Thursday, December 30, 2010

In China, Illegal Rare Earth Mines Face Crackdown

Via (Dec 29, 2010) -

The elderly rice farmer was leading three outsiders into an illegal quarry to show them the gangster-run mine that has poisoned his village’s fields and streams.

Suddenly, a blue Hyundai sport utility vehicle sped up to them in a cloud of red dust. A Toyota pickup pulled up behind, its windows tinted too dark to see how many people might be inside.

“Shove off!” the Hyundai driver screamed at the old man and his visitors, who included an American reporter. “We’re going to carve all of you up, slaughter all of you and burn your car!”

The stooped farmer, Song Zuokai, 81, grunted and began shuffling out of the quarry with his jittery guests.

Such threats are all too common in this region of southern China, long plagued by gangsters who illegally mine some of the world’s most sought-after industrial metals. The gangs reap profits that can rival drug money, while leaving pollution and violence in their wake.

What is new are efforts by China’s national and provincial governments to crack down on the illegal mines, to which local authorities have long turned a blind eye. The efforts coincide with a decision by Beijing to reduce legal exports as well, including an announcement by China’s commerce ministry on Tuesday that export quotas for all rare earth metals will be 35 percent lower in the early months of next year than in the first half of this year.

Rogue operations in southern China produce an estimated half of the world’s supply of heavy rare earths, which are the most valuable kinds of rare earth metals. Heavy rare earths are increasingly vital to the global manufacture of a range of high-technology products — including iPhones, BlackBerrys, flat-panel televisions, lasers, hybrid cars and wind-power turbines, as well as a lot of military hardware.

China mines 99 percent of the global supply of heavy rare earths, with legal, state-owned mines mainly accounting for the rest of China’s output. That means the Chinese government’s only effective competitors in producing these valuable commodities are the crime rings within the country’s borders.

And so Beijing, intent on maintaining its global chokehold on all rare earths, has begun an energetic campaign to crush the crime syndicates that dominate the open-pit mines in this part of Guangdong Province, home to most of southern China’s mining areas for heavy rare earths.

Whatever dent the crackdown may make in pollution and violence, industry executives say the effort is already putting additional crimps in global supplies of rare earths — whose exports Beijing has jealously controlled and whose prices have soared in response to rising industrial demand and a dearth of supply alternatives to China.

“We do believe that this source of supply is diminishing, and there is some evidence leakage over the border into Vietnam is diminishing,” said Judith Chegwidden, a managing director specializing in rare earths at Roskill Consulting Group in London.

Prices have soared for rare earth elements mined almost exclusively here in the red clay hills of southern China: dysprosium, terbium and europium.

According to a new United States Energy Department report, the most important of these for clean energy is dysprosium. Its price is now $132 a pound, compared with $6.50 a pound in 2003.


In the last few months, the government has deployed helicopter patrols to spot illegal mines. Teams of dozens of police officers have conducted raids into the hills of northern Guangdong and arrested at least 100 owners and managers of rare earth mines and refineries, said a Chinese mining expert who insisted on anonymity because of the issue’s political risks. Government workers equipped with blowtorches have accompanied the police to cut apart illegal mining equipment and either seize it or distribute it to peasants for sale as scrap.

Chinese officials declined requests for comment.

The gangs have terrorized villagers who dare to complain about the many tons of sulfuric acid and other chemicals being dumped into streambeds during the processing of ore. Illegal rare earth mining and chemical runoff have poisoned thousands of acres of prime farmland, according to the government of Guangdong Province, and have been blamed for many illnesses.


For manufacturers dependent on rare earths, any moral or ethical implications of the crackdown on illegal mines may be too diffuse to identify. It is typically impossible to trace rare earths back to the mine where they were originally produced, industry executives say, because even legal mines frequently trade raw material with illegal ones, depending on whether the legitimate operators have met their production quotas.

The picture is further blurred by various middlemen who buy rare earth products from legal and illegal refineries alike and mix them before reselling.


China and Rare Earth Metals: the good, the bad and the not as ugly as it seems

Getting the facts straight never hurts, and every once in a while it really matters. The current brouhaha over China’s decision to cut its exports of rare earths falls in the latter category. So here is my best effort to get at the facts.


Several other countries, such as the United States, Australia, and Mongolia also possess rare earths. It will take time to gear up their largely dormant rare earth industries again, but it will happen. In the meantime, stockpiles and high prices will be in everyone’s future.

The other piece of good news—when Chinese companies have come calling to buy-up rare earth reserves abroad, others have generally been smart enough to say “no.” Just a bit over a year ago, Australia barred the China Non-ferrous Metal Mining group from taking a majority stake in rare-earth producer Lynas Corp.


There may well be more challenges to come. In China, the Ministry of Industry and Information Technology has proposed a five-year plan that includes a total ban on the export of five of the metals and a significant drop in the export of a number of others, such as neodymium.

Resource-scarce Japan, who might be thought of as the little piggy who built the brick house, is making deals for other sources of rare earths and trying to develop alternatives for them. It’s clear that a whole new generation of non-rare earth high-tech products will have to come on line; the United States and everyone else should follow Japan’s lead now.

Wednesday, December 29, 2010

Sudan Under Anti-war Satellite Surveillance

Via CNET -

The Satellite Sentinel Project, launched today, will be monitoring Sudan from above and sharing information with the world in near real-time in an effort to deter violence.

The oil-rich southern region of Sudan is poised to hold a referendum on January 9 that could decide whether Sudan remains one country, or becomes politically divided into north and south entities. Many expect that there will be violence leading up to the vote, as well as after it, and that the Sudan could once again descend into chaos as it did during its 20-year war in which an estimated 2 million people were killed as of 2005.

The Satellite Sentinel Project aims to deter that violence--or at the very least act as a recorder of war crimes should they occur--by pointing cameras aboard commercial satellites at the region starting today. Through satellite imagery analysis and crowd-sourced mapping, which can be viewed via programs using Google Maps and Google Earth, the eyes of anyone with an Internet connection will be able to watch what is happening in the border region of northern and southern Sudan in the coming weeks.

The project is being conducted through a partnership with the Operational Satellite Applications Program (Unosat) from the the United Nations Institute for Training and Research (Unitar), Harvard University's Harvard Humanitarian Initiative, Google, Internet software company Trellon, and the Enough Project anti-genocide organization.

It's being funded by the aptly named Not On Our Watch, a humanitarian advocacy organization whose founding members include actors George Clooney, Don Cheadle, Matt Damon, and Brad Pitt; film producer Jerry Weintraub; and human rights lawyer and former State Department aide David Pressman.


Commercial satellites have been tapped to collect visual data of the region and have the ability to capture incidents like village burnings or razings, large movements of people, and bombings. Each organization involved has a specific role in how that data is used in the coming months, according to the Satellite Sentinel Project.

A team of Unosat employees expert in satellite analysis will examine the images from offices in Geneva, Switzerland, in conjunction with Google and Trellon employees, according to Unitar.


Google and Trellon have collaborated on analysis and Internet tools to make the collected satellite information also available to the public. Meanwhile, workers from the Enough Project and the Harvard Humanitarian Initiative will contribute field reports from the ground in the Sudan.


Not On Our Watch, for its part, has provided enough funding to run the program for at least six months and is acting as a media conduit to shed light on the issue and encourage political action to deter the violence.

In addition to the images and mapping, the Satellite Sentinel also has a blog about the situation in the Sudan and is posting the field reports from workers in organizations like the Enough Project.

Danish Security Foils 'Imminent' Terror Attack

Via VOA News -

Denmark's intelligence service says it has arrested four people plotting what it called an "imminent" terrorist attack against the Jyllands-Posten newspaper, which printed controversial cartoons of the Prophet Muhammad.

The head of the agency, Jakob Scharf, described some of the suspects as "militant Islamists." He said the group had been planning to enter the newspaper's building and kill as many people as possible.

Danish officials said the four arrested were a 44-year-old Tunisian, a 29-year-old born in Lebanon, an Iraqi asylum-seeker and a fourth whose origin was not yet clear. Three of them are residents of neighboring Sweden.

Police in Sweden arrested a fifth man, a Swedish citizen of Tunisian origin believed to be linked to the plot.

Danish and Swedish security officials said Wednesday they had worked in close cooperation to foil the terror plot.

Jyllands-Posten published cartoons depicting the Prophet Muhammad several years ago -- sparking protests by Muslim communities around the world. There have been several attempted attacks against the newspaper and the cartoonist since then.

Swedish police said Wednesday's arrests did not appear to be related to the December 11 bombing in central Stockholm, when a Swedish man of Iraqi origin killed himself and wounded two others.

Monday, December 27, 2010

Al-Shabab Threatens to Attack United States

Via (English) -

The leader of Somalia's main armed group al-Shabab has threatened to attack the United States if Barack Obama, the US president, does not embrace Islam.

The group has not launched an attack outside Africa but western intelligence agencies have long been concerned about the group targetting young Somali-Americans for recruitment.

"We tell the American President Barack Obama to embrace Islam before we come to his country," Fuad Mohamed "Shongole" Qalaf, one of the rebel leaders, said in a radio broadcast on Monday.

The message was recorded in the town of Afgoye, near the Somali capital of Mogadishu during a meeting of Qalaf and Sheik Hassan Dahir Aweys, the former leader of the Islamic Party, another armed group.

The two movements had clashed several times previously but announced a merger last week.

Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to execute arbitrary code. This issue is caused by a buffer overflow error in the Fax Cover Page Editor (fxscover.exe) utility when processing a cover file ".cov" containing malformed data, which could be exploited by attackers to crash an affected application or compromise a vulnerable system by tricking a user into opening a malicious cover file via a vulnerable application.

The Fax Cover Page Editor (fxscover.exe) utility is installed with the "Fax Services" on Windows XP and Windows Server 2003 (disabled by default) and is available via the "Windows Fax and Scan" program on Windows Vista, Windows Server 2008, and Windows 7 (enabled by default).

VUPEN has confirmed this vulnerability with Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows 7 Ultimate.

Sunday, December 26, 2010, and Hacked

Via Krebs on Secuirty -, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are exploit database and, the home of Backtrack, an open source “live CD” distribution of Linux.

The hacks were detailed in the second edition of “Owned and Exposed,” an ezine whose first edition in May included the internal database and thousands of stolen credit card numbers and passwords from The Christmas version of the ezine doesn’t feature credit card numbers, but it does list the user names and hashed passwords of the forum administrators. The forum itself appears to be down at the moment.

Mati Aharoni, the main administrator for both and, confirmed that the hacks against his sites were legitimate. Shortly after my e-mail, Aharoni replied with a link to a short statement, noting that a hacking team called inj3ct0r initially took credit for the attack, only to find itself also targeted and shamed in this edition of Owned and Exposed.

“There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion,” Aharoni wrote. “Initially, the inj3ct0r team took ‘creds’ for the hack, which quickly proved false as the original ezine showed up – and now inj3ct0r (their new site) is no longer online. As a wise Chinese man once said: ‘do not anger one who has shell on your server’. The zine also mentioned other sites, as well as the ettercap project being backdoored.”
To his credit, Aharoni posted a link to the 2nd edition of Owned and Exposed.

“The irony of posting your zine in our papers section is not lost on us,” Aharoni wrote.


Issue #2 - Owned and Exposed

Photo of the Day - Christmas Skyline of Hong Kong

Christmas Skyline of Hong Kong


This photo was taken by Mark Heng on December 12, 2010 using a Canon Digital IXUS 75.

Friday, December 24, 2010

United States & United Nations Designate Al-Quso Terrorist

Via VOA News -

The United States and the United Nations have listed Al-Qaida in the Arabian Peninsula fugitive Fahd al-Quso as a Specially Designated Terrorist. These actions will help stem the flow of finances to and inhibit the travel of this dangerous operative.

"The designation of Fahd al-Quso highlights U.S. action against the threat posed to the United States by al-Qaida in the Arabian Peninsula," said U.S. Ambassador for Counterterrorism Daniel Benjamin. The "joint designation by the United States and the United Nations alerts the public that Fahd al-Quso is actively engaged in terrorism. These actions," said Ambassador Benjamin, "expose and isolate individuals like al-Quso and result in denial of access to the global financial system."

Prior to the formation of al-Qaida in the Arabian Peninsula, or AQAP, al-Quso was associated with al-Qaida elements in Yemen and involved in the 2002 USS Cole bombing in the Port of Aden, which killed seventeen sailors. He was jailed in Yemen in 2002 for his part in the attack. Following al-Quso's release from prison in 2007, he joined al-Qaida in Yemen. In November 2009, al-Quso was added to the list of the FBI's most wanted terrorists. Al-Quso is connected to other designated AQAP senior leaders, including Anwar al-Awlaqi, Nasir al-Wahishi, and Said Ali al-Shiri, and acts as a cell leader in Yemen. In May 2010, al-Quso appeared in an al-Qaida in the Arabian Peninsula video in which he threatened to attack the U.S. homeland, as well as U.S. embassies and naval vessels abroad.


US State Dept Statement (Dec 7, 2010)
Today the Secretary of State announced the designation of al-Qa’ida in the Arabian Peninsula (AQAP) operative Fahd alQuso as a Specially Designated Global Terrorist under Executive Order 13224, which targets terrorists and those providing support to terrorists or acts of terrorism. Al-Quso was also added to the United Nations (UN) 1267 Sanctions Committee’s Consolidated List of individuals associated with al Qa’ida and the Taliban. These actions will help stem the flow of finances to, and inhibit the travel of, this dangerous operative.

Pakistan: Al-Qaeda and the Taliban Distribute USB Thumb Drives to Teach Bombmaking

Via Central Asia Online -

Al-Qaeda and the Taliban are disseminating guidelines for making bombs and thwarting explosive detection equipment to supporters and potential recruits, sources have told Central Asia Online.

Instead of relying on email, websites or brochures, terrorists are now using Universal Serial Bus (USB) memory sticks to share information with youngsters at risk of joining the militancy, a student of Dawood Engineering College said, requesting anonymity.

“Recently, the Taliban activists have distributed several USBs of al-Qaeda in Karachi to train the youngsters to make explosive devices,” he said. In the USBs, one of which Central Asia Online received, al-Qaeda included the November 2010 edition of its magazine that promotes extremism; techniques for turning common electronic devices into bombs; and ways to smuggle such items past airport security.

Al-Qaeda has vowed to share its technical expertise with followers abroad so they could make bombs in their own countries.

“Al-Qaeda and the Taliban’s move to penetrate our young generation seemed a new strategy of the enemies of Pakistan, Islam and humanity,” Sindh Police Criminal Investigation Department (CID) Chief Choudhry Aslam told Central Asia Online. “We are not aware of this new move of the terrorists.”

Police will investigate the matter and take action against terrorists who are influencing young Pakistanis into defaming Pakistan as militants, he added.

The CID has been on the forefront of work to destroy the network of al-Qaeda and Taliban in Karachi in recent months, he said. The police will continue to act firmly against terrorists, he vowed.

Hizbul Islam Joins Shabaab in Somalia

Via The Long War Journal -

Sheikh Hassan Dahir Aweys, the leader of Hizbul Islam, has merged his forces with Shabaab, al Qaeda's affiliate in Somalia, after suffering a string of military defeats at the hands of the rival Islamist terror group.

Aweys, who is also linked to al Qaeda, joined Shabaab today and turned over Hizbul Islam's bases in Mogadishu and areas south of the capital, Mareeg Online reported. It is unclear if Aweys will take a senior leadership position in Shabaab's increasingly foreign-dominated leadership cadre.

Shabaab's takeover of Hizbul Islam will allow the terror group to put aside the intra-Islamist fighting, and will free up fighters and resources to battle the weak Somali government and African Union forces struggling to retake control of Mogadishu.

Since it was formed in January 2009, Hizbul Islam has been fighting a losing battle against Shabaab, its Islamist rival in Somalia. Throughout 2009, relations between Shabaab and Hizbul Islam worsened after the groups began to battle in Kismayo over control of the southern port city. In February 2010, the Ras Kamboni Brigade, once a Hizbul Islam faction, broke ties with Hizbul Islam and merged with Shabaab. Hizbul Islam has been losing ground to Shabaab in central and southern Somalia ever since the Ras Kamboni Brigade defected.


While many counterterrorism analysts and African experts consider Hizbul Islam a domestic, nationalist insurgency with no links to foreign terror groups, its top leader has close ties to al Qaeda. Sheikh Hassan Dahir Aweys is wanted by the US for his links to al Qaeda. He is also on the United Nations' terrorist sanctions list, again for his ties to al Qaeda.


ther Hizbul Islam leaders have expressed their support for al Qaeda. In April 2010, Moallim Hashi Mohamed Farah, then the top leader for Hizbul Islam in Banadir province, welcomed Osama bin Laden and other foreign fighters to visit Somalia and fight alongside his forces.

Shabaab and Hizbul Islam sought to merge forces during the summer of 2009, and have been in constant talks since then. But local disputes between factions of the two terror groups prevented the merger from taking place.

Hizbul Islam was created in January 2009 with the merger of four separate Islamist groups: Aweys' Alliance for the Re-Liberation of Somalia-Eritrea, a wing of the Islamic Courts Union; the Ras Kamboni Brigade; Jabhatul Islamiya (the Islamic Front); and Anole.


STRATFOR Dispatch: Al Shabaab's Increasing Power
The three main factions of jihadists, or Islamists, in Somalia: there is the dominant faction of al Shabaab that is globalist and jihadist in its aim led by an individual known as Godane Abu Zubayr. The second faction of al Shabaab is the nationalist wing of al Shabaab, led by a commander known as Muktar Robow, also known as Abu Mansur. Now this Hizbul Islam faction is led by an old-time warlord and Somali nationalist leader whose name is Sheikh Hassan Dahir Aweys. Now the Godane wing of al Shabaab essentially issued a threat to Aweys’ group of Hizbul Islam basically saying “join us or die,” and after a series of clashes over the last couple of weeks, Aweys’ group basically conceded. Now this significance is less in the number of troops that the Awey’s faction of Hizbul Islam brings to al Shabaab, but the significance is rather of the Godane-led dominant faction of al Shabaab, eliminating internal dissents which ultimately would lead to its defeat if it festered. While these internal tensions are never going to be fully eliminated, Godane must fight these. He has no choice but to eliminate internal tensions that are on the radar of his enemies, such as the Somali government and its backers.

Preliminary Approval Given to New START by Russia Parliament

Via LA Times -

After just a few hours of debate, the lower house of Russia's parliament on Friday gave overwhelming preliminary approval to the New START arms treaty with the United States. The vote set the stage for its likely easy approval in the new year.

Lawmakers in the State Duma voted 350-59 to approve the treaty on its first reading. Two more votes in the lower house, on the second and third readings, and balloting in the upper house were put off until January.

However, experts said legislators of both houses are expected to fall in line with the Kremlin, which has given strong support to a treaty designed to sharply reduce the number of nuclear warheads and launchers in Russia and the United States.

"Today's ratification in the State Duma marks the completion of a most important achievement in the entire history of the U.S.-Russian recent reset in the relations," said Andrei Kortunov, president of the New Eurasia Foundation, a Moscow-based think tank. "This success is hard to overestimate from the point of view of the real disarmament process, and today we can say that the skeptics of the reset were proved wrong."

Thursday, December 23, 2010

Burma Bombshell

Via Council on Foreign Relations (CRF) -

Many minor Wikileaks scoops have attracted media notice—like the fact that Libyan leader Muammar Qaddafi apparently always travels with a buxom Ukrainian “nurse”—but one frightening disclosure in particular has not received nearly enough attention. In several cables written from the U.S. embassy in Rangoon, the largest city (and former capital) of Burma, diplomats provided information about the Burmese junta's potential cooperation with North Korea, including details of what may be nascent nuclear and missile programs.

In one cable, from back in 2004, American officials reported that sources told them North Korean workers potentially were helping the junta build a ballistic missile program at one secret military site inside Burma. In another cable, a source told U.S. officials of reports that Burma is importing significant quantities of ore, possibly in order to be refined into uranium. In still another cable, sources reported on more details of covert military co-operation between Burma and North Korea, including on potential nuclear production.


Why won't foreign governments consider the possibility? Denying that Burma could be trying to construct a nuclear or missile program fits into a larger pattern of mistaken thinking about the junta—a pattern that involves seeing the regime as crazy, unpredictable, or even stupid. This attitude is evident in much of the media coverage of the country, which focuses on the junta's superstitions—it has used astrologers to help it pick propitious dates—or other bizarre tendencies. In conversations with officials from another, wealthier Asian nation last year, I was repeatedly told how hard it was to deal with the junta because its leaders have little education. Former Singaporean Prime Minister Lee Kuan Yew has been blunter, telling American diplomats, in one conversation captured in a Wikileaks-released cable, that the junta is “dense.”

To be sure, building a nuclear program is a serious undertaking—witness the trouble Iran is having—and the impoverished and relatively isolated Burmese junta would face an uphill climb. What's more, to produce a nuclear program, Burma would likely have to alienate its major patron, China, which certainly has no interest in having another nuclear state right on its border. And, even if the junta is importing workers and knowledge from North Korea, that doesn't absolutely mean it will, or can, build nukes or missiles.


There could be another explanation for U.S. denial of Burma's nuclear ambitions: Burma expert Bertil Lintner has suggested in the Asia Times that some lower-ranking U.S. officials may be trying to play down evidence of a nuclear program so as not to threaten the Obama administration's new policy of engagement with the junta. But even if this were the reason—in whole or in part—for Washington's quiet approach, it would still be yet another example of U.S. naivete when it comes to Burma. After all, engagement doesn't seem to be working: Another Wikileaks-released cable reveals that U.S. officials have suggested junta leader Than Shwe might be willing to make compromises in order to gain closer relations with the United States—compromises that we have yet to see.

In the end, neither the hope of engagement nor a faith in the regime's essential incompetence seem like good reasons to play down the nuclear issue. To be fair, the Obama administration doesn't lack for major headaches around the world. But it might be time to add this one to the list.

Indian Police Issue Terror Alert in Mumbai

Via CNN -

Police issued an alert Thursday in Mumbai, saying four members of a militant group had entered the Indian city and were suspected of plotting violence on the Christmas and New Year's holidays.

Himanshu Roy, Mumbai's joint commissioner of police, said the suspected terrorists belong to Lashkar-e-Tayyiba, the Pakistan-based group that was blamed for a violent siege on Mumbai in November 2008.

The four men were identified as Abdul Kareem Moosa, Noor Abu Ilahi, Walid Jinnah and Mahfooz Alam, each between 20 and 30 years old. At a news conference, Roy released a sketch of Jinnah.
Roy said the four recently "sneaked into the city to carry out extremely dangerous activity."
He had no information on their nationalities.

Lashkar-e-Tayyiba is on the U.S. State Department's list of terrorist organizations, and last month the U.S. Treasury said it is prohibiting Americans from "engaging in any transactions" with that group.

The Treasury cited Azam Cheema, who helped train operatives for the 2008 Mumbai attacks and was the "mastermind" behind Mumbai train bombings carried out by Lashkar-e-Tayyiba in 2006.


Wikipedia: Lashkar-e-Taiba (LeT)

Lashkar-e-Taiba had links to Jama'at-ud-Da'wah (JuD), however Jama'at-ud-Da'wah publicly retracted any association with them after the United States Department of State declared Lashkar-e-Taiba to be a terrorist organization.

What’s Inside the New Nuke Arms Treaty

Via (Danger Room) -

Back from the brink of annihilation, the Obama administration’s treaty with Russia on reducing nuclear weapons is looking like it’ll pass the Senate after all, possibly as early as Wednesday. The only thing that everyone’s overlooked in the past several months’ political theater over the treaty is what it actually does — and doesn’t do. So we’re here to help.

The headlines first: New START caps strategic nuclear warheads at 1,550 on each side. (According to the nuke wonks at the Ploughshares Fund, the Russians have 2,600 strategic nuclear weapons and the United States has just under 2,000.) The intercontinental ballistic missiles, subs and bombers that deliver them have to be capped at 800 deployed and non-deployed launchers.

By most arms-control experts’ accounts, these are pretty modest cuts, still allowing each side to incinerate the Earth several times over.

Additionally, every year, each side will conduct 18 on-site inspections at places where those warheads and delivery vehicles are stored. That’s 10 annual inspections fewer than under the old treaty, but more data is extracted from each inspection. The 1991 predecessor treaty only allowed inspectors to count launchers and approximate the number of warheads they contained, for instance, but the new Strategic Arms Reduction Treaty requires the United States and Russia to individually catalog each weapon with its distinct warhead payload.


Here’s one aspect of the missile-counting that pertains to the treaty’s key sticking point from Senate Republicans: missile defense. “A missile of a type developed and tested solely to intercept and counter objects not located on the surface of the Earth shall not be considered a ballistic missile to which the provisions of this Treaty apply,” the treaty reads. And that leads to what the treaty doesn’t do.

The treaty doesn’t limit missile defense. The closest it comes is to bar each side from converting its intercontinental and sub-launched ballistic-missile launchers into delivery mechanisms for anti-ballistic-missile interceptors.

Lt. Gen. Patrick O’Reilly, the director of the Missile Defense Agency, testified to the Senate Foreign Relations Committee in June that there aren’t any plans anyway to convert ICBM launchers for missile defense and that repurposing sub launchers for missile defense “would be very expensive and impractical.” In other words, he said, “the new START treaty does not constrain our plans to execute the U.S. missile defense program,” and its new provisions for counting missiles and expanded telemetry data-sharing “reduces constraints on the development of the missile defense program.”

What it also doesn’t do: Reduce any of the forward-deployed, short-range nuclear weapons each side possesses.

WikiLeaks revealed that the United States still has tactical nuclear weapons in Germany, the Netherlands, Belgium and Turkey. U.S. spies believe that Russians have moved their own tactical nuclear weapons closer to their western borders, scaring some of the eastern-European NATO members. (Although Poland’s foreign minister urged the Senate to ratify the new START last month.)

But Danger Room pal Jeffrey Lewis summed up the problem with using the no-tactical-nuke-reductions in the treaty as an argument against ratification: “Do you know why the New START treaty doesn’t deal with tactical nuclear weapons? Because it starts with a f’cking S, that’s why.” In other words, if anyone wants a follow-on treaty for limiting tactical nuclear weapons, that’s got to wait for another treaty. And the only way to get the Russians to agree to another treaty is to ratify this one.

MPs in Russia could approve a new strategic arms reduction treaty with the US as early as tomorrow after President Dmitry Medvedev welcomed the pact.

The country's overwhelmingly pro-Kremlin parliament is likely to push the agreement through swiftly, despite doubts over Washington's desire to station a missile defence shield in Europe.

Medvedev's office said today he was "pleased to learn that the United States Senate has ratified the Start Treaty and expressed hope that the State Duma and the Federation Council [lower and upper houses of parliament] will be ready to consider this issue shortly and to ratify the document".

Microsoft Warns On New Browser Vulnerability

Via -

Microsoft on Wednesday issued a security advisory to users of its Internet Explorer Web browser about a newly disclosed vulnerability that could be exploited and used to run malicious code on vulnerable Windows systems.

The Redmond, Washington company said it is investigating new, public reports of a vulnerability in all supported versions of IE. The company said it is working on a patch and cooperating with anti malware vendors in its Microsoft Active Protections Program (MAPP) and Microsoft Security Response Alliance to help expedite the distribution of protections against exploits using the hole. However, the company cautioned that the newly discovered vulnerability is not serious enough to warrant an out of cycle patch.

As reported by Threatpost, the new vulnerability was first disclosed by the IT security firm Vupen on December 9 and affects most versions of Microsoft's Internet Explorer Web browser. If exploited, the hole could allow remote attackers to circumvent defensive features in fully patched WIndows 7 and Windows Vista machines, and attack Microsoft's latest version of Internet Explorer, IE8 to run malicious code on vulnerable systems.


In its advisory, Microsoft said that existing features like IE Protected Mode and the default Enhanced Security Configuration for newer versions of IE on Windows Server 2003 and 2008 would mitigate the impact of the vulnerability by reducing the privileges that attackers have on Windows systems should they successfully compromise IE.

However, a version of a public exploit has already been added to the Metasploit Framework, a free testing tool. That, when combined with other attack techniques, could allow attackers to circumvent more recent Microsoft protections such as Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR), which are specifically designed to thwart malicious code.

In a separate post, Fermin J. Serna, a Security Software Engineer at Microsoft explained how those technologies might be circumented and suggested a workaround to prevent them from being defeated in an attack using the new IE hole.


Internet Explorer CSS Recursive Import Use After Free

Microsoft - SRD
New Internet Explorer vulnerability affecting all versions of IE
Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process.

Recommendation: Use Enhanced Mitigation Experience Toolkit (EMET) to dynamically rebase all loaded DLLs (aka Mandatory ASLR)

Wednesday, December 22, 2010

Assessing an IIS FTP 7.5 Unauthenticated Denial of Service Vulnerability

Via Microsoft SRD -

There has been some discussion around a publicly posted PoC code that exploits a vulnerability in IIS FTP 7.5, which ships with Windows 7 and Windows Server 2008 R2. Our engineering team is looking into the situation and has made a few preliminary observations that might clear up some confusion. We’ve observed three notable characteristics.

First, this is a Denial of Service vulnerability and remote code execution is unlikely. The vulnerability occurs when the FTP server attempts to encode Telnet IAC (Interpret As Command) character in the FTP response. The IAC character, which is represented as decimal 255 (Hex FF) in the response, needs to be encoded by the addition of another decimal 255 character in the FTP response where we find the presence of the IAC character. Due to an error in this processing, it is possible to get into a state where an attacker could overwrite a portion of the response with a string of 0xFFs even past the end of the heap buffer, resulting in a heap buffer overrun.

In that situation, the only data that a malicious client controls in this overrun is the number of bytes by which the buffer is overrun. It cannot control the data that is overwritten -- the data will always be the IAC character 0xFF. Also, the malicious client does not control the addresses where data is overridden, and the data is always overridden in a sequential manner. The FTP service 7.5 is also protected by Data Execution Prevention (DEP). The combination of these characteristics makes it difficult to successfully execute a heap spray or partial function pointer override attack. Because of the nature of the overrun, the probable result will only be a denial of service and not code execution.

Our second discovery is that this vulnerability only affects IIS FTP Service and leaves the IIS Web Services completely unaffected. Hence a Denial of Service on the FTP service will not affect any of the web services hosted by IIS but only the FTP service.

Third and finally, the IIS FTP Service is not installed by default, and even after installation, it is not enabled by default.


We’ll continue to investigate this issue and, if necessary, we‘ll take appropriate action to help protect customers. This may include providing a security update through the monthly release process or additional guidance to help customers protect themselves.


Vulnerability Note VU#842372
Microsoft IIS FTP server memory corruption vulnerability

Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC

STRATFOR: Organized Crime vs. Terrorism

Analyst Reva Bhalla uses the Mexican drug cartel war to examine the differences between an organized criminal group and a terrorist organization.

"Mexican lawmakers recently passed legislation defining punishment for acts of terrorism. The most interesting aspect of this law is what was encompassed in that definition of terrorism, which could apply to cartel-related activities. This could be an emerging tactic by the Mexican government to politically characterize cartel-related activities as terrorism and use that as a way to undermine popular support for organized criminal activity in Mexico."

Tuesday, December 21, 2010

New URL Shortener Hijacks Browsers for DDoS

Via -

In order to outline the dangers of implicitly trusting shortened URLs, a student has launched a service which generates links that take users to their destination, but also hijack their browsers for DDoS.

Called, the service is the creation of Ben Schmidt (@supernothing307), a computer science major at University of Tulsa, who describes himself as a security enthusiast.

The URL shortener was inspired by the recent distributed denial of service (DDoS) attacks launched by Anonymous and in particular the Web version of the group's Low Orbit Ion Canon (LOIC) tool.

This recently created JavaScript-based LOIC allows people to voluntarily join a DDoS effort by visiting a Web page instead of installing an application on their computers.

The tool works by modifying an image tag's src attribute in order to force the browser to continuously send HTTP requests to the targeted server.

[...] was released as a proof-of-concept and works by loading the destination page in an transparent iframe. The source code is freely available under GPL.

To use the service, attackers must specify the destination link and the URL to be targeted. The title of the page can also be configured. The resulting short URL can then be spread on social media websites in order to attract as many visitors as possible.

People who click on the link will have no indication that something is wrong, except for the url in the address bar, which doesn't change from

Meanwhile, in the background, their computer will send hundreds of requests per minute to the target URL. The more time spent on the legit destination page, the more effective the attack is.

"My implementation of this attack is, at best, a hack job, but was merely meant to illustrate how easy it is to actually implement, how simple it is to launch a DDoS simply by getting people to follow a link, and how seriously our reliance on URL shorteners can affect security," Schmidt concludes.

Sunday, December 19, 2010

Mexico and the Cartel Wars in 2010

Via STARTFOR (Security Weekly) -

In our 2010 annual report on Mexico’s drug cartels, we assess the most significant developments of the past year and provide an updated description of the dynamics among the country’s powerful drug-trafficking organizations, along with an account of the government’s effort to combat the cartels and a forecast of the battle in 2011. The annual cartel report is a product of the coverage STRATFOR maintains on a weekly basis through our Mexico Security Memo as well as other analyses we produce throughout the year. In response to customer requests for more and deeper coverage of Mexico, STRATFOR will also introduce a new product in 2011 designed to provide an enhanced level of reporting and analysis.

In 2010, the cartel wars in Mexico have produced unprecedented levels of violence throughout the country. No longer concentrated in just a few states, the violence has spread all across the northern tier of border states and along much of both the east and west coasts of Mexico. This year’s drug-related homicides have surpassed 11,000, an increase of more than 4,400 deaths from 2009 and more than double the death toll in 2008.


After being named the most violent organized-crime group in Mexico by former Mexican Attorney General Eduardo Medina Mora in 2009, LFM [La Familia Michoacana] has been largely a background player in 2010 and was active on two main fronts: the offensive against Los Zetas as part of the New Federation in northeastern Mexico and the fight against elements of the CPS [Cartel Pacifico Sur] and Los Zetas in southern Michoacan and Guerrero states, particularly around the resort area of Acapulco.


On the business-operations side, Sinaloa has made inroads in other regions and other continents. As noted above, the organization also has reportedly made progress in extending its control over the lucrative Tijuana smuggling corridor and is making significant progress in asserting control over the Juarez corridor.


Additionally, STRATFOR sources continue to report a sustained effort by the Sinaloa Federation to expand its logistical network farther into Europe and its influence deeper into Central America and South America.


The successes that the Calderon administration has scored against some major cartel figures such as La Barbie and El Nacho in 2010 have helped foster some public confidence in the war against the cartels, but disruptions to the balance of power among the cartels have added to the violence, which is clearly evidenced by the steep climb in the death toll. As long as the cartel landscape remains fluid, with the balance of power between the cartels and the government in a constant state of flux, the violence is unlikely to end or even recede.

Friday, December 17, 2010

Reconnaissance Drone Crash in El Paso Under Investigation

Via CNN -

Federal authorities were investigating Friday the circumstances of a drone that crashed in El Paso, Texas, this week, which U.S. officials said originated in Mexico.

But Rocio Torres, a spokeswoman for the Mexican attorney general's office, disputed that the drone belonged to that country.

"We have no information with respect to the plane that you're referring to that was found in Texas and said to be Mexican," Torres said, adding that she consulted with other Mexican government officials.

But U.S. National Transportation Safety Board spokesman Keith Holloway said he believed that the drone "was owned by the government of Mexico, and I think they were the operators."

"There was a drone that crashed on Tuesday, and we are collecting data," Holloway said. "We are not sending anyone down to the scene. We are collecting information to see what occurred."

The crash of an unmanned aerial vehicle from Mexico would be a first on U.S. soil, said U.S. Customs and Border Protection Special Operations Supervisor Ramiro Cordero.

Holloway said the craft was an Orbiter Mini UAV designed by Aeronautics Defense Systems, whose website describes it as "a compact and lightweight system designed for use in military and homeland security operations" and "the ultimate solution for over-the-hill reconnaissance missions, low-intensity conflicts and urban warfare operations."


Unmanned drones are routinely used by the U.S. Department of Homeland Security to look for illegal immigration on the U.S.-Mexico border.

Cordero said a resident called his agency Tuesday evening "about something in front of his property."

The agency picked up the device and consulted with officials in the Department of Homeland Security and the U.S. Consulate in Juarez, Mexico. "We determined it was the property of the Mexican government," Cordero said.


According to an update on CNN....
Mexican Attorney General spokeswoman Rocio Torres denied her country's involvement with the drone Friday, but later in the day, another Mexican official said the drone was being operated by the Ministry of Public Security and was following a target at the time of the mechanical malfunction.

The Mexican official did not know the nature of the surveillance but said "we know they were following a target." He did not know how the malfunction affected that operation, if at all.
Ricardo Alday, a spokesman for the Mexican Embassy in the United States, also said the drone belonged to Mexico and was part of an operation in coordination with the U.S. government.

"It was flying on the Mexican side of the border when it had a mechanical malfunction," Alday said. "It is my understanding both Mexican and U.S. authorities were fully cognizant of what was going on in the area."

Wednesday, December 15, 2010

Malvertisements on Top 1000 Sites: the Weekend in Review

Via -

The past weekend has been rich in malware on several Top 1000 Sites such as the Drudge Report and Ziddu, Adtech ( / Advertserve (, Google / Double Click & Microsoft AdNetworks.

On the 10th of December people surfing to were hit by a malware drive-by download caused by the major advertising network Adtech which uses AdvertSERVE, a hosted ad serving solution powered by Renegade Internet's AdvertPRO software.

Tuesday, December 14, 2010

Undercut by Microsoft, Russia Drops Piracy Case

Via (Dec 5, 2010) -

The authorities have dismissed software piracy charges against one of Russia’s most well-known environmental groups after Microsoft indicated that it would no longer support the case.

The police in the Siberian city of Irkutsk raided the offices of the group, Baikal Environmental Wave, in January and confiscated 12 computers, all but paralyzing its operations. Investigators said they believed that Baikal Wave had unlicensed Microsoft software on its computers, but the environmentalists said the motivation was entirely political.

The authorities dropped the charges after The New York Times published an extensive account of the case on Sept. 12 that prompted Microsoft to overhaul its policies in Russia.


t appears that the authorities could not move forward in part because Microsoft would no longer help them.

The day after the article was published in The Times, Microsoft apologized for its role in these cases and indicated it would no longer have any involvement in them. The decision would seem to have made it very difficult for the authorities to deploy what had been an increasingly common law-enforcement tactic against government critics.

Microsoft also contacted police officials in Irkutsk and urged them to drop the Baikal Wave case, according to Marina Levina, a spokeswoman for Microsoft in Moscow.

“With the benefit of hindsight, we realize we perhaps could have done more” to help Baikal Wave, Ms. Levina said.

Galina Kulebyakina, a co-chairwoman of Baikal Wave, said Microsoft’s turnabout had damaged the credibility of the Irkutsk police’s case. “They had no choice but to dismiss the charges,” Ms. Kulebyakina said.

She said the authorities had not formally announced their decision because they were embarrassed at how the case had turned out.

Reports Suggest Additonal N. Korea Nuclear Facilities

Via VOA News -

South Korea says it is looking into reports there may be additional uranium enrichment facilities in North Korea, in addition to its main nuclear complex at Yongbyon.

South Korea's foreign minister says the government is well aware of the possibility that North Korea has additional uranium reprocessing facilities.

Kim Sung-hwan on Tuesday said there are intelligence reports about this but he would not go into specifics.

The foreign minister says he suspects that what experts have said about North Korea having other enrichment sites is correct.

A U.S. scientist was shown one complex at Yongbyon last month. Stanford University professor Siegfried Hecker proclaimed the operation surprisingly sophisticated, apparently with hundreds of working centrifuges to enrich uranium.

Hecker, in an article published in Foreign Affairs magazine last week, said the centrifuge facility he visited was probably designed to build a reactor, not a bomb. But Hecker said it is highly likely a covert facility exists elsewhere in North Korea capable of producing highly enriched uranium.

That would give North Korea an additional method of making nuclear bombs in addition to a plutonium operation.

A South Korean newspaper on Tuesday quoted an unidentified intelligence official here as saying it is likely there are other undisclosed locations where Pyongyang secretly enriches uranium.

Suspected facilities include a research institute in downtown Pyongyang, a missile base in Yanggang province and a cave at Kumchangri, 160 kilometers north of the capital.

Saturday, December 11, 2010

Somali Pirates' Eastward Expansion

STRATFOR - Video Dispatch

CFR - Smarter Measures in Fight against Piracy

RealNetworks Vulnerability Remediation Improvements

RealNetworks will patch 27 issues tomorrow, December 10, 2010. Twenty of these are vulnerabilities reported by the ZDI.

At the time ZDI announced the Vendor Disclosure Policy Changes RealNetworks held 20 outstanding cases. In just four months they have patched these outstanding 20 plus seven additional bugs.

ZDI applauds RealNetworks for their dedication and significant improvement in vulnerability patching. Communication with RealNetworks has drastically improved and we are thrilled to see this change. RealNetworks and ZDI are taking responsible disclosure to another level, which benefits users and vendors alike.


Kudos to RealNetworks for the focus on getting the reported vulnerabilities fixed.

We can only hope that other vendors found their lead....

IBM - Five ZDI advisories (CVSS 10) older than 760 days in the upcoming list

Friday, December 10, 2010

Zeus Botnet Targeting Retailer Credit Cards

Via -

Just in time for the holidays, the Zeus botnet toolkit has gotten an upgrade: it now has the ability to target large retailers' credit card users' accounts.

That warning was issued on Wednesday by Amit Klein, CTO of data security firm Trusteer. "Our research group recently discovered a Zeus botnet that is targeting credit card accounts of major U.S. retailers including Macy's and Nordstrom just as the holiday gift buying season is in full swing," he said in a blog post.

Klein said the new capabilities are built into Zeus -- the latest version -- and appear designed to steal people's credit card details so criminals can conduct "card not present" (CNP) transactions. Merchants must typically foot the bill for any CNP fraud that occurs on their cards, thus many have invested substantial resources into detecting fraudulent transactions.

Accordingly, the Zeus malware now takes additional steps to circumvent anti-fraud measures. "The attack we discovered uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions," said Klein.

In particular, Zeus can inject a seemingly legitimate "man-in-the-middle pop-up," he said, which requests the user's credit card number -- for Macy's or Nordstrom, as appropriate -- as well as card expiration date, CVV security code, social security number, mother's maiden name, and date of birth. After entering the information, users hit a button that says "verify." Of course, nothing is being verified; the information is being recorded by Zeus and funneled to the criminals behind this operation.

Saturday, December 4, 2010

Browser Privacy: CSS History Sniffing In the Wild

Via (The Not-So-Private Parts Blog) -

YouPorn is one of the most popular sites on the Web, with an Alexa ranking of 61. Those who visit the homemade-porn featuring site — essentially, a YouTube for porn enthusiasts — are subject to scrutiny, though, of the Web tracking variety. When a visitor surfs into the YouPorn homepage, a script running on the website checks to see what other porn sites that person has been to.

How does it work? It’s based on your browser changing the color of links you’ve already clicked on. A script on the site exploits a Web privacy leak to quickly check and see whether your browser reveals that the links to a host of other porn sites have been assigned the color “purple,” meaning you’ve clicked them before. YouPorn did not respond to an inquiry about why it collects this information, and tries to hide the practice by disguising the script with some easy-to-break cryptography.*

The porn site is not alone in its desire to know what other websites visitors have visited. A group of researchers from the University of California – San Diego trolled through the Web’s most popular sites to see which ones were collecting this information about visitors. They found it on 46 other news, finance, sports, and games sites, reporting their findings in a paper with the intimidating title, “An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications.”

The popular finance website Morningstar was one of those that made the list of sites that run the script to check to see where else their visitors have been; its site checked to see if someone has been to, Edmunds, and 46 others.


The researchers who wrote the paper identifying this practice call it “history hijacking” or “history sniffing.” Mozilla, the foundation behind Web browser Firefox, calls it the “CSS: visited history bug.” It’s a bug that’s been discussed in developer circles for over a decade. Some browsers have fixed the bug. If you’re surfing using Chrome or Safari, this script doesn’t work. Firefox has fixed it in its newest version (v4 Betas). Internet Explorer, the most popular browser out there, is vulnerable to the history sniffing (though you can prevent it by going through the slightly onerous step of activating InPrivate Browsing, according to a spokesperson. That feature also blocks ad networks’ cookies, reports Business Insider.)


YouPorn Sued for Sniffing Browser History

A site for sharing pornographic content is the target of a lawsuit accusing it of improperly checking what other Web sites visitors had used.

Defendants David Pitner and Jared Reagan, both of Newport Beach, Calif., accuse YouPorn operator Midstream Media of the Netherlands of violating the U.S. Computer Fraud and Abuse Act and California's computer crime law; of engaging in deceptive and unfair business practices; and of unlawful and unfair competition.

The suit, filed Friday in U.S. District Court for the central district of California, accuses YouPorn of, among other things, "intentionally accessing plaintiffs'...computers without authorization." The plaintiffs are seeking class-action status, an injunction to stop the history sniffing practice, and payment for damages.


CSS History Sniffing - PoC


According to Jeremiah Grossman, the following browsers contain fixes for the CSS History Sniffing bug:
  • Firefox 4 (currently beta)
  • Google Chrome 8
  • Internet Explorer 9 (currently beta, Windows XP not supported)
  • Apple Safari 5

Filmmaker Produces First Film Designed to Put You to Sleep

Via AOL News -

Most filmmakers wouldn't want to be told their films put people to sleep, but it's a compliment to director Sondra Lowell.

In fact, putting people to sleep is her goal as the self-proclaimed inventor of a new genre she calls "film sleepy."

Lowell has made two such films thus far. The first, "," is mostly shots of people sitting around in front of webcams 24/7, wondering how to get Web surfers to tune in on their uneventful lives. "It sounds a lot more excited than it is," she told AOL News.


But Lowell didn't start out wanting to make boring films. In her case, it's a matter of making cinematic lemonade out of lemons.

"I've always wanted to make a movie but found I was good at putting people to sleep," Lowell said. "I took classes at UCLA and the teachers would fall apart when I made a script. People would tell me that I didn't understand how to make a story and told me the scenes should build on each other.

"I thought I was doing that, but people fell asleep. It took me awhile to realize I was on to something."

That something was "film sleepy," a genre that respects the idea that an audience has the right to grab 40 winks while the film is on the screen.

"People are so connected to the Internet or their smart phones that they need a way to let go," she said.

Lowell believes that her films are a non-narcotic way for people to fall asleep, but admits all the evidence is apocryphal.

"I've showed these film to large audiences hoping to see if everyone falls asleep, but I fall asleep myself and can't tell if anyone did," she said.

Friday, December 3, 2010

FBI Allegedly Looking for Russian Spy Inside NSA

Via (h/t Fergie's Tech Blog) -

American counterintelligence investigators are allegedly trying to uncover at least one Russian-handled double agent operating inside the US National Security Agency (NSA), according to information published on Wednesday in The Washington Times.

The paper based its allegation on an interview with an anonymous “former intelligence official” with close ties to the NSA — America’s largest intelligence agency, which is tasked with worldwide communications surveillance as well as communications security. The anonymous source told the Times that the probe is directly connected to the arrest of nearly a dozen Russian deep-cover operatives by the FBI last summer. Washington eventually exchanged the Russian spies with several Western-handled Russian operatives captured by Moscow and held in Russian prisons.

But the FBI allegedly believes that the deep-cover operatives, most of whom used false identity papers and had lived in the US for years, were primarily tasked with aiding at least one Russian-handled double spy operating inside the NSA’s Forge George F. Meade headquarters, in the US state of Maryland. The anonymous intelligence source said that, not only the FBI, but the NSA is also “convinced” that “one or more Russian spies” are active inside the Agency, as well as perhaps in other Pentagon-affiliated intelligence agencies, including the Defense Intelligence Agency.


 Couple of things (and some crazy theories)...

1) Do foreign nations have spies inside of US spy agencies? Likely. This isn't new, this is what spy agencies do afterall. So this shouldn't be a surprise. I think it is safe to assume that looking for possible insiders is an ongoing and never ending process.

As Gordon Bennett, so exquisitely stated, in his March 2000 paper titled "The SVR Russia’s Intelligence Service":
"There are friendly states but there are no friendly intelligence services"
2) The 10 Russian spies that were released in a trade deal last spring were SVR illegals. Their tradecraft appeared to be less polished and outdated (burst transmitters, etc), which aided the FBI in bringing the ring into the light. Would you risk using illegals, which practiced less than ideal tradecraft, to interact with a mole buried in America's most secretive spy organization? I wouldn't.

Of course, the 11th suspect "Christopher Metsos" gave the FBI the slip, was held in Cyprus temporarily,  skipped bail and disappeared. He is believed to acted as an intermediary between the Russian mission to the United Nations in New York and suspects Richard Murphy, Cynthia Murphy, Michael Zottoli and Patricia Mills. He claimed to be from Canada and traveled between the US and Canada often. Interesting enough, in Dec 2006, CSIS arrested and deport a suspected SVR illegal that has been living in Montreal for more the better part of a decade.

Then you have a 12th suspect, which was discovered and deported (without being charged), shortly after the discovery of the others. He was believed to be just establishing cover and not directly connected to exposed spy ring.

What were the full extend of their roles? Who knows...

3) This makes me guess, any moles in the NSA might not be SVR, but the GRU. During the retirement of GRU Gen. Valentin Korabelnikov in early 2009, RIA Novosti highlighted, that according to some sources, the "GRU has six times as many agents in foreign countries as the SVR, which is the KGB's foreign intelligence successor."

Step-By-Step Tutorial: Shearing FireSheep with the Cloud

If your laptop ever connects to a network behind enemy lines (e.g. hhonors, attwifi, panera), this post is for you. The step-by-step directions below allow you to stand up a portable, cloud-based private VPN that you can use from anywhere – for around $0.50 a month. Once you get everything setup, you can feel good connecting to a hotspot and laugh at the guy running FireSheep.

Speaking of Firesheep, I’ve actually had some people close to me (including my wife) ask how they can prevent these types of attacks from happening. There are some nice “off-the-shelf” solutions like HTTPS Everywhere and BlackSheep but as a security professional I wanted to give a recommendation that would provide broader coverage than these solutions.

Enter Amazon’s recently introduced Free Tier for EC2. I’ll save my thoughts and comments on “The Cloud” and security for a later date (and after a couple of beers), but for the purposes of this solution, it works great to help you increase your security while using open wireless networks. Quite simply, the solution I came up with was to create an EC2 instance with Ubuntu 10.04 LTS server and setup OpenVPN and SideStep. This allows me to route all of my traffic over an SSL or SSH VPN to my EC2 instance and then out to the Internet.


Very cool tutorial on setting up a OpenVPN server in the "cloud" (Amazon EC2 Free Tier) and routing traffic in OSX to protect network activity, especially in open unsecured public WiFi.

Evaluating Protected Mode in Internet Explorer


In Internet Explorer 7 and Windows Vista, Microsoft introduced a new browser security feature called “Protected Mode”. According to Microsoft, this mechanism “significantly reduces the ability of an attack [against Internet Explorer] to write, alter or destroy data on the user’s machine”.

A clearer description is that the feature attempts to protect the integrity of the client machine in the event the browser is compromised in an attack and prevent malware from being persisted on the targeted machine.

This paper will describe why this is not currently the case in Internet Explorer 7 or 8 for remote code execution vulnerabilities, discuss the limitations of the feature by design, identify generic attacks patterns that can be used to bypass the feature (without user intervention) and discuss some inconsistencies in the underlying access control implemented in Microsoft Windows.

Body Language Myths - Prevailing Myths about Nonverbal Communication

Via (Spycatcher Blog) -

The first myth claims that because we know so much about body language now, it is easy to spot a liar. The second myth, and it is exactly that, a myth, is that eye aversion is indicative of deception.

Beginning in the 1970's so called body language experts began to prattle that body language was the key to determining if someone was lying. Both law enforcement officers and the general public bought into this, and even today, with shows such as Fox Television's "Lie to Me" the myth continues.

In 1985, Paul Ekman and other researchers looked at this myth and found that most of us are no better than chance (50/50) at detecting deception, and very few of us rise above chance. What are often mistaken for signs of deception (nose touching, mouth covering, eye closing, high pitched voice, et. al.) are really pacifiers that help us to relieve stress. These pacifying behaviors are employed both by the guilty and innocent to relieve the stress of an interview. Ekman's work has been replicated many times over and it remains axiomatic, we humans are not very good at detecting deception, even experienced FBI agents such as myself.

The danger of this myth for society arises when poorly trained law enforcement officers perceive pacifying behavior or behaviors of discomfort, as I describe in "What Every Body is Saying," as lying. This often leads to more assertions that the interviewee is lying or more aggressive techniques which will surely increase pacifying behaviors and thus a vicious cycle ensues.


The second nonverbal myth that still permeates has to do with eye avoidance. During conversations or during interviews, eye avoidance is erroneously associated by the general public with deception. Nothing could be further from the truth.

Noted researcher Aldert Vrij found and others have also verified; people who habitually lie, this includes your borderlines, histrionics, anti-socials, Machiavellian personalities, and your psychopaths, actually engage in greater eye contact. Why? Because they know that we look for this behavior and they want to make sure that you are buying their lie. A truthful person can wonder off with their eyes because there is no need to convince, only to convey.

Eye aversion is both personal and cultural. For instance, you may derive great personal comfort in recalling facts or an emotional experience by looking away from someone and focusing on something distant or looking down. The cultural aspect has to do with what we are often taught. For instance, in Latin America and among African Americans, it is instilled in children that when they are being castigated or dressed down by an authority figure they are to avoid looking at the higher authority in the eyes. This is how you show that you are contrite and humble.

This myth about eye avoidance persists and again has social as well legal implications. In social settings it is perceived as someone who is easily distracted or who has a lack of interest. In a legal setting I have seen police officers say to young African Americans, "look at me," when the young men were being contrite and humble. This lack of understanding and ignorance can have mild social effects but it can also escalate into uglier permutations where individuals are shunned or accused of something merely because they were exercising eye aversion.

Thursday, December 2, 2010

Subsisting on Arsenic, a Microbe May Redefine Life

Via (Science) -

Scientists said Thursday that they had trained a bacterium to eat and grow on a diet of arsenic, in place of phosphorus — one of six elements considered essential for life — opening up the possibility that organisms could exist elsewhere in the universe or even here on Earth using biochemical powers we have not yet dared to dream about.

The bacterium, scraped from the bottom of Mono Lake in California and grown for months in a lab mixture containing arsenic, gradually swapped out atoms of phosphorus in its little body for atoms of arsenic.

Scientists said the results, if confirmed, would expand the notion of what life could be and where it could be. “There is basic mystery, when you look at life,” said Dimitar Sasselov, an astronomer at the Harvard-Smithsonian Center for Astrophysics and director of an institute on the origins of life there, who was not involved in the work. “Nature only uses a restrictive set of molecules and chemical reactions out of many thousands available. This is our first glimmer that maybe there are other options.”


Four years ago, while studying at ASU, Wolfe-Simon proposed that some organisms in extreme environments might be adapted to use arsenic in place of phosphorus. Phosphorus is one of the elements essential to life's chemistry -- in addition to carbon, hydrogen, nitrogen, oxygen and sulfur. Arsenic, which is just below phosphorus on the periodic table, is poisonous precisely because it can take phosphorus' place in biomolecules.

"It gets in there and sort of gums up the works of our biochemical machinery," ASU's Ariel Anbar, a co-author of the Science paper, explained.


In the paper published today, the researchers report that some of the bacteria could survive on arsenic and incorporate it into their cellular biochemistry. Instead of the usual phosphate-rich DNA, they observed arsenate-rich DNA. Heightened levels of arsenic also showed up in the cell's proteins and fats. The scientists used mass spectroscopy, radioactive labeling and X-ray fluorescence to confirm that the arsenic was really being used in the biomolecules rather than merely contaminating the cells.

If that could happen in the laboratory, why couldn't it happen naturally? ASU astrobiologist Paul Davies, another one of the paper's co-authors, has long held that "weird life" -- based on chemical building blocks unlike our own -- could exist right under our noses on Earth, or in extraterrestrial environments.

"This organism has dual capability," Davies said in today's announcement. "It can grow with either phosphorus or arsenic. That makes it very peculiar, though it falls short of being some form of truly 'alien' life belonging to a different tree of life with a separate origin. However, GFAJ-1 may be a pointer to even weirder organisms. The holy grail would be a microbe that contained no phosphorus at all."

Davies said GFAJ-1 was "surely the tip of a big iceberg" -- and Wolfe-Simon agreed.

"If something here on Earth can do something so unexpected, what else can life do that we haven't seen yet?" she asked. "Now is the time to find out."

Wednesday, December 1, 2010

The Race to Fix the Classification System

Via FAS Secrecy News (Steven Aftergood) -

The massive disclosure of a quarter million diplomatic records by Wikileaks this weekend underscores the precarious state of the U.S. national security classification system.

The Wikileaks project seems to be, more than anything else, an assault on secrecy. If Wikileaks were most concerned about whistleblowing, it would focus on revealing corruption. If it were concerned with historical truth, it would emphasize the discovery of verifiably true facts. If it were anti-war, it would safeguard, not disrupt, the conduct of diplomatic communications. But instead, what Wikileaks has done is to publish a vast potpourri of records — dazzling, revelatory, true, questionable, embarrassing, or routine — whose only common feature is that they are classified or otherwise restricted.

This may be understood as a reaction to a real problem, namely the fact that by all accounts, the scope of government secrecy in the U.S. (not to mention other countries) has exceeded rational boundaries. Disabling secrecy in the name of transparency would be a sensible goal — if it were true that all secrecy is wrong. But if there is a legitimate role for secrecy in military operations, in intelligence gathering or in diplomatic negotiations, as seems self-evident, then a different approach is called for.


It is important to remind the reader that Steven Aftergood of FAS, has been critical of Wikileaks in the past as well. However, I believe he brings up a very interesting point in the 2nd paragraph.

Experts Doubt Iranian Long-Range Missile Claims in WikiLeaks Cables

Via -

On Oct. 10, to celebrate its 65th anniversary as a one-party state, North Korea unveiled a new missile in the type of military parade that for decades has been a hallmark of authoritarian regimes. The North Koreans call the missile the Musudan.

The Musudan is now playing a starring role in reports this week prompted by WikiLeaks’ release of U.S. diplomatic cables. One of the documents says that Iran has obtained 19 of the missiles from North Korea, prompting news reports suggesting that the Islamic republic can hit targets in Western Europe and deep into Russia – farther than Iran’s existing missiles can strike.

The problem, however, is that there is no indication that the Musudan, also known as the BM-25, is operational or that it has ever been tested. Iran has never publicly displayed the missiles, according to experts and a senior U.S. intelligence official, some of whom doubt the missiles were ever transferred to Iran. Experts who analyzed Oct. 10 photographs of the Musudan said it appeared to be a mock-up.

The snapshot provided by the cable illustrates how such documents – based on one meeting or a single source – can muddy an issue as much as it can clarify it. In this case, experts said, the inference that Iran can strike Western Europe with a new missile is unjustified.


This story illustrates a very important point - just because something (data, information, etc) is classified and kept censored from view doesn't actually mean it is true (or a fact).

Data has have to be vetted and verified become it become knowledge or "intelligence".
The terms information and knowledge are frequently used for overlapping concepts. The main difference is in the level of abstraction being considered. Data is the lowest level of abstraction, information is the next level, and finally, knowledge is the highest level among all three. Data on its own carries no meaning. In order for data to become information, it must be interpreted and take on a meaning.
A single message from a single embassy or a single event log from a single solider is neither vetted nor verified.