I Think That My Internet is Tapped

April 23, 2008 11:48 AM PDT
FBI wants widespread monitoring of 'illegal' Internet activity
Posted by Anne Broache | 2 comments WASHINGTON--The FBI on Wednesday called for new legislation that would allow federal police to monitor the Internet for "illegal activity."

The proposal from FBI Director Robert Mueller, which came during a House of Representatives Judiciary Committee hearing, appears to go beyond a current plan to monitor traffic on federal-government networks. Mueller seemed to suggest that the bureau should have a broad "omnibus" authority to conduct monitoring and surveillance of private-sector networks as well.

The surveillance should include all Internet traffic, Mueller said, "whether it be .mil, .gov, .com--whatever you're talking about."

In response to questions from Rep. Darrell Issa, a California Republican, Mueller said his proposed legislation "balances on one hand the privacy rights of people receiving information with...the necessity of having some omnibus search capability, utilizing filters that would identify illegal activity as it goes through, and allow us the ability to catch it at a choke point."

Issa suggested he would support such legislation.

If Mueller's omnibus-monitoring proposal became law, it could implicate the Fourth Amendment's guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication, and the federal Wiretap Act created "super warrant" wiretap orders that require additional steps and judicial oversight.

In addition, it's unclear whether "illegal activity" would be limited to responding to denial-of-service attacks and botnets, or would also include detecting other illegal activities, such as online gambling, the distribution of "obscene" images of adults engaged in sexual acts, or selling drugs without a license.


To be fair, Wednesday's discussion of the plan was geared toward cybercrime and the Bush administration's classified "cyberinitiative," which includes a shadowy program known as Einstein.

Some politicians have already raised concerns that even Einstein, which is described as dealing only with government networks and not private ones, could infringe upon the privacy rights of American citizens. It's already in place at 15 federal agencies, but Homeland Security has said it's still preparing the necessary privacy impact assessments for a proposed $293 million governmentwide Einstein expansion.

Issa, for his part, referred on Wednesday to malicious attacks being undertaken by foreign and domestic hackers who want to "take control of computers" and harvest the national-security secrets and private information of government agencies, private companies, and individual Americans.

"What authorities do you need in order to monitor, looking for those illegal activities, and then act on those both defensively and, either yourself or certainly other agencies, offensively in order to shut down a crime in process?" Issa asked.

In response, Mueller said he would be happy to have his legislative staff work with members of Issa's committee on creating a bill for a broader-reaching surveillance system.

Issa suggested that perhaps the FBI already has the power to seek voluntary private-sector partners that would like to be "defended" by its agents, provided that they give the FBI their consent. Mueller, however, wasn't so sure, saying, "that's going to require some thought."

CNET News.com's Declan McCullagh contributed to this report.

Rupert Murdoch Firm Goes on Trial for Alleged Tech Sabotage

What does Rupert Murdoch, DVD players filled with cash, a dead hacker, former US, UK, and Israeli intelligence officers and satelite TV all have in common? An incredible true story that reads more like a Tom Clancy novel. The ABC news article concerning this case is a little long, but a great read.

Insert consiracy question here --> This case is like five years old. Why are we just now hearing about it?

Met Police officers to be 'microchipped' by top brass in Big Brother style tracking scheme

This article reports plans to microchip Met Police Officers in the UK. Hmmm. Interesting. Makes one wonder who's next.

DHS, RSA, and Internet Insecurity

Some of DHS's highlights from the RSA Conference. Disclaimer: Remember, the initiatives being introduced below are for our protection only.
Great articles Ryan.

Zombie Computers Decried as Threat to National Security

CyberSecurity Manhattan Project

I Guess Someone At HP Was a Little Upset...

HP has admitted that it sold malware infected flash drives that affect primarily Proliant servers. Preliminary investigation suggests that the infection happened at the factory. Maybe someone just received news that their job was being "right sourced?" Details of the malware and the fix appear below.

HPSBMA02323 SSRT080032 rev.1 - HP USB Floppy Drive Key (Option) for ProLiant Servers, Local Virus Infection
Local virus infection.
A potential security vulnerability has been identified with two types of optional HP USB Floppy Drive Keys intended for use with certain ProLiant servers. This vulnerability could cause a local 'W32.Fakerecy' or 'W32.SillyFDC' virus infection.
CVE-2008-0708
Option Part # 442084-B21 HP 256MB USB 2.0 Floppy Drive Key
Option Part # 442085-B21 HP 1GB USB 2.0 Floppy Drive Key
The optional Floppy Drive Keys listed above could be used on the following servers:
ProLiant BL20pG4; ProLiant BL25pG2
ProLiant BL45pG2
ProLiant BL260c
ProLiant BL460c; ProLiant BL465c; ProLiant BL465cG5; ProLiant BL480c
ProLiant BL680cG5; ProLiant BL685c; ProLiant BL685cG5
ProLiant DL120G5; ProLiant DL140G3; ProLiant DL145G3; ProLiant DL160G5; ProLiant DL165G5; ProLiant DL180; ProLiant DL180G5; ProLiant DL185G5
ProLiant DL320G5; ProLiant DL320G5p; ProLiant DL320s; ProLiant DL360G5; ProLiant DL365; ProLiant DL365G5; ProLiant DL380G5; ProLiant DL385G2; ProLiant DL385G5
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5; ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB
CVSS 2.0 Base Metrics
Reference Base Vector Base Score
CVE-2008-0708 (AV:L/AC:L/Au:S/C:N/I:N/A:P) 1.7

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
Virus Information: W32.Fakerecy and W32.SillyFDC
Discovered: January/February 2007
Type: Worm
Threat Level: Low
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Virus detail: W32.Fakerecy and W32.SillyFDC are worms that spread by copying themselves to removable and/or mapped drives.
HP is providing the following procedure to resolve this vulnerability:
HP recommends that the optional HP USB Floppy Drive Key be checked for the potential virus infections and cleaned. To detect and clean this virus infection the HP USB Floppy Drive Key can be plugged into a USB 2.0 port on a system with current (up-to-date) anti-virus software and scanned
If the optional HP USB Floppy Drive Key has been used in an environment without current (up-to-date) anti-virus software then the W32.Fakerecy or W32.SillyFDC virus may have spread to any mapped drives on the server. In this case HP recommends that the server and mapped drives are scanned with current (up-to-date) anti-virus software
This virus infection would have been immediately detected and cleaned if the optional HP USB Floppy Drive Key had been used in an environment with any current (up-to-date) anti-virus software
Note: These are standard USB 2.0 Floppy Drive Keys (similar to 'Flash Drives') that can be plugged into a USB 2.0 port on any system.

PRODUCT SPECIFIC INFORMATION
None

HISTORY
Version: 1 (rev.1) - 3 April 2008 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
©Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

It's been awhile since my last post. Sorry, but I was waiting for something interesting to blog about. Don't get me wrong, there are tons of topics on my radar, but many of them would just be my own strong opinions. That's really not what this page is supposed to be about because believe it or not, I attempt to remain as objective as possible.

I did find this one article about Cyber Storm 2 that I thought was blog worthy. Cyber Storm2 is DHS's Information Security Preparedness exercise. I am still struggling to grasp the concept of how any government, by increasing its control over the internet secures the user.

Anyway, back to Cyber Storm2. Feel free to read between the lines with respect to the stated goals and results of this exercise. While you're at it, pick up a copy of 1984. George Orwell wrote this book in 1949 and it is uncannily and eerily insigtful and relevant today.