Saturday, January 19, 2008

A rumor of electrical power grids being hacked via the Internet

Here is a scary report -- electrical power grids shut off by hackers demanding money using the Internet.

Ted Bridis of the AP is reporting:

Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.

All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in "several regions outside the United States."

"In at least one case, the disruption caused a power outage affecting multiple cities," Donahue said in a statement. "We do not know who executed these attacks or why, but all involved intrusions through the Internet."
Unfortunately, the CIA doesn't seem to want to verify where this happened at.

I did a Google news search and there are power outages being reported all over, but most notably in Africa and Pakistan.

If anyone else cares to speculate, a link to Google and power outages can be seen, here.

Problem is power outages happen all the time and I'm not sure if the search reveals any unusual activity.

Of course, the CIA will not confirm or deny exactly which outages were caused by hackers.

Apparently, the CIA official announced this at a SANS conference in New Orleans on Thursday. Information Week has more information on this, here.

Nonetheless, if power grids can be shut down using the Internet, it makes me wonder how secure we really are sometimes?

Last summer shutting down power grids was part of the plot in the movie, "Live Free or Die Hard" starring Bruce Willis.

AP article (courtesy of SF Gate), here.

January Symantec Report reveals questionable blogs, polls and Nigerian Scam restitution schemes

If you ever want to know what criminals and other misfits are up to on the Internet, watching spam traffic can reveal a few clues.

After all, spam is the vehicle most cybercriminals use to pass along whatever scheme they are behind designed to part people with their hard-earned money.

Symantec noted in December that close to 75 percent of all e-mail being sent is spam.

A little over a week ago, they issued their January report, which showed spam levels peaking towards the end of December to 83 percent.

Highlights noted in the January report are:

Holiday Spam Spikes: Spam levels reached new levels as spammers inserted holiday-oriented keywords into everything from subject lines to images.

Spammers Get Honest? Not So Fast: Spammers tried a new twist on an old scam, falsely promising past spam victims restitution of $100,000.

As Oil Prices Hike, Spammers Strike: This new spam claims to identify gas stations that fraudulently tamper with pump prices.

Not-So-Happy New Year: Recipients were invited to download a fun New Year’s song and dance, but instead found themselves downloading something far more malicious.

Presidential Polling Scam: Promising gift cards in exchange for opinions, spammers leverage the US presidential primaries to collect personal information.

Beware of Blogs: The use of blogs within spams appears to be on the rise, particularly in China where simplified character sets are common.
I found the 419 restitution activity interesting. In case you've never heard the term "419," it is the penal code in Nigeria for the infamous Advance Fee scam.

Here is what the report said:

419 spammers who have traditionally used stories about African dictators to defraud individuals have recently changed their approach to these types of emails. Certain 419 scams observed by Symantec this month claim to offer compensation to victims of 419 scams. The scam states that payments will be supervised by UN officials and about 150 scam victims will be paid compensation of $100,000 each. It provides some URL links as a reference to money that was successfully recovered by 419 scam victims. At the bottom of the email, it explains how the money may be recovered and the fraudulent background of such emails may be observed.

Interestingly enough, the Economic and Financial Crimes Commission (EFCC)of Nigeria has made real victims whole with funds seized from 419 scammers. You can see some real examples of this on their site.

The most recent time, I've mentioned the EFCC on this blog is when they were part of an International task force that intercepted large quantities of counterfeit checks at post offices in several countries. These counterfeit checks are normally used in advance fee scams, where people are tricked into cashing them and wiring the proceeds back to the criminal(s) sending them.

This led to a major press campaign and new website dedicated to educating the public about these checks called FakeChecks.org. The United States Postal Inspection Service, who worked with the EFCC on the task force, is one of the major sponsors of this site.

Most advance fee scams can be traced to a spam e-mail.

So far as the other trends noted, spammers and scammers are very adept of using what is popular or newsworthy to spread their deceit on the Internet.

It's probably not a surprise that they are taking advantage of the rise in oil prices, or political polls to lure people into their web.

If you would like to read more about this, the January report from Symantec can be read in full, here.

Why Walmart might be looking for a few good spies

Ran into a interesting story alleging that large corporations -- in this instance Wal-Mart -- are hiring former government intelligence types to work in their corporate security departments.

The story that I found in RINF.com, which states that they monitor the "surveillance society," focused on Wal-Mart delving into the personal details of two of their former executives.

Apparently, the personal details of an affair became public, when one of the executives was being investigated for a conflict of interest with a advertising agency. The article also states that the executive being investigated got the other executive her job.

In all fairness -- despite the article's focus on privacy concerns -- conflicts of interest and intellectual property crimes are becoming a growing problem for corporations. The fact that one person got another person a job based on a personal relationship might be a little questionable, also?

Here is what the article, written by Douglas Frantz, had to say about former goverments running this investigation:

Largely overlooked in the furor was the role that Wal-Mart’s internal security department had played in digging up the salacious details. This department, a global operation, was headed by a former senior security officer for the Central Intelligence Agency and staffed by former agents from the C.I.A., the Federal Bureau of Investigation, and other government agencies. (See our Spy Slang guide) A person familiar with the episode said in an interview that an ex-C.I.A. computer specialist was involved in piecing together the email evidence—which included copies of Womack’s private Gmail messages, provided by his estranged wife—and that another former government agent had supervised the overall investigation.

Ex-government agents appear to be Wal-Mart’s investigators of choice. The retailer has emailed job listings to members of the Association for Intelligence Officers as well as posted ads on its site seeking to hire “global threat analysts” with backgrounds in intelligence. The job description for the analysts, who would have reported to a former Army intelligence officer, entailed collecting information from “professional contacts” to gauge threats from “suspect individuals and groups.” In practice, their responsibilities would have extended to gathering information about Wal-Mart employees, suppliers, and customers; Wal-Mart monitors shoppers for suspicious or potentially criminal activity. A Wal-Mart spokesman said the company does not comment on security matters.

Ex-government agents appear to be Wal-Mart’s investigators of choice. The retailer has emailed job listings to members of the Association for Intelligence Officers as well as posted ads on its site seeking to hire “global threat analysts” with backgrounds in intelligence. The job description for the analysts, who would have reported to a former Army intelligence officer, entailed collecting information from “professional contacts” to gauge threats from “suspect individuals and groups.” In practice, their responsibilities would have extended to gathering information about Wal-Mart employees, suppliers, and customers; Wal-Mart monitors shoppers for suspicious or potentially criminal activity. A Wal-Mart spokesman said the company does not comment on security matters.
While the article seems to target activity at Walmart, it alleges that their is a substantial market for this type of service:

The best estimate is that several hundred former intelligence agents now work in corporate espionage, including some who left the C.I.A. during the agency turmoil that followed 9/11. They quickly joined private-investigation firms whose U.S. corporate clients were planning to expand into Russia, China, and other countries with opaque business practices and few public records, and who needed the skinny on international partners or rivals.

With outsourcing becoming the norm for large corporations, I would imagine that experts in the espionage field might be a prudent investment for some of these corporations.

One reason might be counterfeiting, which the International Anticounterfeiting Association estimates to be a $600 billion dollar a year problem.

Intellectual property theft is being touted the crime of this century. While just about everything you can imagine is being counterfeited, technology seems to be targeted, most frequently.

In fact, IPhones, which were last years big tech item, were being cloned and sold on eBay by the time the product was rolled out in the United Kingdom.

There are constant reports of Chinese involvement in espionage from the corporate level to hackers breaking into government systems. Couple this with large corporations having their a lot of products manufactured in China and it's no wonder the services of a few good former spies might be prudent.

We probably shouldn't be surprised that corporations are turning to espionage experts to protect their assets. In fact in the age of the global economy and outsourcing, we are going probably going to see a growing demand for this type of expertise in the private sector.

RINF.com article, here.

IAAC White Paper on intellectual property theft, here.

The FBI did an interesting (my opinion) press release showing a little corporate espionage with a Chinese connection in 2006, which can be seen by clicking here.

Thursday, January 17, 2008

Adopting a homeless critter is a better idea than taking a chance of being scammed on the Internet!


(Billboard calling out puppy mill abuse in Pennsylvania courtesy of Star Cat at Flickr)


The fact that there are so many homeless dogs and cats is a sad thing to ponder. If you are like me (and a few humans I know) a trip to the local pound can be a heart breaking experience.

With so many homeless animals in the world, it amazes me that anyone would buy one. Nonetheless for whatever reason -- people do and the result is a lot of abuse and a fair amount of scam activity -- especially when the "I word" (Internet) is involved.

I happened to run into a pretty good article by Marissa Maroff published on eHow on how to avoid getting scammed, and in a lot of instances (also avoid) supporting, animal abuse.

Marissa writes:

Buying a new pet on the Internet is usually not a good idea. In addition to unscrupulous dealers and puppy mills selling their “stock” to unsuspecting buyers—online scammers use elaborate websites and fabricated stories to bilk substantial amounts of money out of people for pets that don't even exist. And the pets that do exist, very often have serious, if not fatal health problems. Here are ways to keep from getting duped by online pet sellers.

If you insist on getting a pet via the Internet, the full article can be read, here.

The Puppy scam is also known in the Advance Fee (419) scam circles, also. Basically this variation of the advance fee (419) scam entails free pure bred puppies, or pure bred puppies at a "too good to be true" price. After a few e-mails to hook the victim into believing the deal is for real, shipping fees are sent (normally Western Union or MoneyGram) and the puppy never arrives.

Please note that the media loves to attribute all this activity to Nigeria (it makes good press), but Nigeria isn't the only point of origin for these types of scams. Scams can orginate from just about anywhere.

Going back to my original thought in writing this post, there are a lot of lovable animals out there waiting to be adopted that really are free. These animals, who need a good home can be found at your local pound, the SPCA, numerous rescue organizations, or even your local Petsmart on weekends.

On a personal level, I highly recommend you start there before looking for a paid companion on the Internet. In the long run, you will receive some good karma and probably avoid (not support?) a lot of pain and suffering.

I'm dedicating this post to Raleigh, Ellen, Carole, Kim, Scott, Frank, Dave, Michael, Sam (1, 2 and 3), Olivia and Dr. Marylou Randour, who is the author of Animal Grace.

Animal Grace
is a book that explores the spiritual relationship we share with furry critters of all kinds.

Wednesday, January 16, 2008

Your computer will not love this Valentine

The Storm Worm, which turns systems into spam spewing zombies without their owner's knowledge is taking a predicted twist and using Valentine's Day as a lure.

Websense is reporting:

Websense® Security Labs™ has received reports and confirmed that the Storm worm has once again switched lure tactics. The worm has now adopted a Valentine's Day twist in its attempts to infect users with malicious code. For more details on how we protect against Storm attacks, see http://www.websense.com/securitylabs/blog/blog.php?BlogID=141.
Websense (full) alert with screenshots, here.

Most recently, we've seen the Storm Botnet leased by the phishermen to steal people's personal and financial details.

CNet (Robert Vamosi) did a good write-up on this latest Storm phenomenon, here.

The best way to protect your computer from this (besides having good security software) is to simply "just say delete" to any unsolicited Valentines you receive!

Previous posts I've written about the Storm Worm can be seen, here.

Sunday, January 13, 2008

Blogger exposes security flaws on TSA site

Since 9-11, we've spent billions upgrading security. Here is a sad report about how the TSA (Transportation Security Agency) put up a NOT very secure site with some of the money earmarked for making the nation more secure.

Even worse, it seems it wasn't the TSA didn't even discover the problem themselves. The problem was brought to light by a blogger!

Here is some commentary from the government report that examines this problem:

In October 2006, the Transportation Security Administration launched a website to help travelers whose names were erroneously listed on airline watch lists. This redress website had multiple security vulnerabilities: it was not hosted on a government domain; its homepage was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified. These deficiencies exposed thousands of American travelers to potential identity theft.

After an internet blogger identified these security vulnerabilities in February 2007, the website was taken offline and replaced by a website hosted on a Department of Homeland Security domain.

At the request of Chairman Henry Waxman, Committee staff have been investigating how TSA could have launched a website that violated basic operating standards of web security and failed to protect travelers’ sensitive personal information. As this report describes, these security breaches can be traced to TSA’s poor acquisition practices, conflicts of interest, and inadequate oversight.

The report reveals that the contract for the website was awarded without taking competitive bids to a company by a TSA employee, who was a former employee of the company designing the site. Even worse, it took months for the security flaws to be noticed and when they were, it was a blogger that brought them to everyone's attention!
The "hat tip" on this one belongs to a Chris Soghoian, who is a Ph.D. student at the University of Indiana’s School of Informatics. He used to write on the blog, "Slight Paranoia."

The first time Chris was considered "notorious" was when he put a fake boarding pass generator on the Internet. This attracted a lot of attention in the press, as well as that of the FBI.

Chris recently moved his blog to a CNet address, which can be seen, here.

Chris recently blogged about this report and added a comment about the lack of spell check being used on the TSA site, "Furthermore, the site was filled with typos and other errors, causing some to wonder whether TSA's site had been taken over by phishers."

The official government conclusion is:

There were multiple factors that contributed to security vulnerabilities in the TSA traveler redress website. They included poor procurement practices, conflicts of interest, and weak oversight. The result of these shortcomings was that an insecure website collected sensitive personal information from American travelers for months without detection by TSA.

This led me to wonder if the TSA employees involved still have their jobs?

Much to my chagrin, I found my answer on the Committee on Government Oversight and Reforms press release on this matter:

Neither Desyne nor the Technical Lead on the traveler redress website has been sanctioned by TSA for their roles in the deployment of an insecure website. TSA continues to pay Desyne to host and maintain two major web-based information systems: TSA’s claims management system and a governmentwide traveler redress program. TSA has taken no steps to discipline the Technical Lead, who still holds a senior program management position at TSA.
Full government report (PDF version, here.

It's unlikely the IRS is outsourcing tax preparation services to Russia!

Looks like with the start of tax season, the phishermen are again pretending to be the IRS.

Using a badge of authority in phishing is nothing new. In the past, we've seen the FBI, Interpol, DOJ and a lot of other official agencies spoofed (impersonated) to trick people into giving up their personal and financial details.

Here is a phishmail that got past my spam filter yesterday:


Date: Fri, 11 Jan 2008 16:02:36 -0500

From: "Internal Revenue Service" Add to Address Book Add Mobile Alert

Subject: IRS Annual Calculations - Tax Refund Internal Revenue Service United States Department of the Treasury

Dear Applicant:

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $270,25.

Please submit the tax refund request and allow us 2 business days in order to
process it.

To access the form for your tax refund, please click here (link removed).

The links on these spam e-mails are designed to entice the unwary to give up their personal and financial details (later used to commit financial crimes)through social engineering techniques (trickery). Just clicking on a link can download malicious software designed to steal information from your computer (which will also be used in financial crimes) or it will turn your computer into a spam spewing zombie.

If you hover (don't click) your mouse on a link and read the address that shows up on the bottom of your screen, it will show the true address. In the above example, it reveals and address of a Russian domain (astrasong.ru).

It's unlikely that the IRS is outsourcing tax preparation services to the Russian Union!

I went to the IRS site and discovered that they just updated their Suspicious e-Mails and Identity Theft page the same day I received this phishmail.

The page has links to all their previous warnings and information on where to report phishing activity involving the IRS. Also included are government educational resources (recommended reading if you haven't seen them before).