A lot of buzz going on on the lists about Blackworm. An adhoc Blackworm task force has been formed. About 700,000 PC’s are infected today. Go to SANS to get the latest. You should update your AV signatures to at least January 23rd levels right away.
Last week it was $67 Billion. According to an article at Forbes, Robert Mueller, FBI Director says:
“Hackers caused American companies $32 million in losses last year.
“
I can live with those numbers.
I need to take the latest FBI exagerations with a large grain of salt. The report just out claims that computer crime costs US companies $67 billion. This is crazy talk. They surveyed a few companies and multiplied the self reported numbers by some really big numbers to come up with a really really big number.
By the FBI’s estimate companies in the US suffered losses from cybercrime that are three times greater than worldwide spending on all security solutions. I don’t think so.
I like to look at the other side of the equation. How much ill gotten gain ended up in the pockets of cyber criminals last year? I would peg it at more than $100 million but considerably less than $1 Billion.
Time for the FBI to stop doing this survey all together and start using reported thefts and losses as a measure. That would be something we could sink are teeth in to.
Microsoft has completely exceeded my expectations. Anyone who has attended one of my presentations in the last year has heard me make the earth shaking prediction that the second Tuesday of the the first month after Vista 1.0 is released we will learn of critical vulnerabilities in Vista, thus perpetuating the continuous cycle of new vuln-new attacks that keeps the security industry alive.
Well Vista has the WMF vulnerability and Microsoft issued patches this weekend to beta testers. Link.
According to an article in the Jerusalem Post Michael and Ruth Haephrati have given up their appeal and are being extradited to Israel for trial in the case of the Israeli Trojan Fiasco. No details on time frame.
Also from the article:
Companies suspected of using the Trojan horse program included the Meir Group (Volvo-Honda) against Champion Motors, the Tami4 water retailer against Mei Eden, Amdocs against a reporter for the Globes newspaper, Bezeq International against Zahav Lines and Home Center against Ace Hardware.
Every time this is reported different companies are mentioned.
I see that Sumitomo in Japan is introducing RSA SecurID tokens for online banking. One hitch, they are charging their customers for better security. About $0.91 per month.
I think that a lot of the trouble we cause for ourselves is from confusing reality with how we want things to be. One way of doing this is to over simplify. Vendors of IT solutions are the most guilty of this. Startups latch on to one idea and then view the world through a single pass filter that makes all problems look the same. Established vendors assume that their customers are loyal to them and have already deployed their products everywhere. Even upper level management view their shops in broad categories. “We are a Microsoft shop”, “We are an Oracle shop”.
In my experience every “Microsoft shop” has other equipment that is not Microsoft: network appliances, printers, servers, storage, you name it.
There is a utopian IT architecture. It looks like this:
-Every desktop is exactly the same. Any variation is an aberration.
-All routers run the same level of code.
-All mobile platforms are the same. End users don’t add things or customize things.
-If change is needed we will investigate and roll out changes in the next budget cycle.
It is in this utopian environment that Network Admission Control looks good. Only conforming devices are allowed on the network. Each laptop, server, desktop must have the same OS settings, firewall configuration and AV client with update at least at level x.
As crazy as this sounds it is exactly what the Ciscos and Microsofts of the world are proposing. They are selling conformity. Can’t roll out CNAC because you still have some non Cisco core routers? Well get rid f them!
The execution problems are almost insurmountable. But there is an even more fundamental problem. Conformity is anathema to security. While most organizations have managed to standardize on Windows for desktops and lap tops they still have a range of versions. Having Win2000, XP, and even 98 in the mix actually decreases the likelihood of a single worm or virus wiping you out. What if an update from you AV vendor crashes your AV client? By forcing conformity you reduce resiliency.
Luckily conformity is a utopian fantasy. It really does not exist anywhere. So why waste even a minute trying to deploy Network Admission Control?
Steve Gibson, creator of the firewall Leak Test believes that the WMF vulnerability was deliberately programmed into Windows. He hypothesizes that Microsoft could have put it in for a situation where they had to bypass admin settings, firewalls, AV, to execute code on the machines of visitors to their website via an image file.
If you want the counter explanation see the Microsoft Security blog entry. They explain that the vulnerability was introduced in 1990.
Lots of old code hanging around Windows. Mr. Gibson is being spooked by ghosts of the past.
You have to get out on the road to learn new stuff in the security world. Invariably I learn the most interesting things from people who attend my presentations. I recently picked up a new fact regarding the Sumitomo case.
First a recap. Last year it came to light that UK authorities had put the kibosh on what would have been the largest bank heist in history. The story as it eventually came out was that cleaning staff has installed hardware keystroke loggers on certain machines within the London branch of Sumitomo Mitsui, a huge Japanese bank. They captured credentials that were then used to transfer 220 million pounds (call it half a billion dollars). Luckily the police were involved and were able to stymie the attack. At the time it was reported that two of the gang members in Israel were arrested.
So my new piece of information is that a security guard was in on the deal and was arrested. Now mind you, this is hearsay from a “credible source”. But it does fit with the previously reported information that security camera video tapes had been removed so there was no record of the installation of the hardware keystroke loggers.
If this had occurred in the United States we would have answers to the following questions by now.
1. What happened to Yaron Bolondi and Aharon Abu Hamra the men arrested in Israel after 13.9 million pounds were supposedly transferred to Bolondi’s account there?
2. Have their cases come to trial?
3. If not when are the trials?
4. What was the name of the company that supplied the cleaning staff?
5. What was the name of the security company that supplied the security guard?
6. If a security guard was arrested what was he charged with?
7. Were all of the funds really recovered?
8. Are there public records that show insurance claims by Sumitomo that may indicate a major loss in the first half of 2005?
9. What has happened to the gang that pulled this off?
10. Are they working on their next heist now that they have learned from their mistakes?
I don’t mean to be critical of Sumitomo, the UK police, or UK journalists. But I do mean to be critical of a system that allows this type of event to be whisked under the carpet without truth being told.
Lovely. This blog writer went ahead and purchased 100 records of calls made on General Wesley Clark’s cell phone last year. I am surprised that telemarketers don’t do this all the time. Details provided in the link.