Homeland Security's Data Collection Project Gets Bigger with ADVISE
The DHS' anti-terrorism information gathering expands, but so does its potential to be abused.
The Christian Science Monitor
recently published an interesting article
(analysis, dissemination, visualization, insight and semantic
enhancement), a data collection project run by the U.S. Department of Homeland
(DHS). The premise is to collect as much public and corporation
data as possible, and correlate it with U.S. intelligence and law-enforcement
records. In doing so, the project hopes to detect terrorist activity and create
"entities" -- collections of related data, people, events and actions
-- that human analysts will then inspect.
The Electronic Freedom Foundation is understandably concerned about
such activities and whether it will be abused by the government. However, such
activity is by no means new and is often used by many corporations and others
to forecast market trends and other demographic information. What makes ADVISE
unique is the potential scope and size of the database that will be created
in the process. DejaNews aptly demonstrated that what's said online rarely
goes away, and ADVISE takes that to a whole new level. The "genie is already
out of the bottle," however, since so much is already archived and available
to anyone who wishes to crawl it. It remains to be seen just how access to this
data will be regulated to prevent abuse.
CAIDA analysis on CME-24 (Nyxem e-mail virus, among other names):
The Cooperative Association for Internet Data Analysis (CAIDA) recently published
it performed on CME-24 infected systems worldwide. According to its data, between
500,000 and 1 million systems from 198 countries were infected. In order of
most-infected systems: India, Peru, Italy, Turkey and the U.S. were the hardest
Further analysis of the raw data, however, paints a slightly different picture.
Using figures from Internet World Stats, which claims to have 2006 statistics
on the number of Internet users in 233 countries, CME-24 could be perceived
as having a different effect.
CME-24 infected computers in 198 countries according to CAIDA, so I attempted
to determine the percentage of computers within each of those countries that
were infected. CAIDA supplied the number of infections per country data and
IWS provided the number of Internet users per country data. A simple lookup
of one against the other provides the answers. Interestingly, only four of the
198 countries had more than 0.5 percent of their computers infected; 162 of
the 198 countries had less than 0.1 percent infection rates. The top four by
- The Holy See (Vatican City State) with between 7.5 percent and 9.7 percent
- Peru with between 1.9 percent and 3.3 percent
- Netherlands Antilles with between 1.8 percent and 4.1 percent
- Sri Lanka with between 1.4 percent and 2.1 percent
The global average infection rate was between 0.046 percent and 0.093 percent,
with the mean country infection rate being between 0.02 percent and 0.033 percent.
Caveat emptor: CAIDA explains why its numbers may be skewed, and nobody is
vouching for IWS' numbers...plus there's no guarantee that 1 user = 1 computer
= 1 potentially infected system.
AOL and Yahoo Moving Forward with Paid E-Mail Plans: From the
press releases, one would not be wrong in thinking that these companies are
introducing services intended to reduce spam; however, it's actually not
unreasonable to say that the opposite is true. The distinction might lie in
the term "spam" as opposed to unsolicited commercial e-mail, or UCE.
UCE is generally accepted as being valid e-mail messages from honest merchants
or marketing agencies attempting to sell you legitimate services or products.
Spam, conversely, applies to everything else, from sales pitches to malware-laden
The proposed services will allow anyone who wants to send UCE to AOL or Yahoo
customers the ability to avoid their anti-spam traps and filters, ensuring that
those e-mail customers will receive the UCE in their inbox rather than their
junk mail folders. The service providers have stated a number of conditions
that the mail must meet, such as the fact that the purchaser of this service
must be a legitimate representative of the service or product they are selling.
Presumably, the companies will also ensure that any governmental compliance
requirements are being met, such as valid opt-out mechanisms.
This service is akin to the ability to purchase zip code delivery of flyers
via the postal service. On the down side, the price is likely going to be so
cheap so as to make UCE prolific. Service providers may even begin sending the
UCE to their e-mail customers on their own on behalf of UCE delivery purchasers,
thereby avoiding the bounces while protecting the e-mail addresses of their
e-mail customers. Such an action would be in line with the postal service model.
On the up side, offering such a service strongly suggests that the service
providers feel they have a solid handle on curtailing spam, otherwise why would
anyone pay for the UCE delivery service?
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
A small Manitoba-based pharmacy happened to have a fax number very similar
to U.S.-based Prudential Financial. As a result, the Manitoba company
would receive fax intended for Prudential, often including highly sensitive
information about Prudential customers. Prudential has purchased the line from
the Manitoba company in an effort to stop the information leakage.
One has to wonder whether this is going to cause some enterprising individuals
to attempt to purchase fax numbers similar to other large firms and then offer
to sell them to those firms. This would be similar to domain name sitting practices
that have been happening for years.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.