Sunday, January 7, 2007

Foreign spying on U.S. defense technology seen rising

Pentagon report cites 43% jump in suspicious foreign contacts

Reuters   Today’s Top Stories    or  Other Security Stories  




January 04, 2007 (Reuters) -- WASHINGTON -- Foreign countries, especially nations in the Asia-Pacific region, have intensified their efforts to steal sensitive U.S. defense technology, according to a Pentagon report circulated yesterday.

The Defense Security Service Counterintelligence Office recorded an annual jump of nearly 43% in the number of suspicious foreign contacts reported to U.S. authorities by defense contractors and other defense-related sources.

The agency, which helps protect the U.S. defense industry from foreign espionage, said in an unclassified report that spies used phony business offers and computer hackers to target advanced U.S. technology including lasers, sensors, missiles and other systems. The report covered the fiscal year ending September 2005 and is the most recent for which complete statistics are available.

In one case, a female spy seduced an American translator to learn his computer password. His unclassified network was later found to be infected by viruses planted by a foreign intelligence service.

The Defense Security Service did not return phone calls seeking comment.

The total number of suspicious foreign contacts climbed to 971 during fiscal year 2005, the report said. The number of countries trying to obtain U.S. technology also rose, to 106 from 90 a year earlier.

"The majority of reported targeting originated from East Asia and the Pacific, which accounted for 31% of all reporting," the Pentagon agency said in the report.

The Near East made up 23.1% of the targeting, followed by Eurasia at 19.3% and South Asia at 13.2%. Africa and the Western Hemisphere, not including the U.S., accounted for 11.5%.

The report, titled "Technology Collection Trends in the U.S. Defense Industry," did not accuse specific countries of espionage. But U.S. officials have long identified China, Russia and Iran as the leading counterintelligence threats to the U.S.

The Defense Security Service posted its 29-page report on a password-protected government Web site.

The Washington Times newspaper first reported on the report's existence on Wednesday. The Federation of American Scientists, a nonprofit group that advocates for government openness, later posted the document on its own Web site.



How to protect yourself at wireless hot spots

Preston Gralla


January 05, 2007 (Computerworld) Wi-Fi hot spots in airports, restaurants, cafes and even downtown locations have turned Internet access into an always-on, ubiquitous experience. Unfortunately, that also means always-on, ubiquitous security risks.

Connecting to a hot spot can be an open invitation to danger. Hot spots are public, open networks that practically invite hacking and snooping. They use unencrypted, insecure connections, but most people treat them as if they are secure private networks.

This could allow anyone nearby to capture your packets and snoop on everything you do when online, including stealing passwords and private information. In addition, it could also allow an intruder to break into your PC without your knowledge.

But there's plenty you can do to keep yourself safe -- and I'll show you how to do that in this article. If you follow these tips, you'll be able to make secure connections at any hot spot.

Disable ad hoc mode

Little-known fact: You don't need a hot spot or wireless router in order to create or connect to a wireless network. You can also create one using ad hoc mode, in which you directly connect wirelessly to another nearby PC. If your PC is set to run in ad hoc mode, someone nearby could establish an ad hoc connection to your PC without you knowing about it. They could then possibly wreak havoc on your system and steal files and personal information.

The fix is simple: Turn off ad hoc mode. Normally it's not enabled, but it's possible that it's turned on without your knowledge. To turn it off in Windows XP:

  1. Right-click the wireless icon in the System Tray.
  2. Choose Status.
  3. Click Properties
  4. Select the Wireless Networks tab.
  5. Select your current network connection.
  6. Click Properties, then click the Association tab.
  7. Uncheck the box next to "This is a computer-to-computer (ad hoc) network."
  8. Click OK, and keep clicking OK until the dialog boxes disappear.

In Windows Vista, there's no need to do this, because you have to take manual steps in order to connect to an ad hoc network; there's no setting to leave it turned on by default.

Turn off file sharing

Depending on the network you use at work or at home, you may use file sharing to make it easier to share files, folders and resources. That's great for when you're on a secure network. But when you're at a hot spot, it's like hanging out a sign saying, "Come on in; take whatever you want."

So make sure that you turn off file sharing before you connect to a hot spot. To turn it off in Windows XP, run Windows Explorer, right-click on the drives or folders you share, choose the Sharing and Security tab, and uncheck the box next to "Share this folder on the network."

Figure 1
Protect yourself by turning off file sharing (Click image to see larger view.)

If you're a Windows Vista user, it's even easier to turn off file sharing. When you connect to a hot spot, designate it as Public. When you do that, Windows Vista automatically turns off file sharing. You can also turn off file sharing manually. Choose Control Panel-->Set up file sharing, click "File sharing," select "Turn off file sharing," and click Apply. Then click "Password protected sharing," select "Turn off password protected file sharing," and click Apply.

Turn off network discovery

If you're a Vista user, a feature called Network Discovery makes your PC visible on a network so that other users can see it and try to connect to it. On a private network, this is useful; at a public hot spot, it's a security risk. When you connect to a hot spot and designate the network as Public, Network Discovery is turned off, so again, make sure to designate any hot spot as Public.

However, you can also make sure that Network Discovery is turned off for your hot spot connection. When you're connected, choose ControlPanel-->View network status and tasks. Then in the Sharing and Discover section, click the Network Discovery button, choose "Turn off network discovery," and click Apply.

Figure 2
Vista users should turn off Network Discovery for maximum safety (Click image to see larger view.)

Encrypt your e-mail

When you send an e-mail at a hot spot, it goes out "in the clear" -- in other words, unencrypted -- so that anyone can read it. A lot of e-mail software allows you to encrypt outgoing messages and attachments. Check how to use yours, and then use it at a hot spot. In Outlook 2003, select Options from the Tools menu, click the Security tab, and then check the box next to "Encrypt contents and attachments for outgoing messages." Then click OK.

Figure 3
Encrypting outgoing e-mail in Outlook 2003 (Click image to see larger view.)

Carry an encrypted USB flash drive

USB flash drives are cheap, and getting cheaper by the day. For about $50, you can buy a 2GB flash drive, which is more than enough space to carry Windows, the applications you use and the data you need. Make sure to get a drive that can use encryption. Then install Windows, your applications and your data on it.

On your laptop, keep no private data on your hard drive. When you connect at a hot spot, boot from your USB drive. That way, even if someone somehow gets into your PC, they won't be able to read or alter any of your data, because the data is encrypted on the USB drive.

Protect yourself with a virtual private network

Most hot spots are not secure and don't use encryption. That means anyone with a software sniffer can see all of the packets you send and receive.

But you don't need to rely on the hot spot for encryption. For a fee, you can use a virtual private wireless network that encrypts your connection. There are several available, but the one I've been using for years is hotspotVPN, and it hasn't failed me yet.

No special VPN software is needed; you can use XP's or Vista's built-in VPN capabilities. The service costs $8.88 per month, or is available in one-, three- and seven-day increments for $3.88, $5.88 and $6.88. You can also get more secure VPN encryption from the service for between $10.88 and $13.88 per month.

Once you subscribe, you'll get a username, password and IP address of a wireless VPN server. At that point, you run a Windows network connection wizard, fill in the username, password and IP address information, and you'll be ready to go. In Windows XP, choose Control Panel-->Network and Internet Connections-->Create a connection to the network at your workplace. From the screen that appears, choose the virtual private network connection, and follow the wizard.

In Windows Vista, choose ControlPanel-->View network status and tasks. Then click "Set up a connection or network," and then choose "Connect to a workplace" and then "Use my Internet connection (VPN)." Follow the wizard after that.

Figure 4
Setting up a wireless VPN using Windows Vista (Click image to see larger view.)

Disable your wireless adapter

There may be times when you're at a hot spot when you actually don't want to connect to the Internet. In that case, you can guarantee absolute safety --- disable your wireless adapter so you can't connect.

If you have a wireless PC card, you can simply remove it, of course. If you have a wireless adapter built in to your PC, you can disable it. In XP, right-click the wireless icon, and choose Disable. If you're using the adapter's software to manage your connection, check the documentation to find out how to disable it.

If you're using Windows Vista, choose ControlPanel-->Network and Sharing Center. Then in the Connection area, click "View status," and from the screen that appears, click Disable.

Figure 5
Disabling a wireless adapter in Windows XP

Watch out for shoulder surfers

Think all hacking is high-tech programming? Think again. "Shoulder surfers" don't need to know how to write a line of code to steal your password --- all they need to do is peer over your shoulder as you type. So make sure no one seems to be paying too close attention when they're directly behind you.

In addition, if nature calls because you've had too many double lattes, don't leave your laptop unattended when you go to the restroom. Laptop theft has become common in some places, most notably San Francisco, which was subject to a laptop crime wave. Consider bringing along a laptop lock and locking your laptop to a table. Some cafes even include ports to which you can lock your laptop.

Beware phony hot spots

Watch out for this latest hot spot scam --- someone surreptitiously sets up a hot spot near a cafe, created for the sole purpose of stealing personal information. You're asked to type in sensitive information in order to log in, and the thief makes off with your passwords and financial information. Ask a staffer at the cafe if there is, in fact, a hot spot available, and what its name is. Only connect to that network. And if you see two hot spots with the same name, don't connect to either --- one might be a so-called "evil twin" set up by a snooper to trick you into connecting to the phony hot spot.

Turn on your firewall

Windows XP and Windows Vista both have personal firewalls built in, so turn them on. In Windows XP, choose ControlPanel-->Security Center, then click the Windows Firewall icon at the bottom of the screen. From the page that appears, select On, and click OK.
In Windows Vista, choose ControlPanel-->Security-->Windows Firewall. The screen that appears will tell you if the firewall is turned on. If it's not, click Change Settings, select On, and click OK.

Figure 6
Turning on the firewall in Windows Vista (Click image to see larger view.)

Windows XP's personal firewall is underprotected because it doesn't include outbound protection. (Windows Vista's firewall includes two-way protection.) If you're a Windows XP user, consider getting the free version of ZoneAlarm, which has both inbound and outbound protection.


Computer theft may have exposed patient data across five states

Tens of thousands of people could be affected

Jaikumar Vijayan   Today’s Top Stories    or  Other Security Stories  




January 04, 2007 (Computerworld) -- The theft of a computer from the office of an Ohio-based health care contractor on Nov. 23 has exposed sensitive data belonging to tens of thousands of patients in five health care firms across five states.

The compromised data includes the names, addresses, medical record numbers, diagnoses, treatment information and Social Security numbers of the patients. Among those affected are patients at Atlanta-based Emory Healthcare, Danville, Pa.-based Geisinger Health System and Franklin, Tenn.-based Williamson Medical Center. The names of two other health care providers affected by the burglary at Cincinnati-based Electronic Registry Systems Inc. (ERS) have not yet been released.

In an e-mailed statement, ERS said that the burglary appeared to have been part of a larger break-in that included several other offices in the same building.

"Law enforcement officials have no evidence that the theft was motivated by the intent to steal data," said ERS, which has 15 employees. The company added that it has implemented "multiple layers of security" to protect the data on the stolen computer but offered no details on what those measures include. ERS currently helps more than 300 regional hospitals, cancer centers and university hospitals manage their health care information.

A Geisinger spokesman today confirmed the compromise and said the stolen computer held data on approximately 25,000 of its patients. ERS manages a patient registry database for Geisinger and had implemented "multiple protections" on the computer such as double password and log-in protection to secure the information, Geisinger said in a statement.

"We believe that it is unlikely that the information can be retrieved from the stolen equipment," Geisinger Chief Medical Officer Bruce Hamory said in the statement.

The health system has contracted with an AIG member company to provide identity theft protection coverage for a year. Features of the coverage include expense reimbursement and services to help identity theft victims file affidavits with the U.S. Federal Trade Commission and notify affected creditors.

In a statement, an Emory spokeswoman said her company mailed letters on Dec. 20 to 36,000 patients alerting them of the incident. ERS provides cancer registry data processing services to Emory. Hospital data in the stolen computer was from Emory Hospital, Crawford Long Hospital and the Grady Memorial Hospital, the statement said.

"The registry information on the computer in question was double password-protected making it extremely difficult to access," the spokeswoman said in the statement. "This appears to be a random 'smash and grab' break-in and according to the local police investigator not a theft for purposes of stealing information off the computer."

ERS is withholding the names of the other two health care providers affected by the theft until they begin notifying patients about the compromise, a spokeswoman said.

News of the theft comes amid heightening concerns about privacy breaches involving health care data. Last September, the Government Accountability Office released a report showing that more than 40% of U.S. Medicare contractors and state Medicaid agencies experienced a security breach involving protected health information during the past two years. Similarly, 44% of Medicaid agencies, 42% of Medicare fee-for-service contractors and 38% of the contractors for the Tricare program reported similar breaches.


Microsoft OneCare Security Suite Loses Ground

By Gregg Keizer, InformationWeek
1:42 PM EST Fri. Jan. 05, 2007

Microsoft released version 1.5 of its consumer security suite, which supports the new Windows Vista operating system, to manufacturing earlier this week. But according to a market research firm, the product faces an uphill battle against long-time players such as Symantec.

Windows Live OneCare 1.5 met its RTM (Release To Manufacturing) milestone, said Yoav Schwartz, OneCare's lead program manager, on the group's blog Wednesday. "It will be available both at retail and on the Web at the end of January," said Schwartz.

Microsoft's security suite includes a personal firewall, anti-virus and anti-spyware scanning, general PC tune-up tools, and data backup features. Some of the tools are homegrown, while others come from several security acquisitions over the last two years. The subscription-based software costs $49.95 annually for use on up to three PCs.

However, according to data from the NDP Group, OneCare has had little success in stealing users from the traditional consumer security powerhouses like Symantec and McAfee. While OneCare accounted for nearly 11% of U.S. consumer security suite sales in June, the first full month after version 1.0 debuted, by October its slice had shrunk to 6%. Symantec, meanwhile, remained the dominant player, with 74% of the market in October, while McAfee held down second place with approximately 10%.

OneCare 1.5 will be available from the Microsoft Web site as well as in the retail channel. After a free 90-day trial using the downloaded version, users must pay the $49.95 annual fee. Existing paid users will be able to upgrade to 1.5 free of charge.



Most Consumers Don't Trust Their Security Software, Poll Finds

By Gregg Keizer, InformationWeek
1:20 PM EST Tue. Jan. 02, 2007

A poll of Internet users shows that a majority are "not confident" that their security software is protecting them, antivirus vendor Trend Micro reported Tuesday.

Fifty-one percent of the 1,500 French, German, Japanese, British, and American consumers surveyed in the fall of 2006 said they had doubts about their security software. Trend Micro pinned part of the problem on vendors who fail to communicate to users such information as where the threat originates and how well the system is protected.

"As a security vendor, it's our job to stay one step ahead of the malware and threats to ensure our customers' protection," said Lane Bess, general manager of Trend Micro's consumer group, in a statement. "It's also our job to regularly communicate with our customers regarding their level of security, in a way that is meaningful to them, so that they know how secure they are."

Most Americans polled by Trend Micro said they thought the Internet was "very safe" (51%), but that number slumped to just 32% when asked if they thought the Web would be less or more safe in six months.



Review: Open-Source Encryption Utility Frustrates Phishers

By Mario Morejon, CRN
2:23 PM EST Fri. Jan. 05, 2007

Phishing schemes are proliferating, and this year may be the worst. Yet most companies remain in the dark about this threat, which can be squelched with encryption. One solution to the problem: TrueCrypt.

As far as encryption software goes, TrueCrypt may be one of the best open-source gems and least-recognized software offerings on the market. The CRN Test Center considers the utility, now at version 4.2, the ultimate information-hardening tool. Though the software is deceptively simple to use, it sports some cool features that help users encrypt entire partitions and hide data in virtual volumes.

Through phishing, hackers try to steal personal or confidential information from PCs via official-looking e-mail messages, as well as through spam, keylogging, trojans and other methods. While most anti-malware and anti-spam suites provide some protection, it's not enough to protect employees. But encryption software can prevent hacker and malware from reading critical files on employees' desktop and notebook PCs.

VARs that haven't been promoting encryption should consider looking into TrueCrypt. The software supports all of the top encryption algorithms, such as Triple DES, Blowfish and the famous AES-256, which is used by the U.S. government to encrypt top-secret documents. The TrueCrypt software uses AES as its default encryption in LRW mode.

Despite being powerful, many of these encryption methods are slow, especially when working with large keys. For most purposes, using TrueCrypt in 128-bit mode is more than enough to protect data. Prepare to wait a while if the Blowfish algorithm runs, since it churns through 16 rounds of encryption using a 448-bit key.

When creating virtual drives, TrueCrypt leverages hash algorithms that use the SHA-1 and RIPEMD-160 key generators. Because all the encryption steps require passwords and key files, users should nest volumes using various keys, which would make it virtually impossible for hackers break -- even if they have knowledge of some of the passwords.

TrueCrypt can hide volumes and embed volumes into files to make it more difficult to find data, even if intruders somehow get a hold of passwords. TrueCrypt calls this security feature "plausible deniability." Talk about James Bond.

Volumes can be hidden within empty spaces of other volumes, so even if an attacker gets into a visible volume, the partition is only partially revealed. To anyone looking at the data in the volume, the empty space looks like fragmented junk data.

The only critical feature missing from TrueCrypt is boot sector encryption, which is available in Microsoft Windows Vista. In addition to Windows XP and Windows 2003 server, TrueCrypt supports many Linux flavors and languages. The group is now working on Vista and Mac OS X support.



Made4biz Security Translating real-world security knowhow into state of the art security systems.
Made4biz Security

Turn on Sound for Demos:
Bill Gates Demo (Location-based)
Elvis Demo (Location/Context-based)
Clint Eastwood Demo (Temporal-based)

Powered by Blogger

Subscribe to
Posts [Atom]

Technorati Profile

RSS Syndication

Made4Biz Security Inc