[SecurityRatty] tag: vehicles

New DHS Head Understands Security

Wed, 26 Nov 2008 09:43:33 +0000

Gov. Janet Napolitano, D-Ariz., is smashing the idea of a border wall, stating it would be too expensive, take too long to construct, and be ineffective once completed.
"You show me a 50-foot wall and I'll show you a 51-foot ladder at the border. That's the way the border works," Napolitano told the Associated Press.

Instead of a wall, she said funds would be better utilized on beefing up Border Patrol manpower, technology sensors and unmanned aerial vehicles.

I am cautiously optimistic.

Of Planes and Ships

Sun, 28 Sep 2008 19:04:11 +0000

Tom Barnett is consistently the most interesting writer on globalization and econo-security seam. This weeks piece confronts a problem every security architect can relate to (emphasis added on the "nail it to the wall" quote at the end):

One of the main problems in counterterrorism today is that there are so many people and vehicles, and so much data and material, moving through globalization's myriad networks that it seems virtually impossible to track it all effectively. Nowhere has this problem been more acute than on the high seas.

In 2006, Adm. Harry Ulrich, then U.S. commander of NATO Naval Forces Europe, decided to do something about it. Despite having virtually no resources, his dream was to transpose the global air-traffic control system onto sea traffic.

Worldwide, aircraft are transparent, because they're all required to carry an identification beacon that allows them to be tracked leaving and entering airports, and monitored between airports, by a global network of sensors. Act suspiciously and somebody's fighter aircraft will soon be on your tail.

No such pervasive system currently exists globally for maritime traffic. While bigger ships carry an ID beacon similar to aircraft, without a shared monitoring network, that's like tracking only selected commercial jets and giving everyone else a pass.
So Ulrich, upon taking command, asked a simple question: "If we can do that in the air, why can't we do it on the sea?" He made a point of pioneering his sea-traffic-control effort first inside the Mediterranean, where NATO's southern naval forces have historically been concentrated, but his real target was waters off Africa -- the most ungoverned maritime space in the world.

Ulrich knew the U. S. Navy couldn't do it alone, much less bring Africa's meager coast-guard-like navies up to snuff so they could do it on their own. So he quickly created a network of assets -- both public and private -- to manage that space, modeling his monitoring system on international air-traffic control.

Ulrich began stitching together a network of shore-based sensors ringing the Mediterranean. His naval command then began initial monitoring by tapping into the International Maritime Organization's existing Automated Identification System, transforming NATO's ability to track ship traffic in the Med.

Almost overnight, NATO went from tracking dozens of ships on the Mediterranean to thousands, and instead of getting the data sometimes up to 72 hours late, now the contacts were being tracked in one to five minutes -- to an accuracy within 50 feet on the earth's surface.

When the classic big-firm systems integrators told Ulrich it would be too costly to pull it off, the admiral turned to the Volpe Center in Cambridge, Massachusetts, a U.S. Department of Transportation research center. Instead of hundreds of millions of dollars, Ulrich's initial network cost $900,000. The shore-based receivers are small, roughly the size of a radar dish you might find on a pleasure craft.

The strength of the system is a function of its reach: the more countries join, the larger the shared operational picture. By the time Ulrich retired at the end of 2007, he had enlisted 32 countries throughout the Mediterranean, the North Atlantic, along the west coast of Africa, around the Black Sea, and in the Pacific. Today, the network continues to spread around the planet.

With Ulrich's system in place, local police, coast guards, and border patrols catch most bad guys, obviating American military responses. As Harry told me for an article I wrote about his work in a fall 2007 issue of Esquire, "I don't do defense; I do security. When you talk defense, you talk containment and mutually assured destruction. When you talk security, you talk collaboration and networking. This is the future."

The admiral's legacy program, the Maritime Safety and Security Information System, earned the Volpe Center a prestigious "Innovations in American Government" award this month from Harvard University's Ash Institute for Democratic Governance and Innovation.

Security Collaboration + Networking = Federation. This is indeed the future - SAML came along just at the nick of time.

When you assume that to do access control you must have "Complete Mediation" in Saltzer and Schroeder's terms of the subject (users), the objects (data), the session, and the roles, then you are going to have an interesting life trying to deliver anything. And if you do it will mucho expensive.

if you take the federated autonomous nodes approach, agree upon an attribute schema plus a protection model for same, and basic protocol, you are then free to move about the country. Security doesn't have to equal centralization or high cost. Get the attributes from point a to point b securely.

$13 Billion of U.S. Taxpayers Money was Stolen or Wasted in Iraq.

Thu, 25 Sep 2008 00:03:00 +0000

This article in yesterday's "Washington Post" was sickening to read but hardly comes as a surprise.

It is also sad to read that there was most likely involvement by Iraqi Government officials and U.S. contractors. The investigator who testified as to the waste and theft was fearful of his life as 32 of his fellow investigative co-workers have been killed.

One scheme involved officials from the Iraqi Defense Ministry setting up a front company that received $1.7 Billion in U.S. funds to buy guns, armoured vehicles and other equipment. Only a small percentage was ever purchased and in one case, they had bullet-proof vests delivered that were defective and useless.

In another case involving Iraqis and U.S. contractors, $24.4 million was spent on an electricity project that "only existed on paper". The worst part was that money sent to the Defense Ministry was discovered to have been diverted to Al-Qaeda and found its way to bank accounts in Jordan and other places.

Let us hope the Government spends the proposed $700 Billion bail out funds in a more responsible and accountable manner.

EstDomains and Intercage VS Cybercrime

Tue, 16 Sep 2008 05:09:44 +0000

Surreal, especially when you get to read that EstDomains has "ruthlessly suspended over five thousand domains only for last week", and also, that it "has a reliable ally in its battle against malware in a face of Intercage, Inc".

Here's the press release :

"The EstDomains, Inc management does not deny the fact that no one is secured from having a customer who uses provided services for delinquent purposes. But it must be noted that the carefully planned infrastructure of EstDomains, Inc makes the special provision for the cases of malware distribution that may originate from the domain name registered under the company's name. Such domain names are suspended immediately along with domain holder's account if there is an evidence of malware presence on the web site. According to the most recent statistics over five thousand domain names were detected and ruthlessly suspended by EstDomains, Inc specialists only last week.

The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance. "

The press release reminds me of RBN's defacement of my blog posted on the 1st of April, and despite that EstDomains started "performing for the community" as of recently, thanks to the collective intelligence and persistence of everyone turning their research into actionable intelligence against them, this performance aiming to minimize the effect of the negative PR is more or less futile considering all the cybercrime activities that they've been tolerating or ignoring for the past couple of years. For future generations to see, this is how EstDomains "performs for the community" :

"We've suspended all the domains listed in this topic. But please don't make posting these domains on this forum a habit. We have a 24/7 online tech support which can be contacted at https://support.estdomains.com

Best regards,
EstDomains Team

EstMate says : Ihatemondayand.com and antispycheck.com - both suspended. If any of the suspended websites are still active to you it maybe be because of your computer's or ISP's DNS-cache, others won't be able to access these websites

googlescanners-360.com isn't registered with us. As for other domains, the ones, which were registered through us, have been suspended. Regarding our preventive measures, the fact that you don't see them doesn't mean there isn't any. Yes, we don't write about them but in most cases we suspend whole accounts with problematic domains and look for connections to other accounts etc. During the last week we've suspended over 15000 different domains."

What's more disturbing regarding this particular domain registrar is that it's a U.S based operation, namely, using the lack of international cybercrime cooperation as an excuse for not taking actions earlier doesn't fit into the picture. Moreover, this is just the tip of the iceberg, and taking into consideration a personal mentality that the cybercriminals you know are better than the cybercriminals you don't know, the RBN or any of its "leftovers" aren't fully taking advantage of the tactics they could be using in order to make it harder to shut them down, but how come? Simply, they don't have to put extra efforts and would once again remain online for years to come, which is perhaps more disturbing at the first place.

What in the world is the Russian Business Network, is it still alive and kicking, are the same people that used to maintain my favorite netblock ever, still the ones running it, and what tactics are they taking advantage of in order to make it harder for the community to establish direct links with a particular netblock and the RBN itself?

With RBN's "leftovers" -- InterCage, Inc., Softlayer Technologies, Layered Technologies, Inc., Ukrtelegroup Ltd, Turkey Abdallah Internet Hizmetleri, and Hostfresh -- making headlines just like the way it should be, what I've been researching for the past couple of months is how they've migrated from the centralized hosting provider to what appears to be a fully operational franchise. The business model is very simple, the RBN through its extensive underground networking skills supplies to customers to franchisers operating small anti-abuse netblocks across the globe, where they offer dedicated hosting and share revenue with the RBN. Anyone trusted enough and capable of supplying such netblocks starts running the RBN anti-abuse franchise. It's also worth pointing out that these franchises are in fact starting to cut the middle man, and disintermediate the RBN by actively advertising their services in order for them to create a self-sustainable business model without having to rely on the RBN connecting them with customers.

What used to be a centralized cybercrime powerhouse operating several highly visible anti-abuse netblocks, is today's decentralized infrastructure, with the profit margins for the anti-abuse services that it's logically capable to break-even and earn profits even with a few high profile dedicated hosting customers. Anyone can be the Russian Business Network, gain experience into the market segment, then disintermediate them by starting to advertise their own services. From a powerhouse to a franchise model, what the RBN had to offer can be easily duplicated by a countless number of local RBN's, and this is only starting to take place.

Related posts:
Lazy Summer Days at UkrTeleGroup Ltd.
The Malicious ISPs you Rarely See in Any Report
Geolocationg Malicious ISPs
The New Media Malware Gang - Part Four
The New Media Malware Gang - Part Three
The New Media Malware Gang - Part Two
The New Media Malware Gang
RBN's Fake Account Suspended Notices
HACKED BY THE RBN!
Rogue RBN Software Pushed Through Blackhat SEO
RBN's Phishing Activities
RBN's Puppets Need Their Master
RBN's Fake Account Suspended Notices
A Diverse Portfolio of Fake Security Software
Go to Sleep, Go to Sleep my Little RBN
Exposing the Russian Business Network
Detecting the Blocking the Russian Business Network
Over 100 Malwares Hosted on a Single RBN IP
RBN's Fake Security Software
The Russian Business Network

EstDomains & Intercage: A Perfect Couple in Crime

Mon, 15 Sep 2008 17:32:00 +0000

If you track malware issues as readily as I do, you're likely aware of the failings of clownpacks like EstDomains and their hosting buddies Atrivo/Intercage. You need only follow Sunbelt's take on the topic, or search Emergingthreats to come up to speed.
Yesterday, EstDomains posted the most inept, ridiculous response ever issued to the endless and worthy criticism, largely leveled by Brian Krebs at the Washington Post.
Not only can't these morons from EstDomains write, they're either so deeply clueless or flagrantly malicious (likely both), it's beyond laughable. This section sums it up best:
"The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance."
What? Really?
Again, aside from the absolute butchery of the language, did they just say "The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality."? SIGH...yes, they did.

Allow me to exemplify just how ridiculous a claim that is.
Following is content from a packet capture I took during a recent Storm worm analysis.

Using the ip2asn module included in NSM-console availabe in HeX, we find:
27595 | 216.255.189.211 | INTERCAGE - InterCage, Inc.

Using Etherape, also included in HeX, we see:

Using Eric Hjelmvik's NetworkMiner, we see:

See the recurring theme? Intercage, EstDomain's "reliable ally in its battle against malware".
Nice work, guys...keep it up.

I'm submitting this to The Daily WTF as we speak.

del.icio.us | digg

Employee Fraud Spiralling Out of Control in the UK

Tue, 09 Sep 2008 06:08:00 +0000

You have read it before on TheBulletProofBlog - the tougher times get, the more likelihood that people will resort to criminal measures.

We reported it regarding the theft of copper from Churches, Hospitals, Schools - even from new homes still under construction. We brought to your attention the fact that thieves have become bolder, evidenced by the theft of manhole covers in public streets and drilling into fuel tanks on vehicles as petrol and diesel prices rise.

In "Personneltoday", it is reported that employers have been put on "red alert" as the downturn in the economy is prompting employees to make ends meet by dishonest means. One figure that employers every where are bound to find shocking is the fact that employee fraud has cost UK companies more than 77 Million Pounds Sterling (approx. $150,000,000.00),just in the first half of this year alone.

The most disturbing aspect of this figure is the fact that it is up from 10 Million Pounds Sterling (approx. $18,000,000.00)in the same period last year. This represents more than an 8 fold increase in employee fraud in a 12 month period.

The report was conducted by the accountancy firm BDO Stoy Hayward. Mr. Simon Bevan, the head of fraud services there attributes the escalation in criminal activity amongst employees to; "spiralling personal debt as a result of mortgage,food and fuel price hike". Sound familiar?

The population of the UK is one sixth that of the United States. It is frightening to imagine what the figures will look like from U.S. businesses at the end of this year and beyond. In 2002, employee fraud and abuse cost U.S. businesses $6 Billion Dollars (independently reported by the "Association of Certified Fraud Examiners" of which SEXTON is a member).

What would be the outcome to U.S, businesses if fraud costs escalated 8 fold to $48 Billion Dollars by year's end? How many would go under? How much further damage would that inflict on the already struggling economy? The economic circumstances in the U.S. are certainly similar to those of the UK.

U.S. businesses beware. Be proactive and fight fraud and abuse before it is too late. Your very survival just may depend upon it.

While I Was Out: Compendium of the Last Week's News

Tue, 02 Sep 2008 10:55:47 +0000

You wouldn't listen, but continued to generate products, news stories, and analysis about wireless networking in my absence: Here's the run down of the last week or so's Wi-Fi and wireless stories. (Yes, I enjoyed my time off.)

Fourth US airline to go Wi-Fi: Aircell says they have a fourth airline--after American, Delta, and Virgin America--on board for its in-flight Wi-Fi service. The aerial broadband provider's latest partner will be announced soon. Aircell's service went live in 15 American Airlines planes two weeks ago, and there's been a surprising lack of reporting from regular travelers or journalists since the big splash at the launch.

Microsoft, two universities research methods for better Wi-Fi handoff for vehicles: The researchers developed a method they call Vi-Fi, writes the Seattle Post-Intelligencer's Todd Bishop, which allows a system to maintain connections with several base stations at once, using a primary access point for traffic until a discontinuity is predicted or encountered. This allows seamless handoffs and continuous voice conversations.

Speaking of autos and Wi-Fi, concerns raised about Chrysler's in-car Wi-Fi option: Randall Stross wrote nearly two weeks ago in The New York Times about the problem of distraction. With the Internet at your fingertips, can you restrain yourself? The only problem with the humorous and accurate analysis is that millions of business travelers have 3G access via laptop cards already, so you'd think we'd already be seeing the bad effects of automotive area networks.

A Wi-Fi booster can't post availability signs on highway: The Nebraska town of Louisville has free Wi-Fi downtown, and wanted to post "Visitor Wi-Fi" on a highway sign as another amenity. The state highway department has a policy that doesn't allow the promotion of Wi-Fi, because they believe they'd be inundated. A resident who runs a local Internet firm installed his own signs on the highway; the roads department removed them; he remounted them; they were removed again. The idea of zoning and mounting a billboard apparently hasn't come to the city officials' minds (or perhaps they're prohibited).

The folks spreading misinformation about Wi-Fi health effects cause Ulster school to disable network: I can understand why non-technical folks might think that Wi-Fi has been proven to be unsafe, given the kind of information that's available on the Internet about wireless safety. While there are ongoing studies about the safety of cellular signals--and I'm convinced at this point there's no increased risk to an adult's health by using a cell phone--there is no specific and credible research linked to Wi-Fi, which broadcasts signals at a far lower level than a cell phone, most of the time in most uses.

Washington state shuts down rest-area Wi-Fi: The $3 for 15 minutes, $7 per day, or $30 per month Wi-Fi service at 28 of Washington's 42 rest areas has been turned off after a year for lack of use. Figures. The fees charged by Parsons and Road Connect aren't unreasonable for a nationally scoped plan, but are ridiculous for limited use. States should either bite the bullet and offer these service for free, partner with national roaming operators who can resell service into large networks of business travelers, or use ads to support the service. Highways in remote areas can typically pick up cell data networks, and ongoing costs should be minimal to operate such networks.

IEEE approves fast-roaming standard, 802.11r: This new standard is designed to improve the handoff of devices between base stations. This is accomplished in part by allowing base stations to communicate security and quality of service information so that a VoIP over WLAN phone can immediately reassociate without the delay of authentication and other handshaking.

Denver airport sees 7,000 connections on a single day last week due to Democratic National Convention: FreeFi released the usage figures recently to show how their service is operating. The network started with about 600 daily users when the switchover from fee to free happened 10 months ago, and now carries about 3,500 daily connections.

Coffee Bean & Tea Leaf goes free: The chain of about 700 cafes will have free Wi-Fi installed by now in all its company-owned stores (about 300).

Doctoring Photographs without Photoshop

Wed, 27 Aug 2008 03:27:27 +0000

It's all about the captions:

...doctored photographs are the least of our worries. If you want to trick someone with a photograph, there are lots of easy ways to do it. You don't need Photoshop. You don't need sophisticated digital photo-manipulation. You don't need a computer. All you need to do is change the caption.
The photographs presented by Colin Powell at the United Nations in 2003 provide several examples. Photographs that were used to justify a war. And yet, the actual photographs are low-res, muddy aerial surveillance photographs of buildings and vehicles on the ground in Iraq. I'm not an aerial intelligence expert. I could be looking at anything. It is the labels, the captions, and the surrounding text that turn the images from one thing into another. Photographs presented by Colin Powell at the United Nations in 2003.

Powell was arguing that the Iraqis were doing something wrong, knew they were doing something wrong, and were trying to cover their tracks. Later, it was revealed that the captions were wrong. There was no evidence of chemical weapons and no evidence of concealment. Morris's mockery of the sweeping interpretations made in Powell's photographs.

There is a larger point. I don't know what these buildings were really used for. I don't know whether they were used for chemical weapons at one time, and then transformed into something relatively innocuous, in order to hide the reality of what was going on from weapons inspectors. But I do know that the yellow captions influence how we see the pictures. "Chemical Munitions Bunker" is different from "Empty Warehouse" which is different from "International House of Pancakes." The image remains the same but we see it differently.

Change the yellow labels, change the caption and you change the meaning of the photographs. You don't need Photoshop. That's the disturbing part. Captions do the heavy lifting as far as deception is concerned. The pictures merely provide the window-dressing. The unending series of errors engendered by falsely captioned photographs are rarely remarked on.

Amazing Use of GPS

Mon, 04 Aug 2008 18:53:12 +0000

This BBC video show the migration of people and vehicles around the UK. Truly brilliant visualization. Thanks to Bill Marriott for pointing me to this.

Speed Cameras Record Every Car

Wed, 23 Jul 2008 01:32:47 +0000

In this article about British speed cameras, and a trick to avoid them that does not work, is this sentence:

As vehicles pass between the entry and exit camera points their number plates are digitally recorded, whether speeding or not.

Without knowing more, I can guarantee that those records are kept forever.