Tuesday, February 5, 2008

Daily Report

• According to a senior U.S. intelligence official, one of Al Qaeda’s top explosives specialists is training Western recruits for chemical attacks in Europe and perhaps in the U.S. One international counterterrorism official said there are indications that some operatives have received immunizations against biological agents. (See item 5)

• The Washington Post reports that the U.S. Park Police have failed to adequately protect such national landmarks as the Statue of Liberty, the Lincoln Memorial, and the Washington Monument and are plagued by low morale, poor leadership, and bad organization, according to a new government report. (See item 36)

Information Technology

31. February 4, vnunet.com – (National) Spear phishers target U.S. students. A new spear phishing attack is targeting the email accounts of U.S. university students. Researchers at SANS Institute said that the attacks are disguised as messages from administrators performing a ‘database update.’ The messages state that in order to keep their email accounts, the students must ‘verify’ the accounts by replying to the message with details such as user names, passwords, and date of birth. A SANS researcher wrote in the Internet Storm Center blog that the attacks are similar to those on European ISPs spotted earlier this year. The attackers use email addresses with the name of the school, although the accounts are hosted by an external email service such as Hotmail. He noted that, because the attack targets individual students, few messages are sent and the emails will often slip past spam filters. Administrators should be on the lookout for a large volume of incoming messages from the same address, as well as a large volume of messages with multiple recipients. Students should also be warned about the attacks.

32. February 4, SecurityFocus – (International) Antivirus firms, testers form standards group. Nearly two dozen companies announced on Monday the creation of an organization to set best practices and standards for the evaluation of antivirus software. As previously reported by SecurityFocus, more than 40 researchers met in Bilbao, Spain, last month to finalize the details of the group, dubbed the Anti-Malware Testing Standard Organization (AMTSO). The members of the group – which includes antivirus firms, testing labs, and security companies – create guidelines for the testing of software and act as a forum to analyze current anti-malware tests. “As anti-malware solutions become more complex, many existing tests are unable to evaluate product effectiveness properly, resulting in product reviews that are sometimes incomplete, inaccurate, and misleading,” the group stated on its Web site. “AMTSO is focused on addressing the global need for improvement in the objectivity, quality, and relevance of testing methodologies.” The founding of a group focused on testing standards comes 18 months after antivirus companies criticized independent product tester Consumer Reports for grading their products’ performance against test data that included 5,500 newly created virus variants. The antivirus companies questioned the reasoning that led to a testing lab writing viruses, while other security researchers argued that it is reasonable to measure the performance of antivirus software against previously unknown threats. The group is open to members from testing labs, antivirus companies, academia, and media reviewers.

Communications Sector

33. February 3, ArabianBusiness.com – (International) Internet problems continue with fourth cable break. Internet services in Qatar have been seriously disrupted because of damage to an undersea telecommunications cable linking the Gulf state to the United Arab Emirates (UAE), the fourth such incident in less than a week. Qatar Telecom (Qtel) said on Sunday the cable was damaged between the Qatari island of Haloul and the UAE island of Das on Friday. The cause of damage is not yet known, but ArabianBusiness.com has been told unofficially the problem is related to the power system and not the result of a ship’s anchor cutting the cable, as is thought to be the case in the other three incidents. It is expected to take at least “a few days” to fix, according to one person with knowledge of the situation. The damage caused major problems for internet users in Qatar over the weekend, but Qtel’s loss of capacity has been kept below 40 percent thanks to what the telecom said was a large number of alternative routes for transmission. It is not yet clear how badly telecom and internet services have been affected in the UAE. Etisalat is expected to release a statement on Monday. Parts of the region were plunged into a virtual internet blackout last Wednesday when two undersea cables were cut near Alexandria, Egypt. The situation was made worse on Friday when Flag, part of India’s Reliance Communications, revealed a third cable, Falcon, had also been damaged off the UAE coast. Etisalat said it does not use the Falcon cable and is therefore unaffected, but the UAE’s second telecom, Du, warned the damage could hamper its efforts to restore normal service to customers. Etisalat said it is helping Du minimize disruption. Flag said a repair ship was expected to arrive at the location of the third damaged cable in the next few days, but bad weather has prevented the vessel from setting off from Abu Dhabi port.

34. February 1, DSL Reports – (National) FCC focused on rural broadband. The Federal Communications Commission (FCC) plans for 2008 to be a year that is focused on rural broadband development. To that end, they have combined efforts with the U.S. Department of Agriculture to launch a new website entirely devoted to acting as a resource for information about rural broadband opportunities. The site provides an overview of broadband services, information about broadband funding, and news about broadband initiatives and FCC proceedings. The FCC has also announced plans to hold four rural broadband workshops throughout the year to assist communities in finding solutions to meet their broadband needs. (See the new rural broadband website at:http://wireless.fcc.gov/outreach/index.htm?job=broadband_home.)

35. February 1, RCR Wireless News – (National) Industry: FCC doesn’t have authority to mandate backup power at cell sites. The mobile-phone industry told a U.S. appeals court the Federal Communications Commission (FCC) exceeded its statutory powers in mandating the eight-hour backup power rule for cell sites as part of an otherwise legally flawed rulemaking. “By promulgating a sweeping mandate far beyond its regulatory authority without notice, the FCC produced a clumsy rule that fails to achieve any of its stated goals,” stated cellular industry association CTIA and Sprint Nextel Corp. in their opening brief. Industry said it already has taken significant measures since Katrina and other hurricanes of 2005 to protect critical networks components with adequate power and to ‘harden’ networks to better withstand harsh weather conditions. Moreover, wireless carriers said they employ solutions to power outages – such as cell sites on wheels, cell sites on light trucks, and satellite cell sites on light trucks – that do not require permanent power sources. Though not explicit in industry’s legal argument at the U.S. Court of Appeals for District of Columbia Circuit, cellphone and tower companies estimate the cost of compliance with the backup power rule could be in the hundreds of millions of dollars. The backup power rule was approved last year, following recommendations in 2006 by the Independent Panel Reviewing the Impact of Hurricane Katrina on Communications Networks. The agency responded to protests by partially modifying the rule and extending auditing and compliance deadlines. The new rule, among other things, calls for a minimum 24 hours of emergency backup power for telecom assets inside central offices and eight hours for other facilities such as cell sites, remote switches, and digital loop carrier system remote terminals. There are about 200,000 cell sites in the United States, with tower companies operating about 115,000 sites and operators controlling 85,000 sites.