Thursday, September 13, 2007

Daily Reports

The Boston Globe is reporting that Boston’s Public Health Preparedness Office will send small, white boxes, representing antibiotics, to a cross-section of local households on September 23rd. The exercise is aimed at measuring the postal system’s capability to distribute antibiotics in the event of a bioterrorism attack. (See item 20)

The Christian Science Monitor reports that a recent ruling on the distribution of water from California’s Sacramento Delta will have wide ranging effects on the state’s economy. The chairman of the board of directors for the Western Growers Association stated that significant layoffs in agricultural and related industries are expected. (See item 26)

Information Technology

37. September 12, Computerworld – Hacker / security expert / hacker charged with massive credit card theft. A California man who served jail time for hacking hundreds of military and government computers nine years ago was charged yesterday with new computer crimes: stealing tens of thousands of credit card accounts by breaking into bank and card processing networks. Known by his alias Max Vision and by his online nicknames of Iceman, Digits and Aphex, the man was indicted Tuesday by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identity information. Arrested last week in California, where he remains, he could face up to 40 years in prison and a $1.5 million fine if he is convicted on all five counts. According to the indictment, he hacked multiple computer networks of financial institutions and card processing firms, sold the account and identity information he stole from those systems, and even received a percentage of the money that others made selling merchandise they'd purchased with the stolen card numbers. The U.S. Secret Service ran the investigation into the hacks and resulting scams, which took place between June 2005 and September of this year. The man was charged in Pittsburgh because he'd sold data on 103 credit card accounts to a Pennsylvanian who was cooperating with authorities. He and others also operated a Web site used as a meeting place for criminals who bought and sold credit card and personal identity information.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9035818&intsrc=hm_list

38. September 12, IDG News Service – Keyloggers proposed to fight terrorist use of cybercafés. A nonprofit organization in Mumbai, India has proposed that police use keylogging software at cybercafés to keep track of communications between terrorists. Public computers at cybercafés offer terrorists the anonymity they require, said the president of the Foundation for Information Security and Technology (FIST) in Mumbai in an interview Tuesday. Terrorists are known to use instant messaging (IM) services from companies like Microsoft Corp. and Yahoo Inc., and these companies do not share information from IM chats with the police, he added. Keyloggers are software on a computer that record a user's key strokes—whatever the user types—on a computer keyboard. Data from keyloggers would be uploaded to centralized servers where it would be available to the police for scrutiny. Mumbai police have yet to give their approval. The keyloggers would be activated centrally when a suspect walks into a cybercafé or when suspicious activity is noted, though it is unclear who would determine activity to be suspicious. Though some have criticized the proposal, fearing that it will endanger the privacy of ordinary citizens, the nonprofit and others say it is a small price to pay to protect against loss of life from terrorism. In July last year, seven bombs planted in Mumbai's suburban trains killed over 200 people and injured another 700. Terrorists are increasingly using the Internet to communicate with one another as they are aware that telephone and mobile phones connections are under Indian government surveillance, according to the nonprofit’s president.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9035739&intsrc=hm_list

39. September 12, Networkworld – FBI cybercrime fighter lauds CAN SPAM, international efforts. While fighting cybercrime has become a bigger problem for law enforcement over the past 10 years, given increased involvement from organized-crime groups, officials are seeing some results from recent legislation and international coordination efforts. Although the CAN SPAM Act garnered criticism for not having enough teeth since it was passed in 2003, federal law enforcement is finding it effective in fighting spam of late, says the supervisory special agent with the FBI’s National Cyber-Forensics and Training Alliance, who spoke at the Security Standard conference in Chicago on Monday. “It's a relatively new law that hasn't really been tested, but in the last year we've had a number of major” cases come up against it, he says. “CAN SPAM is turning out to be a very effective tool for us.” There are a variety of other laws that federal officials also rely upon to catch cybercriminals, he adds. “Our approach is we will use whatever legal tools we can to get these guys.” One of the major challenges to U.S. law enforcement is the fact that so many cybercriminals operate overseas. But the agent says there have been developments in international coordination as well. “There's a lot that's changed over the last 10 years,” he says. “It used to be if you trace an IP address back to Romania, you're not going to get somewhere with it. That's changed; we now have task forces working with these people overseas, and Eastern European police forces are aggressively going after this, because the problem is starting to affect them, too.”

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9035740&taxonomyId=17&intsrc=kc_top

40. September 11, Computerworld – Hackers update malware tool kit, add first zero-day attack code. A new version of the IcePack hacker exploit tool kit has been released, security researchers warned today, and for the first time it includes attack code designed to exploit an unpatched, or zero-day, Microsoft vulnerability. Three of IcePack's eight exploit tools are new, said the chief technology officer at Exploit Prevention Labs Inc. That alone is noteworthy, he said. “The mix of old and new exploits is to be expected, but three new ones in one update is pretty impressive,” he noted. But the new tool kit also sports a first. "The latest iteration has done something original,” he said, pointing to an exploit that attacks a zero-day vulnerability in Microsoft's DirectX software development kit (SDK). “The closest to a tool-kit zero-day exploit [before] was for the ANI [animated cursor] vulnerability,” he said, referring to a Windows bug that surfaced in early April.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9035659&taxonomyId=17&intsrc=kc_top

41. September 11, Computerworld – Man charged with impersonating a lawyer to take over domain names. A Las Vegas man has agreed to plead guilty to wire fraud for impersonating an intellectual property lawyer and threatening to sue owners of certain Internet domain names. The man, 28, will be arraigned in U.S. District Court in Los Angeles on the charge in the coming weeks. According to court documents, from June 26, 2006, to July 6, 2006, the man used an alias to set up an e-mail account from which he sent e-mails to various domain name owners claiming to be an intellectual property lawyer. He threatened in the emails to file $100,000 trademark infringement lawsuits against the owners of the Web site names unless they gave up their domain name registrations within two days. In some of the e-mails he claimed to be an attorney affiliated with a law firm in New York. In other e-mails, he said he was a lawyer located in central California. “These statements would reasonably influence the registered owners to part with the URLs and at lease one owner did, in fact, part with a URL that she rightfully owned,” according to the court documents. “As part of the scheme, on or about June 29, 2006, defendant caused the interstate transmission by wire of one such fraudulent e-mail from Nevada to Colorado.” In his plea agreement, the man admitted that he intended to obtain the domain names for his own personal financial gain. The maximum statutory sentence for the wire fraud charge is 20 years in federal prison. However, prosecutors have recommended a sentence ranging from probation to six months in prison. As part of the plea agreement, the defendant will need the approval of his probation officer to use a computer, a handheld device, a cell phone or any other piece of equipment to access the Internet, or to access an Internet service provider.

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9035678&taxonomyId=17&intsrc=kc_top

Comunications Sector

42. September 12, The AP – FCC OKs digital cable transition rules. The Federal Communications Commission approved rules Tuesday night that it says will ensure that millions of cable subscribers will still be able to watch broadcast programming after the digital television transition in 2009. The FCC says approximately 40 million households are analog-only cable subscribers. Tuesday's ruling will require cable operators to guarantee analog cable customers will receive broadcast channels until February 2012. While the greatest impact of the digital television transition will be on viewers of non-digital televisions who receive their signals over the air, non-digital cable subscribers have also been a concern to the commission. Beginning Feb. 18, 2009, broadcasters will stop transmitting old-style analog signals to over-the-air customers and to cable companies. Over-the-air customers will have to buy a converter box. As for the nation's analog cable subscribers, cable operators must either convert the digital signal to analog at the point where the cable signal originates or supply customers with a “down converter” device that will change digital signals to analog at the TV set. The cable industry pledged to do this voluntarily and launched a $200 million advertising campaign last week to reassure subscribers. The new FCC rules make compliance mandatory.

Source: http://news.yahoo.com/s/ap/20070912/ap_on_go_ot/digital_cable_