Update from the Garbage Patch

Back on August 7, I posted a note about Project Kaisei, a research expedition to the Great Pacific Garbage Patch, an area in the North Pacific Ocean, bigger than Texas, in which a large amount of primarily plastic rubbish has been collected  by the prevailing winds and currents.   The National Science Foundation has reported today that the first of the two research vessels involved, the New Horizon, has completed its sample-collecting trip.

What they found, 1000 miles from the coast of California, was not a pretty picture.  The ship trawled through the area, collecting samples at various depths:

On August 11th, the researchers encountered a large net entwined with plastic and various marine organisms; they also recovered several plastic bottles covered with ocean animals, including large barnacles.

The research team also collected a large number of plastic bottles, many inhabited by a variety of sea creatures.  (The NSF press release has a number of images of some of the rubbish found.)   It’s striking, and sad, that there is all this junk floating out there in the middle of the ocean.

… and Credit Unions

The National Credit Union Administration has issued a Fraud Alert to its member credit unions, warning against a new malware attack targeting them.  The attack is carried out by mailing the target credit union a bogus “Fraud Alert”, and enclosing two CDs that supposedly contain training materials to help defend against the fictional threat.  The CDs contain malware to subvert the target’s systems:

The subject of the fraudulent letter itself is a purported NCUA FRAUD Alert. The letter advises credit unions to review training material (contained on the CDs). DOING SO COULD RESULT IN A POSSIBLE SECURITY BREACH TO YOUR COMPUTER SYSTEM, OR HAVE OTHER ADVERSE CONSEQUENCES.

This, along with the attacks against small- and medium-sized businesses that I discussed in my last post, is probably indicative of the steadily growing involvement of organized crime in computer-based fraud.  Unlike the scatter-gun tactics of early computer viruses, these attacks are targeted, and aimed at stealing money.  Credit unions are probabbly being targeted because they, on average, are probably less sophisticated about security matters.

If your business or organization receives unsolicited material on CDs or other media, the same advice applies as in the early days of floppy-disk-borne viruses.  Do NOT open the media, unless it has first been checked for malware.  The best way to do this, particularly if you need to receive media from external sources, is to use a dedicated machine, not connected to the network, for the scanning.  You might even consider running Linux or one of the BSDs as the OS, and running Windows, if necessary, in a virtual machine.

Update, Thursday, 27 August, 16:17

The SANS Internet Storm Center is now reporting that this incident was not an actual attack, but an authorized security test.  As they note, though, good security practices are still called for.