Archive for February, 2009

The Conficker worm continues to cause mass anxiety. Microsoft is offering a $250k reward for information about the cybercriminal and the industry is banding together to try to stop the spread of the worm that has infected 2-10 million PCs.

So far, the infected computers haven’t been used for malicious activity, but analysts think it’s only time before that happens. This could be the first stage to a larger attack – a single algorithm can tell Conficker-infected systems to contact domain names and be used to download malicious software.

“This worm would be a marvelous tool in hands of whoever can control it, but the real harm from it has yet to be felt, and we’re trying to postpone that day.” – Paul Vixie, founder of Internet Systems Consortium

Security researchers are working to register as many of the domains as possible that are being sought by Conficker in an attempt to prevent them from hosting malicious software. For those registered by others, the registrant information is being investigated for any ties to the cybercriminals behind this worm. In order to handle the scale of this attack, and future attacks, the industry has had to band together to co-ordinate efforts with governments around the world. For example, for the first time ever, domain name registrars have agreed to shelve Conficker domains, preventing them from being purchased.

There’s also a new Conficker B++ variant which may be a response to blocked ability to register many Conficker domains. We suggest doing what you can to update your systems (see the latest Microsoft Security Advisory) to prevent your PC from being at risk.

And while on the topic of malware, Roger Grimes writes that the only malware cure is to start from scratch.
You may also want to read Bruce Schneier’s analysis of Conficker and how it’s spreading.

Image; wax115 @ morguefile

A LoJack for Laptops equipped laptop began to call in to the Absolute Monitoring Center just days after its owner reported that it had been stolen in a home burglary. The Absolute Recovery Team deployed a series of forensic tools to mine information on the laptop’s unauthorized user and whereabouts, and uncovered several pieces of evidence that indicated the laptop was being used to perpetrate credit card fraud. Absolute passed these details over to the County Sheriff’s Forgery and Fraud Unit for further investigation.

The County Sheriff’s office was quick to act on the information that Absolute provided, and within a week, was able to obtain a search warrant for the identified user’s address. The warrant was served, and after detaining the location’s occupants, a thorough search was conducted.

Police recovered the stolen laptop from the scene, along with narcotics, stolen auto parts, handguns, a special machine that reads and re-encodes credit cards’ magnetic strips, and hundreds of documents which contained names, addresses, and social security and credit card numbers. The user was arrested and charged on several counts of Credit Card Fraud, ID Take-Over, Receiving Stolen Property and Narcotics Possession. Detectives estimate the amount of known fraud on the compromised credit cards to be in excess of $100,000.

The laptop has been returned to a happy LoJack for Laptops customer.

Learn more about the Absolute Theft Recovery process.

Please note that indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are presumed innocent until proven guilty.

An email [PDF] obtained by the Project on Government Oversight earlier indicated that the Los Alamos National Laboratory (LANL) had lost 3 computers and a BlackBerry device during a 2-week period this year. After the news went public, further government response indicates that the nuclear weapons laboratory has a total of 67 “missing”, lost or stolen data devices.

The National Nuclear Security Administration (NNSA) wrote [PDF] to the LANL about the most recent computer theft expressing concern that the apparent “robustness of cyber security implementation” was not being vigilantly overseen. They say there are issues with individual security controls but also configuration management and accountability issues.

“In treating this initially as only a property management issue, my staff and I, and apparently the cyber security elements of the laboratory, were not engaged in a timely and proactive manner to assess and address potential loss of sensitive information.”

The quote above indicates a common misconception – that the loss of data devices is a property issue, not a data security issue. The memo advices LANL to treat all loss of equipment that can carry data – not just computers – as a cyber-security concern.

The letter revealed that 13 LANL computers have been stolen within the last year and that 67 are currently “missing.” Very little data was available – or collected – about what data has been compromised as the result of these breaches. Jeffrey Berger, director of communications at LANM, says that no classified data was held on any of the lost devices and thinks the leaked memos “distorted” the situation.

Los Alamos has suffered 3 major public breaches in the past, so none of this experience is ‘new’ to them. A system like Absolute Software’s Computrace could help with the asset tracking that appears to be a major problem for the lab – so they would know, in seconds, where every single computer is.

Via AFP, eweek, CNet, Computerworld, WSJ

In November, Absolute Software announced a closed beta for expanding Computrace Mobile for  the BlackBerry® platform. On Monday, Computrace Mobile for BlackBerry devices went live!

Computrace Mobile delivers asset management, data protection and geolocation tracking for the popular BlackBerry line of smartphones (versions 4.2.1 and later). A couple of months ago, we shared a beta experience from John Halamka, CIO, Beth Israel Deaconess & Harvard Medical School, who described his experiences using the platform. He has completed the 60 days of beta testing now, saying:

“I depend on my BlackBerry to run five different organizations, $100 million in annual budgets, and 800 emails a day. The Computrace Agent enables me to track my Blackberry via its internal GPS. Also, it enables my staff to track my location to an accuracy of about 20 meters.”

If you’re an existing Computrace customer, you can manage your mobile phones from the same portal. This gives our customers the ability to quickly and easily manage their data devices, reducing operational costs and losses from theft. If a computer or smartphone protected with Computrace goes missing, you also have the ability to remotely delete sensitive data. Learn more from the press release here.

Computrace Mobile is also supported on all Windows Mobile® 5 and 6 handheld devices including the HP® iPAQ, HTC® Touch, MOTO Q™, Samsung® BlackJack and Treo®.

A LoJack for Laptops equipped laptop was recently stolen in a string of home burglaries committed during a busy religious holiday. With a number of homes left vacant while residents attended religious services, thieves capitalized off the opportunity to make away with a number of computers and electronics.

The day after the theft was reported, the Absolute Recovery Team was able to forensically mine the stolen laptop to determine its current user and exact location. This information was passed on to police, who used it to obtain a search warrant for the identified residence.

As police stood at the suspect’s door and served the warrant, the house’s occupants began to desperately throw bags of contraband from the windows in a feeble attempt to keep the illegal substances from authorities. These bags were quickly scooped up by police, who entered the home and were able to recover the stolen laptop – among other items. Four additional laptops were also seized, along with several pounds of marijuana, a large quantity of cocaine, and thousands of dollars in cash. Four arrests were made in connection to the case.

Just four days passed between the time that the customer reported the stolen laptop to Absolute, to the date that the laptop was physically recovered. The laptop has since been returned to its rightful owner.

Click here to learn more about the Absolute Theft Recovery Process.

Please note that the above indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are presumed innocent until proven guilty.

President Barack Obama named Melissa Hathaway to lead a 60-day review of the cybersecurity efforts of the US Government. Hathaway thus became the Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils.

Melissa Hathaway, who has served as Cyber Coordination Executive to the Director of National Intelligence, chaired the National Cyber Study Group, a group responsible for helping develop a 5-year $30 billion dollar plan to secure federal systems and infrastructure against online threats. This Comprehensive National Cyber Security Initiative (CNCI) was approved by Bush earlier last year and is still being implemented.

The new review will look at ongoing security programs, plans and activities and will develop recommendations to ensure they continue to meet the needs of both the public and private sectors. Essentially, Hathaway will be reviewing the progress of the existing CNCI plan and offering advice to keep it moving forward.

“The national security and economic health of the United States depend on the security, stability, and integrity of our Nation’s cyberspace, both in the public and private sectors. The President is confident that we can protect our nation’s critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties,” said Assistant to the President for Counterterrorism and Homeland Security John Brennan.

As part of her task, Hathaway will reportedly evaluate a recommendation that a special White House “cyberadviser” role be created (something Obama echoed on the campaign trail). It is suggested that this role report directly to the President rather than leaving cybersecurity to the Department of Homeland Security. This type of role would help create a comprehensive plan for cybersecurity, an issue that spans all government agencies.

Via CSO Online, Computerworld, Govtech, White House, USA Today, WSJ ; Image: clipart

The Absolute Theft Recovery Team has seen the successful recovery of tens of thousands of stolen computers. Comprised of former police officers and seasoned law professionals, the team works closely with police and law enforcement agencies to ensure that laptops are recovered and that thieves are located.

Once a stolen computer connects to the Internet, the Computrace Agent silently sends location information to the Absolute Theft Recovery Team. After receiving customer consent, the team begins to forensically mine the computer using a variety of procedures, including key captures, registry and file scanning, geolocation, and other investigative techniques. These procedures help to gather evidence and determine who has the computer and how it is being used. Extracted evidence is then provided to police, who use the information to obtain search warrants or subpoenas and perform the physical recovery.

The stolen computer is returned to the owner directly, and no further involvement beyond reporting the theft is required. As customer privacy is our utmost concern, Absolute Forensics Tools are only deployed upon receiving a report of theft and only with express permission of the customer.

Sometimes there’s so much good advice out there that it’s impossible to cover it all. Rather than miss out on some of these gems, I’m going to point out some good list-based articles that have caught my attention, highlighting the salient points of each.

Laptop Security Is a Three-Legged Stool – Intel

This list fits in snugly with our own motto of “mutli-layered laptop security” at Absolute, which we talk about here. For now, check out the “3 legs” of laptop security:

1. Physical Security
2. Data Protection
3. Protection Solution

9 Dirty Tricks: Social Engineers’ Favorite Pick-Up Lines – CSO Online

These are tactics employed by criminals (cyber and otherwise) to scam you out of personal information or money or to gain access. The list had 8 tricks, not 9, but who’s counting? ;)

1. “I’m traveling in London and I’ve lost my wallet. Can you wire some money?”
2. “Someone has a secret crush on you! Download this application to find who it is!”
3. “Did you see this video of you? Check out this link!”
4. “This is Chris from tech services. I’ve been notified of an infection on your computer.”
5. “Hi, I’m from the rep from Cisco and I’m here to see Nancy.”
6. “Can you hold the door for me? I don’t have my key/access card on me.”
7. “You have not paid for the item you recently won on eBay. Please click here to pay.”
8. “You’ve been let go. Click here to register for severance pay. “

5 Tips for Managing Security in a Recession – CSO Online

Another great look at how to prioritize your security spending and planning this year.

1. Prioritize based on risk/reward
2. Have the right mix of people on your team
3. Build repeatable processes
4. Create an optimal shared cost strategy
5. Automate and outsource wisely

Top 5 Security Resolutions for New PCs – InformIT

If you’ve just bought a new computer, take some quick security steps before you start using it! Here are 5 resolutions to take:

1. I Will Patch My Systems
2. I Will Use Common Security Tools
3. I Will Back Up My Data
4. I Will Secure My Wireless Router
5. I Won’t Write Down My Passwords

And to end off the great tips offered in these articles, walk the lighter side with this ID-theft-themed Dilbert comic.

In an overnight burglary, thieves broke into a school and made away with multiple Computrace-equipped laptops.  Upon receiving the school’s theft report, the Absolute Recovery Team began tracking each stolen computer, locating one in a nearby neighborhood. After identifying the laptop’s user and pinpointing an address, Absolute handed the information over to police, who were able to arm themselves with a search warrant before visiting the suspect’s residence.

Police expected the search to uncover the laptop, and it did – along with a series of items that suggested an elaborate document forgery operation. Among other suspicious items, police discovered a printer/scanner complete with a birth certificate still in the feed, a paper cutter and laminator, a custom hole punch ideal for ID cards, and several blank Social Security Cards, each with an identical serial number. One individual was promptly arrested at the scene, while an arrest warrant obtained for the laptop’s user, who had managed to flee.

Absolute has since returned the laptop to the school and continues to work toward the recovery of the remaining missing machines.

Click here to learn more about the Absolute Theft Recovery Process.

Please note that indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are innocent until proven guilty.

Cisco recently released a whitepaper about data leakage and insider threats. Several predictions for 2009 have indicated that, particularly with the uncertain economic climate, insider data breaches would become more of an issue. With 88% of respondents admitting they’d take sensitive information if they were laid off, this is a clear and present threat to data security.

In 2008, insider theft accounted for 15.7% of data breaches and that 43% of surveyed companies had experienced fraud, theft or losses as a direct result of employees with access to sensitive data.

Bruce Schneier recently addressed the issue of insiders, which he points out are a perennial problem for organizations. Insiders have the means and opportunity to breach data – intentionally or not. The issues coming up lately refer to an increase in intentional data theft or fraud.

“With 1.5 million predicted job losses in the US alone, there’s an increased risk and exposure to these attacks. This is one of the most significant threats companies face” – Microsoft’s Doug Leland

So, given that you need to trust your employees in order to keep your company running, how do you go about addressing the problem of inside threats? Schneier recommends 5 basic techniques, many of which we’ve talked about here on the Absolute blog:

1. Limit the number of trusted people
2. Ensure that trusted people are also trustworthy
3. Limit the amount of trust each person has
4. Give people overlapping spheres of trust
5. Detect breaches of trust after the fact and prosecute the guilty

You can read these recommendations in detail here. Hopefully it will give you some ideas about how to prepare for insider issues. Just like with all security planning, it’s about being prepared and about having multiple layers of security in place.

—-

In other news, there have been a high number of data breaches thus far in February (see latest incidents). One getting a lot of attention is from the Federal Aviation Administration (FAA) that affects 45,000 FAA employees.

Image anitapatterson @morguefile