Saturday, November 29, 2008

Quote of the day

Quote of the day

Enlighten the people generally, and tyranny and oppressions of body and mind will vanish like the evil spirits at the dawn of day.

Thomas Jefferson,

letter to Pierre S. du Pont de Nemours, 24 April 1816

New IT Term of the day

New IT Term of the day

spear phishing

A type of phishing attack that focuses on a single user or department within an organization, addressed from someone within the company in a position of trust and requesting information such as login IDs and passwords. Spear phishing scams will often appear to be from a company's own human resources or technical support divisions and may ask employees to update their username and passwords. Once hackers get this data they can gain entry into secured networks. Another type of spear phishing attack will ask users to click on a link, which deploys spyware that can thieve data.

The Corporate Data Cover-Up

SILENT CRIME : The Corporate Data Cover-Up

Rob Rachwald

28 Nov 08


Data hackers are silently infesting corporate organisations and creating an invisible battlefield, but so many Boards of Directors will not admit to their vulnerabilities and weaknesses.

Not long ago, a senior executive from one of corporate America’s large bellwether stocks received a telephone call from law enforcement explaining that the company had a major software vulnerability in its corporate web site. The agent described the vulnerability and its location in great detail, and requested that it be fixed immediately but he refused to disclose how he had come to know about it.

At the executive’s request, the organisation’s chief information security officer (CISO) investigated the matter, confirmed the flaw and fixed it. Through forensics, the CISO discovered that a foreign Government had penetrated the organisation’s applications infrastructure, and was in a position to bring it down whenever the time was deemed right...

The invisible battlefield

Cyber security is no longer just the job of the IT Department. As this true story highlights, cyber crime today is played out on a silent, invisible battlefield. The anonymity and universal access of cyberspace makes cyber crime attractive and easy. If customers, partners and employees can access sensitive systems from anywhere in the world, then the same pathway to the core infrastructure and priceless data exists for hackers.

Defending against cyber crime is costing billions of dollars. According to analyst the Gartner Group, organisations worldwide spent $288 billion on information security products in 2007 alone. The US Government is allocating $7.9 billion in 2009 for cyber security, which is $103 out of every $1,000 requested for IT spending (and up 75% from 2004). Last year, US companies spent $79 billion in this area.

Is all this investment making an impact? The Web Application Security Consortium project analysed 31,373 web applications and discovered that they contained 148,000 vulnerabilities. Between 2001 and 2007, 180 million credit card records were stolen.

The Washington Post reported that, by August 2008, the number of successful data breaches had surpassed all breaches from last year.

What’s not working? Businesses build applications to store, process and transact money and data for the sake of efficiency, but all-too-often fail to properly defend them. As business modernises, software security hasn’t followed suit. Hackers have sniffed out the weaknesses. Traditional cyber defensive measures - including the usual firewalls and anti-virus solutions don’t protect against data breaches.

A new business imperative

The days of hacking for fun are over. The new face of cyber crime has evolved in two ways. First, foreign Governments are also after intellectual property, particularly in the military domain, and the Internet is their portal into the applications and databases that hold these secrets.

Countries such as China, for example, have now become proficient in the art of cyber warfare and cyber espionage after setting up specific hacking centres to this end. North Korea, on the other hand, has invested in a hacking school from which about 100 hackers ‘graduate’ each year, while Russia fetes its cyber-savvy practitioners as national heroes.

The rationale is simple. Why invest vast sums in conventional weapons or risk international scandal if spies are discovered when, in this day and age, such operations may be conducted quietly online?

Second, the amount of money that can be made from online fraud and theft at relatively little risk compared to operations in the physical world inevitably makes such undertakings attractive. This means that both individuals ‘on the make’ and organised crime gangs are now becoming involved.

A very sophisticated industry is also developing around this pursuit. Consider how the opponent has mobilised. In recent years, a growing number of hacker match-making web sites have sprung up. These act in a similar fashion to a brokerage firm and bring people with a range of different skills together to target their chosen organisations more effectively.

There are also various web sites that publish software vulnerabilities and make the hackers’ job far easier. Hackers are also prone to developing and then selling automated hacking tools.

Business Software Assurance

The Achilles’ heel that has allowed this evolution is that applications are only as good as the software developers who wrote them - and most of those developers are not responsible for security.

So what can organisations do to protect themselves more effectively from the ever-present hacking threat?

The first thing is to adopt a Business Software Assurance (BSA) approach for information security. BSA offers a good foundation for understanding what threats and vulnerabilities could impact the business, and what the likelihood is of problems occurring.

BSA involves introducing a formal methodology to help determine what the real risks are. This enables businesses to focus on their true needs by formally documenting processes in order to ensure that issues don’t end up falling through the cracks.

As part of the BSA process, it’s crucial to gain an understanding of just how exposed the organisation’s systems can be. The aim is to remove any flaws from the code so as to make it impenetrable to attack. More importantly, it’s about adopting an inside-out strategy that tackles root causes as opposed to simply employing outside in tactics that involve putting a protective wall around the problem.

The New World Economy

As the world has moved online, it has brought all of its vices with it. An entire economy has sprung up on the World Wide Web to support and feed a cycle of fraud and theft that leeches untold strategic and monetary value from supposedly safe data warehouses, and costs further billions to defend against - generally speaking with limited effect.

The only path out of this reckless cycle is a strategy that focuses not only on the criminals coveting your organisation’s data, but the vulnerabilities in your software infrastructure that they turn against you.

20-year old Russian hacked thousands of WebMoney accounts

HACKED : 20-year old Russian hacked thousands of WebMoney accounts

November 26, 2008


Russian mass media has reported that the local police have arrested a young man, a student of some local university who was nailed selling software for stealing money on the Internet. It has been reported that the hacker has already sold more that 50 copies of his software. According to the police report the young man has already robbed dozens of people.

The police reported that the 20-year student has developed a special program, a kind of Trojan that steals money from e-wallets. Actually the program was changing payment details and was redirecting money to the hacker’s account. Being tired with stealing the young fraudster started selling its software. Taking into consideration the function of the program the price was significantly low, only US$100. By the moment of his arrest the young programmer has created 3 versions of his virus with a very simple interface which each. According to the local police any programmer could change some settings and infect the computers of new victims. Actually it was the first time when police has arrested not the distributor but the creator of the program.

The boy has already pleaded guilty and started helping the investigators. According to him he has started robbing the Internet users to get money for new laptop and to buy a car. It is almost impossible to say the exact number of the victims however the investigators tell about thousands of robbed people. Actually the program was meant to rob the accounts in WebMoney payment system however the other payment processors could be involved.

Cyber thieves thriving

BEWARE : Cyber thieves thriving

By George Brennan

November 28, 2008


SANDWICH — The theft of $34,000 from a town bank account is part of growing underground economy centered on cyber crime, a top law enforcement official says.

"It's massive, it's growing and it's transnational," said Scott O'Neal, chief of the FBI's Washington-based computer intrusion section. "There are cyber criminals and cyber victims in many different countries."

Sandwich police say hackers stole the password and security information for a town bank account earlier this month and made four illegal wire transfers. The town treasurer noticed the bogus transactions while attempting to pay the town's weekly bills.

Bank officials told the town the wire transfers were made using Treasurer Craig Mayen's name and password, police said. Investigators believe the hackers breached the town computers using a virus that logged Mayen's key strokes.

Sandwich police Detective Albert Robichaud was able to trace the transfers to banks in Florida and Georgia in the United States, Police Chief Michael Miller said Tuesday. At least one of those transactions was traced to St. Petersburg, Russia, an indication to law enforcement that organized crime may be involved.

O'Neal said he couldn't comment on the specific case, but he said cyber crime is booming in places like Eastern Europe and Russia where there are people with technological skills and few job opportunities.

"That's the combination that adds up to trouble," he said. "We do see the threat coming from all parts of the globe."

There are elaborate networks that include people who don't even know each other working in different countries, O'Neal said. "It can have a lot of moving pieces," he said. "It insulates the mastermind."

In the Sandwich case, a Florida man was discovered trying to withdraw cash from one of the accounts where the Sandwich cash was deposited. He was interviewed by police who found he answered an advertisement to open bank accounts for a fee and move money around, someone the FBI refers to as a mule. The Florida man has not been charged.

Though O'Neal said it's difficult to quantify the magnitude of the cyber crime problem beyond calling it "massive," Symantec, a software company that specializes in computer security, released a report this week that indicates a thriving underground economy.

Mark Fossi, manager of development for Symantec and the executive editor of the report, said cyber thieves are finding new ways to thwart security to steal credit card and bank account information.

Knowing that more people are aware that they shouldn't open attached files, cyber criminals try to lure victims to Web sites through links embedded in e-mails, he said.

"If a town can be breached like this, as an individual you've got to keep that in mind," Fossi said. "You might think, it's a small town, they're not going to come after us, they're interested in a big city, but there's nothing too small for them. If they can get some profit out of it, they will."

Symantec's year-long study found that the cumulative value of the stolen information, the majority of which are credit cards and bank accounts, was more than $276 million. And the company says that is only a fraction of the underground economy.

If all of the stolen credit cards and bank accounts were liquidated, the number would exceed $7 billion, Fossi said.

Keeping anti-virus software and firewalls up to date and being vigilant is the only way to fight cyber attacks, Fossi and O'Neal said.

Europe adopts new cyber crime agenda

MOVE : Europe adopts new cyber crime agenda

EU vice president calls for co-operation and information exchange between member states

David Neal


27 Nov 2008



The European Union has adopted the European Commission's strategy on cyber crime, and called for better co-operation between businesses and the police.

Over the next five years the EC strategy will introduce steps for closer co-operation and information exchange between law enforcement authorities and the private sector.

This will feature an early alert system that includes a platform where online crimes affecting businesses can be reported, shared and cross-checked by Europol. A budget of €300,000 has been allocated to create the platform in the short term.

"The strategy encourages the much needed operational co-operation and information exchange between the member states," said EU vice president Jacques Barrot, announcing the move.

"It gives a shared responsibility to the Commission, the member states and other stakeholders to introduce the different measures. If the strategy is to make the fight against cyber crime more efficient, all stakeholders have to be fully committed to its implementation. We are ready to support them, also financially, in their efforts."

These efforts will include internet investigation teams, cyber patrols, joint investigation teams and remote searches.

"Cyber crime is a growing threat to our societies today," said the EU. " Member states suffer thousands of attacks a day against their information systems. Viruses stealing information from personal computers, spam, identity theft and child pornography are increasingly widespread."

Wednesday, November 26, 2008

Quote of the day

Quote of the day

I am only one, but I am one. I cannot do everything, but I can do something. And because I cannot do everything, I will not refuse to do the something that I can do. What I can do, I should do. And what I should do, by the grace of God, I will do.

Edward Everett Hale

New IT Term of the day

New IT Term of the day


Acronym for Spam and Open Relay Blocking System.

SORBS was originally an anti-spam project where a daemon would check, in real time, all servers from which it received e-mail to determine if that e-mail was sent via various types of proxy and open-relay servers. SORBS has evolved into SORBS DNSbl (DNS-based blacklist) which now includes more than 3 million listed hosts that are considered to be compromised (Web servers which have vulnerabilities that can be used by spammers).

Network Security Breaches Plague NASA

THREAT : Network Security Breaches Plague NASA

Repeated attacks from abroad on NASA computers and Web sites are causing consternation among officials and stirring national security concerns

By Keith Epstein and Ben Elgin

With Brian Grow, Chi-Chu Tschang, and David Polek

November 20, 2008


America's military and scientific institutions—along with the defense industry that serves them—are being robbed of secret information on satellites, rocket engines, launch systems, and even the Space Shuttle. The thieves operate via the Internet from Asia and Europe, penetrating U.S. computer networks. Some of the intruders are suspected of having ties to the governments of China and Russia, interviews and documents show. Of all the arms of the U.S. government, few are more vulnerable than NASA, the civilian space agency, which also works closely with the Pentagon and American intelligence services.

In April 2005, cyber-burglars slipped into the digital network of NASA's supposedly super-secure Kennedy Space Center east of Orlando, according to internal NASA documents reviewed by BusinessWeek and never before disclosed. While hundreds of government workers were preparing for a launch of the Space Shuttle Discovery that July, a malignant software program surreptitiously gathered data from computers in the vast Vehicle Assembly Building, where the Shuttle is maintained. The violated network is managed by a joint venture owned by NASA contractors Boeing (BA) and Lockheed Martin (LMT).

Undetected by the space agency or the companies, the program, called stame.exe, sent a still-undetermined amount of information about the Shuttle to a computer system in Taiwan. That nation is often used by the Chinese government as a digital way station, according to U.S. security specialists.

By December 2005, the rupture had spread to a NASA satellite control complex in suburban Maryland and to the Johnson Space Center in Houston, home of Mission Control. At least 20 gigabytes of compressed data—the equivalent of 30 million pages—were routed from the Johnson center to the system in Taiwan, NASA documents show. Much of the data came from a computer server connected to a network that tracks malfunctions that could threaten the International Space Station.


Seven months after the initial April intrusion, NASA officials and employees at the Boeing-Lockheed venture finally discovered the flow of information to Taiwan. Investigators halted all work at the Vehicle Assembly Building for several days, combed hundreds of computer systems, and tallied the damage. NASA documents reviewed by BusinessWeek do not refer to any specific interference with operations of the Shuttle, which was aloft from July 26 to Aug. 9, or the Space Station, which orbits 250 miles above the earth.

The startling episode in 2005 added to a pattern of significant electronic intrusions dating at least to the late 1990s. These invasions went far beyond the vandalism of hackers who periodically deface government Web sites or sneak into computer systems just to show they can do it. One reason NASA is so vulnerable is that many of its thousands of computers and Web sites are built to be accessible to outside researchers and contractors. Another reason is that the agency at times seems more concerned about minimizing public embarrassment over data theft than preventing breaches in the first place.

In 1998 a U.S.-German satellite known as ROSAT, used for peering into deep space, was rendered useless after it turned suddenly toward the sun. NASA investigators later determined that the accident was linked to a cyber-intrusion at the Goddard Space Flight Center in the Maryland suburbs of Washington. The interloper sent information to computers in Moscow, NASA documents show. U.S. investigators fear the data ended up in the hands of a Russian spy agency.

Four years later, in 2002, an online intruder penetrated the computer network at the Marshall Space Flight Center in Huntsville, Ala., stealing secret data on rocket engine designs—information believed to have made its way to China, according to interviews and NASA documents. At about the same time a British hacker, whom the U.S. is now trying to extradite, allegedly prowled through the digital innards of no fewer than five NASA installations.

In 2004 a cyber-trespasser who poked around NASA's Ames Research Center in Silicon Valley caused a panicked technician to pull the plug on the facility's supercomputers to limit the loss of secure data. Two years later, and well after the protracted incident at the Kennedy Space Center, top NASA officials were tricked into opening a fake e-mail and clicking on an infected link that compromised computers at the agency's Washington headquarters.

The headquarters fiasco in 2006 led to the drafting of an internal memo by NASA's Inspector General, Robert W. Cobb, in which he said the perpetrators appeared to have ties to those who earlier had gotten into other agency facilities. "The scope, sophistication, timing, and hostile characteristics of some of the intrusions indicate they are coordinated or centrally managed," Cobb said in the previously undisclosed Nov. 3, 2006, memo.

The intrusions haven't ceased. In 2007 the Goddard center was again compromised. This time the penetration affected networks that process data from the Earth Observing System, a series of satellites that enable studies of the oceans, land masses, and atmosphere. Inspector General Cobb issued another report, this one public, on Nov. 13, 2007: "Our criminal investigative efforts over the last five years confirm that the threats to NASA's information are broad in scope, sophisticated, and sustained."

The agency refers internally to its efforts to stop intrusions linked to China under the code name "Avocado," according to interviews. Despite this formal recognition of the problem, at least some senior NASA officials have seemed determined publicly to minimize the seriousness of the security threat.

Cobb and other top officials declined to comment in any detail for this article. NASA Deputy Administrator Shana L. Dale said in a statement to BusinessWeek that discussing cyber-threats "could potentially jeopardize the agency's information technology security and, in some cases, violate federal law....NASA aggressively works to protect its information assets with measures that include installing new technology, increasing investigative resources, heightening employee awareness, and working with other federal agencies."

Former government officials are more forthcoming. "The space race is back," says John W. McManus, referring to alleged foreign efforts to hijack American knowhow. McManus, chief technology officer at NASA from 2003 through 2006, adds: "If another country can break in and steal information about rocket motors or fuel systems, well, that's billions of dollars that can be spent elsewhere" by the other nation. Howard A. Schmidt, a technology consultant who served as a White House special adviser on cyber-security from 2001 to 2003, concurs. "All indications are that the attacks are coming in from China," he says, "and the data is being exfiltrated out to China." Suspicions of a trail of stolen digital information leading to Taiwan and possibly on to China so far haven't translated into criminal charges, however.

Philip Shih, a Washington-based spokesman for Taiwan, says that in response to questions from BusinessWeek, Taipei has launched an investigation into whether the rogue stame.exe program that penetrated the Kennedy Space Center was controlled from computers of a Taiwan plastics company. Taiwan suspects its nemesis, China, is behind the intrusions, Shih adds. "We can't yet say it's definitely from China, but it's probably them. They use us for cover for their activities."

The Chinese government disavows any such cyber-espionage. "China will never do anything to harm the sovereignty or security of other countries," says Wang Baodong, a spokesman for the Chinese Embassy in Washington. "The Chinese government has never employed, nor will it employ, so-called civilian hackers in collecting information or intelligence of other countries."

The Russian Embassy similarly says Moscow has had nothing to do with online spying. "Russia denies any involvement in the intrusions [at NASA]," says Yevgeniy Khorishko, a Russian Embassy spokesman.

Boeing and Lockheed declined to comment.

As part of a yearlong look at high-tech security threats to U.S. weapon systems and government and defense industry computer networks, BusinessWeek interviewed more than 100 current and former government employees, defense industry executives, and people with ties to U.S. military and intelligence agencies. (See "E-spionage," Cover Story, Apr. 21, 2008, and "Dangerous Fakes," Cover Story, Oct. 13, 2008.) NASA was frequently identified as susceptible to attack.

"We've been repeatedly compromised," says a former NASA official who describes an ongoing attempt by the government and major security contractors such as Boeing, Lockheed, SAIC, (SAI) and Booz Allen Hamilton to defend the space agency's networks. Sophisticated digital thieves routinely creep past traditional defenses such as electronic firewalls and antivirus software. Cloaking their identities, they can remotely install code—the instructions telling computers what to do—on a seemingly protected machine. The code might maintain a tunnel into a system for later exploitation or replicate malicious instructions that open additional pathways for unauthorized access. These programs also can send streams of sensitive data to destinations thousands of miles away. "We've lost information related to some of our missions, engineering designs, and research," says the former NASA official. "Every time we shift what we're doing, [the intruders] shift what they're doing."

NASA has known it has a security problem for more than a decade. In an October 1998 internal memo, the agency's administrator at the time, Daniel S. Goldin, warned subordinates that "the threat to NASA's information technology assets is increasing, and the number of attacks is growing along with the sophistication of the perpetrators and their tools." Goldin pleaded with the agency's semi-autonomous research and operational units to report all IT security incidents to headquarters. Many units still keep the information to themselves, according to other documents and interviews.


By early 1999 the volume of intrusions had grown so worrisome that Thomas J. Talleur, the most senior investigator specializing in cyber-security in the Inspector General's office at NASA, wrote a detailed "network intrusion threat advisory." Talleur described the sly tactics behind a particularly virulent series of attacks on agency networks, which he said had been perpetrated by Russians. Titled "Russian Domain Attacks Against NASA Network Systems" and marked "For Official Use Only—No Foreign Dissemination," Talleur's Jan. 18, 1999, advisory was sent to the U.S. Army, the Secret Service, the FBI, the CIA, and the National Security Agency.

The 26-page advisory explained how, starting in May 1997, virtual intruders masking themselves and their IP addresses slipped undetected into networks at the Goddard center, a hub of space science activity. The trespassers penetrated computers in the X-ray Astrophysics Section of a building on Goddard's campus, where they commandeered computers delivering data and instructions to satellites. Before being discovered, the intruders transferred huge amounts of information, including e-mails, through a series of stops on the Internet to computers overseas. The advisory stated: "Hostile activities compromised [NASA] computer systems that directly and indirectly deal with the design, testing, and transferring of satellite package command-and-control codes"—in other words, computerized instructions transmitted to spacecraft.

In July 1998, a month after the discovery of the breach at Goddard, the U.S. Justice Dept. approved electronic monitoring of the illicit transmissions. That allowed a team of agents from NASA, the FBI, and the U.S. Air Force Office of Special Investigations to follow the trail of what they concluded was a criminal hacking ring with dozens of Internet addresses associated with computers near Moscow. The investigators made an even more alarming discovery, according to people familiar with the probe: The cyber-crime ring had connections to a Russian electronic spy agency known by the initials FAPSI. None of this has ever been made public, and BusinessWeek could not independently corroborate the Russian ties.

The investigators' findings became of far greater concern in September 1998. Without warning one day, the ROSAT satellite turned, seemingly inexplicably, toward the sun. The move damaged a critical optical sensor, rendering the satellite useless in its mission of making X-ray and ultraviolet images of deep space. NASA announced in a press release that ROSAT had been "accidentally scanning too closely to the sun." Talleur's report concluded otherwise.

The "accident," he noted, had been "coincident with the intrusion" into the Goddard system controlling it. Why would Russians want to cripple a satellite beloved worldwide by students of pulsars and supernovas? "Operational characteristics and commanding of the ROSAT were sufficiently similar to other space assets to provide intruders with valuable information about how such platforms are commanded," Talleur's advisory said. Put differently, manipulating ROSAT could teach an adversary how to toy with just about anything the U.S. put into the sky.

Talleur, now 59, retired in December 1999, frustrated that his warnings weren't taken more seriously. Five months after his advisory was circulated internally, the Government Accountability Office, the investigative arm of Congress, released a public report reiterating in general terms Talleur's concerns about NASA security. But little changed, he says in an interview. "There were so many intrusions and hackers taking things we had on servers, I felt like the Dutch boy with his finger in the dike," he explains, sitting on the porch of his home near Savannah, Ga. On whether other countries are behind the intrusions, he says: "State-sponsored? God, it's been state-sponsored for 15 years!"

Huntsville, Ala., known as Rocket City, is home to the Marshall Space Flight Center, where the famous "rocket boys"—former Nazis led by Wernher von Braun—helped U.S. engineers design ballistic missiles. Today, data stored on computers at the Marshall campus constitute one of the richest lodes of high-tech secrets anywhere in the world.

Around the clock for four days in June 2002, a prowler methodically probed enormous volumes of proprietary information at Marshall, according to NASA documents. The electronic intruder, without setting foot anywhere near Rocket City, gained access to servers handling sensitive work on new versions of the Delta and Atlas rockets that power intercontinental missiles, enhancements of the Shuttle's main engines, and Lockheed's F-35 Joint Strike Fighter, an advanced fighter jet that remains in development.

Had anyone been monitoring the Marshall computer networks in real time, the suspicious activity, automatically recorded on logs, would have been "immediately evident," NASA investigators concluded, according to a Dec. 11, 2002, report to top NASA executives. "In essence," said another internal report to NASA management on Mar. 26, 2003, "Marshall had locked up the card catalog, but left the library doors wide open."

Special agents from NASA's Office of Security, the Inspector General's office, and the Pentagon's Defense Criminal Investigative Service investigated the Marshall incident, but charges were never filed. NASA documents show that suspicion focused on Rafael Nuñez Aponte, a self-described former member of an international hacker gang known as World of Hell. Nuñez, a Venezuelan national, called himself "RaFa" in online postings. He spent seven months in U.S. prison in 2005 as punishment for defacing an Air Force training Web site in 2001. He headed home to Caracas in 2005.

According to documents from NASA's investigation of the Marshall intrusion, Nuñez in 2002 initially confessed to being directly involved in the incident. But then he changed his story two weeks later. Trying to distance himself from the crime, he told investigators he had obtained NASA files from hackers in France, an assertion he repeated during a phone interview with BusinessWeek this October. Nuñez, now 29, says rival hacking gang members in France had impersonated him while breaking into NASA's computer system. "I was involved with the Air Force attack, but some French hackers were behind the NASA one," he said. "The French were trying to pin it on me. That's very common in the hacker world."

U.S. authorities refused to discuss the case, saying it involves an ongoing investigation and, possibly, other suspects. Two people familiar with the probe said it focuses on the delivery of material to the Chinese government, perhaps by intermediaries in Europe, but they declined to be specific.

The secrets from Marshall could have helped the Chinese design engines and fuel to lift heavier loads beyond the atmosphere, according to NASA documents. Investigative case files prepared for a federal grand jury following the Marshall intrusion, and reviewed by BusinessWeek, include information from the statement of an unidentified witness under the heading "Allegations of Sale to a Foreign Government." But BusinessWeek couldn't corroborate the alleged Chinese ties or determine whether a grand jury was convened.


An undated internal NASA memorandum assessed the damage from the Marshall break-in: "Assuming the worst, foreign countries now have detailed drawings and specifications for high-performance liquid rocket engines that are almost at a critical design review readiness level." The memo added: "That means that a foreign country could begin development of a rocket engine right away and power some vehicle or missile within two or three years." All told, the lost technology cost U.S. taxpayers an estimated $1.9 billion to develop, not taking into account "all of the lessons learned and corporate knowledge gleaned from the last 50 years of rocket engine development in the U.S.," the memo continued. The actual "value of the intellectual property that has been lost is priceless."

Some NASA investigators believed top officials tried to keep a lid on what had happened at the Marshall Center so the agency wouldn't suffer criticism from Congress or the public. Internal e-mails and statements written by Michael G. Ball, a Huntsville-based NASA special agent, and several of his colleagues describe an investigation repeatedly stalled by superiors who sought to play down any impression that the incident had compromised national security. "I felt that we were covering up the loss to save embarrassment to NASA," Ball wrote in one document dated Oct. 24, 2005. In a June 2003 memo labeled "Law Enforcement Sensitive," Ball used the subject heading "Potential Concealment of Facts Pertaining to Case # C-MA-0200526-0"—the investigation of the breach at Marshall. He described attempts to impede the investigation and signaled a desire for whistleblower protection under federal law. Reached by phone at Marshall, where he still works as an agent for NASA, Ball declined to be interviewed.

Congress never heard any of the details of the Marshall affair, at least not publicly. In June 2003, NASA Inspector General Cobb, a former ethics counsel to President George W. Bush, referred only vaguely to the incident in testimony before the House Government Reform Committee's technology subcommittee. His prepared one-paragraph account made no mention of the specific incident or its $1.9 billion impact. He told the committee that "there are examples from our ongoing investigations where inadequate IT security, such as weak password controls, resulted in unauthorized access to significant amounts of NASA data that was sensitive but unclassified." NASA "is aware of cases and acknowledges that serious compromises have occurred," he added, but "it would not be appropriate to share the details in any open forum."


Cobb's handling of the case later became part of the focus of an investigation by a watchdog agency known as the President's Council on Integrity & Efficiency. The investigation concerned 78 allegations that Cobb had retaliated against whistleblowers and failed to investigate incidents that could potentially embarrass NASA. That probe, conducted by a panel of inspectors general from other federal agencies, found that he had broken no laws but that his failure to ensure timely reporting of the compromise at Marshall "created the appearance of lack of independence" from NASA's management. Cobb, who remains in his job, told the IG committee that any delays stemmed from his insistence on accuracy. He declined BusinessWeek's interview requests.

At 6 a.m. on a May morning in 2004, an urgent phone call woke Richard Dunn, then a NASA engineer. "Disconnect us!" said the caller. "Disconnect us from the Internet!"

The agitated man on the line was David L. Tweten, then head of IT security for the Ames Research Center, a NASA laboratory in Silicon Valley. Ames' supercomputers enable scientists, government agencies, and spaceflight planners to model everything from ocean currents to the trajectory of interplanetary probes. At the time of Dunn's abrupt awakening, analysts had been using the computers to scrutinize the 2003 Columbia Shuttle disaster.

"Disconnect us?" asked Dunn, astonished.

"I mean, physically remove us from the Internet," Tweten answered, according to Dunn.

Dunn sped 14 miles from his home in San Jose to an Internet hub in Mountain View, where Ames' supercomputers are connected to the Web. He yanked out thick fiber-optic cables one by one, rendering the machines inaccessible to the rest of the world.

It turned out that a cyber-intruder had gotten into Ames, and officials couldn't figure out a better short-term solution than pulling the plug. The prowler apparently cracked a researcher's password at the Goddard center in Maryland and used it to hack into Ames. The cleanup required the scanning of thousands of hard drives for potential breaches. The Ames supercomputers were offline for more than four weeks.

For three years before the 2004 incident, internal security auditors at Ames had tried to get managers to make improvements, NASA records show. The center's supercomputers had been shut down multiple times in the past because of incursions. In one earlier incident, an unemployed computer administrator in London named Gary McKinnon allegedly gained access to 92 computers belonging to Ames and four other NASA centers, as well as several U.S. military bases, causing $900,000 in damage. This occurred from September 2001 to March 2002, according to a November 2002 federal indictment of McKinnon, who is now 42.

The U.S. has been seeking McKinnon's extradition from Britain to face criminal computer fraud charges. "There were no lines of defense," McKinnon told a BBC interviewer in May 2006, seeming to acknowledge his involvement. In response to a BusinessWeek e-mail, a person identifying himself as a friend of McKinnon said the accused hacker had gained access to NASA by using obvious passwords such as "administrator."

Of all the cyber-calamities of recent years, NASA officials appear to have been most severely shaken by the extended theft of digital information from the Kennedy Space Center in 2005. A Mar. 3, 2006, draft report on the internal investigation of the extensive infringement found that the intruder could have learned operational details about the Shuttle by monitoring the stream of data from the launch pad at Kennedy to the massive assembly building where the Shuttle is housed.

Specifically, this information could have included "data concerning Space Shuttle engine flow levels, maximum temperature levels, and other live performance data," the investigative report stated. Not only could a distant adversary learn a lot about building and flying a Shuttle that way, the rival could also figure out how to sabotage a Shuttle mission, investigators concluded.

As investigators eventually learned, the rogue program stame.exe slipped into the assembly building's data center, helping to cause transfers of data from both Kennedy and Johnson to IP addresses in Taiwan. One incursion at Johnson began with a breach at the contractor Lockheed, illustrating how corporations face similar threats. In the subsequent December 2005 Goddard intrusion, investigators followed the trail to IP addresses in China, the investigative report shows.

China has not made a secret of its thirst for advanced missile and rocket technology. "Seizing space dominance is the root for winning war in the Information Age," Li Daguang, a researcher at the government-backed Chinese Academy of Sciences, wrote in 2004 in a publication of the People's Liberation Army, Zhongguo Guofang Bao.

During September and October 2006, intruders mounted a direct assault on NASA's headquarters in Southwest Washington, only blocks from Capitol Hill. A fake e-mail, known as a spearphish, duped several members of the agency's top brass and their assistants into clicking on the link of a seemingly authentic Web site, according to documents and interviews. The site unleashed malicious software code that exploited a previously unknown vulnerability in programs used by NASA. The intruders downloaded, from the hard drive of NASA's then-Chief Financial Officer Gwen Sykes, all of the agency's budget and financial information. Those files contained clues about the size and scope of every NASA research project, space vehicle deployment, and cutting-edge satellite technology. Again the path of the pilfered information led to IP addresses in Taiwan, sparking concern that it ultimately found its way to government offices in Beijing, according to a former NASA employee. Nearly a dozen PCs at NASA headquarters were taken out of commission.

Electronic incursions of NASA facilities have continued. In the days before a Shuttle launch in December 2006, the agency was so rattled it barred all incoming Word attachments from its computer systems. McManus, the former NASA chief technology officer, says the hackers have "very sophisticated knowledge of the organizational structure" of the agency. He laments that for all of the costly cleanups following breaches, NASA hasn't found a comprehensive solution. "It's as if somebody pulls your pants down, and you just pull them back up," says McManus. "How many times do you want to be standing on the street corner with your pants at your feet?"

Booming cybercrime economy sucks in recruits

JOBS : Booming cybercrime economy sucks in recruits

Eastern European milk run

By John Leyden

24th November 2008


The underground economy is booming even as the rest of the economy lurches towards recession, according to a new study by Symantec.

The net security giant reports that the cybercrime economy has grown into an efficient, global marketplace to handle the trade in stolen goods and fraud-related services. It estimates the combined value of goods in underground forums at $276m for the 12 months prior to the end of June 2008.

Credit card data made up nearly a third (31 per cent) of the advertised sales logged, recorded the Symantec study. Purloined credit card numbers sold for between $0.10 to $25 per card, with the average advertised stolen credit card limit coming in at around $4,000. Credit card information is often sold to fraudsters in job lots, with discounts for large purchases.

Login details for online accounts were the subject of one in five sales and the second most commonly offered commodity in underground crooks bazaars. Stolen login details were offered for anything between $10 and $1,000, depending on the balance and location of compromised accounts. The average balance of these accounts was around 40,000.

Other items up for sale included email accounts and pirated computer games or application software.

Online currency accounts were by far most popular method of payment, used to settle 63 percent of the sales monitored by Symantec.

During the 12 month period it spied on underground forums, Symantec spotted 69,130 advertisers. Between these sellers and buyers a total 44,321,095 messages were posted to underground forums. The 10 most active advertisers collectively offered up stolen $16.3m worth of stolen credit card details and $2m in purloined login credentials. A mixture of loosely connected individuals and organised groups are involved in the illicit trade, Symantec reports.

Advertisers use techniques such as multi-coloured text, capitalising certain words and repeated sales pitches to help their sales offers to stand out from the crowd. Sometimes sellers post requests for particular goods and services, such as credit cards from a named country, Symantec adds. Crooks, who drain millions from the legitimate economy, commonly reinvest the profits from successful scams into other ever-more elaborate grifts.

Underground forums provide a thriving marketplace for all forms of hacking tools and service. Botnets - networks of compromised PCs - sold for an average of $225. Phishing scam hosting services cost anything between $2 and $80. Keystroke logger prices came in at around $23.

Site-specific exploits of financial sites fetched far more money, with an average price tag of $740, and prices ranging from $100 to $2,999.

Cybercrooks have developed sophisticated business models such that recognised job roles and specialisms have evolved in the "recession proof" digital underground. These roles, and job descriptions as defined by Syamntec, include:

* Trojan creators – high quality malicious code writers wanted

* Web exploiters – talented infectors sought

* Exploit experts - tech geeks, programmers and researchers required

* Traffic sellers - confident sales people required to market traffic

* Fraudsters – ambitious, well connected crooks required to steal data

* Outsourced rogue hosting companies – industry knowledge essential, must appear legitimate

Online fraudsters are making more use of outsourcing. Symantec found that organised crooks based in north America are using supplier in eastern Europe for goods and service including malware creation and ATM skimming kit.

The geographical location of cybercrime servers is constantly changed as crooks attempt to stay one step ahead of law enforcement efforts to shut them down. North America played host to 45 per cent of cybercrime servers, with Europe putting in a strong second place performance with 38 per cent of the total. Other crook-serving systems were scattered around the Asia-Pacific region (12 per cent) and Latin America (five per cent).

A summary of Symantec's study can be found here (http://vocuspr.vocus.com/vocuspr30/ViewAttachment.aspx?EID=z8I0Eis7fBS3ulNx3VuaC5S5W1FjTGez5%2bKY9rq6M4A%3d)

The full report is here (http://vocuspr.vocus.com/vocuspr30/ViewAttachment.aspx?EID=z8I0Eis7fBS3ulNx3VuaCzFSONFR3R1rGtn8hkKw%2bJU%3d)

Also see –


Cyber-criminals exploit consumer woes

SOUTH AFRICA : Cyber-criminals exploit consumer woes



25 November 2008


Cyber-criminals are now using more sophisticated and targeted methods to dupe consumers.

A research report released by Panda Security reveals that spamming, related to personal finances, has doubled over September and October – a sign that cyber-criminals are increasing efforts to cash in on economic uncertainty.

“One of our biggest concerns for 2008 was that cyber-criminals would improve their targeted spamming tactics to dupe consumers, and the content and volume that we have seen during these tough economic times is proof that, unfortunately, our prediction was correct,” says Jeremy Matthews, head of Sub-Saharan operations at Panda Security.

According to the company, spam continues to make up 90% to 95% of all e-mail traffic, with spam related to the economy representing 10% of total spam. Even more worrying are findings which reveal that, while overall spam has increased 5%, the new spam related to the economy and personal finances has increased by 10% over September and October, it says.

Cashing in

This soaring spam comes in the form of malware targeting consumers with credit card debt, and phishing attacks targeting people threatened with property closures. Consumers are offered relief for their financial woes and when the users click on links embedded in the e-mails, an action automatically downloads viruses or redirects users to phishing sites.

“With content this timely and this targeted, there is no doubt that cyber-criminals are upping the ante with their tactics,” says Matthews.

Using phrases such as ”are you drowning in debt? Get the cash you need”, “legally erase your debt” or “an online loan gives you money now”, spammers effectively dupe troubled and gullible consumers, adds Matthews.

'Noble' laws

“Our legislative attempts are noble. We're moving in the right direction with our efforts on educating police and making people aware of how we're regulating conduct. But a lot more can be done,” says Sizwe Snail, cyber-law expert at the Wireless Application Service Providers' Association.

Spamming is listed as a criminal offence in section 45 of the Electronic Communications and Transactions Act and consumers receive additional protection through terms set in the Prevention of Organised Crime Act and the FICA Act.

Snail emphasises that, while awareness needs to be raised on such legislative measures to fight cyber-crime, consumers need to learn to recognise and avoid spam.

“People are not aware and they're not keen to learn. It's is an African problem, because Africa is the hub of cyber-criminal activity,” says Snail.

Facebook wins record $873m fine against smut spammer

PENALTY : Facebook wins record $873m fine against smut spammer

Junk mailer poked but unlikely to pay

By John Leyden

25th November 2008


Facebook has won a $873m judgment against a Canadian sued for spamming users of the social networking site with "sexually explicit" messages after hacking into the profiles of its members.

Adam Guerbuez, of Montreal, who runs Atlantis Blue Capital and Ballervision.com, was ordered to pay exemplary damages by US District Judge Jeremy Fogel last Friday. Guerbuez did not contest the case, which also resulted in an injunction against him that effectively prevents him from accessing Facebook for any reason ever again.

The damages levied were high because Guerbuez was ruled to have have illegally accessed Facebook user profile data in order to mount his junk message campaign, using tactics that violated the US federal CAN-SPAM Act. Guerbuez allegedly bombarded Facebook users with four million messages punting male enhancement pills and other assorted tat. He tricked users into coughing up their login details using a variety of phishing tricks, then used these compromised profiles to bombard other users with invasive messages.

Social networking sites are becoming an increasingly commonplace medium for the distribution of junk mail messages. Earlier this year MySpace won a $230m judgment against notorious junk mailer Sanford 'Spamford' Wallace and Walter Rines. The Facebook ruling is the highest payout ever ordered under the CAN-SPAM Act.

Facebook have little hope recovering anything but a tiny fraction of the award but are still gunning for Guerbuez.

"It's unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them (though we will certainly collect everything we can). But we are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users," said Max Kelly, Facebook's director of security, in a blog posting.

This Day in History

Thanks for your Visit