Friday, April 6, 2012

Cybersecurity: Interesting reading. Kingpin

KINGPIN: How One Hacker Took Over the Billion-Dollar Cybercrime Underground, by Kevin Poulsen

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime.

The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.

The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches…yet at every turn, their main quarry displayed a seemingly uncanny ability to sniff out their snitches and see through their plots.

The culprit they sought was the most unlikely of criminals, a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent ‘white hat’ hacker Max ‘Vision’ Butler, he was a celebrity throughout the programming world, even served as a consultant for the FBI. But as the black-hat ‘Iceman,’ he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring.

And for years, he did it all with seeming impunity, even as countless rivals fell afoul of police.

Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient…he began to see in their dysfunction the ultimate challenge. He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bullseye on his forehead.

Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down,Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we watch as a new generation of for-profit hackers cobbles together a criminal network that today stretches from Seattle to St. Petersburg to Shanghai. We are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And, thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms-race law enforcement continues to fight with these scammers today.

Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand-in-hand with murderous Russian mobsters, in which a simple wi-fi connection can unleash a torrent of gold worth millions.

Article: Critical Infrastructure. Researchers Release New Exploits to Hijack Critical Infrastructure

http://www.wired.com/threatlevel/2012/04/exploit-for-quantum-plc/

By Kim Zetter

April 5, 2012

Categories: Cybersecurity, Stuxnet

The Modicon Quantum programmable logic controller, which is used in critical infrastructure systems, contains common security vulnerabilities that would allow attackers to upload rogue commands to it. Photo: Reid Wightman/Digital Bond

Researchers have released two new exploits that attack common design vulnerabilities in a computer component used to control critical infrastructure, such as refineries and factories.

The exploits would allow someone to hack the system in a manner similar to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack that stunned the security world with its sophistication and ability to use digital code to create damage in the physical world.

The exploits attack the Modicon Quantum programmable logic controller made by Schneider-Electric, which is a key component used to control functions in critical infrastructures around the world, including manufacturing facilities, water and wastewater management plants, oil and gas refineries and pipelines, and chemical production plants. The Schneider PLC is an expensive system that costs about $10,000.

One of the exploits allows an attacker to simply send a “stop” command to the PLC.

The other exploit replaces the ladder logic in a Modicon Quantum PLC so that an attacker can take control of the PLC.

The module first downloads the current ladder logic on the PLC so that the attacker can understand what the PLC is doing. It then uploads a substitute ladder logic to the PLC, which automatically overwrites the ladder logic on the PLC. The module in this case only overwrites the legitimate ladder logic with blank ladder logic, to provide a proof of concept demonstration of how an attacker could easily replace the legitimate ladder logic with malicious commands without actually sabotaging the device.

The exploits take advantage of the fact that the Modicon Quantum PLC doesn’t require a computer that is communicating with it to authenticate itself or any commands it sends to the PLC – essentially trusting any computer that can talk to the PLC. Without such protection, an unauthorized party with network access can send the device malicious commands to seize control of it, or simply send a “stop” command to halt the system from operating.

The attack code was created by Reid Wightman, an ICS security researcher with Digital Bond, a computer security consultancy that specializes in the security of industrial control systems. The company said it released the exploits to demonstrate to owners and operators of critical infrastructures that “they need to demand secure PLC’s from vendors and develop a near-term plan to upgrade or replace their PLCs.”

The exploits were released as modules in Metasploit, a penetration testing tool owned by Rapid 7 that is used by computer security professionals to quickly and easily test their networks for specific security holes that could make them vulnerable to attack.

The exploits were designed to demonstrate the “ease of compromise and potential catastrophic impact” of vulnerabilities and make it possible for owners and operators of critical infrastructure to “see and know beyond any doubt the fragility and insecurity of these devices,” said Digital Bond CEO Dale Peterson in a statement.

But Metasploit is also used by hackers to quickly find and gain access to vulnerable systems. Peterson has defended his company’s release of exploits in the past as a means of pressuring companies like Schneider into fixing serious design flaws and vulnerabilities they’ve long known about and neglected to address.

Peterson and other security researchers have been warning for years that industrial control systems contain security issues that make them vulnerable to hacking. But it wasn’t until the Stuxnet worm hit Iran’s nuclear facilities in 2010 that industrial control systems got widespread attention. The makers of PLCs, however, have still taken few steps to secure their systems.

“[M]ore than 500 days after Stuxnet the Siemens S7 has not been fixed, and Schneider and many other ICS vendors have ignored the issues as well,” Peterson said.

Stuxnet, which attacked a PLC model made by Siemens in order to sabotage centrifuges used in Iran’s uranium enrichment program, exploited the fact that the Siemens PLC, like the Schneider PLC, does not require any authentication to upload rogue ladder logic to it, making it easy for the attackers to inject their malicious code into the system.

Peterson launched a research project last year dubbed Project Basecamp, to uncover security vulnerabilities in widely used PLCs made by multiple manufacturers.

In January, the team disclosed several vulnerabilities they found in the Modicon Quantum system, including the lack of authentication and the presence of about 12 backdoor accounts that were hard coded into the system and that have read/write capability. The system also has a web server password that is stored in plaintext and is retrievable via an FTP backdoor.

At the time of their January announcement, the group released exploit modules that attacked vulnerabilities in some of the other products, and have gradually been releasing exploits for other products since then.

Tuesday, April 3, 2012

STEM Initiative: Plan Now! Summer Engineering Program. Johns Hopkins University

Eligibility Requirements

Completion of sophomore, junior, or senior year of high school
Successful completion of a laboratory science (Physics, Chemistry, or Biology), Algebra II, and Trigonometry
Knowledge of a spreadsheet application, such as Excel
Residential students must be 15 as of June 30, 2012

Expand Your Possibilities

Curriculum developed by Johns Hopkins University
Nearly 90% of Engineering Innovation graduates have gone on to study engineering or science in college
10:1 student/teacher ratio
Students learn from practicing engineers about careers, internships, and educational opportunities in the field
Students with a final grade of A or B receive three transferable Johns Hopkins University credits
Certificates of Completion are awarded to all students who successfully complete the course
A residential option is available at the Johns Hopkins University Homewood campus site
The program runs four to five weeks, depending on the location

Downloadable brochure

Monday, April 2, 2012

Baltimore, Maryland Police News Service

The Baltimore County Police Department announced this week that it is now providing a weekly online news resource, including a crime blotter, for each of its 10 precincts.

The precinct officers supply content for the pages, including a summary of crimes listed on their weekly significant crimes reports.

The precinct web pages will not be used to provide breaking news alerts, but each page includes precinct-level contact information.

Precinct 1/Wilkens http://www.baltimorecountymd.gov/precinct1

Precinct 2/Woodlawn - http://www.baltimorecountymd.gov/precinct2

Precinct 3/Franklin - http://www.baltimorecountymd.gov/precinct3

Precinct 4/Pikesville - http://www.baltimorecountymd.gov/precinct4

Precinct 6/Towson - http://www.baltimorecountymd.gov/precinct6

Precinct 7/Cockeysville - http://www.baltimorecountymd.gov/precinct7

Precinct 8/Parkville - http://www.baltimorecountymd.gov/precinct8

Precinct 9/White Marsh - http://www.baltimorecountymd.gov/precinct9

Precinct 11/Essex - http://www.baltimorecountymd.gov/precinct11

Precinct 12/North Point - http://www.baltimorecountymd.gov/precinct12

Department officials said that communities accustomed to receiving local crime information from precinct captains through email distribution lists will continue to receive communication from those officers.

Elise Armacost, director of media and communications for Baltimore County Public Safety, said the new pages were not a direct response to the brief controversy surrounding the weekly emailed crime reports that have been sent to residents from the Towson precinct for several years.

"The issue of precinct-level news is something we've been looking at for months because we know people want this information," Armacost said.

"The goal is not to make every precinct a carbon copy of the other," she said. "Each precinct is different, each captain is different and they will be providing the content. ... There's going to be variation in pages. … But at minimum, we want to provide weekly crime blotter information to every precinct.

"As it is, some of our residents are getting that. In Towson they were, but there are residents of other precincts that were not getting it," Armacost said. "By making this information available on our website, we're making it available to many, many more people than it has been."

The pages also include a "news you can use" section about upcoming police events, crime prevention tips, police fund raisers, planned road closures and accomplishments by local precinct officers.

Officials said that posting community police news at http://www.baltimorecountymd.gov/police is an attempt to make information available to all citizens.

The Fire Department Twitter feed is http://www.twitter.com/BACOfiredept and the Emergency Management feed is http://www.twitter.com/BACOemergency.

Robocalls: To file a complaint.

FTC Consumer Alert

Robocalls are Illegal: Scammers Use False Caller IDs to Hide

The Federal Trade Commission (FTC), the nation's consumer protection agency, along with state and local law enforcement agencies, and consumer organizations across the country, are getting complaints from consumers about unsolicited robocalls. At the same time, individuals and businesses that have nothing to do with blasting the illegal robocalls are being blamed for these calls because their phone numbers are being misused by unscrupulous telemarketers.

Robocalls are prerecorded telephone calls. Robocalls pitching goods or services are illegal unless you've given the caller express permission to call you. And, says the FTC, in addition to the phone calls being illegal, most likely, their pitch is a scam. In fact, the FTC is cracking down on illegal robocalls offering fraudulent credit card services, and so-called auto warranty protection, home security systems, and grant procurement programs.

Fraudulent telemarketers often manipulate Caller ID information to hide their identity. In some cases, the fraudulent telemarketer may want you to think the call is from your bank, or another entity you've done business with. Sometimes, the telephone number may show up as "unknown" or "123456789." Other times, the number is a real one belonging to someone who has no idea his or her number is being misused.

If you have Caller ID, you can choose not to answer calls from numbers you don't recognize. Should you answer the phone and find yourself listening to an illegal robocall, hang up. Get the Caller ID information if you can, and file a complaint immediately with:

For more information, see New Rules for Robocalls.

The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

February 2012

FTC....Robocalls Illegal

FTC Action Puts Robocallers Out of the Telemarketing Business

Defendants Allegedly Responsible for Billions of Calls; Will Give Up Assets Totaling Roughly $3 Million

The Federal Trade Commission put a robocall operation out of the telemarketing business under a settlement resolving FTC charges that it bombarded consumers with more than two billion calls pitching a variety of products and services, including worthless extended auto warranties and credit card interest rate-reduction programs.

The final settlement order against SBN Peripherals, based near Los Angeles, which did business as Asia Pacific Telecom Inc., is part of the FTC's ongoing crackdown on deceptive robocallers. The order bans the defendants from telemarketing and requires them to give up roughly $3 million in assets.

The FTC's complaint alleged that the defendants delivered illegal prerecorded phone calls falsely claiming the caller had urgent information about the consumer's auto warranty or credit card interest rate. Consumers who pressed "1" for more information were transferred to telemarketers who used fraudulent practices to sell inferior extended auto service contracts or worthless debt-reduction services. According to court papers filed by the court-appointed receiver, from January 2008 through August 2009, the defendants completed approximately 2.6 billion outbound robocalls that were answered by approximately 1.6 billion consumers, approximately 12.8 million of whom were connected to a sales agent.

As alleged in the complaint, the defendants violated the law by using robocalls to contact consumers without their written permission and called telephones listed on the National Do Not Call Registry. To make it difficult for consumers to identify the seller, the FTC also alleged that the defendants' robocalls often transmitted caller ID information vaguely identifying the caller as "SALES DEPT" and displaying telephone numbers registered to an offshore company it controlled called Asia Pacific Telecom.

Under the proposed settlement order, Repo B.V.; SBN Peripherals Inc., doing business as SBN Dials; Johan Hendrik Smit Duyzentkunst; and Janneke Bakker-Smit Duyzentkunst are banned from telemarketing. The order also prohibits them from misrepresenting any good or service, and from selling or otherwise benefitting from customers' personal information, and requires them to properly dispose of customers' personal information within 30 days. The order imposes a $5.3 million judgment that will be suspended, based on their inability to pay, when they have surrendered assets valued at approximately $3 million, including more than $1 million obtained from a bank account in Hong Kong, a $375,000 lien on a home, a 50 percent interest in an office building in Saipan, the defendants' interest in seven parcels of undeveloped land, as well as three cars and a recreational vehicle. The full judgment will become due immediately if the defendants are found to have misrepresented their financial condition.

The Commission vote approving the proposed consent order was 4-0. It is subject to court approval. The FTC filed the proposed consent order in the U.S. District Court for the Northern District of Illinois, Eastern Division.

To hear telemarketing sales pitches used in this case, clickAuto Warranty audio 1, Auto Warranty audio 2, Credit Card audio 1, and Credit Card audio 2.

To learn more about telemarketing scams, read Who's Calling? Recognize and Report Phone Fraud, You Make the Call: The FTC's Telemarketing Sales Rule, and the FTC's new consumer alert, Robocalls are Illegal: Scammers Use False Caller IDs to Hide. The FTC also offers How to Steer Clear of Auto Warranty Scams and Credit Card Interest Rate Reduction Scams. To inform business owners, the FTC offers Reining in Robocalls and Complying with the Telemarketing Sales Rule.

NOTE: This consent order is for settlement purposes only and does not constitute an admission by the defendants that the law has been violated. Consent orders have the force of law when approved and signed by the District Court judge.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC's website provides free information on a variety of consumer topics. Like the FTC on Facebook and follow us on Twitter.

MEDIA CONTACT:: Frank Dorman
Office of Public Affairs
202-326-2674
STAFF CONTACT:: Steven M. Wernikoff
FTC's Midwest Region
312-960-5634

Friday, March 30, 2012

Joint Base provides guidance, support to FEMA response team

Photos

1 of 5


Members of the Federal Emergency Management Agency board a 305th Air Mobility Wing C-17 Globemaster III during a mobility exercise March 20, 2012, at Joint Base McGuire-Dix-Lakehurst, N.J. Approximately 30 incident management assistance team members from FEMA Region II, based in New York, N.Y., and FEMA Region III, from Philadelphia, Pa., simulated a hurricane response deployment to Puerto Rico with the help of the 621st Contingency Response Wing and the 305th Air Mobility Wing. (U.S. Air Force photo/Tech. Sgt. Parker Gyokeres)
Download HiRes

http://www.jointbasemdl.af.mil/news/story.asp?id=123294970

by Tech. Sgt. Parker Gyokeres

621st Contingency Response Wing Public Affairs

3/22/2012 - JOINT BASE MCGUIRE-DIX-LAKEHURST, N.J. -- Airmen from three wings across Joint Base McGuire-Dix-Lakehurst came together March 20 through 23 to assist the Federal Emergency Management Agency with an Operational Readiness Exercise here.

Approximately 30 incident management assistance team members from FEMA Region II, based in New York, N.Y., and FEMA Region III, from Philadelphia, Pa., converged on the 621st Contingency Response Wing's Global Reach Deployment Center for a simulated hurricane response deployment to Puerto Rico. This exercise was observed for training by members of FEMA's National IMAT based in Herndon, Va., and by members of New York City's Urban Search and Rescue Team.

"We hope to gain familiarity with DOD procedures in the event we use military airlift to respond to a disaster," said Mike Sharon, FEMA Region III IMAT leader. "For example, the security and specialized loading requirements are completely different than if we were to show up at Philadelphia International Airport."

"If FEMA needs to use military airlift in the future, we would most likely be flying out of (JB MDL), so learning the layout of the base now will save valuable time in a real-world emergency," Sharon added.

IMATs are FEMA's rapidly deployable emergency response teams. These full-time, rapid-response cells have a dedicated staff able to deploy within two hours and arrive at an incident within 12 hours to support a local incident commander. They support the initial establishment of a unified command and provide situational awareness for federal and state decision-makers, crucial to determining the level and type of immediate federal support that may be required.

The seeds for this interagency training and mobility partnership exercise began back in 2010, explains Master Sgt. Steve Dirksen, 621st CRW affiliation lead and wing plans superintendent.

"The 621st CRW has been teaching load planning, pallet buildup, weighing and cargo marking to FEMA and other federal partners since 2010," said Dirksen. "Recently, they called us and asked if they could come out and put their military airlift plans into action. We agreed, and felt it was a great opportunity to strengthen our training partnership."

Soon, a plan came together that would test the mobility processes of FEMA and call upon an increasing number of Joint Base resources. Just as it would in a real-world deployment, the 87th Air Base Wing Deployment Control Center stood up; they became the base focal point responsible for coordinating the flow of information, passengers and cargo between FEMA, the CRW and the 305th Air Mobility Wing.

"A lack of user expertise and cargo preparation knowledge often delays the joint inspection process, potentially leading to late aircraft departures," said Karen Lamphere, 87th Logistics Readiness Squadron installation deployment officer. "Working closely with our federal partners during exercises like this is essential to preventing delays during an actual mobilization."

Airmen from the CRW were tasked to provide cargo preparation and joint inspection expertise and a sheltered working area for FEMA to set up a mobile command center and test its equipment, explains Tech. Sgt. David Lund, 621st CRW wing plans NCO in charge.

Two IMAT response vehicles full of equipment were then processed for air shipment by members of the 305th Aerial Port Squadron and loaded onto a 305th AMW C-17 Globemaster III to provide familiarity with military cargo procedures to the FEMA observers. Finally, all exercise participants boarded the cargo-loaded C-17 and were provided a safety and familiarization briefing.

The entire process was helpful and informative, said Michael Anama, FEMA Region II equipment manager.

"We are finding and fixing a number of kinks in the process, but have had no real surprises," said Anama. "By the end of this week, I'm sure we will have a lot more information we can use to streamline our internal procedures and work more efficiently with the DOD airlift system on future deployments."

For the FEMA IMAT leadership, seeing it all come together was a rewarding and eye-opening experience.

"It's been a great partnership and we enjoyed the opportunity for our civilian personnel to go through the mobility process and experience what the conditions will be like in the back of an aircraft," said Sharon. "This is the kind of real world, hands-on training we can't get in a regional office. It's just great to be out here and experience everything from start to finish."