Monday, October 30, 2006

Fake Search Warrant Generator

In response to Christopher Soghoian's home raid -- the masked superhero by night -- a fake search warrant generator was just released :

"for district courts all across the United States with the intent of improving national security by reducing the amount of time it takes for our public guardians to create search warrants."

Sarcasm's most effective when having a point.

Sunday, October 29, 2006

Greetings Professor Falken

The classic that originally started the war dialing generation seems to never fade, and its core idea of simulating a Global Thermonuclear War has motivated the authors of Defcon - The Game to come up with a fully realistic representation of it. I recently took the time to play around with it -- it's so compact you can even play it on a removable media --, and I must say I never enjoyed seeing my missile projections and the sound effects out of my launches. The trailer speaks for itself!

Rule number one of thermonuclear war, launch your ICBMs as soon as you hear the Defcon 1 alert, or you risk lossing your silos due to the AIs "shooting into the dark" or conducting reconnaissance, however, keep one silo -- each has 10 ICBMs reaching anywhere on the map -- as you wouldn't be able to hit the biggest cities by the time you don't neutralize the surrounding air-defense. Submarines are sneaky and very powerful with each holding 5 missiles, but firing occures if the target is within range so make sure you position yourself where you should be. Sea and air-to-air battles are very common and there aren't any land conflicts at all. Make sure you don't fire from numerous submarines simultaneously, as if there's a figher in the air it will detect and attack the submarrine. On the other hand, use fighters to distract the air-defense firing at them while your ICBMs pass through and reach their target.

If I were to descibe the WarGames simulation in two words, that would be, tense and very addictive. Moreover, you don't need a multi-million game or movie budget to make an impression, as this game, and "The Day After" do. Goodbye Europe -- alliances are a powerful force given you convince some AIs to ally with you, but at the end there could be only one winner.

Face Recognition on 3G Cell Phones

Face recognition isn't just done at home courtesy of, but on-the-go with yet another release of face recognition authentication for cell phones by a leading mobile operator in Japan :

"Security features include biometric authentication (user's face) and compatibility with DoCoMo's Omakase Lock™ remote locking service, as well as the Data Security Service™ for backing up phonebooks and other important data on a network server. The model can function as an e-wallet, timecard and personal identification card for accessing restricted areas."

The concept has been around for quite some time, but with Japan representing one of the most mature markets for mobile devices -- right after South Korea -- the feature would briefly gain popularity and acceptance. The interesting part is the security vs usability issue as if the face recognition doesn't provide perfect results in every environment and under external factors such as darkness or even brightness, by the time the technology matures, a secret question to further authenticate or good old PIN code would do the work.

Here's a very well sorted library of various research on the topic, and an interesting service that's sharing a stolen phone's photos.

Saturday, October 28, 2006

Real-Time Spam Outbreak Statistics

Following my previous posts on "Real-Time PC Zombie Statistics", and "Email Spam Harvesting Statistics", you may also find WatchGuard's recently released real-time spam outbreak statistics entertaining :

"Once in a while as I'm getting flooded with some particularly repititious spam bomb, I wonder whether other networks are receiving the same dumb stuff. And occasionally, I wonder where it originated from.

Both questions are readily answered with a nifty Web utility provided by the CommTouch Detection Center. [Full disclosure: WatchGuard's spamBlocker product is powered by a license with CommTouch.] The utility shows a map of the world, with red spots indicating the approximate location of new spam outbreaks. If you hover your cursor over any of the red zones, a popup box shows the subject lines of the most recently detected spam. It's an easy, instant way to verify whether an email you received is part of a spampaign."

Naturally, the stats are only limited to the vendor's sensor network worldwide, whereas you still get the chance to feel the dynamics of spam outbreaks worldwide. I often speculate -- and got the case studies proving it -- that the more pressure is put on spammers, phishers and malware authors, the higher would their consolidation become. For the time being, spammers are mostly utilizing the cost-effective one-to-many communication model, and their ROI -- where the investment is in renting infected zombie PCs -- is positive by default without them even segmenting, targeting and actually reaching the most gullible audience. If spammers change this model, it would mean a much faster email services worldwide, but for the time being, number of messages sent compared to basic marketing practices seems to be the benchmark.

Spammers got the "contact points", malware authors the platform and the payload, and phishers the social engineering "know-how", I find spammers missing so badly these days -- the trade off for delivering the spam through content obfuscation is the quality of the message itself. Trouble is, they'll soon realize that marriage is better than the divorce and unite forces given the pressure.

UPDATE: "Bot nets likely behind jump in spam" discusses the consolidation, or the possibility for services on demand. Via Sunbelt's blog.

Thursday, October 26, 2006

ShotSpotter - Gunshot Sensors Network

ShotSpotter is :

"a network of noise sensors that identifies and pinpoints gunfire. Over the past few weeks, the technology has guided police to three homicides in Southeast Washington, and in one case officers got there rapidly enough to make an arrest.

ShotSpotter complements 48 surveillance cameras installed in many city neighborhoods. But unlike the cameras, which are checked after the fact, ShotSpotter gets word to police as soon as bullets start flying -- in many cases before anyone has a chance to call 911. Over the past two months, the sensors, roughly the size of coffee cans, have been hidden atop buildings in many sections of Southeast Washington."

Innovative, but how well is it performing when it comes to filtering a three cars synchronized gangsta rap music, and the not so fashionable, but adaptive use of silencers? It makes me think on the possibility of disinformation by criminals knowing someone's listening and responding to gunshots. On the other hand, it could have ever wider acceptance in a war zone acting as an early warning system.

UPDATE: Techdirt's comments on the system.

Ms. Dewey on Microsoft and Security

She sure knows "all these little ones and zeroes", and your social security number altogether. I like the idea, reminds of the futuristic holograms of Einstein acting as interactive Wikipedia which when asked about WWII starts projecting battles -- she's thinking way too long, but as she pointed out she's just a chick in front of your computer.

What are you Looking at?

You piece of EyeBall surveillance camera!

Tuesday, October 24, 2006

The Surveillance System About to Get Overloaded

I wounder would they later on publicly announce "Hall of Fame/Shame" of the most regular drinkers, and actually use to data to fuel growth in local anti-drinking initiatives based on the most "affected" regions? Beer fingerprints to go UK-wide :

"The government is funding the roll out of fingerprint security at the doors of pubs and clubs in major English cities. Funding is being offered to councils that want to have their pubs keep a regional black list of known trouble makers. The fingerprint network installed in February by South Somerset District Council in Yeovil drinking holes is being used as the showcase."

Use a public WC - Big Brother's peeping, have a beer - it's on Big Brother's bill, and if this isn't a total abuse of technology and tax payer's money to spy on them, what is? A system like this would be useless to local bartenders, to be honest their experience for spotting the drunken monkeys or knowing them would prove invaluable in this case. From another perspective, these trouble makers, given they don't trash the place, are actually among the major consumers there.

The article makes a good point through - if pubs and clubs get extra monitoring, domestic violance increases, so would you install CCTVs at home to prevent it through the "psychological effect" as well?

China's Information Security Market

China's information security market is very much into the introduction stage, with perimeter based defenses acting as the main security solutions purchased there :

"Statistics shows that the size of China information security market arrived at RMB 1080 million Yuan in Q2 2006, 21.35% higher than the same period of last year, and 6.93% more than Q1. In Q2 2006, sales revenue of firewall products was RMB 474 million Yuan, and anti-virus software is RMB 305 million Yuan. Figure2 demonstrates different security products market shares. Figure3 and Figure 4 list major vendors of firewall software and anti-virus software, respectively."

It's perhaps the perfect timing for you to find reliable channel partners and position yourself on the local market that's about to attract even more government attention with the ongoing networking of China, thus a more foreign-business-friendly security market than it is today. Among the most recent, and free of course, research on the security market in China I often find myself coming back to is Yan Liu's thesis on the current and future market trends. From an investor's or analyst's point of view, you may also find The Global State of Information Security in 2006 a very informative and rich on visual materials survey.

Detecting Malware Time Bombs with Virtual Machines

Back in June, details on an event that happened during 2002 started emerging, namely UBS bank's employee use of a logic bomb on the internal network that naturally had the type of insider empowerment it needed to spread :

"According to prosecutors, shortly after Duronio created the code in late 2001, he quit his job and banked thousands in "put" options against UBS, in which he would profit if the company's stock price declined by March 15, 2002, as a result of the attack he had allegedly set to launch against computer systems on March 4. Prosecutors said that "within an hour or so" of walking out the door from UBS, Duronio was at a securities office buying "puts" against UBS. The mail fraud charges relate to confirmation of purchases of the puts that were sent through the U.S. Postal Service. The damage caused by the malicious code impaired trading at the firm that day, hampering more than 1,000 servers and 17,000 individual work stations. The attack cost UBS about $3 million to assess and repair, said Assistant U.S. Attorney V. Grady O'Malley. "It took hundreds of people, thousands of man hours and millions of dollars to correct," O'Malley told jurors."

And while this isn't the last time logic bombs are used -- examples during the 80's -- it's important to note how flexible that type of malware could be, going way beyond the most common trigger - a specific date and time.

The authors of "Detecting Malware Timebombs with Virtual Machines" conducted research on automated early warning system to shorten the time necessary to estimate the exact timetable of a malware in question :

"Worms, viruses, and other malware can be ticking bombs counting down to a specific time, when they might, for example, delete files or download new instructions from a public web server. We propose a novel virtual-machine-based analysis technique to automatically discover the timetable of a piece of malware, or when events will be triggered, so that other types of analysis can discern what those events are. This information can be invaluable for responding to rapid malware, and automating its discovery can provide more accurate information with less delay than careful human analysis."

It successfully analyses Code Red, Klez, MyParty, Blaster, CME-24 and speculates on the future of the automated process. Worth reading and rethinking is the Internet's infected population actually the zombies, or aren't they the ones who still haven't been awakened?

Wednesday, October 18, 2006

A Cost-Benefit Analysis of Cyber Terrorism

What would the ROI be for a terrorist organization wanting to take advantage of cyberterrorism, and how would they measure it?

Provocative perspective trying to emphasize on the minimal resources required to develop a cyberterrorism platform, with very interesting assessments of various financial issues and possible casualties. "A Cost-Benefit Analysis of Cyber Terrorism" tries to answer:

"Would cyberterrorism be a viable option for terrorists? This article addresses these questions assuming that a hypothetical terrorist group, interested in adding cyberterrorism to its arsenal, de-cides to engage in a cost-benefit analysis to assess the payoffs and investment re-quired by such a new endeavor. The conclusions are that cyberterrorism is not a very efficient substitute for more traditional tools like bombs. It is more effective for the terrorists to exploit information infrastructures to fight a “war of ideas,” spreading their beliefs and points of view."

While the publication is released two years ago, it has recently come to the global attention that Hezbollah aren't exactly the type of cave-hiding individuals, ones fully realizing the concept of outsourcing instead of re-inventing the wheel. While attacks on the critical infrastructure, namely frontal cyberterrorism attacks are still priority number one, and the possible scenarios already tested numerous times, this "cyberterrorism myopia" created many other dimensions of the concept.

What went beneath the radar and consequently evolved?
- online radicalization, propaganda, communication, recruitment, education, and fund-raising actually produce the "traditional terrorists"
- PSYOPS twisting the very foundations of the religion for the sake of a cause
- religious extremism started targeting more easily influenced/brainwashed youngsters while CCTVs were installed on the hot spots, and new IDs when homegrown terrorists make the news
- Hezbollah using U.S hosting companies since 1998
- OSINT backed PSYOPS improving the truthfulness of the statements

Keep on reading and data mining.

The Stereotyped Beauty Model

If women/girls didn't hate each other so much, they could rule the world. Nice ad counter-attacking the entire "chickness ad model". Feels like Unilever got so successful promoting it, so that now they have to reposition themselves as a socially oriented company, not masters of Photoshop whose virtual creations directly influence McDonald's business model.

Tuesday, October 17, 2006

Registered Sex Offenders on MySpace

Should you be filtering online predators, prosecuting them, or monitoring their activities to analyze and model the behaviour of the rest of them? Seems like Kevin Poulsen's been data mining MySpace using the Department of Justice's National Sex Offender Register, and the results are a Caught by Code MySpace Predator :

"The automated script searched MySpace's 1 million-plus profiles for registered sex offenders -- and soon found one that was back on the prowl for seriously underage boys.Excluding a handful of obvious fakes, I confirmed 744 sex offenders with MySpace profiles, after an examination of about a third of the data. Of those, 497 are registered for sex crimes against children. In this group, six of them are listed as repeat offenders, though Lubrano's previous convictions were not in the registry, so this number may be low. At least 243 of the 497 have convictions in 2000 or later."

These findings indicate the offenders' confidence in MySpace's inability to take the simplest measure - match the publicly accessible data with its database - just in case. It's also worth mentioning that according to a recently released comScore analysis "more than half of MySpace visitors are now age 35 or older", and that according to their analysis, Facebook, and Xanga have much younger audiences, namely represent a top target for online predators.

The most important issues however, remain the moment when a kid losses the communication with its "folks", and the huge amount of information kids share on any social networking site, thus unconsciously creating more contact points for the online predator.

Internet Safety for Kids - a presentation for adults, is full with handy tips for educating and building awareness on the problem.

Monday, October 16, 2006

CIA's In-Q-Tel Investments Portfolio

In a previous post "Aha, a Backdoor!" I discussed the "exemption" of publicly traded companies from reporting to the SEC the usual way, and particularly their investments related to national security. The strategy is visionary enough to act a major incentive factor for companies to both, innovate, and supply the homeland security and defense markets.

However, publicly obtainable data can still reveal historical developments:

"A relatively unknown branch of the CIA is investing millions of taxpayer dollars in technology startups that, together, paint a map for the future of spying. Some of these technologies can pry into the personal lives of Americans not just for the government but for big businesses as well.

The CIA's venture capitalist arm, In-Q-Tel, has invested at least $185 million in startups since 1999, molding these companies' products into technologies the intelligence community can use.

More than 60 percent of In-Q-Tel’s current investments are in companies that specialize in automatically collecting, sifting through and understanding oceans of information, according to an analysis by the Medill School of Journalism. While In-Q-Tel has successfully helped push data analysis technology ahead, implementing it within the government for national security remains a challenge, and one of In-Q-Tel’s former CEOs, Gilman Louie, has concerns about whether privacy and civil liberties will be protected."

In a related Red Herring article, In-Q-Tel points out that :

We don’t just invest in equity of companies,” said Scott Yancey, the firm’s interim chief executive. “That’s kind of the hallmark of who we are in terms of being the strategic investor.”

Observers said the payments don’t fit with the typical venture model.

“To the extent that In-Q-Tel incentivizes its portfolio companies or employees otherwise, it sounds like from an outsider’s point of view that they’ve needed to create some artificial incentives that wouldn’t otherwise be necessary in a traditional venture model,” said Scott Joachim, a partner with the law firm Drinker, Biddle, & Reath."

The Intelligence Community realizes that innovation will come from outsiders working for insiders, and with "more than 130 technology solutions to the intelligence community", CIA's In-Q-Tel seems to have made quite some sound investments.

A true angel investor in the "silent war". And yes, even you can submit a business plan looking for seed capital -- and a "tail" to ensure you're developing in the right direction?

Observing and Analyzing Botnets

Informative and rich on visual materials, research presenting a "A Multifaceted Approach to Understanding the Botnet Phenomenon"

"Throughout a period of more than three months, we used this infrastructure to track 192 unique IRC botnets of size ranging from a few hundred to several thousand infected end-hosts. Our results show that botnets represent a major contributor to unwanted Internet traffic—27% of all malicious connection attempts observed from our distributed darknet can be directly attributed to botnetrelated spreading activity. Furthermore, we discovered evidence of botnet infections in 11% of the 800,000 DNS domains we examined, indicating a high diversity among botnet victims. Taken as a whole, these results not only highlight the prominence of botnets, but also provide deep insights that may facilitate further research to curtail this phenomenon."

Botnets' security implications are often taken as a phenomenon, whereas this is not the case as distributed computing concepts have been around for decades. Some interesting graphs and observations in this research are :

- Breakdown of scan-related commands seen on tracked botnets during the measurement period
- The percentage of bots that launched the respective services (AV/FW Killer) on the victim machines
- Distribution of exploited hosts extracted from the IRC tracker logs

What botnet masters will definitely optimise :
- disinformation for number and geolocation of infected hosts
- alternative and covert communication channels compared to stripped, or encrypted IRC sessions
- rethink of concept of performance vs stealthiness
- rethinking how to retain the infected nodes, compared to putting more efforts into infecting new ones
- for true competitiveness, vulnerabilities in anti-virus solutions allowing the code to remain undetected for as long as possible
- synchronization with results from popular test beds such as VirusTotal for immediate reintroduction of an undetected payload

The future of malware stands for solid ecosystem and diversity, whereas, both, researchers, the Pentagon, and malware authors are actively benchmarking and optimising malware, each having seperate objectives to achieve.

Go through a previous post "Malware Bot Families, Technology and Trends" in case you want to find out more about botnet technologies, and update yourself with the most recent case of DDoS extortion.

Sunday, October 15, 2006

North Korea's Wake-up Call

"Hey Dick, do you know what time it is? It's Time to Bomb Kim Jong!"

Saturday, October 14, 2006

Hunting the Hacker - Documentary

Here's a recently released documentary -- in Russian -- entitled "Охота на хакера", or Hunting the Hacker, discussing IT security, cyber crime, malware authors, onlie scams etc. It also features Eugene Kaspersky commenting on various trends. Don't forget, Russian hackers and Eastern European ones are not just responsible for the sky-rocketing cyber-crime cost "projections", but for the global warming effect as well. I often come across biased comments on wrongly structured research questions such as : "Who are the best hackers in respect to nationalities?", where it should have been formulated as "How vibrant is the IT security landscape, so that the changing dominance lifecycle of a nation could be measured at a particular moment in time?"

True hackers don't have nationalities, they're citizens of the world. Download or stream it from Google Video.

Thursday, October 12, 2006

The Return on Investment of Blogging

What's the return on investment (ROI) of blogging? Blogging for dollars is happening already, whereas this great post by Charlene Li emphasises on many more qualitative benefits and ways of measuring their progress, or slowed down performance :

"My colleague, Chloe Stromberg, and I have been interviewing companies about how they measure ROI and realized that we needed to throw the net wider – this is where you come in! The working idea is to create a framework for measuring the ROI of external blogging efforts for medium- and large-sized companies. Below is an outline of ingredients for the framework. Please help us by fleshing out sources, providing examples, and adding/editing our ROI factors – feel free to add comments to this post or to email us directly (if you’d prefer, we’ll keep specific numbers and examples confidential and use them only as background)."

What's my initial investment? It's time, and time doesn't really mean money, it means opportunities.

My ROI factors :
- visitors' retention
- blog stickiness
- average time spent
- echo-effect
- improved networking, communication with colleagues, friends, and of course, ordes of hypocrites
- successfully reaching, retaining, and informing predefined audiences
- differentiated content channel, barely links posting only
- third-party syndication
- self-preservation and self-awakening
- setting the foundation for my successful identity upload and immortality into cyberspace?

Cloud courtesy of the main blog index and density of the keywords.

North Korea's Nuclear Testing Roundup

Way too much is happening right now, so here's are some of the articles, imagery and comments that made me an impression recently. Go through previous coverage on various North Korean developments in case you're interested.

Anyway, Who needs nuclear weapons anymore?!

2006 North Korean nuclear test - full coverage, Wikipedia style

North Korea
Anti U.S Propaganda - 2004
U.S. commits over 170 aerial espionage in May: DPRK
U.S. Commits Over 180 Cases of Aerial Espionage against DPRK
U.S. Imperialists Commit Aerial Espionage Against North Korea
N Korea in 'US spy plane' warning
North Korea's grislyarms tests on babies
North Korea Condemns Japan for Militarization, Blames U.S. for Breakdown in Nuclear Talks
Photos from Yongbyon nuclear site
North Korea and Nuclear Weapons: The Declassified U.S. Record

Google Maps Imagery
North Korea Nuclear Test Site Eyeball

Commercial Satellite Imagery
The Nodong launch facility
Possible Nuclear Test SiteP'unggye-yok, (Kilju / Kilchu / Kisshu / Gilju)
Taepodong Missile Complex, North Korea -- very good resolution!

Recent Developments Coverage
Nork Nuclear Test : It's a Dud (UPDATED)
U.S "Dragnet" Hunts for Nuke Clues
Korea Nuke : A 'Fizzle'?
North Korea eases the heat on Iran - for now
Iran does not criticize North Korea's nuclear test, blames Washington
KGB had regularly told Russia on Pak-China-N-Korea nuke ties
Pentagon Assesses Responses, Including a Possible Blockade
U.S. opposed to raising S. Korea's surveillance alert: defense minister
Diverted Attention, Neglect Set the Stage for Kim's Move
Analysis: Should U.S. talk to N. Korea?

(Wrong) Speculations
CIA: North Korea Could Make 50 Nuclear Bombs a Year - 2002
CIA says North Korea missile can reach U.S. - 2003
North Korea's Nuclear Weapons: How Soon an Arsenal?

North Korea Missile Range
North Korea nuclear test picture gallery
North Korea Nuclear Test photos

North Korea joins the nuclear club?
Radiation in Russia normal after N. Korean nuclear test - agency

China opposes millitary action against N. Korea
U.S. Congressman thanks China for informing U.S. of DPRK nuclear test

US missile defense said ready for N.Korea threat
Responding to North Korea
USA set to blockade North Korea and create defense complexes in space
North Korean test 'went wrong,' U.S. official says

In-depth Analysis
North Korea Conducts Nuclear Test

The History and Future of U.S. Military Satellite Communication Systems

Resourceful and visually rich retrospective on the developments related to the U.S. Military Satellite Communication Systems :

"Satellite communication has been a vital part of the United States military throughout the space age, beginning in 1946, when the Army achieved radar contact with the moon. In 1954, the Navy began communications experiments using the moon as a reflector, and by 1959, it had established an operational communication link between Hawaii and Washington, D.C. As the U.S. space program grew in the 1960s, the Department of Defense (DOD) began developing satellite communication systems that would address the special requirements of military operations. In addition to protection against jamming, these needs included the flexibility to rapidly extend service to new regions of the globe and to reallocate system capacity as needed."

And here's what the future -- NCW all the way -- has to offer :

"Military satellite communications (or milsatcom) systems are typically categorized as wideband, protected, or narrowband. Wideband systems emphasize high capacity. Protected systems stress antijam features, covertness, and nuclear survivability. Narrowband systems emphasize support to users who need voice or low-data-rate communications and who also may be mobile or otherwise disadvantaged (because of limited terminal capability, antenna size, environment, etc.)."

Communications and PSYOPS win wars, information overload though, doesn't.

China Targeting U.S Satellite - Laser Ranging or Demonstration of Power?

In previous posts "Is a Space Warfare Arms Race Really Coming?,"Weaponizing Space and the Emerging Space Warfare Arms Race", and "Anti-Satellite Weapons" I covered various developments and emerging trends in respect to space warfare. Last week, China supposedly conducted a jamming test on a U.S satellite, which is more of a satellite ping in order to analyze the response data, rather than jamming :

"The Defense Department remains tight-lipped about details, including which satellite was involved or when it occurred. The Pentagon's National Reconnaissance Office Director Donald Kerr last week acknowledged the incident, first reported by Defense News, but said it did not materially damage the U.S. satellite's ability to collect information. "It makes us think," Kerr told reporters.

The issue looms large, given that U.S. military operations have rapidly grown more reliant on satellite data for everything from targeting bombs to relaying communications to spying on enemy nations. Critical U.S. space assets include a constellation of 30 Global Positioning Satellites that help target bombs and find enemy locations. This system is also widely used in commercial applications, ranging from car navigation systems to automatic teller machines.

The Pentagon also depends on communications satellites that relay sensitive messages to battlefield commanders, and satellites that track weather in critical areas so U.S. troops can plan their missions.

What this really was is a rather common satellite ranging practice, thus determing the exact geocentric position of the U.S satellite and tracking it, which is a bit of a unethical move, but given there's no code of honor in space yet, it's more of a demonstration of ongoing R&D activities to me.

Luxury Vehicles on Demand

Sharing luxury vehicles among club members who got bored of their Rolls Royce and want to experiment?

Propositions like these are rather common for NYC and Las Vegas where people do crazy things on the top of their rich and bored euphoria -- and why not?! Ultimate ownership as a driving force, or tiny private moment with what you've always wanted, what would you chose?

"Demand is increasing for alternatives to traditional ownership of high-end cars. Membership clubs and organizations offering fractional luxury-car ownership are in their infancy, as are agencies that rent new-model supercars, but they are expanding. More and more exotic-car drivers are finding they don't spend enough time in their cars to justify owning them year-round and paying six-figure prices. If you're a Manhattan executive with a Lamborghini, you probably don't drive it to work each day. You might only use it on vacation. Or maybe you only bring out your Rolls-Royce. These are the kind of folks signing up. Another advantage of membership clubs is that instead of having to choose which car to buy, you can get a variety of different vehicles delivered in the course of a year. "It's a bit of an addictive thing," said Fuller. "Once you've driven a Ferrari and a Bentley and a Lamborghini and a Lotus, you ask, 'What's next on my hit list?'

It's interesting to note that the major car manufacturers suffering from over-supply and becoming even more insensitive to customers' preferences, are coming up with bargain deals when it comes to their most expensive jewels.

Customer perceived pricing and value on luxury cars and brands positioned as the fastest, hottest, and trend-setting vehicles, indeed play a crucial role in the profit margins here. Then again, building the ultimate beast and waiting for a middle class citizen to finally manage to fulfil his or her America dream isn't really what liquidity is all about. Ownership of luxury vehicles though, is still very concentrated.

Intimate moment with your very own precious, or car manufacturers looking for greater liquidity while potentially turning luxury into a commodity?

A trend definitely worth keeping an eye on, just make sure you join the club first.

The Insider's Guide to Georgia-Russia Espionage Case

An informative FAQ on the most recent nation-2-nation espionage case, David vs Goliath aka Georgia's counter-intelligence services spotting Russian military personnel performing HUMINT reconnaissance under Russia's umbrella. It answers the following questions :

- Russian spies in Georgia? I thought some of the folks in Atlanta looked a bit suspicious...
- So what's the problem this week?
- And did Georgia back down?
- What were four Russian military officers doing in Tblisi in the first place?
- Anything else they're unhappy about?
- Is the situation likely to escalate any further?

What happened actually? Russia is very interested in its post-soviet era "satellites" and their ongoing and upcoming activities with NATO, and yes, the U.S interest in breaking the ice by organizing various military exercises, even worse from Russia's point of view - opening military bases and a country's airspace to the U.S Air Force. Russia was basically underestimating Georgi's capabilities, sensitivity to the reconnaissance, and courage to go public with the findings if any, and later on acted as a wounded 800 pound gorilla feeling embarresed.

Meanwhile, who's been killing all these journalists -- 42 since 1992 -- acting as the society's watchdog, and was Anna Politkovskaya assassination on purposely done on Vladimir Putin's birthday to destabilize the public opinion on the government's capability to solve the case, and open up countless speculations on the similarities between Georgi Markov's case who was also killed on a puppet's birthday?

It's the typical Fox Mulder situation, he knows everything about you, you know everything about him, do something to him and make him a hero of a cause, so I feel organized crime isn't interested in Russia's social accountability and is destabilizing the process.

Related posts and resources:
Prosecuting Defectors and Appointing Insiders
A top level espionage case in Greece
India's Espionage Leaks

Automated SEO Spam Generation

In a previous post "An Over-performing Spammer" I commented an impossible to both, read and detect scam message -- loading remote email images is both, an infection and privacy exposing vector. In case you also remember automated bots were also self-praising themselves over Ebay back in August.

Just noticed a good example ( ) of automated SEO spam generated page out of my "No Anti-Virus Software, No E-banking For You" post :

"Welcome to the No Anti Virus Software No E Banking For You one stop website! We offer the best information, resources and links on this side of the planet, you will find no greater and more comprehensive source for all your No Anti Virus Software No E Banking For You needs! ONLY at our website, will you find every Top Quality information and knowledge resource website on the No Anti Virus Software No E Banking For You topic! Please Enjoy your stay at your #1 No Anti Virus Software No E Banking For You website, and do remember to bookmark, come again and tell all your friends!"

While it's amusing, Google seems to have already picked up the now dissapeared subdomain. I wonder when, and would Google utilize the "wisdom of crowds" concept when it comes to users signaling such search results the way it's already flaging blogs? From another perspective, web application vulnerabilities in domains Google's very found of have the potential to undermine any web site rating initiative. Such spam pages aren't the big problem, the big problem is an ecosystem that allows the author to take advantage of the "upcoming search traffic" on a topic while taking advantage of a marketing window of an event to abuse.

Thursday, October 05, 2006

SCADA Security Incidents and Critical Infrastructure Insecurities

A decent article on the topic of the most hyped cyberterrorism threat of them all - direct attack on the critical infrastrcture of a country by attacking the SCADA devices -- despite increased connectivity and integration with third-party networks, for the time being misconfigurations and failures in maintainance make their impact. What is critical infrastructure anyway? In the days when it used to be a closed network, that is one isolated from the Internet and performance-obsessed top management, dealing with threats was benefiting from the controlled environment compared to the open Internet. Converging both infrastructures to maximize performance, project demand and supply, thus achieving cost-cutting and profits results in the basic truth that poluting the Internet would inevitably influence the what used to be closed critical infrastructure one -- and it already happened on several occasions. Incident in Australia :

"That was the case in Australia in April 2000. Vitek Boden, a former contractor, took control of the SCADA system controlling the sewage and water treatment system at Queensland's Maroochy Shire. Using a wireless connection and a stolen computer, Boden released millions of gallons of raw sewage and sludge into creeks, parks and a nearby hotel. He later went to jail for two years. Not surprisingly, U.S. companies are hesitant to talk about the security of their SCADA networks for fear they may give clues to hackers. But security consultants say problems with them are widespread. Allor's company, for instance, regularly does audits of SCADA systems at major installations such as power plants, oil refineries and water treatment systems.

Almost invariably, Allor said, the companies claim their SCADA systems are secure and not connected to the Internet. And almost invariably, he said, ISS consultants find a wireless connection that company officials didn't know about or other open doors for hackers. Realizing the growing threat, the federal government two years ago directed its Idaho National Laboratory to focus on SCADA security. The lab created the nation's first "test bed" for SCADA networks and began offering voluntary audits for companies."

And more security incidents courtesy of Filip Maertens - Cyber threats to critical infrastructures slides :

1992 -- Chevron -- Emergency system was sabotaged by disgruntled employee in over 22 states
1997 -- Worchester Airport -- External hacker shut down the air and ground traffic communication system for six hours
1998 -- Gazprom -- Foreign hackers seize control of the main EU gas pipelines using trojan horse attacks
2000 -- Queensland, Australia -- Disgruntled employee hacks into sewage system and releases over a million liters of raw sewage into the coastal waters
2002 -- Venezuela Port -- Hackers disable PLC components during a national unrest and general workers strike, disabled the country's main port
2003 -- U.S East Coast blackout -- A worm did not cause the blackout, yet the Blaster worm did significantly infect all systems that were related to the large scale power blackout
2003 -- Ohio Davis-Besse Nuclear Plant -- Plant safery monitoring system was shut down by the Slammer worm for over five hours
2003 -- Israel Electric Corporation -- Iran originating cyber attacks penetrate IEC, but fail to shut down the power grid using DoS attacks
2005 -- Daimler Chrysler -- 13 U.S manufacturing plants were shut down due to multiple internet worm infections (Zotob, RBot, IRCBot)
2005 -- International Energy Company -- Malware infected HMI system disabled the emergency stop of equipment under heavy weather conditions
2006 -- Middle East Sea Port -- Intrusion test gone wrong. ARP spoofing attacks shut down port signaling system
2006 -- International Petrochemical Company -- Extremist propaganda was found together with text files containing usernames & passwords of control systems

Go through the results of the Cyberstorm cyber exercise, and a previous post on The Biggest Military Hacks of All Time to grasp the big picture of what cyberterrorism and asymmetric warfare is all about.

Terrorist Letters and Internet Intentions

A juicy recently de-classified letter to Zarqawi courtesy of the Combating Terrorism Center, reveals possible intentions for Internet based communications :

"We advise you to maintain reliable and quick contact, with all the power you can muster. I am ready to communicate via the Internet or any other means, so send me your men to ask for me on the chat forum of Ana al-Muslim, or others. The password between us is that thing that you brought to me a long time ago from Herat. Then, after that, we would agree with them about e-mails, or you should instruct your men who are in the country that I live in to develop communications with us. We are ready to write to you and to consult with you regarding opinions anytime directly. “By the time, Surely man is at a loss, Except for those who believe and do good, and exhort one another to Truth, and exhort one another to patience."

Rather primitive suggestion compared to the alternatives, it sounds more of a loyal jihadist trying to demonstrate his determination of making an impact. The other day I came across to an article mentioning the possibility of "suicidal hackers", that is hackers who doesn't care whether they'll be caught or not in a possible information warfare scenario -- chinese hackers have been utilizing the power of masses, thus disinforming on the actual sophistication of the attack and directing the traceback efforts to script kiddies.

However, in this case that's an example of a suicidal jihadist.

Filtering "Good Girls" and IM Threats

Respecting your kids' right to privacy while wanting to ensure you're aware of the type of people they IM with? Consider a recently launched initiative, IMSafer aims to filter, not spy on kids :

"Keeping children safe from predatory adults in online communication is a service in high demand, but in order for children to participate the parental control needs to be kept to a minimum. IMSafer is a service that launched today and promises to filter IM communication for conversation deemed potentially predatory. The company says it worked with law enforcement specialists to develop its filtering rules and some of them are quite interesting - the phrase “you’re a good girl” is believed to be common language for building a dominance/submission based relationship, for example. Only questionable excerpts from IM conversations will be shown to parents; the company hopes that this relative privacy will help buy-in from kids."

Yet, this is a great example of marginal thinking when it comes to detecting potential child abuse activities with respect to little princess's -- why not prince? -- right to digital privacy. Whereas in the spirit of Web 2.0, the concept is primarily driven by the collective wisdom of parents participating and shaping the service's database and increasing interactions, IMSafer has already predefined categories of alerts :

"1. Someone looking to make direct contact (i.e. coming to your house)
2. Someone looking to make indirect contact (i.e. calling a phone)
3. Personal information (i.e. phone numbers)
4. Obscene language
5. Specific and sexual references to body parts
6. Specific references to sexual acts
7. Anything related to pedophilia"

Issues to keep in mind :
- the differently perceived dangerous or offensive conversation by parents
- the presumption that the "predator" would be using the same username next time, thus establishing long-lasting reputation
- how kids feeling in the middle of a silent war with their parents could simply IM from another location, one without the software installed excluding the possibilities of bypassing it with nerdy talk or vulnerabilities and hacks appearing on-the-fly
- monitors IM only, thus email, IRC, and forums remain an option for further communication

Don't emphasize on spying, not even filtering, but on educating your kids, thus gaining their participation in the process of building awareness on what's are potentially dangerous IM activities. From another perspective, do bored or adventurous kids spend time chatting with strangers? I think boringness, loneliness, the lack of strong, even developed communications with their folks is the root of the problem. And yes, predators acting as online stalkers, thus improving their chances of utilizing a long-lasting conversation.

Related posts:
What's the potential of the IM security market? Symantec thinks big
"IM me" a strike order

Wednesday, October 04, 2006

Mark Hurd on HP's Surveillance and Disinformation

Straight from the source - HP's CEO, one that compared to Fiorina's qualitative approaches decided to shift the company's strategy to a quantitative internal benchmarking model -- one is always fulfilling the other and vice versa -- and he succeeded, but with today's competitive environment and seek for "the next big thing" some companies are sacrificing productivity for insider fears related investigations. Not that there aren't any, it's just that this particular case is nothing more than a bored top management employee sending signals to the press. Next time it would be a top floor hygiene COO's comments on how HP are definitely up to something given the late hour conference meetings, the press will quote as "an insider source leaked this to us" type of quotation :

"Now the question is do you pick up the document and turn to page whatever, or do you say, 'are you sure?' He says 'I'm sure.' So then you say, 'what are we going to do?' Now let me give you two thoughts. You could react by not confronting the problem. You talk about ethics. We've gone down the backward looking view. There's also the dimension that says, are you going to bury this or confront it. Pretty big question, right? And I want to make something clear. I only know of the facts around the one leak. I don't know, there's been a lot of speculation around tens of leaks, and they associate with this one person [Jay Keyworth, a longtime HP board member]. This fact was about one leak from this one person who is a really good guy in the sense of contributions he made to Hewlett Packard over many years.

So now you're confronted with data that says, great contributor, and the team is looking at Pattie [Then board chairman Patricia Dunn] and saying 'what are you going to do.' And I can tell you if you're looking down at this room as you're making a decision, my first reaction wasn't to say, 'hey Pattie, why don't you look backward at how the data was collected.' The stress was, how are you going to confront the fact that was being presented to you. You're going to do what?

Now to your point, knowing what we know now I wish we'd looked at a different set of facts. But even at that point, what had been done had been done. You'd have been reacting at that point in time. I don't want to shirk any of this. The buck stops with me. But you can't have a CEO of a company our size being the backstop. The thought that I'm going to catch everything -- revenue, costs, personnel decisions, investigations... you know the scale of this company."

Catch up with the case through a previous post on the topic, and keep on reading.