Newsday has a story that, if true, is fascinating. They are reporting that using technology supplied by Iran, Hezbollah fighters were able to listen in on Israeli radio communications. They of course used this intel to evade the advancing units and counter attack.

“We were able to monitor Israeli communications, and we used this information to adjust our planning,” said a Hezbollah commander involved in the battles, speaking on the condition of anonymity. The official refused to detail how Hezbollah was able to intercept and decipher Israeli transmissions. He acknowledged that guerrillas were not able to hack into Israeli communications around the clock.

…a former Israeli general, who spoke on the condition of anonymity, said Hezbollah’s ability to secretly hack into military transmissions had “disastrous” consequences for the Israeli offensive.

For some interesting reading on this, try Ross Anderson’s Security Engineering on Electronic and Information Warfare [PDF]. This attack also reminds me of the man in the middle attack he talks about in Chapter 2 [PDF].

Hezbollah cracked the code [Newsday]

The day of the primary is a bad day to have your website attacked. It had happened before but this time it looks like a DDOS attack:

But the earlier two attacks involved defacements — the hacker altered content on Lieberman’s home page. This time, attackers toppled the Lieberman site with requests, probably by directing an army of hacked computers at the site.

Lieberman lost the primary and now goes on to run as an independent. Might it be time to find a new host?

Lieberman campaign site, e-mail hacked [MSNBC]

Counter to what the movies might say, hacking grades is not just cheating it’s a crime:

An investigation showed the professor’s network account had been accessed without her permission and grades were assigned to nearly 300 students, prosecutor Robert Fratianne said.

I bet they just guessed her password but still, there’s more legal ways to cheat.

Students face 1 year in jail for hacking [Yahoo News / AP]

An interesting use of the traditionally trusted medium of the phone: leave “accidental” messages on answering machines and voicemail hyping a stock:

The messages were made to seem mistakenly left on answering machines, often made by a caller identifying herself as “Debbie” who wanted to pass along to a girlfriend a “hot” stock tip from a “hot stock exchange guy” she was dating, according to the authorities.

This attack allegedly happened in 2004, so I doubt VoIP was involved, but it would be an excellent attack medium for something like this. The trend here is the cheaper a communications medium becomes, the more it gets exploited, and the less people can trust it.

3 charged in voicemail stock scheme [An Jose Mercury News / AP]

Interesting:

The State Department is recovering from large-scale computer break-ins worldwide over the past several weeks that appeared to target its headquarters and offices dealing with China and
North Korea, The Associated Press has learned.

Investigators believe hackers stole sensitive U.S. information and passwords and implanted backdoors in unclassified government computers to allow them to return at will, said U.S. officials familiar with the hacking.

Their response is even more interesting:

State Department’s emergency response severely limited Internet access at many locations… The department also temporarily disabled a technology known as secure sockets layer, used to transmit encrypted information over the Internet. Hackers can exploit weaknesses in this technology to break into computers, and they can use the same technology to transmit stolen information covertly off a victim’s network.

Yet again again demonstrates that cypto can be used for you or against you.

Agency recovers from computer break-ins [Yahoo/AP]

Thankfully the former head of al-Qaida in Iraq hadn’t discovered laptop or flash drive encryption:

Al-Rubaie said a laptop, flashdrive and other documents were found in the debris after the airstrike that killed the al-Qaida in Iraq leader last week outside Baqouba, and more information has been uncovered in raids of other insurgent hideouts since then.

He called it a “huge treasure … a huge amount of information.”

When asked how he could be sure the information was authentic, al-Rubaie said “there is nothing more authentic than finding a thumbdrive in his pocket.”

Well actually I have every confidence that the NSA could have read it anyway, or at least cracked his password (I’d start with 1nf1d3lsMustD13).

But let this be a reminder that you should always encrypt your organization should always encrypt its plans for world domination strategic information.

Iraq Announces Info From Al-Zarqawi Raid [AP / myway news]

If you haven’t been under a rock, you’ve heard about the theft of the personal data of 25 million Americans from the home of a Veteran’s Administration employee. Some are now estimating up to $500 million to clean it up.

Some Perspective on $500 Million:

• That’s only $20 per person whose data was stolen.
• That equals more than 1/3 of their entire IT budget
• But it’s only about 1/2 of 1% of their entire 2006 Budget
• It’s estimated to be the amount all Phishing scams cost consumers in 2004.

Use this case as a wake-up call to your company. How much would it cost to notify all your customers that their data was lost or stolen? Figure out that number and you can justify a lot of projects.

VA data theft may cost $500 million [zdnet/reuters]