Fergie's Tech Blog

Mark Fiore: Terrorist Lockup II

2009-11-19T23:10:00.002-08:00

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

Fear of Fraud Prompts Massive Bank Card Recall in Germany

2009-11-18T18:19:00.001-08:00

Thousands of credit cards have been recalled in Germany over concerns about a potential fraud scam in Spain.

Responding to allegations of data theft in the popular holiday destination, German banks are conducting their largest ever credit card swap-out to prevent fraud.

A spokesman for Germany's cooperative banking group, known as the Bundesverband der Deutschen Volksbanken und Raiffeisenbanken (BVR), told the Financial Times Deutschland that it had removed approximately 60,000 issued credit cards from circulation in response to allegations that a service provider in Spain stole data. Other banks and savings institutions in Germany have also been affected. In the end the massive credit card recall will top 100,000.

"We play it safe," said a spokesman for the BVR on Tuesday evening. "At the slightest suspicion, we exchange the cards. So the numbers are high," he added.

The organization is working to prevent fraud through fake transactions, after the banking industry received a warning from Visa and MasterCard that an "attack by a Spanish company on credit card data from German customers," was possible. The warning applies to Visa and MasterCards that were used in Spain in previous months. To date, no claims of fraud have been detected from the affected Visa and MasterCards, and if there were customers would not be liable for damages.

More here.

FBI Suspects Terrorists Are Exploring Cyber Attacks

2009-11-18T17:23:00.001-08:00

Siobhan Gorman writes on The Wall Street Journal:

The Federal Bureau of Investigation is looking at people with suspected links to al Qaeda who have shown an interest in mounting an attack on computer systems that control critical U.S. infrastructure, a senior official told Congress Tuesday.

While there is no evidence that terrorist groups have developed sophisticated cyber-attack capabilities, a lack of security protections in U.S. computer software increases the likelihood that terrorists could execute attacks in the future, the official warned.

If terrorists were to amass such capabilities, they would be wielded with "destructive and deadly intent," Steven Chabinsky, deputy assistant director of the FBI's Cyber Division, told the Senate Judiciary Committee Tuesday.

"The FBI is aware of and investigating individuals who are affiliated with or sympathetic to al Qaeda who have recognized and discussed the vulnerabilities of the U.S. infrastructure to cyber-attack," Mr. Chabinsky told the committee, without providing details.

Such infrastructure could include power grids and transportation systems.

More here.

In-Q-Tel Invests in FireEye

2009-11-18T12:49:00.002-08:00

J. Nicholas Hoover writes on InformationWeek:

The independent venture arm of the U.S. intelligence community, In-Q-Tel, has invested in cybersecurity company FireEye, the company announced Wednesday.

In-Q-Tel and FireEye didn't disclose terms of the agreement, or which intelligence agencies are particularly interested in the technology. However, in a release, they said that the investment "will extend FireEye's cyber security product development and stealth malware technical capabilities to protect against cyber threats."

The intelligence community has a clear interest in cybersecurity investment. At a conference earlier this month, deputy secretary of defense William Lynn said that more than 100 foreign intelligence agencies are actively trying to hack into federal government systems. The NSA recently announced plans to build a $1.5 billion cybersecurity data center in Utah.

California-based FireEye sells an out-of-band security appliance that monitors all inbound network traffic, employing a blend of signatures and heuristics to analyze traffic for evidence of suspicious behavior. After identifying suspicious traffic, the appliance captures and replays the traffic on virtual machines running in the appliance, which imitate real PCs. If those PCs are compromised, FireEye alerts administrators. By routing the traffic to a virtual machine, FireEye claims it is able to mitigate false positives. The virtual machines are invisible to the customer's production network.

More here.

U.S. Toll in Iraq, Afghanistan

2009-11-17T23:52:00.000-08:00

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Nov. 17, 2009, at least 4,363 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,476 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is two fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

As of Tuesday, Nov. 17, 2009, at least 841 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EST.

Of those, the military reports 649 were killed by hostile action.

More here and here.

Honor the Fallen.

Classic xkcd: Academia vs. Business

2009-11-17T21:17:00.005-08:00

Click for larger image.

We love xkcd.

- ferg

SCADA Watch: PG&E Lawsuit Spreads Down Smart Grid Supply Chain

2009-11-17T14:58:00.002-08:00

Camille Ricketts writes on VentureBeat:

Last week, [it was] reported [about] the lawsuit being filed against Pacific Gas & Electric for price hikes seemingly caused by installation of smart meters in the Bakersfield area of California. Now the plaintiff’s attorneys say that PG&E’s suppliers should also be sued — a who’s who of Smart Grid companies including General Electric, meter maker Landis+Gyr and communications provider Silver Spring Networks.

The original plaintiff, Bakersfield resident Pete Flores, filed the suit after his electric bill tripled fro $200 to $600 a month — right after having a new smart meter installed in his home. Objecting that PG&E described the meter as a money-saving device, he decided to sue for fraudulent advertising, negligence and unjust enrichment.

Wrapping up Landis+Gyr in a lawsuit — considering it’s one of the biggest and most respected meter makers in the country, up there with Itron, and Silver Spring Networks, tapped as the most likely IPO in the Smart Grid space — is a pretty big deal. Silver Spring has raised upwards of $167 million from the likes of Kleiner Perkins Caufield & Byers and Foundation Capital — it’s even advised by Al Gore. Landis+Gyr has brought in more than $100 million in capital and is growing globally.

While PG&E has been adamant that the smart meters, capable of beaming data wirelessly back to the utility, are not the cause of Flores’ increased electrical bills, it has yet to produce a practical reason for the problem. The utility has invited a third-party representative from the California Public Utilities Commission to ensure the accuracy of its metering technology, but this has yet to take place.

More here.

U.S. Cyber Agencies Mum on How They Try to Identify Cyber Attackers

2009-11-17T14:36:00.002-08:00

Jill R. Aitoro writes on NextGov.com:

Members of a Senate subcommittee on Tuesday asked criminal and security agency officials responsible for securing the nation's most sensitive computer systems and networks how they identify who is behind a specific cyberattack, despite the difficulty in doing so.

Tracing cyberattacks back to a specific source can be a difficult process because attacks can be routed through numerous computer networks worldwide, making it nearly impossible to identify the computer network where the attack started. Cyberattacks that took down government Web sites in South Korea and the United States in July, for example, initially were attributed to North Korea, but no hard evidence has emerged identifying systems there as the origin of the disruption.

"When you're in a situation where you don't know if it's a hacker, foreign government, terrorist or criminal group, how do you proceed?" Sen. Ted Kaufman, D-Del., asked witnesses from the Justice and Homeland Security departments and the FBI during a hearing before the subcommittee on Terrorism and Homeland Security.

James Baker, associate deputy attorney general at Justice, said his department turns to its criminal division, which investigates and prosecutes cyber criminals, and to its national security division, which investigates, prosecutes and attempts to stop cyber activities of nation-states and terrorists that pose a threat to U.S. security.

More here.

U.S. Cybersecurity Can Halt 80% of Attacks at Best

2009-11-17T13:45:00.000-08:00

Kenneth Corbin writes on internetnews.com:

Senior government officials overseeing the nation's cyber defenses told a Senate panel this morning that agencies are doing more to coordinate their far-ranging efforts, but that even in the best-case scenario, the hackers are often one step ahead.

"The harder we can make the general network environment, the easier it's going to be to detect [threats]," said Richard Schaeffer, director of the National Security Agency's Information Assurance Directorate. "We believe that if one institutes best practices, proper configuration, good network monitoring... a system ought to be able to withstand about 80 percent of the commonly known attacks."

The Judiciary Committee's Subcommittee on Terrorism and Homeland Security convened the hearing to probe the threat of terrorist attacks against the nation's information and communications systems, though the proceeding ran along the more general lines of cybersecurity, which the panelists described as a scourge that takes many forms.

"There's no silver bullet here," said Philip Reitinger, director of the National Cyber Security Center at the Department of Homeland Security. "We do need to up our defensive game."

More here.

UK: Trojan Bank Fraud Gang Sentenced

2009-11-17T13:10:00.002-08:00

Nick Heath writes on Silicon.com:

Four men have been sentenced to prison time for being part of a gang that stole just under £500,000 (US$840,582) from UK bank customers.

The men were sentenced last Friday at Southwark Crown Court in London for their part in an international criminal network that stole the money from 138 account holders.

Azamat Rahmonov, Shohruh Fayziev, Joao Dos Santos Cruz and Paulo Jorgi were sentenced to a total of more than 13 years in prison, having pleaded guilty to charges relating to the case at an earlier hearing at Southwark Crown Court.

The gang were able to steal the money using a Trojan that transferred funds from victims to their own money laundering accounts.

Once users of PCs infected with the Trojan logged into genuine online bank accounts, the Trojan would insert a spoof banking webpage into their session, asking for personal and financial details.

The Trojan then used the information to create new transactions that sent money from the victim's account through a web of middlemen, known as money mules, to other members of the international criminal network in Eastern Europe and Russia.

More here.

FBI: Hackers Targeting Law and PR Firms

2009-11-17T12:49:00.002-08:00

An AP newswire article by Lolita C. Baldor, via MSNBC, reports that:

Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.

The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms' computer systems — a trend that cyber experts say began as far back as two years ago but has grown dramatically.

In many cases, the intrusions are what cyber security experts describe as "spear phishing," attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person's business and appear to come from a trusted source.

"Law firms have a tremendous concentration of really critical, private information," said Bradford Bleier, unit chief with the FBI's cyber division. Infiltrating those computer systems, he said, "is a really optimal way to obtain economic, personal and personal security related information."

More here.

Fort Hood Fallen: A Final Salute

2009-11-14T21:00:00.005-08:00

You are not forgotten.

Image source: Steve Gooch / AP

California Plans to Launch Information Security Operations Center

2009-11-13T17:43:00.001-08:00

Steve Towns writes on Government Technology:

California intends to create a state-of-the-art information security operations center to monitor cyber-threats and protect state and local government networks from attack.

The proposal is part of a sweeping five-year plan [.pdf], released Thursday, Nov. 12 by state Chief Information Security Officer (CISO) Mark Weatherford, which is designed to safeguard government data and critical technology resources from increasingly sophisticated cyber-criminals.

The plan calls for creating a California Information Security Operations Center (CA-ISOC) that would provide real-time detection of cyber-attacks and security intrusions across all state government agencies. The center also would support local government networks that need assistance.

The CA-ISOC would watch for attacks on the state government's critical information infrastructure, including attempts to disrupt automated control networks for dams, power plants and other physical facilities. The plan also envisions creating a California Computer Incident Response Team that would work in concert with the state's Emergency Management Agency and Fusion Center, as well as the U.S. Department of Homeland Security.

More here.

DNS Problem Linked to DDoS Attacks Gets Worse

2009-11-13T16:55:00.001-08:00

Robert McMillan writes on PC World:

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an "open recursive" or "open resolver" system. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said Cricket Liu, vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. "The two leading culprits we found were Telefonica and France Telecom," he said.

In fact, the percentage of DNS systems on the Internet that are configured this way has jumped from around 50 percent in 2007, to nearly 80 percent this year, according to Liu.

More here.

U.S. Cyber War Plans Not Just Defensive

2009-11-13T12:09:00.001-08:00

A National Journal article by Shane Harris, via NextGov.com, reports that:

In May 2007, President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb.

At the request of his national intelligence director, Bush ordered an NSA cyberattack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The devices allowed the fighters to coordinate their strikes and, later, post videos of the attacks on the Internet to recruit followers. According to a former senior administration official who was present at an Oval Office meeting when the president authorized the attack, the operation helped U.S. forces to commandeer the Iraqi fighters' communications system. With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers.

Former officials with knowledge of the computer network attack, all of whom requested anonymity when discussing intelligence techniques, said that the operation helped turn the tide of the war. Even more than the thousands of additional ground troops that Bush ordered to Iraq as part of the 2007 "surge," they credit the cyberattacks with allowing military planners to track and kill some of the most influential insurgents. The cyber-intelligence augmented information coming in from unmanned aerial drones as well as an expanding network of human spies. A Pentagon spokesman declined to discuss the operation.

More here.

Classic xkcd: iPhone or Droid?

2009-11-12T22:00:00.002-08:00

Click for larger image.

We love xkcd.

- ferg

14 Tech Firms Form Cyber Security Alliance for U.S. Government

2009-11-12T19:03:00.002-08:00

Wyatt Kash writes on Defense Systems:

Thirteen leading technology providers, together with Lockheed Martin, today announced the formation of a new cybersecurity technology alliance. The announcement coincided with the opening of a new NexGen Cyber Innovation and Technology Center in Gaithersburg, Md., designed to test and develop new information and cybersecurity solutions for government and commercial customers.

The alliance represents a significant commitment on the part of competing technology companies to work collaboratively on new ways to detect and protect against cyber threats and develop methods that could automatically repair network systems quickly after being attacked.

The companies participating in the Cyber Security Alliance include APC by Schneider Electric, CA, Cisco, Dell, EMC Corp. and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware.

More here.

Mark Fiore: Learn to Speak Tea Bag

2009-11-12T00:02:00.000-08:00

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

How to DDoS a Federal Wiretap

2009-11-12T00:01:00.000-08:00

Robert McMillan writes on ComputerWorld:

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper [.pdf], set to be presented Thursday at a computer security conference in Chicago.

Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.

More here.

Veteran's Day November 2009: Every Day Is A Bonus

2009-11-11T14:44:00.001-08:00

We Salute You.

- ferg

Salute: Veterans Day 2009

2009-11-11T00:01:00.000-08:00

You Are Not Forgotten.

SCADA Watch: PG&E Sued Over New SmartMeters, Soaring Bills

2009-11-10T13:24:00.001-08:00

David R. Baker writes in The San Francisco Chronicle:

SmartMeters, which Pacific Gas and Electric Co. have been installing throughout its territory, are the subject of a lawsuit by a Bakersfield man who blames them for his soaring electric bills.

Pete Flores has sued PG&E over the meters, claiming they caused his monthly bill to jump from less than $200 to more than $500. The class-action suit, filed on Oct. 16 in Kern County Superior Court, alleges that the meters aren't accurate and lead to overcharges that PG&E should be forced to refund.

"Whatever the problem is needs to be sorted out and fixed now," said attorney Michael Louis Kelly, representing Flores.

Residents of Bakersfield, Fresno and the surrounding area have been complaining for months about the SmartMeters.

The devices are designed to track electricity and gas usage with precision and transmit their data to the utility via wireless.

More here.

Eight Indicted in $9M RBS WorldPay Heist

2009-11-10T12:39:00.000-08:00

Brian Krebs writes on Security Fix:

Eight men have been indicted on charges that they hacked into credit card processing firm RBS Worldpay, and helped steal more than $9 million in a highly coordinated heist nearly a year ago, the U.S. Justice Department said Tuesday.

The 16-count indictment, which names individuals from Estonia, Moldova and Russia, is the first major break in a case federal investigators are calling "perhaps the most sophisticated and organized computer fraud attack ever conducted."

The men are accused of cracking the data encryption that RBS WorldPay used to protect customer data on payroll debit cards, allowing them to clone the cards. Some companies use payroll cards in lieu of paychecks by depositing employee salaries or hourly wages directly into payroll card accounts, which can then be used as debit cards at ATMs. According to the government, the hacking ring also was able to raise the daily withdrawal limits on compromised accounts.

The Justice Department alleges that 44 counterfeit payroll debit cards were used to withdraw more than $9 million from at least 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The money was stolen over a period of less than 12 hours, investigators say.

Dozens of accomplices -- also known as "cashers" -- who were hired to pull the money out of ATMs remain at large. The indictment alleges that the cashers were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of the money back to the men named in the indictment.

More here.

Nov. 10, 1983: Computer 'Virus' Is Born

2009-11-10T00:01:00.000-08:00

Kim Zetter writes on Wired:

Fred Cohen, a University of Southern California graduate student, gives a prescient peek at the digital future when he demonstrates a computer virus during a security seminar at Lehigh University in Pennsylvania. A quarter-century later, computer viruses have become a pandemic for which there’s no inoculation.

Cohen inserted his proof-of-concept code into a Unix command, and within five minutes of launching it onto a mainframe computer, had gained control of the system. In four other demonstrations, the code managed to seize control within half an hour on average, bypassing all of the security mechanisms current at the time. It was Cohen’s academic adviser, Len Adleman (the A in RSA Security), who likened the self-replicating program to a virus, thus coining the term.

But Cohen’s malware wasn’t the first of its kind.

Others had theorized about self-replicating programs that could spread from computer to computer, and a couple of tinkerers had already successfully launched their own digital infections prior to Cohen’s presentation. But his proof-of-concept program put computer scientists on notice about the potential scourge of an intentionally malicious attack.

Much more here.

Note: I know Dr. Cohen both personally & professionally, and he looks just a tad different today. :-)

SCADA Win: U.S. Army Says It Stopped Pueblo Mustard Leak

2009-11-09T22:14:00.001-08:00

An AP newswire article, via The Army Times, reports that:

The Army says it has finished work containing a leak of mustard agent at the Pueblo Chemical Depot.

The leak was discovered in August by a sensor at one of the “igloos” containing the deadly toxin. The Army then sorted through the stored projectiles and found one leaking liquid mustard and one leaking mustard vapor.

The Army said Monday that the leaky projectiles were moved to a more secure igloo Nov. 5. No one was hurt.

The Army is in talks with Colorado health officials to settle a state lawsuit calling for increased monitoring of how chemical weapons are stored. Congress has set a 2017 deadline to have the weapons destroyed to meet international treaty obligations.

Link.