Wednesday, December 12, 2007

Daily Report

• According to Reuters, utilities were bringing in out-of-state crews to help restore electric service after a weekend ice storm knocked out power to more than 530,000 customers in several states in the Central Plains. The weekend storm entered Oklahoma early Sunday, bringing freezing rain that caused significant ice accumulation on trees and overhead power lines. The weight of the ice pulled down tree branches and power lines, cutting power. That system later moved across Kansas, Missouri, and Illinois. (See item 2)

• The San Francisco Chronicle reported on technology now being tested that would detect a dangerous quake along any of California’s seismic faults and provide seconds or even minutes of early notification. Three systems are currently under test by California’s Integrated Seismic Network, but even if they demonstrate complete success, the state’s network of seismic monitoring instruments is far from ready, especially as compared to systems now deployed in several European and Japanese locations. (See item 22)

Information Technology

25. December 11, IDG News Service – (National) DNS attack could signal Phishing 2.0. Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet. The study, set to be published in February, takes a close look at “open recursive” DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks. The researchers estimate that there are 17 million open-recursive DNS servers on the Internet, the vast majority of which give accurate information. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a “second secret authority” for DNS that is undermining the trustworthiness of the Internet, the researchers warned. Attacks on the DNS system are not new, and online criminals have been changing DNS settings in victim’s computers for at least four years now, said a Georgia Tech researcher. But only recently have the bad guys lined up the technology and expertise to reliably launch this particular type of attack in a more widespread way. While the first such attacks used computer viruses to make these changes, lately attackers have been relying on Web-based malware.

26. December 10, – (International) Online terror camps cut overhead, teach Google Earth target acquisition. Western governments have ceded the Internet to terrorists, security experts are warning. Most European Union governments as well as the United States have dismissed pro-Al Qaida websites as merely propaganda without understanding their capability to recruit and carry out operations. Western experts said Al Qaida’s use of the Internet has been so successful that the movement has shut down training camps in Afghanistan. Instead, they said, the Internet is used to teach operatives how to kill and maim. “Now they meet in cyberspace,” a professor in Israel and Germany told a conference on Internet security at the headquarters of Germany’s Federal Police Office. “They teach people how to become terrorists on-line. Al Qaida has launched a practical website that shows how to use weapons, how to carry out a kidnapping, how to use fertilizer to make bombs.” Here is how it works: Al Qaida operates a series of websites that covers everything from indoctrination, recruitment, targeting, and operations. Those with questions can use Al Qaida’s chat rooms. The Internet has vastly reduced the need for target reconnaissance by Al Qaida. The professor, regarded as a leading expert in Al Qaida-aligned websites, told the November 21 conference in Wiesbaden, Germany, that Al Qaida uses Google Earth, which scours satellite images, to locate targets. But Western governments have been torn between following Internet crime and terrorism. The president of the German Federal Police Office raised another issue. Terrorists and other criminals often use laptops in apartment buildings where they latch on to the connections of other wireless users, which he said often prevents authorities from identifying users of Al Qaida websites. A former British parliamentarian and president of the British Defence and Security Forum agreed, saying terrorists operate 7,000 websites that remain in operation and uncensored.

27. December 10, XML Journal – (National) SMobile predicts spike in mobile viruses once Google phone hits. According to SMobile Systems, the launch of Google Phone platform will be among the most positive transformational moments in mobile communications history by further merging computers with mobile devices. But while millions of people will now be able to “compute on the run,” those same consumers will be a high-value target for hackers, spammers, and others intent on hacking the new phones. In response to the news surrounding the potential launch of the Google Phone operating platform, SMobile Systems, a developer of mobile security solutions, announced today that it is developing a series of security solutions for devices coming to market using the Google platform. The open architecture of Linux, the operating system Google chose for its phones, will allow thousands of developers to create third party applications for Google-enabled devices. Its Linux-based operating system will quickly enable hackers to explore and eventually exploit any security holes in the core Google software as well as third party software, allowing phishers, spammers, and others to look for ways to target users’ information for ill intent. “SMobile has monitored an explosion in mobile viruses around the world; there are now more than 400 identified mobile viruses. No longer are these viruses merely nuisances. These viruses are getting more insidious in nature, smarter in their design, and ultimately more dangerous to consumers, corporate smart phone users and to the carriers who provide service,” said the firm’s chief technology officer.

Communications Sector

Nothing to report.