Friday, January 4, 2008

Daily Report

• The Associated Press reported that on Monday the State Department approved technology, which will allow passport cards to be read from up to 20 feet away. A passport card can be used by U.S. citizens instead of a passport when traveling to other countries in the western hemisphere. Privacy advocates criticized the department for not doing more to protect information on the card, but the State Department said privacy protections will be built into the card. (See items 12)

• Also according to the Associated Press, prosecutors in Davis County, Utah, are dropping charges against a Hill Air Force Base employee who crafted more than 40 pipe bombs, which were found stashed behind two area businesses. The county says it will dismiss its case in lieu of federal charges that carry stiffer potential penalties. Federal prosecutors have charged the man with one count of possessing improvised explosives devices or bombs and one count of storing explosive material in a manner not in conformity with regulations. (See item 26)

Information Technology

19. January 2, Computerworld – (National) ‘Ransomware’ extorts payment with phone call. New “ransomware” that locks up a person’s PC and demands $35 to return control to its user is on the prowl, a security researcher said this week. The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said the CEO of Sunbelt Software Distribution Inc., a Clearwater, Florida-based security developer. That number can be traced to “passwordtwoenter.com,” a payment processor also used by hardcore pornography Web sites to charge for access to their content, he added. Users infected with the Trojan horse see a full-screen message posing as an error generated by Windows, according to screenshots posted on the Sunbelt company blog on Monday. “ERROR: Browser Security and Antiadware [sic] Software component license exprited [sic],” the message reads. “Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows [sic] and threatens with infection of your computer by harmful viruses, adware, spyware, etc.” The bogus update window includes a “Click to activate new license” button that in turn brings up another screen, this one telling U.S. users to dial a 900 telephone number and enter a personal identification number (PIN). If the 900 number does not work, the page instructs users to dial alternate numbers -- one in the West African nation of Cameroon, the other a satellite telephone number. “You’re completely locked out of the system” after the Delf.ctk Trojan horse installs and runs, said Sunbelt. The only way to regain control is to pay up by dialing. Ransomware, a term used to describe malware that tries to extort money from users after an infection -- usually to return access to suddenly-encrypted files -- is rare, but not unknown. The last outbreak of any note was in July 2007, when another Trojan horse, dubbed “GpCode,” demanded $300 to unlocked frozen files.
Source:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9054867&taxonomyId=17&intsrc=kc_top

20. January 2, Network World – (National) ‘Diehard’ virus variants flexing muscle. New Windows-based “downloader” malware known as Trojan-Downloader.Win32. Diehard has surged to the top of Kaspersky Lab’s “Virus Top Twenty” list for December because of its “explosive propagation,” the security firm said Wednesday. A downloader is a type of malware, which once loaded onto a victim’s machine, can enable the attacker to download many other types of malicious code to exploit and control it for activities ranging from spam to information theft. The worst virus of the month in terms of sightings was not the Diehard downloader, but a variant on the old NetSky, the worm that is still spreading almost four years after being discovered. Kaspersky reckons that the NetSky.q worm surged to 20 percent of e-mail traffic last month. But the real surprise for December, according to Kaspersky, was that the Diehard variants grabbed the second, fourth, and seventh spots on its list. This was a surprise because the .dc modification variant, which grabbed the second-place ranking, first appeared only on December 21. But within a matter of days it constituted an estimated 80 percent of all malicious traffic for the month. Two other Diehard variants grabbed fourth and seventh place in December. In its own findings, Kaspersky Labs stated that the significance is that “classic e-mail worms” may still rank high, but they tend to quickly disappear, only “creating a backdrop for the real battle which is taking place,” which is “Trojan programs and phishing attacks.” Security firm Akonix, which specializes in instant messaging (IM) based defense, today said it counted three new IM-based worms in December — Cargar, Etest, and YMWorm — and determined that there have been a total of 346 IM-targeted malware types for 2007, down from the 406 IM malware types seen in 2006.
Source:
http://www.networkworld.com/news/2008/010208-diehard-virus.html

21. January 2, Dark Reading – (National) Breaches plague government agencies. Two more major losses of private data have been reported by government agencies in the past few days, adding fuel to fiery criticism of federal and regional government’s privacy practices over recent weeks, both in the U.S. and overseas. A holiday break-in at the Davidson County Election Office in Tennessee resulted in the theft of two laptops containing personal information on all 337,000 voters in the region, according to reports. The data included full Social Security numbers for each voter, and at least one report indicated that the data was not encrypted. Meanwhile, more than 10,000 U.S. Air Force active and retired employees were informed Friday that a laptop containing their Social Security numbers, birth dates, addresses, and telephone numbers is missing, according to reports. The laptop belonged to an Air Force band member at Bolling Air Force Base in Washington, D.C., and was reported missing from his home. A stolen laptop containing personal information was also reported by the Minnesota Department of Commerce on Friday. The data losses by the regional and federal government agencies in the U.S. are fuel to the fire of criticism that has taken place in the U.K. over the past several weeks, as more details come to light about breaches in several British government agencies. Criminals may not even have to break in or steal data to get citizens’ personal information from government agencies, according to a report in yesterday’s Washington Post. The report notes that criminals can gather names, Social Security numbers, and other personal data simply by scanning through online public records and documents.
Source:
http://www.darkreading.com/document.asp?doc_id=142215&WT.svl=news1_1

Communications Sector

22. January 3, Associated Press – (Wisconsin) Teen gets jail term for cutting Internet service. A teen accused of hacking into a computer system and shutting down Internet access to Marshfield, Wisconsin, for 18 hours has been sentenced to a 90-day jail term. The 18-year-old was granted work release privileges as part of his jail sentence on a charge of entering a computer system and causing damage. He also was ordered to serve three years probation and pay restitution of just under $6,000. The criminal complaint said the Berlin, Wisconsin, resident attempted last April 25 to gain access to a control console interface at a Solarus computer system station in Marshfield. The first attempt failed, but an attempt two minutes later was successful. When he turned off a router controlling Internet for customers in the Marshfield area, the system went down for about 18 hours and also sustained damage.
Source:
http://www.todaystmj4.com/news/local/13004667.html

23. January 2, Ars Technica – (National) WiFi flu: Viral router attack could hit whole cities. According to a paper written by a team of researchers at Indiana University, an attack that specifically targets wireless routers and spreads between them at any point where coverage overlaps could quickly and easily propagate throughout an entire city. Until recently, such an attack vector was considered unlikely. Wireless routers are inherently less secure than their wired counterparts, but the development of WPA encryption has increased (theoretical) wireless security significantly. More practically, wireless routers were not deployed in sufficient numbers and did not overlap their areas of coverage enough to present a significant propagation risk. As the density and scale of wireless coverage has expanded, however, the chance that a router-focused viral attack could cause significant damage has increased. The IU team’s goal was to map existing real-world wireless networks in various urban locations. Once this was done, the researchers simulated how quickly an infection would spread across the various networks tested and what general steps could be taken to prevent such attacks or reduce their severity. Modeled locations included Chicago, Boston, New York City, the San Francisco Bay area, Seattle, and both northern and southern Indiana. The data gathered from each area was then used to map the growth of a hypothetical viral infection. Although the areas modeled differed considerably in size, composition, and geography, all of them demonstrated a sharp initial infection rate as the virus spread across nonencrypted routers. By the time the infection phases had run their course, 10-55 percent of the routers in the measured area were controlled by malware. Such findings speak to the importance of strong security measures. Even if a minority of routers in any given area is using WPA, strategic positioning of such routers can prevent malware from escaping what becomes an effectively isolated area. To date, there have been no known attempts to attack a wireless network in this manner, but the increasing ubiquity of wireless connectivity makes such attacks almost inevitable. (For the PDF version of the Indiana report, see: http://arxiv.org/PS_cache/arxiv/pdf/0706/0706.3146v1.pdf.)
Source:
http://arstechnica.com/news.ars/post/20080102-wireless-router-security-flawscould-fuel-viral-outbreak.html

24. January 2, KLAS 8 Las Vegas – (Nevada) Explosive device disrupts phone service. Residents in the northeast area of the Las Vegas Valley were without phone service while repair crews work on a transmitter that was damaged by an explosive device. Residents told police they heard an explosion around 3 a.m. Wednesday. Las Vegas police, the FBI, and ATF were on the scene investigating. Phone service was expected to be out until Wednesday evening.
Source:
http://www.lasvegasnow.com/Global/story.asp?s=7568343