Friday, December 14, 2007

Daily Report

• According to the Associated Press two MBTA trolley trains collided Thursday morning in Boston at about 8 a.m. One of the cars derailed upon impact. Nine minor injuries were reported and emergency crews were called. (See item 11)

• Computer Weekly reports that networks of hacker controlled computers, referred to as botnets, have been seen mounting attacks using peer-to-peer technology instead of the more common hierarchical structure. This method decentralizes attacks, making them harder to identify and thwart. The CEO of Kaspersky Laboratories said the new method had already succeeded in strangling internet communications in the Russian cities of Krasnodar and Astrakhan for several weeks. (See item 22)

Information Technology

22. December 13, Computer Weekly – (National) Peer-to-peer botnets pose fresh network threat. Businesses, governments, and internet service providers face dangerous new network disruption and malware attacks from botnets based on peer-to-peer technology (P2P) instead of the more common hierarchical structure. The CEO of Kaspersky Laboratories, the Russian antivirus company that identified the new method, said the new method had already succeeded in strangling internet communications in the Russian cities of Krasnodar and Astrakhan for several weeks. “We do not know who was behind these attacks,” he said. “It may have been a test.” A senior virus analyst at Kaspersky, said the P2P nature of the new botnet meant that each infected machine needed to know only its neighbors. An instruction to activate the botnet could be sent to any of the machines in the network which would then propagate from machine to machine to build an attack. “Not having a central controller makes it very difficult to find the originating machine,” he said, making it difficult to identify all the infected machines and hence to defend against the attack.

23. December 13, Computer Weekly – (National) Hewlett-Packard laptop owners warned of security threat. Users of Hewlett-Packard laptops are being warned that software bundled with their machines could open them up to hackers. The US Computer Emergency Readiness Team (US-CERT) says there is a security vulnerability in the HP Info Center Software, with a public exploit already circulating in hacking circles. “This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands or to view or alter the system registry on affected systems,” it said. To help mitigate the security risk, US-CERT recommends that users and administrators disable ActiveX controls on machines and check the security of their browsers.

24. December 12, Computerworld – (National) Six federal security programs that are making a difference. Bethesda, Maryland-based SANS Institute has drawn up a list of what it considers to be some of the more successful security efforts within the federal government. The six initiatives on the list were selected based on actual evidence of having made substantial and measurable improvements in one or more of three areas: the ability to prevent cyber attacks against critical infrastructure targets, reducing national vulnerability to cyber attacks, and minimizing damage and recovery time from attacks that do occur. The initiatives selected were: The Federal Desktop Core Configuration initiative, the US-CERT Einstein program, the National SCADA Test Bed and Control Systems Security Program, the Department of Defense’s Common Access Card program, the General Services Administration’s SmartBuy program, and a joint cybercrime-fighting program from the Department of Justice and the FBI. The report credits the programs with cost savings and detection and correction of numerous security vulnerabilities.

Communications Sector

25. December 13, – (International) People increasingly tracked via their mobile phones. The tracking of people through their mobile phones is set to increase as concerns over personal security outweigh reservations over privacy, according to a new study by Juniper Research. The report on tracking and navigation estimates that revenues from wireless tracking services, both of vehicles and people, in Western Europe are expected to reach nearly $4.8bn by 2012, driven by the need to improve business efficiency and concerns over personal safety. As the controlled use of personal location information becomes more accepted, the tracking of staff, particularly vulnerable workers, will be a strong initial driver in the business sector. By 2012, Juniper Research estimates that there will be more phones being tracked on a regular basis in Western Europe than vehicles, with nearly 21 million phones being tracked.