Sunday, February 28, 2010

Autopsy Finds Hamas Leader was Drugged, Suffocated

Via -

The killers of Hamas leader Mahmoud al-Mabhouh first injected him with a muscle relaxant and then suffocated him, Dubai police said Sunday.

Toxicology tests on the Hamas leader found significant amounts of succinylcholine, a drug that is used to relax muscles during surgery or as an anesthetic.

"The assassins used this method so that it would seem that his death was natural," Maj. Gen. Al Mazeina said.

But signs indicated that al-Mabhouh resisted his attacker as they suffocated him, police said.

The latest determination are in line with what police disclosed earlier and told al-Mabhouh's relatives.

Saturday, February 27, 2010

Wyndham Hotels Hacked Again

Via -

Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data.

The break-in occurred between late October 2009 and January 2010, when it was finally discovered. It affected an undisclosed number of company franchisees and hotel properties that Wyndham manages. Wyndham has acknowledged the incident in a note posted to its Web site.

"A hacker intruded on our systems and accessed customers information from a limited number of franchised and managed properties," the company said. "The hacker was able to move some information to an off-site URL before we discovered the intrusion."

Hackers were able to steal data required for credit card fraud, the company said, including "guest names and card numbers, expiration dates and other data from the card's magnetic stripe."

Wyndham did not say how many hotels were hacked or how many customers were affected. The company did not return messages seeking comment Friday.

This is the third data breach reported by Wyndham in the past year. Last February, Wyndham said that hackers stole tens of thousands of credit card numbers between July and August 2008.

In that case, criminals hacked into a Wyndham franchisee and then stole data from a central company server.

Wyndham, which operates Days Inn, Ramada and Super 8 motels, warned customers of a second breach in August 2009.

The company has not yet notified victims of this latest incident, but expects to begin doing so by the end of March, when it has concluded the investigation.

Photo of the Day - KeyKeriki V2 Board

(Photo Credit -

KeyKeriki is an opensource hardware and software project which enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only). The hardware itself is designed to be small and versatile, it can be extended to currently undetected/unknown keyboard traffic, and/or hardware extensions, for example, a repeating module or amplifier.

KeyKeriki V2 is the next generation device based on an ARM Cortex-M3 microcontroller. The details of these successor will be released at their talk at CanSecWest 2010 in Vancouver, Canada. The working title is “Vogelgrippe” and it will be able to capture raw “Enhanced Shockburst™” frames, therefore being able capturing keystrokes of any wireless keyboard which uses the 2.4GHz Enhanced Shockburst™ Technology. The hardware will be as tiny and handy as the first generation Keykeriki, therefore not larger than a packet of cigarettes.

Pentagon Comes to Terms with Social Media Access

Via -

The Defense Department has made its peace with social media.

Long skittish about forums such as Facebook and Twitter, the U.S. Department of Defense says that it is now OK with social networking services and other interactive Web 2.0 applications. A memorandum released Friday makes it official policy that the agency's nonclassified network will be configured to provide access to Internet-based capabilities across all Defense components, including the various combat branches.

That's not to say that the Pentagon is embracing all of the free-wheeling nature of blogs, tweets, and online video. Soldiers, sailors, and airmen will still be expected to refrain from activities that could compromise military actions or undercut readiness.

"Commanders at all levels and heads of DoD components will continue to defend against malicious activity on military information networks, deny access to prohibited content sites (e.g., gambling, pornography, hate-crime related activities), and take immediate and commensurate actions, as required, to safeguard missions (e.g., temporarily limiting access to the Internet to preserve operations security or to address bandwidth constraints)," the Defense Department said in a news release.

The Pentagon says it recognizes that social networks, among other Web capabilities, are useful tools for interaction both within the Defense Department and between the agency and the general public. It is also satisfied with the balance it has struck between network security and use of Internet-based tools.

And it also acknowledges that an either/or decision between security and information sharing is impractical.

"If you look at either one individually, you will fail," said David M. Wennergren, deputy assistant secretary of defense for information management and technology. "You will have great security, but no ability to access information sharing. [Or] if you think only about sharing, you will run into issues of operational security and letting bad things into your system. So you can no longer think of them as two separate subjects."

The military has been using social-networking tools for some time, but policies have not always been consistent across the branches, and officials over time have wavered on how much they were willing to let individuals engage with the likes of blogs, YouTube, Facebook, and the like.

Ex-UN Nuclear Chief: Egypt is Hungry for Change

Via Yahoo! News (AP) -

The ex-U.N. nuclear chief who has emerged as an opposition leader in Egypt urged the government Saturday to respond to peaceful demands for change, cautioning it could face a popular uprising if it doesn't.

Mohamed ElBaradei, who returned to Cairo a week ago to a hero's welcome by supporters who see him as a possible rival to President Hosni Mubarak in next year's elections, told The Associated Press that he hopes to create a peaceful public movement pressing for electoral reforms.

"You have seen how much support I got even before I set foot in Egypt," said in an interview in the garden of his home on the outskirts of Cairo. "It shows that people are ready, I would say even hungry for change. But this is still something that has to take roots and has to spread to different parts of the country."

When asked if Egypt's government could face protests like those that broke out in Iran, he said he hopes to avoid that but it was ultimately up to the ruling system.

"It is inevitable that change will come to Egypt. What I'm trying to do is pre-empt a point of clash between the government and the people," he said.

"I hope the government will understand that you don't want for people to reach a point of desperation," he added. "What I am preaching right now, if you like, is peaceful change by everybody. If the government subscribes to that, I think all the better."

ElBaradei, 67, was coy about whether he plans to run in the 2011 presidential vote, saying that was not his primary goal. Instead, he said his main focus is drumming up support for his efforts to promote change and rallying the public as well as fellow opposition leaders behind his campaign.

He said it will be a long term process that requires educating people about basic rights and freedoms.

"My primary goal is to create the condition for a truly democractic political system," he said.

Friday, February 26, 2010

China Widens Net Censorship; Google Exile Looms

Via (Threat Level) -

The Chinese government is imposing new internet restrictions demanding personal-website operators to acquire central-government permission to operate their sites.

The government said the latest move — which also requires site owners to submit a photograph and to show identification — was targeted at tackling pornography. Critics, though said it was based on silencing political dissent. China did not say when the rules would be enforced.

The plan underscores that China is not likely to blink in its confrontation with Google, at least not anytime soon. That leaves Google lingering in an ethical and business crossroads as the days tick from its Jan. 12 announcement that it would leave China if it has to continue censoring search results there.

Google declined Wednesday to directly address negotiations surrounding its China announcement.

“We are not commenting on what might or might not be happening,” Google spokesman Scott Rubin said in a telephone interview.

China is known for having some of the world’s strictest holds on the internet.

Last year, the Chinese government decided to mandate censorship software called Green Dam in all new PCs (to which manufacturers acquiesced). In March it blocked YouTube because of videos of anti-Tibetan violence, a block that remains. Then the government began hammering on Google, claiming the search engine was steering too many people to pornography.

Cryptome Restored After Microsoft Change of Heart

Via The Register UK -

Microsoft has rescinded the copyright complaint that resulted in the shutdown of the long-standing whistleblower website,, after it published Redmond's spy guide for law enforcement.

The company said it has asked Cryptome's ISP, Network Solutions, that the website be restored and that it no longer wants the offending document to be killed. On Wednesday, Cryptome hosted a 22-page PDF that outlines what information Microsoft gathers about its users and what can be handed over to authorities if required.

Similar guidelines for law enforcement have leaked their way to the website before, exposing the policies of Facebook, AOL, Skype, and Yahoo, among others.

Microsoft lawyers swung the US Digital Millennium Copyright Act (DCMA) in an attempt to force Cryptome to pull the document. When it refused to take action, Microsoft complained to Network Solutions, which not only closed the website, but placed a lock on the domain to keep it closed.

But as first reported on ReadWriteWeb, Microsoft has suddenly had a change of heart.

"We take our responsibility to protect our customers privacy very seriously, so have specific guidelines that we use when responding to law enforcement requests," a Microsoft spokeswoman told El Reg in an emailed statement. "In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed. We are requesting to have the site restored and are no longer seeking the document's removal."

Network Solutions confirmed it has received the withdrawal notification and has restored access to the website. Cryptome previously ran afoul of Microsoft's legal dogs after it published the software giant's point-and-click "computer forensics for cops" COFFEE tool. The website also had a similar DMCA dust-up with Yahoo! last year when it revealed the company's law enforcement spying price list.

Thursday, February 25, 2010

Italy's Google Convictions Set a Dangerous Precedent

Via -

Three Google employees, in case you haven't heard, are facing suspended jail sentences following a conviction by a Italian court. Their crime? Allowing an offensive video to be uploaded to the Google Video service. By a third-party user. Whom they didn't know or have anything to do with.

Needless to say, the repercussions of this ruling could be enormous -- and they could affect us all.

The Google case dates back to 2006, when a group of Italian students uploaded a video of themselves bullying a mentally challenged schoolmate to the Google Video site. Italy's Interior Ministry discovered the clip and filed a formal complaint to Google. The clip was then removed.

So what's the problem? Prosecutors argued the Google execs violated Italian privacy laws simply by allowing the video to appear on the Google Video site, despite the fact that they never reviewed it or even knew it existed prior to its removal. The three employees were accused of criminal defamation and privacy invasion. They were found guilty of the latter.

Some say the question comes down to timing: The clip, reports indicate, was online for about two months. According to Reuters, prosecutors claimed there were user-submitted comments on the page asking for the video's removal.

Once Italian officials filed a formal complaint, however, the clip was deleted within hours.

Here's the truth: There's no way Google could monitor every submission uploaded to its sites to see if anything offensive lurks within. And there's no way it could watch all the comments on every page to see if people are using the forums to complain about questionable content, either.

If Google is held responsible for this incident, where will the implications end? Will Facebook be responsible for every hate-filled remark left on someone's profile wall? Will AT&T be responsible for every flesh-filled sexting message sent by an underage teen on its network? Can I have my PCWorld editors jailed anytime someone bashes me in the comments section? (Not that that ever happens, of course.)

The very nature of an open and social Internet depends upon a provider's ability to host content without fear of being prosecuted for a user's submission. As Matt Sucherman, Google's VP and deputy general counsel for Europe, puts it:

"European Union law was drafted specifically to give hosting providers a safe harbor from liability so long as they remove illegal content once they are notified of its existence. The belief, rightly in our opinion, was that a notice and take down regime of this kind would help creativity flourish and support free speech while protecting personal privacy.

"If that principle is swept aside and sites like Blogger, YouTube and indeed every social network and any community bulletin board are held responsible for vetting every single piece of content that is uploaded to them -- every piece of text, every photo, every file, every video -- then the Web as we know it will cease to exist."


Google is now appealing the Italian court's verdict. For the sake of the free World Wide Web, let's hope someone reasonable hears the case.

Wednesday, February 24, 2010

Dubstep: 501 - Mind Control


Microsoft Takes Down Whistleblower Site Over Leaked Surveillance Compliance Document

Via -

Microsoft has managed to do what a roomful of secretive, three-letter government agencies have wanted to do for years: get the whistleblowing, government-document sharing site Cryptome shut down.

Microsoft dropped a DMCA notice alleging copyright infringement on Cryptome’s proprietor John Young on Tuesday after he posted a Microsoft surveillance compliance document that the company gives to law enforcement agents seeking information on Microsoft users. Young filed a counterclaim on Wednesday — arguing he had a fair use to publishing the document, a full day before the Thursday deadline set by his hosting provider, Network Solutions.

Regardless, Cryptome was shut down by Network Solutions and its domain name locked on Wednesday — shuttering a site that thumbed its nose at the government since 1996 — posting thousands of documents that the feds would prefer never saw the light of day.

Microsoft did not return a call for comment by press time.

The 22-page document (.pdf) contains no trade secrets, but will tell Microsoft users things they didn’t know.


The compliance handbook is just the latest in a series of leaks of similar documents from other companies. Yahoo, like Microsoft, reacted as if its secret sauce had somehow been spilled by letting curious users know the hows and whys of how the companies deal with lawful surveillance requests. Google, for all its crusading for internet freedom, refuses to say how often law enforcement comes searching for user data.

The one company who has had a stand-up policy for years is the Cox Communications’ ISP, which has had this information and their price list public for years.

But hypocrisy is the name of the game for giant internet companies like Yahoo, Microsoft and Google that want us to entrust large portions of our lives to Gmail, Yahoo Mail, Buzz, Xbox, Hotmail, Messenger, Google Groups. When it comes to the most basic information about how, why and how often our data is subpoenaed and collected without our knowledge, these online innovators resort to lawyers, abusive legal process and double-talk.


The leaked document is also accessible via

Cindy Cohn of the Electronic Frontier Foundation said in a call today, "We find it troubling that copyright law is being invoked here. Microsoft doesn't sell this manual. There's no market for this work. It's not a copyright issue. John's copying of it is fair use... We don't do this anywhere else in speech law."

Cohn also noted she feels the reason Microsoft actually wants the document removed from the Web is because, for a large corporation with millions of users and an aggressive PR agenda, the document raises concerns and sparks conversations the company would rather not confront.

"It's part of a very intense political debate about the role of intermediary companies like Microsoft aiding surveillance for law enforcement. It's embarrassing for Microsoft for their users to see how much the people who carry their email have arrangements with law enforcement... All of the people who carry our communications are an easy conduit for our government to spy on us, and a lot of people are unhappy about that. It's a legitimate public debate, and Microsoft doesn't want to be part of that debate."

Inquiry Grows in Dubai Assassination

Via NYTimes -

The Dubai police released the names of 15 more suspects on Wednesday in the killing of a senior Hamas operative in a Dubai hotel room last month, expanding the range of an investigation that has already fostered diplomatic tensions between several European countries and Israel, whose intelligence service is widely suspected of planning the assassination.

The new suspects carried Irish, British, French, and Australian passports, and bring the size of the assassination team to 26, including six women, Dubai police officials said in a written statement. The suspects’ roles included “preparations and helping to facilitate” the Jan. 19 killing of the Hamas official, Mahmoud al Mabhouh, the statement said.


The Dubai police statement issued on Wednesday included one striking detail: two of the new suspects, identified as Nicole Sandra McCabe and Adam Marcus Korman and carrying Australian passports, left Dubai on a ship bound for Iran. All the others traveled by plane to European and Asian countries, according to the statement. The statement included no further information about the two suspects or why they would have gone to Iran.

The police had stated previously that the suspects purchased credit cards issued by an American bank using their passports, and used them to buy plane tickets and other items related to the assassination. On Wednesday, the police statement identified the bank as MetaBank, and added that 14 of the suspects had bought and used credit cards issued by the bank.

All 26 suspects appear to have traveled on passports from countries that do not need prior visas to travel to the United Arab Emirates, and do not need to go through eye scans or provide other biometric data required of some nationalities. Emirati officials said earlier this week that they might revise their visa guidelines.

Countering Violent Extremist Narratives

Via CT Blog -

The Dutch counterterrorism agency the NCTb, and the University of Leiden have released a volume of essays, focusing on how to more effectively counter al Qaeda's dangerous narrative. While al Qaeda's popularity has slipped over the past year, it remains a serious threat to the US and its allies. The organization has demonstrated that it can still plot potentially devastating attacks, as the Najibullah Zazi case illustrated, and it still is able to spread its destructive propaganda and message.

I wrote a piece for this volume, analyzing how we could use the cases of terrorist dropouts to improve our counternarrative. Figuring out why people have voluntarily walked away from al Qaeda and like minded groups can help us determine what messages and strategies are likely to be effective in persuading others to turn their backs on this cause.

To read my piece, click here

To read my longer study on terrorist dropouts, click here.

The full Dutch report is available here

Tuesday, February 23, 2010

FAS Missile Watch – February 2010

Missile Watch - February 2010 - PDF


This issue of Missile Watch features big news out of Thailand. A North Korean arms shipment seized by Thai officials in December contained “five crates of MANPADS SAM[s]”, according to an official Thai government report. The report, which was obtained by Bloomberg News in late January, appears to confirm North Korea as an illicit source of shoulder-fired, surface-to-air missiles. Depending on the origins and model of the missiles, this case could have profound implications for international efforts to curb missile trafficking. Also notable are reports of a Peruvian trafficking ring that stole at least seven Strela and Igla missiles from government arsenals and sold them to Colombian rebels, and of insurgent arsenals in Myanmar that contain 300 missiles – a stockpile comparable in size to the holdings of many small states. These reports illustrate the continued availability of illicit missiles to armed groups despite a decade-long international campaign to strengthen export controls and secure government stockpiles.


"Missile Watch" is a publication of the FAS Arms Sales Monitoring Project.

Influenza Virus Hybridization Could Create Pandemic Bird Flu (H5N1)

Via -

Genetic interactions between avian H5N1 influenza and human seasonal influenza viruses have the potential to create hybrid strains combining the virulence of bird flu with the pandemic ability of H1N1, according to a new study.

In laboratory experiments in mice, a single gene segment from a human seasonal flu virus, H3N2, was able to convert the avian H5N1 virus into a highly pathogenic form. The findings are reported the week of Feb. 22 in the online early edition of the Proceedings of the National Academy of Sciences.

"Some hybrids between H5N1 virus and seasonal influenza viruses were more pathogenic than the original H5N1 viruses. That is worrisome," says Yoshihiro Kawaoka, a virologist at the University of Wisconsin-Madison and senior author of the new study.

The H5N1 bird flu virus has spread worldwide through bird populations and has caused 442 confirmed human cases and 262 deaths, according to the World Health Organization. To date, however, bird flu has not been able to spread effectively between people.

"H5N1 virus has never acquired the ability to transmit among humans, which is why we haven't had a pandemic. The worry is that the pandemic H1N1 virus may provide that nature in the background of this highly pathogenic H5N1 virus," says Kawaoka, a professor of pathobiological sciences at the UW-Madison School of Veterinary Medicine.

Two viruses infecting a single host cell can swap genetic material, or reassort, creating hybrid strains with characteristics of each parent virus.

Before the current study, hybrid viruses generated in lab studies had always been less virulent than parent strains. However, the new findings raise concerns that H5N1 and pandemic H1N1 viruses could reassort in individuals exposed to both viruses and generate an influenza strain that is both highly virulent and contagious.

The increased virulence seen in the new study seems to arise from one of the eight genes in the viral genome, called PB2, which is known to affect how well the bird flu virus grows in mammalian hosts, including humans. When tested in mice, the human virus version of PB2 swapped into H5N1 converted the avian virus to a highly pathogenic form.

The researchers say surveillance of viral populations is critical to monitor the potential emergence of highly pathogenic viral variants due to reassortment of avian and human influenza viruses. Their results, including identification of the PB2 segment as a key to enhanced virulence, offer information likely to be useful in the event of a pandemic caused by a hybrid avian-human influenza strain.

"With the new pandemic H1N1 virus, people sort of forgot about H5N1 avian influenza. But the reality is that H5N1 avian virus is still out there," Kawaoka says. "Our data suggests that it is possible there may be reassortment between H5 and pandemic H1N1 that can create a more pathogenic H5N1 virus."


I really don't like the term "hybirdization" in this article, but given the different ways the flu virus could modify (mutation & reassortment)...I couldn't find a better term.
New influenza viruses are constantly evolving by mutation or by reassortment. Mutations can cause small changes in the hemagglutinin and neuraminidase antigens on the surface of the virus. This is called antigenic drift, which slowly creates an increasing variety of strains until one evolves that can infect people who are immune to the pre-existing strains. This new variant then replaces the older strains as it rapidly sweeps through the human population—often causing an epidemic. However, since the strains produced by drift will still be reasonably similar to the older strains, some people will still be immune to them. In contrast, when influenza viruses reassort, they acquire completely new antigens—for example by reassortment between avian strains and human strains; this is called antigenic shift. If a human influenza virus is produced that has entirely new antigens, everybody will be susceptible, and the novel influenza will spread uncontrollably, causing a pandemic. In contrast to this model of pandemics based on antigenic drift and shift, an alternative approach has been proposed where the periodic pandemics are produced by interactions of a fixed set of viral strains with a human population with a constantly changing set of immunities to different viral strains

Car Thieves Making Clean Getaway with GPS Jammers

Via The Register UK -

Car thief gangs have begun using imported GPS jammers to allow them to escape tracking technology.

Illicit kit imported into Europe from China operates on the same frequency as GPS satellites to drown out timing signals and confound in-car devices. Because of this in-vehicle systems are unable to either determine their position or report in to vehicle tracking centres in cases where cars or lorries registered with GPS-based tracking technology are stolen.

Vehicles "disappear from the radar" when the GPS jamming technology is deployed, Professor David Last of the University of Wales at Bangor told The Guardian. Professor Last has acted as an expert witness for prosecutors in recent prosecutions involving the seizure of illegal GPS jamming kit.

GPS jammers also have the potential to drown out mobile signals locally, a factor that has reportedly been applied to stop truckers contacting the police in lorry heists in Germany, as well as other applications. Experts reckons some German motorists have used the devices in attempts to avoid GPS-based road charging, introduced for trucks in 2005.

Ownership of the technology is a legal grey area even though it is against the law in both the UK and Germany to either sell or use jamming devices. GPS satellite signals are low power, so jamming devices need not be powerful.

Bob Cockshott, a GPS expert who works for the Technology Strategy Board, a public sector body funded by the Department of Business, explained that a "jammer with an output of about 2 watts [can] swamp any signal from the GPS satellites over an area of a few metres".

More powerful jammers in the 20w range could potentially disrupt the GPS signals over a river estuary or at airports. The UK government has allocated a £2.2m grant to a consortium including Chronus Technology to build GPS-jamming detection systems, currently at the prototype stage of development.

Although the risk of GPS jamming has been understood for years, its misuse by crooks is far more recent, dating back perhaps only 18 months. "We need to make users of GPS aware of the threat," Cockshott told The Guardian. He added that the use of systems that triangulate positions based on the strength of signals from mobile phone masts, or similar technology, needs to be deployed as a complement and backup to GPS-based vehicle tracking and recovery services.

Monday, February 22, 2010

New York Terror Suspect Admits Guilt and Cooperates

Via -

The Afghan immigrant who played a central role in what the federal authorities have said was one of the most serious threats to the United States since the 9/11 attacks, pleaded guilty on Monday to terrorism charges after admitting to a plot to blow up the New York subway.

In entering his plea, the immigrant, Najibullah Zazi, admitted that he came to New York last year near the anniversary of the Sept. 11 attacks to kill himself and others on the subway using a homemade bomb — what he said was a “martyrdom operation” that he was just days away from executing until he realized he was under government surveillance.

Mr. Zazi, 25, pleaded guilty in United States District Court in Brooklyn to charges that included conspiracies to use weapons of mass destruction, to commit murder in a foreign country and to provide material support for a terrorist organization. He faces a sentence of life in prison.

Throughout the 45-minute proceeding, Mr. Zazi seemed unaffected by his circumstances, even smiling through his dark beard on several occasions. And when he spoke, he did so in an unapologetic, matter-of-fact manner, explaining that he was driven to terrorism by his concerns about the United States’ military’s actions in Afghanistan.

In recent weeks, Mr. Zazi had begun providing information to prosecutors as part of the initial stages of an agreement that led to his guilty plea on Monday, according to two people with knowledge of the case. The 10-page plea agreement was sealed by Judge Raymond J. Dearie, but the arrangement suggests that prosecutors believe Mr. Zazi can be a valuable source of information.

Attorney General Eric H. Holder Jr. said in a statement: “This was one of the most serious terrorist threats to our nation since Sept. 11th, 2001, and were it not for the combined efforts of the law enforcement and intelligence communities it could have been devastating. This attempted attack on our homeland was real, it was in motion, and it would have been deadly.”

BLADE: A New Tool for Stopping Stealthy Downloads

Via -

Researchers at SRI International and Georgia Tech are preparing to release a free tool to stop "drive-by" downloads: Internet attacks in which the mere act of visiting a Web site results in the surreptitious installation of malicious software. The new tool, called BLADE (Block All Drive-By Download Exploits), stops downloads that are initiated without the user's consent.

"When your browser is presented with an [executable file] for download, it's supposed to prompt you for what to do," said Phil Porras, SRI's program director. But software can also be pushed onto an unsuspecting user's computer without ever asking for permission.

In the fourth quarter of 2009, roughly 5.5 million Web pages contained software designed to foist unwanted installs on visitors, according to Dasient, a firm that helps protect websites from Web-based malware attacks. Such drive-by downloads target computers that are not up-to-date with the latest security patches for common Web browser vulnerabiltiies, or are missing security updates for key browser plug-ins, such as Adobe's PDF Reader and Flash Player. Attackers use software called exploit packs, which probe the visitor's browser for known security holes.

The research group has been putting BLADE through the paces since January, exposing a few virtual desktops equipped with the software to new exploit sites identified each day by security experts. Each malicious URL is tested against multiple software configurations covering different browser versions and common plug-ins.

So far, Porras said, BLADE has blocked all of the more than 5,150 malicious programs foisted by some 1,205 unique drive-by URLs tested. During the test period, Adobe's PDF Reader was by far the most-targeted browser plug-in, accounting for more than half of the applications targeted by drive-by exploits. Sun Microsystems's Java platform attracted nearly one quarter of all drive-by attacks, while the bulk of remaining exploits targeted vulnerabilities in Adobe Flash and Internet Explorer.

Robert Hansen, chief executive of the Austin, TX-based security firm SecTheory, said BLADE's approach appears unique, and that it may be effective at stopping drive-by downloads in the short run. That is, he said, until the technique is widely incorporated into commerical products. "Tools like this are great--they're another layer of protection, but they certainly aren't a panacea," Hansen said.


"This may work fine when you have it in the lab, but it's another thing when you try to deploy something like this on peoples' computers," Hansen said. "In fact, I could see something like this easily breaking the functionality of some leigitimate software applications."

Indeed, legitimate programs designed to automatically download security updates could encounter problems with a program like BLADE, said Eric Howes, director of research services at Sunbelt Software, a security company based in Clearwater, FL. "I would be especially concerned about potential false positives on other applications that perform background [software] updates or download stuff in the background."

BLADE certainly can't stop all Web-based malicious software, either, Porras admits. It cannot, for example, stop social engineering attacks, in which a user is tricked or bullied into installing a malicious program. The "Koobface" worm, for example, spreads on social networking sites such as Facebook and prompts recipients to download a video player plug-in in order to view a picture or movie supposedly sent by a friend. BLADE would do nothing to block such attacks because they ultimately prompt the user to install the bogus plug-in, which is in fact malicious software that gives attackers complete control over the victim's PC.

BLADE also is useless against threats that reside completely inside of a computer's temporary memory space, as the tool is designed to block malware that tries to write to the computer's hard drive. While most malware is written to the hard drive, there are some advanced threats that live only in memory.


Mali - A New Haven for Al Qaeda?

Via CT Blog -

The Sahel — this vast semi-arid region of North Africa south of the Sahara desert — is viewed by some experts as a “second Afghanistan.” This might be a stretch, but it is true that Al Qaeda in the Islamic Maghreb (AQIM) is very active in the area, especially in Mali.

Mali enjoys a very good reputation around the world. It boasts a vibrant democracy with a multi-party system, a market economy and a tradition of a moderate Islam. But things might be changing: Since 2001, worrying signs have emerged— for example, the proliferation of Osama bin Laden's photo in stalls at the Bamako market and the exponential increase of radio stations preaching radical Islam.

AQIM has organized numerous kidnappings of Western citizens in the region. Interestingly, kidnapped hostages from all over the region usually end up in northern Mali. AQIM has been using northern Mali (in particular Timbuktu and Kidal) as a sanctuary for three reasons: first, it is a very inhospitable area with a difficult terrain making it tough for nations to monitor it; second, some Arab tribes are located there; and finally, the Malian regime is weak and has almost no financial resources.

AQIM’s charm offensive — which includes distributing antibiotics when children are sick and buying goats for double the going rate — has won the hearts and minds of many locals in the Sahel. AQIM buys off local tribes and forms alliances with them, often through marriage.

To make matters more complicated, the area is home to the Tuaregs, a Berber group composed of 200,000 people, who are motivated by territorial claims and bad blood with the Malian authorities to side with AQIM.

To read the rest, please click

US Gov Researcher Closes in on Google “Aurora” IE Exploit Author

Via CNN (FT) -

U.S. analysts believe they have identified the Chinese author of the critical programming code used in the alleged state-sponsored hacking attacks on Google and other western companies, making it far harder for the Chinese government to deny involvement.


A freelance security consultant in his 30s wrote the part of the program that used a previously unknown security hole in the Internet Explorer web browser to break into computers and insert the spyware, a researcher working for the U.S. government told the Financial Times. Chinese officials had special access to the work of the author, who posted pieces of the program to a hacking forum and described it as something he was "working on".


Beyond the immediate forensic inquiry, the work of U.S. researchers sheds light on how cyber-operations are conducted in China.

The man who wrote code to take advantage of the browser flaw is not a full-time government worker, did not launch the attack, and in fact would prefer not be used in such offensive efforts, according to the U.S. team that discovered his role.

"If he wants to do the research he's good at, he has to toe the line now and again," the U.S. analyst said. "He would rather not have uniformed guys looking over his shoulder, but there is no way anyone of his skill level can get away from that kind of thing. The state has privileged access to these researchers' work."

Sunday, February 21, 2010

Abu Sayyaf Terror Leader Albader Parad Killed

Via (h/t National Terror Alert) -

The military claimed a major victory in its war against the Abu Sayyaf Sunday when Marines assaulted the bandits’ lair and killed six of them, including a top leader with a $5-million bounty on his head.

“We have confirmed that one of the six bodies belonged to Albader Parad as confirmed by four independent civilian sources,” Lt. Gen. Ben Dolorfino, the Western Mindanao Command chief, told the Philippine Daily Inquirer by phone.

One Marine was killed while three other soldiers were wounded in a fierce two-hour gun battle at Barangay Karawan in Maimbung, Sulu, the military said.

The US government had a bounty of $5 million on Parad’s head. The Philippine government’s bounty was P7 million.

“It’s a very significant gain in our campaign against terrorism because we all know that Albader Parad is one of their influential leaders,” Dolorfino said.

“This will have a very big demoralizing effect on the other members and shows that they cannot hide forever from the arms of the law,” he added.


Abu Sayyaf is on the United States Department of State's list of Foreign Terrorist Organizations (FTOs).

The Abu Sayyaf Group (ASG), or Abu Sayyaf, is a radical Islamic terrorist group active in the Southern Philippines and Malaysia. Its stated goal is the creation of an independent Islamic state encompassing parts of Southern Thailand, the island of Borneo, the Sulu Archipelago, and Mindanao, areas where Moro Muslims, a minority ethnic group in the Philippines, make up the majority of the local population.

More information on ASG....

Pakistan Police Arrest Another Afgh Taliban Leader - Mulvi Kabir

Via (AFP) -

Police in northwest Pakistan arrested Mulvi Kabir, one of the top 10 most wanted Taliban leaders and a former Taliban governor of Afghanistan's Nangahar Province, Fox News reported on its website Sunday.

The network, citing two unnamed senior US officials, said that Pakistani police captured Kabir in the Naw Shera district of Pakistan's Northwest Frontier province.

The capture is a "significant detention," a senior US military official in Afghanistan told Fox.

Information leading to Kabir's capture was obtained from Mullah Baradar, the Taliban?s second in command, whose arrest was announced on February 18 following a joint US-Pakistani operation, according to Fox.

Baradar's capture has resulted in the arrests of several Taliban leaders -- people US officials told Fox are "shadow governors" that operate from Pakistan's frontier and tribal regions.

The Pentagon announced that two other Taliban officials were arrested days after Baradar's arrest.

Those include Mullah Abdul Salam, based in Afghanistan?s Kunduz province, and Mullah Mir Mohammad, based in the Baghlan province, The New York Times reported, citing Afghan officials.

Saturday, February 20, 2010

Taking The Silk Road To Cyberspace

Via CT Lab -

Beijing's crackdown on Uighurs in the western Chinese province of Xinjiang has been one of the great under-reported stories of the last year. After violent confrontations between Han Chinese and Uighurs last summer, China has repressed all forms of political expression, and has all but made it impossible to get internet access.

A BBC article relates how this has affected local businesses:

The only way to get around the internet block has been to travel 1000 km (620 miles) across Xinjiang's deserts to reach a working internet connections outside the region.

Starting seven months ago, Zhu Meng began making the long journey just to send e-mails to keep his business alive.

The road follows the old trading artery, the Silk Road, past snow-capped peaks, across Xinjiang's empty expanses and through a barren moonscape of mountains and snow.

By car, it takes 24 hours from Urumqi to reach the first working internet connection outside Xinjiang. It is just across the border in neighbouring Gansu province, in the dusty frontier town of Liuyuan...

It's not that the Silk Road has ever lost its importance as a communications route, but that the road from the Mediterranean to the Pacific is serving now as a means to access what Al Gore is alleged to have termed the 'information superhighway'. A tenuous metaphor at best, but you take my point, I'm sure.

I'm scratching my head thinking about how this physical route fits into our concepts of cyberspace, although I'm using that term less and less these days. In this context, it acts as a physical means of subverting government control, but there are many other conceptual levers that could be pulled to interpret this. Any ideas?

Humor: Andy Griffith Football Story From 1953

Andy Griffith's famous 1953 stand-up monologue about college football. It has become one of the most beloved comedy recordings of all time.

The illustrations used in this video were drawn by George Woodbridge, a Mad Magazine artist. The comic illustration appear in Mad Magazine in 1958.


Hat-tip to Sources and Methods

US Military Lifts 15-Month Ban on Removable Media

Via -

The military has lifted its all-out ban of removable media, but will continue to have some limits on their use, including the prohibition of non-government owned devices.

"After extensive testing of mitigation measures, DoD decided to make this technology available again on a strictly controlled basis on DoD computers," Navy Vice Admiral Carl Mauney, deputy commander of the United States Strategic Command, said Friday in an e-mail response to an inquiry about lifting the ban. "Since the order restricting use of removable media, DoD developed capabilities and processes that allow safe use of these devices. Removable media use will be limited to mission-essential operations, and only after strict compliance requirements are met."

The military issued a communications tasking order announcing the lifting of the ban last Friday within the military.

In November 2008, the military suspended the use of USB flash media and removable storage devices on all Defense Department networks, including USB thumb drives, memory sticks/cards and camera flash cards, because some Navy personnel failed to follow procedures aimed at protecting the networks from viruses and safeguarding data stored on Defense systems.


Here are the conditions the military is imposing on removable storage:

  • Employing approved procedures and hardware that prevent unauthorized use, and scan, clean and wipe the devices removing malicious software.

  • Restricting use to operational mission requirements

  • Allowing only properly inventoried, government-procured and -owned devices for use in Defense Department information systems.

  • Prohibiting personally owned devices on all military networks and computers.

  • Banning use of DoD-procured and owned devices on non-government networks or computers without authorization from an approval authority.

  • Using flash media only as a last resort to transfer data from one location to another and only when other authorized network resources are not available.

  • Subjecting randomly selected users and drives to periodic audits.

  • Requiring combatant commands, cervices, and agencies to establish their own approval authorities for determining whether selected flash media may be used within their individual organizations.

Friday, February 19, 2010

FBI Concludes Amerithrax Case Investigation

Via CNN -

The FBI announced that it has concluded its investigation into the 2001 anthrax mailings, saying Friday that a biodefense researcher carried out the attacks alone.

The anthrax letters killed five people and sickened 17 shortly after the September 11, 2001, terrorist attacks. The letters, filled with bacterial spores, were sent to Senate Democratic leaders and news organizations.

"By 2007, investigators conclusively determined that a single spore-batch created and maintained by Dr. Bruce E. Ivins at the United States Army Medical Research Institute of Infectious Diseases (USAMRIID) was the parent material for the letter spores," said a report released Friday by the FBI.

"Evidence developed from that investigation established that Dr. Ivins, alone, mailed the anthrax letters."

The investigative summary and the attachments are now accessible to the public and have been posted to the Justice Department Web site at under the Freedom of Information Act. In addition, roughly 2,700 pages of FBI documents related to the Amerithrax case are now accessible to the public and have been posted to the FBI website at under the Freedom of Information Act.

Dubi Gov Video - The Murder of Mahmoud Al Mabhouh

Footage from CCTV cameras shows a chronological timeline of the events that took place on the day that Hamas commander Mahmoud Al Mabhouh was assassinated.


The case is still under investigation in the UAE and more and more details are sure to be released.


STRATFOR has several videos on the story as well.

Video Dispatch: A Covert Operation and Diplomatic Blowback
Video Dispatch: Tradecraft in a Dubai Assassination

Thursday, February 18, 2010

Circumventing Antivirus Javascript Detection

Some browser-based exploits using javascript are detected by antivirus engines as they often use special strings that are easy to identify, e.g. ActiveX CLSIDs or "unescape('%u0c0c%u0c0c')".


Some time ago, I implemented a new approach which was integrated into the metasploit framework in combination with the msvidctl_mpeg2 exploit. The detection on dropped to zero. Seven months later, it is still undetected. The used encryption was now integrated into the ie_aurora exploit and again the detection dropped to zero.

As zero detection on does not mean that no AV product will catch the exploit in a live environment (the scanners on virustotal will perform mostly static analysis), I tested the aurora exploit against two installed AV products (I'll better not name them) - with encryption, the exploit worked and was not detected anymore.

As said before, AV detection relies on the fact that the inspected javascript contains everything needed for the exploit. The new implementation also uses an xor-encryption, yet the key is not contained within the script.

The key used by the script is transferred as part of the URL, e.g. http://host/exploit.html?<key>

Whereas the javascript executed within the browser can access this part of the url without any problems, many AV products just access the html file stored as temporary file on the disk and therefore cannot access the key - leading to unencryptable javascript code (with the techniques currently used).

Pakistan Captures Two Senior Afghan Taliban Leaders in Quetta

Via The Times Online UK -

Pakistan has captured two more leaders of the Afghan Taleban, Afghan officials revealed today, in the latest indication of a new level of cooperation between US and Pakistani intelligence agencies.

Mullah Abdul Salam and Mullah Mir Mohammad were the “shadow governors” of the northern Afghan provinces of Kunduz and Baghlan respectively, running the Taleban’s increasingly powerful parallel administrations there.

They were detained 10 days ago by Pakistani intelligence agents in Quetta, the capital of Pakistan’s south-western province of Baluchistan, according to Engineer Mohammad Omar, the official governor of Kunduz.

“Two other Taleban who seem to be their bodyguards were also captured with them,” he told The Times.

The capture of Mullah Salam, 35, is especially significant as he had commanded the Taleban across all of northern and north-western Afghanistan and masterminded many attacks on German forces based in Kunduz.

Mohammad Dawood, the head of Afghanistan’s National Directorate of Security in Kunduz, also said that Mullah Salam had been arrested by Pakistani intelligence agents.

The two men’s detention appears to have coincided with that of Mullah Abdul Ghani Baradar - the Taleban’s second-in-command - in a joint US-Pakistani raid in the south-western city of Karachi.

The US, Afghan and Pakistani governments have yet to comment on the reported arrest of the two men, who both reported to Mullah Baradar - the Taleban’s military chief.

But if confirmed, it would reinforce views that Pakistan has finally bowed to US pressure to take action against Afghan Taleban leaders who US officials say have been sheltering on its territory for years.

EFF: Google Buzz Privacy Update

Via EFF Deeplinks Blog -

Over the weekend, Google announced significant changes to its new social networking service, Buzz. Responding to criticism (including EFF's), Google moved away from the system in which Buzz automatically sets you up to follow the people you email and chat with most. Instead, Google has adopted an auto-suggest model, in which you are shown the friend list with an option to de-select people before publishing the list. While a full opt-in model would be less likely to result in inadvertent disclosures of private information, this is a significant step forward.

In addition, Google said it would show current Buzz users the setup process again, giving a second chance to review and confirm the follower list "over the next couple weeks." We recommend that all current Buzz users immediately turn off the public list, and review their friend list before making it public again. (Instructions)

Google will also stop automatically connecting Picasa Web Albums and Google Reader shared items, and allow users to hide Buzz from Gmail or disable it completely.

These problems arose because Google attempted to overcome its market disadvantage in competing with Twitter and Facebook by making a secondary use of your information. Google leveraged information gathered in a popular service (Gmail) with a new service (Buzz), and set a default to sharing your email contacts to maximize uptake of the service. In the process, the privacy of Google users was overlooked and ultimately compromised.

Though Google responded quickly to these privacy concerns, they never should have happened in the first place. While Buzz previously had a lot of these privacy options available, the user interface failed to provide users with the setting users had reasonably expected. Google should follow fair information practices and make secondary uses of information only with clear, unequivocal user consent and control.

Part of the problem may have stemmed from Google's testing process. The BBC reports that Google only tested Buzz internally with its employees, omitting "extensive trials with external testers - used for many other Google services." Google employees are sophisticated power-users who will meticulously review the available settings. However, a good user interface for privacy must work for all users, and match the default settings with the expectations of the users. Only through broad based testing can Google be sure that users are giving informed consent.

Next week Google will face a federal judge and ask for approval of the Google Books settlement. EFF has raised privacy concerns, including the possibility that Google might make secondary uses of the Books information. Buzz's disastrous product launch highlights the danger posed by this possibility, and showcases the need for firm enforceable commitments to protecting user privacy.

Kaspersky Security Bulletin 2009 - Statistics

The statistics used in this report are generated by the Kaspersky Security Network (KSN), a major innovation implemented in Kaspersky Lab personal products. The system is currently being adapted for implementation in Kaspersky Lab’s corporate product offerings.


Software and operating system vulnerabilities are one of the most dangerous security issues, providing cybercriminals with opportunities to evade protection mechanisms and attack victim machines. Kido, the biggest epidemic of 2009, came to pass due to a critical vulnerability in the Windows operating system.


Of the five most common vulnerabilities, the first two were identified in 2009, those in third and fourth place in 2008, and the Microsoft XML Core Services Multiple Vulnerabilities, which occupy fifth place, were identified back in 2007.

In terms of vulnerable files and applications detected on users’ machines, the most common in 2009 were vulnerabilities in Apple’s QuickTime 7.x, which was responsible for more than 70% of all vulnerabilities. This is reminiscent of 2008, when QuickTime made up more than 80% of all vulnerabilities, and led the rankings with this figure.


n 2008, this graph was made up of 7 companies, but this number has now been reduced to four. Just as last year, Microsoft continues to lead with 10 vulnerabilities. This is not surprising, as we are looking specifically at the Windows platform. Nine out of the 10 vulnerabilities were found in applications which form part of Microsoft Office, such as Word, Excel, Outlook, PowerPoint, etc.

Apple’s four vulnerabilities were all found in QuickTime.

This data can be used to conclude that the situation remains the same as last year: the most vulnerable applications on modern Windows systems are still Microsoft Office and QuickTime.

However, Adobe is not far behind in the vulnerability stakes. All four vulnerabilities which were identified related to a single product: Adobe Flash Player. Two of these vulnerabilities were identified in 2009. Sadly, the situation has not improved since 2008, but actually worsened.

The list of the most dangerous applications for 2009 is as follows:

  1. QuickTime
  2. Microsoft Office
  3. Adobe Flash Player

Facebook to Launch 'Zero' Site for Mobile Phones

Via BBC -

The world's biggest social network has revealed details of a stripped-down, text-only version of its mobile site called Facebook Zero.

The low-bandwidth site is aimed at people viewing Facebook on their mobile and will launch "in the coming weeks".

The social network recently said that more than 100 million people now access Facebook from their phone.

Analysts at CCS Insight said that the new site could help operators free-up critical bandwidth on their networks.

Data from industry body the GSM Association recently revealed that Facebook accounts for nearly half of all the time people in the UK spend going online using their phones.

The data showed that people in the UK spent around 2.2bn minutes browsing the social network during December alone.

Facebook said the new site "omits data intensive applications like photos".

"We are discussing it... as an option to make Facebook on the mobile web available to everyone, anywhere and allow operators to encourage more mobile internet usage," said a spokesperson for the firm.

Facebook already offers a slimmed down version of the version of its site - called Facebook Lite - for people with slow or poor internet connections. It is aimed at users in the developing world.

The site was announced at the Mobile World Congress in Barcelona, which runs from 15-18 February.

Wednesday, February 17, 2010

eBay Security Vulnerabilities Found by Researcher

Via -

eBay is working to patch a cross-site request forgery vulnerability recently uncovered by a security researcher. The Avnet researcher also discovered cross-site scripting and blind SQL injection bugs in eBay's online auction site, which eBay has fixed.

eBay is working on a fix for a cross-site request forgery problem that could allow an attacker to change a user's password and get access to that user's account.

The vulnerability is one of several affecting eBay that were recently uncovered and shared with eWEEK by Nir Goldshlager, a researcher with Avnet Information Security Consulting. Among the vulnerabilities are cross-site scripting bugs in the eBay Live Help support page and eBay To Go, which the company fixed by validating user input. In addition, Goldshlager uncovered a blind SQL injection problem in the eBay donations Website.

All of the vulnerabilities have been patched except the CSRF (cross-site request forgery) flaw. According to Chad Greene, eBay's senior manager of global information security, the company has pushed code to the core site to measure the impact of potential fixes for the CSRF problem on the user and will make a decision about how to address the situation in the next three weeks.

"The nature of CSRF means that there isn't a single fix that can be applied in all cases and rolling out the wrong fix could break legitimate user functionality," Greene told eWEEK in an e-mail.


In an interview, Greene said users can report any security issues they find to eBay's security center, and the site works with members of the research community to uncover any vulnerabilities.

"We work with many members of the security community as well as the security industry … we like to do community outreach and educate the user base," Greene said.

Facebook Hit with Class Action Over Privacy Changes

Via -

A class action lawsuit has been filed against Facebook over changes that the social networking site made to its privacy settings last November and December.

The lawsuit, filed in U.S. District Court for the Northern District of California, alleges that the modifications have in reality reduced privacy protections for Facebook users rather than increasing it, as the company had claimed it would.

"Changes to the privacy settings that Facebook implemented and represented to increase User privacy had the outright opposite effect of resulting in the public dissemination of personal information that was originally private," the lawsuit claimed.

Facebook's messaging around the changes were "misleading, confusing and disingenuous," said the lawsuit, which seeks unspecified monetary damages from the company.

A Facebook spokesman insisted that the company had taken all the right measures to inform users about the changes, citing the recent modifications.

"We are confident that the transition process begun more than a month ago was transparent, consistent with people's expectations, and well within the law," said Facebook director of policy communications Barry Schnitt in an e-mail.

"Specifically, the announcement and education campaign by Facebook around the changes was unprecedented in its scope. Any recommended changes to a person's privacy settings were clearly shown to them repeatedly and were not implemented until they accepted these changes," Schnitt said.

Facebook Photo Uploader ActiveX Unspecified Vulnerability

A vulnerability with an unknown impact has been reported in the Facebook Photo Uploader ActiveX control.The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in version 5.5.8. Other versions may also be affected.

Update to the latest version:

The kill-bit has also been set for the
"{0CCA191D-13A6-4E29-B746-314DEE697D83}" CLSID via Microsoft MS10-008

Reported in a Microsoft security bulletin.

Microsoft (MS10-008):

Pakistan Confirms Arrest of Mullah Baradar; Expects More Arrests in Days to Come

Via -

Officials said Mullah Abdul Ghani Baradar and his unnamed comrades had disclosed information about their operations which would help unravel their organisation and lead to more arrests.

Mullah Baradar, who is second only to its supreme leader Mullah Omar, was arrested along with several other militant figures ten days ago, as they were establishing a new Taliban command and training centre in Pakistan's commercial capital.

Senior diplomatic sources said the movement's leadership was targeted as it moved from its base in Quetta, Balochistan, to Karachi.


Major General Athar Abbas, chief spokesman for the Pakistan Army, said it had carried out extensive checks to prove the man they arrested was Mullah Baradar, but declined to give further details of his arrest.

"At the conclusion of detailed identification procedures, it has been confirmed that one of the persons arrested happens to be Mullah Baradar. The place of arrest and operational details cannot be released due to security reasons," he said.

Senior government officials claimed both Mullah Baradar and those arrested with him were giving information they believed would lead to others in the Taliban's new Karachi and Sindh headquarters. They are understood to be in the custody of the country's ISI intelligence agency in the city.

"We're now confident we can bust the whole network they've established in Karachi and Sindh. We're expecting some more arrests in the days to come," a senior military official told The Daily Telegraph.

He said they Taliban leadership had switched from Quetta to Karachi, a city of 16 million people, because it believed they would be harder to detect there.

The timing and motivation behind Mullah Baradar's arrest was the subject of speculation last night amid claims he had been in contact with President Karzai in recent months and was in favour of peace talks.

A spokesman for the Maldives government last night confirmed Taliban figures and Afghan government officials had met for talks on the islands shortly before last month's London Conference. The outcome of the talks is unclear.

Leading Washington-based Pakistan analyst Arif Rafiq suggested Islamabad had finally moved to arrest Mullah Baradar to win favour with the West so it would be able to influence the terms of a any new Afghan settlement following the troop surge. Islamabad wants to ensure it is seen as the guarantor of any deal so that Indian influence is minimised.

Operation Bottom Dollar - U.S. FTC Takes Action on "Work From Home" Scams

Via SunBelt Blog -

The U.S. Federal Trade Commission (FTC) today announced actions against nearly 70 work-at-home and job-placement scammers by federal and state agencies. The commission is calling the combined investigations “Operation Bottom Dollar.”

The FTC filed seven cases against scammers and said there were actions in four older scam cases. The Department of Justice brought 43 criminal actions. A number of them involved help from the U.S. Postal Inspection Service. The Postal Inspection Service brought one civil action and state attorneys general brought 18.

The actions were announced at an FTC press conference today that included officials from the FTC’s Bureau of Consumer Protection, a federal assistant attorney general for the civil division of the department of justice and Ohio’s attorney general.

In one of the cases, scanners victimized more than 100,000 people. FTC obtained a court order temporarily barring operators from continuing their deceptive, tactics and froze their assets pending a court order that would allow the agency to try to return money to victims. Authorities executed search warrants and arrested the two operators of one business.

Two Taliban Commanders Confirm Mullah Baradar Captured

Via The Long War Journal -

Two Taliban commanders based in southern Afghanistan have confirmed that the group's second in command has been captured, but claimed he was detained during the Coalition offensive in Helmand province and not in Karachi.

Mullah Abdul Ghani Baradar, the Afghan Taliban's operational commander and the top deputy to Mullah Omar, was reported yesterday to have been arrested by Pakistan's Inter-Services Intelligence agency several days ago in Pakistan's port city of Karachi.

Baradar has been a longtime leader in the Afghan Taliban and a close confidant of Mullah Mohammad Omar, the spiritual leader of the group. He is said to direct the Taliban's Shura Majlis, or top leadership council. Baradar directed the Taliban's day-to-day operations, and is in close contact with regional military commanders and the shadow governors. He also is said to control the Taliban's purse strings.

Today Taliban commanders Abdul Qayum and Akhtar Mohammad confirmed that Baradar has been arrested, but denied he was captured in Karachi.

Baradar "was captured by foreign troops on Sunday, along with some of his bodyguards, during the operation in Marja," Qayum told Bloomberg, referring to the ongoing operation to oust the Taliban from its stronghold in Helmand province.

Qayum may be none other than Mullah Abdul Qayum Zakir, the Taliban's "surge commander" who is directing operations in southern Afghanistan, although this cannot be confirmed. Zakir was released by the US in December 2007 and sent to Afghanistan, where he was subsequently released by the Afghan government. Zakir quickly rejoined the Taliban and took over operations in the strategic South.

Akhtar Mohammad also told Bloomberg that Baradar was captured by US forces during the operation in Helmand.

Qayum and Akhtar's accounts contradict a statement by Afghan Taliban spokesman Zabihullah Mujahid, who denied Baradar was in custody, immediately after the report of his capture.

"He has not been captured," Mujahid told Reuters within hours after reports of Baradar's arrest broke on Feb. 15. "They want to spread this rumour just to divert the attention of people from their defeats in Marja and confuse the public."

The Taliban have long denied that their Shura Majlis, or executive council, is based in Pakistan. Instead, the Afghan Taliban have stated that their leaders are operating in Afghanistan as the Taliban control much of the country and there is no need to be in Pakistan.

Afghan and Western officials have long maintained, however, that the Taliban shura is based in the city of Quetta in Pakistan's southwestern province of Baluchistan. The Taliban council has even been nicknamed the Quetta Shura.


Clearly, the Afghan Taliban commanders want to push the false idea that its executive council isn't in operating in Pakistan...but all the evidence suggest otherwise.

According to STRATFOR sources, Mullah Baradar was apprehended in Baldia Town — a district in Karachi that also was the scene of a recent attack against a NATO supply vehicle.

China: Cyber Warriors


The Chinese military’s main and unconcealed ambition is to someday be strong enough to take Taiwan by force if it had to. But the details of the balance of power between mainland and Taiwanese forces, across the Straits of Taiwan, have been minutely scrutinized by all parties for decades, and shifts will not happen by surprise. The annual reports from the Pentagon and the Security Review Commission lay out other possible scenarios for conflict, but in my experience it is rare to hear U.S. military or diplomatic officials talk about war with China as a plausible threat. “My view is that the political leadership is principally focused on creating new jobs inside the country,” I was told by retired Admiral Mike McConnell, a former head of the National Security Agency and the director of national intelligence under George W. Bush. Another former U.S. official put it this way: “We tend to think of everything about China as being multiplied by 1.3 billion. The Chinese leadership has to think of everything as being divided by 1.3 billion”—jobs, houses, land. Russell Leigh Moses, who has lived in China for years and lectures at programs to train Chinese officials, notes that the Chinese military, like its counterparts everywhere, is “determined not to be neglected.” But “so many problems occupy the military itself—including learning how to play the political game—that there is no consensus to take on the U.S.”

Yes, circumstances could change, and someday there could be a consensus to “take on the U.S.” But the more you hear about the details, the harder it is to worry seriously about that now. So why should we worry? After conducting this round of interviews, I now lose sleep over something I’d generally ignored: the possibility of a “cyberwar” that could involve attacks from China—but, alarmingly, could also be launched by any number of other states and organizations.

The cyber threat is the idea that organizations or individuals may be spying on, tampering with, or preparing to inflict damage on America’s electronic networks. Google’s recent announcement of widespread spying “originating from China” brought attention to a problem many experts say is sure to grow. China has hundreds of millions of Internet users, mostly young. In any culture, this would mean a large hacker population; in China, where tight control and near chaos often coexist, it means an Internet with plenty of potential outlaws and with carefully directed government efforts, too. In a report for the U.S.-China Economic and Security Review Commission late last year, Northrop Grumman prepared a time line of electronic intrusions and disruptions coming from sites inside China since 1999. In most cases it was impossible to tell whether the activity was amateur or government-planned, the report said. But whatever their source, the disruptions were a problem. And in some instances, the “depth of resources” and the “extremely focused targeting of defense engineering data, US military operational information, and China-related policy information” suggested an effort that would be “difficult at best without some type of state-sponsorship.”


Next, the authorities stressed that Chinese organizations and individuals were a serious source of electronic threats—but far from the only one, or perhaps even the main one. You could take this as good news about U.S.-China relations, but it was usually meant as bad news about the problem as a whole. “The Chinese would be in the top three, maybe the top two, leading problems in cyberspace,” James Lewis, a former diplomat who worked on security and intelligence issues and is now at the Center for Strategic and International Studies, in Washington, told me. “They’re not close to being the primary problem, and there is debate about whether they’re even number two.” Number one in his analysis is Russia, through a combination of state, organized-criminal, and unorganized-individual activity. Number two is Israel—and there are more on the list. “The French are notorious for looking for economic advantage through their intelligence system,” I was told by Ed Giorgio, who has served as the chief code maker and chief code breaker for the National Security Agency. “The Israelis are notorious for looking for political advantage. We have seen Brazil emerge as a source of financial crime, to join Russia, which is guilty of all of the above.” Interestingly, no one suggested that international terrorist groups—as opposed to governments, corporations, or “normal” criminals—are making significant use of electronic networks to inflict damage on Western targets, although some groups rely on the Internet for recruitment, organization, and propagandizing.

This led to another, more surprising theme: that the main damage done to date through cyberwar has involved not theft of military secrets nor acts of electronic sabotage but rather business-versus-business spying.


The final theme was that even though these cyber concerns are not confined to China, the Chinese aspects do deserve consideration on their own, because China’s scale, speed of growth, and complex relationship with the United States make it a unique case. Hackers in Russia or Israel might be more skillful one by one, but with its huge population China simply has more of them. The French might be more aggressive in searching for corporate secrets, but their military need not simultaneously consider how to stop the Seventh Fleet.


Really good article that works to separate some of the FUD from the real possible threats. I say some of the FUD, only because it is almost always impossible to hear the words "cyberwar" without a little FUD attached ;)