Message to US Adversaries: You Have Plenty of Time to Launch Cyber Attack

This is basically what the US government is telegraphing to those who want to attack our infrastructures. This conclusion of mine for the most part was confirmed today when I read the ThreatChaos post about the National Cybersecurity Center director (Rod Beckstrom) resigning, after only a year in office and little accomplished - not due to his lack of trying I might add.

Read his resignation letter, which is posted here. It's very telling of the issues in the agency. His two main complaints and reasons for leaving are power fights with NSA (re.; no power or authority to do the job he was given), and lack of funding. It sounded like this new center was doomed from the start.

He said he had only 3 people on his staff and 5 weeks of funding. What? No wonder couldn't get much completed. This office's mission was to address the lack of cyber security within the US Federal government and it's expected to accomplish this with 3 people and no funding?

The other main issue has to do with fighting with the NSA over the program. The NCSC is in DHS yet the NSA wants this role and according to Beckstrom's letter some in DHS were putting up roadblocks in his way. To make matters more difficult the Director of National Intelligence is putting his support behind the NSA.

Now another year has gone by and cyber security is still not a priority for the US Federal government and the mess still exists. Many Federal agencies are doing cyber security work that overlaps with each other and a central coordinating agency still does not exist.

One idea I'm hearing is the creation of a new armed forces branch to be in charge of cyber security and I think that's a great idea. A decision needs to be made soon and we need to get moving with improving our nations cyber security from both a defensive and offensive standpoint. Our adversaries aren't waiting, they continue to attack and breach our defenses.

There is one piece of good news however: on February 9th, 2009 President Obama issued a directive to conduct an immediate cyber security review of all plans, programs, and activities underway throughout the government dedicated to cyber security. They have 60 days to complete it. Press release here. I'm glad they are trying but I'm not holding my breath that decisions will be made soon (re.; weeks) after this review is completed and it's entirely possible we'll still be waiting by the next election cycle this November.

My plea to the policy makers in the US Federal government: stop advertising our confusion and uncertainty, make the decisions that need to be made, execute on those decisions, and start showing our adversaries we are serious about cyber security before it's too late. Oh and by the way, there are plenty of good people in the private industry that are willing to help you.

Malicious links on President Obama's website

First it's fake Barack Obama websites spreading malware now the REAL BarackObama.com website is responsible for pushing the stuff. To be clear, it's not President Obama's people pushing it, it's a registered user of their site. Attackers are using one of the sites features called Community Blogs to place malicious links on the site.

A recent attack that I looked at featured what appears to be a embedded video but when you click it you are redirected through a couple different sites finally to a site selling rogue/fraudulent security software and trojans.

Another unfortunate example of the dangers of Web 2.0 and while this technique of using blogs to spread malware is not new (Google dev site, Twitter, 2005, German Wikipedia) I expect to see it grow in popularity due to how effective it's proving. Oh joy.

More...
http://news.softpedia.com/news/Barack-Obama-039-s-Website-Used-to-Push-Malware-102977.shtml
http://securitylabs.websense.com/content/Blogs/3284.aspx

Fake US Presidential Inauguration and Obama Websites

Fake Barack Obama blogs and websites are being used to infect computers with a worm called Waledac. This worm appears to be from the same makers of the Storm worm according to several in the security community including Jose at Arbor Networks.

An example is hxxp://www.bestbaracksite.com/
(WARNING: Malicious site).

When visiting the site visitors see graphics and blog entries that look real and while they read the entries silently a drive-by install is placing malicious code on their system. All the links on the website point to a malicious EXE download as well. This site, by the way, is using "fast flux" DNS to avoid takedown and appears to be hosted on a botnet as some of the IPs appear to be home DSL/cable modem customers.

With the US presidential inauguration tomorrow I expect to continue to see a rise in this type of attack and recommend you check your web proxy logs for any domains with the following words in them:

barack
obama
presidential
inauguration