Thursday, December 27, 2007

Daily Report

• WSMV 4 in Nashville reports that water found in old uranium-processing equipment at the K-25 site created a nuclear safety scare earlier this month and temporarily halted work to decommission the World War II-era facility. The water was a concern because it can serve as a moderator for nuclear reactions, and the old process systems contain deposits of enriched uranium – a material capable of nuclear fission under certain circumstances. (See item 5)

• According to, the profile of computer hackers is changing. Hackers are no longer loners; rather they have their own community and social networks, and the ability to share tactics and methods. Moreover, more women and girls are becoming involved in hacking. One explanation for the changes may be that malicious hacking in the name of nationalism is tolerated, or even encouraged, in some countries. (See item 22)

Information Technology

21. December 26, Computerworld – (National) Storm botnet drops strippers, switches to New Year’s greeting. Just a day after unleashing spam featuring Christmas strippers, the Storm botnet switched gears yesterday and began duping users into infecting their own PCs by bombarding them with messages touting the new year, said security researchers. According to U.K.-based Prevx Ltd. and Symantec Corp. in Cupertino, California, the botnet of Storm Trojan-compromised computers started sending spam with subject headings such as “Happy 2008!” and “Happy New Year!” late on Christmas Day. The messages try to persuade recipients to steer for the Web site to download and install a file tagged “happy2008.exe,” said researchers at both firms. However, the file is actually a new variant of the Storm Trojan. A Prevx representative reported that the company had seen two general variants by early Wednesday. “The first has been online for about 10 hours, and we’ve seen 166 different repacked versions of it,” he said in a company blog. The Storm code has been repacked every few minutes using a polymorphic-like technique since Monday, when the botnet started spreading stripper spam. Frequent repacking is a trick malware authors use to deceive signature-based antivirus software. The Storm botnet’s herders are also using fast-flux DNS (Domain Name System) tactics to keep the site operational, said Symantec. Fast flux, which the Storm botnet did not originate but has often used, is another antisecurity strategy; it involves rapidly registering and deregistering addresses as part of the address list for either a single DNS server or an entire DNS zone. In both cases, the strategy masks the IP address of the malware site by hiding it behind an ever-changing array of compromised machines acting as proxies. The notorious Russian Business Network malware hosting network has become infamous for using fast flux to hide the Internet location of its servers, making it difficult for security researchers, Internet service providers or law enforcement officials to track the group’s cybercrimes.

22. December 26, – (International) Profile of computer hackers changing. Most people involved in computer crimes are nameless and faceless to the organizations they attack, with the obvious exception of insiders. A few become known as a consequence of getting caught. But what is notable about these young men and other cybercriminals is not so much their identities as their community. “I don’t think the hacker is a loner anymore,” said a senior security researcher at SecureWorks. “People that author malware feel like they have their own community now, their own social circles. They have their own social networks.” Cybercriminals today have plenty of support for their attacks and scams. They can buy automated attack kits or information about undiscovered exploits. They can rent botnets -- groups of compromised computers -- to spam, steal personal data, or conduct denial-of-service attacks. Their questions about breaking into other people’s computers can be answered through IRC chats or Web forums. They are part of a thriving underground economy that is expected to grow in 2008. And as cybercrime becomes an even bigger business, the profile of the cybercriminals is broadening beyond young men with computer skills. The researcher said cybercriminals still appear to be predominantly male, “but we see a lot more women and girls involved in hacking.” One explanation for that may be that malicious hacking in the name of nationalism is tolerated, or even encouraged, in some parts of the world. “I’ve been really amazed at the way people defend their actions,” the SecureWorks researcher continued, “I’ve had people argue that it’s not a bad thing.” He recounted an article he had translated from a small-town Russian newspaper that lauded two local hackers for sticking it to “those Capitalists.” Russian nationalism appears to be the motivation behind the massive distributed denial-of-service attack that hit Estonia in April. Attacks traced to China are also often attributed to nationalism. But more often than not, the real motivation is money.

Communications Sector

23. December 26, BetaNews – (International) Russia launches GPS-like satellites on Christmas Day. While most nations sat practically still during the traditional late December lull, Russia sent the rest of the world a present on Christmas Day by shooting the last three of its GPS (Global Position System)-compatible GLONASS (Global Navigation Satellite System) satellites into space. Although the 24 satellites in the GLONASS system will be used mostly by the Russians for military tracking, GLONASS is supposedly interoperable with the United States’ GPS -- a navigational and mapping system which is utilized heavily for both military and civilian purposes -- and the still emerging Galileo system of the European Union. With the expansion of GLONASS, the Russians want to boost the high tech sector of their economy, too – and it looks as though they will add other civilian applications, as well. GLONASS already works over most of Russia, providing an instant fix of position once the satellites are located. Russia’s plans call for global coverage by the end of 2009, after all 28 satellites in the system are fully functional. GLONASS replaces Tsikada, a previous satellite system launched back in the days of the former Soviet Union. Tsikada took from one to two hours to calculate a position. GLONASS encountered delays with the floundering of the Russian economy during the late 1990s. But with abundant new government funding, it is now expected to be fully ready ahead of Europe’s Galileo. According to Russian officials, GLONASS will be used mostly alongside the U.S. GPS system. The U.S. GPS system, however, can be switched off for civilian subscribers by the U.S. government. The U.S. did just that during recent military exercises in Iraq, for example. The ground control segment of GLONASS is reportedly located entirely within the territory of the former Soviet Union.