[SecurityRatty] tag: recruits

Security's connections and intersections

Sun, 28 Sep 2008 20:00:00 +0000

Security is perhaps the most difficult intellectual profession on the planet. The core knowledge base has reached the point where new recruits can no longer hope to be competent generalists; serial specialization is the only broad option available to them.

Over 80 percent of Storm Worm Spam Sent by Pharmaceutical Spam Kings

Mon, 28 Jul 2008 23:29:54 +0000

It used to be a case where a botnet would be used for a single purpose, spamming, phishing, or malware spreading. At a later stage, the steady supply of malware infected allowed botnet masters more opportunities to "sacrifice" the clean IP reputation and engage in several malicious activities simultaneously - today's underground multitasking improving the monetization of what used to be commodity goods and services.

Today, a botnet will not only be sending out phishing emails, automatically SQL inject vulnerable sites across the web, but also, provide fast-flux infrastructure to money mule recruitment services, all of this for the sake of optimizing the efficiency provided by the botnet in general. This optimization makes it possible for a single botnet to be partitioned and access it it sold and resold so many times, that it would be hard to keep track of all the malicious activities it participates in. Cybercrime in between on multiple fronts using a single botnet is only starting to take place as concept.

That's the case with Stormy Wormy, according to IronPort whose "Researchers Link Storm Botnet to Illegal Pharmaceutical Sales" :

"Our previous research revealed an extremely sophisticated supply chain behind the illegal pharmacy products shipped after orders were placed on botnet-spammed Canadian pharmacy websites. But the relationship between the technology-focused botnet masters and the global supply chain organizations was murky until now," said Patrick Peterson, vice president of technology at IronPort and a Cisco fellow. "Our research has revealed a smoking gun that shows that Storm and other botnet spam generates commissionable orders, which are then fulfilled by the supply chains, generating revenue in excess of (US)$150 million per year."

Murky until now? I can barely see in the room due to all the smoke coming from the smoking guns of who's what, what's when, and who's done what with who, especially in respect to Storm Worm whose multitasking on different fronts in the first stages of their appearance online made it possible to establish links between several different malware groups and the "upstream hosting providers", until the botnet scaled enough making it harder to keep track of all of their activities.

The Storm Worm-ers themselves aren't sending out pharma spam, the customers to whom they've sold access to parts of Storm Worm are the ones sending the pharma spam. Here's a brief analysis published in May - "Storm Worm Hosting Pharmaceutical Scams". What's in it for the scammers? Income based on a revenue-sharing affiliate program, a pharmacy affiliate program has been around for several years :

"This criminal organization recruits botnet spamming partners to advertise their illegal pharmacy websites, which receive a 40 percent commission on sales orders. The organization offers fulfillment of the pharmaceutical product orders, credit card processing and customer support services"

What's coming out of Storm Worm's botnet isn't necessarily coming from the hardcore Storm Worm-ers whose job today is more of a campaign-rotation related in order to ensure new bots are added, what's coming out of Storm Worm is coming from those using the access they've purchased to a part of the botnet.

Related posts:
Storm Worm Hosting Pharmaceutical Scams
All You Need is Storm Worm's Love
Social Engineering and Malware
Storm Worm Switching Propagation Vectors
Storm Worm's use of Dropped Domains
Offensive Storm Worm Obfuscation
Storm Worm's Fast Flux Networks
Storm Worm's St. Valentine Campaign
Storm Worm's DDoS Attitude
Riders on the Storm Worm
The Storm Worm Malware Back in the Game

Can The Gov Be Trusted With Your Personal Data?

Thu, 26 Jun 2008 08:44:35 +0000

Survey says…(insert buzzer noise)

Faith in the (UK) gov’s ability to securely manage personal data is out the window.

From Reuters:

The inquiries followed Britain’s biggest data loss scandal, when two discs containing child benefit records, including names, addresses and bank details, of some 25 million people, went missing after being put in the post by a junior employee.

The reports concluded that it wasn’t individuals who were to blame - some 30 were officials played some role in events leading to the loss of the discs - but institutional and systematic failures at Britain’s tax authority.

But the HMRC is not alone in such security breaches. A separate report into a stolen laptop containing the details of 600,000 potential recruits revealed similar failings at the Ministry of Defence. In all, four MoD computers had been stolen since 2004 and the report said the MoD was probably in breach of several principles set out in the Data Protection Act.

Well, where do you stand? Do you trust your respective government not to punt on data security?

Read on.

Article Link

Military Recruits Thousands More Warbots for New Unmanned Surge

Thu, 29 May 2008 18:05:00 +0000

Up to 4,000 more bomb-handling robots could be headed to Iraq and Afghanistan in a new, unmanned surge. It's part of a $400 million deal that's the biggest military contract of its kind, ever.

Al Qaeda Threat Overrated

Wed, 07 May 2008 08:56:19 +0000

Seems obvious to me:

"I reject the notion that Al Qaeda is waiting for 'the big one' or holding back an attack," Sheehan writes. "A terrorist cell capable of attacking doesn't sit and wait for some more opportune moment. It's not their style, nor is it in the best interest of their operational security. Delaying an attack gives law enforcement more time to detect a plot or penetrate the organization."
Terrorism is not about standing armies, mass movements, riots in the streets or even palace coups. It's about tiny groups that want to make a big bang. So you keep tracking cells and potential cells, and when you find them you destroy them. After Spanish police cornered leading members of the group that attacked trains in Madrid in 2004, they blew themselves up. The threat in Spain declined dramatically.

Indonesia is another case Sheehan and I talked about. Several high-profile associates of bin Laden were nailed there in the two years after 9/11, then sent off to secret CIA prisons for interrogation. The suspects are now at Guantánamo. But suicide bombings continued until police using forensic evidence—pieces of car bombs and pieces of the suicide bombers—tracked down Dr. Azahari bin Husin, "the Demolition Man," and the little group around him. In a November 2005 shootout the cops killed Dr. Azahari and crushed his cell. After that such attacks in Indonesia stopped.

The drive to obliterate the remaining hives of Al Qaeda training activity along the Afghanistan-Pakistan frontier and those that developed in some corners of Iraq after the U.S. invasion in 2003 needs to continue, says Sheehan. It's especially important to keep wanna-be jihadists in the West from joining with more experienced fighters who can give them hands-on weapons and explosives training. When left to their own devices, as it were, most homegrown terrorists can't cut it. For example, on July 7, 2005, four bombers blew themselves up on public transport in London, killing 56 people. Two of those bombers had trained in Pakistan. Another cell tried to do the same thing two weeks later, but its members had less foreign training, or none. All the bombs were duds.

[...]

Sir David Omand, who used to head Britain's version of the National Security Agency and oversaw its entire intelligence establishment from the Cabinet Office earlier this decade, described terrorism as "one corner" of the global security threat posed by weapons proliferation and political instability. That in turn is only one of three major dangers facing the world over the next few years. The others are the deteriorating environment and a meltdown of the global economy. Putting terrorism in perspective, said Sir David, "leads naturally to a risk management approach, which is very different from what we've heard from Washington these last few years, which is to 'eliminate the threat'."

Yet when I asked the panelists at the forum if Al Qaeda has been overrated, suggesting as Sheehan does that most of its recruits are bunglers, all shook their heads. Nobody wants to say such a thing on the record, in case there's another attack tomorrow and their remarks get quoted back to them.

That's part of what makes Sheehan so refreshing. He knows there's a big risk that he'll be misinterpreted; he'll be called soft on terror by ass-covering bureaucrats, breathless reporters and fear-peddling politicians. And yet he charges ahead. He expects another attack sometime, somewhere. He hopes it won't be made to seem more apocalyptic than it is. "Don't overhype it, because that's what Al Qaeda wants you to do. Terrorism is about psychology." In the meantime, said Sheehan, finishing his fruit juice, "the relentless 24/7 job for people like me is to find and crush those guys."

I've ordered Sheehan's book, Crush the Cell: How to Defeat Terrorism Without Terrorizing Ourselves.

U.S. Spies Use Custom Videogames to Learn How to Think

Wed, 23 Apr 2008 23:30:00 +0000

The U.S. Defense Intelligence Agency commissions three custom games to teach new recruits critical thinking skills, while the Army builds its own simulator to instruct intelligence officers in the art of interrogation. No virtual waterboarding allowed.

New Air Force Recruitment Campaign Touts Fledgling 'Cyber Command'

Wed, 27 Feb 2008 21:00:00 +0000

A 30-second TV spot aims to excite would-be recruits by showing Air Force cyber warriors handily defeating a hacker targeting the Pentagon.

Stolen UK Ministry of Defence laptop affects up to 600,000

Sun, 20 Jan 2008 11:51:19 +0000

Technorati Tag: Security Breach

Date Reported:
1/18/08

Organization:
The United Kingdom of Great Britain and Northern Ireland (UK)

Contractor/Consultant/Branch:
Ministry of Defence (MoD)

Victims:
"people who have either expressed an interest in, or have joined, the Royal Navy, Royal Marines and the Royal Air Force"

Number Affected:
600,000

Types of Data:
Names, addresses, telephone numbers, passport details, National Insurance numbers, drivers’ license details, family details, doctors’ addresses, National Health Service numbers, and banking details*

*Some records contained nothing more than a name, and others contained all of the information noted above. The information collected was dependent upon how far a military candidate went in the enlistment process.

Breach Description:
A laptop computer was stolen from the car of an officer of the UK Royal Navy. The laptop was not encrypted and contained sensitive personal information belonging to new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force.

Reference URL:
The UK Ministry of Defence News Release
The Sunday Times Story online
PC World Story

Report Credit:
UK Ministry of Defence ("MoD")

Response:
From the online sources cited above:

The Ministry of Defence can confirm that a laptop was stolen from a Royal Navy officer in Birmingham last week, on the night of 9/10 January, and as a result, a large quantity of personal data has been lost.

The Royal Navy careers officer who lost the data is believed to have worked at a recruiting office in Birmingham. He is expected to be court-martialled.
[Evan] I believe that the person responsible should be held accountable, but I question whether or not this officer is ultimately responsible. Did the actions that led to this breach go against standard procedure? What is the standard procedure? Was the officer properly trained on standard procedure? Unfortunately, I am not optimistic that court-martialling this officer will do much to protect against future breaches. More is needed.

After consultation with West Midlands Police about the impact on the investigation were the theft to become public knowledge, we did not immediately make public the loss of this data. In view of today’s media reports, we have, however, decided that it would now be right to do so.

Although the theft of the laptop that contained the unencrypted data was reported to the police immediately, they said it was only “later” that they were told what was on it.
[Evan] Maybe the MoD didn't know what was on it. The fact that a laptop is used to access, create and/or store confidential data without encryption is inexcusable. This points to a bigger issue.

“I don't think they know what was on this", Liam Fox, shadow defence secretary

“There are a very large number of questions that will have to answered on Monday. This is either catastrophically lax procedure or this individual is very irresponsible.”, Liam Fox
[Evan] My vote is lax procedure and poor practice.

The stolen laptop contained personal information relating to some 600,000 people who have either expressed an interest in, or have joined, the Royal Navy, Royal Marines and the Royal Air Force.

The information held is not the same for every individual. In some cases, for casual enquiries, the record is no more than a name. But, for those who progressed as far as submitting an application to join the Forces, extensive personal data may be held, including passport details, National Insurance numbers, drivers’ licence details, family details, doctors’ addresses and National Health Service numbers.

The computer did not have anything other than basic security systems, but once the thief had accessed the computer the data itself could be easily read.

The Ministry of Defence is treating the loss of this data with the utmost seriousness.

We are writing to some 3,500 people whose bank details were included on the database.

Action has already been taken with the assistance of APACS [Association for Payment Clearing Services] to inform the relevant banks so that the relevant accounts can be flagged for scrutiny against unauthorised access.

The Secretary of State will make a statement to Parliament at the earliest opportunity.

Information Commissioner Richard Thomas said he would be demanding answers from the MoD over the loss of the data and why it was unencrypted.

"We will require satisfactory answers from the MoD about their data protection practices and a firm assurance that steps have been taken to improve these practices before deciding on the appropriate action to take," Richard Thomas

Douglas Young, of the British Armed Forces Federation, said there had to be a “top level investigation” into the whole affair. "It really is very, very worrying and I'm deeply concerned to hear this.”

“This incident once again highlights the need for organisations to think long and hard about the data they allow employees to take off site on laptops and mobile devices,” Philip Wicks, Morse security consultancy
[Evan] Yep. I have a dream that someday organizations will wake up and get it.

“The MOD should definitely have policies and procedures in place that dictates what information can and can’t be taken off the premises. At a minimum they should make sure that personal and sensitive data on laptops is always encrypted.”, Philip Wicks
[Evan] Amen Philip.

Advice can be sought by emailing recruitdata@check.mod.uk

We have also established a helpline for individuals to seek further advice. The number is 0800 0853600. This number will be open between 1000hrs and 1700hrs today (Saturday 19 January 2008), 0800hrs to 1700hrs on Sunday 20 January and 0700hrs to 1900hrs between Monday and Friday.

Reader Comments:

"The person in question should not be fired. He or she should be JAILED for life. Now that's what would make a great example and deter these funny civil servants from playing with fire.", Kate McCluskey UK
[Evan] People are getting fed up, and are saying enough is enough.

"Unfortunately, what all these data-loss incidents show is a completely cavalier attitude to data protection.

This is probably only the tip of the iceberg, as this latest case was leaked into the public domain, and would have been covered up otherwise.

That the Government should be trying to con us into placing all out vital information onto a central database, linked to an id card, doesn't bear thinking about. ", Daniel Fernandez, UK

Commentary:
A common theme in the news stories that I have read point the blame on the Navy officer. I don't doubt that he has some blame in this case, but I think the issue is much larger. There is very little mention about what MoD's policy and procedure is with regards to confidential personal information. If the Navy officer was following procedure or wasn't aware of the procedure, then the issues are much larger in scope and more difficult to address.

The MoD would benefit from encrypting all mobile devices whether they are used for confidential data storage or not.

Past Breaches:
Unknown