Oh Happy Day
A few weeks ago published a short post on the demise of Atrivo (aka Intercage). Today Washington Post technology columnist Brian Krebs brings word that McColo Corp., a Northern California hosting firm that had been identified by the computer security community as home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day, has been taken offline.
Host of Internet Spam Groups is Cut Off
Spam Drops After Internet Providers Disconnect a California Hosting Firm
By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, November 12, 2008; 7:16 PMThe volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedy engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.
While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world’s junk e-mail.
The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.
But the company’s web site was not accessible today, when two Internet providers cut off MoColo’s connectivity to the Internet, security experts said. Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening.
Spamcop.net, another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second. Read the rest…
Score one for the good guys… Of course I’m sure we’ll all miss those ads for male enhancement products in inbox… 
Election Day
VOTE
I voted about an hour ago… Turnout was heavy but not overwhelming, I was in and out in about 10 minutes.
Newsflash: Palin E-mail Hacker Indicted
Fox News is reporting that 20-year-old David Kernell of Knoxville, Tenn., has been indicted by a federal grand jury in Knoxville for intentionally accessing without authorization the private e-mail account of Alaska governor Sarah Palin.
Kernell is the son of Tenn. democratic state Rep. Mike Kernell of Memphis, he turned himself in to federal authorities for arrest today.
Michelle Malkin has more here.
Update: Allahpundit asks:
“Any legal eagles (or techies, I guess) want to speculate on why it took the grand jury an extra three weeks to return the indictment? The last time I wrote about this, the FBI reportedly already had the IP logs in hand and had searched his dorm for corroborating evidence. What extra evidence would they have needed to produce to nudge the case over the line of probable cause?”
As a former cop and a techie there’s several reasons, first this is a high profile case that involves a vice presidential candidate… You can not make mistakes, everything has to be done “by the book”, all the T’s crossed and I’s dotted. Second the server logs and IP adresses can get you to the suspects front door but it’s forensic analysis of his or her computer that will established his or her guilt or innocence. Finally, cyber forensics is time consuming process.
The FBI and Secret Service more then likely had a short list of suspects within a day or two… Connecting the all the dots to identify a “prime suspect” and establish probable cause for a search warrant takes days or even weeks. Ditto for conducting a proper forensic analysis of the suspects computer(s) and writing all the reports. All in all I think the FBI and Secret Service handled this case pretty well.
Previous:
- Sarah Palin’s Private E-mail Account Hacked
- Palin E-mail Hack Follow-up
- A Quick Update on the Palin E-mail Hacking Case
Atrivo/Intercage Down For The Count?
Being in the technology business this is something near and dear to my heart… It appears that Atrivo, also know as Intercage is finally down for the count.
Gadi Evron has a post here. Brian Krebs has backgound here.
Sarah Palin’s Private E-mail Account Hacked - Updated
Scroll For Updates…
Network World and Wired are reporting that Sarah Palin’s private Yahoo mail account has been hacked and that screenshots of messages have been posted on various web sites.
From Wired:
Vice-presidential candidate Sarah Palin’s private Yahoo e-mail account was hacked, and some of its contents posted on the internet Wednesday.
The internet griefers known as Anonymous took credit for the intrusion, and screenshots of e-mail messages and photos belonging to the Alaska governor have been published by WikiLeaks. Threat Level has confirmed the authenticity of at least one of the e-mails.
The cache of stolen data contains five screenshots from Palin’s account, including the text of an e-mail exchange with Alaska Lt. Gov. Sean Parnell about his campaign for Congress.
Another screenshot shows Palin’s inbox and a third shows the text of an e-mail from Amy McCorkell, whom Palin appointed to the Governor’s Advisory Board on Alcoholism and Drug Abuse in 2007.
Hacking into someones e-mail is a federal crime punishable by up to five years in prison and it appears that the FBI in coordination with the Secret Service has begun an investigation into this incident. I’m a little fuzzy on the law here but I’m reasonably certain that sites like WikiLeaks and Gawker that published the stolen information could face prosecution along with the hackers.
Update: The McCain Campaign has released the following statement:
“This is a shocking invasion of the Governor’s privacy and a violation of law, the matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment.”
Update: The FBI has confirmed that an investigation is underway. From CNN’s Political Tracker Blog:
FBI Spokesman Eric Gonzalez in Anchorage, Alaska confirms to CNN an investigation is underway.
“We are aware of the allegations and we are coordinating with Secret Service as far as the allegation that someone has hacked into Governor Palin’s personal e-mail account,” he said. “We are going to be working a joint investigation with Secret Service on this.”
Brian Hale, an FBI spokesman in Washington, also confirms the FBI has been contacted about the incident. Two federal law enforcement sources say the FBI and Secret Service would have concurrent jurisdiction normally on a matter such as this, but it remains to be seen if the Secret Service will take the lead on the investigation because Palin is a protectee.
Update: The always indispensable Michelle Malkin has the story behind the story:
This afternoon, I mentioned an infamous group of hackers whose Internet bulletin board was the gathering place for those who bragged about and publicized the Sarah Palin private e-mail hacking.
A tech-savvy reader who monitors the hackers’ site e-mailed me a detailed explanation of how it went down, who was responsible, and how someone with a conscience warned a friend of the Palin family of the crime (language warning):
As an aside… This would be a good time to change your passwords. A strong password should be at least 8 characters and include letters, numbers, and at least one special character. It should also be easy to remember but not easily guessed.
Hat Tip: Michelle Malkin & Ace.
For Additional Updates see:
- Palin E-mail Hack Follow-up
- A Quick Update on the Palin E-mail Hacking Case
- Newsflash: Palin E-mail Hacker Indicted
Smears, Lies and Politics…
It’s getting so you can’t keep track of all the smears, lies and half-truths about Sarah Palin without a scorecard… Michelle Malkin has the latest here and here.
I don’t even know what to say at this point… I don’t have a problem with hardball politics, we all know how the game is played and we accept it certain extent. Unfortunately all these smears, lies and half-truths about Governor Plain and her family go far beyond normal hardball politics though… It’s one thing to question a candidates record and/or qualifications, dragging his or her family through the mud is another matter. It’s unacceptable and I suspect most Americans are disgusted by it.
Computer Crime…
Here an interesting video from Mikko Hyppönen at F-Secure that talks about one of the common misconceptions about computer crime and viruses. A lot of people think that since we haven’t had a major virus outbreak like the Melissa or Sasser worms in quite awhile the situation is getting better… As Mikko points out it’s not, it’s getting worse.
Georgia On My Mind…
I’m deeply troubled by the news out of Georgia, I’m not a expert on the region and I’m not going to try and play one on the internet. What I am doing to do to point you to two excellent posts by C. Blake Powers at Blackfive.net.
The first is titled “No, It’s Not Good At All“, the second is “The Devil Went To Georgia“. There’s also an excellent OpEd by Georgian President Mikheil Saakashvili in today’s Wall Street Journal.
The War in Georgia
Is a War for the West
By Mikheil Saakashvili, August 11, 2008; Page A15Tbilisi, Georgia
As I write, Russia is waging war on my country.
On Friday, hundreds of Russian tanks crossed into Georgian territory, and Russian air force jets bombed Georgian airports, bases, ports and public markets. Many are dead, many more wounded. This invasion, which echoes Afghanistan in 1979 and the Prague Spring of 1968, threatens to undermine the stability of the international security system. Read the rest…
SCOTUS Gets It Right…
I have to admit I’m plesentantly surpised by the Supreme Courts ruling in District of Columbia v. Heller (07-290). The court, in my opinion, got it more or less right.
I don’t know anyone who is arguing for an unfettered right to own firearms. The second amendment of the Constitution guarantees our right own firearms and what the court did in Heller is to strike the district’s unreasonable restrictions that effectively denied D.C. residents the right own a firearm and protect their homes and property while preserving the states right to place reasonable restrictions on the ownership, sale or transfer of firearms.
Stop by the SCOTUSBlog for a more in depth analysis.
Race to Zero? How About Bad Idea…
I’ve been busy and haven’t been in a blogging mood over the last couple of days but I thought I’d point out a couple of great posts by David Harley and Randy Abrams at ESET’s Threat Center blog.
They’re both about the Race to Zero contest being held during the Defcon 16 conference.
What is the Race to Zero contest? The contest organizers describe it as:
The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.
David and Randy do a great job of laying why the Race to Zero is a bad idea… Anti-virus developers are receiving samples of thousands of new viruses and other malicious programs every month we don’t need contests that encourage the creation of new viruses.
Anti-virus software is not 100 percent effective and is often grossly oversold… It’s a risk mitigation tool that when used in combination with Sex Hex practices can reduce your chances of having your system compromised by malware.
Update: Eugene Kaspersky, one of the most respected people in the anti-virus industry weighs in on the Race to Zero here. Suffices to say he’s vehemently opposed to it.