Transformers 3 Coming to an Airbase near You?

What started out as an in-house phishing security test at an airbase in Guam has gone viral. According to a Networkworld article, what was meant to be a local test of Air Force security against phishing e-mails led to the story being released to the public and spread like fire.

Airman apparently spread the false information to their friends that DreamWorks was looking for 20 people from Anderson Air Force base to be extras in the next Transformers movie.

This type of in-house phishing exercise is a routine occurrence in the military and in major corporations, and is generally seen as a good way of promoting security awareness. But in Andersen’s case, the information in the phishing e-mail started leaking to the civilian world.

“Unfortunately, many of Andersen’s personnel responded to this inject and submitted their personal information to the Web site, and forwarded the information outside of Andersen,” the Air Force base said in a statement.

Okay, I can see how this happened. You have young guys at the Air base thinking this is their chance to be a star. This was a good test. Phishing attacks can be very devious. What I am amazed by is that a short while ago people fell for a real phishing attack that said that North Korea nuked Okinawa.

Just as a reminder, do not give out your personal information to unknown websites. Also, do not click on links in unsolicited e-mails. You also need to be extra careful now with e-mails that you think you have signed up for. Hackers are spoofing e-mails that look like they are from name brand sites, with logos and everything. Clicking on a link in the e-mail takes you to a malware site. It is always best to go to the website manually to see if that deal that is too good to be true really is.

Security Book Preview: The Tao of Network Security Monitoring

“The Tao of Network Security Monitoring, Beyond Intrusion Detection” – By Richard Bejtlich

I don’t normally do this, but I am making an exception for this book.  This is not a full review, but just a preview. I have not finished reading this book, but thought it to be good enough to give you a heads up.

The author, Richard Bejtlich, is the Director of Incident Response at GE, author of the TaoSecurity Blog, and the instructor of the TCP/IP Weapons School. He is also a Harvard graduate and was an Air Force Captain responsible for supervising the Air Force Computer Emergency Response Team (AFCERT).

Okay, first off, if you are new to the computer security field, you may want to skip this book for now. This is not an entry level book. But if you are familiar with Linux, Intrusion Detection Systems and the TCP/IP protocol, this book is for you.

The book starts out with a scenario; you are the head of network security for a large corporation. Strange pop ups are showing up on workstations. Trouble tickets are coming in reporting an abnormal amount of traffic through your border router. Your intrusion detection sensors are all going off and you are notified that an ecommerce site is being attacked by your network.

Bejtlich then asks the 64 Million dollar question, “Now What?”

Bejtlich’s philosophy on network security is that it is not a matter of if you will be attacked, and compromised, but to already have network system monitoring practices in place to deal with these intrusions. He bases this philosophy on Dorothy Denning and Peter Neumann’s report “Requirements and Model for IDES – A Real-Time Intrusion-Detection Expert System”:

  1. Most existing systems have security flaws that render them susceptible to intrusions, penetrations, and other forms of abuse. Finding and fixing all these deficiencies is not feasible for technical and economic reasons.
  2. Existing systems with known flaws are not easily replaced by systems that are more secure – mainly because the systems have attractive features that are missing in the more secure systems, or else they cannot be replaced for economic reasons.
  3. Developing systems that are absolutely secure is extremely difficult, if not generally impossible.
  4. Even the most secure systems are vulnerable to abuses by insiders who misuse their privileges.

Wow, how true that is, and the amazing thing about this report is that it was written in 1985!

Excellent book, as I mentioned before, I have not finished it yet (It’s about 800 Pages!), but so far it has been very good. I have to admit early on that I almost put the book down and walked away, sometimes it seemed a little heady and philosophical (did I mention he was a Harvard grad?), but as I progressed and saw how Bejtlich pulled the information together, I saw the method in the madness and could see the writing for what it truly is, brilliant.

“The Tao of Network Security Monitoring, Beyond Intrusion Detection” available at

The Weapon that Disabled Iraq’s Power Grid

In a prior post on EMP, I mentioned that an EMP weapon could have been used to take out Iraq’s power during the Gulf War. It appears that it may have been something much simpler. Meet the “Blackout Bomb”.

According to a 1999 Boston Globe article, “Blackout Led to Weapon that Darkened Serbia”, chaff (strips of metal military planes use to defend against missile attacks) was dropped mistakenly on a power station in Southern California.  The result – the power station was disabled and Orange County’s power supply was disrupted.

This simple technique was turned into a cluster bomb and used first against Serbia on May 2nd 1999. F-117A Stealth Fighters dropped these weapons on Serbia power stations and the lights went out in over 70% of the country. The weapon was used again 5 days later to hinder Serbia’s attempt to restore power.

In the opening days of Desert Storm, modified tomahawk cruise missiles were used against Iraq. The warheads were made up of bomblets that contained spools of carbon fiber wire. The fine wire shorted out power plants and disabled 85% of Iraq’s electrical production capability.

How exactly does this attack work? According to the FAS Military Analysis Network:

The BLU-114/B detonates over its target and disperses huge numbers of fine carbon filaments, each far smaller than the crude wire spools used in the gulf war. The filaments are only a few hundredths of an inch thick and can float in the air like a dense cloud. When the carbon fiber filaments dispensed from the BLU-114/B submunition contact transformers and other high voltage equipment, a short circuit occurs and an arc is often created when the current flows through the fiber, which is vaporized.

The graphite, which is a conductor of electric current, is probably coated with other materials to enhance these effects. At the spot where the electric field is strongest, a discharge is initiated, and electrons rapidly form an ionized channel that conducts electricity. At this stage current can flow and an arc forms. This causes instantaneous local melting of a certain amount of the material at the surface of the two conductors.

If the current involved is strong enough, these arcs can cause injury or start a fire. Fires can also be started by overheated equipment or by conductors that carry too much current. Extremely high-energy arcs can cause an explosion that sends fragmented metal flying in all directions.

Read more about this amazing weapon at

Special Forces to Take out Cyber Threats?

Interesting article from the Huffington Post last week. Josh Rushing, former Marine Corp Captain, and currently a reported for Al-Jazeera, sat down and interviewed Michael Chertoff, former Secretary of Homeland Security. In the interview Rushing asked Chertoff if he could see the US responding with physical force to a cyber threat:

“Sure, that’s not out of the question. Imagine that country A attacks and seriously affects our systems. And in order to remove the servers, first we go to the country and say you’ve got to shut down this server and the country either says we can’t or we won’t, or we don’t have the ability to do so.

Now then we’d have to decide how do we shut down the server? Do we do it virtually, by going back over the network? Would it be easier to send a group of special forces in an blow the server up? And again because we haven’t really laid out what our doctrine is, there’s uncertainty on both sides about how far we would go. And that creates a certain instability in the system.”

Read more about the interview at the Huffington Post or watch the interview above from Josh Rushing’s “Fault Line” TV show. The views in “Fault Line” do not necessarily reflect the views of this blog.