Tuesday, April 15, 2008

Daily Report

Information Technology

39. April 14, Computerworld – (National) Hackers open new front in payment card data thefts. Security managers often describe their efforts to protect corporate data from being compromised as a full-fledged battle of wits against cybercrooks who are continually arming themselves with innovative tools and methods of attack. The security breaches disclosed last month by Hannaford Bros. and Okemo ski resort – along with unconfirmed reports of dozens of similar network intrusions – suggest that a new front may have opened up in the battle. The recent incidents have also prompted some to question whether the payment card industry’s highly publicized data security standards are fully equipping companies to fend off attackers. What’s noteworthy about the Hannaford and Okemo breaches is that they both involved the theft of data in transit – credit and debit card information that was being transmitted from point-of-sale systems to payment processors in order to authorize transactions. Just two weeks after Hannaford disclosed its breach, Okemo reported that data from more than 46,000 payment card transactions may have been compromised during a 16-day system intrusion in February. Some of the stolen data was from transactions that occurred two years ago, but data from purchases made by customers while the intrusion was taking place appears to have been stolen in real time during the authorization and card-verification process, according to a spokeswoman for the Ludlow, Vt., ski area. If that is indeed the case, it indicates that malicious hackers are starting to focus on stealing card data while it is on the move, instead of trying to take information that’s stored on systems. Ironically, the push by attackers to get at data in transit is likely in response to retailers’ efforts to implement the security controls mandated by the Payment Card Industry Data Security Standard, or PCI for short, said a Gartner Inc. analyst. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=316536&intsrc=news_ts_head

40. April 14, The Register – (International) Database Trojan infests pro-Tibet websites. Security researchers have unearthed more details about a Trojan that targets backend databases as well as desktop clients. The Fribet Trojan has been planted on pro-Tibet websites, possibly using a Vector Markup Language flaw (MS07-004) patched by Microsoft early last year. When visitors to the pro-Tibet websites are infected, the Fribet Trojan creates a backdoor on compromised hosts. In addition, it loads a “SQL Native Client” ODBC library that is designed to execute arbitrary SQL statements received from a command and control server. The feature provides the ability to run arbitrary SQL commands from compromised machines onto connected database servers. This functionality allows hackers to steal data or modify databases, providing they are able to log onto these databases. The attacker still needs to find out the host name, database name, username and password. However, monitoring functions included with Fribet as well as easily-guessable weak and default values might leave the door open for hackers, net security firm McAfee reports. The Fribet Trojan emerges little more than a month after SQL injection attacks, which inserted iFrame links to sites hosting exploit scripts and malware on legitimate websites. Unlike those attacks, the Fribet Trojan can be usedagainst the attack sites protected against conventional SQL injection attacks. Source: http://www.theregister.co.uk/2008/04/14/database_trojan/

Communications Sector

41. April 14, The Register – (International) Dubai impounds cable slicing ships. Two ships whose anchors damaged an undersea cable in the Persian Gulf have been traced by the cable operating company using satellite imagery. The owners of one vessel have paid compensation for the damage caused, and the second remains impounded by Dubai port authorities. The Hindu of India reported last week that company officials said they had identified the ships and located both in Dubai. “The matter has been brought to the notice of appropriate authorities which are taking necessary action,” a company officersaid. The Khaleej Times reported on Friday that an officer of the Korean-owned MT Ann had admitted liability, and the owners had paid $60,000 compensation to Reliance. The Ann has now been released. The other vessel, MV Hounslow, remains impounded. The Hounslow is said to be Iraqi owned, and it appears that her captain was not on board when the vessel was seized by Dubai coastguards and police. Two crewmembers have been arrested. Some $350,000 is sought in the case of the Hounslow, which is accused by Reliance of having abandoned its anchor after having tried and failed to get it free of the cable. Most accounts of the outages earlier this year have it that two cables were cut in one incident off Egypt and one more in the Gulf. (There was also a power cut at the same time affecting a second Gulf cable, and erroneous reports of a fifth problem, which fuelled speculation regarding some kind of worldwide foul play.) It would appear that the Ann and the Hounslow were responsible for the Gulf damage, both having been close to Dubai at the time. The anchors of the two ships, according to the Khaleej Times damaged the FALCON line between Dubai and Oman. The cause of the Mediterranean breakage remains unreported. Source: http://www.theregister.co.uk/2008/04/14/undersea_cable_cut_ships_nabbed/