In the paper, we propose a simple solution: take-down companies should share their raw, unverified feeds of phishing URLs with their competitors. Each company can examine the raw feed, pick out the websites impersonating their clients, and focus on removing these sites.

Since we presented our findings to the Anti-Phishing Working Group eCrime Researchers Summit, we have received considerable feedback from take-down companies. Take-down companies attending the APWG meeting understood that sharing would help speed up response times, but expressed reservations at sharing their feeds unless they were duly compensated. Eric Olsen of Cyveillance (another company offering take-down services) has written a comprehensive rebuttal of our recommendations. He argues that competition between take-down companies drives investment in efforts to detect more websites. Mandated sharing of phishing URL feeds, in his view, would undermine these detection efforts and cause take-down companies such as Cyveillance to exit the business.

I do have some sympathy for the objections raised by the take-down companies. As we state in the paper, free-riding (where one company relies on another to invest in detection so they don’t have to) is a concern for any sharing regime. Academic research studying other areas of information security (e.g., here and here), however, has shown that free-riding is unlikely to be so rampant as to drive all the best take-down companies out of offering service, as Mr. Olsen suggests.

While we can quibble over the extent of the threat from free free-riding, it should not detract from the conclusions we draw over the need for greater sharing. In our view, it would be unwise and irresponsible to accept the current status quo of keeping phishing URL feeds completely private. After all, competition without sharing has approximately doubled the lifetimes of phishing websites! The solution, then, is to devise a sharing mechanism that gives take-down companies the incentive to keep detecting more phishing URLs.

Here is our stab at devising a suitable sharing mechanism. We propose the creation of a members-only sharing club with compensation for net contributors paid for by net receivers. Take-down companies submit real-time copies of their entire feeds to a trusted third party (for the sake of argument, let’s assume that the APWG takes on this role). The APWG collates the individual feeds, marks the source of each submission (i.e., which take-down company) along with a timestamp. The APWG makes the amalgamated feed available immediately to all members. The members pick out phishing URLs impersonating their own clients, while ignoring the rest. Crucially, the expensive task of verifying phishing URLs and initiating take-down continues to be performed by the take-down company.

Periodically, the combined feed is audited to determine the reciprocity of contributions. Take-down companies provide a list of their clients to the auditor. The auditor then computes the number of phishing websites impersonating each take-down company’s clients that are missed by the takedown company but identified by others. The auditor also tallies the time difference for phishing websites that are identified by others first.

For example, suppose bank A1 has hired take-down company A to remove phishing sites on its behalf, and bank B1 has hired take-down company B. Suppose 500 phishing sites impersonate A1, and that A identifies 400 while B identifies an additional 100 sites missed by A. Likewise, suppose another 500 phishing sites impersonate bank B1, and that B identifies 300 while A identifies an additional 200 sites missed by B. B has received a net of 100 useful phishing sites more from A than B has given to A. Consequently, B should pay A a previously-agreed ‘finder’s fee’ for identifying these extra 100 websites.

The ‘finder’s fee’ provides additional incentive for take-down companies to invest in better phishing website detection. Designed properly, such a sharing club can overcome the potential for free-riding that companies such as Cyveillance fret about, while increasing sharing to shorten phishing website lifetimes.

Some subtleties must be mentioned, however. If the finder’s fee is big enough, some companies may be tempted to cheat to minimize their payout. For instance, underperforming take-down companies could claim to have independently discovered missing data from their feed shortly after collecting it from the shared feed. This can be mitigated by adding a credible threat of detection — inserting a few dubious fake phishing URLs that only appear in the shared feed. If the company claims to have ‘independently’ rediscovered these URLs, then they will be caught cheating. Another issue is that the auditing system does incur some overhead, which could be avoided if sharing was made unconditional.

To sum up, we recognize that many take-down companies will be reticent to share. However, we feel that sharing is too important to the goal of tackling phishing to brush aside because of a few inevitable complications. For the good of protecting consumers, the anti-phishing industry should learn to co-operate!

Weldon, who is currently being investigated by the FBI over alleged corruption during his time in office, visited Libya in March to discuss a possible military deal, according to a letter describing the trip from Weldon to Defense Solutions CEO Timothy Ringgold. In May, Weldon, together with Ringgold and another company representative, traveled to Moscow to discuss working with Russia's weapons-export agency on arms sales to the Middle East.

Both trips were part of the company's effort to tap into the growing -- and often legally murky -- market for selling weapons from former Eastern Bloc countries to the Middle East and Afghanistan.

Ex-Rep. Curt Weldon, R-Penn., is helping broker deals between Russian weapons suppliers and the Iraqi and Libyan governments through his company, Defense Solutions.
Photo: H. Rumph Jr/AP

The Russians want to sell weapons to Iraq directly, but "must go slow on Iraq because of political reasons" and want to work with an "intermediary" like Defense Solutions, CEO Ringgold subsequently wrote to colleagues. "They have not spoken with any American company that can offer the quid pro quo that we can or that has the connections in Russia that we have," he boasted.

A few years ago, an American company proposing to sell weapons to Libya might have triggered a congressional hearing. So, too, would have a proposal to conduct arms deals with Russia, which the United States has accused of selling high-tech weapons to Syria and Iran.

However, U.S. government efforts to rapidly equip countries like Afghanistan and Iraq -- which have largely Soviet-origin weapons -- have created legal ambiguities and loopholes in export controls that didn't exist in years past and given rise to a new class of arms trade middlemen. So, even though both Libya and the Russian arms export agency are on official U.S. blacklists, government officials and analysts involved in weapons sales say the rules have become unclear as the push to equip allies in the global war on terror has blazed new but uncertain legal ground.

Eagerly stepping into that virgin territory is Defense Solutions, a Pennsylvania-based company that is carving out a small but lucrative niche in a new international arms bazaar. The firm boasts as its advisors a number of influential Washington insiders, such as retired General Barry McCaffrey, the former White House drug czar.

Helping the firm make key connections is Curt Weldon, a former Republican congressman from Pennsylvania at the center of an FBI investigation into alleged conflicts of interest during his time in office. Weldon, now a key executive at Defense Solutions, is working with the company to set up these weapons deals.

Defense Solutions has also proposed refurbishing Libya's BTR-60 armored personnel carriers, according to a sales proposal seen by Wired.com. Defense Solutions denies drafting a sales proposal to Libya.

It's an unusual, if not an entirely unexpected chapter for Weldon, whose time in office included frequent trips to Russia. As an influential member of the House Armed Services Committee, Weldon pushed for multibillion-dollar defense programs, like ballistic missile defense, and earned a reputation as a foreign policy gadfly, boasting of his contacts with officials in nations labeled by the administration as "rogue states" such as Libya and North Korea. Weldon's wild claims about a 9/11 cover-up and his sensationalist book warning of an Iranian terror plot, sometimes earned him official scorn and public ridicule, but it was accusations that he steered contracts to Eastern European businesses linked to his daughter's lobbying firm that drew the government's attention.

Weldon was voted out of office in 2006 just weeks after the FBI raided his daughter's home, and that of one of her associates.

Weldon did not respond to e-mails and phone requests to be interviewed or comment for this article. But in a 2006 interview, before the FBI probe was public, Weldon spoke enthusiastically about setting up a "front company" to work with the Russian arms agency, Rosoboronexport. Weldon hoped this company could sell weapons to the Middle East, and other regions, particularly to countries where the U.S. has strained relations. He claimed the director of Rosoboronexport approached him to work with "an American company that would act as a front for weapons these nations want to buy."

Weldon called the proposal an "unbelievable offer."

The administration, he acknowledged at the time, did not welcome the idea of an American company selling Russian weapons to potentially unfriendly countries. But two years later, Weldon, now a private citizen and chief strategic officer for Defense Solutions, appears to be working on precisely that sort of deal. And whether illegal or not, Defense Solutions' business represents a new phenomenon in the international arms trade business.

In years past arms brokers -- firms or individuals who serve as middlemen to facilitate weapons sales between countries -- were largely the stuff of spy thrillers. Unlike traditional American defense companies, like Lockheed Martin or Boeing, which typically sell weapons directly to NATO countries or other governments regarded as friendly to the United States, brokers are often small outfits run by people with sometimes questionable experience and reputations they will sell to anyone. One of the most infamous arms brokers, a Russian named Viktor Bout, is charged by the United States, United Nations, Interpol and others of funneling arms to terrorists and rebels around the world. He was recently arrested in Thailand. The United States is requesting his extradition on charges of supplying arms to a terrorist organization.

Two Marines lower the trim vane on the front of an Iraqi BMP-1 mechanized infantry combat vehicle that was captured during Operation Desert Storm. The American defense consulting firm Defense Solutions has proposed refurbishing Libya's aging fleet of BMP-1s. Defense Solutions denies drafting a sales proposal to Libya.

But ironically, Iraq has fueled a new market for these professional middlemen; the United States is funneling billions of dollars into modernizing Iraq's army so that the country's government can fend for itself after coalition troops withdraw. And Iraq's largely Soviet-equipped military is a natural market for Eastern European countries brimming with old or out-of-date equipment they would like to unload. The middlemen, in these cases, serve a key role by allowing the U.S. government to do business with an American company, which in turn buys equipment from Eastern Bloc countries in deals worth hundreds of millions of dollars, much of it financed with U.S. taxpayer dollars.

One of Defense Solutions' sales -- a deal to sell Hungarian-owed T-72 tanks to Iraq in 2005 -- was typical of these new foreign military sales. But on the more questionable side is the company's plans to work with Rosoboronexport, which is barred from doing business with the U.S. government, and Libya, which is still on the State Department's arms embargo list.

The Eastern European-Middle East arms-brokering business, while in some cases sanctioned by the U.S. government, has run into problems, including outright corruption and quality. Defense contractor Dale Stoffel, the president of Wye Oak Technology, and another American were gunned down in Iraq in December 2004 after Stoffel alleged that the Iraqi Ministry of Defense was involved in a kickback scheme. Like Defense Solutions, the company Stoffel worked for was refurbishing the Iraq's army Eastern Bloc equipment.

Another problem is quality. Weapons from the former Soviet Bloc, which the U.S. military euphemistically calls "nonstandard equipment," have been flagged as substandard, acknowledges Brigadier General Charles Luckey, who is in charge of security assistance at Multi-National Security Transition Command-Iraq. In an interview from Iraq, Brigadier General Luckey said: "One of the frustrating things about buying nonstandard [weapons], is that I'm the guy who has to deal with the fact that some broker I've never heard of allowed weapons to get to Iraq before they were inspected."

Defense Solutions is carving a new niche in the arms trade, selling Soviet-made weapons to Middle Eastern countries like Afghanistan and Iraq. Defense Solutions sold Hungarian-owed T-72 tanks to Iraq in 2005.

In one high-profile case, Iraqi officials alleged that a corrupt firm sold them $400 million in shoddy helicopters from Poland. More recently, a company led by a 21-year-old and a former masseur was offered a U.S. government contract worth nearly $300 million to sell ammunition to Afghanistan. The ammunition turned out to be outdated and of dubious origin and several people connected with the company have been indicted. A congressional investigation concluded that the company, which was on a State Department watch list, was able to take advantage of regulatory loopholes by using middlemen.

For those concerned about illicit arms trade, this new wave of weapons deals is rife with the potential for corruption and abuse, but for companies eager to pursue markets once regarded as dubious, it represents a lucrative business opportunity. The problem in these cases, according to those familiar with arms sales, is that it's no longer clear what's legal and what's not.

Rachel Stohl, an expert on international arms trade and a senior analyst at Center for Defense Information, says that in many ways, the rush to equip Iraq has led the United States to throw caution to the wind. She points to a report by the Government Accountability Office last year that found that some 190,000 weapons sold to Iraq have gone missing. "I think the reality is we won't know, until way after the fact, about all of these irregularities with the Iraq weapons provision program," she said. "We were providing them all these assault rifles that have gone missing. Why? They were not following the standard procedures that were in place."

But Iraq and Afghanistan aren't the only markets available to arms brokers like Defense Solutions. The gradual normalization of relations with Libya opens another door into a quasi-legal area of sales.

Like Iraq, Libya has a substantial arsenal of Soviet-origin military weapons, offering a potential market for brokers working with Russia and other former Soviet states. But even when there's not an outright ban, sales to the Middle East are often fraught with controversy, particularly to countries like Libya, which was under international sanction for more than a decade. Even as sanctions against it have been lifted, European companies proposing to sell arms to Libya have faced steep criticism, particularly since the country is still ruled by dictator Muammar Gaddafi, who took power in a military coup in 1969.

While the United States lifted Libya's "state sponsor of terrorism" designation in 2006, other restrictions, such as on the sale of arms, remain in place. A State Department spokesperson confirmed that exports of "lethal munitions" to Libya, such as tanks or related equipment, are still banned, although sales of nonlethal equipment are now allowed on a case-by-case basis.

In late March, Weldon traveled to Libya for a weeklong trip at the invitation of the Gaddafi Foundation, a group run by the son of Libya's leader, and the chairman of Libya's foreign affairs committee, according to the report he sent to Defense Solutions (.pdf), a copy of which was obtained by Wired.com. The trip reports states: "Agreement reached for Weldon to quickly return to Libya for meetings with son [of Libyan leader Gaddafi] Morti regarding defense and security cooperation."

A document dated April 16, just two weeks after Weldon's trip, outlines Defense Solutions' proposal to Libya to refurbish the country's fleet of armored vehicles, including its T-72 tanks, BMP-1 infantry fighting vehicles, and BTR-60 armored personnel carriers. A copy of the sales proposal, also provided to Wired.com, is on Defense Solutions' letterhead, appears to bear the signature of company CEO Timothy Ringgold, and is addressed to Libya's defense procurement council. "Defense Solutions is committed to delivering a full end-to-end solution to its clients," the proposal states. "Besides refurbishing these vehicles, we are capable of providing a full logistics support package, including a two year supply of spare parts, maintenance and repair services, and operator, maintenance, and repair training."

In an interview with Wired.com, Ringgold admitted that he's interested in doing business in Libya and confirms receiving Weldon's trip report from Libya, but denies drafting or signing an arms-sale proposal. "I've never made such a document to Libya," Ringgold insisted, after being read the proposal, and told that his signature is on it.

In addition to the Libyan arms-deal document, Wired.com has also reviewed copies of e-mails from Ringgold discussing the Libyan deal.

While Ringgold denies proposing an arms sale to Libya, he is open about speaking with Rosoboronexport, which has been on a U.S. government sanctions list since 2006, after the Russian state agency allegedly violated the Iran and Syria Nonproliferation Act. An April e-mail provided to Wired.com describes Ringgold, Weldon and Stephan Minikes, a senior advisor to Defense Solutions and a former ambassador, meeting with Rosoboronexport. The conversations included a number of potential deals, including supplying Mi-17 helicopters to Afghanistan and spare parts for Iraq's infantry fighting vehicles. Ringgold wrote to colleagues following the visit, describing the meetings as a "spectacular success," saying the Russian agency "has the ability to undercut all cost proposals from brokers."

Ringgold confirmed those discussions and said that his company has sought to do business with Rosoboronexport. Asked whether Ringgold considers his dealings with Russia to be legal, he argued that U.S. companies could work with Rosoboronexport on a "case-by-case" basis. "The particular purpose of the meeting we had -- and I want to be crystal clear -- was in response to a U.S. government requirement," he said.

A number of officials at the State Department and in the Pentagon, when contacted for this article, could not say whether working with Rosoboronexport is legal or not. A Pentagon spokeswoman said she was familiar with the issue, but deferred the question to the State Department. When asked about Rosoboronexport's status on the blacklist, John Herzberg, a State Department spokesman replied: "What's on there is on there."

Asked whether, given the ban, there was any way a company could legally work with Rosoboronexport, as Ringgold suggested, Herzberg provided an equivocal answer. "At the stage of the process we're at, I'm unable to give you an answer," he said. "You can try elsewhere in government, and maybe they'll be braver than me."

In an interview from Iraq, General Luckey conceded it was a murky area, but said, "My understanding is they are currently on our no-go list."

The confusion over debarred parties has even led the U.S. government into its own legal tangles, according to Jim McAleese, a Washington attorney who specializes in government contracting and foreign military sales. Because the Russian government violated U.S. nonproliferation laws, even NASA had to go to Congress to ensure it could work with Russia on Soyuz flights to the international space station. "What I'm warning you about is, don't be surprised by the confusion," McAleese said. "There are a whole bunch of different statutes that were adopted piecemeal and were never intended to be reconciled."

But it's the very ambiguity of the law that troubles those who monitor export control. "It's highly unusual to do anything with the Russians, particularly Rosoboronexport," said Scott Jones, director of Export Control Programs at the Center for International Trade and Security at the University of Georgia.

Legal or not, reputable American companies simply don't want to work with banned entities, Jones said, for fear of risking their reputations and business. "Even if it's not an outright prohibition, most companies don't want to put themselves in a liability situation that has really bad PR … and they stay away from it," Jones said. "But if that's your business, pimping out arms from the U.S. or Russia, that's the way it works, and you push as much as possible."

Finding any U.S. defense company working with the Russian government at this point would be "remarkable," Jones added.

In the meantime, the future for Weldon is unclear. The FBI investigation continues and Weldon's former chief of staff recently pleaded guilty to a conspiracy charge and is cooperating with the government, notes Melanie Sloan, the executive director of Citizens for Responsibility and Ethics in Washington, which filed a complaint against Weldon in 2004. Sloan speculated that Weldon may be charged with "honest service fraud" for misusing his office for personal gain. "It's an easier standard than bribery," she said. "I wouldn't be surprised [if he's charged] with bribery, but I think it will be honest services fraud."

Ringgold insists that he and Weldon are on the right side of the law. "Everything we do is in strict compliance with international and U.S. law and we operate only in the best interests of the U.S. government," he said. "I didn't serve 30 years in the United States Army to throw that away on a whim."

Asked if Weldon is still working for the company, Ringgold replied: "Absolutely, proudly so."

Extremely fair article on Sebastopol Wi-Fi networking health debate: The local paper manages to push the camel through the eye of the needle in presenting various aspects of the vote by the local council to rescind the gift of a local ISP to provide city-wide Wi-Fi. It neither ridicules the symptoms of people who describe themselves as electrosensitive, nor ignores the clinical research that shows such sensitivity to be unprovable, even as the symptoms are clearly manifest (just not correlated with EMF). The article notes that one radio host who speaks on health has his words carried by a station that is bumping more signal out across Sebastopol than any Wi-Fi network would. In a true Sonoma moment, however, the leading opponent to the city-wide network and the owner of the ISP cross paths in front of Whole Foods where high school students in favor of the network were gather signatures for a petition--and hugged. That kind of behavior is more of what we need: civility, understanding, and mutual working forward to improve everyone's health. More research? Sure. And more kindness, too.

Wired's Wi-Fi map: now, useful! My friend and colleague Cyrus Farivar spent weeks researching what municipal projects were proceeding, on hold, or dead across the U.S., and I wasn't very impressed by the way in which Wired presented this material in their print issue. But never fear! Online, paired with Google Maps, his research is tremendously accessible. It's now a few weeks out of date, but still useful for the scope and locations of projects. It makes me want to build an ongoing effort of the same kind!

Complimentary essay on Boston's pace: By not building fast, OpenAirBoston avoids the mistakes of other municipal networks. True. But in the end, they need to build something; they are only "behind" in the sense of not having put their neck out too far.

Rolling Stone has this excellent article on the topic, about the Joint Terrorism Task Forces in the U.S.:

But a closer inspection of the cases brought by JTTFs reveals that most of the prosecutions had one thing in common: The defendants posed little if any demonstrable threat to anyone or anything. According to a study by the Center on Law and Security at the New York University School of Law, only ten percent of the 619 "terrorist" cases brought by the federal government have resulted in convictions on "terrorism-related" charges -- a category so broad as to be meaningless. In the past year, none of the convictions involved jihadist terror plots targeting America. "The government releases selective figures," says Karen Greenberg, director of the center. "They have never even defined 'terrorism.' They keep us in the dark over statistics."

Indeed, Shareef is only one of many cases where the JTTFs have employed dubious means to reach even more dubious ends. In Buffalo, the FBI spent eighteen months tracking the "Lackawanna Six" -- a half-dozen men from the city's large Muslim population who had been recruited by an Al Qaeda operative in early 2001 to undergo training in Afghanistan. Only two lasted the six-week course; the rest pretended to be hurt or left early. Despite extensive surveillance, the FBI found no evidence that the men ever discussed, let alone planned, an attack -- but that didn't stop federal agents from arresting the suspects with great fanfare and accusing them of operating an "Al Qaeda-trained terrorist cell on American soil." Fearing they would be designated as "enemy combatants" and disappeared into the legal void created by the Patriot Act, all six pleaded guilty to aiding Al Qaeda and were sentenced to at least seven years in prison.

In other cases, the use of informants has led the government to flirt with outright entrapment. In Brooklyn, a Guyanese immigrant and former cargo handler named Russell Defreitas was arrested last spring for plotting to blow up fuel tanks at JFK International Airport. In fact, before he encountered the might of the JTTF, Defreitas was a vagrant who sold incense on the streets of Queens and spent his spare time checking pay phones for quarters. He had no hope of instigating a terrorist plot of the magnitude of the alleged attack on JFK -- until he received the help of a federal informant known only as "Source," a convicted drug dealer who was cooperating with federal agents to get his sentence reduced. Backed by the JTTF, Defreitas suddenly obtained the means to travel to the Caribbean, conduct Google Earth searches of JFK's grounds and build a complex, multifaceted, international terror conspiracy -- albeit one that was impossible to actually pull off. After Defreitas was arrested, U.S. Attorney Roslynn Mauskopf called it "one of the most chilling plots imaginable."

Using informants to gin up terrorist conspiracies is a radical departure from the way the FBI has traditionally used cooperating sources against organized crime or drug dealers, where a pattern of crime is well established before the investigation begins. Now, in new-age terror cases, the JTTFs simply want to establish that suspects are predisposed to be terrorists -- even if they are completely unable or ill-equipped to act on that predisposition. High-tech video and audio evidence, coupled with anti-terror hysteria, has made it effectively impossible for suspects to use the legal defense of entrapment. The result in many cases has been guilty pleas -- and no scrutiny of government conduct.

In most cases, because no trial is ever held, few details emerge beyond the spare and slanted descriptions in the indictments. When facts do come to light during a trial, they cast doubt on the seriousness of the underlying case. The "Albany Pizza" case provides a stark example. Known as a "sting case," the investigation began in June 2003 when U.S. soldiers raided an "enemy camp" in Iraq and seized a notebook containing the name of an imam in Albany -- one Yassin Aref. To snare Aref, the JTTF dispatched a Pakistani immigrant named Shahed "Malik" Hussain, who was facing years in prison for a driver's-license scam. Instead of approaching Aref directly, federal agents sent Malik to befriend Mohammed Hossain, a Bangladeshi immigrant who went to the same mosque as Aref. Hossain, an American citizen who ran a place called Little Italy Pizzeria in Albany, had no connections whatsoever to terrorism or any form of radical Islam. After the attacks on 9/11, he had been quoted in the local paper saying, "I am proud to be an American." But enticed by Malik, Hossain soon found himself caught up in a government-concocted terror plot. Posing as an arms dealer, Malik told Hossain that a surface-to-air missile was needed for an attack on a Pakistani diplomat in New York. He offered Hossain $5,000 in cash to help him launder $50,000 -- a deal Hossain claims he never properly grasped. According to Muslim tradition, a witness is needed for significant financial transactions. Thus, the JTTF reached out for Hossain's imam and the true target of the sting -- Aref.