[SecurityRatty] tag: forces

BNP Database Leaked

Mon, 24 Nov 2008 03:26:07 +0000

This is a big deal.

British National Party (BNP, a far-right nationalist party) membership and contacts list. 12,801 individuals are represented. Contains contact details and notes on selected party members and (possibly) other individuals. The list has been independently verified by Wikileaks staff as predominantly containing current or ex-BNP members, however other individuals who have donated to the BNP or who have had other contact (not necessarily supportive) with the BNP or one of its fronts may also be represented.

Says BBC:

Occupations ascribed to the listed names include teachers, a doctor, nurse, vicar and members of the armed forces.
While there is no ban on many of those professions joining the BNP, its right-wing political stance and whites-only membership policy are seen by many as incompatible with frontline public service.

Police officers, on the other hand, are formally banned from joining, a policy which is recognised in the list.

Alongside the name of a serving officer, the document states that there is "Discretion required re. employment concerns".

Seems that the BNP database wasn't hacked from the outside, but that someone on the inside leaked the list.

There's a lot more leaked BNP documents on the Wikileaks website.

Will Code Malware for Financial Incentives

Tue, 18 Nov 2008 10:57:55 +0000

A couple of hundred dollars can indeed get you state of the art undetectable piece of malware with post-purchase service in the form of automatic lower detection rate for sure, but what happens when the vendors of such releases start vertically integrating just like everyone else, and start offering OS-independent spamming, flooding, modifications and tweaking of popular crimeware kits in the very same fashion? The quality assurance process gets centralized into the hands of experienced programmers that have been developing cybercrime facilitating tools for years.

It's interesting to monitor the pricing schemes that they implement. For instance, the modularity of a particular malware, that is the additional functions that a buyer may want or not want, increase or decrease the price respectively. Others, tend to leave the price open topic by only mentioning the starting price for their services and they increasing it again in open topic fashion.

Let's take look at some recently advertised (translated) "malware coding for hire" propositions, highlighting some of the latest developments in their pricing strategies :

Proposition 1 :
"Programs and scripts under the following categories are accepted :
grabbers; spamming tools for forums, spamming tools for social networking sites, modifications of admin panels for (popular crimeware kits), phishing pages

Platform: software running on MAC OS to Windows
Multitasking: have the capacity to work on multiple projects
Speed and responsibility: at the highest level
Pre-payment for new customers: 50% of the whole price, 30% pre-pay of the whole price for repreated customers
Support: Paid
Rates: starting from 100 euros

If, after speaking ultimate price, you decide to add to your order something else - the price change. Prepare the job immediately, which will understand what to do and how much it will cost you, if you have any suggestions for a price, then lays them immediately and not after the work is completed. If you order something that requires parsing your logs, and their continued use, you agree to provide "a significant portion of the logs, so that after putting the project did not raise misunderstandings due to the fact that some logs are no longer "fresh", because of their "uniqueness". In this case, for the finalization of the project will be charged an additional fee."

This is an example of an "open topic pricing scheme" with the vendor offering the possibility to code the malware or the tool for any price above 100 euro based on what he perceives as features included within worth the price.

Proposition 2:
"Starting price for my malware is 250 EUR. Additional modules like P2P features, source code for a particular module go for an additional 50 EUR. If you're paying in another currency the price is 200 GBP or 395 dollars. I sell only ten copies of the builder so hurry up. The trading process is simple - a password protected file with the malware is sent to you so you can see the files inside. You then sent the money and I mail you back the password. If you don't like this way you lose.

I can also offer you another deal, I will share the complete source code in exchange to access to a botnet with at least 4000 infected hosts because I don't have time to play around with me bot right now.

This proposition is particularly interesting because the seller is introducing basic understanding of exchange rates, but most of all because he's in fact offering a direct bargain in the form of access to a botnet in exchange for a complete source code of his malware bot. Both propositions are also great examples that vendors engage by keeping their current and potential customers up-to-date with TODO lists of features to come next to the usual CHANGELOGS, and, of course, establish trust by allowing potential customers to take a peek at the source code of the malware they're about to purchase.

Related posts:
Coding Spyware and Malware for Hire
The Underground Economy's Supply of Goods and Services
The Dynamics of the Malware Industry - Proprietary Malware Tools
Using Market Forces to Disrupt Botnets
Multiple Firewalls Bypassing Verification on Demand
Managed Spamming Appliances - The Future of Spam
Localizing Cybercrime - Cultural Diversity on Demand
E-crime and Socioeconomic Factors
Russia's FSB vs Cybercrime
Malware as a Web Service
Localizing Open Source Malware
Quality and Assurance in Malware Attacks
Benchmarking and Optimising Malware

Fraudsters Have Had a Rough Month

Mon, 17 Nov 2008 21:00:00 +0000

I attended RSA Conference Europe late last month, which – as always – is an amazing event. The theme of the Conference was focused on Alan Turing, who is often called the father of modern computer science. One particular perk at the venue was the public display of the Enigma machine – believed by the German forces during WWII to be impenetrable.

Hosting firm shutdown forces botnets to relocate

Thu, 13 Nov 2008 02:00:00 +0000

The shutdown Tuesday of a California-based hosting company not only cut spam volumes, it also put a dent in malware-spreading botnets and other criminal activity, researchers said today.

Hosting firm shutdown forces botnets to relocate

Wed, 12 Nov 2008 21:00:00 +0000

The shutdown Tuesday of a California-based hosting company not only knocked down spam volumes but has also put a dent in malware-spreading botnets and other criminal activity, researchers said today.

Air Force Wants to Rewrite 'Laws of Cyberspace'

Mon, 03 Nov 2008 02:25:00 +0000

The American armed forces rely more and more on communications networks. To protect against even small vulnerabilities or attacks, the Air Force is attempting to change the rules online – but with myriad interconnected systems, it's not so easy.

AF083-022: Visualization for Command and Control of Cyberspace Operations

Fri, 17 Oct 2008 20:01:42 +0000

AF083-022 TITLE: Visualization for Command and Control of Cyberspace Operations

TECHNOLOGY AREAS: Air Platform, Information Systems, Space Platforms, Human Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), which controls the export and import of defense-related material and services. Offerors must disclose any proposed use of foreign nationals, their country of origin, and what tasks each would accomplish in the statement of work in accordance with section 3.5.b.(7) of the solicitation.

OBJECTIVE: Develop visualization techniques for planning and execution of Cyberspace operations.

DESCRIPTION: Fulfilling the Air Force mission “… to fly and fight in Air, Space, and Cyberspace” requires effective C2 tools for the observation, planning and execution of cyberspace operations. Conventional battlespace visualization tools were developed for the physical world (i.e., geospatially oriented), where the battlespace, weapons and effects are concrete, often observable entities. Cyberspace and its critical electronic infrastructures are an artificial world that must be created, modified and sustained by the warfighter. This artificial world of cyberspace has concrete links back to the physical world that shape the information landscape, affect the decision-making process, and control the communication channels crucial to C2.

Standard, geospatially oriented C2 tools are not suitable for providing cyber combatants with comparable situation awareness to understand events, evaluate options, and make decisions in the electromagnetic domain. The combatants in the cyber domain needs to be able to quickly see and understand not just the physical relationships of the traditional battlespace, but also the logical relationships and information dependencies in the abstract landscape of cyberspace. Cyber C2 visualizations need to provide information for strategy, tactics and execution of effects that may, or may not, have physical correlates. Examples of these cyber events include network attack detection, attack identification, damage assessment, denial of service (DOS) warnings, and information warfare or cyber-attack operations.

For example, a commander may be planning to intentionally disrupt a portion of his network to investigate a cyber-attack. He will need to understand what ripple effects will occur across the functionally diverse and geographically distributed network. These ripple effects will have both a cyber component (e.g., locations that will lose connectivity or suffer degraded performance characteristics) and a real-world component (e.g., information about enemy forces may be unavailable or delayed, reducing blue force effectiveness) that must be visualized, explored and tasked from within his C2 tools.

Decision makers will greatly benefit from innovative visualization tools that can improve their understanding of all aspects of the Cyber domain. These aspects include 1) the current state of the information environment, the physical and virtual battlespace and enemy and friendly capabilities and vulnerabilities; 2) the scope and scale of courses of action that affect information or information networks; 3) the primary effects and ripple effects of an operation in both the physical and cyber battlespaces, and 4) the risks for collateral damage associated with cyber warfare activities.

PHASE I: Identify cyberspace characteristics relevant to C2 visualization. Identify correlation methods and visualization techniques to understand battlespace, operations, and effects. Define metrics to evaluate efficacy. Document results in a written report, including mockups of proposed visualizations.

PHASE II: Construct a working prototype to demonstrate integrated visualization of cyber data showing 1) the status of information environment, 2) its effect on the conventional battlespace, and 3) the status of information operations. Evaluate effectiveness using metrics defined in Phase I.

PHASE III / DUAL USE: Military application: Additional military applications include command and control environments, like the Air Operations Centers (AOCs). Commercial application: Monitoring and defending infrastructures (e.g., financial and energy) against cyber-attacks. Visualization cyberspace is beneficial for security of commercial communication and information networks.

REFERENCES:

1. ‘Air Force leaders to discuss new ‘Cyber Command’

2. Laura S. Tinnel, O. Sami Saydjari, and Joshua W. Haines, An Integrated Cyber Panel System, IEEE Computer Society,

3. Anita D’Amico and Stephen Salas, Visualization as an Aid for Assessing the Mission Impact of Information Security Breaches, IEEE 2003.

4. Tim Bass, “Cyberspace Situational Awareness Demands Mimic Traditional Command Requirements,” AFCEA Signal Magazine, February 2000.

KEYWORDS: visualization, cyber, human factors, planning, situation awareness, command and control, HCI

Reference. SITIS Topic Details, Visualization for Command and Control of Cyberspace Operations

The More Things Change, the More They Stay the Same

Fri, 10 Oct 2008 08:30:19 +0000

Guess the year:

Murderous organizations have increased in size and scope; they are more daring, they are served by the most terrible weapons offered by modern science, and the world is nowadays threatened by new forces which, if recklessly unchained, may some day wreck universal destruction. The Orsini bombs were mere children's toys compared with the later developments of infernal machines. Between 1858 and 1898 the dastardly science of destruction had made rapid and alarming strides...

No, that wasn't a typo. "Between 1858 and 1898...." This quote is from Major Arthur Griffith, Mysteries of Police and Crime, London, 1898, II, p. 469. It's quoted in: Walter Laqueur, A History of Terrorism, New Brunswick/London, Transaction Publishers, 2002.

The Puzzle of Privacy

Wed, 08 Oct 2008 00:42:08 +0000

A number of recent news stories have made me wonder more about privacy. It's not just that the threats to privacy are increasing; rather, the problem is that the countervailing forces are becoming very much stronger. Was Scott McNealy right when he told us that we had no privacy and that we should just "get over it"?

Perimeter-centric Regulations in an Information-centric World

Mon, 06 Oct 2008 20:00:00 +0000

Last week I took a trip out to our Executive Briefing Centre in Cork, Ireland. I was there to present to senior IT folk from pretty much all of the UK’s Police Forces as part of a two-day agenda that had been lined up for them by my colleagues from many of EMC’s lines-of-business.

I guess there are few other organisations where the lines between physical and virtual security are brought so sharply into focus than in one where you are dealing – first-hand – with criminals in the way that our police officers must every day of their working lives.

During our conversations we mused on various aspects of keeping information secure in such a fluid and volatile environment...