Friday, November 30, 2007

Daily Report

• According to a Reuters report Thursday, the U.S. government may tap emergency oil reserves after the deadly pipeline explosion in Minnesota Wednesday cut off 10 percent of U.S. foreign oil supplies. The DHS cited no known links to terrorism in the fire, and two of the four pipelines linking Ontario and the Central US reopened Thursday. Nevertheless, the system’s throughput will likely be reduced for weeks. (See item 1)

• According to the Associated Press and a GAO report released Wednesday, the nation’s nuclear weapons laboratories need tougher safety oversight to fix a recent track record that includes dozens of lapses, accidents and near misses. The report found a lax attitude toward safety procedures, weaknesses in identifying and correcting safety problems, and inadequate oversight by the National Nuclear Security Administration. The review cited nearly 60 serious accidents or near misses since 2000. (See item 7)

Information Technology

25. November 29, CNN (National) FBI: Millions of computers roped into criminal “robot networks.” More than 1 million computers in the last five months have become part of robot networks, or “botnets,” in which hackers take over computers without their owners’ knowledge and use them in criminal campaigns, the FBI said Thursday. The bureau in June announced Operation Bot Roast to stop this emerging type of cyber attack, which the FBI estimates has resulted in $20 million in losses and theft. More than 1 million computers were infected with botnets when the FBI launched Bot Roast, and another million have been identified since then. Industry numbers suggest there are millions more. According to an FBI news release, since New Zealand authorities in tandem with the FBI searched the home of an individual whose “elite international botnet coding group” is suspected of infecting more than 1 million computers, 13 additional search warrants have been served around the world, and eight individuals – in Washington, Pennsylvania, Florida, California and Kentucky -- have been indicted or found guilty of crimes related to botnets. Such crimes include fraud, identity theft and denial of service attacks in which computer Web sites and other resources are made unavailable. The schemes target more than individual computer users. The FBI in a news release said recent attacks have ensnared a major financial institution in the Midwest and the University of Pennsylvania. According to a September report from Symantec Corp., China had the most infected computers at 29 percent, followed by the United States at 13 percent. However, Symantec said, 43 percent of all command-and control servers -- which botnet operators use to relay commands to infected computers in their network -- were located in the United States. Symantec reported that in the first half of 2007 it had detected more than 5 million computers that had been used to carry out at least one cyber attack a day. The number represented a 17 percent drop since the previous reporting period, Symantec said.

26. November 29, Reuters – (International) World faces “cyber cold war” threat. A “cyber cold war” waged over the world’s computers threatens to become one of the biggest threats to security in the next decade, according to a report published by McAfee on Thursday. About 120 countries are developing ways to use the Internet as a weapon to target financial markets, government computer systems and utilities, an Internet security company said, adding that intelligence agencies already routinely test other states’ networks looking for weaknesses and their techniques are growing more sophisticated every year. The report said China, which has been blamed for attacks in the United States, India and Germany, is at the forefront of the cyber war. It said China has been blamed for attacks in the United States, India and Germany. China has repeatedly denied such claims. The McAfee report predicted that future attacks would be even more sophisticated. The report is online at

27. November 28, Infoworld – (National) Cost of data breaches keeps rising. In its third annual study into the financial impact of data breaches, Ponemon Institute reports the episodes are costing an average of $197 per lost or stolen customer record during 2007, a slight bump from the figure of $182 per exposed record that it tracked one year ago, and a significant gain over the estimate of $128 per record that the research firm published in its initial 2005 survey. Based on interviews conducted with 35 organizations that experienced data incidents in the last year, the Ponemon study found the average total cost of the breaches rose to $6.3 million in 2007, compared to an average of $4.8 million in 2006. The average number of records exposed in the breaches Ponemon studied was roughly 20,000 per incident, although among those organizations surveyed the incidents ranged from as few as 4,000 records to more than 125,000 records. However, while the cost of breaches has continued to rise, the research company contends that many organizations have improved their ability to react to the events. Even those firms who have experienced repeated incidents seem to have woken up to the idea of planning ahead and trying to prepare for the situation, said the research firm’s founder and chairman.

28. November 28, IDG New Service – (National) Web apps, Office among top security headaches, says SANS. Web-based applications and security holes in Microsoft Office are among the biggest threats faced by Internet users today, according to the SANS Institute’s annual security report, which compiles information on security threats from governments, security companies, and academics. Developers are not using secure coding techniques to create Web applications, giving hackers an opportunity to tap the rich databases of information connected to them, according to SANS, a computer training and security organization. The report also found fault with Microsoft Office. Vulnerabilities in the applications suite jumped almost 300 percent between 2006 and 2007, notably because of new flaws in Excel that allow hackers to construct documents that, when opened, can infect a computer with malicious software. The hackers attach those malicious documents to e-mail and use social engineering techniques, like attaching a file with an enticing name, to trick recipients into believing the document is important or comes from someone they know. Also on the rise this year was spyware, or programs that surreptitiously collect data on a user’s computer. Webroot, one of the security companies that contributed to the SANS report, said the number of Web sites rigged with spyware increased 187 percent this year.

Communications Sector

29. November 29, Reuters – (International) Global cell phone use at 50 percent. Worldwide mobile telephone subscriptions reached 3.3 billion -- equivalent to half the global population -- on Thursday, 26 years after the first cellular network was launched, research firm Informa said. In recent years the industry has seen surging growth in the outskirts of China and India, helped by constantly falling phone and call prices, with cellphone vendors already eyeing inroads into Africa’s countryside to continue the growth. But although mobile subscriptions have reached the equivalent of 50 percent of the population, this does not mean that half the people in the world now have a mobile phone, since Informa said 59 countries have mobile penetration of over 100 percent -- where some owners have more than one phone.

30. November 29, IDG News Service – (International) Cell phone battery explodes in the night. A New Zealand man was woken in the middle of the night when his cell phone battery exploded and burst into flames, the second exploding battery incident reported this week. The phone had been charging while he was asleep. The phone was made by Nokia, which asked the man to turn over the battery and charger so it can investigate. In August, Nokia issued an advisory about faulty batteries in some of its phones. It said 46 million Nokia-branded BL-5C batteries were vulnerable to a short circuit that could cause them to overheat while recharging, and offered to replace them for customers who are concerned. Also, on Wednesday, police in South Korea said a worker may have died because his cell phone battery exploded in his pocket, the Associated Press reported. The man was found dead at his workplace in a quarry with a melted cell phone battery in his shirt pocket, according to the report.