Data about Obama's helicopter breached via P2P? | Security – CNET News:

"What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback told WPXI.

"Just landed in Baghdad," messaged Hoekstra, a former chairman of the Intelligence panel and now the ranking member, who is routinely entrusted to keep some of the nation's most closely guarded secrets.

Before the delegation left Washington, they were advised to keep the trip to themselves for security reasons. A few media outlets, including Congressional Quarterly, learned about it, but agreed not to disclose anything until the delegation had left Iraq.

Nobody expected, though, that a lawmaker with such an extensive national security background would be the first to break the silence. And in such a big way.

Not only did Hoekstra reveal the existence of the lawmakers' trip, but included details about their itinerary in updates posted every few hours on his Twitter page, until he suddenly stopped, for some reason, on Friday morning.

Just a reminder, these are the people who "lead" us. Their hands were all over the bailouts, too. Idiots.

What does that mean in 21st-century terms? No Facebook to communicate with supporters. No outside e-mail log-ins. No instant messaging. Hard adjustments for a staff that helped sweep Obama to power through, among other things, relentless online social networking.

…

One member of the White House new-media team came to work on Tuesday, right after the swearing-in ceremony, only to discover that it was impossible to know which programs could be updated, or even which computers could be used for which purposes. The team members, accustomed to working on Macintoshes, found computers outfitted with six-year-old versions of Microsoft software. Laptops were scarce, assigned to only a few people in the West Wing. The team was left struggling to put closed captions on online videos.

You're in the White House, dudes! That's the highest of high levels. It doesn't get any higher than that. Besides complying with the Presidential Records Act, try not tweeting (click graphic to see more) about how the President is sending missiles into Sudan or is going to travel using the backroads to Camp David.  While it's refreshing to see an administration attempting to operate in a more modern way, I think ignorance of security is inexcusable. I hope these aren't the same guys who are also tasked with national infrastructure security (see Hackers Lurking in Obama's Web Site):

Hackers have registered bogus accounts on Obama's online community, my.barackobama.com, where they are posting images designed to set off a chain of events that lead to malicious Trojan horse programs. These programs are stepping stones used by hackers to download more and more malware onto a victim's computer.

The problem on Obama's Web site is not unique. Hackers and the operators of popular Web sites are often caught in a cat and mouse game, with the bad guys constantly finding a new way of uploading malicious programs just as soon as one avenue of attack is closed. Social-networking sites want to give their users as many cool ways of enhancing their own Web pages as possible — my.barackobama.com lets users create their own blogs — while at the same time reining in any misuse.

"The U.S. Presidential campaign has shown the world how governments can leverage Web 2.0," Websense wrote on a company blog outlining the issue Monday. "However, this … is yet another opportunity to spread more malicious code."

What's good for Silicon Valley is not necessarily good for national security. I hope the administration starts to show some interest in keeping information locked down and malicious code away from government tech.

This type of hacking is very low-tech and "old school," said John Jackson, a St. Louis-based security consultant. It was popular 10 to 15 years ago. Telecommunications security administrators now know to configure security settings, such as having individual users create unique passwords and not continue to use the password assigned to users in the initial setup.

"In this case it's sort of embarrassing that it happened to FEMA themselves — FEMA being a child of DHS, with calls going to the Middle East," Johnson said.

Afghanistan, Saudi Arabia, India and Yemen are among the countries calls were made to, Olshanski said. Most of the calls were about three minutes long, but some were as long as 10 minutes.

Sprint caught the fraud over the weekend and halted all outgoing long-distance calls from FEMA's National Emergency Training Center in Emmitsburg.

Yay, Sprint. FEMA should be embarrassed. Well, they are perpetually embarrassed, so add this to the list.

Black hat hackers will continue to do the bidding of organized crime, regardless of the security in place. The future of personal information is bleak. At odds are the convenience of modern life and the ability of criminals to take advantage of it.

Think of all of the online services available. Many of the companies practice good security. Assuming that all involved parties are dedicated to security, as we know is not even realistic, the security is not future proof. Eventually, the best security practices will be deprecated. With the millions of servers, billions of transactions, and the march of time, your chances of being a victim of identity theft increase every day.

There are no answers. I have resisted many online services until I realized that I have no real control over my information anyway. Between the government and businesses being cavalier with my information. Unless I move into a cabin in Montana and live the rest of my life in seclusion, I'm no more able to protect my personal information than I can anyone else's. In ten years, will somebody be posting email, documents, or other files they found on a server they bought at an auction? If a company like Yahoo goes out of business, what happens to all of that information, including passwords and associated usernames?

Scary.

The state Court of Criminal Appeals voted 4-1 in favor of Riccardo Gino Ferrante, who was arrested in 2006 for situating a camera underneath the girl's skirt at a Target store and taking photographs.

Ferrante, now 34, was charged under a "Peeping Tom" statute that requires the victim to be "in a place where there is a right to a reasonable expectation of privacy." Testimony indicated he followed the girl, knelt down behind her and placed the camera under her skirt.

In January 2007, Tulsa County District Judge Tom Gillert ordered Ferrante's felony charge dismissed. That was based upon a determination that "the person photographed was not in a place where she had a reasonable expectation of privacy," according to the appellate ruling issued last week.

The District Attorney's Office had appealed Gillert's ruling to the Court of Criminal Appeals.

"We agree with the district court's analysis," stated the opinion written by Appeals Judge Charles Johnson, with Judges Charles Chapel, David Lewis and Arlene Johnson concurring.

In a dissent, Appeals Judge Gary Lumpkin wrote that "what this decision does is state to women who desire to wear dresses that there is no expectation of privacy as to what they have covered with their dress."

"In other words, it is open season for peeping Toms in public places who want to look under a woman's dress," Lumpkin wrote.

He said he found the majority's finding of no reasonable expectation of privacy "interesting and disturbing."

Not only did the court say women who wear dresses are okay targets for perverts, they also said 16-year-old girls, minors, are fair game too. While the law may not have caught up with technology, as stated in the article, the spirit of existing law was shredded.

Pay attention in public places for men carrying shopping bags getting too close, especially if you are wearing a dress. Also look out in dressing rooms and bathrooms. The courts continually refuse to come down hard on these predators, using a lack of existing laws as an excuse so it's up to individuals to protect themselves. I wonder if you beat the crap out of a peeping tom with his own camera if you could get off since the laws don't specify anything about his camera. Just a thought.

Charles Johnson at Little Green Footballs called it the Weak Horse and pointed to an analysis of the actual Electronic Jihad software at McAfee's Avert Labs blog.

All told, the little bits of analysis make the code look to be written by high school or early college kids. If their network gets large enough, maybe they could have caused harm. Right now the websever isn’t working and the app seems like a no-go. I’d suggest everyone block traffic to the server http://al-jinan.net and stop worrying.

With respect to Charles and Avert Labs, the point of November 11 was not the success of an attack. I believe it was a PR test and a trial balloon to see how many willing participants could be used. As I said in my previous article, if nothing significant was reported on November 11, future cyber attacks would be taken less seriously.

Compare cyber terrorism to real world terrorism. In spite of the fact that Bin Laden openly declared war on the West in 1996, he was dismissed by most Westerners as just a man with very little reporting on his philosophy's origins to the Muslim Brotherhood, founded in 1928. Even considering September 11, 2001, terrorism is not treated by the Western media as a threat to every day life. While the World Trade Center attack was a spectacular success for Islamic terrorism in both scale and inspiration, the West has failed to unite and stop terrorism worldwide. If anything, the West is more divided.

Most of the time, terror attacks are not spectacular for the terrorists. Bus bombs in Israel may kill dozens, but not thousands. The murder of filmmakers, authors, and cartoonists may affect but doesn't actually cease the production of movies, books, and editorial cartoons. Even the collapse of the World Trade Center buildings didn't lay waste to New York. For these reasons, I think looking at fighting terrorism as a war fails because of the media's tendency to compare to historical scale. In the media's narrative, September 11 was an isolated event. The Iraq War cannot escape continual comparisons to the Vietnam War, even though the facts of both are completely different.

The result is that failures are also successes for Islamic terror because the media's narrative that there is no war is supported. Each individual act of terror, whether successful or not, is reported as a unique event. Overall, the more failures there are, the less coverage terrorism gets. In many cases, like the riots in Paris, related stories avoided all together because they fill in the links between terrorism and the culture that supports it.

Back to the Electronic Jihad story, I think the growth of cyber terrorism is following the same pattern. The November 11 Electronic Jihad stories, both before and after, minimized the threat of cyber terrorism and the eventual goals. In the same way reports of individual acts of terrorism ignore the context of the broad global culture of radical Islam, individual mainstream stories on cyber terrorism have no context. Don't forget Younis Tsouli, who used his script kiddie skills to enable terrorism.

So what if Electronic Jihad is a program a first grader could code? The point is the culture behind it and the continued attempts to coordinate terrorist wannabes online. There is so much more to Electronic Jihad than scattered denial of service (DDoS) attacks. It is part of the step-by-step culture of radical Islam as it spreads like a virus into every aspect of our lives. It's been a long time since 1928 and terrorists are patient.

Recommended Reading:

• Electronic Jihad v3.0 – What Cyber Jihad Isn't
• A Cyber Jihadist DoS Tool
• “Electronic Jihad” – Not November, But Never?
• The Electronic Jihad (that wasn’t) (from 2006)
• Electronic jihad, not yet… (from 2004–notice the narrative hasn't changed)

Today there is official skepticism reported (see Scepticism over cyber-jihad rumours).

The skeptics are probably closer to being correct in this case. However, because of my previous story about Cyber Jihad, I'm getting increased traffic from Google searches originating from Europe and India. Here are some example referrers from the last hour:

• http:/ / www.google.de/ search?hl=de &q=%22Electronic+Jihad+2.0%22 &meta=
• http:/ / www.google.com/ search?client=opera &rls=en &q=Electronic+Jihad+2.0 &sourceid=opera &ie=utf-8 &oe=utf-8
• http:/ / www.google.com/ search?hl=en &safe=off &client=firefox-a &rls=org.mozilla%3Aen-US%3Aofficial &hs=uTc &q=%22Electronic+Jihad+2.0%22 &btnG=Search
• http:/ / www.google.de/ search?q=Electronic+Jihad+2.0 &ie=utf-8 &oe=utf-8 &aq=t &rls=org.mozilla:en-US:official &client=firefox-a
• http:/ / search.yahoo.com/ search?p=electronic+jihad+software+2.0 &ei=UTF-8 &fr=yfp-t-501-s &pstart=1 &b=21
• http:/ / www.google.de/ search?hl=de &q=+Electronic+Jihad+2.0 &btnG=Google-Suche &meta=
• http:/ / www.google.ie/ search?q=Electronic+Jihad+2.0 &meta=
• http:/ / www.google.com/ search?sourceid=navclient &ie=UTF-8 &rls=SUNA,SUNA:2006-23,SUNA:en &q=Electronic+Jihad+2%2e0

The associated IP addresses for these queries originate in Germany, Denmark, Israel, India, and France (naturally). I rarely have visits from these countries. I average around 1500 unique visits per day and most are U.S. and Canada based.

I think I'm getting this increase in traffic because there are news reports as well as some truth to the Cyber Jihad coordination. However, script kiddies make up a large portion of Internet trouble-makers and there is no shortage of Internet savvy terrorist wannabes. Like all other forms of terrorism, this is grass roots and it's growing. November 11 will probably come and go with no significant cyber attacks. The tech media will probably even cover what happened. However, technology security news rarely makes prime time MSM unless it involves massive identity theft and stolen credit card numbers like T.J. Maxx (and even then it's a sideline story).

Like the rocket attacks in Israel, a lot of small attacks is not news. I estimate that this will not be the first attack, but because it will not amount to much more than some DOS attacks against certain Web sites, the media will move on and ignore the next attack. Hell, the media hardly reports on the massive coordinated attacks originating in China.

Any other President than Bush would have been whole-heartedly supported for hosting the Dalai Lama at the White House and then awarding him the Congressional Medal of Freedom. Ten years ago, the Chinese government would have said nothing. Bush's unpopularity and its position as a global economic player gives the Chinese government a soapbox (see China Says U.S. 'Gravely Undermined' Relations With Dalai Lama Award).

"The move of the United States is a blatant interference with China's internal affairs which has severely hurt the feelings of the Chinese people and gravely undermined the relations between China and the United States," Foreign Ministry spokesman Liu Jianchao told a news conference.

He said Foreign Minister Yang Jiechi had summoned U.S. Ambassador Clark T. Randt to express "strong protest to the U.S. government."

China has warned that giving the award to a person it believes is trying to split the country would have serious consequences for relations, but has not said what it would do.

Well, already China has declared it has an economic nuclear option. I think the huff over the Dalai Lama was a trial balloon to see how the U.S. would react. Specifically, Democrats have been so contrary to Bush, I think the Chinese wanted to see if they could cause Bush further grief by kicking up political dust. Hey, Al Quaida has already proven how easy it is to fracture our politics, so imagine what a legitimate government can do.

Then over the AP wire: China's First Astronaut to Start Communist Party Branch in Space. While you're busy thinking about how the cute little Communists want to participate in the International Space Station, think about implications of this declaration. The same government that makes people just disappear, harvests organs from its own healthy citizens, performs wild medical experiments on otherwise healthy people, tries to smash any non-state-approved religion, steals information to gain technology advantages, and even tampers in U.S. politics by proxy. The outrageously cruel oppression of millions within its own borders is not enough.

There's more coming from an increasingly vocal China as we continue to financially enable their bad behavior.

Then I read this: Dubai's Plans in the US.

A Dubai-based sister company of DP World, who tried to buy a controlling interest in America’s seaports, has now purchased 1,300 acres of land in South Carolina, to be developed into a logistics center and business park.

I think our greatest security risk is our foreign policy. The U.S. ignores bad behavior, questionable business transactions, and blatant attempts to compromise and test security practices. As Bill Gertz wrote about in yesterday's Washington Times, China is trying to acquire a large interest in 3Com:

"There is no doubt as to why the Chinese want a partnership with 3Com," Mr. Hoekstra said in an interview. "They look at this as a key connection to stealing additional secrets from U.S. corporations and from our national security apparatus."

Additionally, Mr. Hoekstra said the merger could help China obtain high-technology hardware to assist the Chinese military in its aggressive efforts to penetrate U.S. government computers and networks.

If the proposed merger goes through, the Chinese will be able to learn details of "things we put in place to block hackers, so they will be in a better position to defeat those defenses," Mr. Hoekstra said.

A defense official said senior policy-makers were caught by surprise by the Huawei deal, in a manner similar to the Pentagon's failure to respond quickly to the proposal last year by United Arab Emirates company Dubai Ports World to manage six major U.S. seaports. That deal was canceled over national security concerns.

Sen. Jeff Sessions, Alabama Republican, said the 3Com-Huawei deal raises more red flags than the Dubai Ports World deal and called on the Bush administration to provide information about the 3Com deal to congressional leaders and request action from Congress if needed.

"If there is a loophole that is allowing valuable defense technology to be obtained by the Chinese military that will enable them to accelerate their military expansion, then we ought to close it," said Mr. Sessions, a member of the Senate Armed Services Committee.

Look how the U.S. has changed since the Cold War. Picture a Russian company buying interest in Boeing in 1985. The media would be all over that. Instead, we hear more about the Obama and Clinton Show than we do about actual current events. The "connect-the-dots" crowd has apparently moved on to other things.

Somebody remind me why we have a State Department? Is that so terrorist-sponsoring countries can buy interest in American companies and finance legal defense funds (probably from the same foreign aid funds sent to them)?

Here's a little reminder of some not-too-distant history. IBM and the Holocaust details how IBM technology helped Nazis organize and dispose of the Jews and other undesirables efficiently. Nazis In Pre-War London, 1930-1939: The Fate And Role Of German Party Members And British Sympathizers details German infiltration into British culture. Anybody who ever said "Never Again!" regarding the rise of the Nazis and the Holocaust should speak up now.

When the reports about Chinese hacking surfaced early this month, the Chinese Foreign Ministry roundly denied them, saying China would never resort to such tactics. Foreign specialists recalled at the time, however, that the People's Liberation Army is believed to have an active information warfare program — as do most advanced militaries — as part of its effort to gain the ability to protect its own computer systems and disable those of adversaries.

The hacking recently alleged in Washington, London and Berlin — and now Beijing — was described as something different, an attempt to burrow into government computers to gain secrets. As such, it appeared to fall more clearly into the domain of espionage.

German Chancellor Angela Merkel, asked late last month whether she had brought up the issue during talks here with Chinese leaders, said, "We must together respect a set of game rules." Premier Wen Jiabao, with whom Merkel had just met, said hacking is a problem faced by all countries and should be combated jointly.

Striking a different tone, Lou said China should also consider the Internet in a larger sense as a threat to its security. He said the United States and other Western countries use advanced technology "to create an information hegemony" and relay unfavorable news from China, raising the risk of social instability.

These countries "have made the Internet a very important channel to infiltrate our politics, strengthening the delivery of Western democracy and values," he added. "More and more frequently, they organize writers to create bad information, exaggerating things that are inharmonious with our development and raise the specter of the China threat on the international scene."

The emphasis is mine. One noticeable thing missing from this is the skepticism applied to our own government. When the Chinese government speaks officially, they are admittedly manipulating information to prevent "social instability". Yet this story seems like a press release from the Chinese government.

To prove his point, Rushing later pulls up WIGLE, a war drivers' database that contains information on some 2.8 million wireless networks and access points that have been mapped by hackers and hobbyists around the world. WIGLE provides much of the same antenna-generated data that we've just collected at the White House — only it's also got a map function, so you can see exactly where the APs are in your area — and which ones are unprotected.

"Kids are adding to WIGLE all the time — it's one of the ways you can look cool," Rushing says. "The more APs you've mapped, the cooler you are."

Rushing superimposes the WIGLE map on Google's real-world satellite photo maps, so that we get an aerial view of the White House and surrounding area, with wireless APs represented as small rectangular boxes. About 4,000 wireless networks and APs have been mapped in less than one square mile around the White House — at least eight of them are shown within the building itself. None of them shows up as accessible, but we can see exactly where they've been detected previously.

If it's wireless, it's not secure. The very fact that Rushing could superimpose a map over reported wireless access points should also make network administrators shiver. Any of these networks could be breached for organized crime or even terrorism. It may be expense to pull cable, but it's better than exposing a network to data theft, ala TJ Maxx.

In a letter to Pfizer employees, Lisa M. Goldman, out of Pfizer's privacy office, said two password-protected laptops owned by consulting firm Axia were stolen out of a car in Boston. The information contained employee names and Social Security numbers.

Letters about the data breach were posted online by TheDay.com. Pfizer could not be reached for comment.

Bernard Nash, a lawyer representing Pfizer, sent a letter to the state attorney general on July 20, notifying him of the data breach. He said the 950 people involved are health care professionals who were or were considering providing the company with contract services. He also noted that additional information, such as home addresses, cell phone numbers, and e-mail addresses, also were compromised.

"All data security incidents are unfortunate, and Pfizer and Axia are committed to maintaining the confidentiality and security of data," said Nash in the letter. "Pfizer is working with Axia to improve data security protections and will apply the lessons learned from this incident to its work with other contractors and its own employees, as well."

Why would a vendor have such important information on a laptop without encrypted hard drives among other hardened security?

United States Attorney Kevin V. Ryan stated, This case highlights the vital importance of protecting the intellectual property and trade secrets not only in Silicon Valley but also for our country's businesses. The alleged economic espionage and theft and export of trade secrets such as these — visual simulation training software that has military application, no less — has real consequences that could jeopardize our country's military advantages in the world, in addition to creating substantial financial losses for our businesses which legitimately developed and owned this information. We are grateful to our law enforcement partners for taking swift and appropriate action here, and also want to acknowledge the pivotal role private industry's ready cooperation has in these investigations.

Since when did military secrets become simple intellectual property? Meng is a spy and stole information that is reported to give another country's military a distinct advantage over ours. However, the U.S. government spent three years investigating Meng, only to cut him a weak plea deal, and then the prosecutors charge him with intellectual property theft.

How did a DOD defense contractor allow a Chinese national access to such sensitive information? This is bothersome. Back in the late 80s when I obtained my own TS-CSI clearance, I had to report any and all connections I had to any communist country. This included relatives, acquaintances, or business relations. I fault the DOD for not classifying the software and for not holding defense contractors to higher standards. If this software was that sensitive, Quantum3D should have been forced to follow certain protocols and hiring practices. It's like the government learned nothing from the Cold War.

Inept management of sensitive information and technology has become a theme with the government these days. Each agency seems to outdo the other with complete incompetence. I think some of this stems from the 1990s when the Government Accounting Office (GAO) analyzed why so many defense contractors were bailing from government contracts. They documented personnel frustrations about bureaucratic processes and inability to make things happen. I also remember that many previous government defense contractors saw the dot com millions and how much easier that seemed than jumping through hoops for a large contract. At the same time, the branches of the military were pressuring the DOD to become more nimble and get better technology faster. What was lost in all of this discussion was how to deal with classified information in a sensible way.

I haven't had TS clearance for a long time now and can't speak directly to current DOD policies versus how they are actually implemented, but as the case of Xiaodong Sheldon Meng demonstrates, the government as a whole has become too passive when it comes to protecting national secrets. The very fact that the comically ineffective ICE was investigating this guy for three years for "economic espionage" is frightening. ICE can't secure the borders and deport illegals, but they are charged with protecting military secrets?

This was a case of incompetence all the way around. The DOD should be enforcing standards for military secrets. That doesn't mean going back to the old days of too-long-for-profit sales cycles for defense contractors, but it does mean holding those contractors to a minimum standard for classified information. Probably the reason the information wasn't classified was to accommodate this particular vendor. ICE's job is to protect the borders, not investigate DOD-related espionage. That is actually the responsibility of the FBI and other agencies participating in the Defensive Information Counter Espionage" program like the DIA and DOD. By the time this went to indictment, it wasn't about military espionage, it became a white collar, seemingly benign crime.

What will it take for these agencies to realize the dangers of not taking information security seriously?

I touched on illegal immigration and M-13 a couple of weeks ago. I have this sinking feeling that, if you will excuse me borrowing a post 9/11 media catch-phrase, the dots are not getting connected. We are again at the beginning of a new national threat and it will continue to spread like a virus until it is at an impossible scale. Those who continue to deny the link between crime and illegal immigration have backed themselves into a corner where they refuse to acknowledge the problem. They have turned the welcome sign on for M-13. What is there to stop them? Maybe they will get deported, maybe not, but right now they don't have a lot to worry about.

First, there is this story that appears early last week in the Washington Post: Border Computers Vulnerable to Attack.

Congress has allocated $1.7 billion for the system since 2002. But in a congressional report to be released today and obtained by The Washington Post, Homeland Security officials said that many vulnerabilities exist throughout the network and the computer stations used at 400 airports, seaports and land crossings. These vulnerabilities could, in turn, spread the risk of cyber-attacks or data losses to some of the government's most sensitive security databases, the officials said.

"Weaknesses existed in all control areas and computing device types reviewed," the Government Accountability Office reported. It called on DHS to "immediately address" problems to avert potentially crippling disruptions or the misidentification of drug smugglers, terrorists and felons trying to enter the country.

"These weaknesses collectively increase the risk that unauthorized individuals could read, copy, delete, add, and modify sensitive information," investigators said.

Ah, the proverbial tax dollars at work. It's staggering how little attention is paid by the government when it comes to secure system. It's inexcusable, but something that is not reported with the same media fervor as Valerie Plame, Gitmo, or Abu Graib.

The other story reflects the poor training and outright negligence of federal government security policies and procedures: IRS employees fall for faux password scam.

TIGTA auditors used social-engineering methods to survey the degree of compliance with data security. Posing as help-desk representatives, they called IRS line employees, including managers and contractors, and asked for their assistance to correct a computer problem. They requested that the employee provide a user name and temporarily change his or her password to one TIGTA callers suggested.

TIGTA test callers convinced 61 of the 102 employees to comply with the requests. Only eight of the 102 employees in the sample contacted the appropriate offices to report or validate the test calls, the report said. The sample employees were from across IRS’ business units and geographic regions.

“We conclude employees either do not fully understand security requirements for password protection or do not place a sufficiently high priority on protecting taxpayer data in their day-to-day work,” said Michael Phillips, TIGTA’s deputy inspector general for audit.

It's ironic how the IRS is proof that we don't get our money's worth out of tax dollars.

I also think it's suspect that CAIR had somebody ready to fly there right away. I am speculating, but that seems an awful lot like another Flying Imam set up.

Back to the suspects: The St. Petersburg Times has a full profile on both of them, but neglects to mention the other terrorist connections at USF: Road trip, 'pipe bombs,' speeding, then arrests.

Mohamed, of 2107 E Nedro Road, moved to Tampa in January to pursue a graduate degree in engineering after studying at a university in Egypt, according to USF officials. Bedier said that Mohamed graduated at the top of his class from a prestigious program in civil and environmental engineering and that he served as a research and teaching assistant at USF.

Megahed, of 4959 Anniston Circle, is known in the local Muslim community as a kind man with a good sense of humor, Bedier said, and his family has lived in Tampa for several years. As a student at USF, he took engineering classes, although he has yet to declare a major, according to Bedier and university officials.

Jail and arrest records show Megahed is 21. They list two dates of birth for Mohamed, making him 24 or 26. Records also conflict over spelling of his second middle name, either Sherf or Sherif. Neither man has a Florida criminal record, state records show.

Bedier heard of the arrests Sunday evening, when Megahed's family, who live in Tampa, called after seeing his photograph on the television news.

Here's what the family knows, Bedier says:

Megahed had hatched a plan for a road trip. He wanted to see the coast, see the Carolinas, Bedier said.

He asked his friends to come along, said it would only cost $30 to $40 per person in gas money, Bedier said. Mohamed took him up on the offer, and the two left Tampa on Friday night, sometime around midnight. Megahed's family isn't sure where the men went or whether they had a destination, Bedier said.

The next thing they heard, Megahed was in jail. Megahed's brother and a CAIR staffer flew to South Carolina on Monday morning, where Megahed's family hired defense attorney Dennis Rhoad to represent the men at a bail hearing. Rhoad did not return a call for comment.

Bedier said he had problems with the accusations.

"We're really concerned about the lack of evidence in this case," he said.

Jassim Aldeen, the 22-year-old president of USF's Muslim Student Association, said he was stunned to learn of the arrests. He knows Megahed and said he doesn't believe there's any truth to the accusations.

"I wanted to hear the facts," he said. "He's very friendly. Every time he speaks he tells a joke."

Yeah, a real comdian, with a pipe bomb.

Yousef Megahed, 21, and Ahmed Mohamed, 24, are facing explosives charges. The two men are USF students.

The Berkeley County Sheriff's Office reportedly found a bomb and bomb-making materials — including chemicals, fuses and igniters — in the trunk of the suspects' car.

An FBI spokesman says it's too soon in the investigation to say there's any link to terrorism.

Yeah, let's not jump to any conclusions about two Muslim men associated with USF carting explosives to a place far from where they live. USF, if you'll remember, was home to Sami Al-Arian, the terrorist professor who plead guilty to conspiring to provide services to the Palestinian Islamic Jihad (PIJ). Don't forget the nearby Islamic Academy of Florida and Ramadan Shallah. I'm not sure what the appeal for terrorists is in Tampa, Florida, but there seems to be a healthy amount of activity coming from there.

In conditional recertification decision documents issued by the state, Bowen outlines an extensive set of requirements that the electronic voting machine vendors will have to meet before their products can be used in elections. The vendors will have to provide the Secretary of State with a document that lists the complete specifications of the hardware and software used by all components of the voting system, identify requirements for "hardening" the configuration of all software on the voting machines including the operating system, create automated testing mechanisms to ensure that individual voting machines conform to the standards established in the hardening requirements document, provide a plan for preventing the propagation of viruses between voting machines, establish documented procedures for performing necessary security updates on the voting machines and the underlying operating systems, collaborate with counties to develop requirements and procedures for protecting the physical security of voting machines, and document a system for auditing vote results.

The decision documents also include source code disclosure requirements. The vendors must provide the Secretary of State with "the source code for any software or firmware contained in the voting system, including any commercial off the shelf software or firmware that is available and disclosable by the vendor." It gets better. According to the documents, "any reasonable costs associated with the review of the source code for any software or firmware contained in the voting system shall be born by the vendor." That's right, the vendors have to hand over their source code and then foot the bill for source code reviews.

Bowen also lays out a series of requirements for election practices. Most notably, election officials will have to conduct complete manual audit counts of all votes tabulated on DRE machines. Use of any kind of Internet connectivity on the machines is strictly forbidden. Finally, the requirements limit the use of Sequoia and Diebold machines to one per polling location.

This is exactly how vendor requirements should work. I've been on both sides of the Request for Proposal (RFP) process and I know that vendors will do whatever they can to meet standards for a government contract. There's no reason for government agencies to not be specific when it comes to technology shopping. I would have required a proprietary operating system, but that's just me. It's apparent that Bowen is serious about security and disappointed with the insecurity of the current voting machines. Now if only other local and federal government agencies would get a clue about security requirements for technology vendors.

FBI agents searched the home of former Justice Department lawyer Thomas Tamm last week in an effort to determine who leaked details of the warrantless eavesdropping program to the news media, Newsweek magazine reported Sunday, citing two anonymous legal sources.

The agents, who had obtained a classified search warrant, took Tamm's desktop computer, two laptops belonging to his children and some of Tamm's personal files, said Newsweek, which granted anonymity to the two sources because they did not want to be identified talking about an open case.

Tamm left the department last year. He had worked in the department's Office of Intelligence Policy and Review, a secretive unit that oversees surveillance of terrorist and espionage targets, according to Newsweek.

When the New York Times runs a story containing information from an individual leaking classified information, they never mention, not once, that leaking classified information is a crime. Even media critics rarely mention the illegality of leaking classified information–unless it's in relation to Valerie Plame. It will be interesting to see how this investigation progresses. I am not holding my breath for the hang Scooter Libby crowd to cry out for the hide of somebody who leaks to the New York Times.

The Entertainment Software Association (ESA) today commended U.S. law enforcement agents and prosecutors’ work in undertaking the nation’s first and largest anti-piracy raid of its kind. The action, code-named "Operation Tangled Web," targeted retailers selling modification chips through the Internet for the Microsoft, Nintendo and Sony game console systems. Law enforcement executed 32 search warrants in more than 20 localities across the country within a 24-hour period.

“Plain and simple, selling and distributing products to illegally bypass game consoles’ piracy protections is a crime with real-life consequences. This is not a game; we’re talking jail time. Enforcement initiatives of this scope send a clear message to both the public and pirate community that this illegal activity will not be tolerated," said Michael D. Gallagher, president of ESA, the trade association representing U.S. computer and video game publishers. "We commend Immigration and Customs Enforcement (ICE), the U.S. Department of Justice, and the participating U.S. Attorneys’ offices for targeting individuals and groups selling ‘mod-chips’ and pirated game software.”

Modification chips or "mod-chips" are typically installed in video game console systems to circumvent the technological protection measures and enable the user to play pirated game software. These chips, as well as other circumvention devices, are illegal under the Digital Millennium Copyright Act (DMCA).

I'm trying to figure out how ICE gets intellectual property laws to enforce; that's normally FBI jurisdiction. ICE may be making points with the gaming industry, but time and time again, ICE has shown nothing but incompetence with immigration laws.

So ICE agents are running around the country, chasing down modified game console chips while individuals from terrorist-sponsoring countries with student visas are disappearing and illegal aliens are sucking every tax dollar out of medical care, school districts, and local law enforcement. This is a matter of priorities and ICE apparently can't prioritize.

"China has powerful controls over content going out and coming in at every gateway," says Jody Westby, chief executive of security consultancy Global Cyber Risk. She argues that the tight relationship between China's government and its Internet service providers–originally established to stop Web users reading about censored topics like Tiananmen and Taiwan–also means the country could better coordinate a defense against online attacks.

In the U.S., by contrast, the autonomy of the Internet may leave it vulnerable to state-sponsored enemies trying to steal classified data or shut down servers controlling energy or telecommunications. "They have a decided defensive advantage," says Westby. "China simply doesn't have the same issues of coordination [the U.S.] would face in the case of information warfare."

…..

The first shots may have already been fired: In August and September 2006, Chinese computers penetrated the State Department and the U.S. Department of Commerce's Bureau of Industry and Security. The attack, known as "Titan Rain," forced the government to replace hundreds of computers and take others offline for a month. While that attack couldn't be traced to any official source, the U.S.-China Economic and Security Review commission subsequently claimed that China is developing computer viruses intended to disable military defense systems.

If China did turn computer viruses into a military tool, the Golden Shield could be used to prevent collateral damage, says Jayson Street, a consultant at the computer security firm Stratagem 1 Solutions. "The firewall would protect China from whatever it releases," says Street. "When a worm goes out, it's not a gun, it's a bomb. It affects everyone. That's why the Golden Shield could be so effective."

Chinese cyber-attacks might take the same form as the denial of service attacks that rattled Estonia, using botnets to overwhelm foreign servers and depending on the Golden Shield to block attempts at retaliation.

The exact anatomy of the shield is known only to the Chinese government, but most security professionals believe it's capable of not only filtering for certain politically charged keywords, but also examining the structure and origin of information moving into and out of the country's networks. That means botnet attacks could be deflected more easily than in the U.S., where there are virtually no checks on international Internet traffic.

Read the whole article.

While the U.S. scrambles to secure military networks during a cyber attack, China will pull the plug and isolate itself from the rest of the Internet. It's interesting how China continues to isolate and oppress its people, build up its military strength, increase its technological prowess with stolen technology, and test responses to deadly products it makes while the U.S. bends over backwards to have trade relations and say nothing of consequence.

See also: Mattel's Fisher-Price Recalls 1.5M Chinese-Made Toys Over Lead Paint

Mr. Ramasamy had reportedly hacked into “Research and Engineering Documents Inquiry System” (REDI) when he was working as an engineer in Caterpillar India Private Limited during January and February this year. The company has an engineering design centre at the Ascendas IT Park in Taramani.

When contacted, Mr. Balu said the accused had gained access to the company’s server headquartered at Peoria in Illinois, US, using another employee’s user ID and password and downloaded over 4,000 confidential documents. A closed circuit camera had visuals of him accessing the server at the time when the files were downloaded. A user log reflected the password and user ID used for gaining entry into the server.

Police arrested Mr. Ramasamy at Hosur, where he was employed with an IT company. They also confiscated the storage media, including hard disk and pen drive, containing the files.

Charges have been framed under Section 66 of the Information Technology Act, 2000 (Hacking) and Section 408 of the Indian Penal Code (Criminal Breach of Trust by clerk or servant).

It makes you wonder about how many of these outsourced resources haven't been caught. It's not like American companies can physically monitor people on the other side of the globe. And while the Indian government is very cooperative today, that doesn't future-proof any of the outsourced information.

Joel Brenner, the director of national counterintelligence, said in an interview in March that China's theft of technology from the United States is a serious problem and that Beijing is “eating our lunch” in terms of compromised know-how.

Chinese spies are “very aggressive” in obtaining technology, often before it is fully developed by U.S. researchers, Mr. Brenner said.

Michelle Van Cleave, a former national counterintelligence executive, said in a recent defense report that Chinese spies are among “the world's most effective” and include civilian and military spies who have “a global reach.”

Recent Chinese espionage successes include design information on all of the most advanced U.S. nuclear weapons, U.S. missile design and guidance technology, electromagnetic weapons and space-launch capabilities, Miss Van Cleave stated.

China also succeeded in frustrating U.S. intelligence-gathering and counterintelligence against China through Leung, Mr. Brenner said.

China's government denies that it engaged in intelligence-gathering against the United States.

Of course they do. It all started when China became so cozy with the Clinton Administration and now apparently feels entitled to U.S. secrets.

When are we going to stop making excuses for our trading partners? Especially when dangerous consumer goods are released and they continue to persecute their own people?

Information outsourcing has far greater security implications than peer-to-peer networks. Congress was all over companies for making peer-to-peer software while federal employees were allowed to install software on computers with sensitive information. I'm assuming that had more to do with publicity than it did the guise of national security. Otherwise, information outsourcing would be on the top of the list of things to investigate. Once that information is in the hands of a company outside our borders, there is really nothing anybody can do to ensure its safety. Nothing.