Friday, June 15, 2007

Daily Highlights

Department of Homeland Security Secretary Michael Chertoff on Tuesday, June 12, urged operators of water and waste treatment plants to secure chemicals such as chlorine from terrorists, although they're not required to do so. (See item 24)
Reuters reports U.S. officials asked business, health, and religious groups on Wednesday, June 13, to urge Americans to prepare for a possible flu pandemic with steps like storing food and supplies and staying home if ill. (See item 26)

Information Technology and Telecommunications Sector

32. June 14, USA TODAY — FBI cracks down on bot herders. The tech security world cheered the FBI's announcement Wednesday, June 13, of a crackdown on cybercrooks who control networks of compromised computers, called botnets, to spread spam and carry out scams. But the arrests in recent weeks of accused bot controllers James Brewer of Arlington, TX; Jason Michael Downey of Covington, KY; and Robert Alan Soloway of Seattle will barely make a ripple, security analysts say. "We applaud the government's involvement in stopping cybercrime," says Tom Gillis, senior marketing vice president at messaging security firm IronPort Systems. "But these arrests are a tiny drop in the bucket." Soloway made a name for himself selling spamming kits and botnet access to fledgling spammers, according to a civil case he lost to Microsoft in 2005. Downey and Brewer controlled smaller botnets, federal district court documents in Michigan and Illinois say. "Botnets are increasing, but we've just scratched the surface of what botnets are going to do," says Doug Camplejohn, CEO of security firm Mi5 Networks.

33. June 14, SecurityFocus — Government group may be needed to keep the Internet healthy. One researcher believes that the government needs to step in to assure the Internet stays healthy. Spam and phishing researcher Joe St. Sauver argued during a panel discussion at the Anti−Phishing Working Group (APWG) Counter E−Crime Summit in San Francisco last month that most consumers are not up to the task of securing their own systems. With Internet service providers refusing to block infected systems because of the support costs and potential liability such an action would entail, and software makers unable to rout out all the bugs in their applications, the government may be the Internet's best bet, St. Sauver says. Attackers from other nations, especially China, appear to be involved in compromising U.S. computers, with infected systems becoming weapons in the hands of bot masters. And this week, the FBI announced that it had arrested three people on charges of using bot nets consisting of nearly a million PCs to send spam and attack online businesses. Like the Center for Disease Control, which prepared for and manages real−world health emergencies, St. Sauver's proposed agency would handle digital outbreaks and attempt to improve the overall health of the Internet.

34. June 14, Reuters — NATO says urgent need to tackle cyber attack. NATO defense ministers agreed on Thursday, June 14, that fast action was needed to tackle the threat of "cyber attacks" on key Internet sites after Estonia suffered a wave of assaults on its computer networks last month. "There was sentiment round the table that urgent work is needed to enhance the ability to protect information systems of critical importance," NATO spokesperson James Appathurai told a news conference at a two−day meeting in Brussels. "They (the attacks on Estonia) were sustained, coordinated and focused. They had clear national security and economic implications," he said. "That will be the subject of work here." Estonia suffered an onslaught of cyber attacks on private and government Internet sites, peaking in May after a decision to move a Soviet−era statue from a square in Tallinn prompted outrage from Russian nationals in Estonia and a diplomatic row with Moscow. The attacks appeared to have stemmed initially from Russia although the Kremlin denied it was behind the assaults.

35. June 13, InformationWeek — Hackers launching attacks against Yahoo Messenger bugs. Malware writers have latched on to the exploit code for the critical bugs in Yahoo Messenger, setting up 40 to 50 malicious Websites to attack unsuspecting, and unpatched, users. "This threat is critical," said Stephan Chenette, manager of Websense Security Labs, in an interview. "The use of [the exploit] has been increasing since its public disclosure." Chenette said malware writers have picked up the exploit code, which was first publicly posted last week, and have quickly gone to work with it. The malicious code takes advantage of buffer overflow security
issues in two ActiveX controls used in the instant messenger's Webcam image upload and viewing. Chenette said virus writers have taken the initial exploit code and come up with a variety of different pieces of malware. The code is embedded in 40 to 50 Websites. When someone who uses Yahoo Messenger visits one of these sites, the exploit drops down into the machine and then downloads either a Trojan backdoor or a keylogger, according to Websense. Both the keyloggers and downloaders mainly are looking for passwords and banking information to send back to the hacker.

36. June 13, ComputerWorld — Exploits hot on the heels of Microsoft's patches. Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed Tuesday, June 12. Microsoft's June set of security updates patched 15 separate vulnerabilities. Exploit code for two of the bugs −− one in Internet Explorer (IE), the other in Windows XP, Windows 2000 and Windows Server 2003 −− have been posted to the Bugtraq and Full−disclosure mailing lists by researchers. A. Micalizzi went public with a pair of exploits −− one successful against Windows 2000, the other against Windows XP −− that leverage one of the six IE bugs patched Tuesday. A bug −− actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed −− was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. Wednesday, June 13, another researcher posted proof−of−concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07−031. Thomas Lim, CEO of Singapore−based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot.

37. June 13, Reuters — China trying to unseat U.S. as lead cyberpower. China is seeking to unseat the United States as the dominant power in cyberspace, a U.S. Air Force general leading a new push in this area said Wednesday, June 13. "They're the only nation that has been quite that blatant about saying, 'We're looking to do that,'" 8th Air Force Commander Lt. Gen. Robert Elder told reporters. Elder is to head a new three−star cybercommand being set up at Barksdale Air Force Base in Louisiana, already home to about 25,000 military personnel involved in everything from electronic warfare to network defense. The command's focus is to control the cyberdomain, critical to everything from communications to surveillance to infrastructure security. Elder described the bulk of current alleged Chinese cyberoperations as industrial espionage aimed at stealing trade secrets to save years of high−tech development. He attributed the espionage to a mix of criminals, hackers and "nation−state" forces. Virtually all potential U.S. foes also were scanning U.S. networks for trade and defense secrets, he added.