The Conficker worm (also known as Downadup.AD) appeared last October targeting (surprise! surprise!) Microsoft Windows vulnerabilities common to 2000, XP, Vista, et al.

It has contaminated more than 9 million PCs worldwide, hitting 1.1 million on a single day last January. Conficker has shut down the operations of the French Air Force, 24 RAF air bases, and 75% of the Royal Navy, and infected hundreds of computers serving Germany’s Bundeswehr and Defense Ministry.

New York Times:

The program grabbed global attention when it began spreading late last year and quickly infected millions of computers with software code that is intended to lash together the infected machines it controls into a powerful computer known as a botnet.

Since then, the program’s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corporation for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal. ...

An examination of the program reveals that the zombie computers are programmed to try to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack.

Researchers who have been painstakingly disassembling the Conficker code have not been able to determine where the author, or authors, is located, or whether the program is being maintained by one person or a group of hackers. The growing suspicion is that Conficker will ultimately be a computing-for-hire scheme. Researchers expect it will imitate the hottest fad in the computer industry, called cloud computing, in which companies like Amazon, Microsoft and Sun Microsystems sell computing as a service over the Internet. ...

Several people who have analyzed various versions of the program said Conficker’s authors were obviously monitoring the efforts to restrict the malicious program and had repeatedly demonstrated that their skills were at the leading edge of computer technology.

For example, the Conficker worm already had been through several versions when the alliance of computer security experts seized control of 250 Internet domain names the system was planning to use to forward instructions to millions of infected computers.

Shortly thereafter, in the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet. ...

A report scheduled to be released Thursday by SRI International, a nonprofit research institute in Menlo Park, Calif., says that Conficker C constitutes a major rewrite of the software. Not only does it make it far more difficult to block communication with the program, but it gives the program added powers to disable many commercial antivirus programs as well as Microsoft’s security update features.

“Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm,” said Phillip Porras, a research director at SRI International and one of the authors of the report. “Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft.”

“In the worst case,” Mr. Porras said, “Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.”

The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.

Although there have been clues that the Conficker authors may be located in Eastern Europe, evidence has not been conclusive.

Information Week links this removal tool.

Alarmingly, TrendMicro’s virus encyclopedia entry is “temporarily unavailable.”

Armand de Borchgrave, in the Washington Times, shares some impressive figures from a recent Cyber Security conference.

Cyberwarfare is waged on a massive scale the world over. Ostensibly friendly nations zap each other’s electronic nerve cells frequently, and with reckless abandon. On a single day in 2008, the Pentagon was hit by would-be intruders 6 million times in 24-hour period. Before Sept. 11, 2001, the highest annual figure for cyber attacks against the Pentagon was 250,000.

Speaking not for attribution at a think tank meeting, a Pentagon “cyber warrior,” said it felt “like a perpetual hailstorm pelting an imaginary glass envelope around the Defense Department, but there is still no way of telling whether these were attempted intrusions by teenagers testing their hacking skills or the electronic warfare departments of China and Russia, that we know are constantly flexing their electronic muscles.”...

he Pentagon cybernaut did not disclose how many, if any, of the 6 million attempted intrusions were successful. Another Pentagon insider, speaking privately, said “an important internal e-mail system was taken down for two days.”

Speaking at the same think tank meeting, the chief security officer of a major New York-based financial house said they had been attacked 1 million times in a 24-hour period.

They got the idea from Brussels.

London Times:

The Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state which drives “a coach and horses” through privacy laws.

The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room.

Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.

Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.

A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years. ...

Richard Clayton, a researcher at Cambridge University’s computer laboratory, said that remote searches had been possible since 1994, although they were very rare. An amendment to the Computer Misuse Act 1990 made hacking legal if it was authorised and carried out by the state.

He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.

Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.

Police say that such methods are necessary to investigate suspects who use cyberspace to carry out crimes. These include paedophiles, internet fraudsters, identity thieves and terrorists.

The Association of Chief Police Officers (Acpo) said such intrusive surveillance was closely regulated under the Regulation of Investigatory Powers Act. A spokesman said police were already carrying out a small number of these operations which were among 194 clandestine searches last year of people’s homes, offices and hotel bedrooms.

“To be a valid authorisation, the officer giving it must believe that when it is given it is necessary to prevent or detect serious crime and [the] action is proportionate to what it seeks to achieve,” Acpo said.

Residents of Britain live under a legal regime that arrests people for carrying pen knives, for hunting with hounds, and for politically incorrect speech, and which watches its own citizens’ daily activities via 4.2 million CCTV cameras (one for every 14 people). The current British idea of what exactly is a “serious crime” is not likely to provide much protection for individual liberty or privacy.

Israeli Intelligence mouthpiece DEBKAfile succeeded in restoring service today after a period of outage.

DEBKAfile’s two sites in English and Hebrew came under a massive cyber attack on our servers at the moment Israeli ground forces crossed into the Gaza Strip Saturday night, Jan. 3. The attackers tried and failed to block and replace our content. We did our utmost to restore service as quickly as possible and return to full operation.

DEBKAfile wasn’t the first site hit.

Computerworld reports earlier activity aimed at Israeli business and web domains:

The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet.

Since Saturday (12/27), thousands of Web pages have been defaced by hacking groups operating out of Morocco, Lebanon, Turkey and Iran, said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.

The defacements have primarily affected small businesses and vanity Web pages hosted on Israel’s .il Internet domain space. One such site was that of Israel’s Galoz Electronics Ltd. On Wednesday, the hacked Web site read “RitualistaS GrouP Hacked your System! ! ! The world isn’t insurance! ! ! For a better world.”

Other attackers have placed more incendiary messages condemning the U.S. and Israel and adding graphic photographs of the violence. Warner said he has seen no evidence that any Israeli government site has been hit by these attacks, although they have been targeted.

MacRanger

Obama campaign supporters’ thuggish efforts to suppress criticism of Obama have progressed to the level of hacking attacks (using “sql bombs”) on prominent conservative blogs like Macsmind, published by Jack Moss, who signs his posts “MacRanger.” Moss is a journalist and lecturer, retired from a professional military career focused on Intelligence and Logistics, who writes commonly on Intelligence and Defense issues as well as politics.

Gateway Pundit has the story.

This is MacRanger of Macsmind. As you know I was hacked by operatives of the Obama Campaign last month. Well, it happened again. Basically they flooded the site with “sql bombs” according to the host that caused the shared server to stop running. Subsequently he had to disable the site. This had to do with running the “Obama wants to Disarm America” post which more than 2 million people viewed on the site. Just like the goons in Missouri, the Obama truthers can’t let the truth be known. I’ve now moved the blog back to blogspot at macsmind.blogspot.com at least temporally. Because of the hacking job I had to move to another host but unfortunately they haven’t got the server up yet to redirect the traffic to blogspot. I would appreciate a mention to your readers. I’m getting a couple of hundred emails about “what happened”, but as you can imagine it hard to get the word out by reply.

Thanks,

MacRanger

MacRanger’s temporary site is here.

MacRanger believed the hacking attacks were in response to this political ad criticizing Obama’s avowed policy of unilateral disarmament.

0:51 video

The Hindustan Times says Rusty Shackleford and Aaron Weissburd did it.

They both say they didn’t, and also that they wouldn’t tell you if they did.

Last week a hacker calling himself “Gabriel” claimed to have penetrated the computer of Bloomsbury Publishing PLC, J.K. Rowling’s British publisher, and obtained a copy of the 7th (and promised to be last) Harry Potter book, scheduled to be published 7/21.

Reuters

There is no way to tell if this idiot is telling the truth, but the curious who want to read the purported spoiler may go here.