StormWarning’s Counterterrorism

OK, y’all! They’re at it again. This time with a bogus subject line in an email “Security Update for OS Microsoft Windows” so open it at your own risk! Some people are just dumb enough to open this email and then spread the virus (malware) to everyone in their address book.

According to a new report by McAfee, cyber-criminals are increasingly capitalizing on users looking to protect their PCs with the latest updates. In its bi-annual Security Journal threat report, McAfee noted a jump in the amount of malicious software posing as applications from security vendors.

Almost on cue, news of a Trojan masquerading as a Microsoft update has been made public. The Trojan, identified by Sophos as Mal/EncPk-CZ, is being spread via e-mails with the subject line “Security Update for OS Microsoft Windows.” The e-mails come on the eve of Patch Tuesday, Microsoft’s monthly security update. Users should be aware, however, that Microsoft never delivers its patches through e-mail attachments.

Some people are just dumb enough to open this email and then spread the virus (malware) to everyone in their address book. If you do, please take me out of your email address book (in fact, get me the hell out of your data base, NOW! - cause if you’re that unaware of what’s going on in the World of cybersecurity, then I shouldn’t know you).

Security Update for OS Microsoft Windows Sphere: Related Content

2 Comments »

As some of you know, we (Moon and I) just moved to a new server…there was a security problem with the old one and we were actually down and out for about 3 days last week during the transition.

The new server set-up is substantially more secure. All comments are being automatically screened and sent to the spam bin (even my own) until I can figure out how to white list people who I know who read and comment here regularly. You’ll all have to bear with me/us until we’ve figured it out.

We take security very seriously…very.

blog security Sphere: Related Content

1 Comment »

Death to cyber terrorists! After a few days of dealing with a serious attack on the “Moon servers,” StormWarning’s Counterterrorism and all of Moon’s blogs are back on line. We were down since sometime around 4pm cdt on Thursday, May 16th (I was on travel since May 12 anyway). This blog is hosted on Moon’s own servers. Apparently, the blogs took a rather serious attack of some sort and were rendered inoperable (I only hope that it was random and not something that I wrote that pissed off someone to the point of attacking the servers). We have no idea (yet) of what happened, who or why or whether, in fact, there was such a DoS on the servers. We were on a well known web hosting server but have now migrated to a substantially more secure server (I actually know the company quite well and their approach to security is unique and very secure).

The real surprise is how insecure and vulnerably some host services operate their web space. Afterall, this is “only” a commentary blog. If this were a commercial website, or my company’s website, I would have been more than upset at having it go down for so long.

As for the individual or individuals who took down the site…my attitude toward cyber attacks is not that different from jihadist terrorists. Death to cyber terrorists!

cyber security, Denial of Service Sphere: Related Content

4 Comments »

Despite Democratic Congressional objections, DHS is planning to launch the National Applications Office to allow more government police and security agencies to tap into detailed satellite images.  Sec’y Chertoff said a “charter has been signed” to create a new office.  It will be a clearinghouse for requests from law enforcement, border security, and other domestic homeland security agencies to view feeds from spy satellites.

“I think the way is now clear to stand (the office) up and go warm on it.”

Currently these spy birds are used to monitor volcanic activity, hurricanes, floods, and various environmental and geological shifts.  Obviously the intention is to capture images for terrorism investigations and actions against illegal aliens.  Not so fast however!

Committee leaders say the charter for the National Applications Office is “wholly inadequate,” said the aide, who spoke on condition of anonymity since the letter is still being drafted. They plan to criticize the department for allegedly failing to outline the legal framework and other “standard operating procedures” governing the program.

Furthermore, the Government Accountability Office has not yet vetted the program’s privacy guidelines, which was made a condition for the National Applications Office to receive congressional funding, the aide said.

Further, in the area of cybersecurity, Chertoff it plans to expand use of an existing system known as Einstein, that will, among other things, monitor visits from Americans and foreigners visiting .gov Web sites.

Let the games begin!

Chertoff, DHS, National Applications Office, National Reconnaissance Office, spy satellites Sphere: Related Content

2 Comments »

Version two purportedly corrects poorly designed and breakable elements of V1.  And it was announced on the Al-Ekhlaas forum, hosted at a Web site based in Tampa, Fla.  It is time for the general public, and not just a few select counterterrorism “wonks” to pay attention.  These are not camel jockeys.

“The original Mujahideen Secrets used a weak methodology, it was not properly designed and it was breakable,” asserts Paul Henry, vice president of technology evangelism at Secure Computing. Henry notes that the first version of Mujahideen Secrets makes use of the RSA-based public-key cryptography.

The levels of sophistication of today’s cyber-jihadists is striking, and widely “misunderestimated” (see malaprop) by the uninitiated multitudes of global blogosphere commentators.

Washington, D.C.-based Middle East Media Research Institute (MEMRI) has also identified NOC4Hosts as the Web site provider for Al-Ekhlaas, noting that on Jan. 13 the Islamist forum “announced the imminent release of a new version of the ‘Mujahideen Secrets’ software.”
[:]
MEMRI stated that the first version of the Mujahideen Secrets encryption software released a year ago was described as “the first Islamic computer program for the secure exchange [of information] on the Internet,” providing users with “the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools].”
[:]
…there’s cause to be concerned that Al-Qaeda may be bulking up its technologies.

The full story of the MEMRI analysis of this is found here, From MEMRI’S Islamist Website Monitor Project: Islamist Forums Take New Security Measures.  A partial list of web hosts harboring al Qaeda and jihadist websites, all providing access to Majahadeen Secrets Version 2 are show here, in Headline: Islamofacist Outreach Comes to the Net-In ENGLISH !

The following are some prominent Islamist forums and blogs in English, along with their URLs and ISPs:

The Al-Hesbah forum
http://www.alhesbah.net/v/forumdisplay.php?f=48
ISP: NOC4Hosts Inc.; Tampa, FL, USA (Data verified 11/20/07)
The Shumoukh Al-Islam forum
http://shmo5alislam.net/vb/forumdisplay.php?f=53
ISP: TELEKOM MALAYSIA BERHAD; Malaysia (Data verified 11/20/07)
The Al-Ekhlaas forum
http://ekhlaas.org/forum/forumdisplay.php?f=109
ISP: NOC4Hosts Inc.; Tampa, FL, USA (Data verified 11/20/07)
The Jund Al-Rahman forum
http://jondurrahmaan.com/vb/?styleid=30
ISP: Layered Technologies, Inc.; Plano, TX, USA (Data verified 11/20/07)
The Shabkat Al-Akhbar forum
http://w-w-n.ws/forumdisplay.php?f=10
ISP: TIMETELEKOM; Malaysia (Data verified 11/20/07)
At-Tibyan Publications website [2]
http://tibyan.wordpress.com/tag/articles
ISP: Layered Technologies, Inc., Plano, TX, USA (Data verified 11/29/07)
The Sawt Al-Jihad blog
http://www.sawtaljihad.org/
ISP: New Dream Network LLC; Brea, CA, USA (Data verified 11/20/07)
The Ignored Puzzle Pieces of Knowledge blog
http://inshallahshaheed.muslimpad.com/
ISP: ThePlanet.com Internet Services, Inc, Dallas, TX, USA (Data verified 11/29/07)
The Crusader Watcher blog
http://www.crusaderwatcher.blogspot.com/
ISP: Google Inc.; Mountain View, CA, USA (Data verified 11/20/07)
The Press Release blog
http://www.press-release.blogspot.com/
ISP: Google Inc.; Mountain View, CA, USA (Data verified 11/21/07)

Further, you have this excerpt: On December 17, 2007, the English section of the Islamist Al-Ekhlaas forum (www.ek-ls.org), hosted by NOC4Hosts Inc., Tampa, FL, USA, posted a message revealing further security measures being taken by Islamist forums in light of the intensifying campaign in the West against Islamist websites.

The message indicates that Islamists have created exclusive, invitation-only forums because of the fear of infiltration by non-Muslim Western agencies and organizations.

So what do the experts say about this?  People like Doug Farah and Evan Kohlmann are among those who follow this area closely.  I’m pretty much an interested third party as it relates to some of the work that I do, and the emerging tactics in this War on Terrorism continues to fascinate me.  On the Counterterrorism Blog, Farah writes in his post, The Jihadist Encryption Campaign

Dubbed Mujahadeen Secrets 2, the Ekhlaas website said the newer iteration is a “special edition of the software was developed and issued by … Ekhlaas in order to support the mujahideen in general and the (al Qaeda-linked group) Islamic State in Iraq in particular.”

This shows three things: that the outside world has grown increasingly better at monitoring their unencrypted communications; that the jihadists have the technological wherewithal to take their communications to the next level; and that they still apparently like to operate out of the United States.

Farah expands on his thoughts more in his own blog, Jihadists Move to Encryption on Internet Sights, his final observation warrants special attention:

The flat world of technology spread cuts many ways. This is one of the inevitable but costly ways our open systems can be exploited to make our lives more dangerous.

Just a bit less than a year ago, I among few others wrote a post, New Encryption Tool to Aid Terrorism.  Suprisingly few (or not) people recognized it back then, and in fact I know factually that even cyber-terrorism specialists at a specific 3-letter agency were not familiar with it back then.  Perhaps their awareness has risen since then.

For a “geeks” view of the released version 2, you can look at Mujahideen Secrets 2 Encryption Tool Released.

Those who somehow think that the Global War on Terrorism is coming to some sort of end, wake the hell up! As time passes, jihadist tactics are becoming more sophisticated. These are educated and intelligent people, motivated to destroy us through whatever means are at their disposal.

Al Ekhlaas forum, MEMRI, Mujahadeen Secrets 2 Sphere: Related Content

No Comments »

Though I offered my own 2008 predictions, I came across a report from the Overseas Advisory Council of the top overseas security issues that faced U.S. private sector, and that will likely continue.  The list includes theft of trade secrets, cyber attacks, insider threats, home-grown political radicalism, terrorism, and political conflict.  Its good summary if “anyone” is (really) interested. 

Even though I haven’t had a chance to complete the post, my predictions for 2008 are found in Looking Ahead: Observations and Predictions for 2008.  It is always interesting to me that so much focus is placed on the personality and the politics of the Presidency, rather than the understanding of the World around us (perhaps it is more obvious than the question…commenting on the personalities of politics is alot easier)…but afterall, the understanding of the candidate(s) of the World around us is the most important issues are the World in which the new President will serve. 

According to Todd Brown of the Department of State’s Bureau of Diplomatic Security (who also serves as the Exec. Dir. of the OSAC), many of these growing and continuing threats are a result of increased globalization - “As an increasing number of U.S. businesses, academic institutions, and nonprofits expand the scope of their international operations, they must learn to safeguard their facilities and personnel by incorporating security and risk management into their core business practices.”

* Africa: Rising violent crime in major cities
Violent crimes occurred at critical levels throughout many African cities. Criminals targeted their victims in vehicles, hotels, and commercial areas. Fatal carjacking attacks as well as armed robbery of residences, hotels and restaurants have dramatically increased in major cities such as Lagos, Nigeria, Nairobi, Kenya, and Johannesburg, South Africa. Private sector organizations operating in high-crime environments must implement sufficient measures to protect both property and personnel.

* Africa: Increased kidnapping in the Niger Delta
This past year, the number of kidnappings, both onshore and off-shore, by militant groups and criminal gangs in the Niger Delta increased dramatically compared to 2006. Attackers targeted locally employed staff of Western-owned oil companies, expatriates, and their families. In addition to continued threats against oil workers, individuals not affiliated with the petroleum industry — including Nigerian government officials — also were targeted for kidnapping. On an encouraging note, one report indicated the rate of kidnappings had slowed considerably in the second half of 2007.

* Asia: Theft of trade secrets and insider threats
The private sector in Asia faces a significant threat of fraud, including theft of trade and business secrets, and these threats have increased exponentially in recent years. India and China, two of Asia’s largest players on the international business stage, continue to be among the nations where the private sector faces the most intense risk of theft of commercial secrets and insider threats. Companies must perform extensive due diligence measures to guard against document fraud by job applicants, competitors trying to place an insider to steal company secrets, and theft and compromise of trade and commercial secrets.

* Asia: Regional and domestic terrorism
The effects of regional and domestic terrorism are apparent across Asia. Pakistan is a prime example where transnational terrorists and domestic insurgencies are increasingly active, as exhibited by continued recruitment of extremists, terrorist training, and terrorist operations against official and private sector targets. This has been most evident in attacks across India and attacks by extremists targeting the government and military in Pakistan. These threats require the American private sector to operate at heightened levels of security, often resulting in increased operating costs and heightened concerns by employees and investors.

* Europe: Cyber attacks
In the wake of a political controversy, Estonia was victimized by cyber attacks which plagued the Web sites of the government, media services, and banks. The attacks were carried out by flooding websites with digital debris, forcing them to become unusable, and by infecting computers around the world with viruses in order to remotely operate them against Estonian systems. It is vital to recognize that these attacks can easily be replicated against a new target, including the U.S. private sector. It is incumbent that crisis management plans now account for this type of cyber threat.

* Europe: Radicalization
Radicalization of home-grown elements in Europe continued in 2007, evidenced by terrorist plots disrupted in Germany and Denmark, the discovery of explosive devices in two cars in London, and a flaming SUV that extremists crashed into the Glasgow airport in Scotland. The radicalization process, influenced by international terror groups, appeals to people of varied backgrounds, living under diverse circumstances. These plots and incidents underscore the fact that extremist elements in Europe continue to pose an ongoing threat to the region.

* Latin America: Natural disasters
Earthquakes, hurricanes, and tropical storms significantly impacted operations of the U.S. private sector during 2007, destroying property, killing hundreds, and leaving thousands homeless. In one particular case, 70 percent of Tabasco, Mexico was flooded and a major natural gas pipeline exploded as a result of a late-season tropical storm. Both tourist and industrial sectors are vulnerable in areas prone to natural disaster. This has lead security managers to re-evaluate contingency plans within the region.

* Latin America: Political obstructionism
Political conflict has emerged as a significant concern to the U.S. private sector in Latin America with the movement by some Latin American leaders to nationalize private industry and campaign against U.S. interests through proposed constitutional referendums. This was demonstrated in late 2007 when Venezuelan President, Hugo Chavez, proposed 69 amendments to the Venezuelan Constitution which could have diminished economic stability and property rights. The same type of movement has been orchestrated by Bolivian President Evo Morales. Political demonstrations have at times flared into violent street protests, which have paralyzed commercial areas in some cities and resulted in both injury and death.

* Middle East and North Africa: Political instability in Lebanon
For much of 2007, Lebanon’s dueling political blocs led some in the private sector to worry that the country could return to civil war if issues are not resolved to the satisfaction of all parties. Lebanon also experienced several tension-inducing incidents in the past year that have been political and/or sectarian in nature, including low-level bombings, assassinations of several well-known anti-Syrian figures, and battles between military and extremists in Palestinian refugee camps. These incidents have increased concerns that terrorist elements or sympathizers could take advantage of the situation in order to establish themselves and plot attacks against Lebanese or Western interests.

* Middle East and North Africa: Terrorist attacks in Algeria
Violent terrorist attacks throughout Algeria over the last year have confirmed that AQIM (al-Qaeda in the Land of the Islamic Maghreb) poses a serious threat to government and private sector entities. Using sophisticated tactics, several AQIM attacks targeted economic interests, including three attacks on Western company convoys. Other threat incidents included several suicide vehicle bombings (two of which were coordinated attacks on multiple high-profile targets in Algiers), a suicide vest used in an attack targeting Algeria’s president, as well as plots to kidnap Westerners.

The Overseas Advisory Council was started in 1985 as a partnership between the U.S. Department of State and American business and private sector interests worldwide to promote security cooperation.

See a repeat of another blog post from ”This and That” here (proving the point I make in one of the comments about analysis).

AQIM (al Qaeda in the Land of the Islamic Maghreb), Bureau of Diplomatic Security, Chavez, domestic insurgencies, European radicalization, Morales, Overseas Advisory Council, transnational terrorists, U.S. Department of State Sphere: Related Content

8 Comments »

Thanks for stopping in.  Despite the headline, this is an important subject, especially for parents of teenaged kids.  Anyone here hoping to see a picture, you’re out of luck, but now that you’re here, I hope that you will spend a few more minutes and browse around at some of the other entries.  Thank you!

“They” say that what happens in Vegas, stays in Vegas.  Well, the same is true of the Internet.  Once its out there, its stays out there…at least somewhere.  That’s what a school in Upstate NY found out after a circle of friends - girls and boys in middle school started sharing nude pictures of each other.

NewsChannel 9 is breaking news out of the town of Clay where a Cicero-North Syracuse High School has been charged with distributing nude pictures of female students.

The charges stem from cell phone pictures that about a dozen high school girls, age 11 to 14, took of themselves. They sent the naked pictures to their boyfriends and that’s when police say the criminal activity happened.

District Attorney Bill Fitzpatrick says the only person charged is 17-year-old Michael Wixson, an honor roll student at C-NS High School.

There’s a lesson in this for everyone…perhaps mostly for parents in today’s cyber world. Take a look at this video (CLICK HERE).  If you were looking for the pictures, shame on you.

Cicero North Syracuse High School, cyber security, PAVLOV, picture sharing Sphere: Related Content

No Comments »

As Congress debates the extension to FISA, Donald Kerr, the Deputy Director of National Intelligence said that Americans need to stop equating “privacy” with “anonymity.”  Kerr believes that the new definition is that America will protect people’s private communications and financial information.

An Intelligence Official’s Privacy Proposal
“Too often, privacy has been equated with anonymity,” he said, according to a transcript [pdf]. “But in our interconnected and wireless world, anonymity – or the appearance of anonymity – is quickly becoming a thing of the past.” 

The backdrop for this is Foreign Intelligence Surveillance Act.

Millions of people in this country - particularly young people - already have surrendered anonymity to social networking sites such as MySpace and Facebook, and to Internet commerce. These sites reveal to the public, government and corporations what was once closely guarded information, like personal statistics and credit card numbers.

Spy Official Calling Anonymity Dead Simply Summarizing Gov Spying Powers - What’s the premise?  “If you are willing to go online - thus sharing some information with at least your ISP, you should be fine with the intelligence community watching what you do, because the government has privacy boards and ISPs do not.”

Now, I had my own experience with a cyberstalker a few months ago (or actually, someone who threatened me online). And because of his own stupidity and lack of knowledge about the Internet and simple things like IP addresses…Cyber-Threats, Blogging and Your Actions he was not only identified but he was reported to law enforcement.  While I am familiar with the processes available to everyone, and have additional resources at my disposal, clearly, the government has even more capability.

No Tags Sphere: Related Content

No Comments »

If Bruce Schneier agrees with me, I suspect its alot more important than the people who don’t (agree with me).

So, it seems that a “debate” ensued regarding the issue of the 11/11 onset of the cyber attack (see The “11/11″ E-Jihad Cyberterror Threat, included in its entirety by reference), and as a result, my “intellectual honesty” was questioned (and yes, I am offended).  Thusly, it has been brought to my attention that Bruce Schneier maintains the same position as I expressed.  NOTE:  To anyone familiar with security issues, it is not an epiphany (“a sudden, intuitive perception of or insight into the reality or essential meaning of something, usually initiated by some simple, homely, or commonplace occurrence or experience”) that there is a mounting cyber-attack effort.

Who is Bruce Schneier?  Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a “security guru,” Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

Here is what Schneier wrote for reference:

November 09, 2007
Al Qaeda Hacker Attack to Begin Sunday

At least that’s what they said two weeks ago:
On Sunday, Nov. 11, al Qaeda’s electronic experts will start attacking Western, Jewish, Israeli, Muslim apostate and Shiite Web sites. On Day One, they will test their skills against 15 targeted sites expand the operation from day to day thereafter until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites.

I think this is nonsense. We’ll see who’s right next week.

Anyone who has the least familiarity with security issues, is involved in security as a business, or researches the question, knows that the United States has considered cyber-terrorism a significant issue for quite some time.   That is why the U.S. has established the Cyber Command at Barksdale AFB.  The recognition of the cyberthreat is why The Center for Strategic and International Studies (CSIS) has recommended the Creation of a U.S. Cyber Security Commission…

Co-chairmen of the commission are retired Admiral Bobby Inman, former director of the U.S. National Security Agency; Scott Charney, corporate vice president for trustworthy computing at Microsoft; U.S. Representative Jim Langevin, a Rhode Island Democrat and chairman of the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology; and Representative Michael McCaul of Texas, the ranking Republican on the subcommittee.

Cyberthreats against the U.S. are growing, and it’s important for Congress and the next president to take action, Langevin said. In the past year, his committee has investigated hundreds of cyberbreaches within the U.S. government.

…and that’s why programs like The Center for Infrastructure Assurance and Security (CIAS) already exist and operate to protect critical infrastructure.  That’s why the National Security Agency has established a long list of National Centers of Excellence in Information Assurance. 

If Bruce Schneier agrees with me, I suspect its alot more important than the people who don’t agree with me.

And not for nothin’ here is a message in return for the person who questioned my intellectual honesty:

.:..:..:..:……:::.:::.::….:.::.:::..:::.:….:……:::.:…::.::::..:……::…::.:::.:.:.::.::.:..:……::.:..:.::.:::…:……::::..:.::.::::.:::.:.:.:::..:…:……::.::.:.::.::::.:::.:.:.:::.:…::.:…..:.::….:……:.:..::.:::…..:::..:..::..:.:.::..:.:..:.:::.

There’s a prize for the person who tells me what I wrote.

Bruce Schneier, The Center for Infrastructure Assurance and Security (CIAS), U.S. Cyber Security Commission Sphere: Related Content

4 Comments »

On the eve of the “rumored” dawn of the electronic jihad, know that all threats are real…none are too small to be ignored. And yet, I was accused by another writer that I was guilty of underplaying the threat because I deny the credibility of the source (Debka). So, with respect to that writer, I say that the concept of my being guilty of underplaying any threat, or worse, being a witless dupe of the terrorists is “silly.”

With some audacity, I write this blog anonymously for professional reasons…yet hope that my “sense” and interpretation of the situations we face are positioned in such a way that separates fact from opinion…and which then offer my views. I am not always right in my interpretations and I won’t deign to call them analyses as I am not an analyst (although some people believe that I should be seeing one). However, I do observe through the eyes (mine) of someone who has been involved in activities revolving around homeland security since before that term was known to most. Except for some government types (wonks) who might stumble into this site, who knows the difference between homeland security and homeland defense…draw the lines. Clearly, there is no obligation to believe anything that I write.

Note that I covered this subject when it occurred, UPDATED - The Coming “Cyber Jihad” & U.S. Response (”Watch your calendars!  But don’t hold your breath.”).

I was reminded that “Debka has been right on some of its predictions and that if I chose to ignore their warnings, it was at my risk, and that others, of course, did not have to follow me.”

So don’t take my word for it.  In addition to the Network World citation discussed below, how about this from SC Magazine?

Al Qaeda cyber-jihad threat dismissed by researchers -  McAfee told organizations not to lose sleep over reports that al Qaeda would target Western websites in a mass-cyberattack this Sunday…McAfee Avert Labs researcher Francois Paget cited cyber-terror warnings in August 2004 and November 2006 that never materialized, but said he blogged about the specter of cyber-jihad because news stories and rumors were circulating on the internet…

Be careful, but don’t lose sleep over al Qaeda hack alert, say experts - Johannes Ullrich, chief research officer of the SANS Institute, said the threat - which called for attacks to run through December in retaliation for the United States holding terrorism suspects at Guantanamo Bay naval base in Cuba - was posted on a Jihad forum largely populated by “kiddie hackers.”

“I read over that forum where it was posted and the message basically asks everyone to attack the U.S. but it doesn’t provide any specifics on how to do it,” Ullrich said. “It’s just basically one kid making a suggestion, an inspiration, and doesn’t tell people how to do it. I wouldn’t put much stake in that.”

He said the threat, religious in tone and making references to prisoner treatment at Guantanamo Bay, attempts to encourage members of the Islamic militant group to launch DoS attacks against U.S. financial websites…

Make no mistake about it! I take the threat of cybersecurity very seriously. In fact, I take all aspects of security very seriously, and infrastructure security has been one of my areas of interest for some time. In January, after reading an entry on the Counterterrorism Blog, I wrote a post, New Encryption Tool to Aid Terrorism

Andy Cochran at the Counteterrorism Blog posted this article written by Jim Melnick, iDefense Intelligence Team, VeriSign, Inc. about this on January 26th in his post, Internet Security Company Cracks Special Jihadist Software. In his post, he describes how a pro-terrorist group, “Global Islamic Media Front” (GIMF) has developed “Mujahedine Secrets,” an encryption program that is portable (can be used form a USB memory stick) and will cloak the identity of those who use the program, and may make it increasingly difficult or even impossible for investigators to track down the source of activity further than the Internet café itself.

It is critical to remember here that the jihadists that we face today, are no simple terrorist group. Many are college educated, many have advanced degrees and often have degrees in engineering or computer science. These terrorists are not just suicide attackers!

Getting back to the immediate “threat.” In the ensuing “discussion” I cited a reference to Network World and its statement, “Security experts are saying that a reported al-Qaeda cyber jihad attack planned against Western institutions should be treated with skepticism. Again, with no disrespect intended, I was told that “skepticism is fine as long as people just don’t wave the potential which the experts have stated quite clearly is there, away. People need to stop thinking “it can’t happen” and realize it might not happen but it is, indeed, possible.” Again, “silly” is the most cordial way for me to characterize that statement. One final point was that the Counterterorrism Blog has no citation of Debka anywhere in its archives - results of the search are found here.

Is this threat of a cyber-jihad real?  Of course it is real…just that Debka isn’t (in my opinion).  read about it on Security Watch -  BH Consulting’s Security Watch Blog.

Update 8th November 2007
The Register is reporting that a new version of the “Electronic Program of Jihad” has been discovered. This new version has been dubbed version 3.0. It is speculated that this program is the version that will be used during the above reported threat of attack on November 11th. McAfee provide more details on their Avert Labs Blog.

POST SCRIPT for those who read the attack on my “intellectual honesty” by another blog writer…from the Strategy Page: Electronic Program of Jihad

After a decade of effort, Islamic terrorists are making slow progress in developing Cyber War weapons. The latest one to appear is a program users volunteer to install on their PC, turning it into a zombie. Such a PC can be controlled by a remote operator for all manner of Cyber War tools and weapons. But this “Electronic Program of Jihad” turned out to be poorly constructed, and not yet ready for prime time.

More web sites dedicated to online terrorism are showing up (and often getting shut down quickly by intelligence agency, vigilante hackers or inept operators). Some Islamic hacker organizations have even surfaced, but often prove to be a few people, or an individual. Few of these groups appear to have much staying power.

POST POST SCRIPT for those who… Program automating online jihad found in the wild:

 Many security experts have said the report should be treated with a liberal dose of skepticism. They argue that Debkafile is a less-than-reliable source and say grass-roots-based cyber attacks by militant Islamists already happen all the time.

Oh Shit!  Wait!… Hackers launch ‘cyber jihad’ on US - Pakistani group defaces government website - James Middleton, vnunet.com, vnunet.com 18 Oct 2001

Hackers in Pakistan have declared a cyber jihad on the US and Britain, only days after the FBI issued a warning predicting as much.

Will the “prediction” of a Veteran’s Day cyber-terrorist attack occur? I doubt it. Let’s see what happens tomorrow…OOOPPPS!  That seems to be “intellectually dishonest.”  Sorry folks?  She said it, not me!

Happy Veteran’s Day.  Support the Troops!

cyber jihad, cyberwarfare, debka, Mujahedine Secrets, November 11 cyber attack Sphere: Related Content

13 Comments »

Talk about timely.  Don’t be tempted to download the latest scam the World’s largest bot net!  Whether a “worm” or a Trojan Horse, this malware sucks people in by a spam email inviting them to visit a Halloween-themed URL to download a dancing skeleton…instead you get a version of the Storm malware that turns your PCs into a “zombie.”

Cyber threat watchers really haven’t figured out who or what is behind this Storm bot attack…

“Storm is a very aggressive worm,” says John Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force’s Anti-Spam Research Group. “It’s interesting because it uses a [peer-to-peer] control structure that makes it hard to kill.”

 • European storm — Spam tries to send recipients to a Web site with more news on the results of winter weather. 

 • YouTube — Spam message tells recipients there’s a video of them posted on YouTube.  

 • Account confirmation — Spam messages ask recipients to click on an embedded link to confirm their account with a bogus organization.

 • Happy Labor Day — Spam message tells recipients a holiday greeting is waiting for them at the linked site.

 • National Football League — Spam attempts to lure football fans to a Web site that promises a free game tracker, among other things.

• Free games — E-mail tells recipients to click on link for free computer game downloads.

“F-Secure also says that Storm is the largest botnet in the world with just more than 1 million infected PCs; however, other researchers say there’s no way to know how many PCs have been infected…”

How Storm Attacks - The way Storm secretly installs itself on PCs is via spam, but typically Storm is not carried by the message; instead the message attempts to get the recipient to visit a Web site that downloads the malware. It’s hard to avoid Storm-related spam, which was particularly active in late summer and shows no sign of stopping. These spam blasts take advantage of whatever the malware’s owners think would most entice recipients to click on the embedded link to a Web site purportedly related to the e-mail’s subject — be it a recent event such as the Labor Day weekend or the start of the football season or pop culture items such as computer games or a YouTube video clip.  

A word to the wise.  Beware.  Its Halloween and the night is just beginning.   All I know is that whoever it is, whenever he/she is caught, he should be stung up from the highest tree by the short hairs.

Doesn’t matter…if you’re not careful, it’ll get you.

dancing skeleton, Storm bot Sphere: Related Content

3 Comments »

When it comes to analysis, you and your conclusions are only as good as the information you use.  There’s also a huge difference between commentary, opinion & reporting…and analysis.  Generally, if it doesn’t show up as an item on one of the truly reputable sites like the Counterterrorism Blog, Investigative Project on Terorrism, Threatwatch, Global Terror Alert, The Long War Journal or such (and there is a long list of others), I look at a “claim” with some degree of suspicion (especially if its the Northeast Intelligence Network, NewsMax or World News Daily…or worse, some egotistic self-published pundit).  On 4/1/07 there were hysterics about a planned “sneak attack” on Iran based on faulty Russian intelligence.  Now, another “reliable” source predicts an al Qaeda 11/11/07 cyber attack.  Watch your calendars!  But don’t hold your breath.

UPDATE from Network World:  Security experts are saying that a reported al-Qaeda cyber jihad attack planned against Western institutions should be treated with skepticism.

 The attack was reported by DEBKAfile, an online military intelligence magazine. Citing anonymous “counter-terror sources,” DEBKAfile said it had intercepted an Oct. 29 “Internet announcement,” calling for a volunteer-run online attack against 15 targeted sites, set to begin Nov. 11. The operation is supposed to expand after its launch date until “hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites,” the magazine reported.

This “stuff” must be a pandemic of misinformation flooding the Internet and especially the Blog”o“sphere.  Aside from the likelihood is that once again, Debka is wrong (like they say, a bad clock is right once in a while), people are believing this drivel.  Before I believe stuff like this, I want to know the source(s), and not just that Debka “says” because, like many other dubious sources…well, they’re dubious.

Turns out that the “sneak attack” stuff was spread by an equally unreliable source, Webster Tarpley (Webster), who among other things, contends that the events of September 11 were engineered by the GWB administration.  Yesterday, I had a “debate” about whether the “source” of the rumored Global Islamic Media Front report about bin Laden’s plan for an American Hiroshima had any credibility (some guy who I didn’t know about before, Paul Williams).  Aside from the fact that the “news report” tracks back to 2005 and earlier (see my earlier post, Assessing the Threat of a Nuclear al Qaeda - considerable discussion of the “American Hiroshima”)…as was expressed by one of my “CT”friends…

“Does bin Laden have nuclear ambitions? Of course he does…He did not seek and get a Fatwa justifying the killing of thousands of Americans with such weapons as a propaganda stunt.  The matter is availability.  What those who constantly report or conflate is a very real desire with a very doubtful capability - yet.  And their way-off-the-mark assessment of the here and now been saying this for years on US nuke attacks, yet no attacks is why they cheapen the effort to educate and thus act on the threat that does exist…”

Somehow lost on many people is the lesson taught by our parents (or at least my parents to my siblings and I), don’t believe everything you see, hear or read.,,maybe an even better lesson is to not repeat things derived by unreliable sources (you only need to witness the wildfire of anti-Mexican hysterics that came from the repeating of the hoax from “cnnheadlienews.com”  IMO, the same holds for the growing legions of self-publishing egoists (I could name one or two but don’t want to offend anyone).

Is the United States prepared to deal with a cyber jihad?  Of course it is.  Could it still happen?  Sure!  Both China and Russia have recently been responsible for cyber-war on a still limited basis.  But what of the Cyber Jihad?

An Internet Jihad Aims at U.S. Viewers

When Osama bin Laden issued his videotaped message to the American people last month, a young jihad enthusiast went online to help spread the word.

“America needs to listen to Shaykh Usaamah very carefully and take his message with great seriousness,” he wrote on his blog. “America is known to be a people of arrogance.

”Unlike Mr. bin Laden, the blogger was not operating from a remote location. It turns out he is a 21-year-old American named Samir Khan who produces his blog from his parents’ home in North Carolina, where he serves as a kind of Western relay station for the multimedia productions of violent Islamic groups.

In recent days, he has featured “glad tidings” from a North African militant leader whose group killed 31 Algerian troops. He posted a scholarly treatise arguing for violent jihad, translated into English. He listed hundreds of links to secret sites from which his readers could obtain the latest blood-drenched insurgent videos from Iraq…

…Mr. Khan, who was born in Saudi Arabia and grew up in Queens, is an unlikely foot soldier in what Al Qaeda calls the “Islamic jihadi media.” He has grown up in middle-class America and wrestles with his worried parents about his religious fervor. Yet he is stubborn…

…While there is nothing to suggest that Mr. Khan is operating in concert with militant leaders, or breaking any laws, he is part of a growing constellation of apparently independent media operators who are broadcasting the message of Al Qaeda and other groups, a message that is increasingly devised, translated and aimed for a Western audience…

…Militant Islamists are turning grainy car-bombing tapes into slick hip-hop videos and montage movies, all readily available on Western sites like YouTube, the online video smorgasbord…

Is there a cyber risk? Of course there is.  In fact Cyber Warfare was predicted by the Rand Corp. as long ago as 1995.  Are the Islamists using things like Google Earth and Second Life?  Of course they are.  Its a valid concern.  Rep. Steven McCaul of Austin Texas fears that the U.S. is open to cyber attacks and is forming a blue-ribbon panel to propose ways to improve network security.  The U.S. Air Force also recognizes the potential threats of cyber-terrorism.

Recent pronouncements by U.S. Air Force officials about their view of cyberspace as a war-fighting domain have attracted little attention. But the questions they raise for U.S. military policy and doctrine are profound.

“Cyber(space) is important to the nation,” said Gen. Robert Elder, the military officer in charge of the U.S. Air Force’s day-to-day cyberspace operations, acknowledging the dependence of U.S. commerce and banking on the Internet, “But to the Air Force, it’s really important.”

Added October 31, 2007:  Why not read about the Cyber Warriors at Lackland Air Force Base?

Deep in the heart of cyberspace, something new called a Network Warfare and Ops Squadron fights battles 24/7 from a building in a nondescript office park here at Lackland Air Force Base.At one end of the room, a crew monitors the cyberspace highways for the first signs of a hacker infiltration, spreading virus, or network-jamming wave of spam. A second crew rapidly investigates every problem and scrambles other crews to counter each incursion with an armory of specialized software. And all of it is under the watchful eyes of a pyramid of officers and officials that ascends through the departments of Defense, Homeland Security, and Justice and eventually into the Oval Office.Every day, every hour, the squadron reacts to myriad trivial or significant attacks on some of the 650,000 computers that allow the Air Force to pay its personnel, manage day care centers, buy fuel, direct fighter-bombers in Iraq and Afghanistan, and launch nuclear-tipped missiles should the order ever come.

Read more about netcentric warfare here and here.  But an al Qaeda cyber jihad launched on November 11, 2007? Mark your calendars and watch…its only 12 days away.  As for sources and stuff like opinions, commentary and analysis…to “paraquote” another of my friends, if you lay down with ”mongrels” you’re going to wake up with fleas (or something like that) - -

cyber jihad, cyber terror, Lackland Air Force Base, Network Warfare and Ops Squadron, predictions, Shaykh Usaamah, Steve McCaul Sphere: Related Content

2 Comments »

More cyber-insecurity to report.  Last month, the Massachusetts Division of Professional Licensure (DPL) mailed out 28 disks to 23 people requesting public information that inadvertantly contained Social Security numbers of 430,000 people.  Additionally, websites hosted by Brookhaven National Laboratory and the Superior Court of Madera County, California, were hacked.

Massachusetts DPL sent what was described as a “contrite letter” that: 

…urged affected individuals to contact the major credit bureaus and place fraud alerts on their credit. The agency also assured them that there has been no indication yet that the exposed information was misused. The letter also noted that all of the disks but two have already been recovered from the individuals who got them.”None of the individuals who received the disks has indicated that they were even aware the disks contained social security information,” DPL Director George K. Weber said in a letter posted on the division’s Web site.

This of course assumes that the Massachusetts DPL website wasn’t hacked like those of Brookhaven National Laboratory (BNL) or the  Superior Court of Madera County, California  (see below).  But DPL says of this incident:

…the foul-up was the result of a “programming error and the upgrading of computer hardware and software” at the DPL. Several categories of licensed professionals were affected by the breach, including licensed nurses, health care professionals, certified public accountants, engineers and land surveyors…

Feel better now? Well don’t! Because the rest of the article goes on to discuss other “SNAFUs” that have recently occurred.  And now back to BNL and  Superior Court of Madera County, California.  It seems that as of last Thursday, the websites for BNL and the Madera County court “…were still hosting inappropriate content. Brookhaven had links that redirected visitors to pornographic Web servers, and the Madera County court site featured ads for porn and Viagra…”

We are assured by  Tom Schlagel, a manager with BNLs information technology division (BNL specializes in high-energy and nuclear research apparently) that no pornography actually resides on their server, but that “only” redirects to porn sites existed.  As for the California incident…it almost took the entire State’s Internet off-line!

The security of U.S. government Web sites has been front-page news in California this week after the U.S. General Services Administration, which administers the .gov top-level domain, temporarily removed California’s state servers from the Internet’s DNS infrastructure, apparently because of a security problem on the Web site of a small state agency, the Transportation Authority of Marin.

The compromising of government websites like these raises serious questions of cybersecurity (at least for me it does). 

This post cross posted at Real Clear Politics…please vote so others can see this post.

Related Stories:

DATA BREACHES

Largest breach ever
Total credit card numbers stolen: 45.7 million.

Banks sue TJX

FTC wants answers

Case study in what to do wrong

TJX apology: We give it a 5

WHO’S RESPONSIBLE?

Sloppy companies, not hackers

Bill puts onus on retailers

Boards need to wake up

MORE DATA BREACH NEWS

TJX data criminal gets five years in prison

Cost of data breaches varies

Reporting data breaches won’t kill your company

So sorry we lost your data

Feds pull the domain name plug on State of California 10/4/2007

The 16 greatest moments in Web history 10/3/2007

Man impersonates lawyer to take over domain names 9/12/2007

Feeling secure now?

Brookhaven National Lab, data breaches, Massachusetts Division of Professional Licensure, Superior Court of Madera County California Sphere: Related Content

3 Comments »

The Nigerian advance-fee fraud has been around for decades, but now seems to have reached epidemic proportions.  This week authorities in  Nigeria, the Netherlands, and Canada in conjunction with the US Postal Service made 77 arrests, seizing over $2.1 billion in fraudulent checks. 

Unless you’ve got an amazing spam filter, one or more of these spam mail schemes get through to you every once in a while.  While most people are smart enough to avoid falling for the “something for nothing” scheme, the amazing thing is that some people are stupid enough to fall for it.

The scam originated in Nigeria in the 1980s. Since then, however, this type of swindling has spread throughout the world—in fact, a large majority of the arrests made in this case were based out of the Netherlands (60 out of the 77 arrests), while only 16 were made in Nigeria…

… For those who have been living under a rock (or just have amazingly great spam filtering on their e-mail), the typical “Nigerian scam” starts with an unsolicited e-mail—or snail mail, back in the caveman days—containing some sort of monetary proposal. This could come in the form of an invoice, a plea for help, an offer to pay for goods or services, or any number of other variations. The scammer then offers to send the recipient a check that far exceeds the amount that is allegedly required to close the deal…

If you receive one of these spam mails, you can either simply delete it…or do as I do…report the email to the fraud@yourISP.com or better yet, use this FTC Consumer Complaint Form (good for violations of the Do Not Call List also), or better yet, use this one to contact the U.S. Secret Service: 

This type of scam spam (a 4-1-9), in which overseas, often Nigerian, con men typically offer you a share in millions of dollars worth of “over-invoiced contracts” (if only you will “temporarily” cover the cost of some “advance fees”) can be reported to the United States Secret Service (http://www.secretservice.gov/alert419.shtml) by faxing a copy of the 4-1-9 solicition to (202) 406-5031.  The Secret Service also has jurisdiction over online credit card fraud, among other scams.

“Most Americans don’t realize they are financially liable when they fall for these scams,” Susan Grant, vice president of the National Consumers League, said at a news conference to publicize the arrests and promote awareness of the frauds.

Here is an amazing quote: “Two-thirds of Americans said they received at least one potential scam contact per week, and 18 percent said they or a family member had fallen for one, in a survey conducted for an alliance of banks, consumer groups and the U.S. Postal Service.”  And Susan Grant, vice president of the National Consumers League complaints to her group about fake checks have risen 60 percent this year, and the average victim loses about $3,000 to $4,000.  This is not an Urban Legend.  What is it that someone said?  “There is a sucker born every minute.”  You know what someone else said?   “A fool and his money are soon parted.”

This post cross posted at Real Clear Politics.

419 scam, mail fraud, Nigerian scam, U.S. Postal Service, U.S. Secret Service Sphere: Related Content

2 Comments »

An essential part of personal and business security is the security of your computer.  Too many people are either unaware of the dangers of aimless web browsing or simply don’t take precaution.  Not unlike the risks of unprotected promiscuous sex, unprotected surfing can often lead to tragic consequences.  As has been a periodic practice here, the following discusses the subject of the “Web’s Dark Corners” and highlights some of the critical things that many people miss (when they are “surfing the net”).

Consider that the problems and hidden dark corners of the Internet only start with a woman (or man - but in this true story, a woman) who maintains a computer without anti-virus protection (not just A/V that’s not updated, but none at all), has no firewall, and never disconnects her computer from her high speed cable Internet modem.  She once asked me why I was so concerned about this.  My answer was phrased as a question…”would you have unprotected sex with millions of people every day?”  Still, I was greeted with, “Oh, you’re always such a worry-wart about security things.”  Of course, my computer wasn’t the one that ended up being used as a proxy server to send pornographic pictures to other (and unknown to her) people.

Well according to a new report from Stopbadware.org,  the bad guys are finding new ways to place their malicious software on our computers — often by compromising Web sites that we trust.  They keep a list of 200,000 Web sites known to be associated with malicious downloads….more than half of these sites have been hacked and don’t even realize it.   According to Max Weinstein, a project manager with StopBadware:

…there is a move to delivering malicious software on legitimate sites has been a disturbing trend over the past year…”It used to be that the advice to the end-user was ‘keep your software up to date and then don’t go to bad Web sites,’” he said. “You still don’t want to go to those sites, but what we seen now is that you can be on a very legitimate site and have a problem.”

Web surfers know that visiting gambling or pornographic sites could harm their computers, but lately attack code can be downloaded from almost anywhere.

And the problem is becoming pervasive and sneaky.

• Web sites that had been linked on the popular Boing Boing blog were compromised, a tactic called ‘linkjacking.’
• in the Web 2.0 world…it’s becoming easier to sneak badware onto a legitimate site.
• Web advertising networks can be easily subverted by attackers to serve up maliciously encoded scripts and images
• “What we’re seeing is a lot of cases where a legitimate Web site has an ad network, and that ad network itself, or sometimes even a subcontractor of that ad network, contains an ad that is providing badware.”
• eBay allows users to put their own images and HTML code on its site, but sometimes this leads to “bad code” [bloggers, think avatars and gravatars] 

See related article from last year,  StopBadware.org adds to its hall of shame list.  Examples of Badware sites can be found here (there are a total of 229,734 URLs on the list!).

So to bring this to a conclusion, let’s examine some of the key points of their most recent paper, “Trends in Badware 2007 - What Internet Users Need to Know”: The internet holds an unprecedented wealth of information, but it can also be dangerous. We’ve