Thoughts of a Technocrat

Growing Evidence of the Transcontinental Cocaine Pipeline

2009-12-01T21:14:00.000-06:00

Via CT Blog -

One of the disturbing and little noticed events of recent weeks was the crash (or destruction) of a Boeing 727 in the desert of Mali.

The crash is disturbing for many reasons, among them these three: 1) the aircraft was carrying between 2 to 3 tons of cocaine, far more than other, smaller aircraft and boats that have been detected in recent months, indicating an escalation of the trade through the Trans-Sahel region; 2) The region where the aircraft was found, most likely torched by its crew to destroy evidence, in a area of heavy operation of Al Qaeda in the Islamic Magreb (AQIM); and 3) the aircraft departed from Venezuela, now Latin America's primary transshipment hub from Latin America to West Africa, and source of all the major air shipments of cocaine that have been interdicted in West Africa.

Finally, as the Observer article notes, British, U.S. and French authorities in West Africa have discovered HCL labs, used to make finished cocaine for the European market, as well as capsules and other items for making Meth capsules there, also likely for export to Europe.

All this points to a disturbing set conclusions. One is that the Colombian and Mexican traffickers are feeling sufficiently confident in their ability to move product through West Africa and upping the size of their loads based on that confidence. In testing new routes they always start small, to minimize losses if the route isn't working. Once they are confident they flood the zone. It seems that this is the first indication that the West Africa zone is now being flooded.

Another is that there could be a growing role of at least some branches of al Qaeda or other Islamist terrorist groups now willing to help move or protect the drugs as they move north. The crash indicates the cocaine was not going to be moved to Europe via boats, as it was far inland. The Tuareg and other groups that control the smuggling routes north through the Sahel will be making much more money as they move into the cocaine protection and movement business, much as the FARC in Colombia found itself awash in cash when they did. My full blog is here.

Sprint Received 8 Million Law Enforcement Requests for GPS Location Data in the Past Year

2009-12-01T16:14:00.001-06:00

Via EFF Deeplinks -

This October, Chris Soghoian — computer security researcher, oft-times journalist, and current technical consultant for the FTC's privacy protection office — attended a closed-door conference called "ISS World". ISS World — the "ISS" is for "Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering" — is where law enforcement and intelligence agencies consult with telco representatives and surveillance equipment manufacturers about the state of electronic surveillance technology and practice. Armed with a tape recorder, Soghoian went to the conference looking for information about the scope of the government's surveillance practices in the US. What Soghoian uncovered, as he reported on his blog this morning, is more shocking and frightening than anyone could have ever expected.

At the ISS conference, Soghoian taped astonishing comments by Paul Taylor, Sprint/Nextel's Manager of Electronic Surveillance. In complaining about the volume of requests that Sprint receives from law enforcement, Taylor noted a shocking number of requests that Sprint had received in the past year for precise GPS (Global Positioning System) location data revealing the location and movements of Sprint's customers. That number?

EIGHT MILLION.

Sprint received over 8 million requests for its customers' information in the past 13 months. That doesn't count requests for basic identification and billing information, or wiretapping requests, or requests to monitor who is calling who, or even requests for less-precise location data based on which cell phone towers a cell phone was in contact with. That's just GPS. And, that's not including legal requests from civil litigants, or from foreign intelligence investigators. That's just law enforcement. And, that's not counting the few other major cell phone carriers like AT&T, Verizon and T-Mobile. That's just Sprint.

Here's what Taylor had to say; the audio clip is here and we are also mirroring a zip file from Soghoian containing other related mp3 recordings and documents.

[M]y major concern is the volume of requests. We have a lot of things that are automated but that's just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don't know how we'll handle the millions and millions of requests that are going to come in.

Eight million would have been a shocking number even if it had included every single legal request to every single carrier for every single type of customer information; that Sprint alone received eight million requests just from law enforcement only for GPS data is absolutely mind-boggling. We have long warned that cell phone tracking poses a threat to locational privacy, and EFF has been fighting in the courts for years to ensure that the government only tracks a cell phone's location when it has a search warrant based on probable case. EFF has also complained before that a dangerous level of secrecy surrounds law enforcement's communications surveillance practices like a dense fog, and that without stronger laws requiring detailed reporting about how the government is using its surveillance powers, the lack of accountability when it comes to the government's access to information through third-party phone and Internet service providers will necessarily breed abuse. But we never expected such huge numbers to be lurking in that fog.

Northrop Kick Starts Industry-Academic Research Group to Boost U.S. Cyber Defense

2009-12-01T15:34:00.002-06:00

Via reuters.com -

Northrop Grumman Corp unveiled Tuesday an industry-academic research group to tackle growing cyber threats to U.S. computer networks and to networked infrastructure.

Joining the Pentagon's No. 3 supplier by sales are cyber research arms of Carnegie Mellon, The Massachusetts Institute of Technology and Purdue University.

The initiative is the latest by a major U.S. defense contractor aimed at hatching solutions to cyber threats at a time that big-ticket weapons programs are being squeezed by cost-cutting imperatives.

Northrop plans to invest an unspecified "number of millions of dollars per year" to fund graduate fellowships and other research for at least five years and probably much longer, said Robert Brammer, chief technology officer for Northrop Grumman's Information Systems business unit.

"We need significant new technology developments," implemented widely, to counter growing cyber threats to the economy and to U.S. national security, he told a news conference. The theme was echoed by representatives of Carnegie Mellon's CyLab, MIT's Computer Science and Artificial Intelligence Lab and Purdue's Center for Education and Research in Information Assurance and Security.

Northrop will deal on a case-by-case basis with each research institute on splitting jointly developed intellectual property, said Brammer.

The group, called the Northrop Grumman Cybersecurity Research Consortium, initially will sponsor 10 projects with an eye to such things as attribution in cyberspace, supply chain risk and securing critical infrastructure networks, the company said.

The group's members will coordinate research projects, swap information and author joint case studies, among other efforts to speed hardware and software solutions into practice, participants said.

The consortium will serve "to help increase our nation's security in cyberspace," Brammer added in a statement. He said in a brief interview he expects some research results as soon as next year.

Northrop's cyber work was in the news recently for a report prepared by the company that implicated the Chinese authorities in extensive cyber activities against the United States.

The report, commissioned by the congressionally chartered U.S.-China Economic and Security Review Commission, said Beijing appeared to be conducting "a long-term, sophisticated, computer network exploitation campaign" against the U.S. government and U.S. defense industries.

Brammer told the news conference that identifying a cyber aggressor was "very difficult" with current technology.

Lockheed Martin Corp, the Pentagon's No. 1 supplier by sales, last month announced the formation of a cyber security technology alliance of its own with leading technology providers, including Microsoft Corp, Cisco Systems Inc and Dell Inc.

Boeing Co, the second-biggest Pentagon contractor, also has put together a cyber-security research alliance, headquartered in Washington state, with university and commercial partners, said Barbara Fast, the company's vice president of cyber and information solutions.

Securing the Border: Challenges for the U.S. and Mexico - Part 1

2009-12-01T10:19:00.000-06:00

The United States and Mexico face systemic challenges in efforts to secure their shared border from drug cartel violence. In Part 1 of a special report, STRATFOR examines the geographic and political issues that weaken Mexico’s central government and contribute to the strength of the cartels.

http://www.youtube.com/watch?v=jifMA3m_ruM

Serious Zero-Day Flaw Found in FreeBSD, Exploit Published

2009-12-01T09:48:00.001-06:00

Via Threatpost.com -

A researcher has published an explanation of a new flaw in FreeBSD that allows a remote attacker to take control of a vulnerable machine. The vulnerability could give an attacker root access to the FreeBSD machine, and the FreeBSD developers have published a patch for the flaw early Tuesday.

The vulnerability lies in run-time link-editor and, if exploited, gives an attacker the ability to run arbitrary code. The researcher, Kingcope, has posted an explanation of the flaw on the Full Disclosure mailing list.

The bug resides in the Run-Time Link-Editor (rtld). Normally rtld does not allow dangerous environment variables like LD_PRELOAD to be set when executing setugid binaries like "ping" or "su". With a rather simple technique rtld can be tricked into accepting LD variables even on setugid binaries. See the attached exploit for details.

FreeBSD.org already has posted a patch for the vulnerability, which was only disclosed on Monday. In a message to FreeBSD users, Colin Percival, the project's security officer, said that because of the severity of the flaw and the fact that exploit code already is available, he felt it was necessary to post the patch as soon as possible, without even publishing a security advisory.

"A short time ago a 'local root' exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root," he wrote. "Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is already widely available I want to make a patch available ASAP. Due to the short timeline, it is possible that this patch will not be the final version which is provided when an advisory is sent out; it is even possible (although highly doubtful) that this patch does not fully fix the issue or introduces new issues -- in short, use at your own risk (even more than usual)."

The vulnerability affects versions 8.0 and 7.1 of FreeBSD.

Tritium Leak at India's Kaiga Nuclear Plant - Possible Inside Job

2009-11-30T09:53:00.006-06:00

Via BBC -

A "disgruntled" worker could be behind the leak of a radioactive substance into drinking water at an atomic power plant in southern India, police say.

Preliminary investigations suggested it was an "inside job", a senior police officer told the BBC.

Police have moved into the Kaiga plant on the west coast of India, 450km (280 miles) from the city of Bangalore.

Fifty-five workers needed medical help for exposure to radiation after tritium contaminated a water cooler.

[...]

Both central and state agencies are investigating the matter. A list of people who were on duty on the day the incident took place has been given to the investigators," plant director JP Gupta said.

Inspector general of police Gopal Hosur told the BBC that there was no terror link to the incident.

"If that was the case the magnitude would have been bigger."

[...]

Officials suspect that an employee had mixed the radioactive substance into a drinking water cooler meant for staff.

Chairman of the Indian Atomic Energy Commission Anil Kakodkar has called it a "malevolent act".

Although officials say the leak poses no risk to public safety, there is an element of panic in and around Kaiga.

Tritium, also known as Hydrogen-3, is used in research, fusion reactors and neutron generators.

-------------------------

In geological timescales, Tritium has a relative short half-life of 12.33 years. It decays into helium-3 by beta decay. Unlike Gamma radiation, beta particles emitted by the decay of tritium have relatively low energy and are unable to pass through the dead layer of human skin.

Therefore, Tritium is dangerous if inhaled, ingested or absorbed through pores in the skin leading to cell damage and increased chance of cancer.

AQIM Supected in Kidnapping of Three Aid Workers in Mauritania

2009-11-30T09:36:00.001-06:00

Via BBC -

Spain says al-Qaeda's North African cell is likely to be responsible for the apparent kidnapping of three aid workers in Mauritania.

Interior Minister Alfredo Perez Rubalcaba said "everything suggests" al-Qaeda in the Maghreb was involved.

Mauritanian police said the workers, from Barcelona Accion Solidaria, were attacked on a road linking the capital Nouakchott to the city of Nouadhibou.

Two men and a woman were snatched by armed men.

The three aid workers were in a four-wheel drive vehicle at the back of a convoy when they were attacked.

Julia Tabernejo, from Barcelona Accion Solidaria, told the Associated Press: "I think the others heard shooting, and when they stopped, the car was empty. Those three were no longer in it."

[...]

The kidnapping happened near the town of Chelkhett Legtouta.

"Though we can say absolutely nothing for sure at the moment, everything would seem to indicate that it was a kidnapping," said Mr Rubalcaba.

"If that's the case, as I fear it is, everything suggests that it is an AQIM [al-Qaeda in the Islamic Maghreb] kidnapping."

Analysts say Mauritania has generally been a peaceful country - but several attacks linked to the al-Qaeda cell have rocked the status quo.

An American teacher was killed in June, with al-Qaeda later claiming it had killed him for spreading Christianity.

Large Hadron Collider Breaks Fermilab's Proton Acceleration Record

2009-11-30T08:43:00.002-06:00

Via Google News (AP) -

The world's largest atom smasher on Monday broke the record for proton acceleration previously held by a U.S. lab, sending beams of the particles at 1.18 trillion electron volts around the massive machine.

The Large Hadron Collider eclipsed the previous high of 0.98 1 TeV held by Fermilab, outside Chicago, since 2001, the European Organization for Nuclear Research, also known as CERN, said.

The latest success, which came early in the morning, is part of the preparation to reach even higher levels of energy for significant experiments next year on the make-up of matter and the universe.

It comes on top of a rapid series of operating advances for the $10 billion machine, which underwent extensive repairs and improvements after it collapsed during the opening phase last year.

CERN Director-General Rolf Heuer said early advances in the machine located in a 17-mile (27-kilometer) tunnel under the Swiss-French border have been "fantastic."

"However, we are continuing to take it step by step, and there is still a lot to do before we start physics in 2010," Heuer said in a statement. "I'm keeping my champagne on ice until then."

The organization hopes the next major step will be to collide the proton beams at about 1.2 TeV before Christmas for an initial look at the tiny particles and what forces might be created.

[...]

Physicists also hope the collider will help them see and understand other suspected phenomena, such as dark matter, antimatter and supersymmetry.

The level reached Monday isn't significantly higher than what Fermilab has been doing, and real advances are not expected until the LHC raises each beam to 3.5 TeV during the first half of next year.

[...]

Attempts to make new discoveries at the LHC are scheduled for the first quarter of 2010, at a collision energy of 7 TeV (3.5 TeV per beam).

[...]

It may take several years before the LHC can make the discovery of the elusive Higgs boson, the particle or field that theoretically gives mass to other particles. That is widely expected to deserve the Nobel Prize for physics.

The LHC operates at nearly absolute zero temperature, colder than outer space, which allows the superconducting magnets to guide the protons most efficiently.

24 of Top 100 HTTPS Sites Now Safe From TLS Renegotiation Attacks

2009-11-29T13:22:00.002-06:00

Via Netcraft.com -

24 of the 100 most popular HTTPS websites appear to be safe from the recently documented TLS renegotiation flaws. Meanwhile, the other 76 sites are still vulnerable to renegotiation attacks, which allow a man-in-the-middle attacker to inject data into secure communication streams. To demonstrate the seriousness of the issue, Anil Kurmus published details of an attack scenario that showed how the flaw could be used to steal passwords from vulnerable sites such as Twitter.

Among the top 100 HTTPS websites, there are several banks and commerce companies that remain vulnerable. A few of these sites give the appearance of being intermittently vulnerable, as client requests are load balanced among a mixture of vulnerable and non-vulnerable machines.

Ben Laurie of Google was working on the renegotiation flaw around six weeks before it was made public, so it is perhaps unsurprising that 7 of the 24 safe sites are owned by Google. A further 7 sites are running Microsoft IIS 6.0, which is currently believed not to be vulnerable.

Since discovering the renegotiation problem, PhoneFactor has created a Status of Patches list, showing which vendors have already responded to the problem. A few were quick to act by disabling renegotiation support in their products, and some vendors have already implemented Eric Rescorla's proposed fix.

Netcraft's November SSL Survey found 1,217,395 distinct valid third-party SSL certificates in use on the web.

-------------------------------

Eariler this month, Thierry Zoller released a draft paper that attempts to explain the vulnerability to a broader audience and summarizes the information that is currently available. He plans to release updates as needed. For example, on the 18th, he added the SMTP over TLS attack scenario.

Microsoft Releases Password Attack Data, Captured From FTP Honeypot

2009-11-29T12:53:00.001-06:00

Via SecurityFocus -

Microsoft released data collected from an FTP-server honeypot, showing that attempts to guess passwords continue to focus on the low-hanging fruit: passwords with an average length of eight characters, with "password" and "123456" being the most common.

The data is part of a project to monitor attacks that everyday users might encounter on a regular basis. Most of the attacks attempted to log into the administrator account on English and French computers -- "Administrator" and "Administrateur" were, by far, the two most popular usernames -- using a variety of passwords. The attackers were typically compromised computer that were part of a botnet, Microsoft researchers stated on the company's Malware Protection Center blog.

"You should take care of what user name and password you're choosing," the researchers wrote. "If your account has no limit on the number of login attempts, then knowing the user name is like having half the job done."

In one case, an attacker made more than 400,000 attempts to guess a user name password combination.

The most common passwords were password, 123456, #!comment:, changeme and an expletive.

Microsoft recommended that users create passwords consisting of letters, numbers and special characters using a combination of lower and upper case. The average length of the password attacks was eight characters, so users should focus on longer passwords, the researchers stated.

Terrorist Attack Derails Russian Train; 30 People Killed

2009-11-28T14:34:00.001-06:00

Via GlobalSecurity.org -

Russia’s domestic intelligence service has said that the train derailment that killed about 30 people and injured nearly 100 was caused by a bomb.

The Nevsky Express traveling from Moscow to St. Petersburg came off the tracks late at night on November 27. A number of people are still unaccounted for.

In a televised meeting with President Dmitry Medvedev, the head of the FSB security service, Alexander Bortnikov, said that “criminal experts say that based on preliminary findings, a bomb equivalent to 7 seven kilograms of TNT was detonated.”

A spokesman for investigators, Vladimir Markin, said they had found elements of an explosive device at the crash site.

"A crater was discovered, 1.5 meters in diameter and 0.7-meters deep, as well as fragments of an explosive device," Markin said. "We can say with certainty that this was a terrorist act. Therefore an investigation has been opened on two counts -- terrorism and illegal arms trafficking."

"The investigation is in progress now; it will take a certain amount of time,” said Vladimir Yakunin, the head of Russia’s national railway company. “Our forces are working at full scale, we are waiting for the permission to evacuate the wagons that are still on the rails, the locomotive has been put back on the rails, and after we have finished the work around the crater, we will start evacuating the wagons that were most severely damaged."

Russian transport officials said trains were being diverted along alternate lines on one of the country's busiest routes.

The derailment was Russia's worst train crash in years.

In 2007, 30 people were injured when a train operating on the same line was derailed after an explosion damaged the rail track.

The men accused of the 2007 attack are suspected of having links to Chechen rebels.

U.S. Muslims Are Americans Too

2009-11-28T14:00:00.002-06:00

Via CNN (h/t All Things CT) -

The serendipitous occurrence of this year's Thanksgiving holiday on the same evening as the Muslim Eid-ul-Adha is a festive occasion to reflect on the place of Islam in American collective consciousness and on Muslims as Americans.

On the same evening that millions of Americans gather around their Thanksgiving dinner to celebrate this most American of holidays, even more millions of Muslims around the globe, including the growing number of American Muslims, will do the same -- celebrating as well one of the most definitive moments of their faith -- Prophet Abraham's willingness to sacrifice his son for his God.

[...]

The distinguished New York Times columnist David Brooks, one of the most consistently militant warriors in his take on American involvements in Afghanistan and Iraq, takes Islam -- and Islam alone -- to task for having a diabolic roughness on its fringes. But even if so, Islam is not alone in this failure to curtail murderous instincts.

The same Hinduism that produced Mahatma Gandhi and his non-violent theory of civil disobedience has also produced Hindu fundamentalists who sliced and skewered pregnant Muslim women alive in Gujarat.

The same Christianity that produced Saint Francis of Assisi and Mother Theresa also produced children's crusades and Spanish conquistadors who burned native Americans alive 13 at a time (according to the 16th-century Spanish Dominican priest, Bartolomé de las Casas) in honor of the Twelve Apostles and Jesus Christ. It also produced American Seung-Hui Cho who killed 32 students and himself at Virginia Tech and American John Wayne Gacy, Jr., who raped and murdered 33 young men and boys in Chicago, Illinois, in the 1970s.

The same Judaism that produced Martin Buber, Emanuel Levinas, or Primo Levi also produced the Stern Gang, Meir Kahane and Baruch Goldstein.

But the knee jerk reaction of blaming Islam and Muslims, in general, or looking for delusional links to "al Qaeda," for the horrific murders at Fort Hood points to something far more fundamental, overdue, and urgent -- namely something of a psychological barrier for Americans to accept the Islamic component of their own society, culture, and history.

[...]

Americans are Christians, Jews, Hindus, agnostics, atheists, and anything else in between -- but Americans are also Muslims, millions of them, and Islam has now become integral to what the distinguished American sociologist Robert Bellah termed our "civil religion."

It is only apt that this particular Thanksgiving, Americans think about Eid-ul-Adha, as precious to Muslim-Americans as the occasion that has gathered us all "at the table." Let's make room for Muslims "at the table" because -- to quote Langston Hughes -- they "too, sing America."

Photo of the Day - Eid al-Adha Festival on 4th Day of Hajj

2009-11-28T13:29:00.002-06:00

Photo: AFP

http://www1.voanews.com/english/news/middle-east/28nov09_saudi_hajj-77253992.html

Muslims around the world are celebrating the festival of Eid al-Adha, including more than two million pilgrims taking part in annual Hajj rituals in Saudi Arabia.

Pilgrims in the Saudi holy city of Mecca threw stones at three pillars representing Satan, a ritual that began Friday and continues until Sunday. No major incidents were reported Friday, the third day of the pilgrimage.

But on Saturday, Saudi authorities reported that a 70-year old Pakistani man taking part in the Hajj had died of the H1N1 swine flu virus. He is the fifth pilgrim to die of swine flu since the days leading up to the pilgrimage. Experts have warned that swine flu could spread among pilgrims.

Eid al-Adha, or "Festival of Sacrifice," is considered one of the most important days on the Islamic calendar. Muslims mark the festival by slaughtering cattle to commemorate a belief that God gave the prophet Abraham a ram to sacrifice in place of his son.

Virology Lectures

2009-11-28T12:59:00.005-06:00

Via virology.ws -

Each year I teach basic virology to medical, dental, and nursing students here at Columbia University Medical Center. Here are videocasts of my three lectures for 2009: Introduction to Virology I and II, and Viral Pathogenesis.

--------------------

I just finished the second virology intro video. Dr. Racaniello makes a point to focus on influenza in several sections, which is really cool.

For example, the cell receptor for influenza is sialic acid (SA). During budding, the newly created virons would normally stick to the outside of the cell (again by connecting to SA), but NA is used to counter this connection by stripping SA off the outside of the cell.

Oseltamivir (Tamiflu) and Zanamivir (Relenza) are neuraminidase inhibitors which bind with SA and stop NA from stripping it off, causing the newly created flu viron to stick the the outside of the cell....thus stopping the spread of the virus.

The Most Wanted Taliban Commanders in South Waziristan

2009-11-27T15:52:00.004-06:00

Via The Long War Journal -

Pakistani security forces recently detained a mid-level Taliban commander who was wanted by the government.

Abdullah Shah Mehsud, who was number 17 on the list of 20 most-wanted Taliban commanders from South Waziristan, was captured by Pakistani forces in the district of Tank. He is an "active member of Hakeemullah Mehsud Group from Shaktoi village near Razmak" in North Waziristan, the Pakistani military said in a press release. The military paid "head money," a sum of about $120,000, to the informer who turned Abdullah Shah in.

[...]

On Nov. 2, the military released a list of 20 most-wanted Taliban leaders. The bounties are to be paid for information leading to the death or capture of the senior leaders of the Movement of the Taliban in Pakistan.

[...]

Rewards of $600,000:

1. Hakeemullah Mehsud: The overall leader of the Movement of the Taliban in Pakistan. Considered a dangerous and effective leader, he led Taliban forces in Arakzai, Kurram, and in regions in Khyber and Peshawar before assuming the top job after Baitullah Mehsud, his cousin, was killed in a US Predator strike on Aug. 5.
2. Waliur Rehman Mehsud: The overall commander of the Taliban in South Waziristan. Waliur was competing with Hakeemullah for the top spot in the Movement of the Taliban in Pakistan. He is considered an able commander with strong ties to outside Taliban groups.
3. Qari Hussain Mehsud: The notorious trainer of child suicide bombers and an effective military commander. He is credited with masterminding some of the most deadly suicide strikes in Pakistan.

Rewards of $300,000:

4. Azam Tariq: The chief spokesman for the Movement of the Taliban in Pakistan. His real name is Mohammad Raees Khan Mehsud.
5. Maulvi Azmatullah Mehsud: The military commander of Taliban forces in the Barvand region. Formerly a close aide to Baitullah.
6. Mufti Noor Wali Mehsud: Commander of a Taliban training camp in the Gargaray region.
7. Mufti Noor Saeed: Military commander in South Waziristan.
8. Maulvi Shameem Mehsud: Military commander in South Waziristan.
9. Ameerullah Mehsud: Military commander in South Waziristan.
10. Naseeruddin Mehsud: Military commander in South Waziristan.
11. Shah Faisal Mehsud: Military commander in South Waziristan.
12. Sher Azeem Mehsud: Military commander in South Waziristan.
13. Jaleel Mehsud: Military commander in South Waziristan.
14. Mohammad Ismael Mehsud: Military commander in South Waziristan.

Rewards of $120,000:

15. Asmatullah Bhittani: Military commander in the towns of Jandola and Tank in the district of Tank. He is also known as Shaheen.
16. Arfeshaheen: Military commander in South Waziristan.
17. Abdullah Shah Mehsud: Military commander in the Shaktoi region in South Waziristan.
18. Mohammad Anwar Kandapur: Military commander in the district of Dera Ismail Khan.
19. Maulvi Abdul Wali: Military commander in South Waziristan.
20: Khan Saeed Mehsud: Military commander in South Waziristan.

Russia Destroys 45% of Chemical Weapon Stockpiles

2009-11-27T15:39:00.002-06:00

Via RIA Novosti -

Russia has destroyed 45% of its chemical weapon stockpiles one month ahead of a deadline under an international pact, the Foreign Ministry said on Friday.

The ministry said in a statement: "As of November 26, the Russian Federation has completed the destruction of 17,998.205 [metric] tons, or 45.03% of its chemical weapon stockpiles," in line with its obligations under the Chemical Weapons Convention.

The ministry said Russia is committed to destroying its entire declared arsenal (39,966 tons) "within a timeframe established by the Convention."

Russia signed the Chemical Weapons Convention banning the development, production, stockpiling, transfer, and use of chemical arms in 1993, and ratified it in 1997. The country is set to destroy its entire arsenal by 2012.

Russia destroyed 1% of its chemical weapon stockpiles in 2003 and 20% by 2007.

The country has allocated $7.18 billion from the federal budget for the implementation of the program, and has so far built five chemical weapon destruction plants - in Gorny (Saratov Region), Kambarka (Republic of Udmurtia), Nizhny Novgorod, the Maradykovo complex (Kirov Region), and Siberia's Kurgan Region. Another two are under construction.

Western nations pledged at the 2002 Kananaskis G8 summit to help Russia financially and technologically to destroy or convert its chemical weapons and production facilities as part of the Global Partnership against the Proliferation of Weapons and Materials of Mass Destruction.

The United States has contributed over $1 billion for the construction of the Shchuchye facility in the south Urals.

Secret Service Agent Didn't Check White House Dinner Crashing Couple

2009-11-27T12:57:00.003-06:00

Via MSNBC News -

A Secret Service employee stationed at the first checkpoint at the White House state dinner last Tuesday did not verify the names of a couple allowed in even though they were not on the guest list, a senior law enforcement official told NBC News on Friday.

The source also confirmed what two White House staff sources earlier told NBC News, that Tareq and Michaele Salahi were not "waved in" or had their names manually entered into the White House computer to gain entry.

The Secret Service, for its part, said Friday that it might begin a criminal investigation against the Virginia couple.

Agency spokesman Jim Mackin said the possible turn toward criminal charges is one reason the Secret Service has kept mum about what happened when the Salahis arrived at the security checkpoint. They were not on the guest list for the dinner honoring Indian Prime Minister Manmohan Singh.

Nobody disputes that the two, candidates for a reality TV show, were allowed through security. The Secret Service acknowledges that its procedures weren't followed.

Still unknown is the story that the uninvited guests spun to the security officers that persuaded them to allow the couple through. That likely would play a role in any criminal charges.

"As this moves closer to a criminal investigation there's less that we can say," Mackin said. "I don't want to jeopardize what could be a criminal investigation. We're not leaving any option off the table at this point."

---------------------------------

Any couple involved in the "The Real Housewives of D.C." should be jailed on pure principle anyways, IMO.

UK Charges Schizophrenic for Refusal to Decrypt Files (Section 53 of RIPA Part III)

2009-11-26T16:35:00.004-06:00

Via The Register UK -

The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record.

His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files.

The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.

[...]

His given reason for not cooperating with CTC - the fact that a section 49 notice overrides the right to silence - echoes the original debate over RIPA and encryption. When the law was drafted at the end of the last decade it sparked protests from civil liberties groups and security experts.

In September 2001, shortly after his stint as Home Secretary, when he had introduced RIPA, Jack Straw took to the airwaves to defend the powers.

"It was government trying to put in place increased powers so that we could preserve and sustain our democracy against this new kind of threat," he said in a Radio 4 interview.

"We needed to take powers so that we could de-encrypt commercially encrypted e-mails and other communications. Why? Because we knew that terrorists were going to use this."

News that the first person jailed for the offence of not talking in a police interview has been judged no threat to national security and suffers from a mental condition associated with paranoia and a fear of authorities is unlikely to win RIPA Part III new supporters.

-----------------------------

Does that sound like innocent until proven guilty to you?

Couple Slips Though Security to Crash White House State Dinner

2009-11-25T23:53:00.006-06:00

Via Yahoo! News -

Crashing a state dinner at the White House apparently takes a security breakdown as well as some kind of nerve.

The Secret Service is looking into its own security procedures after determining that a Virginia couple, Michaele and Tareq Salahi, managed to slip into Tuesday night's state dinner at the White House even though they were not on the guest list, agency spokesman Ed Donovan said.

President Barack Obama was never in any danger because the party crashers went through the same security screening for weapons as the 300-plus people actually invited to the dinner honoring Indian Prime Minister Manmohan Singh, Donovan said.

Donovan confirmed the identities of the couple. The Washington Post, which first reported on their evening out, said the Salahis were well-known in the Virginia horse-country set and were being considered for the Bravo reality TV show "Real Housewives of D.C."

In an interview with the "CBS Early Show" in September, Michaele Salahi said, "President Obama has made it very accessible for anyone to visit the White House, so that's like a big thing right now."

The CBS interview was part of a segment on potential candidates for "Real Housewives of D.C." but never was aired.

The Secret Service learned about the security breach Wednesday after a media inquiry prompted by the Salahis' online boasts about having attended the private event, Donovan said.

One of the many photos from the dinner posted on Michaele Salahi's Facebook page shows the couple with a smiling Vice President Joe Biden. In other photos, they appear alone or together with White House chief of staff Rahm Emanuel, Washington Mayor Adrian Fenty, CBS News anchor Katie Couric, Rep. Ed Royce, R-Calif., and three Marines in their dress blues.

Donovan would not comment on whether the couple had been contacted by the Secret Service, how long they were on the White House grounds or other details of the investigation.

The Post said uninvited guests who got in could face a potential trespassing charge unless someone from inside the White House staff slipped them in.

Donovan would not comment on possible legal violations.

The agency's Office of Professional Responsibility was reviewing what occurred. An initial finding indicated that a checkpoint did not follow proper procedures to ensure the two were on the guest list, Donovan said.

"It's important to note that they went through all the security screenings — the magnetometer screening — just like all the other guests did," Donovan said. And, he added, Obama and others under Secret Service protection had their usual security details with them at the dinner.

--------------------------------

Michaele Salahi & Joe Biden

I think the Secret Service has some serious explaining to do. Even invited guest are subject to physical security checks...that isn't the point.

Who are these people and how did uninvited / unknown people get access to the White House (not to mention physical access to the Joe Biden and other high level officials)??

McAfee Virtual Criminology Report 2009

2009-11-25T18:46:00.002-06:00

http://resources.mcafee.com/content/NACriminologyReport2009NF

Is the age of cyber war at hand? This year, the fifth annual McAfee Virtual Criminology Report contemplates this question and others prompted by the fact that nation-states are arming themselves for the cyberspace battlefield.

Highlights from the McAfee Virtual Criminology Report:

The number of reports of cyber attacks and network infiltrations that appear to be linked to nation-states and political goals continue to increase.
There is active debate as to when a cyber attack reaches the threshold of damage and disruption to warrant being categorized as cyber warfare.
With critical infrastructure as likely targets of cyber attacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire.
The private sector needs to prepare for cyber attacks, and those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share.

Al-Shabaab Recruiters Indicted in Minnesota

2009-11-25T18:29:00.003-06:00

Via US Department of Justice (h/t Shimron Letters) -

Terrorism charges have been unsealed today in the District of Minnesota against eight defendants. According to the charging documents, the offenses include providing financial support to those who traveled to Somalia to fight on behalf of al-Shabaab, a designated foreign terrorist organization; attending terrorist training camps operated by al-Shabaab; and fighting on behalf of al-Shabaab.

Thus far, 14 defendants have been charged in the District of Minnesota through indictments or criminal complaints that have been unsealed and brought in connection with an ongoing investigation into the recruitment of persons from U.S. communities to train with or fight on behalf of extremist groups in Somalia. Four of these defendants have previously pleaded guilty and await sentencing.

The charges were announced today by David Kris, Assistant Attorney General for National Security; B. Todd Jones, U.S. Attorney for the District of Minneapolis; and Ralph S. Boelter, Special Agent in Charge of the Minneapolis field office of the Federal Bureau of Investigation.

"The recruitment of young people from Minneapolis and other U.S. communities to fight for extremists in Somalia has been the focus of intense investigation for many months," Assistant Attorney General Kris said. "While the charges unsealed today underscore our progress to date, this investigation is ongoing. Those who sign up to fight or recruit for al-Shabaab’s terror network should be aware that they may well end up as defendants in the United States or casualties of the Somali conflict."

College Swine Flu Rates Drop 37% as Infections Peak

2009-11-25T13:51:00.006-06:00

Via Bloomberg.com -

Swine flu infection rates at U.S. colleges and universities fell 37 percent last week, adding more evidence that the second wave of pandemic flu has peaked.

The drop followed a similar decline a week earlier, according to a survey of 243 college and universities by the American College Health Association. In the latest report, the attack rate decreased to 13.4 cases per 10,000 students from 21.3 cases, the group said in an e-mail today. The proportion of colleges with outbreaks fell to 90 percent from 95 percent.

The Centers for Disease Control and Prevention said on Nov. 20 that H1N1 infection rates had declined in all U.S. populations for the third consecutive week. It was the first sustained drop since children and college students returned to school in August. The next few days may test the retreat as families gather for the Thanksgiving holiday.

“The peak clearly has passed,” said Ira Longini, a University of Washington statistician who advises the U.S. government on flu, in an interview yesterday. “The real question now is have enough children been infected such that they’re immune, and there’s not enough susceptibility to sustain a third wave.”

The H1N1 strain disproportionately attacks children and young adults, according to the Atlanta-based CDC. About 90 percent of deaths occurring among those younger than 64, according to the CDC. By contrast, the majority of deaths from seasonal flu are among people older than 80.

----------------------------

Check out the Virology Blog for more info on this 2nd H1N1 peak..
http://www.virology.ws/2009/11/20/second-h1n1-peak-in-us

Dr. Racaniello points out that despite some predictions, there is no evidence from any influenza pandemic that viral mutants of increased virulence in humans have emerged in successive cycles of infection.

Iraq Gov Launches Channel on YouTube

2009-11-25T11:00:00.001-06:00

Via BBC -

The Iraq government has followed in the footsteps of the Queen and the Pope and set up its own YouTube channel.

The channel has been set up to promote transparency and allows people to watch speeches and behind-the-scenes footage.

The country's Prime Minister, Nouri al-Maliki, said it was aimed at "people both at home and abroad".

In an opening address on the channel he said it was also an opportunity to show the world what Iraq had been through during the war.

"The government sees in this video technology an opportunity to show our achievements," said Mr al-Maliki.

"The world has not seen what the Iraqi government has been able to achieve in regard to security, economy, politics and building."

He said it was also a "showcase potential investment opportunities" and would be used to show the world the "vigorous war and terror" that Iraq had been through.

Mr al-Maliki said the channel was "one of the methods" that the government would use to "connect with people globally".

However, the first video published on the channel had a key feature disabled, meaning that viewers could not leave comments.

In addition, the web service may be of limited value to many of Iraq's citizens.

The UN estimates that just one in every hundred of the population has access to the internet. It has no figures of the number of people who have broadband subscriptions.

Man Pleads Guilty to Selling Fake Chips to US Navy

2009-11-25T10:16:00.001-06:00

Via NetworkWorld.com -

A 32-year-old California man has pleaded guilty to charges that he sold thousands of counterfeit chips to the U.S. Navy.

In a plea agreement reached on Friday, Neil Felahy of Newport Coast, California, pleaded guilty to conspiracy and counterfeit-goods trafficking for his role in an alleged chip-counterfeiting scam that ran between 2007 and 2009. Felahy, his wife Marwah Felahy, and her brother Mustafa Abdul Aljaff operated several microchip brokerage companies that imported chips from Shenzhen, in China's Guangdong province.

They would buy counterfeit chips from China or else take legitimate chips, sand off the brand markings and melt the plastic casings with acid to make them appear to be of higher quality or a different brand, the U.S. Department of Justice said in a press release.

According to court filings, the accused imported more than 13,000 fake chips, worth more than US$140,000. They sold counterfeit Intel, Fujitsu, Via, National Semiconductor and Analog Devices chips, filings state.

The three operated companies under a variety of names including MVP Micro, Red Hat Distributors, Force-One Electronics and Pentagon Components.

The counterfeit chips were allegedly sold to Naval Sea Systems Command, the Washington, D.C., group responsible for maintaining the U.S. Navy's ships and systems, as well as an unnamed vacuum-cleaner manufacturer in the Midwest. The U.S. Department of Defense did not respond to requests for comment about the incident.

Felahy faces up to 51 months in prison and millions of dollars in fines. He is expected to be sentenced next year in U.S. District Court for the District of Columbia. He entered his guilty plea on the condition that charges would be dropped against his wife, but he has agreed to cooperate with the government, which is still pressing charges against his brother-in-law, Aljaff.

New IE 6/7 CSS Exploit Added to Metasploit

2009-11-25T08:42:00.003-06:00

http://www.microsoft.com/technet/security/advisory/977981.mspx

Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

------------------------------------------------

http://twitter.com/hdmoore

exploit coverage for the new IE 6/7 CSS flaw added to metasploit: [ msf> use exploit/windows/browser/ie_style_getelementsbytagname ]

------------------------------------------------

Microsoft Internet Explorer Style getElementsByTagName Memory Corruption

This module exploits a vulnerability in the getElementsByTagName function as implemented within Internet Explorer.

In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create shellcode in memory at a known location.

Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.