Security

FBI on the trail of Anonymous

Leave a comment

I explained last month in LOIC Exposes Attackers that the Anonymous attack tool of choice was not anonymous — it does not hide the IP address of attackers.

Now an affidavit on the Smoking Gun shows how the FBI and German Federal Criminal Police (BKA) are using logs to track down the IRC servers that initiated the attack on PayPal.

Log files showed that the commands to execute the DDoS on PayPal actually came from IP address 72.9.153.42. Below are the log entries from the server as provided by the BKA…Based on my experience and training, I know that companies providing co-location facilities do not always label or externally identify the computer servers at their facilities with their IP address. Therefore, as part of the process of identifying the computer system that I seek to search, I may be forced to check each system belonging to the target customer until I have determined that it is the computer to be searched.

I find it hard to believe that the agent would rely on an external label even if one existed on the equipment. It is even stranger to hear the absence of labels used as a reason to widen the scope of a search. The affidavit copy ends with an ominous half-sentence:

This check may involve a check of the network traffic emanating from each system or, in the worst case scenario, the

…network traffic emanating from every system in the company? Is that like a warrant to install surveillance on an apartment that includes the caveat that the entire city might have to be tapped? Where is page 6?

Security

Saudi Arabia Accuses Israel of Spying with Birds

2 Comments

There was the ludicrous accusation last year by Egypt of Mossad-trained attack sharks to hurt their tourism industry. Then there was the rock accused by Lebanon of being an Israeli listening device.

Now Saudi Arabia is getting in on the action. They report, according to the Israelis, that a vulture has been detained for being Mossad spy. Like the rock in Lebanon, the Saudi proof of a nefarious plot comes from a clearly-labeled tag on the bird:

A vulture tagged by scientists at Tel Aviv University has strayed into Saudi Arabian territory, where it was promptly arrested on suspicion of being a Mossad spy, Israeli and Saudi media reported Tuesday.

The bird was found in a rural area of the country wearing a transmitter and a leg bracelet bearing the words “Tel Aviv University”, according to the reports, which surfaced first in the Israeli daily Ma’ariv.

Although these tags indicate that the bird was part of a long-term research project into migration patterns, residents and local reporters told Saudi Arabia’s Al-Weeam newspaper that the matter seemed to be a “Zionist plot.”

The vulture also flew in a strange circular pattern, indicating it possible CIA connections. One of its wings was shorter than the other, which suggests German BND training, and a slightly larger beak than normal says the French DGSE probably raised the bird.

Either the Israelis are really doing a good job of feeding neighboring states misinformation to make them “cry wolf” until they lose all credibility, or they are feeding the rest of the world misinformation about their neighbor states…or those countries are coming up with these stories all on their own and Israel is more than happy to share them.

Although I searched Saudi and Arab news sources, I found no mention at all about the vulture. Nothing on Al Jazeera (they headlined a story on “risky cuts” that led to the BP Gulf disaster). I guess you could say the only thing even close on Al Jazeera is a story about a foiled Turkey ‘hijacking’.

I did, however, find a million or so American sites repeating the Israeli story.

Food, Security

Back Door Java

Leave a comment

An outsider’s look at homes reveals the significance of having a back door in Java (Back door Java: state formation and the domestic in working class Java, 2006, page 55):

I did not fully understand why they did not want to use the kitchen in our house, because it had running water and tiled counter and floor space. Bu Sae’s kitchen, in contrast, was a small dark, dirt-floored annex to the main house, reached by a dirt path running along the east side of her house and next to our own. There was very little room and no clear space for food preparation. Yet, Bu Sae was insistent that we could not know how many people would attend and thus we could not use my house. What if we ran out of something, glasses, piring (plates), or tea? We had no back door to go get more.

The American view is focused on an infinite supply of water and space within the room. However, the back door in Java seems to represent the link to more essential services as well as a larger social network — beyond the room, or even a family.

This makes quite a bit of sense. Think about this in terms of cloud computing. Better to have a shiny new-looking server that is clean and with some capacity, or to have a server with access to many more that can expand and work together more flexibly to meet demand?

Think about it also in terms of social network sites. Some friends are greeted through the front door, and some are let in the back door.

These examples, from an Anthropologist’s view of homes in Java, tempt me to try and use the term “back door” instead of “cloud” to describe connected and scalable services that leverage social network groups…but I have a feeling that the current and very common use of the phrase “back door” in computing (unauthorized access) is probably impossible to overcome. I have to admit the title caught me off guard, but I’m glad I read the book.

Security

SourceFire Acquires Immunet

Leave a comment

The Immunet Blog says they plan to “spread” as the Sourcefire Cloud Technology Group.

Over the past 2.5 years the team here at Immunet has built an amazing cloud platform to deliver next generation security technologies and raise the bar for AntiVirus protection. As a result, we’ve built a product that is 35 times smaller than our nearest competitor using an entirely new approach to fight today’s rapidly spreading threats — our Collective Immunity technology. After growing to over 750,000 users in just over a year, we have reached a stage in our company’s life where we needed to put our pedal on the gas and spread Immunet to the entire world.

The acquisition makes a lot of sense since Immunet has been producing a Windows version of ClamAV, which was acquired by Sourcefire in 2007.

Windows ClamAV users had already been redirected to Immunet support and *nix ClamAV planned to migrate to the same Immunet Cloud technology that boasted “NO virus updates required“. This acquisition confirms Sourcefire’s commitment at a business as well as a technology level.