NDM Article - Security Beat

Sponsors

Security Beat

August 2005

by Joe Pappalardo

Computer ‘Zombies’ Haunt the Global Internet

A computer security company has examined the proliferation of illicit programs installed on unsuspecting machines, painting a vivid picture of the international scope of cybercrime.

A zombie computer is one with a hidden software program that allows the computer to be remotely controlled by others. Uses include launching distributed denial-of-service attacks or sending spam without revealing the identity of the culprit. These “backdoors” are often installed with spammed “Trojan horses” or e-mail worms.

In May, researchers with CipherTrust, Inc. found an average of 172,009 new zombies identified each day. Approximately 20 percent of the new zombies originated in the United States and 15 percent originated in China.

An earlier study conducted during late March and early April found that approximately 20 percent of the 157,000 new zombies originated in China. The origin of the zombie machines may change on a daily basis, because machines can be infected anywhere in the world.

CipherTrust tracked the emergence of zombie computers by synthesizing data from reports of nearly 10 million customers. Its software tracks the number of new, completely unique zombies every hour.

During the first three weeks of May, approximately 26 percent of new zombies originated daily from in the European Union: six percent from Germany, five percent from France and three percent the United Kingdom.

The only way to thwart the zombies is to understand how these networks operate, said Paul Judge, chief technology officer with CipherTrust.

“By monitoring global messaging activity and identifying behavioral patterns, we can continue to provide predictive protection against threats before they emerge,” Judge said.

Small Business Developing Long Distance Non-Lethals

The Department of Homeland Security’s advanced technology shop is looking at small businesses to provide improved non-lethal equipment to bring to bear on unruly crowds.

The goal is to create a product with the incapacitating effects of a Taser, but at stand off ranges.

The Homeland Security Advanced Research Projects Agency said it is seeking untethered electromuscular disruptor devices that are inexpensive, safe, lightweight and portable. The systems would be used in environments varying “from a small room to a city street or a sports stadium,” the solicitation stated.

Awards for stun gun technology have been granted to several companies. Winners include the Midé Technology Corporation, with a “Piezer” system that combines the “effectiveness, legal and social acceptability of the Taser with the ease of use, practicality and extended range of shotgun shells,” according to the company.

“Utility of the Piezer is probably best realized in crowd-control situations or riots having high levels of aggression,” the company advised in its proposal.

The 12-gauge shotgun-compatible device boasts an increased range 40 to 50 meters more than existing non-lethal weapons. The system uses piezoelectric technology to generate high voltage in a small package. In a piezoelectric material, the application of force or stress results in a charge. Computer keyboards operate this way. The ordinance used by the Piezer is designed to deliver high-energy stun pulses upon impact.

UHV Technologies, Inc. is also developing projectiles to be fired from a grenade launcher or shotgun that stuns targets using a strong electrostatic charge. Think of the crackle from running a hand over fur, multiplied by several orders of magnitude.

Physical Optics Corp. is pursuing a gentler approach by developing a soft ring airfoil, laced with a thin film voltage generator.

The company’s Inertial Capacitive Incapacitator offers a heavy charge delivered with a low impact. ICI projectiles are charged when manufactured, and company officials said the system could maintain this charge for decades.

The projectiles “will dramatically reduce the risk of accidental lethal injury, and can replace present non-lethal weapons,” the company said. “The ICI technology will replace blunt trauma with much safer electrical incapacitation.”

Other companies are looking at light to incapacitate. Intelligent Optical Systems won an award to work on its prototype dazzler that uses an array of super-bright diode clusters to disorientate crowds with strong afterimages. The HSARPA project funds development of a device that can operate at longer distances, incorporates a laser rangefinder and can cover a much larger area “while still providing a flash frequency and exposure level as effective as the single beam.”

One of HSARPA’s missions is to harness talent from small businesses to meet domestic security needs. The Small Business Innovative Research funding level will be approximately $23 million this fiscal year, a $20 million increase from last year. The funds will pay for new HSARPA projects, as well as a program that can provide technical assistance or commercialization support to SBIR award winners, according to the agency.

Security Screens Show Biometrics Not Skin Deep

Use of optical scans to identify people is well known. A less popular method uses near-infrared light to obtain an image of the blood vessel pattern in the finger. The system is said to be as accurate as a fingerprint.

Matched with images from employees, and meshed with a security code, duplication of the internal pattern is nearly impossible to duplicate, even with a severed finger, according to iaccess Systems Inc., which sells the technology.

The technique echoes identification methods that recognize blood vessel patterns in the retina, a system that ranks as one of the oldest forms of biometrics. In the 1930s, researchers suggested that the patterns of blood vessels on the back of the human eye were unique to each person. Using that technology for a finger scan, according to iaccess, brings certain advantages, including the ability to miniaturize the equipment for widespread installation and to overcome people’s innate reluctance to have their eye sockets scanned at close range.

The first facility scheduled to use the system was a 156-unit condominium in Osaka, Japan, completed in March. Other Japanese customers include a nuclear power research facility, finance corporation headquarters and data warehouse. Company officials told National Defense they see a robust market in the United States.

Firefighters Face Danger—From Heart Attacks

As if fighting infernos and reacting to terrorist attacks is not enough, firefighters are dying from avoidable health and safety problems, federal officials said.

The National Fire Protection Association cites more than 78,000 firefighter injuries annually. In a given year, about half the line-of-duty deaths are from heart-related illnesses.

“Firefighters are being killed at an alarming rate. The fire service simply cannot continue to do business as usual when so many of its own are dying,” said International Association of Fire Chiefs President Chief Bob DiPoli.

Firefighter injury and death rates have remained relatively constant during the past several years, despite monumental improvements in technology and equipment. Another 25 percent are from mishaps including motor-vehicle accidents, according to the association’s statistics.

In response, the federal government, as well as 20 other organizations, is waging a health education effort to drive these numbers down.

“So many of these deaths could have been prevented by firefighters learning … and applying healthy and safe practices whether on the fireground, at the fire station or when they go home,” said Michael Brown, head of the Federal Emergency Management Agency, which includes the U.S. Fire Administration.

¿ Como se Habla ‘Homeland Security’?

The Department of Homeland Security is increasing its outreach to Spanish speakers with a new emergency preparedness campaign aimed at business owners and managers.

Listo Negocios is the Spanish version of the Ready Business campaign, which Homeland Security unveiled in September 2004. It was unveiled in June, nearly nine moths after its English equivalent.

One of the key findings of the 9/11 Commission report was the need for the private sector to prepare for potential disasters. Including Spanish-language businesses in this effort has been a priority for the administration, but one that has lagged.

The public service announcements are not just translations of the English ads. Instead, the Spanish-language campaign uses a Guardian Angel, described by DHS as “a popular icon in Hispanic culture thought to defend individuals from danger,” to deliver preparedness information.

The television, radio, print, outdoor and Internet advertising campaign was crafted pro bono by Elevacion, a Washington, D.C. bi-cultural advertising agency that has worked for national political campaigns and charitable foundations. The department has also established a Spanish language website to mirror English ones.