Federal Web sites knocked out by cyber attack

By LOLITA C. BALDOR

WASHINGTON (AP) — A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned.

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, according to officials inside and outside the government. Some of the sites were still experiencing problems Tuesday evening.

Federal government officials refused to publicly discuss any details of the cyber attack, and would only generally acknowledge that it occurred. It was not clear whether other government sites also were attacked.

Others familiar with the outage, which is called a denial of service attack, said that the fact that the government Web sites were still being affected three days after it began signaled an unusually lengthy and sophisticated attack. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.

The Homeland Security Department confirmed that officials had received reports of "malicious Web activity" and they were investigating the matter, but had no further comment. Two government officials acknowledged that the Treasury and Secret Service sites were brought down, and said the agencies were working with their Internet service provider to resolve the problem.

Ben Rushlo, director of Internet technologies at Keynote Systems, called it a "massive outage" and said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.

Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.

According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.

"This is very strange. You don't see this," he said. "Having something 100 percent down for a 24-hour-plus period is a pretty significant event."

He added that, "The fact that it lasted for so long and that it was so significant in its ability to bring the site down says something about the site's ability to fend off (an attack) or about the severity of the attack."

Denial of service attacks against Web sites are not uncommon, and are usually caused when sites are deluged with Internet traffic so as to effectively take them off-line. Mounting such an attack can be relatively easy using widely available hacking programs, and they can be made far more serious if hackers infect and use thousands of computers tied together into "botnets."

For instance, last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian security and military intelligence agencies were involved.

Documenting cyber attacks against government sites is difficult, and depends heavily on how agencies characterize an incident and how successful or damaging it is.

Government officials routinely say their computers are probed millions of times a day, with many of those being scans that don't trigger any problems. In a June report, the congressional Government Accountability Office said federal agencies reported more than 16,000 threats or incidents last year, roughly three times the amount in 2007. Most of those involved unauthorized access to the system, violations of computer use policies or investigations into potentially harmful incidents.

The Homeland Security Department, meanwhile, says there were 5,499 known breaches of U.S. government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006.

http://www.google.com/hostednews/ap/article/ALeqM5icTKBW9_fm-oKDzns75BI-ykokSwD999UN580

Botnets pushing up spam loads

Botnet-controlled PCs are responsible for some 83 per cent of all spam messages, according to a recent report. Security firm MessageLabs said in a recent report that despite efforts to shut down service providers notorious for hosting shady operations, spam vendors are continuing to send out huge loads of junk mail through the use of botnet-infected systems.

http://www.v3.co.uk/v3/news/2245041/botnets-pushing-spam-loads

UK launches dedicated cybersecurity agency

The UK government has announced that it is to form a cybersecurity agency, one of whose functions will be to develop a cyberattack capability.

The Office of Cyber Security (OCS), dedicated to protecting Britain's IT infrastructure, will be created in line with a model proposed — and in part practised by — the US, the Cabinet Office said on Thursday. The OCS will have charge of a cross-government programme of work, while a multi-agency Cyber Security Operations Centre (CSOC), based at GCHQ in Cheltenham, will coordinate the protection of critical IT systems.

As well as cyber-defence and cyberattack coordination, the OCS will act as a conduit for information security collaboration between government and industry experts. Robert Hannigan, the prime minister's security adviser, told ZDNet UK that the OCS would be about "drawing together what people are already doing in the Ministry of Defence, the intelligence services and the police".

The government has never admitted that it has the systems and personnel to launch a cyberattack. However, according to a senior government official, who wished not to be named, the OCS will have a role in coordinating cyber-offense capabilities that will build on the resources the government currently has.

In extreme cases, the government will launch a cyberattack in response to intrusions into the UK's own systems. "Yes, we will do things proactively," the Whitehall official said at a Cabinet Office press briefing. "Information assurance has been about building stronger walls, but there's only so much you can do. You come to a point when you are allowing criminals and others a low risk in continuing to attack, and there comes a time when that has to change. This is the first time we are saying publically we are not going to sit back."

The government will develop information systems to allow it to launch denial-of-service attacks and to spy on chosen targets, said the official. "We will have a whole range of offensive capabilities, including distributed denial-of-service," said the official. "DDoS is not a first response — we definitely need graduated responses."

"Aggressive attacks are pretty far up the scale, and we want to avoid collateral damage as far as possible. It's a fine line. We don't want to get into cyber-warfare, but it's not reasonable to sit back," the official added.

The Cabinet Office official said the government would try to respond to attacks on UK systems by recourse to the law: "Whenever we can, we will pursue criminals through legal frameworks, but that only works in some countries. Clearly, in other areas of the world, people are acting with impunity."

The threat of cyber-warfare among countries was highlighted by the May 2007 attacks on the Estonian national infrastructure. Further attacks, on countries such as Georgia, have strengthened the government's resolve to address IT security issues.

The model for the OCS is similar to that in the US, which plans to quadruple the number of security experts defending against cyberattack, while cyber-offense capabilities are currently under the aegis of the US Air Force. The Pentagon will create a cyber-command to oversee US cyber-military efforts.

The OCS will come under protection of the Cabinet Office and will report to the National Security Secretariat in that office. No director has been named for the department.

The office will pool intelligence capabilities from MI5, MI6, the Ministry of Defence, the Metropolitan Police e-Crime Unit, and the Serious and Organised Crime Agency (Soca). Other government agencies involved include the Department of Business, Innovation and Skills (BIS); the Central Sponsor for Information Assurance (CSIA); CESG, the information-assurance arm of GCHC; and the Centre for the Protection of National Infrastructure (CPNI).

The OCS will launch with a staff of 16 to 20, while the CSOC in Cheltenham will have 20 to 25. "We will start small and learn from initial US attempts [to build a cyber-security department]," said a Cabinet Office official. "We want to establish a core team."

The government will also reach out to industry to create a pool of IT security expertise, given the scale of the task of securing UK public and private sector IT infrastructure. A key priority for implementing the strategy will be to develop a cyber-industry with "opportunities for high-tech businesses in the UK", according to a government statement.

In addition, the OCS plans to launch a cyber-skills strategy to address skills gaps in government and industry, and work with other countries to develop international law in that area.

The OCS will seek to strengthen links with countries, such as the US, and develop links with other European partners like Germany and France. Hannigan said cybersecurity collaboration with Nato is in the early stages, but that work is planned to build channels of communication with the European Network Security Agency (Enisa).

On Thursday, prime minister Gordon Brown announced the OCS as part of the government's 2009 National Security Strategy, which for the first time includes an IT security component called the Cyber Security Strategy 2009.

In a statement, Brown said securing cyberspace was necessary to give people confidence in the security of web transactions.

"Just as in the 19th century we had to secure the seas for our national safety and prosperity, and in the 20th century we had to secure the air, in the 21st century we also have to secure our position in cyberspace in order to give people and businesses the confidence they need to operate safely there," said Brown.

http://news.zdnet.co.uk/security/0,1000000189,39667231,00.htm

SKorea to set up cyber warfare command: official

SEOUL (AFP) — South Korea's military is looking to launch a cyber warfare command designed to fend off computer attacks from North Korea and other countries, officials said.

The plan will be included in a military reform package to be presented to President Lee Myung-Bak, a defence ministry spokesman told AFP.

South Korea's military computer networks are under ever-growing cyber attack.

The South's military security unit said in a report last month that every day the military counters an average of 10,450 hacking attempts and 81,700 computer virus infections.

Experts say South Korea -- one of the world's most wired societies -- needs an integrated unit to fight cyber attacks by North Korea and China, which run elite hacker units.

In 2004 hackers based in China used information-stealing viruses to break into the computer systems of Seoul government agencies.

Last year South Korean Prime Minister Han Seung-Soo warned his cabinet against what he said were attempts by Chinese and North Korean computer hackers to obtain state secrets.

http://www.google.com/hostednews/afp/article/ALeqM5geMDsdejQoeSn8FQseQHZKeTe50A

Tackling cyber crime together

by Albena Spasova

Cyber crime costs the EU billions of euros each year – but to defeat it, we need better co-operation between member states

Gordon Brown has announced the creation of a new UK cyber-security centre to combat growing attacks on computer systems within government departments and big business. Police forces are planning to set up regional "cyber crime" squads on anti-terrorist lines. Brown's initiative follows an earlier move by Barack Obama to appoint a US "cyber tsar".

Britain has been holding talks with the US and Canada to co-ordinate operations against cyber-attacks by foreign powers, terrorists and criminals. But there is growing evidence of the need for a truly pan-European response to what is a rapidly accelerating threat across the whole of the EU – and to its businesses and 500 million citizens.

Organised criminal groups are using the internet to attack a large number of European citizens and businesses for huge gains. But the widely different jurisdictions and legal systems in the EU make it almost impossible for law enforcement agencies and the judiciary to successfully investigate and prosecute a pan-European criminal case. That's what has come home to me after taking part in the prosecution of more than 400 criminal cases.

The focus at the EU policymaking level is on protecting what is called critical information infrastructure, such as electricity grids. But what policymakers also need to do is find mechanisms to address organised cyber crime in Europe. It's so easy to move from one country to another and there are certainly no borders on the internet – but there are borders when it comes to judicial co-operation. That's the biggest challenge that Europe needs to address.

The EU is committed to rolling out high-speed broadband connections to all its citizens – a top priority for Viviane Reding, the EU information society and media commissioner. Unfortunately, while the internet offers great opportunities in our daily lives and in business, it is increasingly used for illegal gains. So we need to find common solutions that make it hard for online criminals to defraud businesses and consumers, download illegal content, move funds illegally etc.

Reding is also pressing the EU to appoint its own cyber tsar, primarily to combat attacks on infrastructure such as those in Estonia, Lithuania and Georgia in the past two years. This was the main topic of a cyber warfare conference this month in Tallinn, the Estonian capital, where EU ministers initially discussed it in late April.

But it's clear that gaps in judicial co-operation in Europe are creating a paradise for internet fraud. It's also clear that the majority of cyber threats in Europe are not related to cyber warfare but to cyber fraud, a much bigger and more widespread phenomenon – and growing exponentially. A typical example of a fraudulent scheme would be: fraudster X masterminds a criminal ring in, say, Italy organising cross-border phishing (sending spoof emails) attacks from several EU countries that target financial institutions and e-commerce globally. By recruiting online "money mules" in other countries to move the money from one jurisdiction to another and paying them a small fee X creams the bulk of the huge profits. Fraudsters are even creating their own ISPs (internet service providers) to use the IPs (internet protocols) for their criminal activities.

More:

http://www.guardian.co.uk/commentisfree/2009/jun/25/cyber-crime-europe

Tracking GhostNet: Investigating a Cyber Espionage Network

This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

Belarussian KGB uncovered eight websites promoting religious extrimism

Belarussian KGB agents discovered eight webistes promoting radical religious extrimism during operation "Proxy" which was carried out from 15th of March to 15th of May.

Since 15th of March to 15th of May under the aegis of the organisation of the collective security pact within the bounds of internation operation "Proxy" a complex of measures was taken directed at fighting crimes in the sphere of informational technologies.

Terrorist organisations' Internet resources, their financial donors' websites and resources stirring up national and religious intolerance, as well as sites publishing information concerning manufacture and use of self-made explosives were first on the list. Accordingly, KGB found out about 8 such resources that were promoting religious extremism, and the activites of three websites outside of Belarus were stopped. Information about other three sites, used for publishing Taliban threats of terrorist acts in Belarus, is being checked by other CIS countries.

Other goals were pursued as well. In particular, activities of 280 internet resources with child pornography were stopped. 3 criminal cases were raised for creation and distribution of pornographic materials on the republic's territory.

A series of crimes dealing with electronic means of payment were discovered. 323 criminal cases were raised by the facts of illegal use of bank payment card requisites. Activities of 7 companies with signs of pseudoenterprenurship nature dealing with illegal money exports were stopped.

http://www.e-belarus.org/news/200906191.html

US Officials Finally Going After Online Organized Criminals In Other Countries from the it's-a-start dept

It's no secret that Eastern Europe has become the center of an awful lot of organized crime online. Various phishing and scam rings tend to work from a variety of different Eastern European countries without much fear of law enforcement or prosecution. Most of the enforcement in the US to date has been on the few unfortunate Americans who got involved in such scams -- but such targets were almost always small-time scammers compared to the big players across the ocean. However, there are some signs that's starting to change. Forbes details the first case of a foreign cybercriminal being extradited to the US, noting that greater cooperation between foreign governments and the US means that we should be seeing more of this. However, the article also notes that this is only one small attempt, and officials haven't really been able to do any damage to some of the bigger organized crime groups online. Still, given how little the US gov't had been able to do to actually go after the real criminals, it is a good sign that at least they're looking for ways to reach across boundaries to find them.

http://techdirt.com/articles/20090608/1721485170.shtml

Cybercrime costs Australian business $600m: report

Cybercrime is taking its toll on Australian businesses, costing them more than $600 million according to the latest report from the Australian Institute of Criminology (AIC).

http://computerworld.com.au/article/306743/

Cybercops Without Borders

Andy Greenberg,

For years, cybercrime has been moving to Eastern Europe and Asia. Now U.S. law enforcement is following it.

Glancing at his file, there's little in the case of 23-year-old Ovidiu-Ionut Nicola-Roman to distinguish him from the average cybercriminal. Beginning in 2005, he was a member of a massive "phishing" scheme that harvested millions of e-mail addresses from the Web and used a program called "E-mail Sender Express" to barrage those addresses with spam messages at a rate of around 30,000 an hour.

Those e-mails lured users to Web sites that impersonated banking pages requiring account information, realistically spoofing businesses like Wells Fargo ( WFC - news - people ), Regions Bank, Charter One and PayPal. The scheme brought in thousands of credit card numbers and PINs, each of which was used to siphon off cash from ATMs at a rate of as much as $1,000 per card.

All of those tactics follow the typical playbook of modern malicious hackers. But Nicola-Roman holds a distinction nonetheless: In March, he became the first foreigner to be extradited to the U.S. and convicted of phishing.

http://www.forbes.com/2009/06/01/cyberbusts-security-internet-technology-security-cyberbusts.html