Wednesday, January 30, 2008

Daily Report

• According to the Knoxville News Sentinel, three workers were contaminated with radioactivity January 16 while unpacking a shipping container at the EnergySolutions waste-processing facility in Oakridge, Tennessee. There reportedly were a number of problems with the waste shipment that arrived from the U.S. Enrichment Corp. (USEC) in Portsmouth, Ohio. A spokeswoman said the innermost container spilled some of its radioactive contents. However, there were several protective over-packs in the shipping container, so none of the material was released to the environment during the transportation from Ohio to Tennessee. (See item 5)

• The Associated Press reports that the airplane, which had been named in a threatening phone call, was moved to a remote part of Los Angeles International Airport after it landed Monday. An FBI spokeswoman said the move Monday afternoon was strictly precautionary and that the person who made the call to a law enforcement agency is under investigation. (See item 11)

Information Technology

23. January 29, Inquirer – (National) Cybercrooks come up with new ideas. Cybercriminals are apparently coming up with more crafty and sophisticated ways to hack data now that owners are installing firewalls and virus checkers. According to USA Today, the latest technique is to attack home network routers instead of PC hard-drives. Another uses hacked PCs to click on Internet adverts to generate ad payments. A senior researcher at security firm ScanSafe said that attacks were becoming more frequent and continue to grow increasingly more sophisticated in 2008. The router hack seems to be the brain child of one particular gang which has successfully used it to get money out of a Mexican bank. This involves sending out tainted e-mail greeting card that, when opened, give the intruders control of the recipient’s router. It only worked on one router model, but fortunately for the crooks it just happened to be one run by the bank. A Symantec spokesman said that the attack was so successful it was almost certain to be copied by others who would use other router brands.

24. January 28, Dark Reading – (National) Exploit could taint forensics. What if a hacker could taint your forensics investigation with an exploit? That is one of the scarier risks associated with cross-site request forgery (CSRF), a common and stealthy vulnerability found in many Web applications. CSRF can be used by an attacker to force a user’s browser to conduct searches on behalf of the attacker, grab files or pages, post messages to online forums, and even make changes to the user’s Website accounts. So when an organization is conducting either its regular Internet monitoring of inappropriate use by its users, or a full-blown forensics investigation, a CSRF exploit could falsely implicate an innocent user, says a principal consultant with Mandiant, who will give a presentation on this topic at Black Hat D.C. next month. These investigations often rely on a user’s Web browser cache and history to reconstruct a user’s suspicious activity, so if the user’s machine is infected with CSRF, that data is not reliable and an innocent user could be mistakenly accused of wrongdoing when it was actually an attacker behind it. “Without them knowing it, the [exploit] could be transparently making Web pages and loading pages in the background they don’t know are there,” the consultant says. “And there’s also typically a lot of traffic going out from the browser as well.” A CSRF attack on the user’s browser eventually could be raised as a defense in a case, he notes, so an investigator needs to take that possibility that into account during an investigation. “Was the bad activity in the cache or history not actually done by that person? You need to proactively look at that.”

25. January 28, SC Magazine – (National) Super Bowl blitz begins: Bogus sites with malware pop up. Security researchers have warned that malware-laced bogus Super Bowl websites have begun appearing, the first wave of what is expected to be a major campaign of game-related cyberattacks. Trend Micro’s TrendLabs reported on its blog that it has detected two malware-infected sites with similar sounding URLs to the official Super Bowl XLII game site. According to TrendLabs, the two malware sites – including the words “www-superbowl.html” and “www-superbowlcom.html” in their URLs – were found in the servers of a Czech hosting provider believed to have been hacked. TrendLabs said in its blog posting that it contacted the Czech CERT and the Czech hosting provider after detecting the malicious code. The two malware sites are turning up in search results when users search Google for “Superbowl,” TrendLabs said. The vice president of security research at Websense told last week that the most likely form of attack to materialize in the run-up to the February 3 game will be botnet-generated phishing emails delivered in messages with Super Bowl related subjects.

Communications Sector

Nothing to report.