Wednesday, January 16, 2008

Daily Report

• KGTV 10 San Diego reported that an employee at the San Onofre nuclear power plant in San Diego falsified records for five years to show that hourly fire patrols were made, when in fact they were not. This has led the U.S. Nuclear Regulatory Commission to order Southern California Edison to make changes, including developing special safety training. (See items 6)

• According to the ASU Web Devil, a group of professors received approximately $263,800 from the National Center for Food Protection and Defense to research the possibility of agro-terrorism, or terrorists contaminating fruits and vegetables, coming through the border at Nogales. Members of the group will be traveling to Nogales to work with Mexican authorities to finalize the survey next month. The study will run through May 2009. (See item 16)

Information Technology

22. January 15, Network World – (International) Storm botnet gets profiled at Web site. Storm, which has grown into a large remotely controlled botnet since the initial worm appeared a year ago to infect victims’ machines, is getting a graphic profile on a Web site set up to track it. StormTracker on Secure Computing’s research portal displays real-time information compiled through sensors maintained in 75 countries. According to the director of intelligence analysis and hosted security at Secure Computing’s TrustedSource Labs, Storm has morphed into a botnet capable of various tasks, such as sending spam, establishing malicious Web pages or carrying out phishing attacks. “In the last couple of days, it has conducted phishing attacks against Barclays Bank and the Bank of Nova Scotia,” he said. “It’s a fast-flux network with thousands of machines around the world, and it’s grown so that it’s almost impossible to shut down.” Secure Computing believes that the Storm botnet is operated by individuals in Russia, based on the firm’s analysis and registration of domain names, but would not provide specifics. The Secure Computing representative said the StormTracker site is intended to inform security managers about the botnet’s current shape and provide them with information they may wish to use to filter Internet access. The information Secure Computing is compiling is generated dynamically using the firm’s Trusted Source Reputation System.

23. January 14, IDG News Service – (International) 10,000 Web sites rigged with advanced hacking attack. A sophisticated hacking scheme seen early last year is affecting an increasing number of Web servers, including one owned by a major online advertising company, the chief technology officer of Finjan Software said Monday. It appears that a single gang is behind the attacks, since the malicious software it spreads is storing login and password details on one server in Spain, he said. Finjan is trying to get the ISP (Internet service provider) to shut it down, he said. A Web server of an online advertising company that serves 14 million banner ads to other Web sites has also been hacked, he said. That means that the PC of anyone who visits a legitimate site hosting a malicious banner ad could potentially be infected if their computer is not patched, he said. The latest problems show that the power of this particular hacking gang appears to be growing since it was identified early last year. At that time, Finjan said it found a number of Web servers that had been hacked in order to serve malicious code to visitors. The attackers used several methods to hide their tracks and infect a maximum number of PCs. The attack is structured using JavaScript so that the malicious code is only served up once to a PC, which helps avoid repeated tests by security scanning services. Further, hackers also record the IP (Internet Protocol) addresses of crawlers used by search engines and reputation services, which evaluate the risk in visiting certain Web sites. Those page requests are then served with legitimate content. The JavaScript that starts the exploit also dynamically changes, which makes it more difficult to detect with security software, Finjan said. Once hacked, a Web server hosting hundreds of Web sites will serve up the attack code. The hackers also regularly change the vulnerabilities that the attack looks for in order to increase the chances a computer can become infected, Ben-Itzhak said. After the PC is infected, the malware can start collecting data on the machine, such as documents and passwords. Finjan has dubbed the attack “random js Trojan.” Finjan asserts that antivirus software is not as effective since the attack code can change so frequently.

24. January 14, Register – (National) Browser vulnerabilities and botnets head threat list. Security experts have looked into the crystal ball to predict the cyber attacks most likely to cause substantial damage this year. The resulting list drawn together by security experts under the auspices of the SANS Institute, is based on an analysis of emerging attack patterns. Two of the resulting predictions - malware on consumer devices and web application security exploits - have already come true in the early days of 2008, evidence that that the run down is closer to the mark than other security predictions. As is often the case, browser exploits came out as the top threat in the run down, but the risk is evolving. Web site attacks have migrated from simple exploits to more sophisticated attacks based on scripts that cycle through multiple exploits to yet more sophisticated attacks featuring packaged modules. One of the latest such modules, mpack, produces a claimed 10-25 per cent success rate in infecting surfers. Attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of security. Placing better attack tools on trusted sites is giving attackers a huge advantage over the unwary public. Meanwhile attackers have broadened the scope of the vulnerabilities they target to encompass components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. Evolution in existing threats -- including stealthier botnet control techniques and more subtle social engineering approaches in phishing attacks -- is a theme that runs through the whole list. The list includes, for example, increasing sophistication and effectiveness in botnets, cyber espionage efforts by well resourced organizations looking to extract large amounts of data – particularly using targeted phishing, and an increase in mobile phone threats, especially against iPhones and Android-based phones.

Communications Sector

25. January 14, Associated Press – (National) FCC asks Comcast about Internet filter. Comcast Corp. Monday said it has received letters of inquiry from the Federal Communications Commission regarding complaints that the company actively interferes with its subscribers’ Internet traffic. A coalition of consumer groups and legal scholars asked the agency in November to stop Comcast from discriminating against the sharing of certain types of Internet data among subscribers. Two groups also asked the FCC to fine the nation’s No. 2 Internet provider $195,000 for every affected subscriber. And Vuze Inc., a company that distributes video using BitTorrent file-sharing technology, later filed a separate complaint, asking the FCC to clarify how much power Internet service providers have in controlling traffic on their lines. In an investigation last year, The Associated Press found that Comcast in some cases hindered file sharing by subscribers who used BitTorrent. The findings, first reported October 19, confirmed claims by users who also noticed interference with other file-sharing applications. Comcast denies it blocks file sharing, but acknowledges milder interventions to improve the flow of traffic for the majority of its customers. “We look forward to responding to the FCC inquiries regarding our broadband network management,” said an executive vice president at Comcast, in a statement. “We believe our practices are in accordance with the FCC’s policy statement on the Internet where the Commission clearly recognized that reasonable network management is necessary for the good of all customers,” he added. Peer-to-peer file sharing is a common way to illegally exchange copyright files, but many businesses also are rushing toward it for legal distribution of video and game content.

26. January 14, InformationWeek – (International) Report critical of cell phone ban on U.S. planes. While passengers worldwide are allowed to use their mobile phones during flights, the United States remains closed to the idea, consequently causing travelers to be less productive, according to a report released Monday by Freesky Research. The ability to send data and make calls in-flight allows Middle Eastern, Asian, and European business travelers the opportunity to be more productive on commercial airplanes than U.S. travelers, according to the report. The Federal Communications Commission put a rest to the idea of allowing mobile phone use during flights last year. Commercial airlines in the United States continue requiring passengers to turn off their phones before a plane takes off. The FCC is concerned that mobile phones could disrupt other radio communications on planes. But Freesky Research contends that after testing mobile device interference with cockpit communications and navigation equipment for the last five years, and with systems now installed on passenger planes, there is evidence that mobile phones can be used in-flight without harm. As long as the United States maintains its current policy banning cellular antennas from being used on jets, it is allowing other countries to leap ahead with in-flight productivity, while facing mounting evidence that there is no safety benefit to passengers,” said the chief analyst at Freesky Research and author of two related reports, in a statement. In Europe, a cellular ground-based system called OnAir was approved last year for cell phone use in Airbus planes by the European Aviation Safety Agency. Passengers in other countries around the world, including Australia, Turkey, Malaysia, and India, can also use mobile phones during flights, Freesky Research said.