- Email: [email protected]
City worker holds San Francisco to ransom
NEWS Continued from front page... Editorial Office: Elsevier Ltd, The Boulevard, Langford Lane Kidlington, Oxford OX5 1GB, United Kingdom Programme Editor: Steve Barrett Tel: +44 (0)1865 843239 Fax: +44 (0)1865 843933 Email: [email protected] Web: www.networksecuritynewsletter.com Editor: Danny Bradbury Email: [email protected] Senior Editor: Sarah Gordon International Editoral Advisory Board: Dario Forte, Edward Amoroso, AT&T Bell Laboratories; Fred Cohen, Fred Cohen & Associates; Jon David, The Fortress; Bill Hancock, Exodus Communications; Ken Lindup, Consultant at Cylink; Dennis Longley, Queensland University of Technology; Tim Myers, Novell; Tom Mulhall; Padget Petterson, Martin Marietta; Eugene Schultz, Hightower; Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact Production Editor: Lin Lucas Subscription Information An annual subscription to Network Security includes 12 printed issues and online access for up to 5 users. Prices: 992 for all European countries & Iran US$1110 for all countries except Europe and Japan ¥131 700 for Japan (Prices valid until 31 December 2008) To subscribe send payment to the address above. Tel: +44 (0)1865 843687/Fax: +44 (0)1865 834971 Email: [email protected], or via www.networksecuritynewsletter.com Subscriptions run for 12 months, from the date payment is received. Periodicals postage is paid at Rahway, NJ 07065, USA. Postmaster send all USA address corrections to: Network Security, 365 Blair Road, Avenel, NJ 07001, USA Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: +44 1865 843830, fax: +44 1865 853333, e-mail: [email protected]. You may also contact Global Rights directly through Elsevier’s home page (www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 750 4744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; tel: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.
02158
2
Printed by Mayfield Press (Oxford) Limited
Network Security
Kaminsky and a variety of vendors and ISPs worked on the problem and were able to get a two-week head start before the details of the vulnerability were leaked. Exploit code is now in the wild, and the race has been on to get patches to all DNS servers out in time to minimise the damage. Patching such a huge code base is understandably difficult, and reports have surfaced of performance issues with anti-DNS poisoning patches. Representatives from the Internet Systems Consortium posted on a mailing list that the patches could impact performance for high-volume recursive DNS servers running BIND, the popular DNS server software. US-CERT also noted that some nameservers behind network address translation and port address translation devices may not be helped by the patch which uses port randomisation to minimise the risk. Apple took time to patch its servers, but eventually complied, although at the time of writing reports suggested that the company had still to patch Mac clients. H.D Moore, author of the Metasploit toolkit, quickly put the DNS flaw into his software. The renowned hacker then experienced a DNS attack that he said happened at his local ISP’s server, which altered the destination page for web queries. The discovery of the flaw led to renewed calls for the implementation of DNSSEC, which bolsters the security of DNS requests. The .ORG public internet registry had already announced plans in June to become the first domain to recommend the adoption of DNSSEC across the board.
The mayor of San Francisco finally got the electronic codes from a disgruntled technical worker who effectively held the city to ransom after creating a back door to take control of city computer systems. Terry Childs, a technical worker for the City of San Francisco, reportedly created passwords granting him exclusive access to the FiberWAN wide area network, which contained files crucial to administrative operations. Local paper SFGate said that officials’ emails, payroll files and law enforcement documents were on the system. Newsom got the keys after Childs experienced a change of heart in his jail cell, where he is being detained.
Online crime networks mimic mafia
A
report from Finjan has confirmed that criminals focusing on internet crime have formed highly structured networks, similar in organisation to the mafia ‘family’ model.
A top boss controls the syndicate without committing any of the crime himself. An underboss deals directly with the rest of the syndicate, providing Trojans and controlling the command and control structures. Campaign managers akin to the mafia’s ‘capos’ carry out their own malware campaigns with the help of affiliation networks. Affiliates in the network hack legitimate sites and insert references to attack code to earn rewards from the campaign managers. The attack code is then installed on victims’ machines to harvest data, and resellers sell it on.
City worker holds San Francisco to ransom
I
t’s normally the mayor that awards notable public figures the key to the city. In Gavin Newsom’s case, he was lucky to get them back from a disgruntled programmer who had been refusing to hand them over.
Global spam by category, August 2008. Source: Symantec monthly spam report.
August 2008
02158
2
Printed by Mayfield Press (Oxford) Limited
Network Security
Kaminsky and a variety of vendors and ISPs worked on the problem and were able to get a two-week head start before the details of the vulnerability were leaked. Exploit code is now in the wild, and the race has been on to get patches to all DNS servers out in time to minimise the damage. Patching such a huge code base is understandably difficult, and reports have surfaced of performance issues with anti-DNS poisoning patches. Representatives from the Internet Systems Consortium posted on a mailing list that the patches could impact performance for high-volume recursive DNS servers running BIND, the popular DNS server software. US-CERT also noted that some nameservers behind network address translation and port address translation devices may not be helped by the patch which uses port randomisation to minimise the risk. Apple took time to patch its servers, but eventually complied, although at the time of writing reports suggested that the company had still to patch Mac clients. H.D Moore, author of the Metasploit toolkit, quickly put the DNS flaw into his software. The renowned hacker then experienced a DNS attack that he said happened at his local ISP’s server, which altered the destination page for web queries. The discovery of the flaw led to renewed calls for the implementation of DNSSEC, which bolsters the security of DNS requests. The .ORG public internet registry had already announced plans in June to become the first domain to recommend the adoption of DNSSEC across the board.
The mayor of San Francisco finally got the electronic codes from a disgruntled technical worker who effectively held the city to ransom after creating a back door to take control of city computer systems. Terry Childs, a technical worker for the City of San Francisco, reportedly created passwords granting him exclusive access to the FiberWAN wide area network, which contained files crucial to administrative operations. Local paper SFGate said that officials’ emails, payroll files and law enforcement documents were on the system. Newsom got the keys after Childs experienced a change of heart in his jail cell, where he is being detained.
Online crime networks mimic mafia
A
report from Finjan has confirmed that criminals focusing on internet crime have formed highly structured networks, similar in organisation to the mafia ‘family’ model.
A top boss controls the syndicate without committing any of the crime himself. An underboss deals directly with the rest of the syndicate, providing Trojans and controlling the command and control structures. Campaign managers akin to the mafia’s ‘capos’ carry out their own malware campaigns with the help of affiliation networks. Affiliates in the network hack legitimate sites and insert references to attack code to earn rewards from the campaign managers. The attack code is then installed on victims’ machines to harvest data, and resellers sell it on.
City worker holds San Francisco to ransom
I
t’s normally the mayor that awards notable public figures the key to the city. In Gavin Newsom’s case, he was lucky to get them back from a disgruntled programmer who had been refusing to hand them over.
Global spam by category, August 2008. Source: Symantec monthly spam report.
August 2008