Tuesday, September 23, 2008

Constant Vigilence

I was at the NY Metro meeting of Infragard, an organization I have been a member of in Boston and NYC for a few years. The speakers are excellent, the vendors who present stay on topic not on their brand, and it is a great place to network, and for me personally a great place to reaffirm that we live in the best country in the world and it deserves to be protected.

The focus of todays presentations could be summed up in the title of this post. We heard about the attacks in Georgia and did not know that there was a cyber attack that came from Russia at the same time mortars were being shot - a proverbial double whammy. The most interesting thing to me was that the folks who coordinated the cyber attack didn't have to recruit a bot army or drones. Russian people gladly volunteered their computing horsepower to fuel the cyber attack.

Another key point was made on how the perimeter is secure and porous and without easily defined and consumed policies - the threat vectors increase, not decrease. With the proliferation of social networking sites that distribute malware that is virtually undetectable by a lay person, the threat vectors have also been on the rise. Cyber crime has also become more profitable than drug trafficking.

Today's presentations reaffirmed my long held belief that the bad guys are far better at sharing information than the good guys and that needs to change. I am happy to play a miniscule role in getting the word out and to remind us all to maintain constant vigilence out there.

Live from New York...

Friday, September 19, 2008

The Palin Hack Details

I was glad to see the BBC this morning had some coverage that those of us in the industry can sink our teeth into...

So my synopsis is that they used the password reset function to change the password at Yahoo. They gathered info from Wiki's and I'm sure Googled a bunch of stuff to piece together enough info that would or could be asked by Yahoo to perform a reset.

Then they use the CTunnel proxy service to obscure where they came in from, thinking they had covered their tracks. Then in a breathtaking 'dumb criminals' move they post screenshots with the URL from the origination point displayed clearly (PrtScn brings down Palin hackers). I wonder if these guys had ever done a B&E at a liquor store and left their Mapquest directions on the counter to let the cops know their start and end points.

The article snippet:

The attackers broke into Mrs Palin's gov.palin@yahoo.com e-mail account. This account and another, gov.sarah@yahoo.com, owned by Mrs Palin have now been deleted.

The FBI and the US Secret Service have now begun a formal investigation into the attack and who may have been behind it.

The hackers used the CTunnel proxy service which routes web browsing through an intermediary to obscure where the attackers were based.

However, the screenshots for the attack reveal the original web address used by the proxy which may help investigators track down the miscreants.

It has been reported that records from the CTunnel proxy service are being sought by the FBI.

The attack on the e-mail account comes as questions are being asked about whether Mrs Palin used her personal e-mail accounts to carry out state business.

US law states that all e-mails relating to the official business of government must be archived and not destroyed. However, it does allow for personal e-mails to be deleted.

Mrs Palin is being investigated in Alaska for alleged abuse of power while governor of the state.

Wednesday, September 17, 2008

It's a Countrywide Issue...

I was catching up on some reading and happened across the latest breach story that happened at Countrywide. I read the story at the boston globe.

It wasn't an outsider but an Insider who harvested the data and sold it. Why in this day and age companies still think it's cheaper to have a breach than prevent one. I will have to ping Larry at the Ponemon Institute to see what the cost per record is up to. I'm sure David Rowe over at Netvision is shaking his head as well. We have had several cups of coffee talking about the Insider threat for a couple of years.

The story...

More than 45,000 Massachusetts consumers may have had personal information stolen in the security breach at Countrywide Financial Corp., according to the company.


Countrywide alleged that a former employee sold personal information of 2.2 million customers, including Social Security numbers and mortgage loan numbers, to a third party. Two arrests have been made.

The number of affected consumers in Massachusetts is far greater than initially thought. On Aug. 1, in a letter to Daniel Crane, director of the state Office of Consumer Affairs and Business Regulation, Countrywide said it mailed notification letters to "three affected Massachusetts consumers."

On Sept. 10, the California mortgage lender sent a second letter, saying that "as a result of the ongoing investigation," Countrywide had identified 45,283 at-risk consumers in Massachusetts. State law requires agencies that store consumers' personal information to issue notifications of security breaches "as soon as practicable and without unreasonable delay."

According to FBI reports, Countrywide fired the accused employee, Rene Rebollo Jr., in July. Rebollo allegedly confessed to downloading 20,000 data files per week for two years, and said he earned as much as $70,000 from the sale of the data. Wahid Siddiqi is being charged for allegedly purchasing the information.

Both men were arrested in August, a month before the breach was made public. Both pleaded not guilty.

In its letters to state officials, Countrywide said on June 11 the US Attorney's Office requested it delay notifying consumers. "It's an ongoing investigation with the FBI and we are being very, very careful as not to jeopardize it," Countrywide spokeswoman Susan Martin said.

Massachusetts Attorney General Martha Coakley declined to say whether the state was conducting its own investigation. "This is different than any other breaches in that there was no negligence on the part of the company," Coakley said yesterday. "This was intentional, and the information was sold to outside parties."

Countrywide is offering two years of credit monitoring to affected customers. But Wendy Thomas of Peabody questions if Countrywide notified at-risk customers in a timely fashion. Her husband learned last week his personal data could have been stolen and sold. "I felt like we were left out here in the wind."

Palin's accounts hacked

I was watching the news and saw a report about Palin's Yahoo account being hacked and her personal information (Photos, cell phone numbers of family - minorsno less) posted, and emails accessed.

The story that I read first was geared towards activist Andre McLeod and his lawyer Donald C. Mitchell up in arms about the Governor running state business out of an unsecure and unencrypted email account:


Palin has come under fire in recent days for her use of a personal e-mail accounts to conduct state business. An Alaska activist has filed a Freedom of Information Act request seeking disclosure of e-mails from another Yahoo! account that Palin used, gov. sarah@yahoo.com.

That account appears to have been linked to the one that was hacked.

Both accounts appear to have been deactivated. E-mails sent to them Wednesday afternoon were returned as undeliverable.

Andrée McLeod, the activist who filed the FOIA request, said Wednesday evening that Palin should have known better than to conduct state business using an unsecured e-mail account.
"If this woman is so careless as to conduct state business on a private e-mail account that has been hacked into, what in the world is she going to do when she has access to information that is vital to our national security interests?" she asked.

McLeod's Anchorage attorney, Donald C. Mitchell, said Palin refused to comply with a public records request in June to divulge 1,100 e-mails sent to and from her personal accounts, citing executive privilege.

"There's a reason the governor should be using her own official e-mail channels, because of security and encryption," the attorney said. "She's running state business out of Yahoo?"



What is interesting is that his lawyer wasn't worried about the FBI, FCC, Alaska, and local officials digging so far into his and his clients pasts that they will no doubt uncover that what they did was illegal, broke a number of laws and that the Governor's family was messed with, including a minor.

Since there was so much state business being conducted with her yahoo account, why wasn't that posted up for perusal? This guy (and other militant Yahoos) would break into a bank and take a quarter, and justify their actions because he only took a quarter. It's the same as going to a peaceful rally with a Molotov cocktail - irony at its best.

Thank you activists for once again proving we have no privacy, that Change means you don't get to get away with this kind of stuff, and time will tell if he lands a bunk in a federal country club prison or a 'pound me in the ass prison'.

Anyone know if the State of Alaska or Yahoo has better security and/or encryption? Any vendor want to propose a bake off?

Labels: , , ,

Monday, September 15, 2008

This Country is in a World of Hurt

I was up at 3 am and the news coverage was still in full swing. All I could think of is that this country is in a world of hurt. Watching Lehman employees pack up their offices and carry a box out the front door was just awful. And the awfulness has yet to see an end.

Couple that with the folks in Houston riding out Ike and now facing the aftermath - it was not a great morning to be watching the news so early.

I am bewildered and angry that the financial markets melted down. Sarbanes Oxley, regulations up the wazoo, and compliance to the law was pitched as a way to stop the meltdowns and yet here we are. When did we all become Bud Foxx? Or did we?

Hang in there.

Monday, September 08, 2008

Props to T-Mobile

I just had to write about the superb customer service I received from T-Mobile last week.

I was having an issue getting my Blackberry email to work. I logged a ticket after a day without email (blessing and a curse). Two days later I called back to check status and had to escalate. I had a feeling it was a provisioning problem - it was - and they resolved it by the end of the business day Friday. Well done T-Mobile!

I don't know what they use for provisioning but it was fast to solve the problem once correctly identified (took two minutes).

mark