Friday, April 11, 2008

Daily Report

• The Asbury Park Press reports heightened awareness has increased the distribution of potassium iodide pills that could protect people’s thyroids from radiation near the Oyster Creek nuclear power plant in Lacey, New Jersey. (See item 27)

• According to the Associated Press, China said Thursday it had uncovered a criminal ring planning to kidnap athletes, foreign journalists, and other visitors at the Beijing Olympic Games. Thirty-five members of a ring based in the restive western Xinjiang region were arrested between March 26 and April 6. (See item 38)

Information Technology

33. April 10, Computer Weekly – (National) RSA 2008: spot the warning signs of insider attacks. Insider attacks on corporate information are highly predictable, but nearly half of companies face losses because they ignore the warning signs, say US researchers. This emerged in follow-up research into attacks revealed in the 2007 E-Crimewatch survey of 671 firms conducted for the US Secret Service and Microsoft by Carnegie Mellon University’s (CMU) Software Engineering Institute’s CERT program, and interviews with convicted attackers. A senior member of CMU’s Cert team told RSA 2008 delegates that there were both behavioral and technical changes that pointed to a raised risk of an attack on corporate information. Technical changes include the creation of unknown access paths to corporate data, such as back doors, logic bombs, theft of other account holders’ identity and privileges, and special relationships with other staff members, she said. Attackers were likely to be highly skilled and develop sophisticated attacks, sometimes planned over many months. Their attacks were more likely close to their employment termination dates, and their impact was likely to be greater. Source:

34. April 10, IDG News Service – (National) DHS offers first take on Cyber Storm exercise. With its latest Cyber Storm II exercise now completed, the U.S. Department of Homeland Security said it expects to release an after-action report analyzing the event, and is now beginning planning for Cyber Storm III in 2010. Cyber Storm II was a week-long, cyber-security simulation that included mock attacks on transportation and computer systems. But the exercise brought in many more players from government and other industries: about 2,500 people from the U.S., U.K., Canada, Australia, and New Zealand. DHS’s assistant secretary for Cyber Security and Communications described a typical Cyber Storm II scenario, in an interview at the RSA Conference in San Francisco Wednesday: “You have a simulated incident that comes in over the e-mail and it may have only to do with the chemical sector at this point. There’s an employee in the chemical sector who’s arrested,” he said. “He was fired the day before and did something to sabotage the network…so somebody in the chemical sector gets that. ‘OK what do I do with that?’” The exercise even simulated the media’s response. “You have mock news reports,” he said. “It shows up on the Web as a news story. People are reading that and they have to separate out what’s the level of hearsay in the news report.” By participating in Cyber Storm II, emergency response mangers could find out if their plans worked out as expected, and, in particular, if people wound up doing what the planners thought they would do, said a senior information systems manager at the Dow Chemical Company, speaking during a conference panel discussion. Because some of the findings from the exercise are sensitive, the DHS will not discuss specifics until the after-report is issued, and that is not expected to happen until August at the earliest. Source:

35. April 9, Times Online – (National) US security chief: cyber-threats ‘on par’ with 9/11. Computer-based threats are now as serious as those in the material world, said the Homeland Security secretary today at the RSA Security conference in San Francisco. He said that computer-based attacks had the ability to cripple financial institutions and government networks. “We take threats to the cyber world as seriously as we take threats to the material world,” he told the gathering of security industry experts. His remarks came as a report by the British Chambers of Commerce found that 23 per cent of UK businesses had suffered from an attack by malicious software in the past year – more than twice the number that had been the victim of credit card fraud. He said that the US Government planned to shift its approach to fighting computer-based crime from what he called “a fundamentally backward-looking architecture” – analyzing attacks as they happened and tracing back to their source – to “an early-warning system.” He declined to elaborate on how officials would monitor and flag up threats before they materialized, saying the details were classified, but admitting that the new approach presented significant technical challenges. He said that there were too many openings in government networks through which cyber-criminals were able to inject malicious software, and that one of the first goals of the new system would be to reduce the number of access points from thousands to about 50. Source:

36. April 9, Network World – (National) Experts hack power grid in no time. Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day. The expert, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company’s desktops. By the end of a full day of the attack, they had taken over several machines, giving the team the ability to hack into the control network overseeing power production and distribution. He says he and his team were hired by the power company, which he would not name, to test the security of its network and the power grid it oversees. He would not say when the test was done, but referred to the timeframe as “now.” The company called off the test after the team took over the machines. The problem is pervasive across the power industry, he says, because of how power company networks evolved. Initially their supervisory, control and data acquisition (SCADA) networks were built as closed systems, but over time intranets and Internet access have been added to the SCADA networks. Individual desktops have Internet access and access to business servers as well as the SCADA network, making the control systems subject to Internet threats. “These networks aren’t enclosed anymore. They’ve been open for more than a decade,” he says. Source:

Communications Sector

37. April 10, ars technica – (International) Researchers map Internet black holes. A University of Washington research project that tracks down Internet black holes – places where packets vanish – has created a live map system which shows the locations of these anomalies, updating itself every fifteen minutes. The monitoring system, called Hubble, uses approximately 100 PlanetLab sites around the world to ping various IP prefixes in search of black holes. It uses a hybrid monitoring approach which conducts passive analysis on Border Gateway Protocol (BGP) feeds and launches targeted active probes when it detects potential problem areas. The researchers say that Hubble can detect 85 percent of all Internet “reachability” problems. In three weeks of collected data, the researchers found over 31,000 “reachability” problems, 10 percent of which lasted for over a day. Most of the network problems detected by Hubble are partial “reachability” failures, which means that sites can be accessed from some locations but not others. The Hubble map system lets users click various points to see which locations have access to a given point during a partial “reachability” failure. “There’s an assumption that if you have a working Internet connection then you have access to the entire Internet. We found that’s not the case,” said a UW doctoral student. According to the researchers, ongoing data collection could help network operators identify and resolve problems faster and could also potentially be used to create network detour systems that automatically route traffic around black holes for applications that require uninterrupted service. Researchers hope that more study will provide solutions to routing and “reachability” problems, making it possible to improve Internet robustness. Source: