February 2012_________________________________
Don't Trust Satellite Phones - (2012-02-04)
"German academics said they had cracked two encryption systems used to protect satellite phone signals and that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent. Hundreds of thousands of satellite phone users are thought to be affected."
Anonymous Eavesdropping - (2012-02-03)
"The loose-knit hacking collective known as Anonymous released a roughly 15-minute-long recording of what appears to be a conference call devoted to tracking and prosecuting members of the group."
"The #FBI might be curious how we're able to continuously read their internal comms for some time now. #OpInfiltration."
Verisign Hacked in 2010 - (2012-02-02)
"VeriSign's domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept email from federal employees or corporate executives, though classified government data moves through more secure channels."
FBI: Privacy and Terror - (2012-02-02)
Privacy seekers are viewed as potential terrorists.
January 2012___________________________________
Executives Lie about Skill Shortage - (2012-01-30)
The idea that we can "educate" ourselves out of this mess is a political talking point that has no basis in reality.
It's all about access to cheap labor. The "shortage" myth is just a pretext.
Analysis Resistant Malware - (2012-01-30)
"Several current cryptosystems support a homomorphic operation, allowing simple computations to be performed using encrypted values"
Attacking RFID-Enabled CCs - (2012-01-30)
"At the Shmoocon hacker conference, Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions."
The Age of Casino Capitalism - (2012-01-29)
"This is not how banking was supposed to evolve. If governments are to underwrite bank loans, they may as well be doing the lending in the first place -- and receiving the gains. Indeed, since 2008 the over-indebted economy's crash led governments to become the major shareholders of the largest and most troubled banks -- Citibank in the United States, Anglo-Irish Bank in Ireland, and Britain's Royal Bank of Scotland. Yet rather than taking this opportunity to run these banks as public utilities and lower their charges for credit-card services -- or most important of all, to stop their lending to speculators and gamblers- - governments left these banks operating as part of the 'casino capitalism' that has become their business plan."
"Banking has moved so far away from funding industrial growth and economic development that it now benefits primarily at the economy's expense in a predator and extractive way, not by making productive loans."
"We are dealing here not only with greed, but with outright antisocial behavior and hostility."
Prisons or Higher Ed? - (2012-01-29)
"In the past two decades, the money that states spend on prisons has risen at six times the rate of spending on higher education."
This definitely says something about us, as a society.
FBI Social Media Spying RFI - (2012-01-28)
"Please review the Request for Information (RFI) that is attached. The Federal Bureau of Investigations is conducting market research to determine the capabilities of the IT industry to provide a social media application. The tool at a minimum should be able to meet the operational and analytical needs described in the attachment."
Disposable Surveillance Tools - (2012-01-28)
"Security researcher Brendan O'Connor is trying a different approach to spy hardware: building a sensor-equipped surveillance-capable computer that's so cheap it can be sacrificed after one use, with off-the-shelf parts that anyone can buy and assemble for less than fifty dollars."
Commentary on Government Surveillance - (2012-01-28)
"The issue at present is this: the U.S. is a behemoth that is armed to the teeth and that has a developed infrastructure of social control. Nothing less than millions of people in the streets willing to bring the thing to the ground will force real change. So (1) where the fuck are you?"
Secret Service Internet Threat Desk - (2012-01-28)
"The Secret Service has an Internet Threat Desk that reviews online comments and images that raise potential threats to protected officials, especially the president."
DHS: Railway Hack Fizzles - (2012-01-28)
"Following more in-depth analysis, it appears that the potential cyber incident did not in fact target a transportation entity"
Constitution Project 'Report'- (2012-01-28)
"Both Congress and the executive branch should work to clarify the nature and magnitude of the cybersecurity threat to the public so that the development and approval of comprehensive cybersecurity policies and public-private collaboration efforts are adequately shaped by the specific risks facing America's critical network infrastructure"
This should prove interesting as most of what we've heard has been 'cyberwar' manipulation.
Memory Layout Cheat Sheet - (2012-01-28)
For Windows from OpenRCE. Nice!
State Dept. Phone Book - (2012-01-26)
This is the 2012 edition.
Willard and Ann Romney Estimated 1040 for 2011 - (2012-01-26)
Adjusted gross income of around $21 million.
Ignore the Propaganda - (2012-01-25)
"Turn off your televisions. Ignore the Newt-Mitt-Rick-Barack reality show. It is as relevant to your life as the gossip on 'Jersey Shore.' The real debate, the debate raised by the Occupy movement about inequality, corporate malfeasance, the destruction of the ecosystem, and the security and surveillance state, is the only debate that matters. You won't hear it on the corporate-owned airwaves and cable networks, including MSNBC, which has become to the Democratic Party what Fox News is to the lunatic fringe of the Republican Party. You won't hear it on NPR or PBS."
He's right, I did see an ad for Chevron right before the Nightly Business Report.
Gingrich Dances for the 1% - (2012-01-25)
"I think that we have to treat state-based covert activities as the equivalent of acts of war"
Of course, you realize that if this were the case we'd be perpetrating acts of war against most of our allies...
Military E-Meme Research - (2012-01-25)
"The software's overarching goal? Help the Pentagon determine how 'the flow of ideas' or 'meme' through electronic media can ... infect and influence susceptible populations."
Microsoft: J'accuse! - (2012-01-24)
Microsoft accuses one ANDREY N. SABELNIKOV ("Defendant") of controlling the Kelihos botnet.
Another Malware Helpdesk - (2012-01-24)
"Now, the proprietors of a new ZeuS Trojan variant are marketing their malware as a social network that lets customers file bug reports, suggest and vote on new features in upcoming versions, and track trouble tickets that can be worked on by the developers and fellow users alike."
Judge Orders Laptop Decryption - (2012-01-24)
"A judge on Monday ordered a Colorado woman to decrypt her laptop computer so prosecutors can use the files against her in a criminal case."
Former Spook Accused of Leaking - (2012-01-23)
"According to authorities, Kiriakou told a New York Times reporter about a fellow officer who participated in interrogating suspected al-Qaida financier Abu Zubaydah in 2002. That information was classified at the time. Zubaydah was captured in Pakistan in 2002. He was reportedly waterboarded 83 times. His case has been made an example by those who believe the interrogation technique should be outlawed."
Warrant Needed for GPS Tracking - (2012-01-23)
The Supreme Court struck down the U.S. government's argument that it can use GPS to track a suspect's vehicle without a warrant.
Rutkowska on McAfee's DeepSafe - (2012-01-22)
"So, is DeepSafe another piece of crap not worth any special attention, or has McAfee and Intel came up with some novel methods, e.g. for chipset virtualization, and other problems? Unless I see some technical info to backup the latter, I would have to assume, unfortunately, the former."
Military Industrial Map - (2012-01-22)
"Members of US Government who are connected with the top 5 companies of the Military Industrial Complex."
DHS Looking Inward (at us) - (2012-01-22)
Now perhaps all that social media monitoring makes sense.
Watching the Watchers - (2012-01-22)
"On Friday, lawyers for the American Civil Liberties Union and the Electronic Frontier Foundation asked a federal court in Virginia to reveal the names of the other Internet companies from whom the Justice Department solicited information about the three people: Jacob Appelbaum, an American citizen; Birgitta Jonsdottir of Iceland; and Rop Gonggrijp of the Netherlands."
The ISI in Afghanistan - (2012-01-20)
"The CIA was happy to steer money towards whichever groups fooled them into believing they were killing the most Russian troops."
The ISI's purpose was to create "puppets they could control when the war was over."
Megaupload Indictment - (2012-01-20)
As John Young observes: "most of the charges against MegaUpload, and allegations against Anonymous, could be applied to official spies and globalist 'justice' cartels both backed by big-iron-fisted militaries. Call that duality the Mega Echelon Option."
"State Capture" in Slovakia - (2012-01-19)
"It refers to a situation where nonpolitical actors, such as financial groups like Penta and J&T, have gained access to levers of power that allow them to dictate legislation and major governmental decisions such as privatization or large-scale public procurement."
Leaked content can be found here.
EPIC's DHS Documents - (2012-01-17)
Regarding the monitoring of social media sites.
Hunting Metamorphic Engines - (2012-01-17)
"Both of these techniques detect all of the metamorphic viruses in our test set with extremely high accuracy. In addition, we show that popular commercial virus scanners do not detect the highly metamorphic virus variants in our test set."
Symantec Admits to 2006 Breach - (2012-01-17)
"The world's biggest maker of security software had previously said that hackers stole the code from a third party, but corrected that statement on Tuesday after an investigation found that Symantec's own networks had been infiltrated."
24 Million Accounts Compromised - (2012-01-17)
"The popular retailer, which is owned by Amazon.com, said customers' names, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit cards numbers and scrambled passwords were stolen."
DDoS Against Isreali Sites - (2012-01-17)
"The attackers did not break into the sites' operating systems, but used a far simpler tactic: creating an overload of access attempts. Neither the Israeli economy nor flights in and out of the country were endangered, and the sites appeared to be recovering within hours."
The Martin Luther King You Don't See on TV - (2012-01-16)
"An alert viewer might notice that the chronology jumps from 1965 to 1968. Yet King didn't take a sabbatical near the end of his life. In fact, he was speaking and organizing as diligently as ever."
"Noting that a majority of Americans below the poverty line were white, King developed a class perspective. He decried the huge income gaps between rich and poor, and called for 'radical changes in the structure of our society' to redistribute wealth and power."
J. Edgar Hoover on MLK - (2012-01-16)
"Here is a 11/19/1964 article from the Chicago Defender (An African-American daily) on an unusual press conference held by J. Edgar Hoover the day prior objectively to discuss the findings of the Warren Commission but which became a three-hour, free wielding event in which Hoover gave forth on numerous topics, one of which was Martin Luther King, Jr. The headline truly says it all. "
Chris Hedges Sues Over NDAA - (2012-01-16)
"I suspect the real purpose of this bill is to thwart internal, domestic movements that threaten the corporate state. The definition of a terrorist is already so amorphous under the Patriot Act that there are probably a few million Americans who qualify to be investigated if not locked up."
Land of Free No Longer - (2012-01-16)
Assassination of U.S. citizens, Indefinite detention, Arbitrary justice, Warrant-less searches, Secret evidence, War crimes, Secret court, Immunity from judicial review, Continual monitoring of citizens, Extraordinary renditions...
The 1% Don't Live Here Anymore - (2012-01-14)
"Our plutocracy now lives like the British in colonial India: in the place and ruling it, but not of it. If one can afford private security, public safety is of no concern; if one owns a Gulfstream jet, crumbling bridges cause less apprehension -- and viable public transportation doesn't even show up on the radar screen. With private doctors on call, who cares about Medicare?"
Nader on Iran - (2012-01-14)
"President George W. Bush labeled Iran, along with Iraq and North Korea, one of the three 'axis of evil,' and Teheran knows what happened to Iraq after that White House assertion. They also know that North Korea inoculated itself from invasion by testing nuclear bombs. And all Iranians remember that the U.S. overthrew their popular elected Prime Minister Mohammad Mosaddegh in 1953 and installed the dictatorial Shah who ruled tyrannically for the next 27 years."
MS Research on Passwords - (2012-01-13)
"Physical tokens are expensive and few users aspire to carry the dozens that would be required to replace all of their passwords. Single-signon schemes offer a single point of failure. Password managers often have poor support for roaming and inadequately studied usability."
Insurgent Tactics, Techniques, and Procedures Field Guide - (2012-01-13)
"This guide uses short, simple vignettes to highlight common Afghan insurgent tactics."
EPIC Sues DHS - (2012-01-13)
Over social media surveillance.
The Golden Age of Surveillance - (2012-01-13)
"The discussion here highlights three areas where law enforcement has far greater capabilities than ever before: (1) location information; (2) information about contacts and confederates; and (3) an array of new databases that create 'digital dossiers' about individuals' lives."
Sykipot Variant Hijacks Smart Cards - (2012-01-13)
"we recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year."
Ireland Dumps eVoting Machines - (2012-01-13)
"A nation-wide roll-out had been planned ahead of European and local elections in 2004, however this was put on hold after concerns were raised around the machines' security."
Open BSD Backdoors - (2012-01-12)
"It could reasonably be said that the FBI intentionally - and very seriously - weakened the United States critical infrastructure and our military capabilities by advocating the use of a fundamentally weak encryption algorithm as a tradeoff between US National Security and their need to observe domestic communications in the United States."
Remote Hacking Cars - (2012-01-12)
"It remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile."
Abolish the DHS - (2012-01-12)
"National defense is a key governmental responsibility, but focusing too many resources on trying to defend every potential terrorist target is a recipe for wasteful spending. Our limited resources are better spent on investigating and arresting aspiring terrorists."
Military Networks 'Not Defensible' - (2012-01-12)
"The Pentagon's patchwork quilt of 15,000 different networks is too haphazard to safeguard."
Someone asking for funding?
Vincent Warren on the NDAA - (2012-01-11)
"I would support military courts for people who have violated the law of war.But what I don't support is a conflation of criminal activity and military activity by calling the U.S. a battlefield."
"The question that really should be asked is, when have we ever seen a war that has no location, no geographical limit, and no time limit? That's the situation that we're in now."
DEA Agents and Money Laundering - (2012-01-11)
"The group of officials conducted at least 15 wire transfers to banks in the United States, Canada and China and smuggled and laundered about $2.5 million in the United States. They lost track of much of that money."
Panetta Does a Rain Dance for the 1% - (2012-01-08)
"Nobody in the great mass that is not the 1 percent or in the service of the same cares about attacks on the American financial system. They do, on the other hand, wish our financial system would stop attacking them."
"This is Leon Panetta doing the dance for the 1 percent, signaling the masters that he's doing his best to see more swag comes their way in defense contracts for protecting cyberspace."
AntiSec: Why Stratfor? - (2012-01-06)
"Now those who are already familiar with Antisec know we have always had a burning hatred for the security and intelligence industries (especially private companies with lucrative federal contracts). After all, these white hat 'professionals' work for the corrupt governments and multi-national corporations to develop and protect technology that allow the oligarchical elite to better monitor and repress the general public while plotting for global financial and military dominance. They protect their assets and systems, while providing 'accurate' and 'non-ideological' intelligence and risk forecasts which the rich depend on to maintain global market stability."
Interpol Chief Dreams of Attribution - (2012-01-06)
"One of the things I want to do... is to create a cyber-fusion centre, where police around the world can go to one place quickly and find out the source of any kind of message or communication that's come across the internet."
Looking at the 1%: 1996-2006- (2012-01-06)
"After-tax income for the top 1% of taxpayers soared 74%, on average, between 1996 and 2006. The top 0.1% benefited even more, nearly doubling their income over that decade."
US Army Field Manual FM 31-20-3 - (2012-01-06)
"This sensitive US military counterinsurgency manual could be critically described as 'What we learned about running death squads and propping up corrupt government in Latin America and how to apply it to other places'. Its contents are both history defining for Latin America and, given the continued role of US Special Forces in the suppression of insurgencies and guerilla movements world wide, history making. "
...making the world "safe for democracy."
Politicians and Sociopaths - (2012-01-04)
"Sociopaths don't have normal moral reservations about manipulating people like objects; this is precisely how politicians get elected. Sociopaths understand little about human emotion beyond ego gratification; the prestige of high office satisfies this desire for the politician. Sociopaths wear a facade of normalcy and are often charming, but lie compulsively. Politicians speak in polite terms while plotting to stab their colleagues in the back. If they're not telling outright lies, they're 'spinning' facts to suit their needs. Sociopaths don't feel guilt or remorse or empathy; no US official to date has apologized for invading Iraq on false pretenses, turning five million Iraqi's into refugees, pumping Fallujah full of depleted uranium, or engaging in torture. Nobody in government has publicly investigated the Bush Administration's use of torture or civil liberties violations. Sociopaths are glib, superficial, impulsive; their goal is the creation of a dependent, willing victim. Elected office is the ideal job description for a sociopath. The desire to attain office should disqualify a person from holding such a position."
This Harvard Professor adds:
"People without a conscience don't need to satisfy the drive to bond and can focus entirely on the drive to acquire, making them more likely to seek leadership positions."
Websites Monitored By DHS - (2012-01-03)
Includes krebsonsecurity.com and cryptome.
Creating "Good" Viruses - (2012-01-03)
Sophos says this is a bad idea.
President Signs NDAA - (2012-01-02)
"President Barack Obama rang in the New Year by signing the NDAA law with its provision allowing him to indefinitely detain citizens."
Wiretapping Case Revived - (2012-01-02)
"A federal appeals court on Thursday reinstated a closely watched lawsuit accusing the federal government of working with the nation's largest telecommunication companies to illegally funnel Americans' electronic communications to the National Security Agency without court warrants."
TSA Christmas - (2012-01-02)
"In the FY 2012 consolidated spending act (Public Law 112-074) signed by President Barack Obama last Friday, TSA received about $7.85 billion, up $153 million from 2011."
Iraq Body Count at over 114,000 - (2012-01-02)
A stiff price to pay for imaginary WMDs.
"If You See Something, Say Something" - (2012-01-02)
Big Brother is Watching.
Origins of Middle East Conflict - (2012-01-02)
Approved for release by the NSA on 12-01-2011.
Private Sector Spies - (2012-01-02)
"The corporate espionage industry is deliberately hidden in a thicket of complex relationships designed to obscure just who is working for whom. Often, these firms are hired as subcontractors for corporate law firms and they argue that everything they do is covered by attorney-client privilege."
Stratfor Credit Card Info Released - (2012-01-02)
"It's time to dump the full 75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor. But that's not all: we're also dumping ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who's ever registered on Stratfor's site."
Army Intel Manual - (2012-01-02)
"This work helps to bridge the gap between the 'art' and 'science' of Military Intelligence by outlining a clear methodology for producing intelligence while waging a Counter-Insurgency Campaign."
December 2011___________________________________
Tilded Platform Connects Stuxnet and Duqu - (2011-12-29)
"There were a number of projects involving programs based on the 'Tilded' platform throughout the period 2007-2011. Stuxnet and Duqu are two of them - there could have been others, which for now remain unknown."
Pentagon Military Aid - (2011-12-29)
"The $17 billion Pentagon aid budget for the 2012 fiscal year is the second in a row to exceed the State Department's by $10 billion, a disparity that has begun to provoke debate among foreign policy experts in Washington. Seven years ago, circumstances were reversed, with the State Department spending triple the amount the Pentagon spent on such aid."
Redefining Power - (2011-12-29)
"This Occupy movement is also an act of refusal to engage in rigged political games. People are no longer interested in negotiating with politicians as they become more aware of the fact that the whole system is corrupt beyond reform."
Body Armor or Education? - (2011-12-28)
"North Dakota's largest city has averaged fewer than two homicides a year since 2005, and there's not been a single international terrorism prosecution in the last decade. But that hasn't stopped authorities in Fargo and its surrounding county from going on an $8 million buying spree to arm police officers with the sort of gear once reserved only for soldiers fighting foreign wars."
Cartel Builds Radio Network - (2011-12-28)
"Since 2006, the cartels have maintained an encrypted DIY radio network that stretches across nearly all 31 Mexican states, even down south into Guatemala."
Wired Article on Stratfor Hack - (2011-12-28)
"The Antisec wing of Anonymous revealed on Saturday that it had compromised the servers of the private intelligence firm Strategic Forecasting Inc. -- allegedly seizing millions of internal documents and thousands of credit card numbers from the company, more commonly known as Stratfor."
Cryptome: has info on this.
Related: as does Identity Finder.
Warren Buffet: There's a Fool in Every Market - (2011-12-28)
"Young people in the U.S. now recognize that the university has become part of a ponzi scheme designed to place on students an unconscionable amount of debt while subjecting them under the power of commanding financial institutions for years after they graduate. Under this economic model of subservience, there is no future for young people."
Cyber Insurance - (2011-12-26)
"Experts say that more companies will buy policies in the coming year because of new Security and Exchange Commission requirements. Last October, the S.E.C. issued a new guidance requiring that companies disclose 'material' cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a 'description of relevant insurance coverage.'"
Offensive Operations - (2011-12-26)
"Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests"
The Year in Secrecy - (2011-12-26)
"The government has been using its secrecy system in absurd ways for decades, but 2011 was particularly egregious. Here are a few examples..."
EFF Reverse CarrierIQ - (2011-12-23)
"EFF volunteer Jered Wierzbicki reverse engineered the file format and has written a program for parsing it called IQIQ, which we are presenting for the first time here."
Europe Assists CIA Coverup - (2011-12-23)
"A majority of 28 mostly European countries have failed to comply with freedom of information requests about their involvement in secret CIA flights carrying suspected terrorists, two human rights groups said Monday"
Resignation Associated with Story Suppression- (2011-12-23)
"MySpace Founder Confirms in Wake of Resignation by The New York Times CEO That A Complaint Was Made In November To The NYT Board & SEC Regarding Potential Violations of Sarbanes Oxley Statue 802 and Federal Racketeering Violations including Obstruction of Justice."
Chamber of Commerce Hacked - (2011-12-21)
Do not ascribe to malice that which can be explained by incompetence.
KCNA Propaganda - (2011-12-20)
It's nowhere near as subtle as ours.
Yet Another Cybersecurity Act - (2011-12-20)
"Members of the House Homeland Security Committee introduced a cybersecurity bill on Thursday that would establish a quasi-governmental entity to oversee information-sharing with the private sector."
Covert CIA Op Exposed in Pakistan - (2011-12-18)
"The CIA organised a fake vaccination programme in the town where it believed Osama bin Laden was hiding in an elaborate attempt to obtain DNA from the fugitive al-Qaida leader's family, a Guardian investigation has found."
Big Brother from Big Business - (2011-12-14)
"Blue Coat Systems Inc. (BCSI) and NetApp Inc. (NTAP), both based in Sunnyvale, California, provided filtering, Saadaoui says. NetApp, which sells data storage systems, previously had a unit that makes computers used for monitoring networks. It sold the business to Blue Coat in 2006. "
Stuxnet: Air Force Analyst Blames Russia - (2011-12-12)
"what better way to maintain Russian interests, and innocence, than to plant a worm with digital U.S.-Israeli fingerprints? After all, Russian scientists and engineers are familiar with the cascading centrifuges whose numbers and configuration -- and Siemen's SCADA PLC controller schematics -- they have full access to by virtue of designing the plants."
Russia: Capital Flight - (2011-12-12)
"As tremors of distrust resonate throughout Russia due to widely-believed allegations of fraud in Sunday's Parliamentary elections, new research reveals that $501.3 billion in illicit money has left the country in the ten years (2000-2009) following Vladimir Putin's rise to power."
Feinstein: Torture Systematic and Widespread - (2011-12-11)
"Feinstein never mentions the years-long protests about certain provisions of the AFM, many of them gathered in the document's Appendix M, that have been found tantamount to torture."
Romanian Nationals Charged - (2011-12-09)
"The hackers compromised the credit-card data of more than 80,000 customers and used the data to make millions of dollars of unauthorized purchases, according to the indictment."
Romainia's Secret CIA Prison - (2011-12-08)
There's a nice eyeball of this site from Cryptome.
Naomi Wolf: Invoke an internal and external threat and then establish secret (unaccountable) prisons where torture takes place.
Dutch CA Hacked - (2011-12-08)
"The website of KPN subsidiary Gemnet, provider of PKI Certificates Government, appears to be hacked. A management page gave access to documents and database. The leak is sealed."
Our Shadow Government in Pakistan - (2011-12-07)
"Within the ISI, America's most reliable ally has been the spy service's division known as the T Wing. It was created largely from scratch in 2006 and 2007, after the Americans mostly gave up trying to work with the ISI's uncooperative leadership."
Strategic Plan for the Federal Cybersecurity R & D Program - (2011-12-07)
Developed by the Networking and Information Technology Research and Development program.
Cablegate One Year Later - (2011-12-06)
"This past summer, Senator John McCain was the most vocal member of Congress cheering for more aggressive military action to remove Libya's then-leader Muammar Gaddafi. But a WikiLeaks cable revealed just two years earlier, Sen. McCain had personally promised to arm Qaddafi with U.S. military equipment."
The true nature of politicians revealed.
Attacking TXT via SINIT - (2011-12-06)
Invisible Things Lab back again.
"We present a software attack against Intel TXT that exploits an implementation problem within a so called SINIT module. The attack allows to fully bypass Intel TXT, Intel Launch Control Policy (LCP), and additionally also provides yet-another-way to compromise SMM code on the platform."
9/11 Threats Evolve - (2011-12-06)
"Terrorists have started to infiltrate the airlines and airports themselves."
Thiel's Double Standard - (2011-12-06)
"Paradoxically, the transforming achievement of the man 'building the machinery of freedom' -- PayPal -- well, that agency, eight years after he sold it was one of the first to ban donations to WikiLeaks. How's that for the machinery of freedom?"
More on Carrier IQ - (2011-12-05)
"The verbose debugging logs demonstrated in Trevor Eckhart's video are a risk to privacy, and should be corrected by HTC (the author of the responsible code) by disabling these debugging messages."
MIT Paper on Grid Security - (2011-12-05)
"cybersecurity threats, a single federal agency should be given responsibility for cybersecurity preparedness, response, and recovery across the entire electric power sector, including both bulk power and distribution systems."
Carrier IQ Collects "Treasure Trove" of Data - (2011-12-04)
However, the company claims it doesn't log keystrokes.
"The Carrier IQ executives, speaking at their nondescript headquarters in a residential neighborhood in the heart of Silicon Valley, told Wired that the data they vacuum to their servers from handsets is vast -- as the software also monitors app deployment, battery life, phone CPU output and data and cell-site connectivity, among other things. But, they said, they are not logging every keystroke as a prominent critic suggested."
Related: Carrier IQ faces legal problems.
Cartel Builds Private Telecom Network - (2011-12-04)
"The Defense Department said soldiers confiscated 167 antennas and 166 power supplies that gang members used to communicate among themselves and to monitor military movements. The operation also netted more than 1,400 radios and 2,600 cellphones in the border states of Tamaulipas, Nuevo Leon and Coahuila and in the state of San Luis Potosi, a statement said."
Trust the Cloud? - (2011-12-03)
"The Sept. 11-era law was supposed to help the intelligence community gather data on suspected terrorists. But competitors overseas are using it as a way to discourage foreign countries from signing on with U.S. cloud computing providers like Google and Microsoft: Put your data on a U.S.-based cloud, they warn, and you may just put it in the hands of the U.S. government."
Technology vs. 4th Amendment - (2011-12-03)
"No one here, I suspect, is going to stop carrying a cell phone, even though we're fully aware it's tracing our location just about every moment of the day. The government is perfectly happy to take advantage of our devil's bargain by dipping into available stores of information about us. "
Ellsberg on Beyond Top Secret - (2011-12-02)
"It will have become very hard for you to learn from anybody who doesn't have these clearances. Because you'll be thinking as you listen to them: 'What would this man be telling me if he knew what I know? Would he be giving me the same advice, or would it totally change his predictions and recommendations?'"
The Windows on Windows Effect - (2011-12-02)
"A paper about how Microsoft's WOW64 technology unintentionally fools IT-Security analysts."
Operation Ajax (or, Why They Hate Us) - (2011-12-02)
"The young Shah returned in triumph to impose his rule, reinforced by his faithful SAVAK secret police whose torture of women regime opponents was duly filmed and -- according to the great Egyptian journalist Mohamed Hassanein Heikal -- circulated by CIA officers to America's allies around the world as a 'teaching' manual. How dare the Iranians remember all this?"
The Propaganda Machine in Action - (2011-12-01)
"While it is often counter-productive to divert resources to dealing with PR attacks head-on, we provide here a revealing window into the behind-the-scenes realities that WikiLeaks has to deal with every day as a result of its high profile. While many attacks come from 'traditional' enemies - the organizations WikiLeaks has exposed - others come from opportunists trying to work an easy socio-political sector - apparently saying what they believe these powerful enemies would like to be said, in the hope of preferment or relief in other areas. Others still, in fear of their reputations or the legal process, seek to whitewash past opportunism before natural moral or legal redress."
Cyberwar Hype Exposed - (2011-12-01)
"'If you can't trust the information coming from a fusion center, what is the purpose of having the fusion center sending anything out? That's common sense,' he said. 'When you read what's in that [report] that is a really, really scary letter. How could DHS not have put something out saying they got this [information but] it's preliminary?'"
November 2011___________________________________
Parallel Instances of History - (2011-11-30)
"'If there is nothing to fear and there's no one plotting to overthrow us, what do we need [ASIO] for?' he asked. 'The conservative government used the threat of communists taking over the country as a way of being voted in on a number of occasions. The intelligence agencies and the government are not in collusion but they have similar motives and similar needs. The worst thing that ever happened for ASIO was the collapse of the Communist Party, the best thing that ever happened was the attack on the World Trade Centre.'"
"Keenan echoes Assange's theory of two co-existing histories in his investigation into the ASIO files: 'There is one sort of history you read about in newspapers and they put in school books and there is another sort, a secret history, this is how things really happened. The ASIO files reveal how things really happened.'"
EFF Global ChokePoints - (2011-11-30)
"Global Chokepoints is an online resource created to document and monitor global proposals to turn Internet intermediaries into copyright police. These proposals harm Internet users' rights of privacy, due process and freedom of expression, and endanger the future of the free and open Internet."
See The CarrierIQ Rootkit in Action - (2011-11-30)
"From there, the data - including the content of text messages - is sent to Carrier IQ's servers, in secret."
You can download Trevor's findings here and here.
Myth of the STEM Shortage - (2011-11-27)
There's actually a surplus of talent. Employers simply want cheap labor and will use the alleged "shortage" to rely on cheaper substitutes (e.g. offshore, H1-B).
WikiLeaks Awarded a Walkley - (2011-11-27)
"The Walkley Awards are the Australian equivalent of the Pulitzers: that nation's most prestigious award for excellence in journalism. Last night, the Walkley Foundation awarded its highest distinction for "Most Outstanding Contribution to Journalism" to WikiLeaks, whose leader, Julian Assange, is an Australian citizen."
CarrierIQ Backs Down - (2011-11-25)
"As, of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
This company's attempt to silence Eckhart's research was disgraceful.
Encyclopedia of Windows Privilege Escalation - (2011-11-25)
Some of these tactics are a bit dated.
Android Malware Report - (2011-11-25)
"Juniper found a 400% increase in Android malware from 2009 to the summer of 2010. We have since seen exponential grow in Android malware over the last several months."
DHS Says Utility Hack Not Substantiated - (2011-11-22)
"The department disputes assertions in the fusion center report that an infrastructure-control software vendor was hacked prior to the water utility intrusion in order to obtain user names and passwords to break into the utility company and destroy a water pump."
Rsearcher Calls Carrier IQ Software a Rootkit - (2011-11-22)
"Though the software is installed on millions of Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent."
Launching Via Signed Installers - (2011-11-22)
"A few days ago, we first saw a new attack that turned out to be variants of the infamous ZeroAccess rootkit, launched by digitally signed installers and uninstallers."
The Occupy Message - (2011-11-22)
Cuts right through the bombast on Fox News.
SCADA Hacker Discovers 3-Character Password - (2011-11-21)
"I'm sorry this ain't a tale of advanced persistent threats and stuff, but frankly most compromises I've seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint."
Hacker Claims SCADA Hack - (2011-11-19)
"The city of South Houston has a really insecure system. Wanna see? I know ya do."
NasDaq Security Lax - (2011-11-18)
"You would have thought they would be like a cyber Fort Knox, but that wasn't the case at all."
SCADA System Attacked - (2011-11-18)
"There was damage -- the SCADA system was powered on and off, burning out a water pump."
Windows 8 Bootkit - (2011-11-18)
Peter Kleissner emerges from the ashes.
Crowd Control Technologies - (2011-11-18)
"Evidence is also presented of the misuse of these technologies and the breach of deployment guidelines which can make their effects either severely damaging or lethal."
32,500 Rally in NYC - (2011-11-18)
"Our political system should serve all of us - not just the very rich and powerful. Right now Wall Street owns Washington... We are the 99% and we are here to reclaim our democracy."
People claim that Occupy doesn't have a central message. Well, Ladies and gentlemen, you just read it!
Lobbying for Dictators - (2011-11-18)
"Rather than suggesting a way out of power, Mr. Borgers offered the Libyan dictator the lobbying services of what he called the 'American Action Group' to outmaneuver the rebels and win United States government support."
Google and the CIA - (2011-11-18)
"Recorded Future is financed with $8 million from the likes of Google's venture arm and In-Q-Tel, which makes investments to benefit the United States intelligence community, and its clients have included government agencies and banks. Its products include a $9,000-a-month service for hedge funds that plugs Recorded Future's insights into their trading networks."
Researcher at Kaspersky on Duqu - (2011-11-17)
"I'm convinced it's the same group... We may never know who these guys are."
Potential 0-Day in BIND - (2011-11-17)
"Internet System Consortium has published an alert earlier as they are investigating a potential vulnerability on Bind 9. There are reports of the DNS server software crashing."
the Dangers of Unemployment - (2011-11-17)
"In its most recent report on Iran, the International Atomic Energy Agency (IAEA) argues the country may be close to being able to develop a nuclear weapon. The agency also claims that important technical help was provided by an outside expert, identified by other sources as Vyacheslav Danilenko, a researcher who, until 1989, had worked for three decades at a leading Soviet nuclear weapons research and design institute."
Malware Signed By anjungnet.mardi.gov.my - (2011-11-14)
"Turns out mardi.gov.my is part of the Government of Malaysia: Malaysian Agricultural Research and Development Institute. According the information we received from the Malaysian authorities, this certificate has been stolen 'quite some time ago'."
Duqu Meets Dexter - (2011-11-14)
"The shellcode of the exploit was contained in an embedded font processed by the win32k.sys system. The font was called Dexter Regular, and its creators were shown as Showtime Inc."
EDF vs. Greenpeace - (2011-11-14)
"France's state energy firm EDF has been fined 1.5m by a Paris court for spying on Greenpeace. Its head of nuclear production security in 2006, Pascal Durieux, was given a three-year sentence with two years suspended, and a 10,000 fine for commissioning the spying."
CIA Simulation Recruitment - (2011-11-12)
"The simulation was one of about 50 such competitions the CIA plans to host around the country this year. The half-day exercise requires speed-reading, quick thinking and cogent writing to provide timely advice to policymakers seeking to resolve an imagined but realistic international crisis."
Symantec Spills the Beans (Sort of) - (2011-11-12)
"Some of the files associated with the new W32.Duqu threat were signed with a private key. After intense investigation we concluded that the private key used for signing these Duqu files was stolen from a Symantec customer whose systems appear to have been compromised. The private key was associated with a code signing certificate issued to that customer."
MPs Condemn U.S. Justice Department - (2011-11-12)
"Last month the Inter-Parliamentary Union, which represents MPs from 157 countries, unanimously adopted a resolution condemning the move by the Justice Department. The IPU said the move threatened free speech and suggested it could violate Article 19 of the Universal Declaration of Human Rights, which upholds the right of everyone to freedom of opinion and expression."
Warrantless Access to Users' Data- (2011-11-11)
"A district court judge in Virginia ruled against online privacy today, allowing U.S federal investigators to collect private records of three Twitter users as part of its investigation related to Wikileaks. The judge also blocked the users' attempt to discover whether other Internet companies have been ordered to turn their data over to the government."
Looking Back at the "Great War" - (2011-11-11)
"That war finally came for no real reason thus comes as no surprise. As Hochschild deftly shows, much of the upper crust of England welcomed it as a cross between a fox hunt and a garden party, and sent its sons off to die miserable deaths in mud and blood almost too ghastly to describe."
Nader on the Corporate State- (2011-11-11)
"Corporate predators see waste as greater sales, corruption as power, tax escapes and consumer penalties as profit centers, unilateral control as their birthright. Our political economy is out of control."
DARPA Makes a Confession - (2011-11-08)
"They don't really know how to keep U.S. military networks secure. And they want to know: Could you help them out?"
SEC Repeat Offenders - (2011-11-08)
"Many big Wall Street firms have settled fraud cases brought by the government with a promise to never violate the same law. But an analysis of Securities and Exchange Commission documents by The New York Times found that since 1996, there have been at least 51 repeat violations by those firms. Bank of America and Citigroup have each had six repeat violations, while Merrill Lynch and UBS have each had five."
Yet no one serves any jail time. They just pay a fine and it's business as usual.
Lord Adair Turner on Banks - (2011-11-06)
"Lord Adair Turner, the chairman of Britain's top financial watchdog, the Financial Services Authority, has described much of what happens on Wall Street and in other financial centers as "socially useless activity" -- a comment that suggests it could be eliminated without doing any damage to the economy."
The CIA's "Vengeful Librarians" - (2011-11-04)
The CIA Scrapes the internet to discern the global pulse.
We Feed Them, They Don't Feed Us - (2011-11-04)
"Using information from the companies' own corporate filings, however, the study concluded that a quarter of the 280 corporations owed less than 10 percent of profits in federal income taxes and 30 companies had no federal tax liability for the entire three-year period."
DARPA vs. WikiLeaks - (2011-11-04)
"We want to flood adversaries with information that's bogus, but looks real... This will confound and misdirect them."
What? Like imaginary weapons of mass destruction? I have news for you DARPA, we already have agencies in the government that have mastered this art.
Drones Target Unknown Individuals - (2011-11-04)
"Signature strikes target groups of men believed to be militants associated with terrorist groups, but whose identities aren't always known. The bulk of CIA's drone strikes are signature strikes."
Duqu Uses Windows 0-day - (2011-11-02)
"Microsoft said hackers exploited a previously unknown bug in its Windows operating system to infect computers with the Duqu virus."
UK Court Decision on Assange Case - (2011-11-02)
"The WikiLeaks founder, Julian Assange, has lost his high court appeal against extradition to Sweden to face rape allegations."
Nitro Attacks - (2011-11-01)
"This document discusses a recent targeted attack campaign directed primarily at private companies involved in the research, development, and manufacture of chemicals and advanced materials."
Chomsky: Occupy The Future - (2011-11-01)
"A vicious cycle between finance and politics accelerated. Increasingly, wealth concentrated in the financial sector. Politicians, faced with the rising cost of campaigns, were driven ever deeper into the pockets of wealthy backers. And the politicians rewarded them with policies favorable to Wall Street: deregulation, tax changes, relaxation of rules of corporate governance, which intensified the vicious cycle. Collapse was inevitable. In 2008, the government once again came to the rescue of Wall Street firms presumably too big to fail, with leaders too big to jail."
October 2011_____________________________________
China Makes It's Own Supercomputer - (2011-10-28)
"The Sunway system, which can perform about 1,000 trillion calculations per second - a petaflop - will probably rank among the 20 fastest computers in the world. More significantly, it is composed of 8,700 ShenWei SW1600 microprocessors, designed at a Chinese computer institute and manufactured in Shanghai."
Deobfuscation of Virtualization-Obfuscated Software - (2011-10-31)
"Researchers have seen an increasing use of virtualization-obfuscated malware code. These programs are difficult to comprehend and reverse engineer, since they are resistant to both static and dynamic analysis techniques."
Duqu C2 in Mumbai - (2011-10-31)
"Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat."
Related: report on Duqu vs. Stuxnet
Winter Is Here - (2011-10-30)
"We've made a lot of headway on getting winter gear here in the last 48 hrs but definitely need more. Please help by purchasing or donating supplies directly."
CA Break-in Stampede - (2011-10-28)
"Those 'CA Compromise' CRL entries as of June were published by 10 distinct CAs. So, from this data, we can observe that at least 4 CAs have experienced or discovered compromise incidents in the past four months. Again, each of these incidents could have broken the security of any HTTPS website."
Lockheed Too Big To Fail - (2011-10-28)
"An economic impact analysis projects more than one million American jobs could be lost as a result of defense budget cuts if the deficit reduction select committee fails to reach agreement on alternative balanced budget solutions and total cuts to defense reach $1 trillion."
Patriot Act Lives On - (2011-10-28)
"The law also grants so-called 'black bag' or 'sneak and peek' searches in which the authorities may delay notifying a property owner that an area has been searched. In 2010, less than 1 percent of the 3,970 such searches were terror-related. About 76 percent were drug-related."
DARPA Shredder Challenge - (2011-10-28)
"DARPA's Shredder Challenge calls upon computer scientists, puzzle enthusiasts and anyone else who likes solving complex problems to compete for up to $50,000 by piecing together a series of shredded documents."
Will this lead to better shredders?
Intel 2-Factor Authentication - (2011-10-28)
"Intel is putting authentication technology into its chips that will allow Web sites to verify that it's your PC logging into your online account and not an imposter or thief. "
Census Study on Inequality - (2011-10-27)
NYC is at the top of the list.
NSA Becomes Involved with Banks - (2011-10-27)
"Several people familiar with the NSA's assistance to Wall Street said the agency only gets involved when banks specifically ask for its help, so as not to violate laws that restrict its ability to operate within U.S. borders. These institutions get warnings about potential attacks and can ask questions on specific problems."
Journalists Need Spy Skills - (2011-10-27)
"The newspaper you are reading isn't exempt from my criticism. In June 2010, Bill Keller, then the executive editor of The New York Times, and Alan Rusbridger, editor of The Guardian, discussed WikiLeaks's cache of classified cables over an unencrypted international telephone line, as Mr. Keller has recounted."
Intruders Access Satellites - (2011-10-27)
According to a report by the U.S.-China Economic and Security Review Commission. Guess who they blame?
Almost as Bad as the Trailblazer Project - (2011-10-27)
"Dubbed the 'Defense Integrated Military Human Resource System,' the project was meant to take seven years to develop. Instead, it took 10, cost $850 million and had to be scrapped after 10 years of development in 2010 because it ended up being useless."
DuQu as an Attack Framework - (2011-10-26)
"Duqu is a multifunctional framework which is able to work with any number of any modules. Duqu is highly customizable and universal."
Oakland PD Crowd Control Policy - (2011-10-26)
"Department Training Bulletins shall be used to advise members of current police techniques and procedures and shall constitute official policy."
More Details on Mitsubishi Hack - (2011-10-26)
"Sensitive information concerning vital defense equipment - such as fighter aircraft, helicopters, as well as nuclear power plant design and safety plans - was apparently stolen."
Companies Hit By RSA Attack - (2011-10-25)
A fairly complete list via Krebs on Security.
Decapitation Won't Work - (2011-10-25)
"The undercover cops are the only ones who ask, 'Who's the leader?'... Presumably, if they know who our leaders are they can take them out. The fact is we have no leader. There's no leader, so there's nothing they can do."
Blockade Takes its Toll on WikiLeaks - (2011-10-25)
"Julian Assange, the founder of WikiLeaks, said on Monday that his Web site could be forced to shut down by the end of the year because a 10-month-old 'financial blockade' had sharply reduced the donations on which it depends"
Google Tax Evasion - (2011-10-24)
"Google Inc. cut its taxes by $3.1 billion in the last three years using a technique that moves most of its foreign profits through Ireland and the Netherlands to Bermuda."
TDL4 Bootkit Upgraded - (2011-10-23)
"Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in the previous versions. These changes might suggest one of the following: either the team developing the botnet has been changed, or TDL4 developers have started selling a bootkit builder to other cybercrime groups."
How-To for Big Brother - (2011-10-23)
"In our case, defence, homeland security, financial crime enforcement, police, tax collectors and intellectual property rights holders offer reasons to want to control the hardware we use... the Secure Hardware Environment (She), which dedicates some bandwidth and a small portion of every semiconductor for regulatory use."
The UK is moving in this direction.
Nasdaq Blended Attack - (2011-10-21)
"Nasdaq had previously said that its trading platforms were not compromised by the hackers, but they attacked a Web-based software program called Directors Desk, used by corporate boards to share documents and communicate with executives, among other things."
Anti-Leak Software - (2011-10-21)
From Raytheon. More magic boxes to sell to the DoD.
Deobfuscating Javascript - (2011-10-20)
From Panda Labs.
Cops Use Crowd Sourcing - (2011-10-19)
"In one of the most impressive uses of 'investigation-sourcing' to date, the Canadian public came together to identify the thousands of protesters who caused millions of dollars of damage as a result of the Vancouver Canucks losing the NHL championship in June 2011."
Rejecting the Cold War Framework - (2011-10-18)
"The fundamental choice is no longer the ideological one we were indoctrinated to believe - between free markets and controlled economies - but rather a continuous choice between kinds of regulation and how they distribute wealth in society."
Mitt Romney: "Corporations are People" - (2011-10-18)
...and they're certifiable psychopaths. A NYTimes op-ed agrees:
"When push comes to shove corporations will honor their commitments to shareholders' profit. Moreover, from the profit standpoint that defines a corporation, it is clear that the appearance of social responsibility is worth far more than the thing itself. Truth is not a primary corporate value."
The very fact that Romney would try to employ this hopelessly flawed argument (that corporations are people) is proof that he's a puppet of the 1%.
NYPD Narc Tells All - (2011-10-18)
"Stephen Anderson, the former detective, was snared along with a group of other officers for 'flaking' four men in Queens back in 2008. He is now cooperating with prosecutor's and is spilling the beans on the crooked practice of framings and false arrests, often to reach arrest quotas."
Virus Bulletin 2011 Slides - (2011-10-16)
"The slides are arranged in chronological order of the presentations. All files are in pdf format unless otherwise specified."
Zeus Adds P2P Features - (2011-10-16)
"There no longer is a master URL that infected machines contact to get updates, making it much more difficult to track the Trojan's activities."
SEC Disclosure Guidance - (2011-10-16)
"This guidance provides the Division of Corporation Finance's views regarding disclosure obligations relating to cybersecurity risks and cyber incidents."
Tea Pot Calls Kettle Black - (2011-10-16)
"The technique of bugging equipment or writing software in such a way as to allow undetected access has also been used by U.S. intelligence agencies in the past to gain a window into the communications of other foreign governments."
Afghan Opium Production
"Opium production in Afghanistan rose by an estimated 61% this year compared with 2010, according to a UN report."
VM-Based Software Protection - (2011-10-12)
"This paper presents Truly-protect, a system, incorporating a virtual machine, that enables execution of encrypted programs. Our intention is to form a framework for a conditional access/digital rights management system."
Drone Infection Is Everyday Malware - (2011-10-12)
"The computer virus that hit the Pentagon's drone program last month was not directed at the military systems but was common malware used to steal log-ins and passwords used in online gaming, military officials said Wednesday."
Drone Security Officers in the Dark - (2011-10-12)
"They kept the information about the infection to themselves - leaving the unit that's supposed to serve as the Air Force's cyber security specialists in the dark. The network defenders at the 24th Air Force learned of the virus by reading about it in Danger Room."
RSA Blames a nation state - (2011-10-12)
Yet no one is named and no evidence is provided.
TIA Revisited - (2011-10-11)
"This summer a little-known intelligence agency began seeking ideas from academic social scientists and corporations for ways to automatically scan the Internet in 21 Latin American countries for 'big data,' according to a research proposal being circulated by the agency."
OWS and The Boston Tea Party - (2011-10-11)
"The Tea Act, a law by the British Parliament exempting tea imported by the East India Trading Company from taxes and allowing the corporation to directly ship its tea to the colonies for sale, is credited with setting off the Boston Tea Party. The law was perceived as an effort by the British to bailout the East India Trading Company by shutting off competition from American shippers."
Financial Secrecy Index - (2011-10-10)
"The Financial Secrecy Index is a tool for understanding global financial secrecy, corruption and illicit financial flows. By ranking secrecy jurisdictions according to both their secrecy, and the scale of their activities, it allows a politically neutral ranking of the biggest players. The index was launched on October 4, 2011."
ID Theft Ring Uncovered - (2011-10-10)
"On Friday, 111 bank tellers, retail workers, waiters and alleged criminals were charged with running a credit-card-stealing organization that stole more than $13 million in less than a year-and-a-half."
More Warrantless Searching - (2011-10-10)
"The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum."
CCC Analyzes "Lawful Interception" Rootkit - (2011-10-10)
"It has been found in the wild and submitted to the CCC anonymously. The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet."
US Drone Cockpits Infected - (2011-10-07)
"A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones."
Related: Could this malware actually be internal security software ? In other words, a DoD sponsored rootkit.
UBS Alarms Ignored - (2011-10-07)
"Our internal investigation indicates that risk and operational systems did detect unauthorized or unexplained activity but this was not sufficiently investigated nor was appropriate action taken to ensure existing controls were enforced."
Star Chamber Reborn - (2011-10-07)
"So a panel operating out of the White House - that meets in total secrecy, with no known law or rules governing what it can do or how it operates - is empowered to place American citizens on a list to be killed by the CIA, which (by some process nobody knows) eventually makes its way to the President, who is the final Decider."
Cost of Bank Fraud - (2011-10-04)
"U.S. banks and merchants have balked at the expense of conversion. As a result, fraud in the United States accounted for 47 percent of global fraud losses last year -- up from about 46.5 percent in 2009 and 44 percent in the middle of the last decade"
Bribery Scheme Involving Government Contracts - (2011-10-04)
"Four Virginia men, including two longtime employees of the U.S. Army Corps of Engineers, were arrested today on charges stemming from an indictment that accuses them of taking part in a conspiracy involving more than $20 million in bribes and kickback payments and the planned steering of a $780 million government contract to a favored contractor."
SAIC Loses Unencrypted Backup - (2011-10-04)
"Last week, Tricare, the managed care arm of the U.S. government's Military Health System, disclosed that contractor Science Applications International Corp. (SAIC) had lost backup tapes containing personally identifiable information--including some health data--of about 4.9 million people."
SSL Was Broken by Design - (2011-10-03)
"So how was it that Netscape SSL had exactly the same faults as IPsec, ISAKMP, Oakley, IKE? Political pressure! Somebody really REALLY wanted to be able track users and intercept/substitute.... "
Hi-Tech Companies Want $1 Trillion Tax Holiday - (2011-10-03)
"Independent studies have found that the last time this tax break was tried, in 2004, the bargain rate for bringing home offshore profits did little to spur hiring or domestic investment. Most of the money was used to buy back stock."
Due Process Subverted By Secrecy - (2011-10-02)
"The administration has faced a legal challenge and public criticism for targeting Aulaqi, who was born in New Mexico, because of constitutional protections afforded U.S. citizens. The memorandum may represent an attempt to resolve, at least internally, a legal debate over whether a president can order the killing of U.S. citizens overseas as a counterterrorism measure."
Security Through Obscurity - (2011-10-02)
"The present paper explores some ways to refine the current models of the attacker, and of the defender, by taking into account their limited logical and programming powers. If the adaptive attacker actively queries the system to seek out its vulnerabilities, can the system gain some security by actively learning attacker's methods, and adapting to them?"
Current Infection Vectors - (2011-10-02)
"Drive-by download attacks from hacker-controlled websites loaded with exploits replaced infected email attachments as the main distribution method for malware somewhere between three to five years ago."
September 2011___________________________________
Kernel Attacks through User-Mode Callbacks - (2011-09-28)
"Although many vulnerabilities related to user-mode callbacks have been addressed, their complex nature suggests that more subtle ways might still be present in win32k. Thus, in an effort to mitigate some of the more prevalent bug classes, we conclusively provide some suggestions as to how users may protect themselves against future kernel attacks."
DHS Home: Insane Asylum - (2011-09-26)
"Five miles southeast of the gleaming Capitol dome, on a scenic bluff overlooking the confluence of the Potomac and Anacostia rivers, the future office of the secretary of Homeland Security sits boarded up and abandoned. Four years ago, U.S. officials announced plans to renovate the dilapidated, castle-like structure - opened in 1855 as the Government Hospital for the Insane - to anchor Washington's largest construction project since the Pentagon was built 70 years ago."
SCADA Bugs Too Big To Fail - (2011-09-26)
"In an interview with Threatpost, the senior DHS cybersecurity official, who agreed to speak on the condition that his name not be used, said that some of the security problems facing ICS and SCADA systems are just too big to describe as 'vulnerabilities' and that issuing vulnerability alerts for them doesn't make sense."
It's Not a Flaw, it's a Feature! - (2011-09-26)
"Marty Edwards, acting director of ICS-CERT, stunned me today at WeissCon when he explained the policy behind how ICS-CERT issues security advisories and alerts. Marty introduced a fresh approach to looking at vulnerabilities by excluding anything that appears not to be a bug (software defect) that can be fixed by the vendor."
SK APT Hack Details - (2011-09-26)
"This document summarises the July 2011 intrusion into SK Communications which culminated in the theft of the personal information of up to 35 million people."
Wall Street Bully - (2011-09-26)
"The Anonymous activist collective today released personal information about a New York police officer who is believed to have sprayed pepper spray on women protesters on Wall Street."
NYPD Spying - (2011-09-22)
"All this underscores the NYPD's transformation from a police department solving murders and muggings to a domestic intelligence agency. It's a transformation that Kelly, the police commissioner, makes no apologies for. He has credited intelligence efforts with thwarting terrorist attacks, and White House counter terrorism adviser John Brennan has called those efforts heroic."
CIA Official Named - (2011-09-22)
"Both the previous and current administrations appear to have deemed Alfreda Frances Bikowsky's direct involvement in intentional obstruction of justice, intentional cover up, lying to Congress, and overseeing rendition-kidnapping-torture practices as qualifying factors to have kept promoting her. She now leads the CIA's Global Jihad Unit and is a close adviser to the President."
Cleared Government Contractors - (2011-09-22)
"The Office of the Director of National Intelligence found, another 1.07 million private contractors hold clearances too."
Read the DNI report here.
$8 Billion Laundered - (2011-09-22)
"Money laundering in Colombia totals $8 billion each year, a sum equivalent to three percent of the country's gross domestic product, Colombia's interior minister, German Vargas, said last week."
Malaysia Bank Theft - (2011-09-21)
"Federal CCID director, Commissioner Datuk Syed Ismail Syed Azizan told a press conference today that the syndicate had skimmed the personal online details of those who had used the kiosk by secretly attaching a thumbdrive with a spy software which downloaded and stored the usernames and passwords when the bank customers logged into their online accounts."
DigiNotar Declares Bankruptcy - (2011-09-21)
"It's unlikely that many people are going to shed many tears over the demise of DigiNotar. The firm lost all trust when when it was discovered that it had known that it had suffered a security breach weeks before coming clean about the problem."
Browser Exploit Against SSL/TLS (BEAST) - (2011-09-21)
"Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser."
Building ATM Skimmers - (2011-09-21)
"Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialise blogged about receiving a client's order for building a card skimmer. The company said it denied the request when it became clear the ordered product was a fraud device."
Saudis and Terror in Phillipines - (2011-09-21)
"Saudi nationals have allegedly financed the operations of Al Qaeda-linked terrorist groups in the Philippines, according to secret diplomatic cables released by anti-secrecy group WikiLeaks."
Self-Healing Software - (2011-09-19)
"When I joined the Site Reliability team a couple of years ago, it was clear that the infrastructure was growing too fast for us to be able to handle small repetitive outages manually. We had to find an automated way to handle these sorts of issues so that the human engineers could focus on solving and preventing the larger, more complex outages."
Wall Street is Our Street - (2011-09-19)
"According to their website, the mission of the leaderless resistance movement is to flood thousands of people into lower Manhattan, set up beds, kitchens, peaceful barricades and occupy Wall Street for a few months in order to persuade President Barack Obama to establish a commission to end 'the influence money has over representatives in Washington'"
What UBS Could Have Done - (2011-09-17)
The WSJ recently reported a story about a rogue trader at UBS. In this article we see how his behavior could have been detected and prevented.
More Cybercrime Losses - (2011-09-17)
"Using the SpyEye criminal toolkit, money mules and an accomplice believed to reside in Hollywood, USA, 'Soldier' as he's known in the criminal underground, stole over $3.2 million US dollars in 6 months starting January 2011, which equates to approximately $533 thousand dollars per month, or $17 thousand dollars a day!"
Countering Entropy Metrics - (2011-09-16)
"In this paper, we detail various attacks found on real Zeus family samples, one of the most powerful and spread malware families at this moment, which are protected by custom made packers."
Detecting Packed EXEs - (2011-09-16)
"In this paper, we propose a new method for packed executable detection that adopts a collective learning approach to reduce the labelling requirements of completely supervised approaches."
SCADA Zero-Day Exploits - (2011-09-15)
"Security researcher Luigi Auriemma disclosed the attacks against six SCADA (Supervisory Control and Data Acquisition) systems including US giant Rockwell Automation."
Cyber Realm Added to Treaty - (2011-09-14)
"Defense and diplomatic chiefs from the United States and Australia are meeting in San Francisco some 60 years after the birth of the ANZUS military alliance, which commits Australia and the United States to support each other if one is attacked."
Gary McGraw: We Need Better Languages - (2011-09-14)
"The main thing I'd like to see in software security is a better set of programming languages themselves. So in 2001, C was a disaster, C++ was a disaster, Java was getting better, .NET was getting even better. You know, we've been moving slowly towards languages that at least have different sorts of vulnerabilities built into them, and make the job of software security easier."
More BIOS Rootkit Tech - (2011-09-14)
"Recently, we met a new threat named Trojan.Mebromi that can add malicious components into Award BIOS which allows the threat to take control of the system even before MBR."
"Leaked" FBI Document - (2011-09-13)
Profiles Anonymous leadership. Could be bogus.
Comodo Hacker on Windows Updates - (2011-09-12)
"I'm able to issue windows update, Microsoft's statement about Windows Update and that I can't issue such update is totally false! I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and... Simply I can issue updates via windows update! You see? I'm so smart, sharp, dangerous, powerful, etc. huh?"
Microsoft Looks into Software Protection - (2011-09-10)
"a novel application of superoptimization towards software security, including areas such as exploit prevention and tamper-resistance, and leading towards code obfuscation."
EFF Takes on the NSA - (2011-09-10)
"Yesterday, EFF lawyers urged the 9th U.S. Circuit Court of Appeals in Seattle to allow our two lawsuits challenging the National Security Agency's illegal mass surveillance of millions of ordinary Americans to continue."
Doppelganger Domains - (2011-09-10)
"A Doppelganger Domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes. Doppelganger Domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information."
Moxie's Convergence Project - (2011-09-08)
"A Thoughtcrime Labs Production, in association with IDS."
More on Systemic Risk - (2011-09-08)
"It's not a simple matter of removing certificates from a database, because they're not in any databases ... We may never track them all down."
Related: Mozilla calls all hands on deck.
China's Patriot Act - (2011-09-08)
"A proposed change in the Chinese criminal code that would allow authorities to detain suspects for up to six months in a secret location is a dangerous step backward for the country, activists charged Saturday."
Bios-Flashing Malware - (2011-09-08)
This is one area of work where it's truly useful to have a hardware emulator available.
Inline Hooking Presentation - (2011-09-08)
A series of slides on this topic.
Symantec Says Cybercrime Costs $114 Billion - (2011-09-07)
"Between February 6, 2011 and March 14, 2011, StrategyOne conducted interviews with 19,636 people and included 12,704 adults, aged 18 and over 4,553 children aged 8-17 years and 2,379 grade 1-11 teachers from 24 countries (Australia, Brazil, Canada, China, France, Germany, India, Italy, Japan, New Zealand, Spain, Sweden, United Kingdom, United States, Belgium, Denmark, Holland, Hong Kong, Mexico, South Africa, Singapore, Poland, Switzerland, United Arab Emirates)."
Personally, I prefer actual recorded incidents rather than statistical extrapolation. Take all of this with a grain of salt, as the purveyor of this report has a vested interest in the findings.
Scientist Pleads Guilty to Attempted Espionage - (2011-09-07)
"Stewart David Nozette, a scientist who once worked for the Department of Energy, the Department of Defense, the National Aeronautics and Space Administration and the White House's National Space Council, pleaded guilty today to attempted espionage for providing classified information to a person he believed to be an Israeli intelligence officer."
DHS Paper Mill - (2011-09-07)
"Four years after the original contract, spending reached $124 million. When the department finally held a competition for additional work, it awarded more contracts to Booz Allen. At the time, a Booz Allen executive defended the firm's work, saying they had followed federal rules and charged fair prices, according to the Post."
Rent-a-Bot: TDSS - (2011-09-07)
"One of the world's largest and most sophisticated botnets is openly renting its infected PCs to any and all comers, and has even created a Firefox add-on to assist customers."
The Perils of Systemic Risk - (2011-09-06)
"The Dutch government has taken over operational management from DigiNotar."
Operation Black Tulip - (2011-09-06)
No antivirus software was present on Diginotar's servers, which had not been patched.
Jesus...
Rogue SSL certs Issued for CIA, MI6, Mossad - (2011-09-06)
"The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days."
Candid Espionage Remarks - (2011-09-02)
"China remained quiet Tuesday as a recently leaked video of a Chinese general's candid remarks -- apparently made at a corporate event in March -- on sensitive spying cases continued to draw international attention."
Anonymous Targets Police in Texa - (2011-09-02)
"The group known as Anonymous on Thursday appeared to briefly take over the website of a Texas police chiefs organization and claimed to have hacked into the email accounts of more than two dozen law enforcement agencies or officials in the state."
Hunted from Above - (2011-09-02)
Employers would prefer to hire younger workers than re-train their middle-aged engineers (it's cheaper).
The Guardian Publishes Cable Decryption Key - (2011-09-02)
"Everyone who knows a bit about computers can now have a look into the 250,000 US diplomatic dispatches that WikiLeaks made available to select news outlets late last year. All of them. What's more, they are the unedited, unredacted versions complete with the names of US diplomats' informants -- sensitive names from Iran, China, Afghanistan, the Arab world and elsewhere."
Related: You can download the decrypted archive here.
Proof That VPNs Are Useful - (2011-09-01)
"A legal notice sent to all internet providers (ISPs) by the Pakistan Telecommunications Authority, seen by the Guardian, orders the ISPs to inform authorities if any of their customers are using virtual private networks (VPNs) to browse the web."
More Trouble for DigiNotar - (2011-09-01)
"Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today."
Anonymous Attacks WikiLeaks - (2011-09-01)
"Anonymous members have taken responsibility for launching a denial of service attack against Wikileaks this week using a custom-built tool that exploits a SQL server flaw."
Former US Official Undermined Rebel Movement - (2011-09-01)
"Minutes of this meeting record his advice on how to undermine Libya's rebel movement, with the potential assistance of foreign intelligence agencies, including Israel."
August 2011______________________________________
More Details on the RSA Hack- (2011-08-31)
"Ever since security giant RSA was hacked last March, anti-virus researchers have been trying to get a copy of the malware used for the attack to study its method of infection. But RSA wasn't cooperating, nor were the third-party forensic experts the company hired to investigate the breach."
The Global Corporate Octopus - (2011-08-31)
"We find that transnational corporations form a giant bow-tie structure and that a large portion of control flows to a small tightly-knit core of financial institutions. This core can be seen as an economic 'super-entity' that raises new important issues both for researchers and policy makers."
Bogus Google Cert Appears - (2011-08-31)
"A Dutch company appears to have issued a digital certificate for Google.com to someone other than Google, who may be using it to try to re-direct traffic of users based in Iran."
Another Reason Why Attribution is so Difficult - (2011-08-31)
"Leaked online chats between the co-owners of the world's largest pharmacy spam operation reveal the extent to which illicit organizations in Russia purchase political protection, and bribe public officials into initiating or stalling law enforcement investigations."
DoD Employee Accused of $95,000 Bribe - (2011-08-31)
"While he was supposed to be working to support our troops, he was lining his pockets."
Preventing 9/11 - (2011-08-28)
"What if, two years before the 9/11 attacks - with the installation of a cell-phone-and-Internet system in Afghanistan - the U.S. had been handed complete access to al-Qaeda and Taliban calls and e-mails? A secret deal was in place in 1999, the author reveals, but Washington dropped the ball."
Morto Worm Uses RDP - (2011-08-28)
"Researchers at F-Secure said that Morto is the first Internet worm to use RDP as an infection vector. Once it's on a new machine and has successfully found another PC to infect, it starts trying a long list of possible passwords for the RDP service."
Related: F-Secure blog entry.
EFF Speaks on Attribution - (2011-08-24)
"An IP address is nothing more than a piece of information, a clue. An IP address alone is not probable cause that a person has committed a crime. Furthermore, search warrants executed solely on the basis of IP addresses have a significant likelihood of wasting officers' time and resources rather than producing helpful leads."
$13 Million ATM Heist - (2011-08-24)
"An international cybercrime gang stole $13 million from a Florida-based financial institution earlier this year, by executing a highly-coordinated heist in which thieves used ATMs around the globe to cash out stolen prepaid debit cards."
Related: A similar ATM heist covered by Wired.
Symantec: Bootkits Make a Comeback - (2011-08-24)
"So far in 2011, we have seen Backdoor.Tidserv.M, Trojan.Smitnyl, Trojan.Fispboot, Trojan.Alworo, and Trojan.Cidox. This represents as many new MBR or boot time malware threats as there had been in the previous three years. This increase potentially indicates a comeback of boot time malware."
Open Source Intel Gets a Bad Rap - (2011-08-24)
A book review by Robert D. Steele.
"The book opens with a Foreword from Senator Gary Hart, who cites Senator Daniel Patrick Moynihan's point that secrecy is used against the US public more often than it is used to withhold information from the alleged enemy. He also makes the observation that the collapse of the Soviet Union and the emergence of the web occurred almost simultaneously (1990-1991)."
Cybercrime in the Ukraine - (2011-08-23)
"US agents have helped Ukrainian authorities uncover a group of computer hackers who used forged banking details to steal some $20 million from private US accounts, officials said Monday."
Anonymous breaches US Defense Contractor - (2011-08-23)
"Anonymous, has released 1GB of what is says are private e-mails and documents from an executive of a U.S. defense company that sells unmanned aerial vehicles to police and the U.S. military."
Exploit Hardening Made Easy - (2011-08-23)
"We build Q, an end-to-end system that automatically generates ROP payloads for a given binary... We show that Q can harden nine realworld Linux and Windows exploits, enabling an attacker to automatically bypass defenses as deployed by industry for those programs."
Evading Malware Detection - (2011-08-18)
"In addition to describing specific methods that malicious web sites employ to evade detection, we study trends over time to measure the prevalence of evasion at scale. Our results indicate that exploit delivery mechanisms are becoming increasingly complex and evasive."
Hundreds of Millions Lost to Afghan Warlords - (2011-08-18)
"The U.S military estimates $360 million in U.S. tax dollars has ended up in the hands of people the American-led coalition has spent nearly a decade battling: the Taliban, criminals, and power brokers with ties to both."
Rioters Learn From the Best - (2011-08-18)
"This is not in any way to excuse the violence of the rioters, many of whom were opportunistic, mean, cruel, nihilistic and often vicious in their glee: an authentic reflection of a system of greed and self-interest to which scores of parasitic money-movers, 'entrepreneurs', Murdochites, corrupt MPs and bent coppers have devoted themselves."
DHS Public Awareness Campaign - (2011-08-18)
"If You See Something, Say Something." No doubt the same instructions given to neighborhood spies during the cultural revolution in China.
BART PD Info Released - (2011-08-18)
"Hackers seized and posted personal information of Bay Area Rapid Transit police online - carrying out another website attack against a California agency that turned off some cell phone service to thwart a potential protest."
BART Cellphone Protest Photos - (2011-08-16)
Demonstrators try to keep a train from leaving the Civic Center station on August 15, 2011 in San Francisco, California.
SpyEye Builder Cracked - (2011-08-16)
"He [Xyliton] was able to locate a copy of SpyEye builder 1.3.45 and created a walkthrough/tutorial that enables the reader (once in possession of SpyEye builder) to crack the hardware identification (HWID) which has been secured using VMProtect (a licensing tool that locks an installation of software to a particular physical device)."
In Search of Enemies - (2011-08-07)
"In recent weeks, small numbers of C.I.A. operatives and American civilian military employees have been posted at a Mexican military base, where, for the first time, security officials from both countries work side by side in collecting information about drug cartels and helping plan operations. Officials are also looking into embedding a team of American contractors inside a specially vetted Mexican counternarcotics police unit."
Now that Osama is dead...
Let Them Eat Cake - (2011-08-07)
"A French court on Thursday ordered an investigation into new IMF chief Christine Lagarde's role in a $400 million arbitration deal in favor of a controversial tycoon. ...Lagarde was France's finance minister when magnate Bernard Tapie won a 2008 settlement with a French state-owned bank over the mishandled sale of sportswear maker Adidas in the 1990s. Critics viewed the settlement as an overly generous chunk of taxpayer money handed to a brash businessman."
Dealing with Shady Rats: Better Software - (2011-08-04)
Charlie Miller: "As a society, we cannot eliminate computer attacks. However, what we can do (and this is the approach the industry is sort of taking) is make it so hard and expensive to pull off attacks that it becomes economically infeasible for most attackers. And even for those with the expertise to still pull off the attack, it minimizes the number of attacks they can perform. The way we make it more difficult is to reduce the number of vulnerabilities."
Operation Shady Rat - (2011-08-04)
"I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact"
Despite the best efforts of former government officials to warn of us impending Cybergeddon, it would be foolish for countries like China to attack our infrastructure. After all, who do you think is buying all of those exports? It's far more profitable to steal intellectual property and trade secrets.
Yet More CyberCrime - (2011-08-04)
"Six members of a large-scale identity theft and cybercrime gang were indicted on Thursday for stealing over $1 million from at least 80 clients of J.P. Morgan Chase Bank."
July 2011_________________________________________
Anonymous Releases ManTech Data - (2011-07-30)
"The FBI is outsourcing cybersecurity to the tune of nearly $100 million to a Washington-area managed services company. The deal shows a willingness in the federal government to place IT services more and more in the hands of third parties as agencies don't have enough staff on hand to do the job."
Inside the Sinaloa Drug Cartel - (2011-07-30)
"Because he was a key link between U.S. and Mexican drug distributors, his phone chatter was an intelligence gusher. Each call exposed another contact, whose phone was then tapped as well. The new contacts called other associates, leading to more taps. Soon the agents had sketched a vast, connect-the-dots map of the distribution network."
The Commoditization of Malware Distribution - (2011-07-30)
"Miscreants readily apprehend that tackling the entire value-chain from malware creation to monetization in the presence of ever-evolving countermeasures poses a daunting task requiring highly developed skills and resources. As a result, entrepreneurial-minded miscreants have formed pay-per-install (PPI) services - specialized organizations that focus on the infection of victims' systems."
Transnational Organized Crime (TOC) - (2011-07-30)
"Transnational crime and its accompanying violence are threatening the prosperity of some Central American states and can cost up to eight percent of their gross domestic product, according to the World Bank."
GAO Report on Emergency Loans - (2011-07-30)
"From late 2007 through mid-2010, Reserve Banks provided more than a trillion dollars in emergency loans to the financial sector to address strains in credit markets and to avert failures of individual institutions believed to be a threat to the stability of the financial system."
2004 Election in Ohio - (2011-07-30)
"Project Censored named the outsourcing of Ohio's 2004 election votes to SmarTech in Chattanooga, Tennessee to a company owned by Republican partisans as one of the most censored stories in the world."
Arrested For (Malware) Possession - (2011-07-30)
"Police have arrested a man on suspicion of storing a computer virus on his personal computer without legitimate reasons, the Metropolitan Police Department announced Thursday."
UNODC World Drug Report - (2011-07-24)
The author of "Crossing the Rubicon" (Michael Ruppert) once claimed that the size of the market for illicit substances was an important piece of meta-data. Here, in this report, we get an idea of what this figure may be... and just how much money needs to be laundered.
More Telescreens - (2011-07-21)
"The Pennsylvania company, a holding of the Liberty Media giant that owns Sirius XM and the Atlanta Braves, provides location technology to those soon-to-be-merged carriers, so police, firefighters and medics can know where you're at in an emergency. In the U.S., it locates over 60 million 911 calls annually. But very quietly, over the last four years, TruePosition has moved into the homeland security business - worldwide."
GOP Panel Members Leak - (2011-07-21)
"House Democrats on Wednesday accused two Republicans who served on the Financial Crisis Inquiry Commission of leaking sensitive material during the course of the group's yearlong probe."
More Hacking or More Hype? - (2011-07-21)
"Why has there been such a spike in hacking recently? Or is it merely a function of us paying closer attention and of institutions being more open about reporting security breaches?"
Cyberwar Fear-Mongering: Cui Bono? - (2011-07-21)
This list of participants should give you an idea...
Whistle-Blower Found Dead - (2011-07-21)
"He told the New York Times that reporters at the NoW were able to use police technology to locate people using their mobile phone signals, in exchange for payments to police officers."
Anonymous Breaches NATO Servers - (2011-07-21)
"Yes, #NATO was breached. And we have lots of restricted material. With some simple injection. In the next days, wait for interesting data :),"
Google's Relationship with the NSA - (2011-07-15)
"While it acknowledged working 'with a broad range of commercial partners and research associates,' the Agency refused to 'confirm [ or] deny' whether it even had a relationship with Google."
Israel's Boycott Law - (2011-07-15)
"The law bans all calls for the boycott of the State of Israel... According to the law, any settler who feels that he has been harmed by the boycott can demand unlimited compensation from any person or organization calling for the boycott without having to prove any actual damage. This means that each of the 300,000 settlers can claim millions from every single peace activist associated with the call for boycott, thus destroying the peace movement altogether."
If this report does anything, it demonstrates just how powerful a boycott can be. The elite are so threatened by it that they move to make it illegal.
The Espionage Act of 1917 - (2011-07-15)
Prosecutions: Steve Rosen and Keith Weisman in 2004, Steven Kim in 2009, and Thomas Drake in 2010.
Does Targeting Leadership Work? - (2011-07-14)
"The removal of key personnel does not have a discernable impact on drug flows as determined by seizure rates."
Anonymous Targets Monsanto - (2011-07-14)
"Anonymous released contact information for about 2,500 people that presumably was snagged from Monsanto on Tuesday and said it had attacked the company's Web servers to protest lawsuits it has filed against organic dairy farmers for stating on labels that their products don't contain growth hormones"
CIA "John" Gets Spooked - (2011-07-14)
"A CIA analyst who played a lead role in locating Osama bin Laden was placed under cover by the agency this month because of new threat information indicating he might be targeted by al-Qaeda, U.S. officials said Monday."
Cryptome says: "It glosses the previous AP report by slathering on more motherhood-and-apple-pie 'risk to undercover officer,' and suggests that ranks of reputable publishers will obediently play the access hand they are given or be banned for revealing the officer's identity."
Anonymous Targets Booz Allen Hamilton - (2011-07-12)
"The hackers said in a message posted on the Internet that they wiped out 4 gigabytes of Booz Allen source code and stole 90,000 email addresses"
BND HQ Blueprints Stolen - (2011-07-12)
"The classified blueprints for Germany's Federal Intelligence Service, or BND, were taken from the headquarters' secure construction site in the German capital's Mitte district, Focus magazine reported on July 10."
Stuxnet & Attribution - (2011-07-12)
"There was one point, however, that O Murchu said they might have censored their information had they reached it. 'If it had got to the point where we had found 100 percent attribution who was behind it, I think we would have had some really serious conversations about [publishing] that,' he said."
So, did they ever find out who was responsible?
Testimony: Losses Due to Cybercrime - (2011-07-12)
"Warner said only about 1.3 million victims file cyber-crime complaints each year even though about 11 million are actually victims each year. He estimates the total annual financial loss in the U.S. from such crimes is about $53 billion. One of the most important things someone can do, he said, is report everything, even seemingly small amounts such as $100."
White Hat Infiltration - (2011-07-12)
"A top Secret Service official ended up spilling details about federal anti-hacker strategy at a relatively obscure federal hearing in Alabama. In testimony given to the House Committee on Financial Services."
Why Some Secrets Evade Leak Sites - (2011-07-12)
"This kind of information is worth much more on the black market, under the negotiating table, in drop boxes, to spies, to nations, to extorionists, to blackmailers, and the full range of cheaters for profit. "
Passwords and the 5th - (2011-07-12)
"The Electronic Frontier Foundation (EFF) urged a federal court in Colorado today to block the government's attempt to force a woman to enter a password into an encrypted laptop, arguing in an amicus brief that it would violate her Fifth Amendment privilege against self-incrimination."
Industrial Espionage in Chicago - (2011-07-12)
"A 10 year employee of CME Group in Chicago is alleged to have stolen trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange, according to a criminal complaint filed in U.S. District Court in Illinois."
Jump-Oriented Programming - (2011-07-10)
"In this paper, we introduce a new class of code-reuse attack, called jump-oriented programming. This new attack eliminates the reliance on the stack and ret instructions (including ret-like instructions such as pop+jmp) seen in return-oriented programming without sacrificing expressive power."
Going to the Cloud - (2011-07-10)
"The Army's $2.7 billion computing system designed to share real-time intelligence with troops fighting in Afghanistan and Iraq has hurt, rather than helped, efforts to fight insurgents because it doesn't work properly, several analysts who have used the system say."
House Committee on Oversight and Government Reform - (2011-07-10)
"Cybersecurity: Assessing the Nation's Ability to Address the Growing Cyber Threat."
White House Situation Room - (2011-07-10)
"This shows the White House Situation Room's small conference room where Obama and his team watched the OBL-kill operation, along with views of the Situation Room complex location under the West Wing"
Targeting the NTFS Loader - (2011-07-07)
"Modification of the hard drive areas responsible for the initial loading of the system has become increasing popular with cybercriminals. Moreover, cybercriminals have now moved on from just modifying the MBR (master boot record) to infecting the code of the NTFS loader."
FBI, DEA, and ATF Mix It Up - (2011-07-07)
"In two days of meetings with congressional investigators over the weekend, Melson said the FBI and DEA kept the ATF 'in the dark' about their relationships with the cartel informants. If ATF agents had known of the relationships, the agency might have ended the investigation much earlier, he said."
How to Fight a Guerilla War - (2011-07-07)
"Nerf wins: low-casualty, high-cost performance-art style guerrilla bombings. And Al Qaeda style maximum-splatter is for hotheaded idiots who forget that the real job of a guerrilla force is to stay in existence, lean on the enemy, wear him out and bankrupt him."
CIA Analyst Named "John" - (2011-07-07)
"After Navy SEALs killed Osama bin Laden, the White House released a photo of President Barack Obama and his Cabinet inside the Situation Room, watching the daring raid unfold. Hidden from view, standing just outside the frame of that now-famous photograph was a career CIA analyst. In the hunt for the world's most-wanted terrorist, there may have been no one more important. His job for nearly a decade was finding the al-Qaida leader."
Surgically Implanted Bombs - (2011-07-07)
"Terrorists intent on striking commercial aircraft have shown renewed interest in surgically implanting explosives or explosive components in humans to conduct attacks, a U.S. security official tells CNN."
HackerLeaks Launches - (2011-07-03)
"Earlier this week members of the hacker collective [Anonymous], and specifically a sub-group known as the People's Liberation Front, (PLF) launched two new leaking sites, LocalLeaks.tk (not to be confused with the similarly named Localeaks.com) and HackerLeaks.tk. Both hope to receive documents through an anonymous submissions channel, analyze them, and then distribute them to the press to get 'maximum exposure and political impact.'"
Classified USAID Fraud Report - (2011-07-02)
"01/2011 - The preliminary draft report on a USAID-commissioned material loss review indicates that insiders at Kabul Bank used fraudulent loans to misappropriate $850 million, representing 94 percent of outstanding loans."
The Information Domain as a Battlespace - (2011-07-01)
U.S. Trade & Aid Monitor has (ahem) 'located' a U.S. Forces-Afghanistan (USFOR-A) document:
"This initiative also addresses efforts to collect public information and interpret it to support senior leader decision making, specifically regarding the attitudes of the public and the media concerning political, social and economic issues."
As Walter Lippmann observed, many years ago: "The creation of consent is not a new art. It is a very old one which was supposed to have died out with the appearance of democracy. But it has not died out."
June 2011_________________________________________
Analysis of TDL4 - (2011-06-30)
Features advanced encryption and peer-to-peer (P2P) tech to communicate with command-and-control (C&C) servers.
Malware Builds Upon UPX - (2011-06-30)
"The heavily obfuscated code at the entry point easily leads me to think there is another layer of packing."
Blaming the Victim - (2011-06-30)
"The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick."
Amen.
Cybercrime in Germany - (2011-06-30)
"German federal police say the country saw a nearly 20 percent rise in cybercrime last year, causing $89 million in damage. Federal Criminal Police Office chief Joerg Ziercke said Thursday that the number of cybercrime incidents rose to 59,839 in 2010 from 50,254 in 2009."
Common Weakness Enumeration - (2011-06-28)
The MITRE Corporation and the DHS sponsor a project to provide:
"[A] Formal list of common software weaknesses. It serves as a common language for describing software security weaknesses, a standard measuring stick for software security tools targeting these vulnerabilities, and as a baseline standard for weakness identification, mitigation, and prevention efforts."
Related: The 2011 Top 25 Most Dangerous Software Errors List .
The bootkit Win32/Popureb.E - (2011-06-28)
"It introduces a driver component to prevent the malicious MBR and other malicious data stored as disk sectors from being changed. The driver component protects the data in an unusual way – by hooking the DriverStartIo routine in a hard disk port driver (for example, atapi.sys)."
DNSSEC Ceremony - (2011-06-26)
"The Singapore event included an elaborate technical ceremony to create and then securely store numerical keys that will be kept in three hardened data centers there, in Zurich and in San Jose, Calif. The keys and data centers are working parts of a technology known as Secure DNS, or DNSSEC."
Cybercrime Pays - (2011-06-26)
"Until now, it wasn't clear how much -- if any -- fraud had occurred as a result of the theft. But Citi confirmed Friday that there were losses of $2.7 million from about 3,400 accounts."
Game Consoles as a Covert Channel - (2011-06-25)
"MS-13 members use features on gaming consoles to direct operational activities."
Inside AVG - (2011-06-24)
This article gives a basic outline of how AVG identifies and examines malware.
Guide to BIOS Reversing - (2011-06-24)
PeepPDF- (2011-06-23)
"Peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools"
LulzSec Hits The Arizona Border Patrol - (2011-06-23)
"Hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement."
More Cybercrime... - (2011-06-23)
"Police in the United States and seven other countries seized computers and servers used to run a 'scareware' scheme that has netted more than $72 million from victims tricked into buying fake anti-virus software... The suspects involved in the scheme, who were not identified, planted 'scareware' on the computers of 960,000 victims."
Here's the FBI's press release.
Cyber Range Testbed - (2011-06-20)
"The new simulated mini-Internet would give Washington the opportunity to carry out virtual cyberwarfare games as a way of testing different scenarios and technologies in response to cyberattacks... defense contractor Lockheed Martin was awarded a $5.4 million contract by DARPA in early 2009... Johns Hopkins University's Applied Physics Laboratory, which received a $24.7 million contract in early 2010...With its cost estimated at $130 million, the system is expected to be operational by the middle of next year."
The Telescreen in the Sky - (2011-06-17)
"As an example of how Wall Street getting in on this technology, the UBS Investment Research issued its earnings preview for Wal-Mart's second quarter, which publicly revealed that UBS had been using used satellite services of private-sector satellite companies to gather the comings and goings of the parking lots at Wal-Mart stores."
Japan Criminalizes Malware Creation - (2011-06-17)
Commentary: No country has ever become great by putting its citizens eyes out.
Oh, and I assume that the military and their cohorts in the intelligence agencies will be free to sidestep this restriction?
Hack/Counterhack - (2011-06-16)
"The financial basis for criminal hacking may be the key to solving the whole problem. They expanded their study of the money, even interacting with criminal organizations in devious ways, for example by adding their own code to hackers' code in order to monitor them, and by ordering tons of stuff from phishing scams to trace the path of the money."
ADP Suffers Data Breach - (2011-06-16)
"Outsourcing firm Automatic Data Processing Inc. on Wednesday reported a data breach in its benefits-administration business."
Related: Citigroup provides more details on its recent breach.
"Is this an act of war, gentlemen? Problem?"- (2011-06-15)
"The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not get behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms, said."
Related: LulzSec sails on with DDoS attacks against the CIA and the FBI. Though Chinese Generals may claim to be worried about cyber-attacks from the US Military (to help bolster there own budget), it might be closer to the truth to say that they should be more concerned about the likes of LulzSec.
The Quandry of Attribution - (2011-06-15)
"If your network is under attack and you're trying to find out who's doing it, purely technical means are insufficient for that."
Inspection and Quarantine Cards - (2011-06-15)
"For years now Chinese authorities have been installing spying devices on all dual-plate Chinese-Hong Kong vehicles, enabling a vast network of eavesdropping across the archipelago, according to a Hong Kong newspaper."
BilderBeger Attendee List - (2011-06-14)
Very telling, particularly in light of the recent media focus on cyber-security. This could be viewed as a sign of things to come...
Project Cyber Dawn - (2011-06-14)
"The study outlined ways to disable the coastal refinery at Ras Lanouf using a computer virus similar to the Stuxnet worm that led to a breakdown in Iran's enrichment program late last year. It catalogued several pieces of potentially exposed computer hardware used at the refinery. The study was discussed in some of nearly 1,000 emails stolen by hacking group Lulz Security from Delaware-based Internet surveillance firm Unveillance, LLC as part of an effort to show how vulnerable data can be."
Related: Here is the report released by Unveillance.
Related: Why do certain security researchers cheer Lulz? "I told you so." That's why.
Related: Recall the statement made by Anonymous:
"Whether HBGary were acting in the cause of security or military gain is irrelevant - their actions were illegal and morally reprehensible. Anonymous does not accept that the government and/or the military has the right to be above the law and to use the phoney cliche of 'national security' to justify illegal and deceptive activities. If the government must break the rules, they must also be willing to accept the democratic consequences of this at the ballot box."
"We do not accept the current status quo whereby a government can tell one story to the people and another in private. Dishonesty and secrecy totally undermine the concept of self rule. How can the people judge for whom to vote unless they are fully aware of what policies said politicians are actually pursuing?"
IMF hacked - (2011-06-14)
"The fund said that it did not believe that the intrusion into its systems was related to a sophisticated digital break-in at RSA Security that took place in March, which compromised some information that companies and governments use to control access to their most sensitive computer systems."
Citigroup Hacked - (2011-06-14)
"The bank said about 1 percent of its North American credit card holders had been affected, putting the total count of customers exposed in the hundreds of thousands, based on its annual report for 2010, which said it had about 21 million credit card customers in North America."
"Shadow" Internet and Mobile Phone Systems - (2011-06-14)
"The effort includes secretive projects to create independent cellphone networks inside foreign countries, as well as one operation out of a spy novel in a fifth-floor shop on L Street in Washington, where a group of young entrepreneurs who look as if they could be in a garage band are fitting deceptively innocent-looking hardware into a prototype 'Internet in a suitcase.'"
The Dark Side of Cloud Computing - (2011-06-06)
"There were some recent comments about Amazon Cloud as a platform for successful attacks on Sony� Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers."
Strong Passwords Redefined by GPUs - (2011-06-06)
"Unless we�re willing to move onto 15-16 characters, mixed-case/symbols random password (which will end up on Post-It Notes), passwords will soon only offer protection against honest people."
Boeing vs. Northrop - (2011-06-06)
"With at least a year�s head-start on Northrop, in 2003 Boeing was in possession of a mostly complete control software, while Northrop was not. Working together basically meant Boeing handing over to its biggest rival, for free, what Leahy had described as the most important part of the drone architecture � and, by, extension the foundation of the future�s unmanned air force."
DoD Guards Kazakhstan Site - (2011-06-06)
"The classified project aims to keep terrorists away from what the Soviets left behind in patches of earth and a warren of tunnels that they used for atomic testing: among other things, plutonium and highly enriched uranium."
Iranian gov�t E-mails Leaked - (2011-06-04)
"Hacker group Anonymous has leaked 10,365 'top secret' emails from Iran�s Ministry of Foreign Affairs. Anonymous says the files were accessed after the group infiltrated the Iranian Passport and Visa Office email center. All the files are currently available for download from MediaFire, as well as various BitTorrent sources."
Lulzsec Targets FBI Affiliate - (2011-06-04)
"In a self-titled hack attack called 'F**k FBI Friday' the hacking group known as LulzSec has published details on users and associates of the non-profit organization known as Infragard."
UK Starts Work on Cyber weapons - (2011-06-03)
"Whitehall officials have revealed to the Guardian that work has begun on a range of offensive cyber weapons to add to its defensive capability"
Note: these weapons are useless unless you know who to point them at. What, pray tell, do you think would happen if they unleashed them on an innocent bystander?
Related: The UK isn't alone. Other countries are also wasting government funds on this.
Facebook Password Recovery - (2011-06-03)
"The new utility gets Facebook account passwords saved in Web browsers on the local computer. Pleasant thing is that ElcomSoft decided to help saving federal costs as well and made the software free of charge."
Security vs. Privacy - (2011-06-03)
"The debate is being skewed by several flawed pro-security arguments. These arguments improperly tip the scales to the security side of the balance."
Gmail Compromised - (2011-06-03)
"Google said Wednesday that personal Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists, had been exposed. Google traced the origin of the attacks to Jinan, China, the home city of a military vocational school whose computers were linked to a more sophisticated assault on Google's systems 17 months ago. The two attacks are not believed to be linked."
The Lulz Boat Sails Onward - (2011-06-03)
"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons'."
May 2011_________________________________________
Official Secrets Management Society - (2011-05-30)
"While the US does not yet have a formal Official Secrets Act it attains the same effect with excessive classification and a worldwide OSA-cartel directed primarily by spies and officials cashing in on security clearances."
Lockheed Hacked - (2011-05-30)
And these are the contractors that our government will hire to protect us?
Australia's Govt. On CyberSecurity - (2011-05-30)
Officials in Australia are acknowledging the futility of attribution and the nature of espionage. Everyone spies on everyone else.
"It comes from everywhere. It comes from eastern Europe; it comes from Russia. Just don't pick on the Chinese; it's everywhere."
"We don't comment on the source of those (attacks). It is often literally hard to identify. They are often re-routed through other countries and other providers."
Even more interesting is the fact that they're beginning to realize that many security incidents result from software flaws that vendors could (and should) mitigate.
"We think it is better to deal with the threat, to address the vulnerability."
SCADA Vulnerabilities Kept Secret - (2011-05-28)
"Unfortunately, secrecy sounds like a good idea. Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of the hackers.... But that assumes that hackers can't discover vulnerabilities on their own, and that software companies will spend time and money fixing secret vulnerabilities. Both of those assumptions are false. Hackers have proven to be quite adept at discovering secret vulnerabilities, and full disclosure is the only reason vendors routinely patch their systems."
Frontline Wikileaks Interviews - (2011-05-28)
Julian Assange: "At the moment that tax revenues in the United States have gone down, we see that that sector is increasing the amount of money it's getting; i.e., it is increasing its political power domestically to suck out more money from the U.S. tax base and give it to its patronage network, which includes all the big military contractors, plus the military itself and the spy agencies and the politicians that get their power pulling the whole thing together. A very dangerous business."
Senator Wyden's Warning - (2011-05-28)
"As a member of the intelligence committee, he laments that he can�t precisely explain without disclosing classified information. But one component of the Patriot Act in particular gives him immense pause: the so-called 'business-records provision,' which empowers the FBI to get businesses, medical offices, banks and other organizations to turn over any 'tangible things' it deems relevant to a security investigation."
Related: the reign of secrecy continues as the Patriot Act Extension is signed into law.
Google Wants Your Financial Info - (2011-05-28)
What's in your wallet?
Sophos Paper on Zeus Kit - (2011-05-22)
"We will explore the various components of the Zeus kit from the Builder through to the configuration file; examine in detail the functionality and behaviour of the Zbot binary; and assess emerging and future trends in the Zeus world."
The New Yorker on Manning and Wikileaks - (2011-05-22)
" 'Secrecy in government is fundamentally anti-democratic'�that quote isn�t from Assange; it�s from a concurring opinion that Justice William Douglas wrote in the Pentagon Papers case."
BIOS Protection Guidelines - (2011-05-19)
The NIST joins the race to the metal.
$3 Trillion to Get Bin Laden - (2011-05-19)
"What do we have to show for that tab? Two wars that continue to occupy 150,000 troops and tie up a quarter of our defense budget; a bloated homeland-security apparatus that has at times pushed the bounds of civil liberty; soaring oil prices partially attributable to the global war on bin Laden's terrorist network; and a chunk of our mounting national debt, which threatens to hobble the economy unless lawmakers compromise on an unprecedented deficit-reduction deal."
It sort of makes you wonder if his goal to bleed us dry is working...
Inside Area 51 - (2011-05-19)
"over lunch, she put a crouton on a plate and asked how the extent of her knowledge about the whole Area 51 story compared with the crouton-plate ratio. Great news for ufologists: the still-untold truth, this man finally admitted, is bigger than the crouton. Bigger than the plate. To the delight of conspiracy fans everywhere, it remains bigger than the whole table."
NSA Whistle-Blower Gets The Business - (2011-05-19)
"In recent years, several top officials accused of similar misdeeds have not faced such serious charges. John Deutch, the former C.I.A. director, and Alberto Gonzales, the former Attorney General, both faced much less stringent punishment after taking classified documents home without authorization. In 2003, Sandy Berger, Clinton�s national-security adviser, smuggled classified documents out of a federal building, reportedly by hiding them in his pants. It was treated as a misdemeanor."
The Return of Alureon - (2011-05-19)
"This time the malware was using Win32/Crypto-style decryption to elude anti-virus scanners."
Trust The Cloud (To Be An Attack Platform) - (2011-05-15)
"The hackers didn�t break into the Amazon servers, the person said. Rather, they signed up for the service just as a legitimate company would, using fake information. "
Invisible Things Lab vs. VT-d - (2011-05-14)
"We discuss three software attacks that might allow for escaping from a VT-d-protected driver domain in a virtualization system. We then focus on one of those attacks, and demonstrate practical and reliable code execution exploit against a Xen system."
Facebook's Smear Campaign - (2011-05-14)
This is what large corporations do when you're not looking. In this case Facebook went out and hired a PR firm (Burson-Marsteller) to do their dirty work for them and launch a campaign against Google. Reminds me of a Bruce Campbell line: "You know spies... bunch of bitchy little girls."
Related: The folks from Blackwater are back. This time they're dressed up as "a worldwide intelligence network of contacts, ready to collect data on global hot spots that Jellyfish can pitch to deep-pocketed clients."
Background on Anonymous - (2011-05-14)
"This identity originated on imageboard 4chan.org, as a byproduct of a user interface policy called forced anonymity, also known for short as 'forced anon'."
ZeuS Crimeware Toolkit Source Code - (2011-05-11)
The above link may be short-lived and of a dubious nature in general. Don't trust anything in this package that isn't a text file.
The archive password is "zeus"
Classified Report on Afghan Central Bank - (2011-05-11)
This report is the result of an article published by the Washington Post.
Pwning Chrome - (2011-05-11)
"We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox."
Related: Google engineers deny that this is based on a vulnerability in chrome.
New Efforts at Securing the Windows Kernel - (2011-05-11)
"We have developed a tool which statically rewrites the Microsoft Windows kernel as well as other kernel level modules. Such rewritten binary files allow us to monitor control flow transfers during operating system execution."
RadarScope: Seeing Through Walls - (2011-05-08)
"This system weighs less than 1.5 pounds and runs on AA batteries. It allows security forces to sense through nonmetallic walls, such as concrete, to determine if someone is hiding inside a building or behind a wall."
WSJ's SafeHouse Not So Safe - (2011-05-07)
"Jacob Appelbaum, a security researcher and senior developer on the Tor online anonymity network, was also critical of SafeHouse: 'They're negligent and this is the wrong project to beta-test on an open internet,' he said."
"SafeHouse is also facing criticism for its terms and conditions, which state the Journal 'reserve[s] the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process [...]'."
Rootkit Tactic: Memory MisInformation - (2011-05-06)
This isn't necessarily a new idea. Jamie Butler and Sherri Sparks developed a similar idea (which is even more devious, in my opinion) which they presented at Black Hat in 2005 as a proof-of-concept rootkit called "Shadow Walker."
Europol Organised Crime Report - (2011-05-06)
"Internet technology has now emerged as a key facilitator for the vast majority of offline organised crime activity."
SONY Breaks The Bad News - (2011-05-06)
"Personal information from approximately 24.6 million SOE accounts may have been stolen."
Always Use Protection - (2011-05-06)
A document on client-side security by the NSA. Preaching to the choir, I suspect.
April 2011_________________________________________
DoJ Audit of FBI's Cyber Division - (2011-04-29)
"Overall, we determined that in FY 2009 the FBI used 19 percent of its cyber agents on national security intrusion investigations, 31 percent to address criminal-based intrusions, and 41 percent to investigate online child pornography matters."
D.C. Has Been Rooted - (2011-04-28)
Concealment, misdirection, command & control, covert channels, ...these tools have all been utilized by the relatively small group of people who actually run this country. Here it is, the whole megillah, succinctly described by Noam Chomsky.
Pay no attention to the man behind the curtain.
Writing a File Infector - (2011-04-28)
"These next series of posts will focus on explaining a file infector/encrypter that I wrote a week ago or so. It works with any PE32 executable file, overcomes issues with randomized base addresses, and takes advantage of Visual Studio�s C++ compiler to generate the assembly code to inject into the target."
More on the TDL4 Bootkit - (2011-04-28)
"The fourth version of the TDL rootkit family (TDL4) is the first reliable and widely spread bootkit to target x64 operating systems (Windows Vista and Windows 7)."
The Telescreens are Here - (2011-04-23)
"To provide the high quality products and services that its customers demand, Apple must have access to the comprehensive location-based information."
You see, Apple doesn't have a choice but to track users. It's for their own good, says the corporate lawyer. I wonder how long it will take for government officials to find a pretext to request this data?
A Refined Decompiler - (2011-04-22)
"we present a practical decompiler called CDecompiler for Windows C programs that (1) uses a shadow stack to perform refined data flow analysis, and (2) adopts interbasic- block register propagation to reduce redundant variables."
Ivan Kaspersky Vanishes - (2011-04-22)
"Ivan's father, Eugene Kaspersky, takes the 125th place on the list of Russian millionaires. According to Forbes, his fortune is evaluated at $800 million. The young man's mother, Natalia Kaspersky, is the general director of Kaspersky Lab. Finance magazine included her on the list of Russia's 50 most successful women."
Update: Ivan has been freed.
Operation Byzantine Hades - (2011-04-18)
"A person named Chen Xingpeng set up the sites using the 'precise' postal code in Chengdu used by the People's Liberation Army Chengdu Province First Technical Reconnaissance Bureau (TRB), an electronic espionage unit of the Chinese military."
This is either a clever attempt at misdirection, or someone was being *incredibly* sloppy.
The Amnesic Incognito Live System - (2011-04-17)
An interesting LiveCD project based on TOR.
Iranian Military Official Blames US & Israel - (2011-04-17)
"A senior Iranian military official says experts have determined the United States and Israel were behind a mysterious computer worm known as Stuxnet that has harmed Iran's nuclear program."
Related: This general stated that "Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us."
AV-Comparatives Feb-2011 Report - (2011-04-15)
Seven products attained the ADVANCED+ rating: Avira, BitDefender, eScan, F-Secure, Kaspersky, McAfee, and TrustPort.
C2 Servers of 'Coreflood' botnet Seized - (2011-04-15)
"It is hard to estimate the actual loot, but the criminals likely made tens of millions of dollars, based on the estimates in the complaint filed by the Department of Justice," Marcus said. "It is not outside of the realm of possibility that they netted more than $100 million."
The official complaint can be found here.
Aslan Metamorphic Engine - (2011-04-12)
"A first gui oriented and the most advanced integrating-metamorphic engine so far. Integration engine allows user to integrate any code to any PE binary file (x86 processors), including device drivers etc. etc. 4514N engine can rebuild all the PE structure, internal offsets (jumps,refferences), any type of PE sections relocs, imports, exports, resources...), moreover it even can keep the align of variables."
Inside the ZeroAccess Rootkit - (2011-04-12)
"ZeroAccess was creating a new kernel device object called __max++> , this is the reason why the rootkit has quickly become known in the security field as the max++ rootkit, also known as ZeroAccess due to a string found in the kernel driver code, presumably pointing to the original project folder called ZeroAccess (f:\VC5\release\ZeroAccess.pdb)."
Harvard Seminar on Human Intelligence - (2011-04-12)
"People in my profession have a tendency to tell lots of war stories. I know that some of you here from the military have your own war stories. I thought I could get away with all kinds of fantasies, but unfortunately I find out that there is a guest here, Mr. Joseph Wippl, who is teaching at Boston University, who was one of my colleagues.1 We served together, so, Joe, please do me a favor: if I�m lying really badly please stop me."
Consumer Privacy Laws - (2011-04-12)
Internet privacy is going to be an uphill battle. As Moxie Marlinspike has shown people are already starting to "opt-in" to surveillance.
This may be something that the state comptroller's office in texas may be interested in.
France Demands Plaintext Passwords - (2011-04-10)
"The law obliges a range of e-commerce sites, video and music services and webmail providers to keep a host of data on customers. This includes users' full names, postal addresses, telephone numbers and passwords. The data must be handed over to the authorities if demanded."
Mapping IP to Physical Location - (2011-04-10)
"On average their method gets to within 690 metres of the target and can be as close as 100 metres � good enough to identify the target computer's location to within a few streets."
Windows 7 Kernel Architecture - (2011-04-02)
A summary of the changes that Microsoft has instituted, from Nir Sofer.
Russinovich Looks at Stuxnet - (2011-04-02)
"I therefore thought it would be interesting to show the insights the Sysinternals tools give when applied to the initial infection steps of the Stuxnet virus (note that no centrifuges were harmed in the writing of this blog post)."
March 2011_________________________________________
Challenging the Consolidation of Power - (2011-03-31)
"The exchange between a conspiracy and its outside is not reciprocal. The outside does not leak inside, because it was always present and visible to the conspiracy. In order to maintain its power, the conspiracy must maintain its asymmetrical existence. It must plug the leak and thus curtail the shift towards equilibrium."
NSA Investigates Nasdaq Attack - (2011-03-31)
"By bringing in the NSA, that means they think they�re either dealing with a state-sponsored attack or it�s an extraordinarily capable criminal organization."
Declassified CIA National Intel Estimates - (2011-03-31)
These are from the summer of 1993 and focus on the Former Yugoslavia.
Secrecy Resists Efforts to Stamp It Out - (2011-03-25)
"There is a disturbing pattern of evidence to show that the secrecy system resists external control, and that it will not reliably fulfill even the most explicit presidential commands or the clearest requirements of law."
SCADA Exploits Released - (2011-03-25)
"The 34 exploits were published by a researcher on a computer security mailing list on Monday and target seven vulnerabilities in SCADA systems made by Siemens, Iconics, 7-Technologies and DATAC."
Certs Gone Bad - (2011-03-25)
"Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows"
Related: Comodo states that "It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups. The attack comes at a time when many countries in North Africa and the Gulf region are facing popular protests and many commentators have identified the Internet and in particular social networking sites as a major organizing tool for the protests."
Related: More details have been provided by Comodo.
Senate Hearings on Economic Cost of Cybercrime - (2011-03-25)
"Chairman John D. (Jay) Rockefeller IV today announced the Committee will hold a hearing on the economic ramifications of cyber attacks on Tuesday, March 29th at 2:30 p.m. The hearing will explore how cyber attacks imperil America�s economy, as well as examine the private sector�s role in protecting networks from cyber exploitation and theft."
Confusing Threats with Vulnerabilities - (2011-03-25)
I agree with Bruce Schneier. This is worth reading, if merely for semantic reasons.
APTs Hit RSA - (2011-03-18)
"Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. "
Related: A blog entry on fact-vs-speculation.
Runtime Analysis of Windows Apps - (2011-03-18)
"Pin is a software system that performs run-time binary instrumentation of unmodified applications. Pin provides an API for writing custom instrumentation, enabling its use in a wide variety of performance analysis tasks such as workload characterization, program tracing, cache modeling, and simulation."
George Smith Points to von Hippel- (2011-03-16)
As one reader comments: "Thing is, commandos (aka terrorists) could never have done this, even if they drained a pool and shut off the power locally."
Leaked Cable on Japan's Nuclear Reactors - (2011-03-16)
"A US embassy cable obtained by the WikiLeaks website and seen by The Daily Telegraph quoted an unnamed expert who expressed concern that guidance on how to protect nuclear power stations from earthquakes had only been updated three times in the past 35 years... The cables also disclose how the Japanese government opposed a court order to shut down another nuclear power plant in western Japan because of concerns it could not withstand powerful earthquakes."
Harvard Law Professor on WikiLeaks - (2011-03-16)
"Among his key conclusions: The government overstated and overreacted to the WikiLeaks documents, and the mainstream news media followed suit by engaging in self-censorship. Benkler argues further that there is no sound Constitutional basis for a criminal prosecution of WikiLeaks or its leader, Julian Assange."
Report on "Backdoor.Prioxer!inf" File Infector - (2011-03-16)
"Prioxer does not use rootkit functionality, nor does it use any code in kernel mode. How is it possible to achieve such invisibility from a simple application?"
Anonymous to Release Bank Documents - (2011-03-14)
"As a 'teaser', the Anonymous member released a November 1, 2010 email between two Balboa Insurance (a BAC subsidiary) employees, which while not proving any fraud, indicates he/she does indeed have access."
Data Breach Report - (2011-03-08)
As one journalist characterized it: "trying to make a buck off nail-biting execs."
Intruders Target French Government - (2011-03-08)
"The latest incident, Baroin said, shows that companies are not the only targets of economic espionage: It can also happen to states."
South Korea Defense Ministry Hacked - (2011-03-08)
Intruders gained access to files related to a spy plane purchase from the U.S.
Biden Accuses Intel Community of Cover-Ups - (2011-03-08)
Granted, these accusations were made in 1978...
Robert Manne on Julian Assange - (2011-03-08)
"Assange had long grasped the political significance of his compatriot, Rupert Murdoch. In 'Conspiracy as Governance' he had called the disinformation the political and business elites fed the people to safeguard their power and their interests the 'Fox News Effect'."
February 2011_______________________________________
Just Where Do Dictators Bank? - (2011-02-24)
"In total, the Libyan regime is said to have around �20 billion in liquid assets, mostly in London. These are expected to be frozen as part of an international effort to force the dictator from power."
It's very interesting how banks suddenly acquire a moral compass. Why did they have to wait until now?
The Danger of Worst-Case Thinking - (2011-02-24)
"Security hawks�just like climate change warriors�maintain that no expenditure is too big to deter another attack. But that is utter foolishness. A country sacrifices lives when it ignores bigger threats to fight smaller ones. Over 5,000 American soldiers have died in Afghanistan and Iraq without on balance saving any civilian lives. It is time to call off the "war" on terrorism. Al Qaeda is not worth it."
Or, perhaps, Al Qeada was merely a convenient pretex for our incursions into the Middle East...
Cover-Up Via National Security - (2011-02-22)
�The Justice Department is trying to cover this up ...If this unravels, all of the evidence, all of the phony terror alerts and all the embarrassment comes up publicly, too. The government knew this technology was bogus, but these guys got paid millions for it.�
The OddJob Trojan - (2011-02-22)
"We have found a new type of financial malware with the ability to hijack customers� online banking sessions in real time using their session ID tokens. OddJob, which is the name we have given this Trojan, keeps sessions open after customers think they have 'logged off', enabling criminals to extract money and commit fraud unnoticed."
US Plan to Purchase Russian Missiles - (2011-02-19)
"The US Navy has for some time been planning an open commercial purchase of 23 KH-31 (or MA-31) Russian sea-skimming missiles from a Czech arms dealer. It has come to our attention that the missiles are coming from Belarus, via a series of complicated transactions. This arrangement is reportedly necessary because the Russians themselves refused to sell the missiles to the Czech arms dealer."
Pentagon Asks for $533 billion - (2011-02-19)
This is a healthy chunk of the proposed $3.7 trillion budget.
Cryptome != Wikileaks - (2011-02-19)
A synopsis of how Cryptome differs from Wikileaks.
Corporate Spooks - (2011-02-17)
"Companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals ...estimated that the 'competitive intelligence' industry had 9,700 companies offering these services, with an annual market of more than $2 billion."
Cyber crime costs UK $44 bln a year - (2011-02-17)
Yet private sector cheerleaders in the defense industry continue to paint cyberwar as the primary threat in a blatant effort to divert federal funding towards their already overflowing coffers.
Pentagon Looking Into 'Active Defenses' - (2011-02-16)
"The $500 million is part of the Pentagon�s 2012 budget request of $2.3 billion to improve the Defense Department�s cyber capabilities."
Hosni Mubarak's Billions - (2011-02-12)
""There was no accountability, no need for transparency ...He was able to reach into the economic sphere and benefit from monopolies, bribery fees, red-tape fees, and nepotism. It was guaranteed profit."
This, dear reader, is the power of secrecy.
Our Internet Double Standard - (2011-02-11)
"Just over a year ago, Secretary of State Hillary Clinton paved the way with her notable speech on 'Internet Freedom.' More recently, she explicitly condemned Egypt's Internet shutdown. Her message � that an open Internet is an issue of fundamental freedom in the 21st century � has been complicated by the actions of other branches of the U.S. federal government, especially the Justice Department's plans to prosecute WikiLeaks for its role in publishing leaked U.S. State Department diplomatic cables."
Unkown Senator Holds Whistle-Blower Protection - (2011-02-11)
"Both houses unanimously approved versions of whistle-blower protection in the lame-duck Congress in December. But just as the final compromise was about to pass, the 12-year campaign was snuffed out by a still unknown senator exercising an anonymous hold. The Senate could use its own whistle-blower right now to let the taxpayers and voters know who is to blame."
Our Intel on the Middle East - (2011-02-11)
All that funding ($80 billion/year), and they end up collecting data the same way as the rest of us: via open sources. According to Wired, the Pentagon's $38 million software didn't offer much warning either.
"Night Dragon" Attacks - (2011-02-09)
McAfee describes a campaign of industrial espionage against members of the Oil Industry.
"Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations."
Palantir's Strategy to Attack Wikileaks - (2011-02-09)
Divide and conquer, spread disinformation, launch a sustained media campaign to smear opponents, etc.
This is how the establishment deals with organizations that threaten them.
Hack-In-The-Box Magazine Issue 005 - (2011-02-09)
There's an interview with Rolf Rolles, Reddit's Reverse Engineering moderator.
The World's Largest Data Centers - (2011-02-08)
The largest data center is in... Chicago:
"The Lakeside Technology Center (350 East Cermak) is a 1.1 million square foot multi-tenant data center hub owned by Digital Realty Trust. Originally developed by the R.R. Donnelley Co. to house the printing presses for the Yellow Book and Sears Catalog."
The CIA and Egyptian Intelligence - (2011-02-07)
"The CIA already has a strong and growing relationship with the Egyptian Intelligence Service (EGIS). We would like the FBI to establish a similarly robust and productive partnership with the State Security Investigative Service."
HBGary vs. Anonymous - (2011-02-07)
�They broke into one of HBGary�s servers that was used for tech support, and they got emails through compromising an insecure Web server at HBGary Federal.�
The Media's Double Standard - (2011-02-05)
"U.S. journalists also know perfectly well that they too traffic in classified material continually -- and many of our most prominent reporters have built lucrative careers doing exactly what Assange is being charged with... For the assault on Assange to be credible, they would have to come arrest us all. Many of Bob Woodward's bestselling books, which have made him America's highest-paid reporter, are based on classified information -- that's why he gets the big bucks. Where are the calls for Woodward's arrest? Indeed Dick Cheney and other highest-level officials in the Bush administration committed the same act as Bradley Manning in this case, when they illegally revealed the classified identity of CIA operative Valerie Plame."
Wall Street Journal Report on Nasdaq Intrusion - (2011-02-05)
"So far, [the perpetrators] appear to have just been looking around..."
Other than that, details are pretty scarce. Though, as usual, speculation is rampant. According to Tom Kellerman of Core Security Technologies: "Many sophisticated hackers don't immediately try to monetize the situation; they oftentimes do what's called local information gathering, almost like collecting intelligence, to ascertain what would be the best way in the long term to monetize their presence.''
DOE IG Report on Grid Security - (2011-02-02)
Someone's not control compliant...
Firewalls and DDoS Attacks - (2011-02-02)
"Firewall and IPS devices are stateful in-line devices and, as such, are innately vulnerable to DDoS attacks. The highest performance firewall and IPS devices available on the market are vulnerable to even moderate size DDoS attacks that can overwhelm the state capacity of these systems."
An Operational Study of Assasins - (2011-02-02)
A 1999 article from the Journal of Forensic Sciences.
Society and Technology - (2011-02-02)
"The truth, as always, is somewhere in between, and philosophers of technology settled the dispute of whether technology shapes society (technological determinism) or society shapes technology (cultural materialism) a while ago: the fact is that technology and society mutually and continually determine each other."
Stuxnet Mixed Messages - (2011-02-01)
Dmitry Rogozin (Russia's envoy to NATO): "The virus ...could have led to a new Chernobyl."
Ralph Langner (German cybersecurity researcher): "Bottom line: A thermonuclear explosion cannot be triggered by something like Stuxnet."
Julian Assange, 60 Minutes Interview - (2011-02-01)
"We are free press activists. It's not about saving the whales. It's about giving people the information they need to support whaling or not support whaling. Why? That is the raw ingredients that is needed to make a just and civil society. And without that you're just sailing in the dark."
Plug and Prey - (2011-02-01)
"This paper is meant as an overview of malicious USB devices. The paper will first lay out a proposed set of categories for malicious USB devices, how these categories function, how they differ, and how they can be used by an attacker. Next the paper will offer information on how these threats can be technically detected and mitigated, as well as human practices that can help alleviate the threats posed by malicious USB devices."
January 2011________________________________________
Bill Keller On Wikileaks - (2011-01-27)
The executive editor of the New York Times shows his true colors. To see what I mean by this, read Cryptome's illuminating analysis:
"Keller says Assange is merely a source, not a partner. And nothing was paid for the highly valuable Wikileaks material. Then slurs Assange as an unshowered slacker with technical skills Keller admits lacking -- foolishly thinking online-spy-easy Skype is more secure than telephone -- as well-barbered, manicured and perfumed executives often do when cutting personnel to boost their salaries and investors' profits. Keller muses on imitating the Wikileaks model but says nothing about the money to be made by the rip-off, instead vaunts how the Times version will be more trustworthy and reliable. Even goes so far as to brag the Times publishes documents too, not just editorial gloss of them. Then carefully preens shamelessly about how the Times met repeatedly with US government representatives to vet Wikileaks documents before publication."
Taxing Software Bugs - (2011-01-24)
"Create a tax on software based on the number and severity of its security bugs. Even if that means passing those costs to consumers, Rice, an instructor at the SANS Institute and a former cryptographer for the NSA and the Navy, believes that a tax is the only way to push the software industry to mend its buggy ways."
Smart Grid, Not So Smart- (2011-01-13)
This is a report on the security issues of the emerging smart grid.
CIA Gradecard - (2011-01-18)
"Senator Feinstein does not believe intelligence oversight has been effective....The analysis from CIA has been bad."
Related: Senator Richard Durbin "is worried about the impact of huge Intelligence Community budget increases on civil liberties, as the Intelligence Community has no sensitivity to civil liberties issues. He is also highly doubtful about the ability of the CIA and FBI to reform, They are not anywhere close to where they need to be on reform; both have huge difficulties in terms of reforming their internal cultures, and he sees little progress."
Dancho Danchev MIA - (2011-01-16)
Bulgaria is not exactly known for sight-seeing and resorts...
NYTimes Hints at US-Isreali Joint Effort - (2011-01-16)
"Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program."
This is one reason why we'll never resolve the issue of attribution on the Internet: it would deprive nation-states of plausible deniability.
Subverting Kernel-Mode GS Cookies - (2011-01-13)
"This paper describes various techniques that can be used to reduce the effective entropy of GS cookies implemented in a certain group of Windows kernel-mode executable images by roughly 99%, or otherwise defeat it completely."
DOJ Subpoenas Twitter Records - (2011-01-07)
"The information demanded by the DOJ is sweeping in scope. It includes all mailing addresses and billing information known for the user, all connection records and session times, all IP addresses used to access Twitter, all known email accounts, as well as the 'means and source of payment,' including banking records and credit cards. It seeks all of that information for the period beginning November 1, 2009, through the present. A copy of the Order served on Twitter, obtained exclusively by Salon, is here."
PDF Malware - (2011-01-07)
A primer on PDF tactics from Symantec.
CIA Leaks to the NYTimes - (2011-01-07)
"The Justice Department on Thursday announced the indictment of a former Central Intelligence Agency officer who is accused of disclosing classified information to a reporter, in the latest example of a crackdown by the Obama administration on leaking to journalists."
RELATED: The Washington Post reports that Stephen Kim, former senior adviser to the State Department's arms control compliance bureau, has been charged with disclosing national defense information in June 2009."
Kissinger on China - (2011-01-06)
"China wants us as a counter weight to the Soviet Union. It is a pleasure to do business with them. They are tough, they're our best NATO ally! But if they think we are going through our cultural resolution, they won't even run the ideological risk of being tied up with us."
This is an interesting view into the minds of our policymakers during the 1970s. Is China still our best ally?
The Kidon Assasination in Dubai - (2011-01-06)
"The Israelis' problem has always been that they underestimate everyone�the Arabs, the Iranians, Hamas. They are always the smartest and think they can hoodwink everyone all the time."
Misconceptions About Wikileaks - (2011-01-05)
"Pentagon officials admitted there were no documented instances of people being killed because of information exposed by WikiLeaks' previous document releases (and unlike the diplomatic cables, the Afghanistan files were unredacted)."
Yet More Microsoft 0-Day Exploits - (2011-01-05)
"They already have an outstanding zero-day in [Internet Explorer] plus a WMI Active X bug that Secunia issued a warning about [on Dec. 22]. Combine those concerns with a much bigger side story regarding cross_fuzz and now [an] image handling bug all make it a happy new year for Microsoft."
December 2010______________________________________
Watch Lists: Becoming a 'Person of Interest' - (2010-12-31)
"Senior counterterrorism officials say they have altered their criteria so that a single-source tip, as long as it is deemed credible, can lead to a name being placed on the watch list."
Your Tax Money, Hard at Work - (2010-12-28)
"The Transportation Security Administration spent about $30 million on devices that puffed air on travelers to 'sniff' them out for explosives residue. Those machines ended up in warehouses, removed from airports, abandoned as impractical."
Managing Sources in Terrorist Groups - (2010-12-27)
"In this paper, we identify and describe several psychological considerations that may affect source development and management. While a host of factors will influence any operation, we focus here only on the psychological factors that we believe may be useful to Special Agents engaged in counterterrorism operations"
The Smart Card Detective - (2010-12-25)
"As proposed by Ross Anderson and Mike Bond in 2006, I decided to create a miniature man-in-the-middle device to defend smartcard users against relay attacks."
WSJ Article on Wikileaks Funding - (2010-12-25)
The Wall Street Journal has, for the most part, distanced itself from Cablegate. It's interesting to see what they investigate when they do broach the topic.
Open Letter to US Govt. From EFF - (2010-12-22)
"Internet users have a First Amendment right to receive information, as repeatedly endorsed by a series of Supreme Court cases, including Stanley v. Georgia."
Signatories include the ACLU and the American Library Association.
CIA Special Operations Training Manual - (2010-12-22)
Granted this is from 1942, but it's still an interesting read.
Theo de Raadt Smells Something Fishy - (2010-12-22)
"I believe that NETSEC was probably contracted to write backdoors as alleged... I don't believe they made it into our [source code] tree."
Watching the Watchers - (2010-12-22)
"Privacy has to be viewed in the context of relative power. For example, the government has a lot more power than the people. So privacy for the government increases their power and increases the power imbalance between government and the people; it decreases liberty. Forced openness in government -- open government laws, Freedom of Information Act filings, the recording of police officers and other government officials, WikiLeaks -- reduces the power imbalance between government and the people, and increases liberty."
Embedded Private Key Database Online - (2010-12-20)
"A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device."
Jaron Lanier On Wikileaks - (2010-12-20)
"The strategy of Wikileaks, as explained in an essay by Julian Assange, is to make the world transparent, so that closed organizations are disabled, and open ones aren't hurt. But he's wrong. Actually, a free flow of digital information enables two diametrically opposed patterns: low-commitment anarchy on the one hand and absolute secrecy married to total ambition on the other."
I don't necessarily agree with this. I don't think Wikileaks intends to make the entire world transparent and I doubt it will somehow facilitate absolute secrecy. -BB (2010-12-20)
The H-Bomb Secret - (2010-12-19)
A lengthy article published by The Progressive back in 1979.
"When the State imposes prior restraint [censorship], it places its own conduct beyond public scrutiny; it deprives the citizenry of its right to form an independent judgement as to the justice or injustice of its conduct. Censorship is an indispensable device to those who would wield power unchecked."
Malware Detection - (2010-12-19)
This is a primer from Kaspersky
Malware VM Detection - (2010-12-19)
It's often much easier than you think...
The NSA May Be Compromised (gasp) - (2010-12-17)
Someone's looking for more federal money (preferably for services rendered by Booz Allen Hamilton, chirps Mike McConnell). Can you think of a better excuse to spend a few hundred million?
Security in 2020 - (2010-12-16)
Schneier examines the recent increase in user connectivity and the gradual shift towards remote data storage. Then he predicts that any number of special purpose, cheap, devices will emerge that will sometimes do things that we can't necessarily control. In other words, as Moxie Marlinspike so aptly put it: "why mandate telescreens when you can get people to opt in?"
Columbia Journalism Faculty on Wikileaks - (2010-12-15)
"As a historical matter, government overreaction to publication of leaked material in the press has always been more damaging to American democracy than the leaks themselves."
Potential OpenBSD Backdoor - (2010-12-15)
Theo de Raadt: "I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. Around 2000-2001."
Changing the BSOD to the GSOD - (2010-12-15)
A fun tutorial from Mark Russinovich.
Cool Hand Luke - (2010-12-14)
Assange: "We now know that Visa, Mastercard, Paypal and others are instruments of U.S. foreign policy. It's not something we knew before."
Yet More Cybercrime - (2010-12-14)
"Romanian authorities said Tuesday they dismantled a cybercrime network blamed for causing more than 11 million euros (13.5 million dollars) in losses to firms in the United States, Britain, South Africa, Italy and Romania."
Cognitive Infiltration - (2010-12-13)
"Because those who hold conspiracy theories typically suffer from a crippled epistemology, in accordance with which it is rational to hold such theories, the best response consists in cognitive infiltration of extremist groups. Various policy dilemmas, such as the question whether it is better for government to rebut conspiracy theories or to ignore them, are explored in this light."
According to Salon, this sort of tactic has already been used.
Ad Networks Serve Up Malware - (2010-12-13)
Proof that simply sticking to "safe" websites isn't enough...
Julian Assange Bio Article - (2010-12-13)
More fluff from Reuters.
Anonymous Hacktivists May Not Be - (2010-12-12)
"The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker."
Who's At Fault for CableGate? - (2010-12-12)
Says Australian Foreign Minister Kevin Rudd: "The bad people in this little exercise are the people who gave the information to him [Bradley Manning], because they are the people who breached the trust. They deserve to be chased and prosecuted"
Wikileaks Cable: Brazil Blackout Not Result of Hacking - (2010-12-07)
"Despite widespread speculation at the time, a massive power outage that left 18 out of the 26 Brazilian states in the dark for up to six hours last year was not the result of a cyberattack, according to a classified diplomatic cable published by WikiLeaks last week."
First PayPal, Now MasterCard - (2010-12-07)
"MasterCard is pulling the plug on payments to WikiLeaks, a move that will dry up another source of funds for the embattled document-sharing Web site."
Assange Warrant Reaches UK, Assets Frozen - (2010-12-06)
"The Swiss post office's bank, PostFinance, has frozen the accounts of Wikileaks founder Julian Assange...Meanwhile, a warrant for Mr Assange's arrest has reached the UK authorities."
Critical Infrastructure Abroad - (2010-12-06)
"SUBJECT: REQUEST FOR INFORMATION:CRITICAL FOREIGN DEPENDENCIES (CRITICAL INFRASTRUCTURE AND KEY RESOURCES LOCATED ABROAD)"
The Black Hat Holy Grail - (2010-12-06)
Automated Exploit Generation (AEG): "In this paper we present AEG, the first end-to-end system for fully automatic exploit generation. We used AEG to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect-5.43 and htget-0.93) are zero-day exploits against unknown vulnerabilities."
PayPal Suspends WikiLeaks Account - (2010-12-04)
Pressure is being applied. The first public infowar is being played out and the power brokers are brandishing their artillery. If economic measures do not work as intended, we all know what comes next...
Microsoft Research Presents Zozzle - (2010-12-04)
"In this paper, we propose ZOZZLE, a low-overhead solution for detecting and preventing JavaScript malware that can be deployed in the browser"
Escaping IE Protected Mode - (2010-12-04)
This is a white paper from researchers at Verizon. Not a bad write up, as far as I can tell.
Commerce Department Mandate - (2010-12-04)
I'm not sure whether to laugh or cry about this e-mail send to allstaff@nist.gov:
"Please do not attempt to access any of the WikiLeaks documents via the WikiLeaks website or through other websites hosting those documents because these documents may contain classified information. Accessing the WikiLeaks documents will lead to sanitization of your PC to remove any potentially classified information from the system and result in possible data loss."
When Hackers Collide - (2010-12-02)
"Freelance computer hackers have helped the U.S. government chase WikiLeaks from an American commercial computer network. That stopped the leak of embarrassing diplomatic documents - at least for part of a day"
Related: Wikileaks is no longer hosted by Amazon's EC2 service.
Wikileaks Response: If Amazon are so uncomfortable with the first amendment, they should get out of the business of selling books.
Related: Ellsberg calls for a boycott of Amazon.com.
Related: The Guardian reports that the CIA compiled the Humint shopping lists that were sent to each US embassy.
November 2010______________________________________
Industrial Espionage at Ford - (2010-11-23)
"Under the plea agreement, YU faces a sentence of between 63-78 months� imprisonment based on an agreed loss amount of more than $50 million and less than $100 million and a fine of up to $150,000"
Cleveland Federal Reserve Hacked - (2010-11-22)
"How did a hacker in Malaysia manage to penetrate a computer network operated by the Federal Reserve Bank of Cleveland?"
Who's Using the Optional Practical Training Extension - (2010-11-22)
Norm Matloff: "The fact that these two tech CEOs [Fiorina and Whitman] did not win I think sends a message to both parties. There is some popular discontent that [they] don't understand."
Ron Hira: "Akin to indentured servitude"
Proposed Bill Gives DHS Authority over Corporate Networks - (2010-11-19)
"A new bill unveiled Wednesday by House Homeland Security chairman Bennie Thompson (D-Miss.) would give the Department of Homeland Security the authority to enforce federal cybersecurity standards on private sector companies deemed critical to national security."
One reader commented: "This bill was put together by the Telecom lobbyists in America. Now they can go to verizon and say 'You must buy from supplier Y, instead of supplier X, due to national security concerns.'"
The Man Goes After Moxie - (2010-11-19)
This is what happens when you demonstrate competence and the ability to think independently. Members of the establishment feel threatened. More TSA fun and games.
Schneier Follows the Fallout over TSA Body Scanners - (2010-11-19)
This is really something else. What I find interesting is Michael Chertoff's financial interest in the company that makes the body scanners.
Julian Assange Arrest Warrant - (2010-11-18)
"At the hearing on the detention issue, the District Court decided to detain Mr Assange in his absence, on probable cause suspected of rape, sexual molestation and unlawful coercion. To execute the court�s decision, the next step is to issue an international arrest warrant."
In the business, this is known as a honeypot sting. No doubt an effort to put the kibosh on Mr. Assange. As CIA officer Miles Copeland once observed, the intelligence agencies are by their nature counter-revolutionary. Be on your guard Julian, the game is afoot.
Subverting Driver Signing on Windows - (2010-11-16)
"The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load."
Related: More details here from Prevx.
DHS Monitoring Social Media Sites - (2010-11-15)
See page 12 of this DHS publication.
"This is a representative list of sites that the NOC will start to monitor in order to provide situational awareness and establish a common operating picture."
KoobFace Report - (2010-11-14)
"This investigation provides a glimpse of the inner workings of crimeware networks and contributes to the ongoing efforts to protect Internet users from malware attacks. It also demonstrates that it is possible to leverage the mistakes made by botnet operators in order to better understand the scope of their operations."
Reversing a User-Mode Agent Dropper - (2010-11-13)
This four part article series is a complete step-by-step tutorial on how to reverse engineer the ZeroAccess Rootkit.
NSA: Most Assurance Techniques are Publicly Known - (2010-11-11)
"'Most of what we do in terms of app development and assurance is in the open literature now. Those things are known publicly now,' Neil Ziring, technical director of the NSA's Information Assurance Directorate."
For starters, I'd read Gary McGraw's Software Security: Building Security In.
The Role of Secrecy - (2010-11-10)
"Internal C.I.A. e-mails, released earlier this year in response to a Freedom of Information Act lawsuit by the American Civil Liberties Union, showed that Mr. Rodriguez had argued that 'the heat' agency officials would take over destroying the tapes 'is nothing compared to what it would be if the tapes ever got into the public domain.'"
The DOJ Searches for Forensic Tools - (2010-11-08)
Mobile devices seem to be a common pain-in-the-***. I really don't know why the vendors don't take it upon themselves to provide us with these tools. Sigh.
Heavy Battle Armor - (2010-11-06)
"In this paper, we show how to amour code in such a way that reserse engineering techniques (static and dymanic) are absolutely impossible by combining malicious cryptography techniques developed in our laboratory and new types of programming (k-ary codes)"
Zeus File Patching Techniques - (2010-11-05)
Nice article from Trend Micro that wades into details. For an overview of the Zeus toolkit, check out this report
The Dark Side of Social Networks - (2010-11-05)
"One of the greatest challenges facing the United States is the opposition of a fully mobilized, traditionally networked, tribalized enemy. This opposition is reflected in an insurgency that possesses an unassailable base immune from direct attack. This unassailable base is itself the social network, merging and diverging as the situation dictates."
JaZeus: Zeus Meets Java - (2010-11-04)
"This is the first analysis as far as I know, of a Zeus malware that uses a Java engine to infect a victim system, by using a multi-stage approach."
Swiss Data Bunker - (2010-11-04)
"Today -- with terrorism, environmental disasters and financial meltdown on the global agenda -- some of the biggest players in technology and finance are buying into the facility�s promise. Oschwald can tick off blue-chip companies such as Cisco Systems, Novartis, UBS and Deutsche Bank among his clients."
More Proof that Cybercrime Pays - (2010-11-04)
"Dutch prosecutors believe that Avanesov made up to �100,000 (US$139,000) a month from renting and selling his botnet just for spam"
Cyber-Security: Between The Devil and The Deep Blue Sea - (2010-11-02)
"For me, I will take freedom over security and I will take security over convenience, and I will do so because I know that a world without failure is a world without freedom."
October 2010________________________________________
Packed EXEs: To Block or Not to Block - (2010-10-27)
When I saw Peter Ferrie's name on this paper, I knew it would be worth a look.
Wall Street Journal Article on Cryptome - (2010-10-26)
Was this piece merely bait for information fishing?
Botnet Herder Arrested - (2010-10-26)
"A 27-year-old Armenian citizen, suspected of masterminding a computer worm that infected at least 30m computers worldwide, stealing financial information and sending out billions of malicious emails, has been arrested."
Fabric: Baked In Security - (2010-10-26)
"Fabric is a new system and language for building secure distributed information systems... Its high-level programming language makes distribution and persistence largely transparent to programmers"
Seymour Hersh On Cyberwar - (2010-10-25)
"Blurring the distinction between cyber war and cyber espionage has been profitable for defense contractors�and dispiriting for privacy advocates."
When it Pays Not to Follow Orders - (2010-10-25)
Miles Copeland was a founding member of both the OSS and the CIA. He also worked for Booz Allen Hamilton, a well-known "strategic consulting" firm (why is it that retired spooks always seem to end up at Booz?). In a 1978 interview with Penthouse he mentioned that:
"Ordinarily, when you get an order from headquarters you never obey it the first time, because you're not sure they mean it. It might be some guy telling you to do something to get himself off the hook--being on records as having ordered it. So you always wait till the second time."
I've always found counter-intuitive bureaucratic environments like this fascinating. Especially in intelligence circles, I suppose it would be entirely plausible for a mid-level operator to firewall the boss well enough to take on peripheral projects that stay off the books, so to speak.
WikiLeaks to Release 400,000 More Documents - (2010-10-16)
"Coming as early as next week, WikiLeaks plans to disclose a new trove of military documents, this time covering some of the toughest years of the Iraq war. Up to 400,000 reports from 2004 to 2009 could be revealed this time � five times the size of the Afghan document dump."
Slides from HITB 2010 Conference - (2010-10-15)
For people who couldn't make it to Malaysia.
Return-oriented Programming without Returns - (2010-10-15)
"We show that on the x86 it is possible to mount a return-oriented programming attack without using any return instructions. Our new attack instead makes use of certain instruction sequences that behave like a return"
Jump-Oriented Programming - (2010-10-15)
A different slant on code-reuse attacks.
Microsoft's Latest Security Intel Report - (2010-10-15)
This time, it's all about botnets.
NSS Labs Starts An Exploit Market - (2010-10-15)
"ExploitHub is a community-driven marketplace for non-zero-day exploits."
Peter Ferrie on Windows LNks - (2010-10-11)
Microsoft's own malware Shifu provides a briefing on LNK Files.
Iran Blames the West - (2010-10-11)
"In recent weeks, Iran has announced the arrest of several nuclear spies and battled a computer worm that it says is part of a covert Western plot to derail its nuclear program."
Indicators of Espionage - (2010-10-05)
In the unclassified military intelligence report, see the tables on pages 9 and 10 for a quick summary.
September 2010_____________________________________
Proposed Wiretap Bill (The New Panopticon) - (2010-09-30)
"Officials want Congress to require all services that enable communications � including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype � to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages."
While other stories take center stage, there's something far more dangerous lurking in the background. Have these poeple learned nothing from the Athen's Affair? Lawful intercept will be abused and subverted. It's a matter of public record! As Bruce Schneier very aptly noted: "communications technologies are used by both the good guys and the bad guys. But the good guys far outnumber the bad guys, and it's far more valuable to make sure they're secure than it is to cripple them on the off chance it might help catch a bad guy."
Beware Financial "Gifts" - (2010-09-29)
"Keith said what would you do if someone sent Cryptome a million dollar donation, a check. We said we would publish the check as a sting operation."
GPU-Assisted Malware - (2010-09-27)
"Future GPGPU architectures could enable the implementation of GPU-hosted malware, i.e., malware that runs solely on the GPU, without any association with a process running on the CPU"
Unpatched 0-Day Exploits - (2010-09-23)
The people at eEye has taken it upon themselves to compile a list. Perhaps this will encourage vendors (I hope).
PG&E's Secret Map - (2010-09-23)
PG&E wouldn't even disclose this to the Fire Department. Somehow the SF Bay Guardian got a hold of a copy. Yikes.
Nuclear Weapons Info Leaked - (2010-09-19)
"The Justice Department today announced that a scientist and his wife, who both previously worked as contractors at the Los Alamos National Laboratory (LANL) in New Mexico, have been indicted on charges of communicating classified nuclear weapons data to a person they believed to be a Venezuelan government official"
2002 FDDC Memo On Leaks - (2010-09-17)
"Selective leaking has evolved to the point that it is a principal means of waging bureaucratic warefare and a primary tool in the process of policy formulation and development in Washington."
The Rise of PDF Malware - (2010-09-17)
A nice summary from Symantec... which is formatted as a PDF!
This just goes to show that something as simple as a static document reader can morph into a nasty attack vector. Vendors simply can't resist the urge to add new features and bloat.
More Details About Stuxnet - (2010-09-14)
"The fact that Stuxnet uses four previously unidentified vulnerabilities makes the worm a real standout among malware. ...Add to this the use of Realtek and JMicron certificates...Stuxnet was undoubtedly created by professionals who�ve got a thorough grasp of antivirus technologies and their weaknesses, as well as information about as yet unknown vulnerabilities and the architecture and hardware of WinCC and PSC7."
RELATED: According to Computerworld, "there are no known cases of plant operations actually being affected." Also, "Stuxnet has infected systems in the U.K., North America and Korea, however the largest number of infections, by far, have been in Iran."
According to a recent article in PC World, "When it was first discovered, 60 percent of the infected Stuxnet computers were located in Iran, according to Symantec."
Are We All Doomed? - (2010-09-13)
"If there was an observer on Mars, they would probably be amazed that we have survived this long. There are two problems for our species' survival - nuclear war and environmental catastrophe - and we're hurtling towards them. Knowingly. This hypothetical Martian would probably conclude that human beings were an evolutionary error."
People Behind the Scenes Keeping Us Safe: 'We Don't Exist'- (2010-09-11)
Many thanks to Bruce Schneier for pointing out this piece in The Onion.
"'Look, I understand your psychological need to invent someone like me so that you can stop worrying about imminent disasters and get some sleep at night,' said the hyper-articulate, Princeton-educated political-scientist jujitsu-master we're all imagining."
RELATED: Perhaps this is why DARPA wants to replace humans with robots. Why, that's just what we need: a bunch of robotic 3 year-olds making important decisions at CENTCOM. "Are you Sarah Connor?"
Why Standardize in IT? - (2010-09-07)
"They're giving you an allowance and allowing you to buy whatever laptop you want, and to connect into the corporate network with whatever device you choose. They're allowing you to use whatever cell phone you have, whatever portable e-mail device you have, whatever you personally need to get your job done. And the security office is freaking."
I can vouch for that last sentence...
KeUserModeCallback() Fun - (2010-09-06)
An interesting essay on invoking user-mode code from a KMD.
Informants & Home-Grown Terror - (2010-09-06)
"Played out on landscapes manufactured by federal imagineers, the climax of each drama was foreordained. The failure of the plots would then be touted as the success of the investigations and prosecutions."
The Size of the US Nuclear Stockpile - (2010-09-02)
As of September 30, 2009, the U.S. stockpile of nuclear weapons consisted of 5,113 warheads.
DoD Doesn't Need New Technology - (2010-09-02)
"There should have been no CD drives on top-secret terminals. It should not have been physically possible for anyone to download classified records onto transportable media."
August 2010_____________________________________
Taking Down Pushdo - (2010-08-29)
"We identified a total of 30 servers used as part of the Pushdo/Cutwail infrastructure, located at eight different hosting providers all over the world... We contacted all hosting providers and worked with them on taking down the machines, which lead to the take-down of almost 20 servers. Unfortunately, not all providers were responsive and thus several Command & Control servers are still online at this point"
Microsoft's Security Development Lifecycle (SDL) - (2010-08-29)
"I am happy to announce that from this point forward, Microsoft will be making our publicly available SDL documentation and other SDL process content available to the development community under a Creative Commons license."
Why now? Perhaps to establish a framework before another is imposed on them...?
Intel Agencies Frustrated by VOIP Tech - (2010-08-29)
An MI6 employee, recently discovered dead in his apartment, was investigating "how the security and intelligence agencies can monitor internet telephone calls � known as Voice Over Internet Protocol (VOIP) � such as Skype, which are being used by terrorists and foreign agents to try to circumvent routine eavesdropping on telephone and mobile networks."
Microsoft's Early Warning System - (2010-08-27)
"When the hacker's system crashes in Windows, as with all typical Windows crashes, Heckman said the user would be prompted to send the error details � including the malicious code � to Microsoft. The funny thing is that many say yes."
DLL Preloading Attacks - (2010-08-26)
"Essentially, if you open a file type associated with iTunes from a remote network share, iTunes will also try to load one more DLLs from the share. Even if the file that the user opened is completely safe, a malicious DLL can be supplied that will lead to code execution."
Voting Machine Researcher Arrested in India - (2010-08-23)
"A security researcher in India has been arrested after he refused to provide authorities with the name of a person who supplied him with an electronic voting machine that was used to discover vulnerabilities in the system. The researcher had used the machine to demonstrate how someone could hack voting systems to easily subvert an election."
Are Your Papers In Order? - (2010-08-22)
"The production of the RFID chips, an integral element of the new generation of German identity cards, has started after the government gave a 10 year contract to the chipmaker NXP in the Netherlands. Citizens will receive the mandatory new ID cards from the first of November."
"Illegal access to the stored data would be useful to create perfectly forged passports and for criminals to use hijacked identities for supposedly secure transactions online."
Pentagon Report on China - (2010-08-20)
"Numerous computer systems around the world, including those owned by the U.S. Government, continued to be the target of intrusions that appear to have originated within the PRC...It remains unclear if these intrusions were conducted by, or with the endorsement of the PLA or other elements of the PRC government. However, developing capabilities for cyberwarfare is consistent with authoritative PLA military writings."
So in other words, they don't really have any solid proof. But why let the truth get in the way of fund raising?
Airline Mainframe Infected - (2010-08-20)
"The newspaper El Pais reported on Friday that Spanair's mainframe was contaminated with Trojans at the time that Flight JK 5022 to Gran Canaria crashed just after take-off at Madrid's Barajas airport."
Reversing Malware C2 - (2010-08-18)
Mandiant's Nick Harbour offers an API-oriented synopsis of C2.
Reversing the Windows PE Format - (2010-08-18)
This is yet another solid article from CodeBreakers Magazine.
Wikileaks to Release Remaining War Log Records - (2010-08-14)
"WikiLeaks founder Julian Assange told a gathering in London that the secret-spilling website is moving ahead with plans to publish the remaining 15,000 records from the Afghan war logs."
"The Pentagon has hinted it actually has some recourse against the site. 'If doing the right thing isn�t good enough for them, we will figure out what alternatives we have to compel them to do the right thing,' Pentagon spokesman Geoff Morrell said last week."
As this article's author, Kevin Poulsen, commented: "Good luck with that!"
Recovering Windows Secrets and EFS Certificates Offline - (2010-08-11)
"In this paper we present the result of our reverse-engineering of DPAPI, the Windows API for safe data storage on disk."
Windows: Kernel Bugs Persist - (2010-08-09)
After all these years, holes continue to crop up. It makes me wonder how many unreported flaws remain. Have any of these flaws been introduced intentionally as subtle back doors?
An Analysis of the TDSS Rootkit - (2010-08-07)
"In essence, TDSS is a framework which is constantly being updated and added to."
2,100 ATMs, in 280 Cities, in 12 Hours - (2010-08-07)
"As people become more techically proficient and get access to the Internet, we see this crime showing up in more and more places"
More Cert Subversion By Malware - (2010-08-07)
"While checking the certificate, we noticed that the hash value applied to the suspect file was invalid. This is because hash values are specific to the original file to which they are applied whereas this particular signature has been stolen. Also, the signature had already expired. (The signature used in this case appears to be copied, ironically, from Kaspersky�s 'ZbotKiller' cleaning tool.)"
Related: Investigators commandeer a Zeus C2 server.
Stuxnet Update - (2010-08-07)
"Both Aurora and Stuxnet leverage unpatched 'zero-day' flaws in Microsoft products. But Stuxnet is more technically remarkable than the Google attack, Schouwenberg said. 'Aurora had a zero-day, but it was a zero-day against IE6,' he said. 'Here you have a vulnerability which is effective against every version of Windows since Windows 2000.'
"To date, Siemens says four of its customers have been infected with the worm. But all those attacks have affected engineering systems, rather than anything on the factory floor"
"Most infected systems are in Iran, he added, although India, Indonesia and Pakistan are also being hit."
July 2010________________________________________
Retired NSA Director Sidesteps Attribution - (2010-07-31)
"Retired General Michael Hayden, former director of the National Security Agency, said Thursday that one solution being discussed in government is to simply forget about trying to determine if the source of an attack is state-sponsored and hold nations responsible for malicious activity coming from their cyberspace."
I suppose that launching military campaigns just got a whole lot easier. Perhaps one nation could compromise machines in another and then attack itself, providing the necessary pretext for a "justified" retaliation.
Don't Be Evil - (2010-07-29)
Google and the CIA both fund a startup (under $10 million each) that "monitors the web in real time � and says it uses that information to predict the future."
The Snitch Rackets - (2010-07-23)
Secrets keep everyone in business...
C2 over Social Networks - (2010-07-21)
"In effect, any website that lets users upload virtually any type of content, and then publishes it in sequential form�without line breaks... can be exploited to store Trojans� encrypted configurations."
Malware Targets Siemens Simatic WinCC - (2010-07-18)
" 'This has all the hallmarks of weaponized software, probably for espionage'... The software does not exploit a bug in the Siemens system to get onto a PC, but instead uses a previously undisclosed Windows bug to break into the system."
"The virus uses a digital signature assigned to semiconductor maker Realtek."
Related: The official write-up by the researchers at VirusBlokAda.
Related: Verisign has revoked Realtek's software cert.
Mozilla Ups Bug Bounty to $3K - (2010-07-17)
I wonder how much commercial vendors pay their testers?
Gotham's Own Superheroes - (2010-07-17)
"Naw, fuhgetabout that. You�ll get shot. The guys in this neighborhood, they�ll shoot you and no one will tell us who did it. There�s a strong 'no snitching' rule out here."
Hacking the Electric Grid? You and What Army? - (2010-07-13)
"Let�s pretend for a moment that hackers were planning to attack the United States. What would they need to do to gather enough information necessary to take out the electrical power in key parts of the country?
For starters, they would need to know things like: Where are the power plants? What kind of plants are they? What sort of fuel do they use? Who built them and when? What sort of materials and technology were used when they were built? Who manufactured the generators, turbines and other key equipment? Whose SCADA software are they running? Who runs the plants? How does fuel, people, supplies get into or out of the plant? What sort of security do they have? And perhaps most importantly: Which plants supply power to which parts of the country?"
DARPA looks into Homomorphic Encryption - (2010-07-12)
A DARPA Broad Agency Announcement (BAA). The goal is to create practical implementations of an idea that only recently has been shown to be possible in theory. That a computation could be performed over data that remains in encrypted form throughout the entire computation. In effect, the computer would execute a program without ever being able to discern any of the computed values.
Conficker, Cyber Emergency, and the Internet Kill Switch - (2010-07-12)
"It's inevitable: Conficker (or something like it) will eventually stoke a cyber-war that can only be addressed by actions with serious side-effects for the Internet. Unapprehendable malfeasants will be blamed, perhaps painted as those bent on destroying our freedoms. But ultimately our own government authorities, raptured by Conficker's perfect storm, will be the ones to bury Internet liberty."
Internet Kill Switch: Flawed Assumptions - (2010-07-12)
"The first flawed assumption is that cyberspace has traditional borders, and we could somehow isolate ourselves from the rest of the world using an electronic Maginot Line. We can't."
"The second flawed assumption is that we can predict the effects of such a shutdown"
"The third flawed assumption is that we could build this capability securely. We can't. Once we engineered a selective shutdown switch into the Internet, and implemented a way to do what Internet engineers have spent decades making sure never happens, we would have created an enormous security vulnerability."
Microsoft Gives Russians Access to Windows Source - (2010-07-11)
"Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state."
The Collage Approach to Covert Channels - (2010-07-11)
"Rather than relying on a single system or set of proxies to circumvent censorship firewalls, we explore whether the vast deployment of sites that host user-generated content can breach these firewalls."
Assange Puts the Kibosh on Wikileaks - (2010-07-10)
"We have been told that WIKILEAKS will be launching a completely new site hosted in Iceland. However, Assange would not provide any time lines, or any indication of user options and facilities."
Our Race to the Bottom - (2010-07-08)
Forget cyberwar, in this Bloomberg article former Intel CEO Andy Grove spells out the true long-term strategic threat to the United States: offshore outsourcing. I'd recommend reading a book entitled The State of Working America once you're done with Grove's mea culpa. What you'll uncover may upset you. This gradual trend has done more to damage the United States than any botnet ever could.
Many thanks to Norm Matloff at UC Davis for sending me this link.
ID Tokens != Attribution - (2010-07-06)
A NYTimes article that describes proposed "solutions." Including Howard Schmidt's voluntary trusted identity system and Vinton Cerf's fingerprint-based internet driver's license.I think that, collectively, we need to accept the fact that we will never get attribution on the Internet. There are other paths that we can take towards better security, see my Lockdown 2010 white paper.
Attacking from within a VM - (2010-07-05)
"It might be possible to escape from a live guest OS right into the Host, under certain circumstances. WinDbg - the most commonly used debugger (working in both local and remote mode) developed by Microsoft, is confirmed to be vulnerable to multiple flaws"
DNSSEC Reality Check - (2010-07-04)
"Deployment of a security protocol in the real world is ultimately degraded by operational issues."
Ain't it the truth...
Studies in Intelligence - (2010-07-04)
This page offers a series of unclassified extracts from a CIA publication. There's enough interesting material here to keep you occupied for a while.
June 2010________________________________________
Analysis of Trojan Downloader TDL3 - (2010-06-29)
An in-depth analysis from F-Secure.
Data Breach at WellPoint - (2010-06-29)
"WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's records."
Google's INSTALL_ASSET Feature - (2010-06-26)
"The Android platform not only allows for the removal of applications remotely via the REMOVE_ASSET intent, but also allows for the installation of new applications via the INSTALL_ASSET intent."
I'm sure you can imagine what would happen if someone found a way to subvert this feature? The thought police are here...
Big Brother Opt-In - (2010-06-26)
As Moxie Marlinspike commented at SOURCE Boston 2010: why mandate surveillance when you can solicit people to submit to it voluntarily?
DRAFT: National Strategy for Trusted Identities in Cyberspace
The Special Arrangement - (2010-06-25)
"The files contain details of the recently avowed UKUSA Agreement - the top secret, post-war arrangement for sharing intelligence between the United States and the UK"
Preliminary Findings: Market Events of 5/6/2010 - (2010-06-24)
"We have found no evidence that these events were triggered by 'fat finger' errors, computer hacking, or terrorist activity, although we cannot completely rule out these possibilities."
Intel Lessons From the Korean War - (2010-06-23)
"The United States was caught by surprise because within political and military leadership circles in Washington the perception existed that only the Soviets could order an invasion by a 'client state' and that such an act would be a prelude to a world war."
The APT Kill Chain - (2010-06-23)
"A lack of key indicators results in an inability to define adversaries, and an inability to define adversaries leaves network defenders responding post-compromise to every intrusion."
Thanks to TaoSecurity for the 411 on this post. The phrase "Kill Chain" could probably be replaced with "Attack Cycle."
Australian Report on Cybercrime - (2010-06-23)
"The AIC estimate Australian businesses lost between $595 million and $649 million in the 2006-07 financial year."
JFK and Media Models - (2010-06-20)
The Jeffersonian Model vs. the Propaganda Model. Chomsky and Herman have demonstrated that our media tends towards the Propaganda Model.
More Secrets Unearthed - (2010-06-20)
"Small teams of non-communist Chinese exiles were airdropped into the Manchuria area of China to link up with disaffected communist generals.The goal was to destabilize Mao Zedong's new government and distract it from the Korean War, which Chinese forces had entered two years earlier."
"There were no dissident communist Chinese generals to be found, and the Chinese on Taiwan and Hong Kong who sold the idea turned out to be swindlers"
Does this sound familiar?
Can Iceland Protect Whistle-Blowers?- (2010-06-19)
"See, the problem is that whatever Iceland does, it can't change the 500-pound gorilla of international media law: the principle that publication happens at the point of download, not the point of upload."
Reality Mining - (2010-06-19)
It's all about "paying attention to patterns in life and using that information to help [with] things like setting privacy patterns, sharing things with people, notifying people�basically, to help you live your life."
Will we be coerced, or will they convince us to opt-in to telescreens?
Unpacking Via Hooks - (2010-06-15)
"Lets try dynamic unpacking without total unpacking control, without breakpoints, without any kind of debugging whatsoever"
Policies aren't Enough - (2010-06-15)
Situational awareness is key: knowing who's doing what and where.
RELATED: See Bejtlich's essay on Control-vs-Assessment based evaluation.
HoneyBots and Automated Social Engineering - (2010-06-15)
"A HoneyBot acts as a 'Man-in-the-middle' and relays messages between two unsuspecting users which seem to have perfectly normal conversation going on."
State Department Sweating It Out - (2010-06-09)
Officials in the State Dept. are worried that the public and other nations will finally discover how they *really* feel.
According to the Daily Beast, a 22-year-old Army Intel Analyst named Bradley Manning made the mistake of bragging about acquiring 260,000 diplomatic cables and the infamous video footage of the helicopter attack in Iraq. The person who Manning confided in, Adrian Lamo, turned him in.
Cryptome's John Young offers an op-ed of sorts:
Sounds like Manning was unwitting of aiding a honeytrap. A classic honeytrap is to use seemingly guileless babes, usually disaffected youngsters, who just happen to be allowed access to senstive information, some of it genuine to induce a target to believe the bait, then poison it with disinfo or, best, sink the hook deep into a hungry fish to bait bigger fish on up the chain.
Manning's loose-lipped bragging about his role to a jailhouse rat like Ramo follows the pattern. As an ex-con Ramo had to report the contact or be burned: lose his income and cred as a turncoat "security advisor" to benefactors and be hit hard for return to criminality -- that would fit the baiting and manipulation of Poulsen too. Ex-cons, always a con, like ex-spies, always a spy, do well fingering suckers like themselves.
If this is so, it is a perfect (storm, Manning says) example of officials using the Internet to entrap miscreants along the lines of the counter-child porn industry and counterspy operations. Expect more of the same. And if not an official operation, then it serves a swell chilling effect to spin the story that way, thanks to the cooperative outlets eager to protect their privileged sources by contexting the well-laid plan just so, buttressed with those authorized to speak out of the side of the mouth.
What trojans, bombs and biometrics Manning and company planted in the dirty stream will feed poisonous FUD among the FOI fishers and supporters. An ancient strategem. Happily, thousands will laugh at the huffy antics and keep on freeing secrets from authoritative channels. No, this does not exculpate WL of excessive braggardy which all too often indicates a honeypot, damn near obligatory of authoritatives to spout highest of motives and trustworthiness.
Assange is also an ex-con running spy-like operations with an international man of mystery life style. Heh, what else do hackers have a future in except lurid entertainment, yellow journalism, or best, the info packaging fountainhead, spying.
How to Spot Terrorists at Airports - (2010-06-08)
Pseudoscience finds its way into the TSA screening regime.
Strength In Numbers - (2010-06-08)
Sort of reminds me of Carl Stephenson's "Leiningen Versus the Ants."
Obama Picks New DNI Chief - (2010-06-05)
This guy's grim frown is priceless. Though I've noticed that Generals often cultivate this sort of expression intentionally.
Be Careful with RDP! - (2010-06-05)
As this post and reader's comment explain: don't ever, EVER, initiate an RDP session from a machine that's not trusted, and avoid using this protocol to communicate with a machine that you suspect is compromised. As Bejtlich reminds us: "Your best bet is to gather as much evidence as possible without ever touching the victim, if possible."
What this can mean is a healthy trek to the server room to see what's going on from the console. If you're often in other buildings like me there's a temptation to do otherwise. This is exactly what the enemy is banking on.
This blog entry also demonstrates why its a good idea to partition authority and avoid using a general domain admin account to access machines. This way, if one machine is lost to the opposition you don't give away the keys to the kingdom.
Google to Patent Monitoring Tech - (2010-06-05)
This reminds me of a question that Moxie Marlinspike posed to the audience at his SOURCE 2010 presentation. Who do you think has more information on the local population: Google or Kim Jong Il?
Lieberman Draft Legislation - (2010-06-04)
"Joe Lieberman wants to give the federal government the power to take over civilian networks� security, if there�s an 'imminent cyber threat.' It�s part of a draft bill, co-sponsored by Senators Lieberman and Susan Collins."
OSS Sabotage Manual - (2010-06-04)
"Do not be afraid to commit acts for which you might be blamed directly, so long as you do so rarely, and as long as you have a plausible excuse: you dropped your wrench across an electric circuit because an air raid had kept you up the night before and you were half-dozing at work."
This old WWII manual was posted by Bruce Schneier at his blog.
Wikileaks: The Mainstream Takes Note - (2010-06-01)
A New Yorker article on Assange and his crew. If the leaders of society weren't aware of Wikileaks, they are now.
Here's an interesting line: "a populist intelligence operation with virtually no resources, designed to publicize information that powerful institutions do not want public, will have serious adversaries."
Bejtlich On Our National Security "Strategy" - (2010-06-01)
"*Yawn*. What a disappointment. So, we're going to 'secure cyberspace' through 'investing in people and technology' and 'strengthening partnerships.' Lame. Weak. I'd go so far to say irresponsible."
Well put. The devil is in the details and there are very few proposed in this case...
May 2010________________________________________
Necessary Secrets Book Review - (2010-05-30)
Gabriel Schoenfeld argues that there are some things that should be kept secret. Opponents would argue that this is merely a pretext used by the privileged to control the flow of information in their best interest.
But isn't there information that would threaten public security if divulged? Or is this sort of question posed as bait, because the authorities will eventuall release it when it suits their purposes?
W32.Sality Adopts Rootkit Tech - (2010-05-29)
Proof that rootkit tactics are seen as a force multiplier of sorts.
Bilderberg 2010 - (2010-05-29)
This years event will be held at the Luxury Hotel Dolce Sitges, south of Barcelona.
What is CYBERCOM? Behind the Buzzword - (2010-05-28)
"Nothing new. Smaller military units within U.S. Strategic Command coordinated and set policies for the armed forces� far-flung teams of network operators and defenders. Those coordinators and policy-makers have now been subsumed into CYBERCOM. They�ll still do the same thing as before, only more efficiently."
Stealthy MBR Rootkits - (2010-05-28)
This is a blow-by-blow account of how modern bootkits operate. Not bad.
CERT BFF: Basic Fuzzing Framework - (2010-05-28)
The CERT from Carnegie Mellon University has released a tool for automated dumb fuzzing.
Bio On Wikileaks Figurehead - (2010-05-21)
"The fact that the website has no headquarters, also means the conventional retaliatory measures - phones tapped, a raid by the authorities - are impossible."
IBM Hands out Infected USB Drives - (2010-05-21)
"IBM is apologizing for handing out USB drives at a security conference in Australia this week that had malware on them"
Admiral Dennis Blair to Resign - (2010-05-21)
"After a discussion this afternoon between the president and Blair on a secure phone line about the best way forward, Blair offered to resign and the president said he would accept, sources told ABC News."
NATO's Operation Moshtarak - (2010-05-18)
"ICOS field research reveals that Operation Moshtarak has contributed to high levels of anger among local Afghan: 61% of those interviewed feel more negative about NATO forces than before the military offensive. In other words, the objective of winning 'hearts and minds' - one of the fundamental tenets of the new counter-insurgency strategy � was not met."
Tamper Evident CPUs - (2010-05-18)
"In this paper, we describe several methods to strengthen the fundamental assumption about trust in microprocessors. By employing practical, lightweight attack detectors within a microprocessor, we show that it is possible to protect against malicious logic embedded in microprocessor hardware."
Tracking Browsers Without Cookies - (2010-05-18)
"New research by the Electronic Frontier Foundation (EFF) has found that an overwhelming majority of web browsers have unique signatures -- creating identifiable "fingerprints" that could be used to track you as you surf the Internet."
Covert Channels in Finance - (2010-05-18)
"Long before there was MoneyGram and Western Union, people in South Asian countries often used an informal network of brokers, called an 'hawala,' to transfer money over long distances when it was too inconvenient or dangerous to send cash by courier."
Smartphone Remote Wiping - (2010-05-18)
"Accomplices can remotely wipe the phones if the agencies don't remember to remove the battery or turn off smartphones before sending them off to the forensics laboratory."
Holding Software Vendors Accountable - (2010-05-18)
"A software company's stipulation that customers could not take action against it for the poor performance of its software was unfair and could not be enforced, the High Court has said."
Operation Mincemeat - (2010-05-18)
"Angleton himself came under suspicion of being a Soviet mole, on the ground that the damage he inflicted on the C.I.A. in the pursuit of his imagined Soviet moles was the sort of damage that a real mole would have sought to inflict on the C.I.A. in the pursuit of Soviet interests."
Related: Sometimes it's more destructive to leave a poor leader in place than it is to assassinate a good leader.
Symantec Paper on Shellcode - (2010-05-15)
"Everything evolves. There are no exceptions, even for shell code.First the code was hidden using encryption. Now, it mimics the host data file. This paper discusses the evolution thus far, and though impossible to know for certain, the probable future."
Hacking Cars - (2010-05-15)
"We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems."
The Mark of The Beast (gasp!) - (2010-05-15)
"Radio frequency identification, RFID, could be used in the immediate aftermath of a major earthquake to save lives, according to new research published in the International Journal of Innovation and Sustainable Development"
Sick of Nightmare Scenarios- (2010-05-13)
"Worst-case thinking means generally bad decision making for several reasons. First, it's only half of the cost-benefit equation. Every decision has costs and benefits, risks and rewards. By speculating about what can possibly go wrong, and then acting as if that is likely to happen, worst-case thinking focuses only on the extreme but improbable risks and does a poor job at assessing outcomes."
Cyberwar Nightmare Scenarios - (2010-05-13)
"Miller took an example from the Cold War playbook to explain how the United States military would need to prepare for fallout from a cyber attack, which could leave cities in the dark or disrupt communications."
Calling for a Government Coding Office - (2010-05-12)
"our own software is probably a greater threat to us than anything other people can do to us."
The "Building Security In" Maturity Model - (2010-05-12)
More solid ideas from Gary McGraw. This study presents a bunch of ideas for organizations interested in starting a software security initiative.
Cell Phone Jamming - (2010-05-11)
This sort of technology could prove useful at movie theatres and restaurants.
Technique Bypasses 35 AV Products - (2010-05-10)
"The main goal of this paper is to present an attack technique, called the argument-switch attack or KHOBE attack, that allows malicious code to bypass protection mechanisms of security applications. The attack is effective against user mode and kernel mode hooks. Because user mode hooks can be bypassed by simpler techniques, we focus on kernel mode hooks bypassing only. In the further text we demonstrate the attack techniques on SSDT hooks, which are the most common kernel hooks in today's security software. However, the attack techniques need no change to succeed against the other kinds of vulnerable kernel or user mode hooks"
Q&A With Joe Weiss - (2010-05-10)
Weiss presents the argument for protecting our infrastructure.
Schneier Choke-Slams Richi Jennings - (2010-05-10)
This is what happens when you try to split hairs with someone who knows their field.
Supernotes - (2010-05-10)
An flyer from the DHS that describes high-quality funny money. To an extent, it makes sense: who better to forge the currency of another country than a state-sponsored operation with an intimate understanding of the steps needed to print currency?
HookSafe Creator Unveils HyperSafe - (2010-05-09)
Xuxian Jiang will present a paper on his new creation at the IEEE Symposium On Security And Privacy, which will take place in Oakland later on this month.
Internet Termites - (2010-05-07)
"Botnets are starting to target and infect routers and DSL modems. Scary, and a possible trend. Think about what this could mean. Should this become problem become pervasive, it won�t matter if PCs are disinfected, swapped out, or replaced with iPads, the bad guys are still control because they own the network below."
The New Economy - (2010-05-07)
"Nothing in the textbooks says that the supply and demand for workers will intersect at a wage that is socially acceptable."
Wi-Fi Cracking Kits for Sale - (2010-05-06)
"Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user."
He's Back: Barnaby Jack - (2010-05-06)
Barnaby's making another bid to demo his ATM jackpotting skills at Black Hat USA 2010.
The Rise of MBR Rootkits - (2010-05-04)
A solid article from the folks at F-Secure.
The Dangers of Secrecy - (2010-05-04)
"Rational inferences can be debated openly and widely. Secrets belong to a small assortment of individuals, and inevitably become hostage to private agendas."
Remember the imaginary WMDs in Iraq?
US Treasury Website Hacked - (2010-05-04)
Again, this proves that simply limiting yourself to supposedly "safe" web sites isn't good enough.
The Dangers of Private Sector Data Collection - (2010-05-03)
"on one hand, there is the detailed information held by companies like Amazon and Google, which have a strong business incentive to fight off the government. Yet even as they go to court to protect the information they have collected, that information still represents a 'honey pot for the government.'"
RELATED: Consumer groups warn of private industry tracking consumer data
April 2010_______________________________________
Author Receives Subpoena Over Book on C.I.A. - (2010-04-30)
"James Risen, who is a reporter for The New York Times, received a subpoena on Monday requiring him to provide documents and to testify... about his sources for a chapter of his book, 'State of War: The Secret History of the C.I.A. and the Bush Administration.' The chapter largely focuses on problems with a covert C.I.A. effort to disrupt alleged Iranian nuclear weapons research."
RELATED: Material from the book, on operation MERLIN, can be read here
Yet More PDF-Based Exploits - (2010-04-29)
"malicious PDFs were responsible for 49% of all Web-based attacks in all of 2009, compared to just 11% in 2008."
Crusie Missile In-a-Box - (2010-04-27)
No, I'm not talking about the SNL video with Justin Timberlake and Andy Samberg. A Russian company is marketing a "portable" cruise missile system. Hey, I want one!
AMI BIOS Reverse Engineering - (2010-04-27)
This, and several other informative guides to those who wish to go deep.
Facebook Accounts for Sale - (2010-04-25)
A Russian hacker who claims to be living in New Zealand is offering the user names and passwords of 1.5 million Facebook users for $35-$62.70 per 1000 accounts.
Mobile Phone Forensics - (2010-04-25)
"Retrieving SMS messages can depend on the model of phone, the carrier, the time of day, even the country in which the phone is used. SIM cards removed from phones carry potentially useful forensic information, but unless it is associated with a particular phone's PIN, it's inaccessible."
Legal Cellphone Surveillance - (2010-04-23)
"It's not illegal, nor is it a breach of terms of service," ...
When An Update Isn't An Update - (2010-04-23)
I wonder if anyone will try to hold McAfee liable for this? We have met the enemy and they are us. Forget attacks on the electrical grid.
Symantec's 2010 Threat Report - (2010-04-23)
There's also an executive summary version available with highlights.
Google's Password System Source Accessed - (2010-04-23)
According to "a person with direct knowledge of the investigation" the people who broke into Google were able to access the source code to the company's "Gaia" password system.
Pandora's Bochs - (2010-04-17)
An automated unpacker based on Bochs.
Breaking virtualization via Virtual 8086 mode - (2010-04-17)
"In a nutshell: The switch to Virtual mode is completely emulated by the kernel (this will work inside a VM) - We can still program using old school interruptions (easy !) - Those interruptions are delivered to the hardware => We just got a � bare metal (possibly virtualized) hardware interface �"
Counter Encryption Tactics - (2010-04-17)
This guide focuses on child exploitation cases, but the general strategies are still useful.
"Consider using a ruse to cause the offender to leave his house quickly, before reencrypting his disks. For example, obtaining a tow truck and pretending to repossess an offender�s car has successfully drawn an offender out of his house so that his computer could be accessed by law enforcement in an unencrypted state"
Kingdom of Fear - (2010-04-17)
"Hundreds of pages of declassified documents from the 1950s, obtained by The New York Times from the F.B.I. under the Freedom of Information Act, lay out a strikingly familiar story, in which Communist agents played the role of today�s Al Qaeda."
CNCERT 2008 Report - (2010-04-17)
"In 2008, CNCERT/CC discovered over 1,237,043 IP addresses of computers embedded with Botnet clients in Chinese mainland. Meanwhile, 5,210 Botnet servers outside of Chinese mainland were discovered controlling Botnet clients in Chinese mainland. Among these Botnet servers, about 31% were in the United States, 10% in Hungary and 5% in South Korea."
To Heck With Attribution: Fire Away! - (2010-04-14)
"The U.S. should counter computer-based attacks swiftly and strongly and act to thwart or disable a threat even when the attacker's identity is unknown, the director of the National Security Agency told Congress."
RELATED: According to a study from RSA, "domains individually representing 88 percent of the Fortune 500 were shown to have been accessed to some extent by computers infected by the Zeus Trojan." In light of the story above, perhaps this would lead us to shoot ourselves in the foot...
Changing Passwords Doesn't Help - (2010-04-13)
"Particularly dubious are the standard rules for creating and protecting website passwords, Herley found. For example, users are admonished to change passwords regularly, but redoing them is not an effective preventive step against online infiltration."
Here is the research that this article references.
B-of-A Employee Charged with Installing ATM Malware - (2010-04-08)
"Rodney Reed Caverly, 37, was a member of the bank�s IT staff when he installed the malware. The Charlotte, North Carolina, man made fraudulent withdrawals over a seven-month period ending in October 2009, according to prosecutors, who�ve charged him with one count of computer fraud."
Assange Comments on Iraq Video - (2010-04-07)
�That�s arguably what spy agencies do � high-tech investigative journalism," Julian Assange, one of the site�s founders, said in an interview on Tuesday. �It�s time that the media upgraded its capabilities along those lines.�
Subway Security In NYC - (2010-04-07)
"A far better strategy is to spend our limited counterterrorism resources on investigation and intelligence - and on emergency response. These measures don't hinge on any specific threat; they don't require us to guess the tactic or target correctly. They're effective in a variety of circumstances, even nonterrorist ones."
2009 "Targeting U.S. Technologies" Report - (2010-04-06)
This report is published by the Defense Security Service (DSS).
PDF Launch Hacks - (2010-04-06)
Once again, features trump security. Correct me if I'm wrong, but the original idea behind the Adobe Reader was that it was just a static viewer, a minimalistic instance of the Acrobat product. Yet Adobe couldn't help but pile on new features ... sigh.
President Ford OKed Warrantless Wiretaps - (2010-04-04)
Looks like the deployment of warrantless wiretaps is actually a time-honored tradition here in the US...
China's Warhead Storage and Handling System - (2010-04-03)
"Among the least understood elements of the world�s nuclear weapon arsenal is the People�s Republic of China�s (PRC) system for storing and maintaining its nuclear warhead stockpile. The dearth of information is in part purposeful � its nuclear warhead stockpile naturally is among China�s most closely guarded secrets."
This report was prepared by an "institute" located in Arlington, VA (Ahem).
Sorry Folks: No Aliens - (2010-04-03)
"In the 1960s, Area 51 was the test site for the A-12 and its successor, the SR-71 Blackbird, a secret spy plane that broke records at documented speeds that still have been unmatched. The CIA says it reached Mach 3.29 (about 2,200 mph) at 90,000 feet."
An Analysis of US Intel Reform - (2010-04-03)
"US intelligence is better than it was in 2001, but that improvement has been neither fundamental nor inexpensive. We are now at a critical point: without fresh commitment, the community will relapse into old habits. The eventual end of our operations in Iraq and Afghanistan, success in overseas contingency operations (nee the Global War on Terror), and inevitable budget cuts must sap the will to change; such fruits of an intelligence enterprise that have germinated since 2005 will wither. The American people should know that the quiet they sense is not the peace of security assured by the best intelligence, but the deadly silence of the graveyard we are collectively whistling by."
Sounds like someone may be asking for more money...
NYTimes Analysis of Israeli Strike - (2010-04-02)
It's interesting to contrast this synopsis against the FOI's. The observations made by the reporter are a result of a simulation performed by the Saban Center for Middle East Policy at the Brookings Institution.
Note the conclusion: "You can bomb facilities, but you can't bomb knowledge."
FOI Analysis of Israeli Strike - (2010-04-02)
The Swedish Defense Research Agency, FOI, examines what might happen if Israel struck Iranian nuclear facilities. This analysis frames the strike as inevitable and recommends that the US participate in a joint operation.
CENTCOM Attack: Truth or Fiction? - (2010-04-01)
The agent.btz worm found it's way onto CENTCOM's network, but because CENTCOM machines aren't on the internet, there's no way for them to exfiltrate data. This sort of puts a damper on claims made by CSIS� James Lewis back in a November 2009 episode of 60 Minutes.
March 2010______________________________________
The Jedi Packet Trick - (2010-03-30)
Last Friday Arrigo Triulzi demonstrated how to install a covert VPN by hacking the firmware of the victim's networking cards.
Party at Ring 0 - (2010-03-30)
A survey of kernel exploitation tactics on both Windows and Linux.
A Tale of Two Neworks - (2010-03-30)
Air-gap security in action ...
Ukranian Gets Inside Track Via Hacking - (2010-03-30)
"The U.S. Securities and Exchange Commission had accused Oleksandr Dorozhko of gaining access to material nonpublic information about IMS Health Inc's third-quarter 2007 earnings by infiltrating the computer network of Thomson Financial. IMS had planned to announce negative earnings after the market closed that day."
The BBC Visits GCHQ - (2010-03-29)
"Negotiations for access to this highly secretive operation lasted several weeks. Could we, they enquired, assure them that the microphones we were going to use were as "low sensitivity as possible"? And would we, they asked, allow their sound engineers to listen back to the recordings we made in open areas to check that we hadn't picked up any conversations that we shouldn't have?"
Room 6527 - (2010-03-29)
Inside the FBI's inner sanctum. Perhaps Bill Sullivan didn't really die in a "hunting accident"...
Appliance to Subvert SSL Being Sold - (2010-03-27)
"At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications � without breaking the encryption � by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities."
Symantec Fingers China in Report - (2010-03-26)
According to Symantec, roughly 28% of targeted e-mail attacks are from China.
Malware Subverting App Updaters - (2010-03-26)
"Once having infected victims� computers, malware will overwrite such update programs. Because the information about software�s icon or version is faked, ordinary users, sometimes even virus researchers themselves, are easily 'fooled' and skip such malware without raising an eyebrow."
NIC-Based Rootkits - (2010-03-25)
...Still think you can trust your network card? Duflot and Perez strike again!
SIGINT versus Info Assurance - (2010-03-24)
The NSA has a split personality. As this article from Wired states: "One team wants to exploit software holes; the other wants to repair them. This has created a conflict � especially when it comes to working with outsiders in need of the NSA�s assistance."
Inside a Scareware Factory - (2010-03-24)
Critics say cybercrime doesn't pay. This article from Reuters provides a graphic illustration to the contrary. McAfee estimates this company made $180 million in 2008. Step into the arena and meet the enemy, here they are in all their glory.
Criminals Have the Biggest Clouds - (2010-03-23)
The largest White Hat cloud is Google (500,000 systems with ~1,500 Gbps bandwidth). The largest Black Hat cloud is Conficker (6.4 million systems with ~28 terabits per second).
The WRK - (2010-03-22)
"The Windows Research Kernel (WRK) is available via MSDNAA Subscriber Downloads (accessible to administrators of participating departments) or via the Faculty Connection portal (sign-in required) to eligible academic faculty or staff. The WRK may be redistributed to eligible users subject to the terms and conditions of the Microsoft Windows Research Kernel Source Code License"
US Miliatry Dismantles Forum Used by CIA - (2010-03-19)
Recently the US Military mounted an attack to shut down a web site that was used by the CIA to monitor extremist activities. The military decided to disable the site after it was determined that it "was being used to pass operational information." The CIA doesn't seem very happy about this.
Vodafone Strikes Again - (2010-03-19)
A researcher at Panda Labs has announced that someone at a company named S21Sec has also found malware on their HTC Magic Android device, demonstrating that (despite Vodafone's claims) this was not an "isolated incident." In fact, according to recent reports, as many as 3,000 phones may have been compromised.
Ron Paul on the US Census - (2010-03-18)
"The Census Bureau claims that collected information is not shared with any federal agency; but rather is kept under lock and key for 72 years. It also claims that no information provided to census takers can be used against you by the government."
"However, these promises can and have been abused in the past. Census data has been used to locate men who had not registered for the draft. Census data also was used to find Japanese-Americans for internment camps during World War II. Furthermore, the IRS has applied census information to detect alleged tax evaders. Some local governments even have used census data to check for compliance with zoning regulations"
Rogue ISP Taken Out - (2010-03-18)
Troyka, which hosted 90 of the 249 command & control servers for Zeus, has been shoved offline. Authorities suspect that it may have re-emerged under a new name.
Intel via Facebook - (2010-03-17)
"The US Department of Justice this week released slides from a presentation deck titled Obtaining and Using Evidence from Social Networking Sites."
Stock Price Manipulation - (2010-03-17)
"U.S. regulators are moving to freeze the assets and trading accounts of a Russian accused of hacking into personal online portfolios and manipulating the price of dozens of stocks listed on the Nasdaq Stock Market and New York Stock Exchange"
Taking Down Mariposa - (2010-03-16)
"Luis Corrons, technical director for PandaLabs, tells ZDNet UK how the Mariposa botnet was taken down."
An Analysis of the Skype IMBot- (2010-03-16)
"The following report analyzes the Skype Instant Messenger Bot ('Skype IMBot', a variation of the W32.Nytemare trojan) and reports our reverse engineering efforts."
Army Counterintelligence Analysis of Wikileaks.org - (2010-03-15)
"This special report assesses the counterintelligence threat posed to the US Army by the Wikileaks.org Web site..."
"Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the Web site that they will remain anonymous. The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public."
UK SIGINT Loses 35 Laptops - (2010-03-14)
"The UK�s electronic spy centre (GCHQ) was today lambasted by MPs for having a 'cavalier' attitude to data security. The centre is responsible for tracking the electronic communications of terrorists."
Losses from Cybercrime Top $559 Million - (2010-03-12)
This report was recently published by the Internet Crime Complaint Center (a partnership between the FBI, National White Collar Crime Center, and the Bureau of Justice Assistance).
Extracting "Gadgets" from Malware - (2010-03-12)
"In this paper, we present a novel approach to automatically extract, from a given binary executable, the algorithm related to a certain activity of the sample. We isolate and extract these instructions and generate a so-called gadget, i.e., a stand-alone component that encapsulates a specific behavior."
Good Sites Hosting Malware - (2010-03-12)
This article demonstrates why sticking to so-called "safe" web sites isn't always enough to avoid being compromised.
Internal Data Theft at HSBC - (2010-03-11)
"HSBC said Thursday about 15,000 accounts of its Swiss private banking unit were compromised after an employee allegedly stole data, some of which ended up in the hands of French tax authorities."
Vodafone HTC Ships with Malware - (2010-03-09)
It's not a bug, it's a feature.
Cybercrime Pays - (2010-03-08)
According to the FDIC, online bank fraud netted over $120 million in the third quarter of 2009. Perhaps this is why Howard Schmidt claims cyberwar is "a terrible concept." The real threat in this day and age is cybercrime.
The Rise of Corporate Espionage - (2010-03-08)
The title of this book is no doubt inspired by John le Carr�'s "Tinker, Tailor, Soldier, Spy." The author of this review observes that: "spies and journalists have often had a symbiotic relationship. Generally, it involves the former using the latter to advance their interests."
Telescreens Everywhere - (2010-03-08)
"Sensor-Driven business models" as seen by the consultants at McKinsey.
Building a 97-Byte Executable - (2010-03-08)
Just how small can you make a legitimate Windows PE file?
At Ringside: DHS vs. NSA - (2010-03-05)
There's a Carlyle puppet running around yelling about "Cyber-War" on one side, and the new cybersecurity czar stating just the opposite on the other.
Why Intelligence Fails - (2010-03-05)
"The U.S. government spends enormous resources each year on the gathering and analysis of intelligence, yet the history of American foreign policy is littered with missteps and misunderstandings that have resulted from intelligence failures. In Why Intelligence Fails, Robert Jervis examines the politics and psychology of two of the more spectacular intelligence failures in recent memory: the mistaken belief that the regime of the Shah in Iran was secure and stable in 1978, and the claim that Iraq had active WMD programs in 2002."
Google's SCM "Wide Open" - (2010-03-04)
According to McAfee, no one at Google thought to secure the SCM that housed the company's source code. I guess they were too busy being brilliant. It also would have helped if the SCM's vendor (Perforce) used a secure-by-default installer.
Mariposa Herders Nabbed - (2010-03-02)
"Spain's Civil Guard said on Tuesday that it arrested three men suspected of running the so-called Mariposa botnet, named after the Spanish word for butterfly."
Damballa Contradicts McAfee - (2010-03-02)
Contrary to McAfee, which claimed the attacks were highly sophisticated, Damballah reports that: "While 'Aurora' was a very damaging attack that breached some of the most sophisticated networks in the world, it is a 'garden variety' botnet and can be traced back to July 2009, when the criminal operators first began testing."
RELATED: iSec has released a report on Operation Aurora.
RELATED: McAfee fires back at Damballah, claiming they had bad information.
Memory Models Used by Packers - (2010-03-02)
This article answers the question: "Why is the entry point section after unpacking in the section named UPX0?"
February 2010________________________________
Forensic Guides for Windows - (2010-02-28)
Presentation slides from Microsoft, marked "LAW ENFORCEMENT SENSITIVE INFORMATION �DO NOT SHARE THESE MATERIALS." These guides are actually a mixture of marketing, product documentation, and forensics.
UK Bill to Outlaw Open Wi-Fi - (2010-02-28)
Ahem. Good luck with that...
The Empire Strikes Back (At Cryptome)- (2010-02-25)
Microsoft submits (and then withdraws) a DMCA complaint against Cryptome, causing the site to go offline for a brief spell yesterday.
The Empire Strikes Back (At Waledac) - (2010-02-25)
"On February 22, in response to a complaint filed by Microsoft (�Microsoft Corporation v. John Does 1-27, et. al.�, Civil action number 1:10CV156) in the U.S. District Court of Eastern Virginia, a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot."
IBM Releases Threat Report - (2010-02-25)
If you've been following the news, there's nothing really that earth-shaking in this report: rogue PDFs, malicious links, and phishing are recurring attack vectors. The executive summary on this page is probably enough, don't bother jumping through all of the hoops needed to access the actual report.
Cyber Hackivists In Latvia - (2010-02-24)
"Latvian officials struggled Wednesday to come to grips with an enigmatic group that stole millions of classified tax documents from government computers in a purported effort to expose waste and graft in Europe's weakest economy."
Michael McConnell Does a Rain Dance - (2010-02-24)
It goes without saying that protecting our networks will require a large payment for services rendered by Booz Allen Hamilton...
Too Much Data (Even for Big Brother) - (2010-02-23)
�The T.I.A. tools crashed. They were simply incapable of processing so much information in real time. Like balloons affixed to a fire hydrant, they burst.�
FTC Reports Widespread Data Breaches - (2010-02-23)
"The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations� computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud"
Detection of Metamorphic Malware - (2010-02-19)
Another academic paper on an emerging malware tactic. This piece has good introductory material for people unfamiliar with this practice.
Malware Checks for VMs - (2010-02-18)
"In this paper, we present a technique that efficiently detects when a malware program behaves differently in an emulated analysis environment and on an uninstrumented reference host."
Details on the "Kneber" ZeuS Botnet - (2010-02-18)
"On Tuesday, January 26th, 2010 as part of routine analytic tasks related to an evaluation of an enterprise network, NetWitness discovered 75+ gigabyte [sp?] of stolen data the result of the activities of an unknown miscreant using a large botnet to control and monitor more than 74,000 compromised PCs."
"Miscreant?" Oh, that's rich. As you might expect, attribution details are sketchy at best. The Wall Street Journal has blamed the attack on "hackers in Europe and China."
Dick Destiny (aka George Smith) offers a succinct reality check:
"Typically, though, big or splashy news of government intrusions � the best scare stories � are now furnished almost entirely by vendors because vendors control the business of computer security in the US government."
USSS NITRO course - (2010-02-16)
The entire U.S. Secret Service Network Intrusion Responder Program (NITRO) Course. Nothing really that earth-shaking. In fact, you'd probably get a more in-depth foundation from publicly available info that you can order from amazon (e.g. Carvey, Carrier, Bejtlich, etc.).
Hardware Anti-Virus From Kaspersky - (2010-02-15)
"The patented device is installed between a drive (hard drive or SSD) and the computing unit (CPU and RAM) and is connected to the system bus or integrated into the disk controller. The hardware antivirus solution allows or blocks writing data to disk, providing threat alerts and information about its operation to the user (user dialog is possible if the hardware antivirus control utility is installed on the PC). The device can work on a standalone basis or in conjunction with a software antivirus application."
This solution is part of a trend that's emerged over the past couple of years. Software vendors attempt to defend sensitive code by placing it in a fortified execution environment that's hardware-based (e.g. the Root operating mode used by Intel's VT stack, Intel's Active Management Technology, etc.). This is all nice and well...until malware somehow gains entrance into these restricted areas.
Despite the inferences to being rootkit-proof, if this device interacts in any way with the host system, then it's vulnerable to subversion. We saw a graphic illustration of this years ago when Joanna Rutkowska demonstrated how to undermine hardware-based memory acquisition on the AMD platform. The notion that retreating to hardware offers bullet-proof security is flawed because hardware doesn't exist in isolation.
The company's press release further asserts that:
"Since it is implemented on the hardware rather than software level, the technology is not dependent on the operating system's configuration and can effectively combat malicious programs that elevate their privileges in the system, e.g., dangerous malware such as rootkits."
Does a rootkit really need to touch disk storage in order to elevate it's privileges? What about memory-resident rootkits?
PhD Thesis on Obfuscation - (2010-02-15)
A draft of Gregory Wroblewski's dissertation. It's a bit on the analytic side, which is to be expected with this sort of publication.
Rootkit Suspected in Recent BSoD Issues - (2010-02-12)
Microsoft has confirmed that XP users who installed the KB977165 patch, which was intended to address a flaw in the kernel that allowed escalation of privilege, may experience STOP errors during startup if their machines have been compromised by malware. For the time being, the official company line is: "malware on the system can cause the behavior." Microsoft has failed to offer further details as to the exact nature of this malware.
A system administrator by the name of Patrick Barnes believes that the TDSS rootkit is to blame. If you have been rooted, Kasperky offers a tool that can remove TDSS.
UPDATE: Microsoft has officially identified the Alureon rootkit as the culprit.
Eurocard Mastercard Visa Cracked - (2010-02-11)
Cambridge University researchers use a man-in-the-middle attack to subvert the two factor authentication mechanism, known as "Chip and PIN."
US Leads In Hacked Web Pages - (2010-02-11)
According to its 2010 Threat Report, Sophos claims that "the USA is still the dirty man of the web world - hosting more dangerous infected websites that any other country." According to the company's findings, roughly 37% of all compromised web sites are hosted here in the states.
Though, I would add that hosting a site that's had its content compromised and hosting a bullet-proof ISP are two different things. In the latter case, there's no doubt that China and Russia lead the pack.
L0pht Member Hired By DARPA - (2010-02-10)
"Peiter Zatko--a respected hacker known as 'Mudge'--has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks."
Cyrus: Can you dig it?
When Botnets Collide - (2010-02-10)
The Spy Eye botnet toolkit includes a "Kill Zeus" feature that users can enable. According to this article, the toolkit sells for $500 on the black market. I suppose you could find a bug in Google's Chrome browser and use the proceeds to buy Spy Eye.
Former Boeing Engineer Guilty of Spying - (2010-02-09)
Dongfan "Greg" Chung, a Chinese-born engineer gets 15 years on six counts of economic espionage that span a 30 year period.
Google's Bug Bounty Too Low - (2010-02-09)
"I think it's ridiculous," says Charlie Miller, "It's insulting. It's so low."
"If I did find a bug in Chrome, I could sell it to the Zero Day Initiative and make $2,000 and it still gets reported to Google eventually, so why would I give it to Google for $500? It doesn't make sense,"
TPM Chip Compromised - (2010-02-09)
Christopher Tarnovsky demonstrates how to crack TPM chips via physical access at Black Hat DC 2010.
Using Static Analysis to Find Bugs - (2010-02-07)
If attribution is a lost cause, maybe this is one avenue towards better software. This is a particularly readable article on a subject which can be rather dry if you stick to just the journal articles.
More Accusations Against China - (2010-02-05)
A leaked MI5 document accuses intelligence officers from China of giving rigged electronic devices to UK businessmen.
Cybersecurity Bill Passes - (2010-02-05)
Congress passes The Cybersecurity Enhancement Act, H.R. 4061.
Annual Threat Assessment from the DNI - (2010-02-05)
Bruce Schneier's Response.
Richard Bejtlich's Response.
Schneier on Attribution - (2010-02-05)
"Mandating universal identity and attribution is the wrong goal. Accept that there will always be anonymous speech on the Internet. Accept that you'll never truly know where a packet came from. Work on the problems you can solve: software that's secure in the face of whatever packet it receives, identification systems that are secure enough in the face of the risks. We can do far better at these things than we're doing, and they'll do more to improve security than trying to fix insoluble problems."
January 2010_________________________________
CSIS Study Funded By McAfee - (2010-01-29)
This survey queried 600 IT executives from 14 countries and focuses on threats to infrastructure targets. Keep in mind that this report is just that: a survey. It's interesting to note that respondents believed that the United States and China were the most likely countries to perform infrastructure attacks.
The timing of this report is also remarkable as is the alarmist tone that it adopts (as if to gauge public susceptibility to cyber-hysteria).
Studies in Intelligence - (2010-01-27)
Unclassified extracts from Studies in Intelligence Volume 53, Number 4 (December 2009)
Digital DNA - (2010-01-27)
DARPA searches for a way to identify hackers by their trail of bits. Cutting-edge anti-forensics will no doubt render this pointless. As one reader commented: "a very sophisticated hacker (or gov agency) could fake a lot of this stuff and frame someone else." This one reason why attribution is such a big deal when it comes to cyber attacks.
Having said that, read the following article about the office of strategic deception that the DoD wants to create.
The Pentagon Wants Better Strategic Deception - (2010-01-27)
"To be effective, a permanent standing office with strong professional intelligence and operational expertise needs to be established."
The Cult of Cyberwar - (2010-01-22)
"Is there really one person who knows exactly what the Chinese are doing to attack America in cyberspace all the time? If you read the US newsmedia and take it very seriously, you'd think so."
Aurora Forensics - (2010-01-21)
It looks like whoever implemented the Google hack was comfortable reading simplified Chinese (though this could very well be an anti-forensic measure). As Richard Bejtlich has observed. and rightly so, malware analysis is NOT attribution.
Aurora's (Not-So) Covert Channel - (2010-01-21)
Some analysis done by McAfee on the communication channel used by the code that recently found its way on to Google's servers.
Rootkits Hit The Mainstream - (2010-01-21)
A NYTimes article that touches in rootkit-related topics (e.g. concealment, command & control, and covert channels)
Congress Does It Again - (2010-01-19)
Legislators propose a bill that would block US companies from working with the US government. Hypocrisy in action.
Articles on BIOS Reversing - (2010-01-19)
Run silent, run deep.
The Geek Shortage Myth - (2010-01-18)
This article from Wired talks about DARPA's effort to bolster national security by encouraging students to choose technical majors. This implies that the existing "shortage" is due to a general lack of interest.
The reality is that nothing could be further from the truth. There's no shortage of technical talent in the United States. In fact, if you follow the research done by Computer Science Professor Norman Matloff, you'd see that there's more likely a glut of computer science PhDs. Couple this with the emergence of offshore outsourcing and the H1-B program, which push demand and wages down. It should come as no surprise that fewer students are choosing to study computer science.
The Utility of Security Databases - (2010-01-15)
According to former CIA analyst Ray McGovern:
"Cui bono? Think the contractors who create marvelous databases � and the mindset of: the-more-contractors-and-databases-the-merrier...Think also of snake-oil salesmen like former Justice Department and Homeland Security guru Michael Chertoff, who could not resist the temptation over the past several days to keep hawking on TV the full-body scanners marketed by one of the Chertoff Group�s clients."
Das System ist veraltet! - (2010-01-15)
Der Spiegel has published a story about german hackers who've cloned airport security cards.
HITB Magazine. Vol. 1, Issue 1 - (2010-01-11)
Hack In The Box has decided to make its e-zine available for free.
Bad Intel - (2009-01-10)
A report from the Center For a New American Security (CNAS), another DC-based think tank, that offers some recommendations on how to fix our intel appartus.
ITRC Data Breach Report - (2010-01-10)
ITRC collects information about data breaches made public via reliable media and notification lists from various governmental agencies. According to ITRC's 2009 report, malicious attacks (e.g. Hacking and Insider Theft) have taken the lead (36.4%) over human error (Data on the Move and Accidental Exposure, 27.5%).
App Sandboxing: The Last Line of Defense - (2010-01-10)
Dino Dai Zovi expounds on the merits of application-level sandboxing (he spoke about this last year during an interview with Tom's Hardware).
Dog Eat Dog - (2010-01-10)
Hackers steal data from a criminal of a different sort: Robert Allen Stanford.
Transforming Shellcode - (2010-01-10)
A tool called ALPHA3 that compiles shellcode into a stream of alphanumeric bytes.
The FBI's "Dead" List - (2010-01-04)
A list of roughly 17,000 people who are likely to have FBI files. All have two things in common: all were prominent in some way, and all are now dead.
The "VIP" List - (2010-01-04)
A list of some 3,000 prominent former military service men and women whose service records may be obtained under the Freedom of Information Act.
Data Leak Statistics For Massachusetts - (2010-01-04)
"One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years."
Ten Years of Cyber-crime - (2010-01-03)
Highlights from the past ten years, courtesy of Wired magazine.
Bombs Placed in an Uncomfortable Spot - (2010-01-01)
Life imitates art, per the Joker's ruse in The Dark Knight. Though, to be honest, the Joker's idea showed greater planning.
December 2009_______________________________
Data Leak Impacts 32 Million Users - (2009-12-31)
Credentials were stored in an unencrypted format!
Malware Analysis: A Systematic Approach - (2009-12-31)
A Masters thesis by a Norwegian student (in english).
Botnet Help Desks- (2009-12-31)
Proof that the criminal ecosystem is evolving and growing.
Related: Wired has a similar article that focuses on underground detection services.
ITL Presents Another TXT Attack - (2009-12-29)
Another hardware hack from Invisible Things.
Cracking GSM - (2009-12-29)
The GSM algorithm used to protect mobile phone traffic offers only weak security.
The Offensive Approach to Botnets - (2009-12-29)
"By cutting off the botnet's pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down."
Related: McAfee predicts that botnets will go peer-to-peer to defend against this attack.
ITL Hacks TXT - (2009-12-24)
Rutkowska finds a way to attack Intel's Trusted Execution Technology. Intel has responded.
RAM Scrapers: The New Key Loggers - (2009-12-24)
Black Hats find a way to subvert forensic tools to collect data.
Malware Lineup - (2009-12-24)
A report by AV-Comparatives that examines how well 16 different AV products do in terms of heuristic detection. Caveat emptor.
Accessing the Kernel from Userland - (2009-12-22)
"NtSystemDebugControl(), despite being undocumented, has been known for many years. It provides simple functions such as reading from and writing to any location within the kernel memory. And this is exactly what a piece of malware needs to manipulate kernel objects."
Related: Hiding injected modules.
Espionage Manual- (2009-12-22)
Related: This guy probably should have read the manual.
Hacker Nabbed by Italian Police - (2009-12-22)
"Italian police Friday arrested an alleged hacker with links to organized crime in the Naples area who is accused of defrauding banks and mobile phone operators out of several million dollars."
Hacking EC2 - (2009-12-22)
"In the end, they succeeded in placing malicious virtual machines on the same servers as targets 40 percent of the time, all for a few dollars."
Insurgents Intercept Drone Video Feeds - (2009-12-22)
All it took was a $26 tool to undermine an insecure billion-dollar technology ...
Related: Wired has a story on this also. "Military officials have known about this potential vulnerability since the Bosnia campaign. That was over 10 years ago."
Citibank Attacked By Cyber Gang - (2009-12-22)
I've said it once and I'll say it again, cybercrime (not cyberwar) is the clear and present danger. Hackers using IP addresses previously employed by the Russian Business Network gang have apparently stolen tens of millions from Citibank.
Related: Details on yet another series of fraudulent withdrawals from Citibank.
Document on CIA Drug Testing - (2009-12-20)
From the folks at the New York Times.
How to Overthrow An Entrenched Power Structure - (2009-12-20)
The Civil Rights Movement offers a useful example of how this can be done in practice.
Someone Stole US-South Korea War Plans - (2009-12-20)
The attackers used an IP address allocated to a machine in China. Remember what I've said about attribution...
FBI Foils Bank Attack - (2009-12-12)
"With the increased connectivity in countries that heretofore didn't have that amount of access, and the technological advances made in corporate America that have put vulnerable financial information online, it's been the perfect storm."
Scareware Pays- (2009-12-12)
According to the IC3, to the tune of $150 million.
Basic Spy Tradecraft For Travelers - (2009-12-12)
A manual written by one of the few people to be trained by both the CIA and the KGB.
Part 01 Part 02 Part 03 Part 04
Botnet Invades Amazon EC2 Cloud - (2009-12-12)
"Variants of this malware have been linked to more than $100 million in bank fraud in the past year."
SQL Injection Attack Affects More Than 132,000 Servers - (2009-12-12)
"The injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan."
Bypassing Biometrics - (2009-12-12)
"Japanese police suspect Chinese brokers of taking huge sums to modify fingerprints surgically."
IRS Phishing Scam Diverts $100,000 - (2009-12-12)
"Maxim Maltsev, 24, of the Siberian city of Novosibirsk ... used a spam campaign to trick people into submitting their tax returns to his fake e-filing site."
Reports from Verizon's Forensics Team - (2009-12-12)
John Young Does it Again - (2009-12-12)
Check out the recently leaked TSA document, with the little black squares removed...
McAfee Maps Malicious Domains - (2009-12-04)
Cybercriminals target regions where registering sites is cheap, convenient, and pose the least risk of being caught.
ISP Lawful Interception (Spying) Guide - (2009-12-04)
An interesting look at corporate procedures, courtesy of John Young.
Are You Sarah Connor? - (2009-12-04)
For the first time in history, a civilian intelligence agency is using robots to carry out a military mission, selecting people for killing in a country where the United States is not officially at war.
November 2009________________________________
The Cyberwar Money Train - (2009-11-30)
"The initiative is the latest by a major U.S. defense contractor aimed at hatching solutions to cyber threats at a time that big-ticket weapons programs are being squeezed by cost-cutting imperatives."
EasyHook - (2009-11-30)
An open source project that "supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C#."
English Shellcode - (2009-11-24)
This is a cool idea: recast shellcode so that it looks like non-executable content (e.g. written english).
Control "Monitoring" is Not Threat Monitoring - (2009-11-24)
Another superb reality check by Richard Bejtlich. Performing a compliance audit should not be seen as a substitute for detecting, and responding to, intrusions.
To understand the "control mindset," which emphasizes compliance as a measure of security, read the following GAO report.
Cryptome Takes Down COFEE - (2009-11-22)
John Young thumbs his nose at Microsoft, at least for a while.
The NSA Works on Windows 7 - (2009-11-19)
"The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit."
Advice From the NSA's Info Assurance Director - (2009-11-19)
�We believe that if one institutes best practices, proper configurations [and] good network monitoring that a system ought to be able to withstand about 80 percent of the commonly known attack mechanisms against systems today."
In other words, there's not much you can do to protect yourself against 20 percent of the commonly known attack vectors.
Botnet Toolkit For Sale - (2009-11-19)
A couple of 20 year-olds who used this kit are pinched by British authorities.
How Do You Subvert CALEA Wiretaps? - (2009-11-16)
Easy: use DDoS technology...
The PSP2-BBB Trojan - (2009-11-16)
This malware collects credentials by injecting a page within a customer's browser session (a "man-in-the-browser" attack).
Microsoft's Forensic Tool (COFEE) is Leaked - (2009-11-11)
As one reader commented: "Won�t be long before DECAF is released."
Inside Trojan.Clampi - (2009-11-11)
A rootkit tour from the folks at Symantec.
HookSafe: Detecting Rootkits with a Hypervisor - (2009-11-11)
This article highlights a trend that I've noticed recently: vendors try to defend against malware by putting code in specially dedicated regions of a machine's execution environment. This is all nice and well, until malware finds a way to sneak into these fortified regions.
Imagine a national government that, in an effort to combat organized crime, forms a covert agency that operates above the law and can sidestep the normal constraints of due process. Now, suppose what could happen if this covert agency went rogue ...
Related: Slides on creating a secure VM.
Eastern Europeans Nabbed in $9 Million Hack - (2009-11-11)
A ring of hackers from Estonia, Russia, and Moldova are charged with using counterfeit debit cards to steal a nice chunk of change from RBS WorldPay, which is a part of the Royal Bank of Scotland. Again, despite all of the dire warnings about cyberwar, cybercrime proves to be the clear and present danger.
Related: Wired Magazine also has an article about this.
Related: Additional details can be found at ThreatPost.
Former DEA Agent Forces Government to Fold - (2009-11-11)
Richard Horn claims that the CIA spied on him in the 1990s in order to discredit the DEA's work in Burma. Now, why would the CIA do that? Once more, why would the US Government agree to settle to the tune of $3 million?
The Mossad Uses a Rootkit - (2009-11-04)
This sort of story usually doesn't make it into the news.
CIA Manual - (2009-11-04)
A CIA publication from the 1960s. The primary author was a magician...
Cybercrime (Not Cyberwar) - (2009-11-04)
The FBI reports a dramatic increase of attacks aimed at stealing banking credentials belonging to small and medium-sized businesses.
Accidental Disclosures in The Internet Era - (2009-11-04)
A confidential document listing politicians under investigation by the House Ethics Committee is "leaked" to a peer-to-peer file-sharing network.
Availability versus Security - (2009-11-01)
President Obama announces $3.4 billion in grants to spur the development of the "smart grid." Compare this to the $18.8 million offered to secure the grid...
State-Level Homeland Intel - (2009-11-01)
The CIA ponders "a single, integrated intelligence enterprise with well-defined lanes-in-the-road for each large complicated state."
Three's Company - (2009-11-01)
US-CERT, the NCC, and the NCSC all move into a "unified operations center." Ostensibly this will encourage communication.
October 2009__________________________________
Hardware Rootkits - (2009-09-29)
The more we rely on technology that's designed and manufactured outside the US, the more vulnerable we become to some country that decides to add a little "special sauce" to their chipsets...
Give 'em Hell, Bejtlich - (2009-09-29)
Richard Bejtlich offers a scathing rebuttal to an article in the latest issue of Federal Computer Week.
Routers Remain Vulnerable - (2009-10-26)
Not even network appliances (which are supposed to be more secure than similarly configured PCs) are safe. Why can't they build something secure? Because customers want cheap products.
Another Job Board Hacked - (2009-10-26)
This time the Guardian falls prey. Be careful where you post your resume...
Metasploit Acquired - (2009-10-26)
Another legendary open source effort is swallowed up by the suits.
Skimming, Trapping, and The Lebanese Loop - (2009-10-23)
ATM bandits in Europe find new ways to steal credentials.
The Epicentre of E-mail Scammers - (2009-10-23)
That would be Nigeria...
A Higher Form of Killing - (2009-10-20)
Welcome to the new era of warfare. This is an excellent article from the New Yorker.
Defending Against a DDoS - (2009-10-17)
Punchline: there is no easy answer.
Browse and Get Owned - (2009-10-17)
Microsoft patches Firefox via Windows Update, with less than admirable results.
The Matasano C++ Challenge - (2009-10-17)
"The Matasano Security blog recently posted an article titled A C++ Challenge which included a particularly ugly piece of C++ code that has a security vulnerability. The challenge is for the reader to find the vulnerability, use it execute arbitrary code, and submit the data to Matasano."
Frontline: Obama's War - (2009-10-15)
"What we found on the ground was a huge exercise in nation building, ... The concept's become a bit of a dirty word, but that's what this is. We started with the goal of eliminating Al Qaeda, and now we've wound up with the immense task of re-engineering two nations."
The Library of Babel - (2009-10-15)
James Bamford, author of The Puzzle Palace, reviews yet another book about the NSA.
Focus on Intel and Investigation - (2009-10-11)
Bruce Schneier points out that resources spent defending specific targets could be put to better use if we simply went after the bad guys directly. Don't wait for them to strike, go out and identify them before they get the chance. Amen.
Nearly 100 Charged in ID Theft Scheme - (2009-10-11)
Again, cybercrime (not cyberwar) stands out as the dominant threat. The FBI reports that this is the largest number of defendants ever charged in a cybercrime case.
Related: Van T. Dinh pleads guilty to rooting a currency exchange service in New York and adding more than $100,000 to his account.
Related: An article from the WSJ that echoes this point. Cybercrime, not cyberwar.
How Low Will Malware Go? - (2009-10-11)
An overview of hardware-level infestation from the HiTB conference.
The Power of Texting - (2009-10-06)
Texting has become such a decisive technology that the authorities have started targeting people who utilize it to coordinate protestors.
Infiltrating The Mebroot Botnet - (2009-10-06)
Researchers from UCSB reverse engineered the botnet's domain name generation algorithm and then registered those domains to capture traffic from infected machines.
Thought Control in Economics - (2009-10-04)
A "radical" economics professor at Wellesley takes on the foundations of the mainstream.
The Nature of Identity Theft - (2009-10-04)
"Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information."
Related: How much is your credit card info worth?
Meet the URLZone Trojan - (2009-10-04)
Details on this malware from Finjan.
Related: a report from Finjan that describes the basic workflow of online bank fraud.
Steps Towards OS Verification - (2009-10-04)
Verifying a kernel - known as the seL4 microkernel - in this case involved mathematically proving the correctness of about 7,500 lines of computer code in an project taking an average of six people more than five years.
Automated Whitebox Testing - (2009-10-04)
An academic paper from Microsoft Research.
September 2009________________________________
Botnet Case Study from Damballa - (2009-09-25)
"It's worth noting that the majority of the botnets in play by cyber-criminals are in fact small ones."
Related: there's an article about this presentation here.
Finding Hidden Bugs in Anti-Virus Drivers - (2009-09-25)
Sometimes even the Warden has his zipper down...
FBI Data-Mining - (2009-09-24)
Total Information Awareness, here we come!
NYPD Intel Division Gets Double-Crossed - (2009-09-24)
According to reports, the Intel division at the NYPD was working with an Imam who turned out to be a double agent.
Ode to Dr. Strangelove - (2009-09-21)
A doomsday device was actually built by the Soviets during the Cold War.
Mercenaries In Iraq - (2009-09-18)
In light of this article, Niccol� Machiavelli's comments in The Prince seem appropriate.
The Work of a Nation - (2009-09-18)
A bit of an odd title, this is a promotional publication from the CIA.
Government Policies for Execs Visiting China - (2009-09-16)
"I was advised by people in three-letter agencies in the US Government to weigh the machine before I left and when I got back."
More Cyber-Robbery - (2009-09-16)
Cyber-theft (not cyber-war) again rears its head as the dominant threat.
E-mail and Web Apps - (2009-09-15)
A report from SANS that points out primary attack vectors in the enterprise.
Anatomy of a PDF Exploit - (2009-09-15)
Another example that demonstrates the tension between the desire to add features and provide security.
Attacking the US Power Grid - (2009-09-15)
This paper examines power grid attacks and the ability to produce cascading failures. It's a bit on the abstract side...
Low Hanging Fruit - (2009-09-14)
As in any ecosystem, the weaker members of the pack are sought out by predators. This is one reason why local commercial banks are attractive targets for carders.
Age-Old Rivalry - (2009-09-12)
The CIA and the DEA have a long history of stepping on each other's toes. One agency pursues high-level offenders, and the other agency ...
Controlling the Global Economy - (2009-09-12)
Yet another essay on rich guys who get together and talk. As Noam Chomsky has observed, there isn't much you can do about this. It's far more productive to focus on things that we, as voters, can hope to influence: like our political institutions.
Related: The role of international capital in the recent mortgage crisis. "This American Life," from Chicago Public Radio, offers an excellent synopsis of what happened and why.
C2 Through Google Groups - (2009-09-12)
This isn't necessarily bleeding edge, but its a move towards covert channels.
Crooks Bypass Bank's Two-factor Authentication - (2009-09-10)
Intruders compromise a bank's internal system to initiate bogus transfers to data mules. Again, cyber-crime trumps cyber-war as a threat.
A Matter of Scale - (2009-09-10)
The world's highest-volume spam-sending botnet can pump out 90,000 emails per hour.
FBI Investigation Techniques - (2009-09-09)
A monograph from 1961 that focuses on "unusual" methods.
Inside the Waledac Botnet - (2009-09-08)
An excellent write-up by Gilou Tenebro that provides an overview of how this botnet works and what it does.
Meet the New Class (Same as the Old Class) - (2009-09-08)
An interesting blog entry from Bruce Schneier. Though I would argue that an emerging class of global actors (smugglers, warlords, terrorists, and bandits) isn't necessarily a recent development. Back in the 1800s, the world saw history's most successful narco-state: the British Empire. To see what I'm taking about, read up on the British colonization of Hong Kong.
The Global Katrina - (2009-09-07)
A study by an EU Think Tank that endorses "shielding the global rich from the tensions and problems of the poor." Let them eat cake...
The World's Leading Weapons Supplier - (2009-09-07)
"The United States signed weapons agreements valued at $37.8 billion in 2008, or 68.4 percent of all business in the global arms bazaar."
John Doe Has The Upper Hand - (2009-09-07)
Step right up and rent a botnet capable of performing a 10-100 Gbps DDoS attack... for only $200 a day.
As Richard Bejtlich laments: "Someone please tell me how much it costs to provision equipment and services sufficient to sustain network operations during a 10-100 Gbps DDoS attack. I bet it is much more than $200 per day"
The Story of Palantir Technologies - (2009-09-04)
An article from the WSJ about a bunch of geeks on the peninusla who've developed software that tracks down terror networks.
Turning Off An HVM - (2009-09-03)
Some slides that discuss how to disable a hypervisor and resume to a conventional OS in 100 instructions.
Diebold Core Dump - (2009-09-03)
Diebold has sold its voting machine division to Election Systems and Software (ES&S) for $5 million.
Cyber-war Fear Mongering (Cui Bono?) - (2009-09-02)
As Schneier observed: "The real risk isn't cyber-war or cyber-terrorism, it's cyber-crime."
The Western Express Cybercrime Group - (2009-09-01)
This article, from Wired, describes a credit card theft ring operating out of eastern Euorpe.
NSA Patent, #7584480: System Call Monitoring - (2009-09-01)
This looks like a pretty straightforward application of hooking technology.
Crooks Using Real-Time Alerts - (2009-09-01)
An overview of how the Zeus Trojan, malware used in a number of online account hacks, employs IM to facilitate data theft.
August 2009________________________________
Why We Fight - (2009-08-31)
"I get to shoot and blow things up � all the stuff they show you in the commercials."
Albert Gonzalez Takes Plea Bargain - (2009-08-28)
An informant for the US Secret Service does not pass go, does not collect $200.
Low-Tech Firewall Traversal - (2009-08-28)
It's easy, you just mail your 'sploits to them!
Related: the same goes for free laptops.
Related: Is it real, or just a pen-test?
Cracking WPA - (2009-08-27)
Researchers in Japan claim they can subvert the WPA encryption scheme in a minute.
Intel Guide for Law Enforcement - (2009-08-27)
Written by a professor at Michigan State, this report offers a "review of current initiatives, national standards, and best practices."
Protecting Return Addresses - (2009-08-27)
A recent NSA patent that uses shadow stack frames.
DHS Poses IT Attack Scenarios - (2009-08-26)
The report, "IT Sector Baseline Risk Assessment," evaluates high-consequence risks.
Swiss Malware Developer Goes Public - (2009-08-26)
Ruben Unteregger worked for ERA IT as a malware engineer. He built code that was designed to enable the Swiss government to intercept VoIP communication. He has released some of his code here.
Rogue Estonian ISP - (2009-08-26)
TrendMicro publishes a white paper that describes an ISP that served as the operational hub of a cybercrime network for several years.
Isreali Hacker Pleads Guilty - (2009-08-26)
Ehud Tenenbaum pleads guilty for his role in a caper that officials claim scored $10 million.
Cybercrime Pays - (2009-08-25)
Crooks in Eastern Europe are stealing credentials to initiate fraudulent wire transfers.
CIA Inspector General Special Review - (2009-08-24)
A 2004 Report on counterterrorism detention and interrogation activities.
The CIA in the Media - (2009-08-24)
A study that examines how the CIA is portrayed by the media.
Terry Childs Catches a Break - (2009-08-24)
The judge throws out three of the four felony charges against this San Francisco network analyst.
Real-Time Key Logging - (2009-08-24)
Attackers find ways around security architectures that rely on temporary data, like RSA's SecurID system.
Xe Services: Formerly Known as Blackwater - (2009-08-21)
The NYTimes reports that Xe has been contracted out for "work" that's previously been performed by the CIA.
Related: The CIA, it would appear, contracts out all sorts of odd jobs. Talk about a "death panel,"...
The CIA's Secret Prisons - (2009-08-20)
ABC News reports that Lithuania hosted a secret prison on behalf of the CIA.
Data Breach: Radisson Hotels and Resorts - (2009-08-20)
This company manages 400 locations in 65 countries.
Proven Kernel Security - (2009-08-19)
Australia's Information and Communications Technology (ICT) Centre has announced the completion of the world�s first formal machine-checked proof of a general-purpose operating system kernel.
Data Fabrication: Faking DNA Evidence - (2009-08-19)
Scientists demonstrate that DNA evidence can be fabricated. Anti-forensics rears its head!
Hackers Pilfer 130 Million Card Numbers - (2009-08-18)
Three hackers are indicted in what is being called the largest identity-theft case in U.S. history. Who says cybercrime doesn't pay?
Related: The WSJ has covered this story also.
Related: More details on this case can be found here.
Highly Predictive Blacklisting- (2009-08-18)
The idea behind this technique is to curb malware infestation by predicting malicious sites and blocking them in advance.
FBI's Regional Computer Forensics Laboratories - (2009-08-18)
The FBI has released its latest RCFL annual report which details what the labs have been up to recently.
The CIA's $5 Million Bar Tab - (2009-08-17)
A five year investigation into the purchase of Russian Mi-17 helicopters (for post 9-11 operations in Afghanistan by the CIA) leads to the conviction of the Army official in charge of the mission.
Russian Gangsters Behind Georgia DDoS Attacks - (2009-08-17)
The U.S. Cyber Consequences Unit (a think tank) claims that organized crime elements are behind the DDoS attacks that plagued Georgian sites in August of 2008.
Related: According to the WSJ, the Russian attackers used stolen US identities to establish command and control sites in addition to collaborating via U.S.-based social-networking sites.
As the above article observes: "cyber-warfare has outpaced military and international agreements, which don't take into account the possibility of American resources and civilian technology being turned into weapons."
EPIC on Flash Cookies - (2009-08-17)
A primer on this lesser-known technique for tracking user data from the Electronic Privacy Information Center.
First Beckstrom, then Hathaway, and Now Kwon - (2009-08-14)
Mishel Kwon, the head of US-CERT, has left to work for RSA.
Cryptome Owner on Wikileaks - (2009-08-14)
John Young, the founder of Cryptome, comments on the nature of Wikileaks: "Wikileaks too much resembles those whom it seeks to expose."
80,000 People Flagged as Fugutives - (2009-08-13)
A software glitch caused 80,000 people to lose Social Security benefits after they're incorrectly classified as "fleeing felons."
China Backs Down On Green Dam - (2009-08-13)
The WSJ reports that China will not require installation of web-filtering software on computers sold in China.
Busted: 20-year-old Australian - (2009-08-13)
This, yet to be identified, man has been charged with infecting 3,000 machines in an effort to harvest financial credentials.
Selling Interrogation Services to the CIA - (2009-08-12)
A NYTImes article on the rise and fall of Mitchell Jessen and Associates.
Proof That Crypto Works - (2009-08-12)
Two individuals in the UK are convicted for failing to divulge their encryption keys to authorities.
Hacking The Sequoia AVC Advantage - (2009-08-11)
Researchers from Princeton, Michigan, and UCSD demonstrate a real-world attack that can subvert a well-known electronic voting machine. Let the critics once and for all be silenced.
Related: Diebold fixes a security hole in their vote tabulation software.
Why Did Melissa Hathaway Quit? - (2009-08-10)
Everyone knows that "personal reasons" is a code phrase for things that you'd rather not admit in public.
Why All The Secrecy? - (2009-08-07)
"My 24 years as an analyst at the Central Intelligence Agency (1966-90) taught me that national security is only the ostensible reason for using the state secrets privilege in cases before the court. The real reason usually has more to do with national embarrassment and not national security."
Crooks Using The ACH - (2009-08-07)
The Automated Clearing House (ACH) is a network used to digitally route money between organizations and individuals. Attackers have been using it, in conjunction with credential theft, to transfer money to mule accounts.
EFF on the Police and GPS - (2009-08-06)
"There's no statute that controls [GPS monitoring], so if the Fourth Amendment doesn't protect you, you're out of luck."
Details for NSA Building - (2009-08-05)
The new structure slated for Camp Williams in Utah would be 1.5 million square feet (just over half the size of the Mall of America in Minnesota).
Latvian ISP Cut Off - (2009-08-05)
Another "bullet proof" ISP used by criminals has been cut off from the Internet by its upstream provider.
2003 US Cyberwar Attack Derailed - (2009-08-04)
The US planned to crippled Iraq's financial system, but concerns over collateral damage prevented things from going operational.
Low-Tech Spoofing - (2009-08-04)
A man in Chicago is accused of using a stolen radio to impersonate Transit Authority officials.
Windows 7 Activation Hacked - (2009-08-04)
Once again, pirates have cracked Windows. Microsoft has stated that they will blacklist the corresponding OEM master key.
The 1956 Bruce-Lovette Report - (2009-08-03)
An article describing the hunt for an elusive 1956 report on the CIA prepared for President Eisenhower.
Paul Krugman on HFT - (2009-08-03)
While you read this article, keep in mind that High Frequency Traders are given their 30-millisecond preview (order data that they see before everyone else) as a result of a fee that they pay to exchanges like Nasdaq.
Pirating Computrace - (2009-08-03)
Researchers at Black Hat show how to subvert this BIOS-enabled tool.
Related: Computrace vendor, Absolute Software, responds.
ATM Fun and Games in Vegas - (2009-08-03)
One more reason to make a cash withdrawal *before* you leave for Vegas.
BotNet Danger Room - (2009-08-03)
Sandia National Laboratories in Livermore, Calif., are simulating a million Windows nodes by hosting linux virtual machines on a 4,480-processor supercomputer. Each virtual machine will run an instance of Wine so that licensing fees can be avoided.
July 2009___________________________________
Network Solutions Data Breach - (2009-07-27)
"The code may have captured transaction data on approximately 573,928 cardholders. Exposure varied by merchant, but in all cases took place sometime between March 12, 2009 and June 8, 2009."
High Frequency Trading - (2009-07-24)
"Powerful computers, some housed right next to the machines that drive marketplaces like the New York Stock Exchange, enable high-frequency traders to transmit millions of orders at lightning speed and, their detractors contend, reap billions at everyone else�s expense."
L0pht: Where are They Now? - (2009-07-24)
It would seem that several members of L0pht have reunited and revived their old website.
Aliens and Free Energy - (2009-07-24)
Gary McKinnon explains why he hacked the Pentagon.
Q&A With Dennis Blair - (2009-07-23)
The Director of National Intelligence (DNI) talks about cyber-security and counterintelligence.
Hacking Nuclear C2 - (2009-07-23)
The International Commission on Nuclear Non-proliferation and Disarmament released this report, exploring the possibility of hackers initiating a nuclear conflict.
EFF Files Suit against CIA - (2009-07-22)
This morning the EFF filed suit in San Francisco against the CIA, the DHS, the DoD, the NSA, and others demanding the release of reports detailing potential misconduct.
Related: Wired is also covering this story.
Most Wanted Botnets - (2009-07-22)
A list of some of the most prolific botnets in the US from NetworkWorld.
Ex-Police Officer Has Intel on 40 Million People - (2009-07-22)
Colin Holder, a retired police officer has collected sensitive information on 40 million individuals. He plans to charge people for access to the data so that they can determine if their security has been breached.
Chrome Browser Security - (2009-07-22)
A high-level overview of security features in the Chrome Browser.
The DEA and the CIA - (2009-07-21)
This article reflects the tension that has traditionally existed between these two agencies. The DEA goes after high-level offenders who often end up being protected by ... you guessed it!
Related: One retired DEA agent can tell you all about this dynamic.
LA Councilman Questions Google Apps - (2009-07-21)
"Drug cartels would pay any sum of money to be aware of our progress on investigations."
Interview with Joanna Rutkowska - (2009-07-20)
Another exclusive from Tom's Hardware. Read about one of the system-level security field's chief innovators.
AT&T Whistleblower Writes a Book - (2009-07-20)
Mark Klein, the only AT&T employee who's spoken about the secret wiretapping rooms, has written a book about his experience. It's interesting to see how various news providers backed away from this story...
NCTC Director Michael Leiter - (2009-07-20)
Article on this Columbia grad via the alumni magazine.
New WLAN Guidelines for Cardholders - (2009-07-17)
The Payment Card Industry Security Standards Council Releases WLAN standards aimed at organizations that handle payment-card transactions.
Related: Some background on what led to these new standards.
Why RFID Passports are a Bad Idea - (2009-07-17)
Robin Harris at ZDNet bemoans the state of passport security. "I hope some unlucky Americans aren�t injured or killed before this misguided program gets revoked."
Unclassified Report on Warrantless Wiretapping - (2009-07-16)
A report by the Inspectors General of five intelligence agencies.
Related: Wired has a snapshot of the "secret room" at the Folsom Street AT&T office.
Nmap 5.0 Released - (2009-07-16)
The next iteration of Fyodor's handy network scanner is out.
White Hat Budgeting - (2009-07-15)
Bejtlich on outsourcing security: "You spend too much money and probably won't receive value for it. "
Researcher says UK, not North Korea, is to Blame - (2009-07-14)
As noted earlier, attribution is a key issue with regard to cyber attacks.
Wired also has an article on this story.
Related: It would now seem that the attacks originated from Miami. This puts previous calls for massive retaliation by US legislators like Peter Hoekstra in a whole new light, doesn't it? Let's hear it for Hegelian Dialectics!
APT: Advanced Persistent Threats - (2009-07-13)
The chief security officer at Northrop Grumman observes that we really don't know who's attacking us: "Attribution is probably one of the biggest problems for our nation."
The Potential of Rootkit Surveillance - (2009-07-13)
An article from Daily Kos that speculates about banks acting on trading data before the transactions are committed. Credible or otherwise, this story demonstrates why rootkit technology is so powerful.
The Prevailing Wisdom...Is Wrong - (2009-07-13)
According to the 2009 Data Breach Report from Verizon, only 0.05 percent of information stolen was offline data or end-user devices (e.g. backup tapes, laptops, etc.).
The Sound and Fury of Cyberwar - (2009-07-13)
Another great reality check: "The news isn't the attacks, but that some networks had security lousy enough to be vulnerable to them."
Nano-Thermite - (2009-07-10)
Dr. Niels Harrit, a professor of chemistry at the University of Copenhagen, finds an exotic military compound in debris collected in lower Manhattan immediately after 9/11.
The Dangers of Public Wi-Fi Access - (2009-07-10)
This article demonstrates the clear tradeoff between security and convenience.
Bug Takes More than a Year to Fix - (2009-07-10)
Microsoft has declined offer why this is the case, but it appears that there was a security flaw in IE that took them over a year to fix.
Chrome OS - (2009-07-09)
Read Google's introduction to its OS (supposedly due out in 2010).
Related: The NYTimes has a summarized relevant issues in a recent article.
Related: Bruce Schneier calls Google's promises of foolproof platform security idiotic. Give 'em hell, Bruce.
Related: Black Hat presenter Robert Hansen coined the term Gmalware.
SPAM Developer Pleads Guilty - (2009-07-08)
A 49 year-old engineer who developed spamming software gets 6 years and a $3,000 fine.
DDoS Hits US and South Korea - (2009-07-08)
A botnet consisting of 50,000-60,000 computers performs a "relatively small-scale" DDoS attack against American agencies.
Related: According to AhnLab, a Korean computer security company, the botnet was facilitated by a variant of the MyDoom virus.
Related: South Korea's intel agency indicates that North Korea may be responsible.
Related: The Creation of a Botnet.
Scenarios for 2035 - (2009-07-07)
A slide deck from the NOAA, Looks into the dangers of the 'business as usual' mindset.
Predicting SSNs - (2009-07-07)
Researchers from Carnegie Mellon show how easy it is to derive SSNs from publicly available info.
Related: One of the researchers will present their findings at Black Hat USA 2009.
Someone Tries to Steal Goldman's Secret Sauce - (2009-07-06)
A Russian immigrant is held on charges of stealing the source code for Goldman's automated trading systems.
The Great American Bubble Machine - (2009-07-06)
Matt Taibbi, a writer for Rolling Stone, asserts that Goldman Sachs worked to inflate market surges and profit from the resulting busts. As the author states, "organized greed always defeats disorganized democracy."
MI6 Chief Cover Blown - (2009-07-06)
Pictures and personal details posted by Sir John Sawer's wife (Shelley) on Facebook. It will take more than a new cyber command to save the Brits from this sort of poor judgement.
AV Arms Race - (2009-07-06)
An in-depth look at the two market leaders.
NSA to Screen Government Traffic - (2009-07-03)
The Washington Post reports that the NSA plans to screen government traffic on private-sector networks.
Related: Details from the WSJ on Einstein, the system to be used to implement screening. The initial version is just an IDS, later versions will migrate to an IPS approach.
Related: Richard Bejtlich predicts that the .com domains will be next.
The "National Security" Argument - (2009-07-03)
An essay on the 1953 origins of the "National Security" argument used to deny public access to information.
CIA Looking to Hire Bankers - (2009-07-02)
The author of "Crossing the Rubicon" stated that the CIA was Wallstreet and vice-versa...
Protective Design for High Risk Buildings - (2009-07-02)
A study that examines "how to prevent and mitigate the effects of a terrorist attack on a building."
NSA Builds a Data Center in Utah - (2009-07-02)
After the lingering demise of Novell, this is just what Utah needs.
Spammers Hit in the Wallet - (2009-07-02)
Canadian spammers are ordered to give up $3.7 million by a US District Court. Who says that cybercrime isn't profitable?
Hey Barnaby, Say It Ain't So! - (2009-07-01)
I was really looking forward to this talk...But now it seems that an ATM vendor has put the kibosh on Barnaby Jack's Black Hat presentation on how to jackpot ATM machines.
Related: More recent developments on Barnaby Jack's Black Hat talk.
The European Electronic Crime Task Force - (2009-07-01)
The US Secret Service signs an agreement with Italian authorities to set up an international cyber crime task force.
FBI's Watchlist Nomination Practices - (2009-07-01)
How exactly does someone end up on a terrorist watch list? This document should shed a little light on the process.
Cyber War: Hyperbole versus Reality - (2009-07-01)
"It is alarming that so many people have accepted the White House�s assertions about cyber-security as a key national security problem without demanding further evidence. Have we learned nothing from the WMD debacle?"
How the Big Boys Secure E-mail - (2009-07-01)
A look into the logistics of processing large amounts of e-mail.
June 2009___________________________________
Max Butler Pleads Guilty - (2009-06-30)
The operator of the "Carder's Market" faces up to 60 years after pleading guilty to two counts of wire fraud. He'll be sentenced in October.
China's CERT Treads Water - (2009-06-30)
"China's CERT had only three English speakers who were trying to handle a massive work load: the agency was getting as many as 9,000 abuse complaints per day."
Article on Norm Matloff - (2009-06-30)
This UC Davis Professor understands the true nature of H-1B and offshore outsourcing. It's all about cheap labor and destroying the social contract.
Hardware-Level Rootkits Seen As Threat - (2009-06-29)
"Russia�s proposed treaty would ban a country from secretly embedding malicious codes or circuitry that could be later activated from afar in the event of war."
Censoring Wikipedia - (2009-06-29)
A reporter from the NYTimes is kidnapped by the Taliban. The Times tries to keep news of this from being published online.
New Armor for UK Troops - (2009-06-29)
This articles demonstrates that security will often be discarded by users if it's seen as an annoyance.
GAO Report on DHS CyberSecurity - (2009-06-26)
This is an eye-opener. The DHS has been given failing grades since 2005 by the GAO...
Iranians Use TOR - (2009-06-26)
"Forget the driven-by-DC mock-populism and the all-too-clever schemes; this is how America should be promoting democracy abroad. Give activists the tools � and then let them decide how and when to use �em."
Deep Packet Inspection in Iran - (2009-06-25)
Big Brother thrives in Iran with a little help from Nokia and Siemens.
Exploit for China's Green Dam - (2009-06-25)
A researcher named Trancer releases a Metasploit module for IE which targets a vulnerability in Green Dam v3.17.
Guaranteed Secure Deletion - (2009-06-25)
Power tools...
The UK Announces its own Cyber-Command - (2009-06-24)
Whitehall follows closely in the steps of the Pentagon. Accusations fly as officials point their fingers at Russia and China.
Related: This new agency will have an offensive role.
Related: This new command will be located at "the doughnut."
NSA Director to lead Cyber-Command - (2009-06-24)
Despite several press releases that seemed to downplay the possibility, Defense Secretary Robert Gates will recommend the current NSA Director, Lt. Gen. Keith B. Alexander, to lead the cyber-command.
Gates Orders Creation of Cyber Command - (2009-06-23)
It's official: a new military command to defend to DoD's 15,000 networks and seven million computers. The command HQ will be located at Fort Meade. Ahem.
Bejtlich on Automated Defenses - (2009-06-23)
"Automated defenses are the easiest for an intruder to penetrate, because the intruder can repeatedly and reliably test attacks until he determines they will be successfully and potentially undetectable"
The Worst US Cities for IT Workers - (2009-06-23)
Detroit and Cleveland are at the top of the list.
Cleveland also has the honor as being named, by Forbes, as one of America's fastest-dying cities.
Detroit Spammers Get the Slammer - (2009-06-23)
Given the above article, I can't say that I'm surprised...
The Story of Deep Capture - (2009-06-22)
A journalist casts an eye on the nature of the financial press.
The Midas Touch in Reverse - (2009-06-22)
A blog entry that dwells on Internet-Based Disruptive Business Technologies (IBDTs).
Everyone Smells Money - (2009-06-22)
The defense contractors ready themselves for the money train.
Google Engineers Talk Browser Security - (2009-06-19)
An article from the ACM that describes high-level security features of the Chrome browser.
GhostNet Vanished in a Day - (2009-06-19)
Nart Villeneuve, from the Information Warfare Monitor in Canada, recently spoke in Estonia about the rapid disintegration of GhostNet.
C2: Cooperation and Coordination - (2009-06-19)
Researchers have uncovered botnets that work together to resist eradication.
The Golden Cash Malware Network - (2009-06-18)
Proof that someone's making money off of botnets (despite what the folks at Microsoft Research are saying).
Crime Doesn't Pay (for Stephen Watt) - (2009-06-18)
The life and times of a malware developer who did work for what the feds are calling �the largest identity theft ring in our Nation�s history.�
The Marc Weber Tobias Problem - (2009-06-18)
Meet Marc Tobias, the man who took on Medeco and won.
Related: See a Black Hat presentation on lock picking.
Forensic Analysis on a Thumb Drive - (2009-06-18)
Not much new here: Guidance Software's EnCase can run from a bootable thumb drive.
NSA Monitoring: Tip of the Iceberg - (2009-06-17)
"Intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged."
How People Fall for Scams - (2009-06-17)
The first few pages of this 260-page report summarizes things nicely.
MI5 HQ Revealed - (2009-06-16)
The company that built this structure (the Park 66 Development in Bury) discloses the address in a brochure.
Intel Sharing with Iraq - (2009-06-15)
Documents related to US Intel sharing with Iraq during the Iran-Iraq war.
Inside a Datacenter- (2009-06-15)
The first rule of Fight Club: Don't talk about Fight Club.
Related: a NYTimes article on the nature of datacenters.
Related: A Register piece on a data center in Las Vegas.
Credit Card Providers Audit Themselves - (2009-06-15)
According to this AP report, credit card providers "see fraud as a cost of doing business and say stricter security would throw sand into the gears of the payment system, which is built on speed, convenience and low cost."
Related: Thoughts on regulating privacy by Bruce Schneier.
PBX Phreakers Indicted - (2009-06-15)
Filipino attackers break into a myriad of PBX systems using default passwords.
New Attack in Non-Routable Networks - (2009-06-12)
"Because of caching issues within the browser, and other technologies that may use the IP address as the single factor of security, it becomes possible to create situations where the collisions can be used to an attacker's advantage, and even allow them to compromise internal networks."
The Borderless Border Town - (2009-06-12)
Bob Cringley discusses the problems of enforcement and security on the Internet.
Keykeriki - (2009-06-12)
A universal wireless keyboard sniffer.
Instigators of Collective Violence - (2009-06-12)
An academic approach to the "Tyler Durden" effect.
China Mandates Filtering Software - (2009-06-12)
China has decided that all computers sold in the country must ship with the Green Dam-Youth Escort package.
Related: Researchers at the U of M have already found exploits!
Related: Reports claim that this could lead to a very large botnet.
Declassified Documents - (2009-06-11)
A collection of links to declassified information.
Corporate Big Brother - (2009-06-10)
Sears Holding Corporation settles with the FTC over spyware from ComScore that it advised customers to install via e-mail.
Interhack Study - (2009-06-10)
�We discovered a statistically significant distinction between the types of breaches that occur in several of the industry sectors.� Matthew Curtin, founder of Interhack and co-author of the study said.
History Repeats Itself - (2009-06-10)
Microsoft decides to bundle free AV software with Windows.
Nobody Sells Gold for the Price of Silver - (2009-06-09)
Microsoft Research says cybercrime doesn't pay.
The Rise and Fall of E-Gold - (2009-06-09)
As one reader observed: "An anonymous way to send large amounts of money around the world? Who would�ve thought such a system would attract criminals?"
Jeff Moss in HS Advisory Council - (2009-06-05)
The founder of Black Hat and DEFCON is sworn in to the Homeland Security Advisory Council.
Rogue ISP Shut Down - (2009-06-05)
Pricewert, a San Jose based ISP, is kicked off the net at the request of the FTC.
ATM Rootkits - (2009-06-04)
Compromised ATMs have been discovered in Eastern Europe. Authorities suspect that insiders are involved.
Cyberwar (Yawn) - (2009-06-04)
Espionage and computer intrusions have been going on for years. They just happen to be getting more attention from the media. Why would that be? (Hint: think government budgets and contracts)
Cloud Computing (Yawn) - (2009-06-04)
Just goes to show you how powerful buzz words are. Marketing fluff at its best. Schneier also observes: "Outsourcing is the future of computing."
The "Why Terrorists are Dumb" Theory - (2009-06-03)
An essay on why terror attacks aren't what they're cracked up to be.
NSA or China? - (2009-06-03)
Who's the greater threat to privacy? An ex-Fed points a finger at China, though the article notes that "deploying malware (i.e. GhostNet) is, at best, a low-rent alternative to wiretapping internet backbones, as the NSA is alleged to do."
Telecoms Escape EFF and ACLU Lawsuits - (2009-06-03)
Today a federal judge ruled that telecoms have immunity from liability under the FISA Amendments Act (FISAAA).
Government Releases "Highly Confidential" Data - (2009-06-03)
The aforementioned report provides details on the nation�s civilian nuclear sites and programs.
Forensic Teams in UK Swamped- (2009-06-03)
Proof that anti-forensics is all about buying time. The article states: "Currently, UK police forces have a backlog of hundreds of computers seized during criminal investigations."
The Perfect Cyber Tsar - (2009-06-03)
According to the authors of this article, the ideal candidate would be a hybrid of Bruce Schneier, Richard Bejtlich, and Chris Eagle.
CardSystems Holds Auditor Accountable - (2009-06-02)
CardSystems takes its security auditor to court over a data breach that took place in 2004.
Ex-Spy Makes Peace with MI6 - (2009-06-01)
Former MI6 operative Richard Tomlinson returns home after the agency agrees to apologize and leave him alone.
Contractors Dash for Cyberwar Funding - (2009-06-01)
The money train has arrived: Northrop Grumman, General Dynamics, Lockheed Martin, and Raytheon are lining up to get their fix.
May 2009___________________________________
Obama Announces Cyber Security Office and Tsar - (2009-05-29)
Obama states: "America's economic prosperity in the 21st century will depend on cyber-security."
Related: The official White House press release.
Related: 60-Day cyberspace policy review presented by Melissa Hathaway, Cybersecurity Chief at the National Security Council.
Related: The Pentagon plans its own complement to this civilian effort.
Related: Bruce Schneier's thoughts on the need for a Cyber Tsar.
Related: Richard Bejtlich responds to Obama's speech.
Related: Yet another reality check. "The problem is not that there hasn�t been a discussion with the American public on cybersecurity. There has. And it�s been entirely monochromatic, larded with scenarios, claims and frightful rumors meant to incite action, and allied with experts chosen from companies in the private sector who always stand to gain richly from further spending on cybersecurity."
Related: Yet another cynic's take on all this the cyber Tsar business.
Intel Consumer's Guide - (2009-05-29)
A sort of "Intel FAQ."
Identity Thieves Indicted in New York - (2009-05-29)
This theft ring operated by purchasing information from bank insiders.
Turkish Hackers Breach US Army Servers - (2009-05-28)
The hacking clan known as "m0sted" successfully cracked web servers in Oklahoma and Virginia. This report also observes that "The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools."
Dangerous Search Terms - (2009-05-28)
McAfee looks at search engine terms that lead to malicious web sites.
Overworked Investigators Cut Corners - (2009-05-28)
The article states, "agencies must issue at least 90 percent of their initial security clearances within 60 days" and then notes that "87 percent of the 3,500 initial top-secret security clearance cases Defense approved last year were missing at least one interview or important record."
Anyone who works with anti-forensics knows, beating the forensic analyst is a matter of buying enough time. As this article reminds us, most people are operating on a budget...
Bilderbergers Meet This Month - (2009-05-27)
As Noam Chomsky observed in his book Understanding Power : "Obviously rich people get together and talk to each other and play golf with one another, and plan together - that's not a big surprise. But the conspiracy theories people are putting their energies into have virtually nothing to with the way institutions actually function."
Related: an article on this meeting in the WSJ.
Related: a rare press release where this group describes itself.
The New Service Economy - (2009-05-26)
Learn the difference between CVV2s, dumps, and fulls.
2007-2008 NSTAC Issue Review - (2009-05-26)
A high-level survey of infrastructure threats published by the National Security Telecommunications Advisory Committee.
Government Informant Stirs The Pot - (2009-05-26)
�How do you go to the government about the government?�
CDC Swine Flu Report - (2009-05-26)
A sensitive, but unclassified, director's update brief.
eBook: Secret Power - (2009-05-26)
A look at the SIGINT links between the NSA, Britain, Canada, Australia, and New Zealand.
Secret Service Flunks NSA Security Audit - (2009-05-22)
Director Mark Sullivan states that: "While the NSA findings are classified, I can tell you that the results were chilling."
Uncle Sam Recruits Teen Hackers - (2009-05-22)
This year's DC3 challenge has expanded its venue to include high school and college participants.
Yet Another AV Software Ranking - (2009-05-22)
Chaz Sowers sets up his own independent test lab and has at it.
Bejtlich on Ghetto IT - (2009-05-22)
An essay on how "intrusion debt" can come back to haunt you.
The Nokia Phone Craze - (2009-05-21)
This article explains why some people have been willing to pay big $$$ for certain models of the Nokia 1100 mobile phone.
Botnet Partitioning - (2009-05-21)
Some bot herders will partition their network of compromised machines for operational reasons and to avoid monocultural insecurities.
$50,000 Bounty on Hard Drive - (2009-05-21)
The National Archives is offering a $50,000 reward for the return of an external hard drive containing personal information (i.e. SSNs) of former Clinton administration staff members.
US Marshals Service Hacked - (2009-05-21)
According to reports, they had to shut down their Internet access and disconnect their system from the Department of Justice.
ISC Report on 7/7 - (2009-05-20)
The Intelligence and Security Committee's second report on the 7/7 bombings. This second report was commissioned after it was determined that the bombers were not unknown to the police and MI5. This report exonerates MI5 on the grounds that the organization was stretched too thin to provided the necessary coverage.
The Navy Cyber Defense Operations Command - (2009-05-20)
An article by PC World that looks into our defensive capabilities. The author hints at interesting ideas, but the details are all classified...
Gartner Advises Skipping Vista - (2009-05-20)
Gartner urges enterprises that haven't rolled out Vista to wait for Windows 7.
Gumblar Briefing - (2009-05-19)
Short, but sweet, write-up by CERT on the basic operation of Gumblar malware.
Vishing: Voice + Phishing - (2009-05-19)
It seems like you can't always trust caller ID...
Netbooks Ship with malware - (2009-05-19)
Once again, demonstrating that sometimes you can't even trust a pristine system out of the box.
Go Ahead, I Dare You...- (2009-05-18)
The Obama administration urges US District Judge Vaughn Walker to order the disclosure of a national security state secret related to warrantless wiretapping.
Too Much Data - (2009-05-15)
The UK police are apparently swamped with CCTV camera footage. Dominic Grieve, of the Conservative party, stated that "In many cases the police don't have the time or resources to look at CCTV (footage)... In fighting crime, mass surveillance through CCTV is highly questionable."
Interview with Melissa Hathaway - (2009-05-15)
Hathaway talks about the creation of the Comprehensive National Cybersecurity Initiative (CNCI).
Security Zones and Shrinking Public Space - (2009-05-15)
This website summarizes a project outlining the impact of anti-terrorism security on urban public space since September 11, 2001.
Warbots - (2009-05-15)
Life imitates art (i.e. think Terminator Salvation).
China's OS: Kylin - (2009-05-14)
China develops its own "secure" OS, which appears to be based on FreeBSD.
Related: commentary by ZDNet's Dancho Danchev.
Will Terrorists Attack the Food Supply? - (2009-05-14)
Bruce Schneier thinks not: "The quantities involved for mass poisonings are too great, the nature of the food supply too vast and the details of any plot too complicated and unpredictable to be a real threat."
How YouTube Scales - (2009-05-14)
An interesting look at how this site supports over 100 million videos per day.
Operation GRAPHIC HAND - (2009-05-13)
A declassified military plan to continue postal service in the event of a strike (simply replace one group of low-paid wage workers with another).
More Infighting and Turf Wars - (2009-05-13)
Bruce Schneier argues against designating someone as a cybersecurity czar.
Pirates and Crooks Team Up - (2009-05-13)
Researchers have identified pirated versions of Windows 7 that include malware which attempts to connect to a botnet command-and-control server.
BioHackers and National Security - (2009-05-12)
A WSJ article that ponders the future shock of homemade bioweapons.
Why Cyber Commands Fail - (2009-05-12)
Richard Bejtlich responds to an article written by Robert Graham.
The Electronic Police State - (2009-05-12)
A commentary and report on the dangers of state surviellance.
Related: a story from Wired about the FBI's 'Going Dark' surveillance program.
Related: a story from the NYTimes that serves as a counter-argument of sorts.
Cyberwar Games at West Point - (2009-05-11)
The DoD graduates 80 students each year from its cyberwar schools.
Wisconsin Police Can Use GPS Tracking - (2009-05-11)
Officers don't need a warrant because, according to Wisconsin courts, GPS tracking does not involve a search or a seizure.
SPAM-Friendly ISPs in China - (2009-05-11)
There are ISPs in China that offer "bullet-proof" hosting, which is to say that you can SPAM all you want and they'll simply ignore complaints.
Classified Programs Budget More Than $50 Billion - (2009-05-08)
"It makes the Pentagon�s secret operations, including the intelligence budgets nested inside, 'roughly equal in magnitude to the entire defense budgets of the UK, France or Japan.' �
FAA Air Traffic Control Systems Compromised - (2009-05-08)
A report by the Office of the Inspector General that describes the current state of computer security at the FAA.
Privacy or Security? - (2009-05-08)
This is a loaded question. Why can't we have both?
UC Berkeley DB Breached - (2009-05-08)
According to school officials, "Evidence uncovered to date suggests that this attack was launched by highly skilled criminal operations based overseas."
More Funding is Not The Answer - (2009-05-07)
Sensitive military information is recovered from a drive bought off of eBay. These people don't need more federal money, what they need to do is wipe their drives!
Meet the Feds - (2009-05-07)
An interview with Special Agent J. Keith Mularski of the FBI.
NVLabs Releases VBootkit 2.0 Code - (2009-05-07)
Vbootkit 2.0 currently only works on Windows 7 ( x64 edition ).
Trust No One - (2009-05-07)
An article on using honeypots to catch internal attackers. The author advises: "Don't even tell the network security people about it." Oh, that's rich.
A Collection of CIA Documents - (2009-05-07)
"Truth" Drugs in Interrogation
The Interrogation of Suspects Under Arrest
Communist Interrogation Methods
Guess What: We're Vulnerable - (2009-05-06)
Nothing new here. The WSJ reports that officials from all branches of the armed services claim they're being "challenged like never before," once again confirming the suspicion that there is funding at stake.
When Vikings Attack - (2009-05-06)
A Swedish national has been indicted for intrusions into networks run by the likes of Cisco and NASA.
McAfee Threats Report: First Quarter 2009 - (2009-05-05)
According to McAfee, the US hosts the largest percentage of infected machines (18%).
Data Stolen and Held for Ransom - (2009-05-05)
Arrr, data pirates. The Washington Post reports that over 8 million patient records have been encrypted and that the intruder demands $10 million for the password. It looks like the FBI has been brought in...
Privacy in the Cloud - (2009-05-05)
An essay by Bruce Schneier that explains how the police can search your data without a warrant.
Inside the Torpig Botnet - (2009-05-04)
A report by the folks at UCSB that describes how they compromised the Torpig botnet.
Mastering the Internet (MTI) - (2009-05-04)
Details on the UK Government Communications Headquarters' plan to monitor network traffic in Britain.
Unemployment and National Security - (2009-05-04)
An interesting op-ed piece: unemployment in the US has been recast as a form of work to manage the threat of social unrest resulting from mass unemployment.
USPS Investigating Data Breach - (2009-05-01)
Lexis Nexis is notifying customers after up to 300 accounts were compromised to acquire fraudulent credit cards.
Secure XP - (2009-05-01)
Several years after Microsoft releases Vista, Redmond finally offers a secure version of Windows XP (whew, just in time).
April 2009_________________________________
Peer-to-Peer Command and Control - (2009-04-30)
A novel approach to hampering network-based forensics. The story behind this research paper is also interesting.
"Offshore Bullet-Proof Hosting" - (2009-04-30)
Spammers use a server farm hosted in China to maintain anonymity.
Report by National Research Council - (2009-04-29)
Entitled, "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities." You can read this report online.
There's a NYTimes piece that discusses this report here
For Want of a USB Drive...- (2009-04-29)
An MI6 officer loses a USB drive containing the names of SIS informers.
Download the Spec for PLAID - (2009-04-29)
Centrelink has released its $560,000 smart card identification protocol for free. There's also a reference implementation.
State Sponsored Hacking - (2009-04-28)
A NYTimes article that demonstrates why the spooks build the best rootkits. The mention of chip-based compromise tactics is particularly noteworthy.
Yet Another Adobe Reader Hole - (2009-04-28)
US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk. To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, un-check Enable Acrobat JavaScript.
Microsoft Changes AutoRun in Windows 7 - (2009-04-28)
"AutoPlay will no longer support the AutoRun functionality for non removable optical media."
Social-Engineering Lives On - (2009-04-27)
According to Stan Szwalbenest, the director of remote channel risk at JP Morgan Chase, "Call-center authentication is, to me, the biggest pain point right now."
NSA Chief to Head Pentagon Cyber Command - (2009-04-24)
NSA Director Keith Alexander recently claimed that the NSA has no intention of taking on the job of securing our networks (but he never said that he didn't personally want the job...).
A Sea of Black Hats - (2009-04-24)
China's vast population sports a sizeable contingent of hackers that, according to Popular Science, are loosely affiliated with the government.
Brazilian ISP Attacked - (2009-04-24)
Intruders manipulate the ISP's DNS records to redirect customers to malicious sites.
FBI Agent Recounts Sting Operation - (2009-04-23)
Special Agent J. Keith Mularski of the FBI's Cyber Division admits that the Black Hats still hold the upper hand.
VBootkit 2.0 Unveiled - (2009-04-23)
The Kumar tag-team from NVLabs shows off their bootkit at the Hack In The Box Security Conference (HITB) in Dubai.
Internet Criminal Ecosystem offers 'Services' - (2009-04-23)
Anonymization networks, money laundering, and malware installation.
NYPD Under Siege - (2009-04-23)
The NYPD reports at least 70,000 unauthorized entry attempts per day.
1.9 Million Zombies - (2009-04-22)
A huge botnet based in the Ukraine has been discovered by Finjan, a security 'solution' vendor.
Researchers Slam Bush Memos - (2009-04-22)
University researchers who study sleep deprivation claim that Bush administration lawyers misused their findings.
Adobe Reader: The new Internet Explorer - (2009-04-22)
Mikko Hypponen, chief research officer with antivirus company F-Secure, suggests that people use alternative programs to read PDFs.
WSJ Reports Another Data Breach - (2009-04-21)
This time, it's the Pentagon's Joint Strike Fighter project. As expected, the article states that "many details couldn't be learned." Is someone looking to bolster their share of the budget?
Cloud Computing ...Yawn - (2009-04-21)
Bruce Schneier on cloud computing security: "I'm kind of bored with it... Cloud computing is presented as a new paradigm...but fundamentally I don't see a lot of differences between it and client-server and dumb terminals."
I have to admit, after all of the fluff and hype that's been generated over cloud computing, it's refreshing to hear someone offer a reality check.
NSA Chief Clears the Air - (2009-04-21)
The NSA's director claims that the NSA does "not want to run cybersecurity for the United States government."
The NSA Wants To Guard The Gates - (2009-04-20)
The NSA has been beating its drum to take responsibility for securing the governments networks.
Bruce Schneier thinks that this is a bad idea
The FBI's Rootkit - (2009-04-17)
An article from Wired about the Computer and Internet Protocol Address Verifier (CIPAV).
Using a FOIA request, Wired has obtained 150 pages of declassified CIPAV documents .
Office of Legal Counsel CIA Torture Memos - (2009-04-17)
On 2009-04-16, the DoJ released four secret memos used by the Bush administration to justify torture.
President Obama's stance on this issue can be read here .
Rootkits for .NET - (2009-04-17)
This page introduces application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. The focus here is on the .NET Framework, but the concepts can also be applied to other platforms such as Java's JVM.
The person who developed this tool, Erez Metula, spoke today at Black Hat Europe 2009
The NSA Crosses the Line - (2009-04-16)
Government officials claim that the NSA suffers from "overcollection problems."
2009 Data Breach Study by Verizon - (2009-04-15)
An interesting report by Verizon that discusses forensics and anti-forensics. White Hats aren't the only ones who use forensic tools to recover valuable data... organized crime has moved into this space.
Wired magazine has a nice article that follows up on this report.
Airgap Wins - (2009-04-15)
A piece on exploiting VMWare from SANS. The author states that: "I always had the viewpoint that software separation is always going to be more risky than an airgap."
WSJ: Rumors and Innuendo? - (2009-04-14)
With regard to the WSJ's article on our power grid, an Errata Security post states that: "There's no coordinated conspiracy here, but there are a lot of government officials who stand to gain by this attempt at drastically increasing government control over the Internet. They will certainly call up reporters they know and attempt to get them to write scare stories precisely like this."
A similar blog entry, When Hype is the Threat, can be read here.
Fiber Networks and Redundancy - (2009-04-13)
An article from CNET that examines how the telecoms try to build in failover when they lay down fiber optic cables. The really juicy targets seem to be undersea cables and central offices.
Hardware Bassomatic - (2009-04-13)
A shredder that chews up hard drives, laptops, and cell phones.
OpenSecrets Gives Away Its Data - (2009-04-13)
The Center for Responsive Politics is allowing users free access to its database of some 200 million data records.
Smarter is Not Always Better - (2009-04-10)
According to Mudge, "Plant control networks (and their programmable logic controllers) should be disconnected from the Internet." Let's hear it for air-gap security!
Lights Out in Silicon Valley - (2009-04-10)
Eight fiber cables were cut in San Jose and San Carlos, demonstrating that a group of ~100 people with shovels could probably do more damage than a nuclear weapon.
Is It Budget Season?- (2009-04-10)
Wired Magazine calls out the WSJ for it's article about our power grid being hacked.
US Electrical Grid Rooted - (2009-04-08)
The WSJ reports that someone (probably the Chinese or the Russians) has infiltrated our infrastructure networks and left behind a few calling cards.
Pentagon Spends $100 Million Due to Computer Attacks - (2009-04-08)
In the last six months, the Pentagon burned through over $100 million cleaning up from external attacks and internal accidents.
Microsoft's Security Intelligence Report - (2009-04-08)
Scareware and 3rd-party apps plague the boys from Redmond.
FCS: Your Tax Dollars at Work - (2009-04-07)
An article by Wired that describes the birth and death of Future Combat Systems. As Noah Shachtman reports, "just about every assumption the Army had about its future was wrong."
ISPs Officially Store User Data - (2009-04-07)
ISPs in the EU will have to store user info for 12 months, per a recent Directive.
How They Get You - (2009-04-07)
Terror attacks have got nothing on dirty silverware. Perhaps Howard Hughes wasn't so far off the mark...
An Interview with Dino Dai Zovi - (2009-04-06)
A former member of the Sandia National Laboratories� Information Design Assurance Red Team (IDART) chats with Tom's Hardware about sandboxing, cloud computing, and the fragile nature of the Internet.
Play-by-play of W32/IRCbot.gen.a - (2009-04-06)
A technically detailed analysis by McAfee of the actions that this worm takes when it installs.
How Did the Cold War End?- (2009-04-06)
Robert Eringer discusses strategies that the West implemented to undermine the USSR.
Google's Server Hardware Revealed - (2009-04-03)
Google both designs and builds its own servers. The company's data centers consist of 1AAA containers loaded with 1,160 servers each.
The NSA is not The Answer - (2009-04-02)
A WSJ article by Bruce Schneier that explains why the NSA shouldn't be charged with securing the nation's digital assets.
Symantec Has a "Security Incident" - (2009-04-01)
The BBC goes undercover to purchase credit-card information from one of Symantec's call centers in India.
March 2009________________________________
Hacker Roots Currency Exchange Service - (2009-03-31)
25-year-old attacker named Van Dinh roots an online currency exchange service based in New York and adds $100,000 to his account.
Intelligence Chiefs Warn of Threat from China - (2009-03-31)
British intelligence expresses concern that telecom equipment installed by Huawei could be used to cripple critical services.
"GhostNet" Discovered By Canadian Researchers - (2009-03-30)
Reports indicate that over 1,200 machines in 103 countries have been compromised, many belonging to government offices and foreign ministries. The system appears to be controlled by machines operating out of China. The Chinese government officially denies involvement.
Though this story was broken by the NY Times, Wired has a solid article.
Crime Does Pay (For Some People) - (2009-03-30)
Owen Thor Walker, a botnet creator who was charged with helping a criminal organization infiltrate over a million machines, has been hired as a security consultant by a telecom company.
The World's "Malware Factory" - (2009-03-30)
Economic troubles cause some Chinese engineers to turn to writing malware.
Exploiting Cisco Routers - (2009-03-30)
According to this news piece, organizations often put off patching their equipment because they view the patch as a greater risk.
Q&A With a Former NSA Cracker - (2009-03-30)
Tom's hardware interviews Charlie Miller, the winner of this year's Pwn2Own contest.
Hunkering Down in the BIOS - (2009-03-30)
Researchers at the CanSecWest conference demonstrate how to persist in the BIOS.
Microsoft Releases Security Assessment Tool - (2009-03-30)
The open-source tool, known as the "!exploitable Crash Analyzer" has been developed by the MS Security Engineering Center. It can be downloaded here.
Joanna Rutkowska to Publish SMM Attack Details - (2009-03-18)
Tomorrow (2009-03-19) the Invisible Things Lab will publish a paper (+ exploits) on exploiting Intel� CPU cache mechanisms. The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs.
Earlier work on SMM rootkits has been done by Sherri Sparks et. al. (there's an article here).
Issue 65 of Phrack has an article on SMM hackery ("System Management Mode Hack: Using SMM for 'Other Purposes'") that can be read here.
Trend Micro 2008 Annual Threat Roundup and 2009 Forecast - (2009-03-18)
In a nutshell: Things are going to get much worse before they get any better. Of course, you have to also consider the source (i.e. a security software vendor that would like your business).
Diebold ATMs Hacked in Russia - (2009-03-18)
Apparently these ATMs use Windows. The crooks physically compromised the ATMs and then installed malware that intercepted sensitive data.
Specific details about the malware can be found here.
Physical Security is Still an Issue - (2009-03-18)
An entertaining story about the zen of dumpster diving (not yet a dead art form among Black Hats).
Faux Antivirus Software is Big Business - (2009-03-17)
Hefty commissions make distributing malware a very profitable venture for 'affiliates' that are willing to embed the software in their sites.
DC's Alpha Geek Held Without Bail - (2009-03-16)
The chief security office of the District of Columbia has been arrested on bribery charges.
Malware on Demand as a Business Service - (2009-03-13)
The Internet's criminal ecosystem continues to evolve.
Webshells, Churrasco2, and Flimsy AV - (2009-03-13)
Meet the evil twin of "Defense in Depth," it's name is "Cascading Failure."
Declassified Documents on Vietnam - (2009-03-13)
Roughly 1,600 pages of extensive historical documentation. Probably the largest amount of information declassified so far.
BBC Program Buys a Botnet - (2009-03-12)
The folks at Click (a hi-tech TV program) acquired a low-end botnet (~22,000 nodes) and then used it to perform a DDoS attack against a backup site owned by Prevx.
ARP Spoofing Fun and Games - (2009-03-12)
This SANS diary entry by Bojan Zdrnja describes how ARP spoofing works and how it can be used to inject malicious JavaScript into outgoing web content.
Don't Blame the Victim - (2009-03-12)
Another solid article from Bruce Schneier. It's not necessarily a bad idea to assume the user is ignorant...
Russian Youth Group Behind Estonia DDoS - (2009-03-11)
Nashe, a privately funded youth group, admits they're responsible for the May 2007 DDoS that hobbled Estonia's network infrastructure. DEFCON should be interesting this year...
iTunes Gift Card Hacked - (2009-03-11)
Hackers in China have broken Apple's gift certificate algorithm and are selling $200 gift cards for $2.60.
Fingerprinting Paper - (2009-03-10)
Researchers claim they can use an off-the-shelf scanner to ID paper.
IRS Investigative Materials - (2009-03-10)
"This booklet has been prepared by the IRS' Office of Disclosure as a general guide for Inspectors General and other appropriate Federal officials who may need to access Federal tax information for nontax Federal criminal investigations."
Blacklisting in the UK - (2009-03-10)
The Information Commissioner's Office alleges that construction firms have been using data sold to them by The Consulting Association to illegaly screen applicants.
Adobe's ADEPT DRM for PDFs Cracked - (2009-03-09)
A researcher named "I Love Cabbages" has published code that decrypts PDF e-books that have been protected by Adobe's ADEPT DRM protection.
Intelligence and Security Committee - (2009-03-09)
This annual report by the ISC reviews the UK's intel apparatus.
Security Hole Discovered in djbdns - (2009-03-06)
Dan Bernstein pays up $1000 to Matthew Dempsky, who found a security hole in Dan's alternative for the BIND nameserver.
USAID.gov Web Site Compromised - (2009-03-06)
This article includes a post-mortem of what happens to web clients that visit this site.
Insider Theft Threatens 80,000 NYPD Cops - (2009-03-05)
The pension fund's director of communication has allegedly stolen backup tapes that store information on 80,000 police officers.
Leaping the Great (Fire)Wall of China - (2009-03-05)
This Harvard report examines ways to bypass traffic filtering. Related information can also be found at OpenNet.
Bot Herder Gets 4 Years- (2009-03-05)
A 27 year-old computer security consultant gets 4 years in a federal prison for creating botnets.
More details on this story are available here.
Malware Targets Trading Firms - (2009-03-04)
Details on the "Tigger.A" trojan, which utilizes both a privilege escalation exploit and rootkit technology to pilfer data.
Surveillance Self-Defense - (2009-03-04)
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
The Return of L0phtCrack - (2009-03-03)
The people who originally implemented this tool have resumed ownership and will release version 6 on 2009-03-12 at the SOURCE conference in Boston.
Obama Administration Discloses Bush-era Memos - (2009-03-03)
At the behest of the Obama Administration, the Department of Justice today released two previously undisclosed (i.e. secret) Office of Legal Counsel (OLC) memoranda and seven previously undisclosed opinions.
Visa: No Need to Panic over Breach Notice - (2009-03-02)
Seems as though Visa's recent alert was regarding on ongoing investigation of an earlier breach.
Marine One Data Leaked - (2009-03-02)
FYI, Marine One is the President's helicopter. Reports indicate that a defense contractor leaked blueprints and other sensitive data via a machine that was running P2P software.
Intelligence Operations and Metrics in Iraq - (2009-03-02)
Another study by RAND. Could this be the Pentagon Papers II?
February 2009______________________________
FTC Consumer Sentinel Network Report - (2009-02-27)
The FTC reports that there were 314,000 identity theft complaints in 2008. In terms of the number of complaints filed, identity theft topped the list (26% of the total).
The Whole Foods "No Touching" Security Measure - (2009-02-26)
An entertaining commentary by Bruce Schneier that helps to explain why some some inmates have languished in Gitmo for so long.
Adobe Drags Its Feet - (2009-02-25)
Symantec issued an alert regarding an unpatched 0-day exploit in Adobe Acrobat on February 12th. Adobe has promised to provide a fix for Acrobat 9 by March 11th. Never mind, they're just customers! US-CERT offers the following solutions.
The Guassian Copula Function - (2009-02-24)
Another reminder of the limits of mathematically modeling risk on Wall Street. Ultimately, all models are flawed. Caveat emptor.
Russian Consulate Site Defaced By Chinese Hackers - (2009-02-24)
Supposedly this attack was in response to the sinking of a Chinese cargo ship by the Russian navy.
Oak Ridge National Laboratory Implements Cybots - (2009-02-24)
The DoE strives to build a "intelligent, self-healing, intrusion detection and prevention system" which uses software agents that can cooperate.
Chinese Firm Accused of State-Sponsored Hacking - (2009-02-24)
Venus Info Tech, a company based in Beijing, has been accused of helping the Chinese government infiltrate foreign government networks.
Undisclosed Payment Processor Breached - (2009-02-23)
As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor.
European Cops Complain About Skype - (2009-02-23)
The German police simply plant spyware to get at information.
Data Breach at University of Florida - (2009-02-23)
The personal information of 97,200 people was compromised.
SANS Consensus Audit Guidlines - (2009-02-23)
Twenty important controls and metrics for computer security.
The Oracles at the Open Security Foundation - (2009-02-20)
Another solid story from Wired about how the OSF detected the Heartland data breach before it was announced.
SRI Publishes Details on Conficker B++ - (2009-02-20)
A new variant of the dreaded Conficker worm has appeared. SRI International reports that some 10.5 million machines have been infected by Conficker variants.
Air Forces Falls Back on Air Gap - (2009-02-19)
The Maxwell Air Force Base in Alabama cuts off internet access.
Subverting SSL - (2009-02-19)
A researcher at Black Hat shows how to use a Man-in-the-middle attack to sidestep SSL.
Terror Databases: Unlikely to Succeed, Threat to Freedom - (2009-02-19)
Nigel Inkster, a former Assistant Chief of MI6, puts terrorism in context. "For example, every year in the UK, more people die in road accidents than have been killed by terrorists in all of recorded history."
Wyndham Hotels and Resorts Hacked - (2009-02-19)
Tens of thousands of credit card numbers and CVV codes were stolen. The company's official notice is here.
Government Travel Site Hacked - (2009-02-19)
Visitors to Govtrip.com were redirected to a rogue URL that attempted to install malware.
Work Continues on the Virtual Fence - (2009-02-18)
Additional funding allows Boeing to continue work on a virtual fence along the southwestern border of the US.
San Francisco Admin Speaks Out - (2009-02-18)
Terry Childs claims he did nothing wrong. Bruce Schneier disagrees.
The Former Head of MI5 Speaks Out - (2009-02-18)
Dame Stella Rimington warns that the UK is becoming a police state.
Finding Osama for Engineers - (2009-02-18)
This essay examines scientific tools that could be used to locate bin Laden.
Systemic Risk and Moral Hazard - (2009-02-18)
Once again, FRONTLINE presents a remarkably well done analysis of the banking crisis. This program is one reason why viewers should support PBS.
Cisco and the Mainframe Market - (2009-02-17)
Cisco takes a few tentative steps towards storming IBM's traditional stronghold.
Unmasking Blocked Calls - (2009-02-17)
TelTech systems offers a way to take the privacy out of Caller ID.
The Internal Threat - (2009-02-16)
WSJ article by Bruce Schneier about dealing with rogue insiders.
Thieves Steal $2.5 Million from Utah Treasury - (2009-02-16)
A forensic accounting firm is brought in to search for clues.
The Race to the Bottom - (2009-02-16)
An eye-opening look at working conditions in China.
Rethinking The Internet - (2009-02-16)
An overview that points out some of the challenges of the current system.
Wired Magazine Debunks Javelin Research Statistics - (2009-02-13)
Looks like this report may not be what it's cracked up to be...
NSA Shows an Interest in Skype - (2009-02-13)
The NSA puts a bounty on Skype, hoping to encourage someone to find a way to reliably eavesdrop on it.
Microsoft Sets a Bounty - (2009-02-13)
Microsoft offers $250,000 for information leading to the arrest of the people who created and launched the Conficker worm.
Cracking Conficker - (2009-02-13)
The White Hats use sinkhole servers to intercept data sent by compromised machines.
Director of National Intelligence, Annual Threat Assessment - (2009-02-12)
According to this report, globalization, the worldwide economic crisis, and competition over scarce resources are all critical factors.
Editorial on H-1B - (2009-02-12)
This is, and always has been, about cheap labor.
Romanian Hackers Claim F-Secure Breach - (2009-02-12)
Kaspersky, BitDefender, and now F-Secure. SQL injection strikes again.
KB&R Fined $402 Million for Bribery - (2009-02-12)
Halliburton rears its ugly head again.
BitDefender Partner Gets Hacked - (2009-02-11)
A partner web site associated with BitDefender is compromised via a SQL injection attack.
Cybercrime is Safer (for Criminals) - (2009-02-11)
A fairly lengthy article on the emergence of the Internet's criminal ecosystem.
Germany Enlists Hackers in Uniform - (2009-02-10)
The German Bundeswehr is training hackers for "strategic reconnaissance."
FBI Investigates Swarm ATM Attack - (2009-02-10)
ATMs in 49 cities worldwide were accessed in a 30-minute period. The attackers made off with $9 million.
2009 Identity Theft Report by Javelin Research - (2009-02-10)
According to Javelin: the most common attack vectors are still low-tech (e.g. stolen wallets). This claim has been questioned (see Wired Magazine post, 2009-02-13).
Conficker Worm Shuts Down French Navy Network - (2009-02-10)
Investigators suspect that an infected USB drive was inserted into a computer on the network. Some low-level British military system were also affected.
6,780 Congressional Research Service Reports- (2009-02-10)
Wikileaks releases almost a billion dollars worth of quasi-secret CRS reports.
FAA Gets Hacked - (2009-02-10)
The Federal Aviation Administration reports that the names and SSNs of some 45,000 employees/retirees was accessed.
Kaspersky Gets Hacked - (2009-02-10)
An intruder from Romania uses a SQL-injection attack to break into a customer database.
Microsoft Changes UAC in Windows 7 - (2009-02-06)
In response to a number of blog posts that pointed out weaknesses in UAC, Microsoft has announced that they're strengthening the feature to make it more resistant to attacks.
DNS Amplification Attack - (2009-02-05)
This tactic has been employed in recent DDoS attacks.
Web Censorship in China - (2009-02-05)
The Chinese government feels threatened by "public activism that would be speedily suppressed, or widely ignored, if it occurred offline."
Penetration Test Post Game Wrapup - (2009-02-04)
A security consultant explains how he broke into a client site.
SRA International Data Breach - (2009-02-04)
SRA sells cybersecurity and privacy services to the federal government. Go figure.
Social Engineering Attack Uses Parking Tickets - (2009-02-04)
Fake parking tickets lead victims to a malicious web site.
GAO Audits the Treasury Dept.- (2009-02-04)
The US Treasury Dept. receives poor marks for sloppy IT security.
Coming Soon: 20 Petaflop Computer - (2009-02-03)
IBM plans to build a machine with 1.6 million processors for the DoE.
Morningstar Accused of Internet Espionage - (2009-02-02)
NewRiver Inc. alleges that Morningstar employed internet-base espionage to gain access to its computers.
Testing War Plans in Virtual Reality - (2009-02-02)
NATO is looking for a Sim version of Afghanistan to test out different war plans. But war veterans think that someone is smoking something.
Drive-By RFID Cloning - (2009-02-02)
Chris Paget builds a device that can sniff RFIDs from passports and drivers licenses. This is no longer a "theoretical" attack.
DoJ Runs E-mail Fire Drill - (2009-02-02)
DoJ sends out fake e-mails to test the security awareness of federal workers.
IBM X-Force Threat Report - (2009-02-02)
IBM declares that 2008 was the year of the SQL injection attack.
Blind Phreaker Pleads Guilty - (2009-02-02)
Matt Weigman has his work cut out for him.
Microsoft Sues a Former Employee for Stealing Secrets - (2009-02-02)
Microsoft claims that a program manager in the Windows Security Group downloaded confidential files onto a company-issued laptop.
Disabling UAC in Windows 7 beta - (2009-02-02)
Source code is available here.
The Debate over Cellphone Jamming - (2009-02-02)
Currently, only the Feds can use this equipment. Does using this technology cut both ways? Bruce Schneier says so.
FBI Gang Threat Assessment - (2009-02-02)
The FBI reports that there are 20,000 gangs active in the US.
"Swatting" - (2009-02-02)
Crank callers exploit an authentication hole in 911 to send SWAT teams to random addresses.
January 2009______________________________
P2P Leaks Healthcare Data - (2009-01-30)
A professor at Dartmouth's Tuck School of Business exposes how easy it is to pilfer sensitive data with P2P software.
Related: the official research was published here.
Interview with an Adware Developer - (2009-01-30)
This discussion does wade into technical details.
Spy Employs His Son as a Bag Man - (2009-01-30)
The son of a former CIA agent travels abroad, collecting money on behalf of his imprisoned father.
Over 90% of Corporate E-mail is Spam - (2009-01-29)
In a press release, Panda Security reports that only 8.4% of corporate e-mail is legitimate.
Dense Inert Metal Explosive (DIME) Munitions - (2009-01-29)
These weapons use tungsten powder that acts as "micro-shrapnel" over a confined area.
IT Contractor Plants Malware Bomb - (2009-01-29)
A recently displaced contractor, hired as a Unix admin by Fannie Mae, was indicted on charges of installing malware that would have executed on January 31, 2009. This is an interesting read.
Related: former programmer pleads not guilty.
McAfee Claims Data Breaches Costs $1 Trillion Globally - (2009-01-29)
Using a survey that included 800 CIOs worldwide, McAfee projects that yearly data breaches cost businesses as much as $1 trillion. Almost half of the respondents indicated that displaced workers were the biggest threat.
Insurgency and Counterinsurgency Documents - (2009-01-28)
Military documents, compliments of WikiLeaks. Caveat emptor.
Monster.com Suffers Massive Data Breach - (2009-01-28)
Monster.com decides not notify users via e-mail. One more reason not to store your resume online. BTW, this is not the first time this has happened for Monster.com.
Hardware-Level Drive Encryption - (2009-01-28)
Drive vendors have published specs for full-disk encryption.
Kyrgyzstan Gets Kicked off the Grid - (2009-01-28)
A Russian cyber-militia performs a massive DoS Attack against the two largest ISPs in Kyrgyzstan (80% of the country's bandwidth).
Drive-By Downloads Evolve - (2009-01-27)
Tracking malicious sites using a list may no longer be sufficient.
MessageLabs Intel Report - (2009-01-27)
Spambots account for approximately 75% of all e-mail.
Hackers abuse my.barackogama.com - (2009-01-27)
The shortcomings of the President's Web 2.0 campaign are becoming evident.
Fast-Flux Hacker Gong Fu - (2009-01-27)
The ICANN looks at countermeasures to deal with this evasion technique.
Bot Herder Worked as Security Consultant - (2009-01-26)
John Kenneth Schiefer, of Los Angeles, maintained a botnet consisting of over 250,000 machines.
Bots Doing Shots - (2009-01-26)
SecureWorks.com reports that the Ozdok botnet is collecting screen shot data from infected users.
Failed plot to steal $229 million - (2009-01-26)
Belgian hackers fail in their bid to rob the Sumitomo Mitsui Banking Corporation.
70 Percent of the Top 100 Web Sites Compromised - (2009-01-24)
A report issued by Websense.com indicates that it's no longer enough to simply stick to "safe" web sites.
Microsoft's Documentation is Deteriorating - (2009-01-24)
Microsoft has 800 employees working on a documentation base of 20,000 pages. The number bugs just keeps getting larger.
More Details on the Max Butler Case - (2009-01-22)
An FBI agent recounts his three years underground.
Le Cercle - (2009-01-22)
Yet another sinister foreign policy think-tank.
Linking the Intelligence Agencies - (2009-01-22)
The Director of National Intelligence, Mike McConnell, is working to link thousands of intelligence databases that span 16 agencies.
John Thain Resigns - (2009-01-22)
Pin stripes trump hacking skills when it comes to the really big scores.
Congress gets Hacked - (2009-01-21)
Malware makes its way into a number of machines in the legislative branch.
Paint can block high-frequency Wi-Fi - (2009-01-21)
Research team at the University of Tokyo in Japan experiments with paint that can absorb EM waves of up to 182GHz.
Go Ahead and Write it Down - (2009-01-21)
The chief research officer at AVG thinks that writing down your password probably isn't such a bad idea.
More on the Heartland Breach - (2009-01-21)
The Heartland system manages 100 million transactions a month. The total amount of information compromised in unknown.
Heartland Payment Systems Breached - (2009-01-20)
Payments processor, which services 250,000 locations, uncovers signs of an intrusion and has notified the feds.
OSF Data Loss Statistics - (2009-01-19)
According to the OSF data set, stolen laptops are the biggest threat.
Conficker worm uses Metasploit - (2009-01-19)
The song remains the same: PATCH YOUR SYSTEMS!
Botnet Battles Rage On - (2009-01-17)
Internet hosting companies are cut off from the grid by upstream ISPs in the wake of accusations that they're facilitating cyber-crime.
Bailed-Out Banks Use Tax Havens - (2009-01-17)
They don't want to pay taxes, and yet they turn around and expect the tax-payer (that would be me and you) to lend a helping hand.
Wiping a Disk in one Pass - (2009-01-16)
Craig Wright examines why a single overwrite is enough to wipe a disk clean.
In-Session Phishing Attacks - (2009-01-16)
Attackers have begun to inject malicious Javascript into legitimate web sites in an effort to get users to reveal their credentials. "We're sorry, your session has timed out..."
An Argument Against the SANS Top 25 List - (2009-01-16)
Gary McGraw explains why the SANS Top 25 list isn't the optimal way to address the problem of creating secure code.
Ministry of Defense in UK Suffers Widespread Shutdowns - (2009-01-16)
In a virus outbreak of unprecendented scale, the UK's Ministry of Defense experiences mass system outages (though officials claim that no classified data was compromised).
BGPSEC is Coming! - (2009-01-16)
The Feds plan to augment the BGP protocol to make attacks against the core routing infrastructure more difficult.
The National Cyber Range - (2009-01-15)
DARPA accepts proposals for research that will investigate "innovative approaches that enable revolutionary advances in science, devices, or systems."
Biometric Passports in the EU - (2009-01-15)
The European Parliament decides to implement biometric passports that will become standard issue as of June 29th.
KMD Password Sniffer - (2009-01-15)
The "Mount IOCTL" attack works by patching DeviceIOControl() to intercept the keys used by on-the-fly encryption programs.
Spy Cameras in San Francisco - (2009-01-14)
A report sponsored by the SF Board of Supervisors finds that CCTV cameras don't deter violent crimes. But they do impact property crimes.
Related: See the official report here.
Top 25 Most Dangerous Programming Errors - (2009-01-12)
A whole bunch of people and organizations joined forces recently to compile a list of common programming errors that can lead to security problems.
Related: Top 20 most common attack vectors here.
Cracking NASA to look for aliens - (2009-01-12)
UK man admits cracking 97 NASA machines in search of UFO evidence (supposedly causing $1 billion in damage).
Teaching Intelligence Analysts in the UK - (2009-01-10)
A look at intel analysis from 10,000 feet.
Auditing the IRS - (2009-01-09)
The U.S. Government Accountability Office reports that the IRS has corrected 49 of the 115 computer security problems found in a November audit.
Related: Read the full 30-page report here.
Ukrainian hacker gets 30 years - (2009-01-08)
A Ukrainian cracker linked to the TJX hack was given a 30 year prison sentence in Turkey on unrelated charges.
Cybergeddon! - (2009-01-07)
The Assistant director of the cyber division at the FBI speaks at the International Conference on Cyber Security in New York City. He claims that computer attacks rank right up there with WMDs.
The Snohomish Smokescreen, and other capers - (2009-01-07)
Wired lists the seven most entertaining robberies of 2008.
CheckFree hacked by Ukrainians - (2009-01-07)
CheckFree, a business unit of Fiserv, Inc., recently experienced an "incident." This is a nice way of saying they were rooted. They estimate that 160,000 users may have been affected.
Summary of Data Breaches in 2008 - (2009-01-07)
List of some 656 data breaches, exposing some 35 million user records, compiled by ITRC.
Joanna does it again - (2009-01-06)
Joanna Rutkowska, the Nadia Comaneci of stealth malware, has found a way to hack software that's loaded using Intel's Trusted Execution Technology (part of Intel's vPro processor platform).
Micro$oft too poor to train and test? - (2009-01-06)
Microsoft somehow fails to acquire the tools necessary to prevent a bug from sneaking into IE. The company also admits that it failed to train its developers. Where's all that money going?
The Case for DNSSEC - (2009-01-06)
Work is currently being done to address the shortcomings of the elderly DNS protocol.
E*trade fined $1 million - (2009-01-02)
The Financial Industry Regulatory Authority penalizes E*trade for failing to keep an eye out for money laundering.
Once-secret "atomic patents" - (2009-01-02)
A handful of the "atomic patents" generated by the wartime patenting program that were all initially filed in secret under a World War I-era statute.
Related: from the Bulletin of the Atomic Scientists, "Inside the Atomic Patent Office."
USCC Funding Study of China's Cyberwarriors - (2009-01-02)
The U.S.-China Economic and Security Review Commission (USCC) is looking for a contractor to study the ability of China to conduct network attacks.
Related: Visit the USCC website here.
December 2008____________________________
Israeli Spy Busted - (2008-12-30)
Former Army Employee Pleads Guilty to Acting as Israeli Agent.
Attack of the Playstations - (2008-12-30)
Researchers use a cluster of 200 Playstations to impersonate PKI-based identities.
Digital Photo Frame ships with malware - (2008-12-29)
Samsung frame manager software ships with a free copy of the W32.Sality.AE worm! It's not a bug, it's a feature.
Rogue Admin in San Francisco - (2008-12-29)
Terry Childs claims he was protecting his network from incompetent coworkers.
Shoplifting rings get smart - (2008-12-29)
Fake receipts and bar code stickers are all the rage.
Atom Bomb Reversed - (2008-12-29)
John Coster-Mullen creates a complete replica of the first atom bomb (minus the uranium).
Hacker caught with a million credit card numbers - (2008-12-22)
Max Butler, a certifiable Black hat from the Bay Area, makes an inevitable trip to club fed.
Google Bets on Cloud Computing - (2008-12-21)
Will we revert back to centralized computing?
$1.6B went to bailed-out bank execs - (2008-12-21)
Your tax dollars hard at work.
Related: Where exactly did the money go? Shhhh! It's a secret.
CSIS Chairman Q & A - (2008-12-19)
Cybersecurity honcho Jim Langevin responds to reader questions.
Top 10 Security Patterns - (2008-12-15)
Researchers share ten recurring themes with regard to securing code.
CIA Intel: Quantity over Quality - (2008-12-13)
The former head of the Asia division of the CIA's clandestine service examines current issues. Bah, who needs internet access anyway?
Big Brother Hasn't Won - (2008-12-13)
Op-ed about how the NSA has turned its attention towards US citizens.
Related: For in-depth coverage see The Shadow Factory By James Bamford.
Related: Read about Thomas Tamm , the man who blew the whistle on the NSA's "program."
Cyber Crooks Loot Citibank Accounts - (2008-12-12)
Transaction processing server is hacked. Russian mobster farms out the stolen data.
The Speed Camera Pimping Game - (2008-12-11)
Teens spoof license plates to send tickets to other people.
Fighting cybercrime in an economic downturn - (2008-12-11)
"Work at home" internet jobs used to launder money.
McAfee Virtual Criminology Report - (2008-12-09)
Read how the crooks are taking the high ground.
Commission on Cyber Security Report - (2008-12-08)
Center for Strategic and International Studies pushes for a National Office of Cyberspace.
FBI taps cell phone mic - (2008-12-01)
The Feds activate cell phone's microphone remotely and then use it to listen in.
November 2008____________________________
Symantec Report on the Underground Economy - (2008-11-24)
Criminals are beginning to opt for precision strikes with regard to high-value targets.
Obama's Cellphone Account Breached - (2008-11-21)
Verizon Wireless disclosed that several of its employees accessed and viewed President-elect Barack Obama's personal cellphone account.
Pentagon Bans Computer Flash Drives - (2008-11-21)
Virus Threat Prompts Defense Officials To Ban Use Of External Drives, No Word On How Long.
Related: Company sells camouflaged USB Drive
National Security Archive - (2008-11-14)
NSA releases history of cold war intel activities.
Book I: The Struggle for Centralization, 1945-1960 (part-1)
Book I: The Struggle for Centralization, 1945-1960 (part-2)
Book II: Centralization Wins, 1960-1972 (part-1)
Book II: Centralization Wins, 1960-1972 (part-2)
Book III: Retrenchment and Reform, 1972-1980 (part-1)
Book III: Retrenchment and Reform, 1972-1980 (part-2)
NSA Origins