Last September six helicopters with at least two AH-6 Little Bird (pictured to the right) attacked an al-Shabab convoy in southern Somalia, which carried Saleh Ali Saleh Nabhan. The convoy was quickly out-gunned. Wounded and dead militants were picked up and taken away by the helicopters.

The US military claimed responsibility for the operation, called Celestial Balance; they suggested it involved extensive coordination between Army and Navy with support from two warships and was planned over several months.

The success of a delicate and complex operation surely created a stir. Some reported it as a change in policy for the US; an “evolution in US operational and intelligence capabilities” — one that worked yet left civilians unhurt. Somali militants may have been spooked to the point where they were looking skyward more nervously. Retaliation was predicted but so far none has come.

Now a similar shootout has just been reported further north. Details are sketchy (one helicopter/two helicopters, shots fired/no shots fired) and the US denies involvement. The Scotsman calls it a mystery over Somalia helicopter shootout

Residents of the town of Merca, about 50 miles south-west of Mogadishu, said a military helicopter flew over on Sunday and Islamic militants from the al-Shabaab group fired on it. Some residents said the helicopter fired back but caused no major damage.

But no-one seems to know who the helicopter belongs to.

Maybe it is owned by the Stuxnet authors? I jest.

Unlike Stuxnet, which really truly could be written by anyone with a computer, a coordinated helicopter operation suggests nation-state resources and planning. If nothing else, this story gives a little better perspective on security resource differentiation. Perhaps African Union force Major Barigye Bahoku said it best:

You made me have the laugh of the year. There is no way the African Union force can be involved in such a strike. We don’t have helicopters — any air capacity whatsoever.

He does have a PC and a network connection, however.

The fallout from “Operation: Payback is a Bitch” continues, although it is not clear yet who exactly is at fault in this case. During ongoing attacks from the Low Orbit Ion Cannon DDoS tool a lawfirm infamous for prosecuting file sharers has experienced a breach and will be sued itself for accidentally sharing sensitive information.

V3 says the law firm is facing legal action over data breach

The ACS-Law web site was hit by a series of DDoS attacks over the weekend carried out by web group Anonymous as part of a wide-ranging attack on pro-copyright organisations known as Operation Payback.

The breach of ACS-Law’s systems reportedly resulted in the release of a file containing 365MB of emails containing credit card information on suspected offenders, as well as emails written by the firm’s boss Andrew Crossley.

Rights group Privacy International has reported the firm to the ICO, as the data breach was not technically caused by the hack, but by a failure to put appropriate technical safeguards in place.

The good news is ACS:Law is well experienced in notifying people. They apparently sent 10,000 letters in just the first two weeks of January 2010. In that case they were said to be trying to blackmail people by telling them to pay or be sued for sharing information illegally. Now they just have to turn it around a little and say they were sharing information illegally so they are being sued and will pay people.

More than the privacy of suspected offender information is at stake. The Inquirer shows why some of the email exposed in the breach, now available on the Pirate Bay, will probably further damage the law firm’s already controversial business model:

Crossley bragged about how much money he has obtained from penning his emails to people. He wrote, “Spent much of the weekend looking for a new car. Finances are much better so can put £20-30k down. May go for a Lambo or Ferrari. I am so predictable!” Later emails reveal that he bought a Jeep Compass 2.4CVT.

In a letter to NG3Sys, which did the outfit’s Internet monitoring, he told it that it would receive on average about £1,000 per 150 letters sent.

[…]

Other emails include the approach used to screw people out of cash when they are clearly not liable for copyright infringement.

Perhaps most interesting is how attackers also try to capitalize on search results to infect more computers, documented by Panda Labs.

I will cover this next month along with other high-profile breaches in my RSA 2010 Europe presentation on the Top Ten Breaches.

A US jet charter company had an expensive and dangerous crash in 2005. This led investigators to discover Platinum Jet Management LLC was operating a high risk and illegal airline. NJ.com says one of the pilots has now pleaded guilty to several serious charges

Vieira told assistant U.S. Attorney Scott B. McBride that he falsified flight logs, altered weight and center of gravity graphs, and routinely flew illegal charter flights that violated federal safety regulations.

One of the practices of Platinum was to overfill fuel tanks at cheaper airports and then alter flight manifests to hide the extra weight. Another practice was to hire unqualified pilots and other staff. The performance of the flight attendant during the 2005 crash probably gave investigators several big clues about airline management practices.

…a Miami model and dancer — did not know how to open the door of the plane to evacuate those inside

NJ.com points out that passengers, obviously who were high-value assets, paid nearly $100,000 per charter even though the company was not even certified to fly.