[SecurityRatty] tag: buffalo

Experimental Shoe-Print Database Sees the Soles of Criminals

Thu, 20 Nov 2008 15:58:00 +0000

Criminals better watch their steps, as a Univerisity of Buffalo computer science professor develops a search engine for shoe prints left at crime scenes. With funding from the Justice Department, professor Sargur Srihari hopes his computational forensics will make life easier for shoe-identification experts, and harder for criminals.

Wee-Fi: CSIRO Wins Patent Appeal; Zune-Fi in SF; Kodak ESP 9

Mon, 22 Sep 2008 05:53:19 +0000

Australian tech office wins appeal: Buffalo sinks further into the hole as it loses its appeal against a judgement over its use of what the Australian CSIRO technical agency asserts is its patented technology used in all 802.11 implementations. The case, in the patent-holder-friendly US Eastern District Court of Texas--a venue that may be dethroned as a forum coveniens for patentholders' suits in new legislation--prevents Buffalo from importing or selling gear in the US with Wi-Fi technology embedded. In Japan, the patent office threw out CSIRO's patent. While Cisco paid CSIRO as the result of an acquisition of an Australian company a few years ago, most US-based technology giants are involved in resisting the patent's continued validation and enforcement. I've read the patent and some of the suits, and as a non-patent expert, it's clear CSIRO original invention didn't cover what's at stake. However, CSIRO was allowed in a subsequent filing to extend its patent to cover already-in-use technology in a way that seems odd to me, but happens in patents all the time. Many millions of dollars and many more years may be expended before a resolution happens. CSIRO apparently isn't asking for insane fees, although anything paid to them would be passed along to consumers. If companies settled, this might result in an increase of 1 to 5 percent on retail prices. It may ultimately effect WiMax, too, though no suits in that area have been filed.

Finding Zune-Fi: Ina Fried of News.com wanders the polite streets of San Francisco in search of Zune connections over Wi-Fi. She finds a few, and has a good experience. One cafe owner sees the ease with which she can stream music and calls it cool. She can't connect at the long-running Google-sponsored free Wi-Fi at Union Square, however, which means the Wi-Fi likely has an accept button that must be pressed. Surely Microsoft could insert a little technology that would allow a browser-free acceptance of terms? Probably involves Yet Another Protocol: the Wi-Fi Terms Browser-Free Presentation Protocol (WTBFPP).

Kodak adds interesting Wi-Fi enabled all-in-one: The new Kodak ESP 9 is a multi-function printer (fax, scan, print, copy) that connects to a network via Wi-Fi or Ethernet. The $300 device spits out 30 pages per minutes in color, 32 ppm in black only. Kodak claims that the model line to which the ESP belongs uses ink in a vastly more efficient manner than the "average of comparable consumer inkjet printers."

Creepy Customer Profiling via Facial Recognition

Fri, 22 Aug 2008 05:41:08 +0000

Usually, shopping off-line is usually more ad-free than shopping online. But this is changing, with ads coming in strange places like video screens at Gas Stations, Albertson’s, and so on. Google’s been using content targeted at users for some time, and now this is coming to offline ads too. Some unlikely retailers like Dunkin Donuts are installing facial recognition systems that change the ads shown, depending whether the viewer is male or female, and in what age range.

The Wall Street Journal says that Dunkin’ Donuts is experimenting with video screens that use facial recognition technology to figure out your age and gender. The screens then display ads targeted specifically to you.

Creepy!

Dunkin’ Donuts is also tailoring the cash register ads to your specific purchase. If you buy a breakfast sandwich, you can expect an ad prompting you to return “for a coffee break in the afternoon” to “try an oven-toasted pizza.” The system is already in place at two Buffalo, NY locations.

Read the full article here.

Buffalo ships low-cost drive with native encryption

Mon, 07 Jul 2008 09:00:00 +0000

Buffalo has launched a USB hard drive featuring built-in, hardware-backed encryption.

Buffalo ships low-cost encryption drive

Wed, 02 Jul 2008 20:00:00 +0000

Buffalo Technology has become the latest vendor to announce a USB hard drive featuring built-in, hardware-backed encryption. Almost as interesting is that is costs almost the same as the same drive without security.

Stolen SunGard laptop affects at least 10 post-secondary schools

Mon, 21 Apr 2008 10:49:39 +0000

Technorati Tag: Security Breach

Date Reported:
4/17/08

Organization:
Various post-secondary schools, including but not necessarily limited to:
Central Connecticut State University
Eastern Connecticut State University
Southern Connecticut State University
Western Connecticut State University
Northwestern Michigan College
Northwest Missouri State University
Buffalo State College
State University College at Brockport
Monroe Community College

Contractor/Consultant/Branch:
SunGard Higher Education*

*From the SunGard Higher Education "About Us" page:
"SunGard Higher Education provides software, strategic consulting, and technology management services to colleges and universities. We help more than 1,600 institutions worldwide strengthen institutional performance by improving constituent services, increasing accountability, and enhancing the education experience.

SunGard Higher Education has a vision to unify people, process, and technology in an environment that addresses the needs of higher education institutions and the people they serve. We call this vision the Unified Digital Campus."
[Evan] All of "the needs" except one critical one... SECURITY!

Victims:
Students and a limited number of employees

Number Affected:
Unknown, but at least 23702

Types of Data:
Personal information including names, Social Security numbers and financial aid information

Breach Description:
"A laptop belonging to a consultant at SunGard Higher Education was stolen on March 13, 2008. The theft was immediately reported to law enforcement but the laptop has not been recovered. After analyzing a backup of the computer, SunGard Higher Education found that the stolen laptop contained data from projects with a number of customers."

Reference URL:
SunGard Higher Education (general)
The News-Times (Connecticut State University Schools)
Associated Press Connecticut (Connecticut State University System)
Associated Press Michigan (Northwestern Michigan College)
Maryville Daily Forum (Northwest Missouri State University)
The Buffalo News (Buffalo State College)
Democrat and Chronicle (State University of New York schools)
Northwestern Michigan College
Buffalo State College
State University College at Brockport

Report Credit:
SunGard Higher Education

Response:
From the online sources cited above:

A laptop belonging to a consultant at SunGard Higher Education was stolen on March 13, 2008. The theft was immediately reported to law enforcement but the laptop has not been recovered. After analyzing a backup of the computer, SunGard Higher Education found that the stolen laptop contained data from projects with a number of customers.

Security teams from affected institutions and SunGard Higher Education are working together to analyze and verify the data and notify affected individuals.

The laptop was protected with a strong password to access the operating system.
[Evan] It could be the strongest damn password in the world and still not provide an adequate level of security in my opinion. Operating system passwords (especially Windows) can be bypassed in a matter of seconds. This is a poor attempt to minimize the incident.

The computer was password-protected but contained unencrypted files with personally identifiable data
[Evan] Even though encryption is not the "end all", it would have (in conjunction with other controls) reduced the risk of exposure to a level that is acceptable to many organizations (mine included).

All affected customers have been notified. Customer names will not be disclosed for privacy and security reasons as the investigation continues.
[Evan] We already know of at least 10 post-secondary institutions.

The laptop was stolen in New York on March 13 and state officials say it contains the names and personal information of 3,502 present and former students of the four CSU universities.

could put the personal information of 1,600 Northern Michigan College students from 2003 at risk.

could potentially put personal information about Northwest Missouri State University students and alumni in the wrong hands.

Northwest believes it followed all appropriate internal procedures for protecting the privacy of its students. For its part, SunGard Higher Education has accepted responsibility for this incident and is working with the University to minimize any adverse consequences.
[Evan] This is a classic misunderstanding of the roles and responsibilities for information security governance and management. The custodians of the personal information were the schools AND SunGard, not only SunGard. It is the responsibility of the schools (as co-custodians) to require certain information protections from their vendors and contractors. This should be done through policy, contractual language and regular audit/enforcement.

Social Security numbers of about 16,000 current and former Buffalo State College students

affected thousands of students at State University College at Buffalo, State University College at Brockport and Monroe Community College.

We believe that the laptop was stolen for the hardware rather than the data. We do not know if any personally identifiable data was accessed by the thieves.
[Evan] This is another statement meant to minimize the impact of the incident. I do not doubt that often times computer equipment is stolen for the hardware value, but how do we know? I am guessing that more and more criminals are examining the contents of poorly secured computing devices and looking for additional opportunities. The "laptop was stolen for the hardware" argument doesn't work anymore.

The nature of that employee’s job included analysis of customer data as part of software implementation and upgrade projects.

The laptop was taken from an employee of SunGard, a Pennsylvania-based computer software company that provides Buffalo State’s records system, said Voldemar Innus, a college vice president and chief information officer.

Innus also said the laptop was secure.
[Evan] No offense Mr. Innus, but the laptop WAS NOT secure.

"The laptop was stolen for its own worth as hardware," Innus said. "We do not believe it was stolen because of the information that was on it. And it was heavily password protected, we’re told."

"The risk I would say is not that high, but that doesn’t matter," Innus said. "There are steps we need to take because of what happened."
[Evan] People like to throw these terms like "secure" and "risk" around without any validation. How did Mr. Innus determine the risk (of exposure and/or misuse) with respect to this incident?

The data was originally provided for SunGard to perform various services for the university system, but it was apparently retained longer than necessary to perform those services,

A dedicated Web site containing updated information may be accessed at www.sungardhe.com/laptoptheft.

A help desk has been established with a toll-free number, (866) 520-2408, to respond to questions from affected individuals.

Credit monitoring will be provided at no cost to the affected individuals, for a period of one year.
[Evan] Credit monitoring is a post-fraud activity. One year is very limited for information that has a much longer lifespan.

Buffalo State student reaction:
In a campus dormitory, Ben Bissell, a sophomore special education major, and his friend Thomas Dennis, a freshman English education major, were making housing arrangements for next year. Bissell said he got the e-mail and was aware of the situation. Dennis was not.

Bissell was surprised such sensitive information could be placed in such a portable device as a laptop, which could easily be lost or stolen.
[Evan] Mr. Bissell is a "data owner" in this instance. The school and SunGard are "data custodians". In simplistic terms, data owners dictate what level of protection is required for the data that they own and data custodians apply the designated level of protection. Did the school and SunGard apply the designated level of protection in this case?

"You’d think it would be somewhat secure," Bissell said of his personal information.

He plans to closely monitor his bank statements and account activity following the announcement.

Omar Vargas, a sophomore elementary education major, told a reporter it was the first he had heard of the stolen laptop, admitting he feels "less secure" knowing about it.

"There’s enough things to handle being on campus, like going to classes and deadlines," Vargas said. "Then, just to find out my personal information is threatened is like, man, who knows what that could jeopardize."
[Evan] Very true. If we all just did what we were supposed to do, we wouldn't have to worry so much about what others aren't doing.

"I could wind up with bad credit when I’m on a good roll."

Commentary:
I provided a lot of my commentary above. There is no excuse that I can think of for such poor information security practice and management. Can the people running these companies (such as SunGard) and those responsible for information security claim they didn't know any better? Does it not go against SunGard Higher Education (or school) policy to store confidential information on a laptop while relying solely on operating system level passwords?

Nuts.

Past Breaches:
Unknown

Students breach Williamsville Central School District security

Tue, 15 Apr 2008 11:12:32 +0000

Technorati Tag: Security Breach

Date Reported:
4/12/08

Organization:
Williamsville Central School District*

*"the largest suburban school district in Western New York, Williamsville Central encompasses 40 square miles including portions of the towns of Amherst, Clarence and Cheektowaga."

Contractor/Consultant/Branch:
Williamsville North High School

Victims:
Employees

Number Affected:
1,800

Types of Data:
"personal information and Social Security numbers"

Breach Description:
"Several current and former Williamsville North High School students are believed to have broken into the school district’s computer system last month and copied secure files that included the personal information and Social Security numbers of school employees"

Reference URL:
The Buffalo News
WCAX-TV News

Report Credit:
The Buffalo News and the Associated Press (AP)

Response:
From the online sources cited above:

WILLIAMSVILLE, N.Y. (AP) - Authorities say several current and former students broke into a school district’s computer system in western New York last month and copied secure files that included the personal information of employees.

This computer breach marks the third time in the past month that students have gained unauthorized access to sensitive information in area school districts.
[Evan] What did the school district do after the first two in an attempt to prevent a third?

"From talking with staff and from talking with students involved, we know these students gained access to personal information regarding employees of the school district," Amherst Police Chief John Askey said.

The students, Askey said, overrode the security defenses of a classroom computer at Williamsville North and went trolling for information.
[Evan] I can only imagine what the "security defenses" entailed. A student (or "hacker") can do a lot of damage if they are granted physical access to a computer. Obviously the students need to access classroom computers. Having said this, doesn't it then become critical that they be closely supervised.

"They actively attacked the system " subverted those security procedures and precautions," he said.

He added that several of the hackers are considered "very bright kids" and good students with no lengthy disciplinary records.

The extent of the security breach remains unknown because police are required to have computer evidence extracted by the Western New York Regional Computer Forensics Laboratory, Askey said, which might take several weeks.

This prompted Superintendent Howard S. Smith to send a letter this week to the district’s 1,800 employees, asking them to notify Amherst police if they uncover any suspicious credit card or banking activity.

So far, however, police and school officials say they have no evidence that any of the accessed data has been distributed or used to commit crimes.

Employees or students who suspect their private information might have been used improperly should call the police at 689-1311.

District computer technicians noticed some unusual activity during routine monitoring of its network on March 26, Smith said.

"Immediately upon getting the information, we began our investigation and involved the police," he said, "and they have been working with us ever since."

Two school computers, four personal student computers and one portable flash drive have been confiscated as part of the investigation, Askey said.

At least three individuals are suspected in the breach, he said, and several more knew about it. Those involved have told police they simply were interested in how far they could get into the system.
[Evan] I remember the day when being "interested in how far" we "could get into the system" was commonplace. We were curious and we wanted a challenge, but things are much different today.

Smith said the district has begun disciplinary action against one student and expects to take further action as the police wind up their investigation. He added that the district also has taken steps to improve security.
[Evan] We don't have all the facts, but assuming that the information security practices at the school are less than adequate, how about some disciplinary action against the people that did not secure the information in the first place?

"There are several charges, mostly misdemeanors, that could result," Askey said.
[Evan] This is in reference to the students. Should charges be considered for those who collected the personal information and likely did not secure it properly? I think that the finger could be pointed in either direction.

Commentary:
Kids are kids. On one hand, I think it's important for them to push the boundaries, explore and challenge themselves. On the other hand, their actions in this case led to potential victims. These students should be punished, but I think that the school could come up with some creative solutions (after they secure personal information better). If students are interesting in "hacking", why not teach it. Teach it in a way that clearly communicates the law, but at the same time challenges students to explore and learn. Maybe we can make good information security professionals out of them. My blog, my $.02

Whatever the school district has been doing isn't working. Otherwise, this wouldn't be the third occurrence in the past month.

Past Breaches:
Unknown

40,000 BlueCross BlueShield members notified of lost laptop

Tue, 11 Mar 2008 12:31:27 +0000

Technorati Tag: Security Breach

Date Reported:
3/10/08

Organization:
HealthNow New York Inc.

Contractor/Consultant/Branch:
BlueCross BlueShield of Western New York

Victims:
Healthcare members

Number Affected:
40,000

Types of Data:
Names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier numbers

Breach Description:
"Blue-Cross Blue-Shield of Western New York says it is notifying tens of thousands of its members about identity theft concerns after one of it's company laptops went missing."

Reference URL:
The Buffalo News
WIVB Channel 4 News
WGRZ Channel 2 News

Report Credit:
WGRZ Channel 2 News

Response:
From the online sources cited above:

HealthNow New York has alerted 40,000 members in Western and Northeastern New York that they may be at risk for identity theft, after a former employee’s laptop computer went missing with confidential information several months ago.

The Buffalo-based parent of Blue- Cross BlueShield of Western New York sent letters late last week to the affected customers, even though officials are still not certain what, if anything, was on the computer.
[Evan] Not sure where confidential information is? Sad, common and true.

Based on the company’s investigation, the potential information includes names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier numbers.

there was no health or medical claims information involved
[Evan] I think a name, date of birth, Social Security number, address, and employer should be enough to do some damage.

HealthNow has arranged for any affected member to receive a one-year free membership in Equifax Credit Watch, to monitor for identity theft.

The laptop was not encrypted, but does have security features, including the requirement to enter the user’s identification number and passcode after 15 minutes of inactivity.
[Evan] OK, seriously? Does anyone expect a username and password to stop someone with even novice computer skills? I am assuming that this is a Windows laptop, all the more simple.

the company shut down the laptop’s access to the corporate network, and has not detected any activity from the laptop since the disappearance.
[Evan] Shutdown the laptop's access or access from the user id of the person that had been using the laptop? Semantics, I know. The information that may be on the laptop is the real concern.

The employee is no longer with HealthNow, having accepted a position at another company out of state, but the insurer is still in contact.

the company is reconfiguring its claims software system, and the employee had downloaded some member information to his laptop while working on the project so he could work either in building or at home
[Evan] Too many "no-nos". "No-no" #1 is not knowing where confidential resides within the organization. "No-no" #2 is allowing confidential information onto mobile devices without additional controls such as encryption. "No-no" #3 is working with sensitive confidential information for software development and testing purposes. Only sanitized information should be used for development and test work.

The laptop was reported missing in late fall, but the company did not notify customers until now because officials wanted to make sure whether such action would be necessary.
[Evan] This is way too long! An excerpt from New York Bill A02261 "Notice of Information Breach" can be found in the commentary below.

officials first "spent an exhorbitant amount of time" to try and locate the laptop, which they still believe is in the company’s building

Using the company’s shared drive and with the cooperation of the employee, officials retraced his path to determine what information he was working with. The company then set up the credit-monitoring, and began contacting members last Thursday and Friday.

"We didn’t want to have to reach out to our members and cause them unnecessary worry until we knew the potential of what we were dealing with," she said. "With all of the factors and orchestrating credit monitoring, we do believe our response time has been reasonable."
[Evan] "We didn't want to have to reach out to our members and cause them unnecessary worry until we know the potential of what we were dealing with" is a terrible reason to delay notification. BlueCross BlueShield needs to understand that they are NOT the information owners.

The company has also tightened its policies and procedures about use of laptops and other mobile devices "to ensure that the policies are more strict," she said. She added that officials are also encrypting all information on laptops "to prevent this situation from recurring."
[Evan] Of the "No-nos" I mentioned above, this takes care of one.

Commentary:
Another laptop that may or may not have contained sensitive personal information that goes missing without encryption. Do you think John Doe from XYZ company thought twice about filling out his health insurance forms on his first day of work? He probably just expected better protection from a company that handles thousands of personal records.

I am certainly not a lawyer, nor am I qualified to give legal advise of any kinds, but this is a simple copy and paste...

Excerpt from New York Bill A02261:
"ANY PERSON, FIRM, PARTNERSHIP, ASSOCIATION OR CORPORATION THAT COLLECTS, OWNS, MAINTAINS OR USES PERSONAL INFORMATION SHALL DISCLOSE A BREACH OF SECURITY RELATED TO UNENCRYPTED OR NON-REDACTED PERSONAL INFORMATION CONCERNING TWENTY-FIVE OR MORE RESIDENTS OF NEW YORK. THE DISCLOSURE SHALL BE MADE WITHIN TWO BUSINESS DAYS AFTER LEARNING OF THE BREACH OF SECURITY, BUT MAY BE DELAYED IF A LAW ENFORCEMENT AGENCY DETERMINES THAT THE NOTIFICATION WILL IMPEDE A CRIMINAL INVESTIGATION. THE NOTIFICATION REQUIRED BY THIS SECTION SHALL BE MADE AFTER THE LAW ENFORCEMENT AGENCY DETERMINES THAT IT WILL NOT COMPROMISE THE INVESTIGATION."

Past Breaches:
Unknown

Wired.com and History.com Getting RBN-ed

Mon, 10 Mar 2008 11:20:33 +0000

Monitoring last week's IFRAME injection attack at high page rank-ed sites, reveals a simple truth, that persistent simplicity seems to work. The attack is still ongoing, this time successfully injecting a multitude of new domains into Wired Magazine, and History.com's search engines, which are again caching anything submitted, particularly not validated input to have the malicious parties in the face of the RBN introducing a new malware, in between the pharmaceutical scams that they serve on the basis of an affiliation model. So, after "CNET stops IFRAME site attacks - who's next?" in terms of high-profile sites, that is Wired.com and History.com

Key summary points :

- the same malicious parties behind the CNET and TorrentReactor's IFRAME injection are also the ones behind Wired.com and History.com's abuse of input validation

- the IFRAME injection entirely relies on the lack of input validation within their search engines, making executable code possible to submit and therefore automatically execute upon accessing the cached page with a popular search query

- many other domains have been introduced within the IFRAMEs, a complete list of which you can find in this post, several directly hosted within RBN's network

- the main domain serving the heavily obfuscated VBS malware is located within the Russian Business Network's known netblocks

- given the high page ranks of the current and the previous targets, it is evident that the malicious parties are prioritizing based on the possibility to abuse input validation on high page rank-ed sites, presumably in an automated fashion

- Keep it Simple Stupid works, as since they cannot find a way to embedd the IFRAME at these hosts, a clear indicating of the fact that they've breached them, they figured out a way to inject the IFRAMEs and again take advantage of the high page ranks to attract traffic by gaining on popular key words, or any kind of key words that they want to

Sites currently affected next to Wired.com and History.com :
fhp.osd.mil

hcc.cc.gatech.edu
buffalo.edu
uninews.unimelb.edu.au
uvm.edu
jurist.law.pitt.edu
bushtorrent.com
torrentportal.com

Newly introduced domains within the IFRAMEs :

f3w.info (74.54.95.242)

chdjzn.info (75.125.181.78)

gmjett.info (75.125.181.89)

yscmps.info (75.125.181.124)

egkjnx.info (75.125.208.242)

qkecep.info (75.125.181.99)

qxdprq.info (75.125.181.113)

yscmps.info (75.125.181.124)

mqghrd.info (75.125.181.82)

yydcaj.info (75.125.181.122)

ecwrhk.info (75.125.181.86)

zdksgj.info (75.125.181.112)

stysqf.info (75.125.181.67)

egyffr.info (75.125.181.112)

prnprn.info (75.125.181.106)

fast-look.com (195.225.176.25)

fami4ka.net (217.20.127.217)

looseais.info (70.47.105.5)

my-ringtones.org (78.108.182.164)

eyzempills.com (81.222.139.184)

leohin.com (58.65.239.10)

is-t-h-e.com (69.50.167.165)

89.149.220.85

Where are the IFRAMEs relocating the visitor to?

search-vip.org/pharmacy/search.php?q= (195.225.178.19)

pharma-cist.com/item.php?id=156 (81.222.139.93)

vip-pharmacy.org (195.225.178.19)

adultfriendfinder.com/go/g665961
gift-vip.net/images/index1.php

Where's the malware?

The malware is loading from gift-vip.net/images/index1.php (195.225.178.19) where upon loading another IFRAME pointing to e.pepato.org/e/ads.php?b=3029 (58.65.238.59) which is using HostFresh proving hosting, dns services courtesy of INTERCAGE-NETWORK-GROUP, or the The Russian Business Network in all of its netblock diversity. It seems that pepato.org, currently hosted on one of RBN's netblocks, also made an appearance at malware embedded attack at a .gov site recently.

Scanner results : 3% Scanner(1/36) found malware!

File Size : 16643 byte

MD5 : 99eae1a189443c1a87681579cb4b5dbd

SHA1 : 89a04c4d06f51aa6d6cb54925a2c84d2bbdba06b

Arcavir - Trojan.HTML.JScript.Freebs.gen.9 under the JS:Feebs family; W32/Feebs-Fam ;JS.Feebs.Gen

Several more currently active internal pages serving variants :

e.pepato.org/e/ads.php?b=3029

e.pepato.org/e/ads_nl.php?b=1006

e.pepato.org/e/ads.php?b=1004

e.pepato.org/e/adsr.php?t=0

e.pepato.org/e/mdqt.php

e.pepato.org/e/e1004.html

Monitoring these connected incidents will continue, particularly the RBN connection, and other high profile sites' susceptibility to their attack methods.

Related embedded malware research :
Embedding Malicious IFRAMEs Through Stolen FTP Accounts
Yet Another Massive Embedded Malware Attack
MDAC ActiveX Code Execution Exploit Still in the Wild
Malware Serving Exploits Embedded Sites as Usual
Massive RealPlayer Exploit Embedded Attack
Syrian Embassy in London Serving Malware
Bank of India Serving Malware
U.S Consulate St. Petersburg Serving Malware
The Dutch Embassy in Moscow Serving Malware
U.K's FETA Serving Malware
Anti-Malware Vendor's Site Serving Malware
The New Media Malware Gang - Part Three
The New Media Malware Gang - Part Two
The New Media Malware Gang
A Portfolio of Malware Embedded Magazines
Another Massive Embedded Malware Attack
I See Alive IFRAMEs Everywhere
I See Alive IFRAMEs Everywhere - Part Two

Related RBN research :
RBN's Phishing Activities
RBN's Puppets Need Their Master
RBN's Fake Account Suspended Notices
A Diverse Portfolio of Fake Security Software
Go to Sleep, Go to Sleep my Little RBN
Exposing the Russian Business Network
Detecting the Blocking the Russian Business Network
Over 100 Malwares Hosted on a Single RBN IP
RBN's Fake Security Software
The Russian Business Network

Creating and Entrapping Terrorists

Wed, 05 Mar 2008 03:25:43 +0000

When I wrote this essay -- "Portrait of the Modern Terrorist as an Idiot" -- I thought a lot about the government inventing terrorist plotters and entrapping them, to make the world seem scarier. Since then, it's been on my list of topics to write about someday.

Rolling Stone has this excellent article on the topic, about the Joint Terrorism Task Forces in the U.S.:

But a closer inspection of the cases brought by JTTFs reveals that most of the prosecutions had one thing in common: The defendants posed little if any demonstrable threat to anyone or anything. According to a study by the Center on Law and Security at the New York University School of Law, only ten percent of the 619 "terrorist" cases brought by the federal government have resulted in convictions on "terrorism-related" charges -- a category so broad as to be meaningless. In the past year, none of the convictions involved jihadist terror plots targeting America. "The government releases selective figures," says Karen Greenberg, director of the center. "They have never even defined 'terrorism.' They keep us in the dark over statistics."
Indeed, Shareef is only one of many cases where the JTTFs have employed dubious means to reach even more dubious ends. In Buffalo, the FBI spent eighteen months tracking the "Lackawanna Six" -- a half-dozen men from the city's large Muslim population who had been recruited by an Al Qaeda operative in early 2001 to undergo training in Afghanistan. Only two lasted the six-week course; the rest pretended to be hurt or left early. Despite extensive surveillance, the FBI found no evidence that the men ever discussed, let alone planned, an attack -- but that didn't stop federal agents from arresting the suspects with great fanfare and accusing them of operating an "Al Qaeda-trained terrorist cell on American soil." Fearing they would be designated as "enemy combatants" and disappeared into the legal void created by the Patriot Act, all six pleaded guilty to aiding Al Qaeda and were sentenced to at least seven years in prison.

In other cases, the use of informants has led the government to flirt with outright entrapment. In Brooklyn, a Guyanese immigrant and former cargo handler named Russell Defreitas was arrested last spring for plotting to blow up fuel tanks at JFK International Airport. In fact, before he encountered the might of the JTTF, Defreitas was a vagrant who sold incense on the streets of Queens and spent his spare time checking pay phones for quarters. He had no hope of instigating a terrorist plot of the magnitude of the alleged attack on JFK -- until he received the help of a federal informant known only as "Source," a convicted drug dealer who was cooperating with federal agents to get his sentence reduced. Backed by the JTTF, Defreitas suddenly obtained the means to travel to the Caribbean, conduct Google Earth searches of JFK's grounds and build a complex, multifaceted, international terror conspiracy -- albeit one that was impossible to actually pull off. After Defreitas was arrested, U.S. Attorney Roslynn Mauskopf called it "one of the most chilling plots imaginable."

Using informants to gin up terrorist conspiracies is a radical departure from the way the FBI has traditionally used cooperating sources against organized crime or drug dealers, where a pattern of crime is well established before the investigation begins. Now, in new-age terror cases, the JTTFs simply want to establish that suspects are predisposed to be terrorists -- even if they are completely unable or ill-equipped to act on that predisposition. High-tech video and audio evidence, coupled with anti-terror hysteria, has made it effectively impossible for suspects to use the legal defense of entrapment. The result in many cases has been guilty pleas -- and no scrutiny of government conduct.

In most cases, because no trial is ever held, few details emerge beyond the spare and slanted descriptions in the indictments. When facts do come to light during a trial, they cast doubt on the seriousness of the underlying case. The "Albany Pizza" case provides a stark example. Known as a "sting case," the investigation began in June 2003 when U.S. soldiers raided an "enemy camp" in Iraq and seized a notebook containing the name of an imam in Albany -- one Yassin Aref. To snare Aref, the JTTF dispatched a Pakistani immigrant named Shahed "Malik" Hussain, who was facing years in prison for a driver's-license scam. Instead of approaching Aref directly, federal agents sent Malik to befriend Mohammed Hossain, a Bangladeshi immigrant who went to the same mosque as Aref. Hossain, an American citizen who ran a place called Little Italy Pizzeria in Albany, had no connections whatsoever to terrorism or any form of radical Islam. After the attacks on 9/11, he had been quoted in the local paper saying, "I am proud to be an American." But enticed by Malik, Hossain soon found himself caught up in a government-concocted terror plot. Posing as an arms dealer, Malik told Hossain that a surface-to-air missile was needed for an attack on a Pakistani diplomat in New York. He offered Hossain $5,000 in cash to help him launder $50,000 -- a deal Hossain claims he never properly grasped. According to Muslim tradition, a witness is needed for significant financial transactions. Thus, the JTTF reached out for Hossain's imam and the true target of the sting -- Aref.