As healthcare organizations work to earn the incentives dangled in front of them by the HITECH Act, the adoption of electronic medical records (EMR) has accelerated. But at the same time, healthcare fraud has also risen, and experts say if organizations don't effectively address data and database protection in healthcare's transition from paper to digital record-keeping, the threats to patient confidentiality and organizational security will skyrocket.More here.
Two surveys in recent months punctuate the security pundits' warnings. The first, a survey conducted by SK&A in February, showed that adoption rate of EMRs within U.S. medical offices in the past year rose by more than three percentage points, to 36.1 percent. EMR adoption is more prevalent in hospital- or health system-owned sites: Hospital-owned and health-system-owned sites have adoption rates of 44.1 percent and 50.2 percent, respectively.
This data tracks with another poll by NaviNet, which showed small-healthcare organization use has jumped up by three percentage points in the last year, from 9 percent to 12 percent.
Meanwhile, a third poll released by Javelin Research and Strategy in March illustrates the darker side of EMR's uptick: Fraud based on exposure to health data rose from 3 percent to 7 percent between 2008 and 2009.
Friday, April 30, 2010
Healthcare Not Up To Task Of Securing Electronic Medical Records, Experts Say
Ericka Chickowski writes on Dark Reading:
Encryption Can't Stop The Wiretapping Boom
Andy Greenberg writes on Forbes.com:
As encryption technologies have outpaced the mathematical methods of breaking crypto schemes, law enforcement has feared for years that scrambled messages between evildoers (or law-breaking activists) would thwart their snooping. But it seems that either lawbreakers aren't using encryption, or those privacy tools simply don't work.More here.
In an annual report [.pdf] published Friday by the U.S. judicial system on the number of wiretaps it granted over the past year, the courts revealed that there were 2,376 wiretaps by law enforcement agencies in 2009, up 26% from 1,891 the year before, and up 76% from 1999. (Those numbers, it should be noted, don't include international wiretaps or those aimed at intelligence purposes rather than law enforcement.)
But in the midst of that wiretapping bonanza, a more surprising figure is the number of cases in which law enforcement encountered encryption as a barrier: one.
According to the courts, only one wiretapping case in the entire country encountered encryption last year, and in that single case, whatever privacy tools were used don't seemed to have posed much of a hurdle to eavedroppers. "In 2009, encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications," reads the report.
Jury Convicts Palin e-Mail Hacker
Gregg Keizer writes on ComputerWorld:
After four days of deliberation, a federal jury today convicted 22-year-old David C. Kernell of two charges stemming from a 2008 break-in of an e-mail account used by former Alaska Gov. Sarah Palin.More here.
The former University of Tennessee student was convicted of felony destruction of records to hamper a federal investigation and of a misdemeanor charge that he unlawfully accessed a protected computer, reported the Knoxville News Sentinel and WBIR Radio, also of Knoxville.
Kernell broke into Palin's Yahoo Mail account during the 2008 presidential campaign by using the service's password reset mechanism. At the time, Palin was the 2008 Republican vice presidential candidate.
He faces a maximum 20-year prison term on the felony charge, and a maximum one-year stint for the misdemeanor offense. Kernell also faces a fine of up to $250,000.
Kernell was acquitted today of a federal wire fraud charge.
Wednesday, April 28, 2010
Texas Man to Plead Guilty to Building Botnet-For-Hire
Robert McMillan writes on PC World:
A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP -- just to show off its firepower to a potential customer.More here.
David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer, according to court documents.
On August 14, 2006, Smith and Edwards allegedly used part of Nettick to attack a computer hosted by The Planet. Apparently, that was just a test, to show that the botnet was for real. "After the test, the bot purchaser agreed to buy the source code and the entire botnet for approximately $3,000," prosecutors say in the indictment against the two men.
Edwards will plead guilty Thursday in federal court in Dallas, according to his attorney, Mick Mickelsen. Smith has pleaded innocent in the case and is set to go to trial on May 17. Both men face a maximum of five years in prison and a $250,000 fine on one count of conspiring to cause damage to a protected computer and to commit fraud.
EU Mulls New Central Cyber Crime Agency
Via OUT-LAW.com.
The Council of Ministers has asked the Commission to look at its agreed set of cybercrime objectives and investigate whether a new, centralised agency is a better way of achieving those than the current inter-agency co-operation.More here.
Its objectives include raising the standard of specialisation of investigators and prosecutors as well as judges and forensic staff; encourage information sharing between countries' police forces; and to harmonise the approaches taken to fighting cybercrime in the EU's 27 countries.
"[The Council] proposes that the Commission draw up a feasibility study on the possibility of creating a centre to carry out the aforementioned actions, where they have not already been achieved," said the text adopted by the Council this week. "The centre might also evaluate and monitor the preventive and investigative measures to be carried out."
"This feasibility study should consider, in particular, the aim, scope and possible financing of the centre and whether it should be located at Europol, "it said.
Tuesday, April 27, 2010
Indian National Recieves 81 months, $2.5M Fine for Stock Scheme
Jaikumar Vijayan writes on ComputerWorld:
An Indian national was sentenced Monday to 81 months in prison for hacking into online brokerage accounts and using those accounts to manipulate stock prices for personal gain.More here.
Jaisankar Marimuthu, 36, of Chennai, India, was also ordered to pay close to $2.5 million in restitution to the more than 90 people and seven brokerage firms that were victims of his illegal capers.
In February, Marimuthu pleaded guilty in federal court in Omaha to one count each of conspiracy to commit wire fraud, securities fraud, computer fraud and aggravated identity theft.
Marimuthu was arrested in Hong Kong and extradited to the U.S. last June. He had initially pleaded not guilty to the charges, but changed his mind earlier this year.
The Price For A Digital Fake Passport: One Dollar
Andy Greenberg writes on Forbes.com:
As Web registrars and digital currency companies try to weed out their cybercriminal customers, they're increasingly demanding proof of identity, often in the form of a passport. The problem with that safeguard: a shady industry of passport fraud has sprouted to provide those cybercriminals with throwaway identities, offering both digital scans and physical passport look-a-likes. The price of those forgeries: as little as one dollar.More here.
In a paper [.pdf] posted Monday by the Illinois non-profit cybersecurity research firm Team Cymru, the authors dug into the underground passport economy, collecting information from online forums and Web sites--largely Russian--offering the documents.
Here's why cybercriminals need fake passports: When they hijack a victim's account or create a new one in his or her name, they face the problem of how to transfer the stolen funds. In some cases, they've used Western Union to wire the money, employing "money mules" to move it physically from one account to another through several countries and hide the source of the crime. But Cymru points out that the process is expensive, and that Western Union has tightened its security, requiring Social Security numbers to wire large payments from the U.S. and carefully monitoring its branches' physical security to catch money mules.
Monday, April 26, 2010
Sunday, April 25, 2010
Why vampires might make better “better” halves ;)
Just finished watching the sequel to Twilight - New Moon – I know, I know I am like a coupla months late, but sure you guys know, it’s better late than never.
The celluloid rendition of Stephenie Meyer’s lovable Cullens, and may I especially mention the sinisterly handsome Edward Cullen, makes me forget the light years I am away from teenage!
While most cute lovey-dovey romances still do find a way to flutter my heart (*blush* *blush*), the Bella-Edward melodramatic extravaganza brings to life the dreamy childhood visions of fairy tales, princes on horses, et al…
Okay, now is the point I get incredibly sissy, so cutting myself short and getting to the point of the post, which is definitely not a review of any of the movies. (There’s nothing to critique, it’s a luscious momentary fantasy trip, best enjoyed without the application of the annoying grey matter in your head.)
What struck me – partly because of my innate skill at being the devil’s advocate and partly cos of my much cultivated and practiced talent of irritating Vish – was that vampires might just qualify as better marriage material than, you know, human beings.
So, ladies (and gentlemen), presenting 5 solid reasons why a vampire would make an awesome boy friend, partner, husband…
- First and foremost, you don’t have to cook for him. Imagine, never would you be subjected to comments like “My mom makes better sambhar”, “The food’s yumm, but you could go easy on the salt”, or questions like “What’s for dinner tonight?”, “Why are we always eating out, it’s been ages since I got home-cooked food?”.
- The second important reason is that he will be hyper sensitive – to your feelings, needs. So he will know exactly when the washing machine needs repair, the TV’s not working, the phone needs to be recharged and the credit card bill to be paid – All you have to do is close your eyes and wish, and boom he will be there to fix all that you want :). (The flip side is that if you are not Bella and he can read your mind, you might not be able to lie about the parlor expenses and the shopping bills, but let’s not ruin our fun with the cons.)
- Point 3; he can fly, and at what speed, wow! Imagine the continents you can visit without having to deal with air sickness, bumpy loos, and freakin visa issues – all on his back – oh, so romantic ;)!
- Point 4; he is eternal, indefatigable and incredibly powerful – he’ll fight the werewolves, the rowdies at the street corner, villain vampires, and the entire might of Voltaire for you because you would be the best thing that happened to him in about 100 years (*flutter* *flutter*). What an ego bolster is that kind of a yardstick :p?!?!
- Last but not the least, you can be a vampire too (he can convert you) – ageless, ever young, the master (mistress, rather) of your destiny, and then you can proudly answer when somebody asks your age, “I am 21. I have been 21 for a while now”. Yippie ;)!!!
Alas, if you thought good men were rare to find, such vampires are sure non-existent in this big bad world; so all that am doing is (sigh) waiting for 30 June 2010. That’s when the third movie in the Twilight Saga, Eclipse, releases.
P.S. Vish, I love you, and I know you are going to take me for the movie, and prove for a fact that there remain a few good men who can match upto the impeccable Cullens :D!
Saturday, April 24, 2010
1976: The Best You've Never Heard Of...
Mother's Finest.
The best of the 70's.
I remember those days so vividly.
We love Mother's Finest.
- ferg
Friday, April 23, 2010
Russian Cyber-Thief Case Illustrates Security Risks For U.S. Corporations
Stew Magnuson writes in National Defense Magazine:
Props: Terry Zink
“Vladimir” came from a good family in Moscow. His parents both had advanced degrees and he was an academic star in high school.More here.
He studied finance at his university and was equally well versed in computer science and physics. Smart, well spoken and personable, he could have been anything he wanted to be. But he chose to become a cyberthief.
Vladimir, an alias, preyed on wealthy Americans, said Mark Danner, a former U.S. intelligence officer, who is now a consulting manager for public safety and homeland security at NSI, a Washington, D.C.-based consulting group. Danner interviewed Vladimir in prison in an effort to put a face on the hacking menace.
“When it comes to the criminal world, the problem is that the faces of these perpetrators are really unknown,” he said at the Gov Sec conference in Washington, D.C. “They’re unknown in public and expert circles.”
While the federal government and Congress are making a push to toughen up the nation’s defenses in cyberspace, experts note that most of the vulnerabilities that thieves and spies are exploiting through the Internet are in the private sector, where state actors, criminal syndicates and hackers like Vladimir steal money and secrets with alarming regularity. Defense Department officials have warned companies doing business with the Pentagon to protect their data from foreign hackers.
A joint report from the Internet Security Alliance and the American National Standards Institute said chief financial officers and company leaders don’t appreciate the seriousness of the problem. Many simply do not want to invest the money needed to strengthen defenses against cybercrimes, despite government estimates that U.S. companies lost to network intrusions some $1 trillion in intellectual property from 2008 to 2009.
Props: Terry Zink
DHS Fills Key Cyber Security Posts
J. Nicholas Hoover writes on InformationWeek:
The Department of Homeland Security filled two key cybersecurity positions this month, a DHS spokesman confirmed, hiring former Defense Information Systems Agency CIO Bobbie Stempfley to head up the agency's National Cyber Security Division and giving interim U.S. Computer Emergency Readiness Team director Randy Vickers a permanent job.More here.
Stempfley takes over for Peter Fonash, who had been acting director of NCSD since Cornelius Tate left last year. Stempfley comes to DHS from DISA, where she worked for 10 years (over the last year as CIO), helping serve the Department of Defense with its networking and computing needs. While at DISA, Stempfley oversaw the continued evolution of the agency's rapid access computing environment private cloud computing platform.
Vickers, meanwhile, takes over for Mischel Kwon, who left US-CERT in August to head up professional services at RSA. Much of NCSD's proposed budget -- $315 million, to be exact -- will go to US-CERT, which helps to coordinate responses to cybersecurity threats by sharing information on vulnerabilities and exploits through an alert system.
FBI Names New Cyber Chief
Ben Bain writes on FCW.com:
The FBI has named Gordon Snow as head of its Cyber Division. Snow will oversee the FBI’s programs to thwart cyber-based attacks and high-technology crimes. Previously, Snow served as deputy assistant director of that division.Link.
Snow joined the bureau in 1992, after serving in the U.S. Marine Corps for more than 10 years. The division’s previous head, Shawn Henry, left that post earlier this year to become assistant director in charge of the FBI’s Washington field office.
Thursday, April 22, 2010
Plans For New Global Anti-Cyber Crime Treaty Fail at Last Minute
Gary Flood writes on Public Technology:
Hat-tip: The Register
To the dismay of law enforcement agencies globally, the UN just missed ratifying new international agreement to fight cybercrime that takes into account the global move to Cloud Computing.More here.
A Russian proposal to update the legislation in place to take account of the objections of the Third World foundered last week due to ongoing differences in what developing countries and the stance of the EU, US and Canada.
This is a problem, say security experts, as cybercrime, which has gained more and more of an international aspect as criminals use the Web's anonymity to keep one step ahead of the law, may only be effectively curbed if things like suspect server sites in one country (e.g., ironically enough in the former Soviet Union) are closed down – something that can only happen with cross-border co-operation between governments and police forces.
Hat-tip: The Register
Wednesday, April 21, 2010
U.S. Politicians Jockey Over Cyber Security Positioning
Ben Bain writes on FCW.com:
Cybersecurity appears to be on the verge of losing its status as one of the few areas of national security to remain relatively free of partisan bickering.More here.
Because the topic has never been colored neatly red or blue, debates about computer defense have focused largely on substantive rather than political differences, enabling policy discussions to continue despite the changing political fortunes of the political parties.
But now more than ever, the public is becoming aware of the dangers of computer attacks. As solely technology topics, they were once the province of geeks and policy wonks inside the Beltway. But they now make national headlines.
Given the highly politicized environment in Washington, cybersecurity will inevitably become a political lightning rod.
Tuesday, April 20, 2010
Report: Undersea Telecoms Cables Face Growing Risks
A Reuters newswire article, via Epicenter, reports:
Investors should urgently diversify the web of undersea cables that serve as the world’s information and banking arteries to address soaring demand and piracy concerns and reduce the risk of catastrophic outages.More here.
So says a report by a multinational research project that calls for the building of global backup routes for the submarine network that carries almost all international communications, including financial transactions and Internet traffic.
The report’s main author, Karl Rauscher of the Institute of Electrical and Electronics Engineers (IEEE), an international professional body, told Reuters changes should be made “before we have to learn the hard way.”
“This report is trying to have a September 10 mindset, where you actually do something about what you know on September 10 to avoid a September 11 situation,” Rauscher, who was an adviser to the U.S. government on cyber security after the September 11 attacks, said.
An executive summary of the report made available to Reuters says that the current probability of a global or regional failure of the network is very low, but is “not zero.”
Monday, April 19, 2010
California Senate Moves On New Data Breach Law
George Hulme writes on InformationWeek:
With 2003's landmark data breach notification law, SB-1386, California set the tone for the wave of state breach notification laws that would follow. Today, more states have similar laws than don't. Last week, the California Senate approved SB-1166 which aims to add more detail to the existing law.More here.
SB-1186, if signed in law, would require breach notification letters to shed more light on the nature of the breach affecting consumers. For instance, SB-1166 would require the letter include the type of information exposed, a description of the breach, and steps potential victims can take to mitigate risks.
Democratic California State Senator Joe Simitian, who authored SB-1186 and the original SB-1366, issued a statement detailing how the bill, should it become law, would strengthen California's existing law...
Cyber Attack on Google Said to Hit Password System
John Markoff writes on The New York Times:
Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.More here.
The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.
The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.
The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google’s that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in one place, popularly referred to as “cloud” computing, a single breach can lead to disastrous losses.
Feds Bust Website That Catered to Identity Thieves
Dan Goodin writes on The Register:
Federal prosecutors have brought felony charges against an Eastern European man for running a website that allegedly helped thousands of criminals exploit stolen financial information.More here.
In an indictment unsealed Monday, prosecutors in Manhattan charged Dmitry M. Naskovets with creating and running CallService.biz. The online business supplied identity thieves with English- and German-speaking individuals to call financial institutions and pose as authorized account holders. They would then confirm fraudulent withdrawals, transfers, and other transactions.
CallService.biz, which brazenly advertised its services on other websites, assisted more than 2,000 identity thieves carry out more than 5,000 instances of fraud, prosecutors alleged. The website was founded in June 2007 and remained in operation until earlier this month.
The service was designed to counteract security measures put in place by financial institutions to prevent account fraud. In exchange for a fee, the website took online orders that allowed identity thieves to enter instructions about the fraudulent transaction to be conducted over the phone. The website would then assign the job to an individual who spoke the appropriate language.
Computer Virus Traps Over 2,000 Tourists on Russian-Chinese Border
Via RIA Novosti.
Over 2,000 Russian tourists were stranded in the Chinese town of Heihe on the Russian-Chinese border after a computer virus paralyzed the border's electronic pass entry system, a transportation company official said on Monday.Link.
"According to the Chinese officials, at the customs office in Heihe, a computer virus caused computer systems to shut down on Sunday. Because of this, border crossing was closed until Monday morning," the spokesman said, adding that many of the Russian tourists were forced to spend the night in hotels.
The virus was deleted during the night and the border crossing will be operating normally again on Monday.
Sunday, April 18, 2010
TSA to Download Your iTunes?
Via The Washington Times.
Federal security workers are now free to snoop through more than just your undergarments and luggage at the airport. Thanks to a recent series of federal court decisions, the digital belongings of international fliers are now open for inspection. This includes reading the saved e-mails on your laptop, scanning the address book on your iPhone or BlackBerry and closely scrutinizing your digital vacation snapshots.More here.
Unlike the more common confiscations of dangerous Evian bottles and fingernail clippers, these searches are not being done in the name of safety. The digital seizures instead are part of a disturbing trend of federal agencies using legal gimmicks to sidestep Fourth Amendment constitutional protections. This became clear in an April 8 court ruling that found admissible the evidence obtained by officials who had peeped at a passenger's laptop files at George Bush Intercontinental Airport in Houston.
According to court documents, FBI agents had identified an individual suspected of downloading child pornography on an Internet chat room. The G-men, however, did not want to take their evidence before a judge to obtain a search warrant, as the Constitution requires. Instead, they flagged the suspect's passport and asked officials at the Department of Homeland Security to seize and search his computer at the airport - without a warrant. Three incriminating images were found during the examination, but this case is not about whether a particular person is a scumbag. It's about abusing a principle that applies to all Americans.
U.S. District Judge Gray H. Miller found in this case that neither probable cause, justification nor warrant were required to seize and examine the suspect's laptop. Judge Miller, in accord with a 9th Circuit appellate ruling handed down two years ago, explained that "the court finds that reviewing the files of a computer does not rise to the level of invasion of the privacy and dignity of the individual to make the search non-routine."
Friday, April 16, 2010
Yahoo! Beats Feds in e-Mail Privacy Battle
David Kravets writes on Threat Level:
Yahoo prevailed Friday over Colorado federal prosecutors in a legal battle testing whether the Constitution’s warrant requirements apply to Americans’ e-mail.More here.
According to the Electronic Frontier Foundation, the government withdrew its demands for e-mail in a pending criminal case, a move ending litigation over the hotly contested issue concerning when a warrant under the Fourth Amendment is required for Yahoo and other e-mail providers to release consumer communications to the authorities.
“The government has withdrawn its application, claiming that it no longer needs the information for its investigation,” Kevin Bankston, an EFF attorney, said by e-mail.
The brouhaha concerned a 1986 law that already allows the government to obtain a suspect’s e-mail from an internet service provider or webmail provider without a probable-cause warrant, once it’s been stored for 180 days or more. The government contended, and then backed off Friday, that it could get e-mail under 180-days old if that e-mail has been read by the owner, and the Constitution’s Fourth Amendment protections don’t apply.
Thursday, April 15, 2010
Final Conspirator in Credit Card Hacking Ring Gets 5 Years
Kim Zetter writes on Threat Level:
Damon Patrick Toey, the “trusted subordinate” to TJX hacker Albert Gonzalez, was sentenced in Boston on Thursday to 5 years in prison.More here.
He also received a $100,000 fine and three year’s supervised release, according to the Justice Department.
Toey, 25, helped Gonzalez breach the networks of numerous companies through SQL injection attacks in 2007 and 2008 and also served as a vendor selling stolen card data. Upon his arrest in May 2008, he provided information that investigators say likely helped persuade Gonzalez to plead guilty last year to what prosecutors are calling the most serious and largest identity-theft crimes ever prosecuted.
Toey was the last of six U.S. defendants sentenced for the crimes. In all, federal judges have handed out nearly 38 years against Gonzalez and his crew, with Gonzalez getting the stiffest sentence by far.
Wednesday, April 14, 2010
SCADA Watch: Security Incidents Rise In Industrial Control Systems
Kelly Jackson Higgins writes on Dark Reading:
While only about 10 percent of industrial control systems are actually connected to the Internet, these systems that run water, wastewater, and utility power plants have suffered an increase in cybersecurity incidents over the past five years.More here.
A new report based on data gathered by the Repository of Industrial Security Incidents (RISI) database provides a rare look at trends in malware infections, hacks, and insider attacks within these traditionally cloistered operations. Cybersecurity incidents in petroleum and petrochemical control systems have declined significantly over the past five years--down more than 80 percent-- but water and wastewater have increased 300 percent, and power/utilities by 30 percent, according to the 2009 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems.
The database logs security incidents in process control, SCADA, and manufacturing systems, and gathers voluntary submissions from victim companies as well as from news or other reports.
Nearly half of all security incidents were due to malware infections -- viruses, worms, and Trojans, according to the report. With only a fraction of control systems connected to the Internet, these infections are occurring in other ways: "A lot of control systems are connected to their business networks which in turn may be connected to the Internet. It's several layers removed, but once there's a virus [on the business network], it finds its way into the control systems," says John Cusimano, executive director of the Security Incidents Organization, which runs the RISI database. "And you see USB keys bringing in malware" to the SCADA systems, for instance, or via an employee's infected laptop, he says.
Mark Fiore: On The Mark
Congratulations, Mark Fiore, on your Pulitzer Prize for Editorial Cartooning.
Via The San Francisco Chronicle.
You definitely deserve it!
- ferg
Documents Reveal Al Qaeda Cyber Attacks
Alex Kingsbury writes on U.S. News & World Report:
Buried inside hundreds of pages of heavily redacted court documents from the case of a man accused of being one of al Qaeda's chief recruiters, is evidence that the terrorist group has launched successful cyberattacks, including one against government computers in Israel. This was the first public confirmation that the terrorist group has mounted an offensive cyberattack. The attacks were relatively unsophisticated and likely occurred before November 2001, when the prisoner who described them was arrested.More here.
The terrorism suspect, Mohamedou Ould Slahi, was ordered freed from the prison at Guantánamo Bay last month by a federal judge who found that the government had insufficient evidence to continue detaining him. The Justice Department has appealed that decision. Military investigators concluded several years ago that Slahi had been both physically and psychologically tortured at Gitmo, which could have tainted evidence and likely prompted the judge's release order. The court records do not specify when and under what circumstances Slahi discussed al Qaeda's venture into cyberwar.
Though the vast majority of the court records dealing with the case remain classified, some details escaped redaction. For instance, Slahi told interrogators that al Qaeda "used the Internet to launch relatively low-level computer attacks." Al Qaeda "also sabotaged other websites by launching denial-of-service attacks, such as one targeting the Israeli prime minister's computer server," court records show. The Israeli embassy in Washington had no comment on the information published in the court records.
Denial of service attacks are common and relatively easy and cheap to coordinate. They aim to overload and temporarily disable websites for the duration of the attack. Al Qaeda's interest in the tactic, however, has received little discussion and attention.
U.S. Military Asserts Right to Return Cyber Attacks
An AP newswire article by Lolita C. Baldor, via The Washington Post, reports:
The U.S. should counter computer-based attacks swiftly and strongly and act to thwart or disable a threat even when the attacker's identity is unknown, the director of the National Security Agency told Congress.More here.
Lt. Gen. Keith Alexander, who is the Obama administration's nominee to take on additional duties as head of the new Cyber Command, also said the U.S. should not be deterred from taking action against countries such as Iran and North Korea just because they might launch cyber attacks.
"Even with the clear understanding that we could experience damage to our infrastructure, we must be prepared to fight through in the worst case scenario," Alexander said in a Senate document obtained by The Associated Press.
Alexander's answers reflect the murky nature of the Internet and the escalating threat of cyber terrorism, which defies borders, operates at the speed of light and can provide deep cover for assailants who can launch disruptive attacks from continents away, using networks of innocent computers.
U.S. Cyber Security Chief Slams Security Efforts
Amber Corrin writes on FCW.com:
Although agencies are improving cybersecurity at the national level, the federal approach to securing U.S. interests online still leaves much to be desired, a high-ranking Obama administration official said.More here.
Howard Schmidt, the White House's cybersecurity coordinator, called for enterprisewide network intrusion detection and math and science training in U.S. schools. He also cited a lack of coordination in the government's cyber research and development.
“As far as enterprisewide intrusion detection goes, it falls under the category of, ‘Why haven’t we done that already?' " Schmidt said at the Interagency Resources Management Conference in Cambridge, Md., April 13. “It’s a big point of discussion.”
The commercial sector is deploying intrusion detection technology on private networks, but the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy, he said.
EFF Backs Yahoo! to Protect User from Warrantless e-Mail Search
Via EFF.org.
The Electronic Frontier Foundation (EFF) along with Google and numerous other public interest organizations and Internet industry associations joined with Yahoo! in asking a federal court Tuesday to block a government attempt to access the contents of a Yahoo! email account without a search warrant based on probable cause.More here.
The Department of Justice is seeking the emails as part of a case that is under seal, and the account holder has apparently not been notified of the request. Government investigators maintain that because the Yahoo! email has been accessed by the user, it is no longer in "electronic storage" under the Stored Communications Act (SCA) and therefore does not require a warrant, even though that same legal theory has been flatly rejected by the one Circuit Court to address it.
Yahoo! is challenging the government request before a federal magistrate judge in Denver, arguing that the SCA and Fourth Amendment require the government to get a search warrant before compelling Yahoo! to disclose the email. In an amicus brief filed in support of Yahoo! Tuesday, EFF says that the company is simply following the law and protecting the constitutional privacy rights of its customers.
"The government is trying to evade federal privacy law and the Constitution," said EFF Senior Staff Attorney Kevin Bankston. "The Fourth Amendment protects these stored emails, just like it does our private papers. We all have a reasonable expectation of privacy in the contents of our email accounts, and the government should have to make a showing of probable cause to a judge before it rifles through our private communications."
Escape from the city madness: only momentarily!
Work took us to Munnar (Suryanelli, actually) in Kerela for an out bound training camp.
You wouldn’t think of office colleagues much for company on a weekend out, but believe me it was great fun – much more than I had expected.
The huge and largely the only negative was of course the journey – we traveled 19 hours one way to be at a camp for just about 24 hours!
The one more regret that I have is that I was drugged (only on avomin :p, given my tendency to mountain sickness) for most of the scenic part of the journey uphill and downhill. This really meant I missed the beautiful view of the western ghats, the luscious curve of the meandering road, and the umpteen picturesque country side clicks that my colleagues captured (which of course were readily shared :)).
Here are some highlights of the trip:
- The train travel – Was traveling by train after a long long time, so the sight of the compartments and bogies did thrill me! No, I didn’t really expect to meet Shahid Kapoor and do a la Jab We Met at some random station. But, it was fun to occupy the top most berth, play antakshari in 3 languages (tamil, telugu and hindi), bluff around (with playing cards), play the ‘I spy” game, stand at the entry door, and be at our rowdiest best as the train chugged away!
- The mist – The mist enveloping the hills, rising and settling as the day progressed was an absolute delight to watch. The only morning we spent there was one of the most magnificent and serene dawns I have ever woken up to.
- The tea plantations - How can one mention Munnar without talking about the rich green tea leaves that cover most of the terrain. A visual fiesta!
- The tents – My first time in a real tent! I never thought a sleeping bag accompanied with an air pillow could provide sound sleep. A large ugly bug just outside the main sleeping area and the huge spider in the tent in the morning provided some entertainment to the neighbors much to my plight :).
- The trek - Not much of a fitness freak (read a lazy unfit city slicker), I surprised myself by completing the entire trekking trail – uphill got too arduous by the end, but I swear downhill was a breeze!
- The raft building exercise – A first again! And the most enjoyable activity. We had to build a raft using logs of wood, tubes and ropes, and then set sail on it. To be honest my contribution to the team was not much – but I was so thoroughly kicked about the whole idea – Would love to do this again!
Hot, noisy and polluted Chennai welcomed us back with open arms. Though still recuperating from the minor aches and exhaustion, I am glad I made the trip!
Tuesday, April 13, 2010
U.S. Senate Set to Consider NSA Chief as Head of Cyber Command
Bob Brewin writes on NextGov.com:
The Senate plans to hold a hearing on Thursday to consider the long-delayed nomination of Army Lt. Gen. Keith Alexander, director of the National Security Agency, as commander of the new U.S. Cyber Command.More here.
The command was scheduled to start operations on Oct. 1, 2009. But the Senate held up Alexander's nomination, which includes a promotion to a four-star general, and the command's formal establishment because of concerns about its relationship with the NSA and the militarization of cyberspace.
No senator on the Armed Services Committee strongly opposes Alexander serving as both head of NSA and the Cyber Command, but they plan to ask tough questions during the hearing, the Associated Press reported on Tuesday.
The Electronic Privacy Information Center, an advocacy group that tracks the security and use of citizens' personal information stored in computer networks, charged in a bulletin released on April 9 that the Cyber Command will "give the Defense Department broad new authority over the Internet."
Sunday, April 11, 2010
Saturday, April 10, 2010
Friday, April 9, 2010
Coal Miners, Etc. - A Slice of America Forgotten
I originally grew up in the Blue Ridge Mountains in South-Western Virginia (not West Virginia), but not far from the life, and times, of the same people who work the coal mines in West Virginia.
In fact, I have relatives that still work the coal mines there.
And let me tell you, I don't envy their profession, because it has the mogul of death hanging around every shift they spend farming under the earth.
It's a job that no one really wants, except the people who have no other opportunity for work. They want to work, and they will do whatever work is available. Period.
Life is tough in small towns all across America, and like most other places, people just want to work -- no matter what the circumstance. They have bills to pay just like everyone else.
If you've never spent any time up in the mountains of West Virginia, then you'll have a really hard time understanding this. I grew up in that area, and I can tell you, the coal miners are a breed apart -- they are loyal people, just trying to make a living, and great Americans.
It's the same in my hometown in Southwestern Virginia -- every time I go back and visit family, I am shocked even more.
Driving down the Main Street, I am shocked on the number of shuttered businesses -- it's almost a ghost town.
Most of the young people have left, and those that haven't are either wrapped up in drugs, in jail, or somewhere in between.
Somehow, I think this is a sad portrait of what is going on in small towns all across this country, and that saddens me greatly.
Granted, I left when I got out of High School -- I consider myself lucky. I joined the military after a few years, and let the "current" take me where it would.
I was lucky.
I got out.
I didn't end up working in the mines.
I am so glad I didn't end up with that as a last resort.
These dead miners are our legacy, folks. If you don't understand the tragedy here, not the death of the lost miners (although that is tragic), but the fact that this is all the opportunity these people have -- then you are missing the bigger picture.
We have entire swaths of communities all across this country that are just squeaking by, barely able to feed their families, pay their rent.
See the bigger picture.
We need to extend our help to each & everyone of them
Are we not brothers & sisters in this maddening mess?
Yes. We Are.
Just a few thoughts.
- ferg
Dressed to kill!
So what’s instigated me this time around?
An innocent early morning walk in the vain attempt to renew my New Year resolution of shedding some pounds off myself!
Okay, the details now. So once in a blue moon I usually end up at this park near our place in T Nagar, usually after days and days of gastronomic indulgences. It was around 6:45 in the morning and I was slogging it out on my 10th round of the small enclosure, when I hear this dismissive reproach, obviously aimed at me, “These girls wear just anything! What is happening these days?”
Imagine the gall of the guy!
As if getting up early morning was not irritating enough, I was totally riled up and turned around to give the man a befitting reply to shut him up.
As I looked back to zero down on my prey, my anger vanished.
Haa! Here is this oldie (and need I add baldie) in a veshti/dhoti (the muslin/cotton cloth men in India tie waist down) folded half, reaching inches above his knees, and that could give tennis skirts a complex (okay, a slight exaggeration) – with his wife who’s draped in a synthetic sari that clings to her body as she walks in the Chennai heat, her entire midrib and almost half the back exposed (as is for any woman wearing a sari, and apologies for the way I describe a sari, but am sure you agree) – commenting on a girl who’s wearing Bermudas that reach below the knees, a T shirt that covers her entirely and sock and shoes!!! (the girl is me, just in case you didn’t figure it out – I like being referred to as a “girl” still, but that’s besides the point).
So, I repeat, imagine the gall of the guy or rather, uncle!
This brings me to the larger debate around the societal coercions on a woman’s dressing, specifically in the Indian context. Though, I understand India is better off compared to countries like Iran where you could be whipped for wearing a mini skirt. Read about it here.
But we are no better. Even though our law does not allow corporal punishment for women not adhering to social norms, we, as a society, leave no stone unturned to ostracize a “modern” girl (who, in the Indian context, is any girl who decides to take her own decisions when it comes to her life and being: dressing, working, marriage etc.).
What I have heard so many times myself, and only on the basis of how a girl has dressed, are the following comments ranging from subtle disapprovals to grotesque character assassinations; “She is too modern, too forward (read characterless)”, “I am sure she has lots of boy friends”, “She seems a little loose”, “Her parents have not taught her our Indian culture”, “She will never get a good house (meaning after marriage, of course!)”.
The worst demeaning assault is when provocative dressing is used as a justification for sexual harassment. So many educated people, parents, teachers, politicians are guilty of this.
Back in college, we once had Kiran Bedi talk to us about Women and Safety, and she made a statement that we girls (I was in an all girls college – LSR, DU) should dress up “like men” – hide our femininity in the garb of loose male clothing. Obviously, this did not go down well with us and a major argument ensued.
While I advocate complete freedom of dressing for women, I also admit there are some of us who dress appropriately and some others who don’t.
Wearing hot pants for a puja may not be such a great idea after all, just like I don’t understand why models should parade in bikinis in a ballroom full of tuxedo-clad men during the Miss Universe contest, have the bikini round at a beach or at the pool side instead and ensure all present are dressed in a similar fashion.
I think I digress.
However, stating that a woman asked to be eve teased given what she was wearing is preposterous to say the least.
Are men beasts who cannot control their carnal lust the minute some flesh is exposed to them?
If I wear sleeveless I am available, and if I wrap myself in a burqa I am the epitome of chastity?
Who are we trying to fool here?
I can wear 6 yards of saris all my life and be morally corrupt and I can wear shorts all my life and still retain my integrity. Is it so difficult to believe this?
While eve teasing and other such forms of sexual harassment is a much greater subject than I attempt to talk about here, one thing that I can vouch for is that the way a girl dresses has nothing to do with whether she is eve teased or not. Girls are eve teased in saris, salwar kameezes, jeans, skirts, shorts, school uniforms and even in diapers!
What is so sexually enticing about babies in nappies and girls in frocks?
There is no rationalization for the perversion of harassers and rapists. They cannot be defended. Every woman and every sane man needs to raise their voices against such miscreants.
I have heard many “sympathetic” law makers say you cannot change mindsets over night. Yes, you cannot magically wish away the social structure that still treats women as objects of possession rather than active architects of the present and the future, but you can bloody well put them behind bars, hang them, castrate them in public for all that I care – Just one or two cases of rigorous and torturous punishment is all that India needs today. One or two examples set for all the bastards will instill the fear of death and legal wrath in each one.
Maybe this is not the only solution, but it sure is one of the most efficient and impacting, especially when it comes to at least controlling such cases.
I am dressed to kill … kill barriers, kill hearts, kill social bondages - not your morals, not the human soul in you.
(Addendum: And if I am not dressed as well as you would want me to, the least you can do is not pounce on me)
Thursday, April 8, 2010
A Chinese ISP Momentarily Hijacks the Internet (Again)
Robert McMillan writes on ComputerWorld:
For the second time in two weeks, bad networking information spreading from China has disrupted the Internet.More here.
On Thursday morning, bad routing data from a small Chinese ISP called IDC China Telecommunication was re-transmitted by China's state-owned China Telecommunications, and then spread around the Internet, affecting Internet service providers such as AT&T, Level3, Deutsche Telekom, Qwest Communications and Telefonica.
"There are a large number of ISPs who accepted these routes all over the world," said Martin A. Brown, technical lead at Internet monitoring firm Renesys.
According to Brown, the incident started just before 10 a.m. Eastern Time on Thursday and lasted about 20 minutes. During that time IDC China Telecommunication transmitted bad routing information for between 32,000 and 37,000 networks, redirecting them to IDC China Telecommunication instead of their rightful owners.
Wednesday, April 7, 2010
Romania Swoops In on 70 Cyber Theft Suspects
Kim Zetter writes on Threat Level:
Romanian police arrested 70 suspects Tuesday who they claim were involved in eBay scams and other cybercrimes since 2006.More here.
Believed to be members of three separate gangs, the scammers used phishing attacks to get the login credentials of eBay account holders, then used the accounts to auction nonexistent goods. Police have identified approximately 800 victims who sent money for non-existent Rolex watches, cars, yachts, private airplanes and other luxury goods. Buyers from around the world lost an estimated $1 million after they sent money for winning auctions, but never received goods. According to one Romanian news source, an American buyer paid about $90,000 for a luxury aircraft in one auction.
The crooks allegedly operated in Austria, Canada, Denmark, France, Germany, Italy, New Zealand, Spain, Sweden, Switzerland and the United States. Police have so far recovered only a small, undetermined amount of money in the raids. Romanian authorities posted a video of one of the police raids on YouTube (above).
Suspects in several countries reportedly exchanged homes, cars and phone cards among themselves.
The investigation, dubbed Operation Valley of the Kings, involved hundreds of law enforcement agents in multiple cities and more than 100 search warrants. It was a joint operation between the U.S. Federal Bureau of Investigation, the U.S. Secret Service and the Romanian Directorate for Investigating Organised Crime and Terrorism (DIICOT).
Tuesday, April 6, 2010
Bank Of America Employee Charged for Plotting to Deploy ATM Code for Theft
An AP newswire article by Mike Baker, via The Sun News, reports:
A Bank of America Corp. employee plotted to deploy malicious computer code within the company's systems so that ATM machines would dispense cash without any record of a transaction, federal prosecutors allege in court documents.More here.
Rodney Reed Caverly was tasked with maintaining and designing computer systems at the bank, including computers that conducted ATM transactions. Prosecutors in the western district of North Carolina said he sought to use computer code within the company's protected computers so that the ATMs would make fraudulent disbursements.
Caverly was able to obtain more than $5,000 during a seven-month period in 2009, prosecutors allege.
The details of Caverly's case were filed on Thursday in a "bill of information" document, which typically signals that a plea deal is forthcoming. An attorney for Caverly, Christopher Fialko, declined to comment. Federal prosecutors didn't return a phone call.
Spy Network Pilfered Classified Docs From Indian Government and Others
Kim Zetter writes on Threat Level:
A spy network targeting government networks in India and other countries has been pilfering highly classified and other sensitive documents related to missile systems, the movement of military forces and relations among countries, according to a report released Tuesday.More here.
It also grabbed nearly a year’s worth of personal correspondence from the Dalai Lama’s office, even after reports published last year indicated that the Dalai Lama’s network had been compromised in what is believed to be a separate breach.
The researchers say the spying is an example of a sophisticated shift that has occurred in malware networks from “what were once primarily simple to increasingly complex, adaptive systems spread across redundant services and platforms” and from ones that primarily focused on exploitation for criminal purposes to ones that are focused on “political, military, and intelligence-focused espionage.”
The spynet, dubbed Shadow Network, was discovered by a group of computer-security researchers in Canada and the United States who have been monitoring the espionage for at least eight months and watched as the spies siphoned classified and other restricted documents from the Indian Defense Ministry and other computer networks.
Saturday, April 3, 2010
'Cyber Attack' Aimed At Texas Electricity Provider
Robert Arnold writes on Click2Houston.com:
Local 2 Investigates has uncovered details about a so-called "cyber attack" on one of Texas' largest electricity providers, Local 2 reported.More here.
A confidential e-mail obtained by Local 2 explains a "single IP address in China" tried 4,800 times to log in to the Lower Colorado River Authority's computer system.
In the e-mail the Electricity Reliability Council of Texas reports all login attempts failed and went on to term the incident a "suspected sabotage event." The e-mail explained the FBI had been notified.
According to its Web site the LCRA provides electricity to more than a million Texans in rural cities and towns. When contacted by Local 2, officials with the LCRA would "neither confirm, nor deny" the incident or the contents of the e-mail.
Officials with the FBI's Houston office also declined to comment.
When Local 2 contacted ERCOT we were referred to the North American Electricity Corp., which sets and oversees reliability standards, including cyber security, for the nation's electricity providers.
A spokesperson for NERC has yet to respond to our request for a comment, citing the holiday weekend.
Friday, April 2, 2010
Web Site of China-Based Journalist Club Attacked
An AP newswire article, via SFGate.com, reports:
An organization for foreign journalists based in China has become the latest victim of cyberattacks targeting the Web sites or e-mail accounts of human rights groups and reporters focused on China.More here.
Cyberattacks linked to China have gained more attention since Google Inc. accused Chinese hackers in January of trying to plunder its software coding and of hijacking the Gmail accounts of human rights activists protesting Beijing's policies.
The Foreign Correspondents' Club of China said in an e-mailed statement Friday that its Web site was taken down because of denial-of-service attacks apparently launched over the last two days by computers within China and in the United States.
"We do not know who is behind these attacks or what their motivation is," the statement said.
Denial-of-service attacks involve a flood of computers all trying to connect to a single site at the same time, overwhelming the server that handles the traffic.
Thursday, April 1, 2010
Personal Traits Will Be Used To Screen U.S.-Bound Air Passengers
David S. Cloud writes in The Los Angeles Times:
The Obama administration will announce Friday a new screening system for flights to the United States under which passengers who fit an intelligence profile of potential terrorists will be searched before boarding their planes, a senior administration official said.More here.
The procedures, which have been approved by President Obama, are aimed at preventing another attack like the one attempted by Umar Farouk Abdulmutallab, the Nigerian suspected of ties to Al Qaeda who allegedly tried to blow up an airliner Christmas Day with a bomb hidden in his underwear, the official said.
After that attempt, the administration began mandatory screening of airline passengers from 14 high-risk countries, including Pakistan, Saudi Arabia and Nigeria.
Under the new system, passengers on flights from all countries could be subject to special screening before boarding if they have personal characteristics that match the latest intelligence information about potential attackers, the official said.
U.S. officials would not describe all the categories of information that would be included under the new procedures.
DHS Studying Global Response to Conficker Botnet
Robert McMillan writes on ComputerWorld:
One year after the Conficker botnet was front-page news around the world, the U.S. Department of Homeland Security is preparing a report looking at the worldwide effort to keep it in check.More here.
The report, to be published within the month, shows how an ad hoc group of security researchers and Internet infrastructure providers banded together into an organization they called the Conficker Working Group. Its goal was to address what was at the time the world's most serious cyberthreat.
"We said, 'This was a very good example of the private sector, globally, working together to try to solve a cybersecurity attack, so let's fund the creation of a lessons-learned report to just document what worked, what didn't work,'" said Douglas Maughan, a program manager with the Department of Homeland Security's Science & Technology Directorate.
The report could provide a template for future cyber-responses, security experts say.
Building women-friendly nations…
There’s so much talk about importance of eco-friendliness in anything and everything – from decreasing carbon footprints to reduced use of plastic, controlling fuel emission to switching off all lights to mark the Earth Hour – that I sometimes feel optimistic, maybe we still can be salvaged – environmentally, that is.
However, and I regret the awful comparison, I strongly believe we are not doing enough to make this world a better place for women.
Hang on, no, I am not campaigning for the Women’s Reservation Bill – I do not trust the ideology behind reservations – Equal Opportunities - YES. Quota reservations – NO.
Reserving seats does not ensure deserving candidates; more women candidates in governing bodies does not necessarily translate into empowerment for all women. But, that is a whole new debate outside of what I have in mind today.
This article on Iceland’s highly successful endeavors in almost eliminating the sex industry in the Nordic country provides a heartening ray of hope. Ignore the dig at the probability of the prime minister being a lesbian. Sexual orientation has nothing to do with feminism, and we can discuss that later.
Unlike in a hypocritical country like ours, where women drinking in bars out of their own free will attract more protesters than young girls forced into prostitution, Iceland, as a nation, unites to stand up against commodification of women. Men finally get the first most important lesson in humanity: You buy your drink at the pub, not a woman.
It is outrageous, when the politicians in various countries try to argue on the benefits of legalizing the sex trade – This is sheer regression. Instead of working towards upliftment of women we are trying to justify institutionalization of derogation of women, making it a systemic part of the legal function. Why?
Retarded men and women defend it by making tall claims such as legalization would help reducing crimes such as rapes against women, many women treat this as a serious occupation and feed their families from it. Some even go the extent of stating that such a measure would help freeing men from their repressed frustrations. WTF!
Other WTF defenses include that prostitution has been a part of Indian culture – yeah right, so has bride burning, killing of the female infant, and other such atrocities against the so called “fairer and weaker” sex. So what do we do, legalize these as well?
Strip clubs, lap dance bars and red light areas make a lot of business sense – for the pimps and the middlemen – not for the “objects” that are put up on sale at such places.
Majority women are forced into prostitution by poverty-stricken families or heinous captors; they do not join the flesh trade for want of glamour, as many claim. These women are abused, physically and mentally tortured, not paid adequately, deprived of medical assistance – basically forced to live in the inferno of hell.
There is no hope of escape for generations together. These women are not the entrepreneurs they are made out to be in some countries – they are exploited to a degree that should put our entire civilization to shame.
Moreover, statistics claim that there is no correlation between legalizing prostitution and decrease in the crimes against women. In fact, most of these countries, such as The Netherlands, have seen a sharp spike in child prostitution post legalization of this form of “male violence”.
I really wonder when the world will awaken to the need to collectively and proactively work towards building women-friendly nations.
Why can’t we have Copenhagen summits like we did for the environment?
Why can’t world leaders come together and act together like they did for the economic crisis of 2008?
Why can’t more countries follow the Iceland example?
We have miles to go, and it pains me that try as much, I can’t even list the various forms of sexual exploitation alone that a woman is subjected to – child molestation, eve teasing, gang rapes, marital rapes, human trafficking, prostitution, sexual slavery, the list goes on.
Where is feminism, an often misunderstood and misquoted term, in asking for an end to all this – isn’t it Humanism instead?
Right to equality, Right to freedom from exploitation – Our fundamental rights guaranteed by the Indian constitution, remember anyone?
Subscribe to:
Posts (Atom)
