Thursday, 29 April 2010

Texas man cops to botnet-for-hire charges

By Dan Goodin in San Francisco
The Register
28th April 2010

A Texas man has agreed to plead guilty to charges he trained a botnet on a popular internet service provider so he could demonstrate custom-made malware to a potential customer.

David Anthony Edwards of Mesquite, Texas admitted that in August 2006 he and alleged accomplice Thomas James Frederick Smith unleashed a flood of data on ThePlanet.com to demonstrate the effectiveness of bot software they called Nettick, according to court documents. The men allegedly told one purchaser they had 22,000 zombie machines under their control and would sell them for 15 cents apiece in minimum batches of 5,000.

Smith, most recently of Parris Island, South Carolina, has pleaded not guilty to the charges. A trial is scheduled to begin May 17.

In a plea agreement signed by Edwards, he also said that he and Smith breached servers operated by webhost, T35.net. They then extracted password files and made hundreds of thousands of user IDs and access codes available online, the document, filed in US District Court in Dallas, stated. The pair went on to deface the website, Edwards added.

Government backs competition to recruit security experts

By Claudine Beaumont
Technology Editor
Telegraph.co.uk
27 April 2010

The competition, which has the backing of the Cabinet Office and the Metropolitan Police, uses a series of web-based games and challenges to find people with untapped analytical, forensic and programming skills.

There are fears that unless the country bolsters its ranks of computer security experts and analysts, it won't be able to cope with rising levels of cyber crime.

The Cyber Security Challenge games are designed to measure eight key skill areas, including network analysis and logical thinking. People who pass those challenges will be invited to take part in further tests to ascertain their suitability for a security role. Those who meet the requirements could be offered scholarships and training courses.

"The current system is not delivering enough skilled professionals to meet the cyber security challenges we face," said Judy Baker, director of the Cyber Security Challenge. "We have to improve the quality and quantity of talented people entering the profession to accommodate escalating requirements.

[...]

Storm Worm Reappears

By Kelly Jackson Higgins
DarkReading
April 28, 2010

It's baaack: The bot code used in the infamous, massive Storm botnet that was taken down nearly two years ago is being used to build another spamming botnet. Researchers have reverse-engineered the tweaked version of the original Storm code, which so far has spread somewhere between
10,000 to 20,000 machines.

Researchers don't know for sure whether it's the same botnet gang that drove the original Storm and then its predecessor, Waledac -- both of which are no more -- but they have identified two-thirds of the same elements in this latest version as in the original Storm code version.
Noticeably missing is Storm's trademark peer-to-peer component: This version is all HTTP-based rather than the hybrid P2P/HTTP approach in the old botnet, which at one point swelled to a half-million bots. Storm began to fade away in the fall of 2008 after researchers were able to successfully disrupt its operations on more than one occasion.

Waledac, which boasted 60,000 to 80,000 zombies, was downed in February by a sneak attack from a team from Microsoft, Shadowserver, the University of Washington, Symantec, and a group of researchers from Germany and Austria who had first infiltrated the botnet last year.

Joe Stewart, director of malware research for the counter threat unit at Secureworks and known for his previous research on Storm, says he believes another person or group has procured the code and stripped out the P2P element. "From everything we've seen, it looks like the original Storm crew moved to Waledac...so what strikes me is that they stripped out the P2P and sold the spam code to another group to build a more simplified botnet," Stewart says. The P2P feature had been targeted by researchers, which made it less appealing, he says.

[...]

Childs found guilty in SF network password case

By Robert McMillan
IDG News Service
April 27, 2010

Terry Childs, the San Francisco network administrator who refused to hand over passwords to his boss, was found guilty of one felony count of denying computer services, a jury found Tuesday.

Childs now faces a maximum of five years in prison after jurors determined that he had violated California's computer crime law by refusing to hand over passwords to the city's FiberWAN to Richard Robinson, the chief operations officer for the city's Department of Technology and Information Services (DTIS).

Although the city's network continued to run, San Francisco went 12 days without administrative control of the FiberWAN, and that constituted a denial of service -- illegal under state law.

Childs' lawyers had argued that he was a buttoned-down, security-obsessed administrator who believed he was simply doing his job.

CIA Boosting Cybersecurity Investment

By Elizabeth Montalbano
InformationWeek
April 27, 2010

The CIA has made investing in technology to prevent and fight cyber threats as one of its three main priorities in a five-year strategic plan unveiled this week.

The move is in line with a government-wide ramp-up in cybersecurity efforts across all agencies that have responsibility for protecting critical infrastructure in the United States, such as the Department of Homeland Security and the National Security Agency.

CIA 2015, released this week, is a three-pillar blueprint for the agency's next five years. The goal of the plan is to ensure that the agency remains in step with current national security challenges, such as cyber threats and so-called "dangerous technology," according to a press statement.

Indeed, industry experts agree that the threat of cyber attacks on the U.S. is on the rise, and a recent survey found that a majority of federal CIOs believe a major attack is imminent.

Militants using international credit cards for operations

Sify News
2010-04-27

New Delhi: Terrorists, sleeper cells and terror suspects have been using international credit cards to fund their operations in India, Parliament was told on Tuesday.

"As per available reports, instances have come to notice regarding use of international credit cards by terrorists in India," Minister of State for Home Affairs Ajay Maken informed the Lok Sabha in a written reply.

"Similarly, espionage agents in India have come to notice for using cards issued by the foreign banks," he said.

Maken said that the Central Government has strengthened the legal frame-work for combating financing of terrorism under the Unlawful Activities (Prevention) Act.

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News