Security Watch

Homeland Security's Data Collection Project Gets Bigger with ADVISE

The DHS' anti-terrorism information gathering expands, but so does its potential to be abused.

Governance
The Christian Science Monitor recently published an interesting article on ADVISE (analysis, dissemination, visualization, insight and semantic enhancement), a data collection project run by the U.S. Department of Homeland Security (DHS). The premise is to collect as much public and corporation data as possible, and correlate it with U.S. intelligence and law-enforcement records. In doing so, the project hopes to detect terrorist activity and create "entities" -- collections of related data, people, events and actions -- that human analysts will then inspect.

The Electronic Freedom Foundation is understandably concerned about such activities and whether it will be abused by the government. However, such activity is by no means new and is often used by many corporations and others to forecast market trends and other demographic information. What makes ADVISE unique is the potential scope and size of the database that will be created in the process. DejaNews aptly demonstrated that what's said online rarely goes away, and ADVISE takes that to a whole new level. The "genie is already out of the bottle," however, since so much is already archived and available to anyone who wishes to crawl it. It remains to be seen just how access to this data will be regulated to prevent abuse.

Malicious Code
CAIDA analysis on CME-24 (Nyxem e-mail virus, among other names): The Cooperative Association for Internet Data Analysis (CAIDA) recently published analysis it performed on CME-24 infected systems worldwide. According to its data, between 500,000 and 1 million systems from 198 countries were infected. In order of most-infected systems: India, Peru, Italy, Turkey and the U.S. were the hardest hit.

Further analysis of the raw data, however, paints a slightly different picture. Using figures from Internet World Stats, which claims to have 2006 statistics on the number of Internet users in 233 countries, CME-24 could be perceived as having a different effect.

CME-24 infected computers in 198 countries according to CAIDA, so I attempted to determine the percentage of computers within each of those countries that were infected. CAIDA supplied the number of infections per country data and IWS provided the number of Internet users per country data. A simple lookup of one against the other provides the answers. Interestingly, only four of the 198 countries had more than 0.5 percent of their computers infected; 162 of the 198 countries had less than 0.1 percent infection rates. The top four by percentage are:

  1. The Holy See (Vatican City State) with between 7.5 percent and 9.7 percent
  2. Peru with between 1.9 percent and 3.3 percent
  3. Netherlands Antilles with between 1.8 percent and 4.1 percent
  4. Sri Lanka with between 1.4 percent and 2.1 percent

The global average infection rate was between 0.046 percent and 0.093 percent, with the mean country infection rate being between 0.02 percent and 0.033 percent.

Caveat emptor: CAIDA explains why its numbers may be skewed, and nobody is vouching for IWS' numbers...plus there's no guarantee that 1 user = 1 computer = 1 potentially infected system.

Spam
AOL and Yahoo Moving Forward with Paid E-Mail Plans: From the press releases, one would not be wrong in thinking that these companies are introducing services intended to reduce spam; however, it's actually not unreasonable to say that the opposite is true. The distinction might lie in the term "spam" as opposed to unsolicited commercial e-mail, or UCE. UCE is generally accepted as being valid e-mail messages from honest merchants or marketing agencies attempting to sell you legitimate services or products. Spam, conversely, applies to everything else, from sales pitches to malware-laden e-mail blasts.

The proposed services will allow anyone who wants to send UCE to AOL or Yahoo customers the ability to avoid their anti-spam traps and filters, ensuring that those e-mail customers will receive the UCE in their inbox rather than their junk mail folders. The service providers have stated a number of conditions that the mail must meet, such as the fact that the purchaser of this service must be a legitimate representative of the service or product they are selling. Presumably, the companies will also ensure that any governmental compliance requirements are being met, such as valid opt-out mechanisms.

This service is akin to the ability to purchase zip code delivery of flyers via the postal service. On the down side, the price is likely going to be so cheap so as to make UCE prolific. Service providers may even begin sending the UCE to their e-mail customers on their own on behalf of UCE delivery purchasers, thereby avoiding the bounces while protecting the e-mail addresses of their e-mail customers. Such an action would be in line with the postal service model.

On the up side, offering such a service strongly suggests that the service providers feel they have a solid handle on curtailing spam, otherwise why would anyone pay for the UCE delivery service?

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

Privacy
A small Manitoba-based pharmacy happened to have a fax number very similar to U.S.-based Prudential Financial. As a result, the Manitoba company would receive fax intended for Prudential, often including highly sensitive information about Prudential customers. Prudential has purchased the line from the Manitoba company in an effort to stop the information leakage.

One has to wonder whether this is going to cause some enterprising individuals to attempt to purchase fax numbers similar to other large firms and then offer to sell them to those firms. This would be similar to domain name sitting practices that have been happening for years.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus

SharePoint Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.