Cyber Security News

Cyber Security News

August 2008

Security Geeks, Hackers Convene in Vegas

The annual Black Hat computer security conference is going on in Las Vegas, and will be followed immediately by the DEFCON hacker convention. Black Hat targets network professionals, while DEFCON peppers its looser schedule with hacker challenges and contests. Black Hat delegates can attend DEFCON for free.

Thousands of network security professionals are in Las Vegas for the annual Black Hat Briefings computer security conference, which will be immediately followed by the DEFCON hacker convention. Both events focus on network and Internet security issues. The Black Hat conference is held at Caesars Palace Las Vegas Hotel & Casino, while DEFCON is at the Riviera Hotel & Casino August 8-16……(News Factor, 7 Aug 08)

'Cybersecurity commission' to proffer advice to next president

…The private organization, which has close ties to the U.S. military and counts Henry Kissinger on its payroll, has gathered about 35 people and awarded them the official-sounding title of "Commission on Cyber Security for the 44th Presidency." Adding to the formality are some closed-to-the-public meetings and ex-officio members from federal agencies, congressional offices, and the nebulous "intelligence community." The group's mandate is unusually broad: developing a "forward-looking framework for organizing and prioritizing government efforts to secure cyberspace." But four of its members indicated on Wednesday that the commission is focused on compiling no more than five recommendations and will not be proposing legislation or suggesting dramatic changes..….(CNet, 7 Aug 08)

Net address bug worse than feared

A recently found flaw in the internet's addressing system is worse than first feared, says the man who found it.

Dan Kaminsky made his comments when speaking publicly for the first time about his discovery at the Black Hat conference in Las Vegas. He said fixes for the flaw in the net's Domain Name System (DNS) had focused on web browsers but it could be abused by hackers in many other ways. "Every network is at risk," he said. "That's what this flaw has shown."…..(BBC, 7 Aug 08)

Russian Gang Hijacking PCs in Vast Scheme

A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found. The new form of attack indicates that little progress has been made in defusing the threat of botnets, networks of infected computers that criminals use to send spam, steal passwords and do other forms of damage, according to computer security investigators…The system infects PCs with a program known as Coreflood that records keystrokes and steals other information. The network of infected computers collected as much as 500 gigabytes of data in a little more than a year and sent it back to the Wisconsin computer center, Mr. Stewart said. One of the unique aspects of the malicious software is that it captures screen information in addition to passwords….(New York Times, 6 Aug 08)

11 Charged in Global Theft, Sale Of 40 Million Card Numbers

Federal prosecutors charged 11 people yesterday with the theft and sale of more than 40 million credit and debit card numbers from at least nine U.S. retailers in what they said was one of the largest and most complex hacking and identity theft cases ever brought. Officials with the Department of Justice said the people indicted were part of a criminal ring that stretched from the United States to Eastern Europe to East Asia, highlighting the global nature of computer crime. Charges of conspiracy, computer intrusion, fraud and identity theft have been brought against people from Estonia, Ukraine, China and Belarus, as well as the United States. One person, known only by an online alias, Delpiero, has not been located…….(Washington Post, 6 Aug 08)

Blog: EFF Helps Spot ISP Spies

The Electronic Frontier Foundation (EFF) has released a new advanced tool to help users test their Internet connection for bandwidth interference from their ISP. Called 'Switzerland,' the open source, command line tool was created in response to the FCC's landmark decision last week to fine Comcast for restricting P2P traffic on its broadband network. Part of the EFF's Test Your ISP project, Switzerland can detect anti-P2P tools like Sandvine and Audible Magic, and is able to keep copies of any modified data that your ISP injects into your file transfer. This is significant as anti-P2P software typically modifies data being transferred which then tricks your computer into terminating the connection……(PC World, 4 Aug 08)

FEMA still weak on IT security, auditors say

The Federal Emergency Management Agency is still struggling to secure its information technology systems with 31 weaknesses carried over from previous years and 13 new weaknesses identified in fiscal 2007, according to a new audit report released by Homeland Security Department Inspector General Richard Skinner. FEMA corrected 10 weaknesses last year, and it developed new policies, processes and procedures to comply with cybersecurity guidelines, states the report on FEMA’s IT issues related to financial controls, written by the KPMG LLP auditing firm. Overall, FEMA continues to suffer from weak controls on employee and contractor passwords, shortcomings in application service development and service continuity, and a weakness in its systemwide documentation, among other problems, the report states……(FCW, 4 Aug 08)

Seattle security expert helped uncover major design flaw on Internet

…(Dan) Kaminsky was typing away in bed in February tangled in a virtual snake pit of Ethernet cables when something sent a chill down his spine. He had discovered a devastating design flaw that could turn the World Wide Web into a playground for criminals, leaving global commerce gridlocked… he discovered a potentially devastating mistake in the design of the Internet itself. That flaw, if it became public, would allow even an unsophisticated hacker secretly to swap one computer's Web address for another's in the Internet virtual address book, dubbed "Domain Name Services."…..(Seattle PI, 4 Aug 08)

Expert urges China visitors to encrypt data

China's blocking of Web sites has embarrassed the International Olympic Committee, but a computer security expert said on Thursday that visitors to Beijing also needed to protect their data from prying eyes. "People who are going to China should take a clean computer, one with no data at all," said Phil Dunkelberger, chief executive of security software firm PGP Corp. Travelers carrying smart cell phones, blackberries or laptop computers could unwittingly be offering up sensitive personal or business information to officials who monitor state-controlled telecommunications carriers, Dunkelberger said. He said that without data encryption, executives could have business plans or designs pilfered, while journalists' lists of contacts could be exposed, putting sources at risk……(Reuters, 1 Aug 08)

New legislation would give security chiefs more power

Lawmakers are crafting a bill that would significantly expand the roles federal chief information security officers have in agencies, including giving them powers to enforce security policies and test federal networks' defenses.

The bill would give CISOs the power to respond immediately to cyber threats and would also create a CISO council where information security officials could meet to share ideas and agree on best practices, much like the federal Chief Information Officers Council……(NextGov, 1 Aug 08)

DHS stays mum on new 'Cyber Security' center

The Bush administration's newly created National Cyber Security Center remains shrouded in secrecy, with officials refusing to release information about its budget, what contractors will run it, and how its mission relates to Internet surveillance. In correspondence with the U.S. Senate posted on Thursday, the Bush administration said it would not provide that information publicly. An 18-page, partially redacted letter from DHS said that disclosure could affect "the conduct of federal programs, or other programs or operations essential to the interests of our nation."… Oddly, DHS seemed to change its mind about whether even the mere existence of the National Cyber Security Center was classified or not. "On March 20th, you announced that Rod Beckstrom would be the director of the new National Cyber Security Center within DHS," Lieberman and Collins said in a letter (PDF) to DHS in May. "Prior to this announcement, committee staff had been instructed that the existence of the NCSC was itself classified." …..(CNet, 1 Aug 08)

July 2008

Exploit Prods Software Firms to Update Their Updaters

A security researcher has released a set of tools that make it simple for attackers to exploit weaknesses in the auto-update feature of many popular software titles. By targeting widely deployed programs such as Java, OpenOffice, Winamp and Winzip, that don't use a digital signature on their product updates, attackers can impersonate those companies and trick users into believing they are updating their software, when in reality the users may be uploading a package designed to compromise the security of their computer……(Washington Post Blog, 31 Jul 08)

UK hacker loses appeal against US extradition

Britain's top court refused Wednesday to stop the extradition to the U.S. of a British hacker accused of breaking into Pentagon and NASA computers _ something he claims to have done while hunting for information on UFOs.

Gary McKinnon, 42, faces charges in the United States for what officials say were a series of cyber attacks that stole passwords, attacked military networks and wrought hundreds of thousands of dollars worth of computer damage…Prosecutors allege that McKinnon hacked into than 90 computer systems belonging to the U.S. Army, Navy, Air Force, Department of Defense and NASA between February 2001 and March 2002, causing $900,000 worth of damage. McKinnon has acknowledged accessing the computers…..(AP, 30 Jul 08)

FBI Warns of Storm Worm Virus

The FBI and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware. These e-mails, which contain the phrase “F.B.I. vs. facebook,” direct e-mail recipients to click on a link to view an article about the FBI and Facebook, a popular social networking website. The Storm Worm virus has also been spread in the past in e-mails advertising a holiday e-card link. Clicking on the link downloads malware onto the Internet connected device, causing it to become infected with the virus and part of the Storm Worm botnet…..(FBI Press Release, 30 Jul 08)

Web curbs for Olympic journalists

Journalists covering the Beijing Olympic Games will not have completely uncensored access to the internet, Chinese and Olympic officials say. Sites related to spiritual group Falun Gong would be blocked, officials said. Journalists also found they could not see some news or human rights websites. China enforces tough internet controls, but said when it bid for the Games that journalists would be free to report……(BBC, 30 Jul 08)

Olympics visitors warned of digital monitoring

American business executives visiting Beijing for the Olympics should leave their laptops at home and "assume all electronic communications are monitored," according to a briefing prepared by a U.S. State Department advisory panel. The briefing also says that U.S. businesses and individuals could be the target of violent Chinese nationalist protests and that traveling around the capital while its mass-transit system strains to cope with the extra riders will likely prove a "logistical challenge." The briefing was prepared by the Overseas Security Advisory Council, or OSAC, a partnership between the State Department and the private sector, which provides security advice for U.S. businesses operating abroad...Chinese officials have blocked Internet sites in the main press center and venues where reporters will work, especially sites that feature political and human rights information the government dislikes, the Associated Press reported Tuesday. Sites such as Amnesty International's or any search for a site with Tibet in the address could not be opened at the main press center, which will house about 5,000 print journalists when the games open Aug. 8, the AP reported from Beijing. …But both the British and German authorities have warned this year of aggressive corporate and economic espionage efforts by the Chinese, and the briefing warns that the Olympics will

Chinese Authorities Order Olympic Hotels To Install Spy Gear

In an apparent mistranslation of the concept of hospitality, Chinese authorities have ordered foreign-owned hotels to install Internet monitoring equipment to spy on hotel guests during the Olympic Games, U.S. Sen. Sam Brownback, R-Kansas, charged on Tuesday. "I am very disappointed that the Chinese government will not follow through on its promise to the International Olympic Committee to maintain an environment free of government censorship during the Games," Brownback said in a statement. "The Chinese government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying. This means journalists, athletes' families and other visitors will be subjected to invasive intelligence gathering by the Chinese Public Security Bureau."……(Information Week, 29 Jul 08)

Anyone can be caught in the web of terror

Thieves, pranksters and terrorists have a tool in your own home to commit their dastardly deeds—your personal computer. And when the cyber cops come calling, it will be you they see at the end of the line of evidence. Why? Your Internet Protocol (IP) address will show as the one from which the crime was committed. Mumbaikars and local cyber cops awoke to a new world on Sunday, after it was revealed that the computer in the house in Navi Mumbai from where the e-mail on the Ahmedabad blasts was sent, was most likely hacked into. This appears to be the first time that a local IP address has been hacked into for terror purposes. The Anti-Terrorism Squad (ATS) raided the flat in the swanky Gunina building, at Sanpada, at around 2am on Sunday. The apartment belongs to an Abishek Sharma and was leased out to two Americans, Kenneth Haywood and Kens White. They have told the police their computer was hacked into to send the e-mail. ….(Times of India, 29 Jul 08)

Cooperation needed to fight cybercrime

A former U.S. cyber-czar said Monday there is no adequate framework for collaboration between governments and the private sector against cybercrime…"It is vitally important to the future of cyberspace, and all who depend on it within government and the private sector, that the existing international collaboration and information sharing among … key players in the IT and communications infrastructure be significantly enhanced," said Purdy, a former acting director of the National Cyber Security Division of the U.S. Department of Homeland Security and currently a private cybersecurity consultant…..(UPI, 29 Jul 08)

US government security data compromised

The security of data held by the CIA, the FBI and the US Department of Defense was compromised earlier this year after a partner agency allowed zone transfer access of its Domain Name Services. Professor John Walker, managing director of forensics consultancy Secure-Bastion, revealed the security blunder during the International Crime Science conference in London last week. Professor Walker had been testing DNS environments as part of his academic research. "In one case an organization in the US, working with some government agencies, allowed me to get into their systems to see their servers named for their clients. Their servers were called 'CIA', 'FBI' and 'DOD',"….(VNU Net, 28 Jul 08)

Hackers get hold of critical Internet flaw

Internet security researchers on Thursday warned that hackers have caught on to a "critical" flaw that lets them control traffic on the Internet. An elite squad of computer industry engineers that labored in secret to solve the problem released a software "patch" two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks. "We are in a lot of trouble," said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution. "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please," Kaminsky said. "This is a big deal." (AFP, 24 July 08)

Identity management: more than just a password

One way to think about identity management is to imagine an enormous blueprint of an office building. It illustrates the rooms each person who works in the building can enter. The blueprint also indicates what kind of key is needed to open the door to a room, and what a person can do once inside. A computer network is like the building, and each room represents a file, database or application on that network. The employees working in the building are the users. The keys are the privileges that the system administrator hands out to each person who works on the network, providing access to a file, database or application. The keys also determine what a user can do while accessing a specific file or application. Like building security, identity management is the most essential form of information protection agencies use. It's also among the information security practices that are least used or properly implemented. (NewsFactor Network, 23 July 08)

Malware 'has infected major UK government websites'

Key Government websites have been infected by cyber-criminals aiming to steal browsers' personal details, it was reported today. More than a thousand Government and consumer sites are said to have been hit, including some run by the NHS and a local council. The Times Online says the hackers are Eastern European and that security experts estimate at least two million computers worldwide have been affected. At the heart of the claims is the asprox 'toolkit' that installs malware on vulnerable websites and tries to commandeer them, says The Independent's Cyberlinic columnist, Rhodri Marsden. He said: "Infected websites then install malware on the computers of any visitors to the site, including another copy of Asprox. Which then searches for more websites to infect. Vicious. (Independent, 23 July 08)

Top intelligence priority is cybersecurity

President Bush's single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence. A highly classified, multiyear, multibillion-dollar project, CNCI - or "Cyber Initiative" - is designed to develop a plan to secure government computer systems against foreign and domestic intruders and prepare for future threats. Any initial plan can later be expanded to cover sensitive civilian systems to protect financial, commercial and other vital infrastructure data. "It is no longer sufficient for the U.S. Government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions," Director of National Intelligence Mike McConnell noted in a February 2008 threat assessment. "We must take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage." His conclusions echoed those of a 2007 interagency review that led to CNCI's creation. (Washington Post, 22 July 08)

Cyber-bank robbers hit online accounts

A ring of cyber-bank robbers from southern Russia has quietly perfected a way to get inside company networks in order to rip off online bank accounts. Over the past 16 months, the Coreflood Gang has infected swaths of PCs inside thousands of companies, says SecureWorks researcher Joe Stewart."It's spying on you, capturing your log-ons, user names, passwords, bank balances, contents of your e-mail," says Stewart. Coreflood is part of a class of malicious software, called banking trojans. The number of banking trojans detected on the Internet this month topped 24,800, up from 3,342 at the start of 2006, says security firm F-Secure. (Courier Post Online, 22 July 08)

Cybersecurity Will Take A Big Bite of the Budget

US cyberspying fears hang over Beijing Olympics

US paranoia about Chinese computer hackers has created a diplomatic dilemma about whether or not to warn visitors and business people traveling to next month's Beijing Olympics about cyber-security risks. Last month the department of Homeland Security privately warned government and key private-sector contacts of the cyber-security perils facing overseas travelers from foreign governments. Spying techniques outlined in the advisory, which wasn't made public, included copying the contents of laptop hard disks at border crossing or in hotel rooms and "loading spyware" onto BlackBerry mobile devices…..(Register, 21 Jul 08)

Is China attacking Belgian computers

Belgian officials say an attempt to infiltrate critical computer networks appears to have come from China.

Justice Minister Jo Vandeurzen told newspapers he believes the Chinese government is engaged in espionage.

The attacks were carried out using e-mail with software that can send information back to the attacker, Gazet van Antwerpen and De Tijd reported. The Chinese are allegedly interested in Belgium because the European Union and NATO have their headquarters in Brussels…..(Portalino, 21 Jul 08)

Government, health care Web sites attacked

A scan of Web servers by Internet security company Finjan Inc. has found more than 1,000 legitimate Web sites that had been compromised by a new wave of attacks in recent weeks. High percentages of the compromised sites, which serve up malicious code to unsuspecting visitors, belonged to government at 13 percent, and to health care organizations at 12 percent, said Finjan Chief Technology Officer Yuval Ben-Itzhak… The attack toolkit being used is named Asprox, and has been in use for several years, having gained popularity with cybercriminals during 2007. “This is not groundbreaking,” Ben-Itzhak said. The tool uses a well-established SQL-injection attack to compromise the sites. But the sites being targeted appear to indicate a shift in the underground economy that has grown up harvesting sensitive information from online activities……(GCN, 18 Jul 08)

Is Technology Going Too Far With Spy Phones?

Most cell phone users make the assumption that their phone conversations are private. But that might not be the case. New technology, called spy phones, allows people to track others' calls and even listen to what they say.
Several Internet companies offer software that can be downloaded onto another person's phone. Why? Among the promotions for this software: catch a cheating spouse, track your teenager, check up on your employees.
Once downloaded, you will get a text message whenever a call is made from that phone, telling you what number is being called. You will get a log on your computer of every call that goes out or comes into the phone, how long the calls last. You can even read the text messages sent and received. And in the case of a program called Flexispy, you can call into the phone with the software and listen in on the conversation as it is happening.…..(WBZTV, 18 Jul 08)

Face-Off: Chinese Cyberattacks: Myth or Menace?

POINT: Something is definitely going wrong with the U.S. Department of Defense and government agency networks, but it's not what you probably think. When it was announced that more than 10 terabytes of data had been stolen from DOD unclassified networks as part of an orchestrated operation from China, I was as horrified as you. Ten terabytes is a lot…DOD always counters: no classified information was accessed. But that's BS--the unclassified networks carry logistical, payroll, personnel, medical and operational data. COUNTERPOINT: The popular media narrative is that there is a coordinated attempt by the Chinese government to hack into U.S. computers--military, government, corporate--and steal secrets. The truth is a lot more complicated. There certainly is a lot of hacking coming out of China. Any company that does security monitoring sees it all the time. Of course, they can't prove that it comes out of China. But the majority of servers used in the attacks are located in China, using DNS bouncers that can only be registered by people literate in Chinese…..(Search Security, Jul 08 Issue)

Power grid overseer steps up cybersecurity

The organization that oversees reliability for the nation’s electrical power grid is stepping up its cybersecurity efforts by setting up a new program office and creating a task force to review cybersecurity standards for the power industry. The North American Electric Reliability Corp. (NERC), a quasi-governmental coalition that operates under the Federal Energy Regulatory Commission (FERC), said it will establish a Critical Infrastructure Program, which includes cybersecurity, as its fourth program focus area. One of the program’s initiatives will be hiring a chief security officer to be a single point of contact for cyber and infrastructure issues related to the national electric power grid……(FCW, 17 Jul 08)

U.S. Fears Threat of Cyberspying at Olympics

A debate is brewing in the U.S. government over whether to publicly warn businesspeople and other travelers heading to the Beijing Olympics about the dangers posed by Chinese computer hackers.

According to government officials and security consultants, U.S. intelligence agencies are worried about the potential threat to U.S. laptops and cellphones. But others, including the State and Commerce departments and some companies, are trying to quiet the issue for fear of offending the Chinese, these people say…U.S. intelligence and security officials are concerned by the frequency with which spies in China and other countries are targeting traveling U.S. corporate and government officials. The Department of Homeland Security issued a warning last month to certain government and private-sector officials stating that business and government travelers' electronic devices are often targeted by foreign governments. The warning wasn't available to the public. The spy tactics include copying information contained in laptop computers at airport checkpoints or hotel rooms, wirelessly inserting spyware on BlackBerry devices, and a new technique dubbed "slurping" that uses Bluetooth technology to steal data from electronic devices. In addition to cybersecurity threats in other countries, "so many people are going to the Olympics and are going to get electronically undressed," said Joel Brenner, the government's top counterintelligence officer. He tells of one computer-security expert who powered up a new Treo hand-held computer when his plane landed in China. By the time he got to his hotel, a handful of software programs had been wirelessly inserted…..(Wall Street Journal, 17 Jul 08)

Olympic Security, China and Intellectual Property

…what businesses are doing if their employees are attending the Summer Olympics in Beijing. Are organizations securing the corporate secrets that may be on the laptops employees carry into China? Over the years I have heard many stories from CSOs about their encounters with state-sponsored IP theft and industrial espionage. Those stories, while including many countries, have usually focused on two nations in particular: France and China. It just so happens this year that the Summer Olympics are being held in Beijing, a nation noted for its accelerating economy, utter lack of intellectual property protections and talented intelligence services. This is a risky mix to encounter when you are trying to protect corporate secrets.…..(CSO, 16 Jul 08)

New Zealand teen fined in Penn computer hack

A New Zealand teenager who admitted to hacking into the University of Pennsylvania computer system was ordered Tuesday to pay more than $11,000 in fines but avoided a conviction so that he can help police solve computer crimes. The Feb. 23, 2006, attack on the University of Pennsylvania engineering school's computer system caused part of the system to crash. Owen Thor Walker, 18, known by his online name "AKILL," also is linked to a network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims' bank accounts. Walker earlier pleaded guilty to two charges of accessing a computer for dishonest purpose, two charges of accessing computer systems without authorization, one of damaging or interfering with computer systems and one of possessing software for committing crime. Although Walker pleaded guilty, the court discharged his case without a conviction Tuesday so that his record won't include a criminal offense _ and so he can help police in the future……(AP, 15 Jul 08)

When the Phone Goes With You, Everyone Else Can Tag Along

…Consumers for years have been able to carry portable electronic devices that can pinpoint where they are on a map or a mountain trail. But yesterday's launch of the iPhone 3G signals the growing sophistication of an industry -- demonstrating the power of marrying precise location technology with the reach of the Internet on mobile devices. Merchants can use this information to target ads, malls to entice shoppers, insurance adjusters to calibrate premiums, employers to catch moonlighters and parents to keep an eye on children. But what many users may not realize is that by sharing this information, they are creating often permanent records that can tell not only wireless providers, but also social networking sites, other users, and potentially law enforcement and civil attorneys every place they are and have been, as long as their phone and tracking device are on……(Washington Post, 12 Jul 08)

Tech giants unite to thwart web hijack risk

Internet giants have united to fix a serious flaw in the internet addressing system that might have let hackers hijack web traffic. The big software and hardware makers worked in secret for months to create a software patch which has now been released to repair the glitch. The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser. Dan Kaminsky, a security researcher at IOActive, stumbled upon the vulnerability in the domain name system (DNS) about six months ago and contacted industry giants including Microsoft, Sun Microsystems and Cisco to collaborate on a solution. DNS is the internet's equivalent of a telephone exchange, linking the web address typed by a user with the website's unique numerical address. (Times Online, 9 July 08)

Congress studies how people track your online use

Executives from major Internet players- Microsoft Corp., Google Inc. and Facebook Inc. - are due for a grilling about online privacy in a Senate committee Wednesday, but the company likely to get the most scrutiny is a small Silicon Valley startup called NebuAd Inc. NebuAd has drawn fierce criticism from privacy advocates in recent weeks for working with Internet service providers to track the online behavior of their customers and then serve up targeted banner ads based on that behavior. (AP, 9 July 08)

Another national security threat

China is the biggest producer of information-technology (IT) products, according to the Heritage Foundation. And by IT, they don’t just mean producing computers; they mean intelligence or cyber-spying. (American Daily, 9 July 08)

A massive threat to national security may be in your computer

As he sat down at a conference room table in his office, the picture of calm, National Counterintelligence Executive Joel Brenner made it clear that his very presence with this reporter, or any reporter was an anomaly.

"The fact that I am talking to you at all is a remarkable thing. Counterintelligence lives in the dark most of the time. There are people in the counterintelligence community that are amazed that I would be giving an interview like this," Brenner says…"The Russians and the Chinese remain big problems for us. The Cubans are a problem for us, and the Iranians are a big problem for us," Brenner says. Among the worst of the problems are industrial espionage and American dependence of foreign production of sensitive computer components…..(WTOP, 8 Jul 08)

Cyber Warfare Doctrine Published

The tenets for cyber warfare must be developed and integrated into a flexible framework for decision making about this new method of warfare that military leaders have called “the most significant Threat of the 21st Century.” Lots of attention has recently been given to the threat of cyber attacks and the issue of cyber warfare. U.S. Secretary of Defense Robert Gates, and NATO Defense Ministers along with many others around the world have expressed their concerns about recent cyber attacks and the risks of cyber conflict including acts of cyber terrorism. The Cyber Warfare Doctrine is thought to be the first step required to create a meaningful dialog about exactly what constitutes an act of cyber war and what offensive and defensive cyber capabilities need to be developed as well as what international laws need to be adopted to step the proliferation of cyber weapons and cyber attacks by nation states, extremist groups, organized crime and terrorist organizations……(Expert-Click, 7 Jul 08)

NIST issues guidelines to test agencies' network security

The National Institute of Standards and Technology released on Monday guidelines for agencies to test how well their computer systems fend off cyberattacks. Many analysts say the recommendations could be the first step in fixing one of the more serious flaws in government's approach to network security. NIST's instructions detail how agencies can assess their procedures for testing security controls for information systems. The release is the latest addition to the NIST Special Publication 800 series……(Next Gov, 1 Jul 08)

Hackers Tag Lithuanian Web Sites With Soviet Symbols

Hackers attacked about 300 Web sites in Lithuania over the weekend, defacing them with Soviet symbols and anti-Lithuanian slogans, officials said Monday. The Web sites were vandalized two weeks after Lithuania, a former Soviet republic, outlawed the display of Soviet symbols, a ban that touched off new tensions with Russia. Lithuanian officials did not directly accuse Russian hackers of initiating the attacks, but said they had come from foreign computers and were most likely related to the ban…….(New York Times, 1 Jul 08)

June 2008

Ghostly threat to Internet Explorer users

Microsoft certainly never imagined anything like this. A talk given behind closed doors at the Microsoft BlueHat Security Briefing revealed a huge security problem in Internet Explorer. Presenter Manuel Caballero demonstrated a far-reaching espionage tool that can trap users who are merely visiting a web site. His spooky summary read: "Do you believe in ghosts? Imagine an invisible script that silently follows you while you surf – even after changing the URL 1,000 times. And this ghost is able to see everything you do, including what you are surfing and what you are typing (passwords included), and even guess your next move."…..(Heise, 30 Jun 08)

Former White House Advisor: Hackers Didn't Cause 2003 Blackout

Cyber security consultant Paul Kurtz threw some cold water this week on a report that Chinese hackers caused the massive 2003 northeastern U.S. blackout. He worked for the White House at the time of the outage. Last month the National Journal cited two computer security professionals, who in turn cited unnamed U.S. intelligence officials, in reporting that China's People's Liberation Army may have cracked the computers controlling the U.S. power grid to trigger the cascading blackout that cut off electricity to 50 million people in eight states and a Canadian province. On Wednesday, Kurtz told NPR host Diane Rehm, of WAMU, that there's no truth to the claim. At least in the case of the blackout in 2003…..(Wired, 30 Jun 08)

GAO: DHS should complete integration of cyber operations

The Homeland Security Department has failed to follow two of three recommendations issued by a special task force last year to integrate operations to improve response to disruptions of voice and data networks during emergencies, according to a report issued on Thursday by the Government Accountability Office.

In September 2007, a task force created by DHS recommended merging the U.S. Computer Emergency Readiness Team, which analyzes cyber threats and disseminates warning information, with the National Coordination Center and the National Coordination Center Watch. NCC is the point of contact for the private sector on issues affecting the availability of the nation's communications infrastructure, and NCC Watch coordinates with NCC members during a major disruption in telecommunications to restore service……(Next Gov, 27 Jun 08)

Internet Provider Halts Plan to Track, Sell Users' Surfing Data

Charter Communications, the fourth-largest cable operator in the United States, announced yesterday that it has backed off a plan to monitor customers' Internet transmissions. The company had been planning to harvest the stream of data from each Internet customer for clues to their interests and then make money from advertisers who would use the information to target online pitches. The data-collection effort would have protected personal information, Charter officials said in describing the plan, but critics likened the practice to wiretapping.….(Washington Post, 25 Jun 08)

Hacker Group Sounds Alarm on Germany's Data Privacy

Once its members hacked into NASA's computers. Nowadays, the Chaos Computer Club is one of the most vociferous defenders of data privacy in Germany… The Chaos Computer Club hit the headlines in a big way in the late 1980s. Not only had its hackers managed to access the US space agency's computer network. It also turned out that associates had sold stolen data to the Soviet secret service, the KGB. But things are very different today, according to club spokeswoman Constanze Kurz…….Deutsche Welle, 24 Jun 08)

CNET employees and relatives are being notified after a data breach at the company's health plan

More than 6,500 CNET Networks employees and relatives are being notified of a possible data breach after burglars stole computer systems from the offices of the company that administers the Internet publisher's benefit plans. CNET was one of several clients affected when burglars broke into the Walnut Creek, California, offices of Colt Express Outsourcing Services, stealing equipment "which contains the human resources data of several of their clients including CNET networks," CNET Senior Vice President of Human Resources Jose Martin said in a June letter notifying employees of the incident. The computers contained names, birth dates, Social Security numbers and employment information of the beneficiaries of CNET's health insurance plans……(CIO, 24 Jun 08)

U.S. Intel: Chinese hackers planted 'trap doors' in government computers

…U.S. defense officials confirmed that Chinese military hackers had broken into computers at the Pentagon used for email within the office of Defense Secretary Robert Gates. Germany’s Chancellor Angela Merkel complained directly to Chinese President Hu Jintao about Chinese attacks on German government computers, and European and Asian governments from France and Britain to Japan and South Korea have identified widespread Chinese hacking. U.S. intelligence officials disclosed that one objective of the Chinese hacking is to plant “trap doors” into government computer systems that would permit shutting down or disrupting the systems in war time. Some government agencies were forced to spend tens of thousands of dollars replacing compromised computers because they could not be certain that Chinese hackers had not left hidden access points in them. ….(World Tribune, 20 Jun 08)

Chinese counterfeiters have sold close to $75 million of fake Cisco Systems routers to the U.S. military

According to a leaked secret FBI document, Chinese counterfeiters have sold close to $75 million of fake Cisco Systems routers to the U.S. military. While this revelation has been largely ignored by the mainstream media, it raises troubling questions about both the integrity of U.S. defense cyber networks and the possible motives of a foreign government with a long rap sheet for military espionage and cyber hacking. Routers are specialized computers that provide the virtual "pipes" to move millions of information packets through the world wide web, and it's no accident that China is counterfeiting Cisco designs. Cisco not only holds about 80% of the world's router market. It also outsources a significant share of its router production to China. Of course, once an American company outsources to China, the likelihood that its technology will be stolen and then reproduced for sale into world markets is extraordinarily high. In fact, China is the counterfeit capital of the world. It accounts for two thirds of all the world's pirated and counterfeited goods and fully 80% of all counterfeit goods seized at U.S. borders……(Enter Stage Right, 23 Jun 09)

Why Global Hackers Are Nearly Impossible to Catch

They're in our computers, reading our files. The Chinese government, that is, according to two U.S. Congressmen who recently accused Beijing of sending hackers to ferret out secret documents stored on Congressional computers. The Chinese deny any involvement, but if they were lying, would we be able to prove it?

The answer, according to computer and security experts, is probably not. At least, not conclusively enough for a court of law. "It's very difficult to track hacker attacks and, even if you can track it, you don't always know with 100 percent certainty if you're right,"…..(LifeScience, 19 Jun 08)

China’s Secret War

Cyber warfare officially arrived on Capitol Hill last week. Two Republican congressmen, Rep. Frank Wolf of Virginia and Rep. Christopher Smith of New Jersey, went public last Wednesday with the news that in 2006 and 2007 their office computer networks had been breached by Chinese hackers… China’s largest cyber-raid in the United States occurred in 2004. The assault was so massive that American security authorities gave it a code name, “Titan Rain.”… to the biggest Chinese espionage program directed against the United States and the West. It is known as the “thousand grains of sand” strategy. In this approach, the agents are all amateurs. They consist of Chinese who are either going overseas, such as students, or those who already live abroad… By some estimates, the “thousand grains of sand” program involves 100,000 people – a testament both to the importance that China attaches to the program as well as to its extent. And it has been going on for a long time. “For nearly two decades, Beijing has mobilized the Chinese-American community to penetrate US military corporations that are working on defense contracts,”…….(FrontPage, 19 Jun 08)

The Next Big Data Breach

Peter Swire, who served as the Clinton administration's chief counselor for privacy in the Office of Management and Budget for two years, had a dire warning today for the Senate's Homeland Security and Governmental Affairs Committee: Biometric data, namely fingerprints, is the next security breach waiting to happen. The federal government -- including the FBI, the State Department and the Homeland Security Department's U.S. VISIT program as well as its border agents -- have collected millions of fingerprints. And digital fingerprints are becoming a more acceptable means to identify just about anyone, including using them to gain access to a computer. And the federal government is collecting fingerprints on all government employees and contractors for its new ID badges under Homeland Security Presidential Directive 12……(Tech Insider, 19 Jun 08)

Report: Feds need better privacy protection for data

The government does not have adequate privacy protections for the personal information it collects, shares and stores as part of the effort to fight terrorism, according to a new report by a U.S. watchdog agency. The Government Accountability Office (GAO) says that new laws are needed to safeguard people's personal information. Decades-old laws no longer cover the "increasingly sophisticated ways" that the government collects information, such as through biometric scans of fingerprints, the report said. "In today's highly interconnected environment, information can be gathered from many different sources, analyzed and redistributed in very dynamic, unstructured ways,"…..(US Today, 18 Jun 08)

Current cyber-security defenses 'ineffective'

The increasingly complex IT environment means that many existing cyber-defences are no longer fit for purpose.

The warning comes from Joel Bagnal, executive vice president of US government operations at Detica, and a former US Deputy Assistant for Homeland Security. Bagnal said during his speech at the Information Assurance 08 Conference in London that all organisations need new ways of managing the growing risks and threats to national and international cyber-security……(VNU Net, 18 Jun 08)

UK target for 'large number' of cyberattacks

Security minister Lord West has warned that the government is tackling ongoing state-sponsored cyberattacks on UK national infrastructure. The government has said it is engaged in tackling ongoing state-sponsored cyberattacks on UK national infrastructure. Security minister Lord West told the House of Lords that the UK continues to be targeted by a "large number of attacks" and that the government is "taking action" to deal with those backed by hostile regimes……(ZDNet, 17 Jun 08)

Wanted by the Pentagon: UFO fanatic appeals

A British man who used a low speed dial-up connection from his girlfriend's aunt's house to hack into the Pentagon's computers made an appeal in the British House of Lords on Monday not to be extradited to the United States. Gary McKinnon, a systems analyst, faces up to 60 years in jail if he is taken back to the United States as demanded by American prosecutors. The 44 year old, who is a cult hero on YouTube, has spawned a website called FreeGary and has inflamed the twilight world of UFO fanatics. He insists he hacked into the computer networks only to find evidence of extra-terrestrial landings……(Sydney Morning Herald, 17 Jun 08)

British 'superhacker' Gary McKinnon fights extradition to US

A Briton accused of the biggest military computer hack of all time told the House of Lords he should not be extradited to the US because prosecutors there had threatened to "fry" him. Gary McKinnon told the highest court in the land that he was the victim of an oppressive prosecution by US authorities who had abused British law by trying to force him into a plea bargain. Mr McKinnon, 44, a systems analyst, is accused of causing £475,000 worth of damage by gaining access to 97 computer systems belonging to the Pentagon, Nasa and the US military……(Telegraph, 17 Jun 08)

British hacker faces extradition hearing next week

…If Gary McKinnon loses this appeal, he would be the first British hacker extradited to the US. He could face up to 60 years in prison. McKinnon, of London, is accused of deleting data and illegally accessing information on 97 US military and NASA computers between February 2001 and March 2002. He's been charged in US District Court for the Eastern District of Virginia. McKinnon admitted to using a program called "RemotelyAnywhere" to hack into PCs late at night when employees were gone….(PC World, 16 Jun 08)

Busy British Hacker Fights Extradition to U.S.

Lawyers for Gary McKinnon, who claims to have hacked into more than 73,000 U.S. computer systems, including those operated by the military services and NASA, started their argument today against his extradition to the United States to stand trial. The 44-year-old hacker allegedly started breaking into U.S. computer systems from his London residence "in 1999, looking for evidence of extraterrestrial beings and technology, which he believed the U.S. government was hiding," according to an article posted by ComputerWeekly.com……(Tech Insider, 16 Jun 08)

Bugs, laptops and toilets at the Beijing Olympics

United States national security agencies are worried about bugs during the upcoming Beijing Olympics…Laptops and e-mail devices taken to the Olympics are likely to be penetrated by Chinese agents intending to steal secrets or plant bugs to infiltrate U.S. computer networks. According to a story in USA Today, Chinese government and industry use electronic espionage to “easily access official and personal computers.” That’s the word in a recent report from the Overseas Security Advisory Council, a panel made up of security experts from corporations and the State, Commerce, and Treasury departments….(Durant Democrat, 16 Jun 08)

United States Accuses China Of Cyber Espionage

Two Congressmen of the United States have accused China of hacking into their office computers to possibly compromise sensitive information on Chinese dissidents. U.S. representative Frank Wolf, a Republican from Virginia, in a speech delivered on the floor of the House of Representatives, said that at least four of his office computers had been hacked in August 2006 and sensitive information tampered with. The FBI officials supposedly told him that the source of the attack appeared to be from China… Republican Christopher Smith of New Jersey, who claimed that hackers also attacked his computer system on two occasions, once in December 2006 and the other in March 2007, also corroborated his statements. The hackers tapped sensitive information directly related to Beijing, including the Global Online Freedom Act as well as email correspondence with human rights groups regarding China and the names of Chinese dissidents…..(RTT News, 12 Jun 08)

U.S. Rep. Wolf Says Chinese Hackers Targeted Him For Criticizing China

…According to Wolf, the hacker or hackers broke into the computers of Wolf's foreign policy and human rights staff person, his chief of staff, his legislative director, and his judiciary staff person. "On these computers was information about all of the casework I have done on behalf of political dissidents and human rights activists around the world," he said. "That kind of information, as well as everything else on my office computers -- e-mails, memos, correspondence and district casework - was open for outside eyes to see."

In countries that criminalize political expression, such information can lead to the imprisonment or death of human rights activists. Wolf said that despite government recognition of cyber security risks as far back as 1997 and "despite all the activity, reports, funding, and growth in the Department of Homeland Security, little seems to have changed in terms our vulnerability to cyber incidents." …..(Information Week, 12 Jun 08)

Chinese suspected in U.S. hacking cases

…Wolf said four of the computers in his office were breached in August 2006 and authorities traced the activity back to a computer in China, The Washington Post reported. Computers of "several others" on Capitol Hill also have been attacked, Wolf said on his official Web site. Wolf said the hackers reached sensitive information about the identities and locations of Chinese dissidents, and other data. Rep. Christopher H. Smith, R-N.J., another critic of China's human rights record, said he was targeted by hackers twice, noting the sophistication of the efforts and the type of information retrieved suggested the Chinese government may have been behind the attacks……(UPI, 12 Jun 08)

China denies hacking into U.S. computers

China denied accusations by two U.S. lawmakers that it hacked into congressional computers, saying Thursday that as a developing country it wasn't capable of sophisticated cybercrime. "Is there any evidence? ... Do we have such advanced technology? Even I don't believe it," Foreign Ministry spokesman Qin Gang told a regularly scheduled news conference. Rep. Frank Wolf, R-Va., and New Jersey Rep. Chris Smith, a senior Republican on the House Foreign Affairs Committee, said Wednesday that their office computers were hacked into by people working from China. Both lawmakers, longtime critics of China's human rights record, said the compromised computers had information regarding political dissidents...China has a thriving information technology industry and claims to have 221 million Internet users — equal to the U.S. as the most in the world.……(AP, 12 Jun 08)

Chinese suspected in Capitol hacking cases

Hackers believed to be operating from China have broken into computers in Congress, apparently in search of information on Chinese dissidents, two GOP lawmakers said Wednesday. The hackers were not identified, but one of the lawmakers, Rep. Christopher H. Smith of New Jersey, a senior Republican on the House Foreign Affairs Committee, said he thought all signs pointed to the Chinese government. Federal authorities have been increasingly concerned in recent years about the Chinese government's aggressive deployment of scientists, engineers, foreign businessmen, students and others to sweep up U.S. technology and information…. The extent of the intrusions on Capitol Hill, which officials said began in August 2006, was unclear, although Rep. Frank R. Wolf (R-Va.), whose office had four computers affected, said that other members of Congress were targeted, as well as at least one congressional committee. "They got everything,"… The hacking report is the latest example of the vulnerabilities of private and public institutions to possible espionage and other crimes. Countries have been using cyber espionage for years to access valuable information in the United States, and China has made no secret of its interest in information warfare......(LA Times, 12 Jun 08)

Olympic visitors' data is at risk

National security agencies are warning businesses and federal officials that laptops and e-mail devices taken to the Beijing Olympics are likely to be penetrated by Chinese agents aiming to steal secrets or plant bugs to infiltrate U.S. computer networks. Chinese government and industry use electronic espionage to "easily access official and personal computers," says one recent report by the Overseas Security Advisory Council, a federally chartered panel comprising security experts from corporations and the State, Commerce and Treasury departments. Equipment left unsupervised for just minutes in a hotel or even during a security screening can be hacked, mined and bugged, adds Larry Wortzel, who chairs the U.S.-China Economic and Security Review Commission, a federal panel that monitors China-related security issues for Congress. China's government also controls Internet service providers and wireless networks, he says, so computers and PDAs can be monitored and planted with bugs remotely, too…Thousands of Americans are expected to attend the Olympics, including President Bush and a large entourage of federal officials. Even so, the government isn't doing enough to publicize the potential espionage risks, says Rep. Mike Rogers, R-Mich., a former FBI agent who sits on the House Intelligence Committee, which has been briefed on Chinese espionage threats. The reticence stems partly from the administration's reluctance to anger China, a key U.S. trading partner, Rogers says……(USA Today, 11 Jun 08)

Leaked Report: ISP Secretly Added Spy Code To Web Sessions, Crashing Browsers

An internal British Telecom report on a secret trial of an ISP eavesdropping and advertising technology found that the system crashed some unsuspecting users' browsers, and a small percentage of the 18,000 broadband customers under surveillance believed they'd been infected with adware. The January 2007 report (.pdf) -- published Thursday by the whistle blowing site Wikileaks -- demonstrates the hazards broadband customers face when an ISP tampers with raw internet traffic for its own profit. The leak comes just weeks after U.S. broadband provider Charter Communications told users it would be testing a technology similar to what's described in the BT document……(Wired, 5 Jun 08)

Info security chiefs weigh new approaches to looming threats

What federal agencies don’t know about protecting their data and computer systems could really hurt them, senior federal information security professionals said on Thursday. “It’s like the days prior to Pearl Harbor and 9/11,” said Daniel Galik, chief information security officer at the Health and Human Services Department, at a breakfast seminar sponsored by Government Executive. “We have some very serious challenges. The attacker is several steps ahead of us across the board.”……(Next Gov, 5 Jun 08)

Online security conference set

Some 300 government or private-sector executives concerned with online security are due to convene in Seattle Wednesday to hear experts discuss the latest Internet-based threats and how to counter them. The fourth annual Authentication and Online Trust Alliance summit is meeting for two days at the Seattle Westin. Scheduled speakers include former White House cybersecurity officer Howard Schmidt, Washington state Attorney General Rob McKenna, PayPal chief security officer Michael Barrett and Craigslist founder Craig Newmark. Conference chairman Craig Spiezle said detection and blocking technologies have reduced the spam reaching computer users' inboxes. But he said another, more dangerous threat -- the illicit collection and misuse of personal information -- is on the rise…..(Seattle PI, 5 Jun 08)

Data breaches found to worry managers

Data breaches are the primary concern of information technology managers at the federal, state and local government levels and in the private sector, according to a recent survey of 600 IT executives. Of the 200 federal IT executives responding, more than three-quarters said their agency has an overall high level of IT security, but just over half of their counterparts in the private sector and state and local government are that confident. The survey also reported that fewer than half of the IT executives interviewed said they were sharing threat incident information among themselves……(FCW, 4 Jun 08)

Air Force calls for help in building cyberwarfare skills

Know how to hack a computer system and quietly steal information? Can you also deceive, deny, disrupt, degrade or destroy the system? Then the Air Force wants to hear from you. In mid-May, the Air Force published a request for “white papers” that will show the service how it can achieve Dominant Cyber Offensive Engagement. It’s the latest step the Air Force is taking to build up its cyberwarfare capabilities — offensive as well as defensive. Last fall, the service began assembling its own Cyber Command……(Federal Times, 4 Jun 08)

Illegal computer hacking nets billions

A major industrial-espionage case involving Switzerland’s Kudelski Group, a world leader in digital security, has shed light on the lengths firms will go to steal a march on their rivals. And their weapon of choice is computer hackers. Swiss journalist Katja Schär, who is based in the United States, has this report for World Radio Switzerland........(Radio World, 3 Jun 08) MP3Link

Printing - the ‘forgotten’ security link to safeguard business assets

ENISA, the EU Agency for European Network and Information Security, launches its report on “Secure Printing’ with recommendations to business on secure printing and copying of confidential data. Printing/copying devices can be penetrated and hijacked for fraud so that sensitive data or identity is easily stolen. But 350 surveyed European organizations have little awareness of the costs and risks of uncontrolled printing, the Agency report shows…Only 53% of companies use authentication for printing, such as smart cards, biometric identification, or PIN codes. ENISA therefore recommends business to adopt secure printing strategies to protect business assets and confidential customer data. Printers produce key business documents, such as invoices, forms, tickets, statements, employee and customer data. But how is data treated in the printing process? Sensitive data is most vulnerable when in transit, where printing is a weak, ‘forgotten link’ in the security chain. Protecting confidential data in printing devices has both security and financial benefits, as top management recognize that office print expenditure can be reduced by 10-30% through the implementation of secure printing practices….(Verivox, 3 Jun 08)

Hezbollah's Cyber Warfare Program

Last week, Homeland Security Secretary Michael Chertoff warned that the Hezbollah resistance movement is the greatest threat to US national security. Hezbollah is known or suspected to have been involved in numerous terror attacks against the U.S., Israel or other Western targets, and includes the 1983 suicide truck bombings in Beirut that killed 241 U.S. Marines at their barracks and 58 at the French military barracks. Intelligence officials in the U.S. and Britain believe Hezbollah cells may use their computer expertise and capabilities to launch cyber attacks. A 2002 CIA report warned a number of terrorist groups are beginning to plan attacks on western computer networks. The report went on to say that al-Qaeda and Hezbollah were becoming more adept at using the internet and computer technologies. In more recent reports they name Sunni extremists Hezbollah and Aleph as groups believed to be developing cyber terrorism plans. For terrorist groups, cyber weapons are cheap, easy to acquire and difficult to detect or track and are quickly becoming a common weapon in their arsenal……..(Defense Tech, 2 Jun 08)