Monday, December 3, 2007

Daily Report

• According to the local CBS affiliate, an Amtrak train carrying more than 150 passengers struck the rear of a parked freight train on Chicago’s South side Friday. The collision left the passenger train’s engine atop the freighter’s rear car, and resulted in at least six serious to critical injuries and a dozen lesser injuries. The cause of the accident was unknown Friday, and will be investigated by the NTSB, authorities said. (See item 14) reported on Friday the release of McAfee Avert Labs’ annual Virtual Criminology report, which found that governments and allied groups are launching increasingly sophisticated cyber assaults on their enemies, targeting critical systems including electricity, air traffic control, financial markets and government computer networks. The report was developed with input from NATO, the FBI, the UK’s organized crime agency and various groups and universities. (See item 29)

Information Technology

29. November 30, Network World – (International) Government-sponsored cyberattacks on the rise, McAfee says. Governments and allied groups worldwide are using the Internet to spy and launch cyberattacks on their enemies, targeting critical systems including electricity, air traffic control, financial markets and government computer networks, according to McAfee’s annual report examining global cybersecurity. This year, China has been accused of launching attacks against the United States, India, Germany and Australia, but the Chinese are not alone: 120 countries including the United States are said to be launching Web espionage operations, according to McAfee’s Virtual Criminology Report, issued Friday and developed with input from NATO, the FBI, the United Kingdom’s Serious Organized Crime Agency, and various groups and universities. “Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses,” McAfee states. “Attacks have progressed from initial curiosity probes to well-funded and well organized operations for political, military, economic and technical espionage.” The Internet is simply a great tool for gathering intelligence, both for world powers like the United States and China and small countries with limited resources, says the security research and communications manager at McAfee Avert Labs. He doesn’t think cyberattacks will replace conventional warfare, but says they are becoming an important augmentation, with countries using technology to spread disinformation and disrupt communications. He also predicts it will be common for governments to license cybercriminals to attack enemies in a sort of privatized model. “We’re already starting to see that with state-sponsored malware,” he says. McAfee said its research also found an increasing threat to banking and other online services, and “the emergence of a complex and sophisticated market for malware.” See the McAfee report at:

30. November 30, IDG News Service – (National) Google asks for help finding malicious Web sites. Google is asking everyday Web surfers to help with its efforts to stamp out malicious Web sites. The company has created an online form designed to make it easy for people to report sites they suspect of hosting malicious code. It’s the latest step by Google to expand its database of the bad Web sites it knows about, as those sites continue to proliferate. Currently, we know of hundreds of thousands of Web sites that attempt to infect people’s computers with malware. Unfortunately, we also know that there are more malware sites out there,” wrote a representative in the company’s security blog. The simple form has an entry box for the Web site’s URL and a space to provide additional information. Users also fill out a “captcha” to prevent software robots from reporting sites automatically. Google displays a warning in its search results if it believes a Web site is malicious. But earlier this week researchers noted that some Google searches for relatively mundane topics were producing results loaded with malicious sites, apparently the result of a campaign by hackers. Security vendor Sunbelt Software said hackers appeared to be using various tricks to ensure their malicious sites appear high in Google’s search results. Sunbelt said it turned up 27 different domains hosting malware, each with up to 1,499 malicious pages, or some 40,000 pages in total. Two days later the sites disappeared from the results, although Google would not say if it cleaned them out.

31. November 30, Computerworld – (National) Second helping of FBI’s Bot Roast serves eight. The FBI on Thursday announced that eight individuals have been indicted, have pled guilty or have been sentenced to prison over the past few months for crimes related to botnet activity. In addition, it said that 13 search warrants were served in the U.S. and by overseas law enforcement authorities on individuals thought to be connected with botnet-related activities. Among those whose residences were searched was an individual in New Zealand, who uses the online username AKILL and is believed to be the leader of an international botnet coding group, according to the FBI’s statement. All of the individuals were targeted as part of the FBI’s ongoing Operation Bot Roast, first announced in June, under which the agency is conducting a coordinated domestic and international campaign to disrupt the activities of the so-called bot herders who operate the networks of hijacked computers. So far, the operation has uncovered more than $20 million in losses to consumers and businesses and more than 2 million infected PCs, according to the FBI.

Communications Sector

32. November 29, – (National) Cisco confirms ability to eavesdrop on remote calls using its VoIP phones. Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones. In its security response, Cisco says: “an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.” Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that “any Extension Mobility account configured on an IP phone’s Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack.” The technique was described by a Telindus researcher at HACK.LU 2007 in Luxembourg in October. Cisco has published some workarounds to this problem in its security response. Also in October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone. The hackers said they were able to access the hotel’s financial and corporate network and recorded other phone calls, according to a blog on The hackers used penetration tests propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC, which the hackers switched in place of the hotel phone, into the network running the VoIP, according to the blog post. The Avaya configuration is superior to Cisco, according to the hackers, because you have to send requests beyond a sniffer. Although it can be breached the same way, by replacing the phone with a PC.

No comments: