting, Paul Lorimer, Group Manager of Microsoft Office Interoperability, confirmed Microsoft want to improve platform-independent access to email, calendar, contacts, and other data generated by Microsoft Outlook. The PST format is used to store data ranging from email to calendar and contacts and allows for users to export and import that data within Microsoft Outlook.
According to Lorimer: "In order to facilitate interoperability and enable customers and vendors to access the data in .pst files on a variety of platforms, we will be releasing documentation for the .pst file format. This will allow developers to read, create, and interoperate with the data in .pst files in server and client scenarios using the programming language and platform of their choice. The technical documentation will detail how the data is stored, along with guidance for accessing that data from other software applications. It also will highlight the structure of the .pst file, provide details like how to navigate the folder hierarchy, and explain how to access the individual data objects and properties."
Microsoft says the documentation is still being worked on and is in its "early stages". With an Office 2010 public beta due next month it's reasonable to assume we will hear a lot more about Office 2010 in general at next months Professional Developers Conference in Los Angeles. Allowing the PST format to be documented and open will allow web mail providers like Gmail and social networking sites like Facebook to better import data from Microsoft's Outlook application.
Uzi-shaped 2GB USB memory stick
Pre-loaded with the album Uzi Does It
Premium DRM-free digital download of Uzi Does It in 320kbps MP3, FLAC, or Apple Lossless
Get Busy Committee features names you may have heard before: Ryu and Apathy. Tracks are produced by Apathy as well as super-producer Scoop Deville, known for his work recently with Snoop Dogg, The Game, Clipse, and many others.
This record is unlike any rap album you've heard before. I'm sorry if you were expecting some of the boring two-sample verse/chorus nonsense hip hop has descended into, but you won't find that here. This album is full of songs and songwriting, heartfelt stories of life in LA, a life of music, late nights on the Sunset Strip, and coke. In short, a life similar to mine. As Apathy says in Coolin' Out, "I used to love Easy-E, BBD, BDP, so I mixed it all up what you get? GBC."
Monday, October 26, 2009
After being banned almost a year ago as bug-infested cyber threats, thumb drives may soon be allowed to plug back into U.S. Defense Department computers and networks.
But not all thumb drives. And not for all computer users, according to Pentagon officials and industry sources.
Thumb drives were banned in November 2008 after thousands of military computers and networks became infected by worms, viruses and other malicious software. Many of the infections were traced to thumb drives, which acquired malicious software from computers or the Internet and passed them on.
The ban has been a major hassle for many who came to rely on thumb drives.
Aircraft and vehicle technicians weren't hauling around tech manuals; the manuals were stored on thumb drives, said Tom Conway, director of federal business development at computer security company McAfee.
Medical records of wounded troops were sometimes stored on thumb drives and accompanied patients from field hospitals in Iraq to Germany and on to the United States, Conway said.
Pilots used thumb drives to transfer mission plans from operations rooms to aircraft computers. And thousands of others used thumb drives to store, share and transfer photos, briefings, videos, PowerPoint presentations, maps, documents and all kinds of other digital data.
Thumb drives still offer an attractive means to move information quickly, Carey said. So in the next 30 to 60 days, the Defense Department is expected to announce that thumb drives are back - in a limited way.
For starters, not everyone will be allowed to use them. Only "authorized individuals" are likely to be permitted to use thumb drives for "mission-essential functions," Carey said in a blog posting.
And the approved drives won't be like the thumb drives on sale at your local office supply store; they probably will be "government-owned and procured."
"The days of using personally owned flash media or using flash media collected at conferences or trade shows are long gone," Carey said.
"A whole lot of procedures are being developed" to govern the return of thumb drives, he said. "Issuance procedures, monitoring procedures, control procedures, it's all in progress."
A military "Removable Storage Media Tiger Team" is developing thumb drive policies for the U.S. Strategic Command, Carey said.
McAfee, which already provides anti-virus technology for about 7 million Defense Department desktops, laptops and servers, offers some advice: Only "trusted products" sold by "trusted suppliers" should be allowed, Conway said. And the trusted thumb drives should have multiple layers of built-in defense.
They should be able to scan data for viruses and other malware, as data is entering the drive and as it is exiting.
The drives should contain built-in encryption chips that convert everything on them to code that can be unencrypted only by a user with the correct password or the right fingerprint - or both.
The drives should also be made tamper-proof so that the information they contain self-destructs if anyone tries to defeat the encryption or disassemble the drive.
The Defense Department should also require that a unique serial number be assigned to each thumb drive. The number would enable network operators to set specific restrictions on what each drive will and won't be allowed to do, said Chris Parkerson, a removable media security manager at McAfee.
To make that work, though, the department would have to develop the capability to keep track of each thumb drive, and of who is using it and what that user is permitted to do with it.
A group working to produce an open and transparent voting system to replace current proprietary systems has published its first batches of code for public review.
The Open Source Digital Voting Foundation (OSDV) announced the availability of source code for its prototype election system Wednesday night at a panel discussion that included Mitch Kapor, creator of Lotus 1-2-3 and co-founder of the Electronic Frontier Foundation; California Secretary of State Debra Bowen; Los Angeles County Registrar-Recorder Dean Logan; and Heather Smith, director of Rock the Vote.
The OSDV, co-founded by Gregory Miller and John Sebes, launched its Trust the Vote Project in 2006 and has an eight-year roadmap to produce a comprehensive, publicly owned, open source electronic election system. The system would be available for licensing to manufacturers or election districts, and would include a voter registration component; firmware for casting ballots on voting devices (either touch-screen systems with a paper trail, optical-scan machines or ballot-marking devices); and an election management system for creating ballots, administering elections and counting votes.
“How we vote has become just as important as who we vote for,” Miller told the audience of filmmakers and technologists who gathered at the Bel-Air home of film producer Lawrence Bender to hear about the project. “We think it is imperative that the infrastructure on which we cast and count our ballots is an infrastructure that is publicly owned.”
Miller said the foundation wasn’t looking to put voting system companies out of business but to assume the heavy burden and costs of research and development to create a trustworthy system that will meet the needs of election officials for reliability and the needs of the voting public for accessibility, transparency, security and integrity.
“We believe we’re catalyzing a re-birth of the industry … by making the blueprint available to anyone who wants to use it,” Miller said.
The foundation has elicited help from academics and election officials from eight states as well as voter advocacy groups, such as Rock the Vote and the League of Women Voters, to guide developers in building the system. Technology bigwigs such as Oracle, Sun and IBM have also approached the group to help with the project.
“That was unexpected,” Miller said.
The code currently available for download and review represents only a small part of the total code and includes parts of an online voter registration portal and tracking system, election management software and a vote tabulator. Prototype code for producing ballots has been completed and will be posted soon. Code for auditing is still being designed.
The voting firmware and tabulator program are built on a minimized Linux platform (a stripped down version of Sharp) and the election management components are built with Ruby on Rails.
The foundation already has California, New Hampshire, North Dakota, Ohio, Oregon, Vermont and Washington interested in adopting the system and is in talks with 11 other states. Florida, which has been racked by voting machine problems since the 2000 presidential debacle, has also expressed interest, as has Georgia, which uses machines made by Premier Election Solutions (formerly Diebold Election Systems) statewide.
Not that we needed another reason to launch an investigation into the vulnerability of the electric grid, but here’s another reason for you:
DOD’s most critical assets are vulnerable to disruptions in electrical power supplies, but DOD lacks sufficient information to determine the full extent of the risks and vulnerabilities these assets face. All 34 of these most critical assets require electricity continuously to support their military missions, and 31 of them rely on commercial power grids–which the Defense Science Board Task Force on DOD Energy Strategy has characterized as increasingly fragile and vulnerable–as their primary source of electricity.
So 31 out of 34 of our nation’s most critical assets rely on a Grid controlled by private interests who cannot be trusted to provide accurate information about the state of their security.
You can download the public version of the report here, and a classified copy has also been prepared, according to the GAO.
PDF Report - http://www.gao.gov/new.items/d10147.pdf
The nation's controversial DNA database is two-thirds full just six months after it was finally connected to all police jurisdictions, and will require a substantial technology upgrade, CrimTrac says.
A strategic review found the National Criminal Investigation DNA Database, used by police to cross-check the genetic signatures of known criminals or suspects, already holds almost 500,000 profiles while the system has a functional capacity of around 750,000.
CrimTrac's biometrics manager Andrew Paterson said the review "identified the need to look at larger systems" to accommodate expansion.
Originally mooted around 10 years ago, it took eight years to resolve legal differences and link all police criminal investigation systems into a uniform database that allows DNA sample matching across borders.
The final linkages were switched on in April.
Mr Paterson said the agency, which maintains the database, would look at commercial software packages such as CODIS, a US product used by the FBI, and Psylon, a local offering.
At the same time, the review recommended expanding local DNA profiling measures to include a greater number of matching points, or loci. Searches of the database are based on nine loci, while US technology searches use 12 loci and New Zealand searches are based on 15 loci.
"Increasing the number of loci uploaded would minimise the chance of irrelevant matches," Mr Paterson said. "Australia would also be well positioned to match with other countries."
Nigerian officials have launched a new initiative called "Project Eagle Claw" that will target Internet scams coming out of the country. The Economic and Financial Crimes Commission has already made a number of arrests and shut down 800 websites, with many more to come.
It turns out Nigeria is taking measures to fight Internet scams—law enforcement there has shut down close to a thousand websites and made 18 arrests as part of a new initiative to save the nation's reputation and crack down on Internet scammers. The program, called "Project Eagle Claw," has only just begun, but Nigerian officials expect it to be fully operational in 2010.
Nigeria's Economic and Financial Crimes Commission (EFCC) described the initiative as "a renewed bid to clap down" (*clap clap*?) on Internet fraudsters. So far, the agency claims to have shut down 800 scam sites in addition to making the arrests, with many more apparently to come.
EFCC Chairman Farida Waziri said Wednesday during a US address to the National Conference of Black Mayors that Nigeria was working with Microsoft to fully deploy Project Eagle Claw, and that it will soon be able to take down up to 5,000 fraudulent e-mails per month. She also expects the system to send up to 230,000 advisory e-mails to victims every month.
Waziri explained that the EFCC's previous strategy for fighting cybercrime involved "cyber raids" and petitions—slow and ineffective in today's fast-moving Internet world—and that Eagle Claw would be much more proactive. "We expect that Eagle Claw as conceived will be 100 percent operational within six months and at full capacity, it will take Nigeria out of the top 10 list of countries with the highest incidence of fraudulent e-mails," Waziri said.
The EFCC should be applauded for their new efforts...
But they are going to shut down fraudulent e-mails and then send out advisory e-mails?
Ohh this will end well...
Nearly one in five people in the US now regularly use applications like Twitter and Facebook to post and read status updates, according to the results of a new survey.
The latest research from the Pew Internet and American Life Project found that 19 per cent of people use services like Twitter, up from 11 per cent less than a year ago. The three groups most likely to use such services are mobile internet users, people under 44 and social network users.
"The more devices someone owns, the more likely they are to use Twitter or another service to update their status," said the Twitter and Status Updating, Fall 2009 report.
"Fully 39 per cent of internet users with four or more internet-connected devices (such as a laptop, cell phone, game console or Kindle) use Twitter, compared to 28 per cent of internet users with three devices, 19 per cent of internet users with two devices, and 10 per cent of internet users with one device."
The survey also highlighted some interesting data on the age of people using social networking tools. The average age of a Twitter user remained constant over the past year at 31, while LinkedIn and MySpace users' average age dropped to 39 and 26 respectively.
The average age of Facebook users increased, however, from 26 in May 2008 to 31 today, reflecting an increase in the number of older users.
"For now, it is clear that a 'social segment' of internet users is flocking to social network sites and status update services," the report concluded. " This segment is likely to grow as more internet users adopt mobile devices as a primary means of going online."
A single cybercrime group called "Avalanche" was responsible for nearly one-quarter of all identity theft-related phishing attacks in the first half of 2009, according to a new report by the Anti-Phishing Work Group (APWG).
According to the report, phishing sites on Avalanche domains target the commercial banking platforms of more than 30 financial institutions, major on-line services, and job search providers.
Social-engineered malware downloads are also being distributed from these same domains. These attacks involve domain names registered by the phishers, set up on name servers controlled by the phishers, and hosted on a fast-flux network of apparently compromised consumer-level machines. This fast-flux hosting makes mitigation efforts more difficult -- calling the Internet Service Provider to get a site or IP blocked is not effective, and the domain name itself must be suspended at the registrar or registry level.
The APWG said the Avalanche phishing kit accounted for a whopping 24% (13,334) of all phishing attacks seen during 1H 2009. However, since each domain is used to mount up to 30 attacks, this only represents about 8% of all domains used for phishing, the group said.
[...]The APWG said Avalanche attacks increased significantly into the third quarter of the year, and preliminary numbers indicate a possible doubling of attacks in the summer of 2009.
Read the full report [PDF from apwg.org]
Sunday, October 25, 2009
It has become commonplace to call Britain a “surveillance society,” a place where security cameras lurk at every corner, giant databases keep track of intimate personal details and the government has extraordinary powers to intrude into citizens’ lives.
A report in 2007 by the lobbying group Privacy International placed Britain in the bottom five countries for its record on privacy and surveillance, on a par with Singapore.
But the intrusions visited on Jenny Paton, a 40-year-old mother of three, were startling just the same. Suspecting Ms. Paton of falsifying her address to get her daughter into the neighborhood school, local officials here began a covert surveillance operation. They obtained her telephone billing records. And for more than three weeks in 2008, an officer from the Poole education department secretly followed her, noting on a log the movements of the “female and three children” and the “target vehicle” (that would be Ms. Paton, her daughters and their car).
It turned out that Ms. Paton had broken no rules. Her daughter was admitted to the school. But she has not let the matter rest. Her case, now scheduled to be heard by a regulatory tribunal, has become emblematic of the struggle between personal privacy and the ever more powerful state here.
The Poole Borough Council, which governs the area of Dorset where Ms. Paton lives with her partner and their children, says it has done nothing wrong.
In a way, that is true: under a law enacted in 2000 to regulate surveillance powers, it is legal for localities to follow residents secretly. Local governments regularly use these surveillance powers — which they “self-authorize,” without oversight from judges or law enforcement officers — to investigate malfeasance like illegally dumping industrial waste, loan-sharking and falsely claiming welfare benefits.
But they also use them to investigate reports of noise pollution and people who do not clean up their dogs’ waste. Local governments use them to catch people who fail to recycle, people who put their trash out too early, people who sell fireworks without licenses, people whose dogs bark too loudly and people who illegally operate taxicabs.
“Does our privacy mean anything?” Ms. Paton said in an interview. “I haven’t had a drink for 20 years, but there is nothing that has brought me closer to drinking than this case.”
The law in question is known as the Regulation of Investigatory Powers Act, or RIPA, and it also gives 474 local governments and 318 agencies — including the Ambulance Service and the Charity Commission — powers once held by only a handful of law enforcement and security service organizations.
Under the law, the localities and agencies can film people with hidden cameras, trawl through communication traffic data like phone calls and Web site visits and enlist undercover “agents” to pose, for example, as teenagers who want to buy alcohol.
In a report this summer, Sir Christopher Rose, the chief surveillance commissioner, said that local governments conducted nearly 5,000 “directed surveillance missions” in the year ending in March and that other public authorities carried out roughly the same amount.
Local officials say that using covert surveillance is justified. The Poole Borough Council, for example, used it to detect and prosecute illegal fishing in Poole Harbor.
“RIPA is an essential tool for local authority enforcement which we make limited use of in cases where it is proportionate and there are no other means of gathering evidence,” Tim Martin, who is in charge of legal and democratic services for Poole, which is southwest of London, said in a statement.
The fuss over the law comes against a backdrop of widespread public worry about an increasingly intrusive state and the growing circulation of personal details in vast databases compiled by the government and private companies.
“Successive U.K. governments have gradually constructed one of the most extensive and technologically advanced surveillance systems in the world,” the House of Lords Constitution Committee said in a recent report. It continued: “The development of electronic surveillance and the collection and processing of personal information have become pervasive, routine and almost taken for granted.”
Federal authorities have accused a California pair of racking up more than $50,000 in fraudulent charges using more than 100 cloned credit cards.
Joseph Hatfield, 27, and Jahmeelah Sullins, 22, of Sacramento, used the cards over a five-month period starting in February, according to documents filed in federal court in Sacramento. Together, they charged perfume, clothes, and gift cards to the counterfeits, which were made by copying track data from legitimate cards and encoding them to the magstripes of blank cards.
The scheme unraveled when Hatfield was flying from Sacramento to Phoenix and a black suitcase he was traveling with lost its baggage claim tag. When Southwest Airlines employees opened it, they found a credit card reader/writer, 25 credit cards, and a California driver license in the name of someone named Adam Constant.
Detectives for the Sacramento County Sheriff soon discovered that the numbers on the cards didn't match the banks that were printed on the cards. They also found that many of them had been used to buy sweaters, jeans, and other items.
The contraband would probably have remained a mystery were it not for a call Hatfield placed to the airline inquiring about a lost black suitcase. When investigators checked the picture on Hatfield's license, they found it matched the one purporting to be Adam Constant. A search of Hatfield's residence turned up more than 100 phony credit cards.
Saturday, October 24, 2009
Via ScienceDaily.com -
New Tel Aviv University technology combines sophisticated sensors in orbit with sensors on the ground and in the air to create a "Hyperspectral Remote Sensor" (HRS). It can give advance warnings about water contamination after a forest fire, alert authorities of a pollution spill long before a red flag is raised on earth, or tell people in China where a monsoon will strike.
Prof. Eyal Ben-Dor of TAU's Department of Geography describes his team's HRS technology as a combination of physical, chemical and optical disciplines. "When a devastating forest fire hits the Hollywood Hills, for example, we can see from space how the mineralogy of the soil has changed," he explains. "Because of these changes, the next rainstorm may wash out all the buildings or leach contaminants into the soil. With our new tool, we can advise on how to contain the pollutants after the fire, and warn if there is a risk for landslides."
Details on new applications of this technology were presented recently in several leading journals including Soil Science Society of America Journals, Soil Science Journal and the International Journal of Remote Sensing.
The FBI and the UK’s Serious and Organised Crime Agency have drawn up a program for dismantling and disrupting cybercrime operations. The effort relies on a better understanding of the business models of carders, malware authors and hacker groups which have increasingly come to resemble those of legitimate businesses.
The three prong strategy aims to target botnet and malware creators, so-called bullet-proof hosting providers that offer hosting services to cybercrooks, and digital currency exchanges. Digital currency exchanges such as WebMoney and Liberty Reserve are central to the operation of the black economy, according to Andy Auld, head of intelligence at SOCA’s e-crime department.
During a keynote presentation at the RSA Europe Conference, Auld and FBI special agent Keith Mularski used the Russian Business Network (RBN) cybercrime network as an example of the type of criminal enterprise they were targeting. The now disbanded group used an IP network allocated by RIPE, a European body that allocates IP resources, to host scam sites, malware and child porn.
The RBN – described as a purpose-built criminal ISP – allegedly paid off local police, judges and government officials in St Petersburg.
"This was a well organized organization not a cottage industry,” Auld explained. “RBN was the e-crime component in a wider criminal portfolio.
“There were strong indications RBN had the local police, local judiciary and local government in St Petersburg in its pocket. Our investigation hit significant hurdles.”
Auld said that although western law enforcement efforts were frustrated, the group was put under surveillance for a short time, during which the group travelled around the Russian city in an Armoured Audi A8 that was always escorted by a Range Rover.
As the heat was turned up on RBN, the group applied a disaster recovery plan, activated in November 2008. However, foreknowledge allowed the FBI and SOCA to shut down new systems before RBN was able to complete its migration.
“All we achieved was disruption, not a prosecution,” Auld explained. “We believe RBN is back in business, pursuing a slightly different business model.”
SOCA and the FBI intend to infiltrate groups or cultivate inside sources. The law enforcement agencies will also go after the money by targeting electronic exchanges that are used to transfer funds between criminals. Working with internet governance organisations, such as groups that allocate IP addresses to crooks without realising that the address space will be used for cybercrime, also form part of the clampdown.
The two law enforcement agencies also want to encourage the targets of cybercrime to improve their security while going after locations where crackers upload and store stolen data.
“Traditional policing is reactive,” Auld explained. “Cybercrime enforcement, by contrast, has to be pro-active.”
Friday, October 23, 2009
The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.
The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.
The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing trade with China, is made up largely of former U.S. government officials in the national security field.
The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report. The analysts wouldn't name the company described in the case study, describing it only as "a firm involved in high-technology development."
The report didn't provide a damage assessment and didn't say specifically who was behind the attack against the U.S. company. But it said the company's internal analysis indicated the attack originated in or came through China.
The report concluded the attack was likely supported, if not orchestrated, by the Chinese government, because of the "professional quality" of the operation and the technical nature of the stolen information, which is not easily sold by rival companies or criminal groups. The operation also targeted specific data and processed "extremely large volumes" of stolen information, the report said.
In the 8 years that the US-China Economic and Security Review Commission has been reporting on the state of the Chinese military, this is by far the best report that it has ever issued in the area of Information Warfare (aka Cyber Warfare). Kudos to Northrup Grumman who won the contract to write this special report, and to Steve DeWeese (Project Manager), Bryan Krekel (principal author), George Bakos and Christopher Barnett (Subject Matter Experts). My only objection is that the team didn’t pursue the relationship between the PRC and the Chinese hacker community far enough. Other than that, this is really outstanding work. It will certainly be required reading for our upcoming Cyber Threat Analysis online graduate course at Mercyhurst College Institute of Intelligence Studies.
The Pakistani Army is getting help from U.S. spy drones, in its offensive against Taliban militants in South Waziristan.
“For months the United States and Pakistan have been sharing information from Predator flights in the volatile border regions” between Afghanistan and Pakistan, the L.A. Times’ Julian Barnes and Greg Miller report. “but until now the Pakistanis had not accepted help for their major military operations.”
These flights aren’t the same as the killer drone attacks, under the CIA’s operational control, which have left slain up to 1,000 people, including several top leaders of the Pakistani Taliban.
Instead, these U.S. Air Force Predators are providing overhead video — and possibly radio intercepts — for the Pakistani campaign. “Pakistan has superior human intelligence on the ground, where its powerful Inter-Services Intelligence has cultivated networks of informants among militant groups. But the government has a limited ability to intercept cellphone calls and other transmissions,” the Times notes.
“Any type of imagery would be of use to the Pakistanis, either from Predator or other means,” a senior U.S. Defense official tells the paper. In particular, Pakistan has sought intelligence “on locations of the enemy, resupply routes, resupply activity . . . in real time.”
For at least a year, the American and Pakistani militaries have tried to figure out the best way to share the intelligence that the unmanned aircraft gather. At first, Pakistani officials publicly denied that there was any cooperation. Then Google Earth images showed U.S. Predators parked on a Pakistani runway.
Welcome to the Social Engineering Framework. This is a work in progress, but we feel it will contain and DOES contain some of the hottest, newest and most innovative information on the scene today. We will be developing this framework over time and there will be more to come. For now the Framework is below and the hyper-linked areas are the areas that are done or being worked on. We hope you enjoy this and PLEASE feel free to send us your thoughts, additions or any feedback at all.
- The SE Team
I'm listening to the first Social-Engineer.org podcast...
Episode 001 - Interrogation and Interview Tactics
Thursday, October 22, 2009
The U.S. Justice Department says more than 300 people have been arrested in the United States over the past two days, as part of a massive operation targeting the La Familia Mexican drug cartel.
U.S. Attorney General Eric Holder told reporters Thursday that the recent arrests are part of a 44-month, multi-agency law enforcement investigation known as Project Coronado. Holder called the operation the largest coordinated U.S. law enforcement operation ever undertaken against a Mexican drug cartel.
He said the reach of the cartel stretches well into the United States.
Holder said that, in the last two days alone, law enforcement officials have seized nearly a ton of illegal narcotics, and hundreds of weapons and vehicles. Over all, the nearly four-year operation has ledilia is a heavily armed cartel that utilizes violence, such as killings, kidnappings and assaults, to support its narcotics operations. He described the cartel as the most violent of Mexico's five drug cartels.
Thousands of people have died in drug-related violence in Mexico in recent years.
A vulnerability in a Time Warner cable modem and Wi-Fi router deployed to 65,000 customers would allow a hacker to remotely access the device’s administrative menu over the internet, and potentially change the settings to intercept traffic, according to a blogger who discovered the issue.
Time Warner acknowledged the problem to Threat Level on Tuesday, and says it’s in the process of testing replacement firmware code from the router manufacturer, which it plans to push out to customers soon.
“We were aware of the problem last week and have been working on it since,” said Time Warner spokesman Alex Dudley.
The vulnerability lies with Time Warner’s SMC8014 series cable modem/Wi-Fi router combo, made by SMC. The device is one of several options Time Warner offers to customers who don’t want to install their own modem and router to use with the company’s broadband service. The device is installed with default configurations, which customers can alter only slightly through its built-in web server. The most customers can do through this page is add a list of URLs they want their router to block.
But blogger David Chen, writing at chenosaurus.com, recently discovered he could easily gain remote access to an administrative page served by the router that would allow him greater control of the device.
That file, it turned out, included the administrative login and password in cleartext. Chen investigated and found the same login and password could access the admin panels for every router in the SMC8014 series on Time Warner’s network — a grave vulnerability, given that the routers also expose their web interfaces to the public-facing internet.
All of this means that a hacker who wanted to target a specific router and change its settings could access a customer’s admin panel from anywhere on the net through a web browser, log in with the master password, and then start tinkering. Among the possibilities, the intruder could alter the router’s DNS settings — for example, to redirect the customer’s browser to malicious websites — or change the Wi-Fi settings to open the user’s home network to the neighbors.
The attacker would need the router’s IP address to conduct the attack. But Chen found a dozen customer SMC8014 series cable modem/Wi-Fi routers by simply running a port scan on a subnet of 255 Time Warner IP addresses. An evil hacker could easily automate a scanning tool to sweep through Time Warner’s address space and hack every SMC8014 it finds.
Storage of clear-text username/password in configuration file? - Mostly Fail.
Same username/password on all devices? - Super Fail.