Watch list hobbled by data errors
Four years after the federal government launched the interagency Terrorist Screening Center and assigned it the daunting task of harmonizing more than a dozen separate watch lists, balky technology and quirky business practices still combine to introduce gaps and errors in the critical database.
For example, several known or suspected terrorists were not properly identified in the Terrorist Screening Database, including 20 watch list records that were not made available to frontline officials, according to a report from the Justice Department’s inspector general. “We also found that the number of duplicate records in the database has significantly increased since our last review,” the IG’s auditors said.
The screening center has not completed the process of merging its source material, and the participating agencies have retained business practices that apparently prevent a standard approach, officials familiar with the systems said.
The center’s director, Leonard Boyle, said in an interview that each of the databases that originally contributed information to the TSDB operated according to different business rules, which has hampered consolidation efforts.
Researchers create RFID random number generator
Researchers at the University of Massachusetts have found an inexpensive way to produce sets of truly random numbers for radio frequency identification tags. The technique, which creates a unique fingerprint for each tag, involves reading the state of the memory of the RFID tag as it is being powered up.
Daniel Holcomb, Wayne Burleson and Kevin Fu performed the research with funding from the National Science Foundation. The RFID Consortium published the results in the most recent edition of the Proceedings of the Conference on RFID Security.
The researchers said having a source of truly random numbers has been a grand challenge for computer science. Programs that encrypt data require a robust source of random numbers, but computers by themselves are incapable of generating truly random numbers.
Algorithms have been written that can help machines produce pseudo-random numbers, or numbers that statistically resemble random numbers but contain subtle repeatable patterns. Such patterns can be used to decipher a message encrypted with those digits.
The researchers found a way to produce a set of random numbers from an RFID tag by reading the binary states of the tag’s memory cells. They reported that the numbers produced by that method have passed a test for statistical randomness from the National Institute of Standards and Technology.
The researchers also reported that the variations in each tag’s gates are varied enough to be used as a way to uniquely identify, or fingerprint, each tag. Like snowflakes, each tag is slightly different.
Worm sparks spam outbreak
A 24-hour outbreak of the StormWorm in mid-August apparently was responsible for a 30 percent spike in spam two days later, according to an analysis of malicious activity on the Internet by MessageLabs.
Before the outbreak of worm activity Aug. 15, the typical dot-com domain received an average of 366 pieces of spam e-mail per hour, said Paul Wood, a senior security analyst at MessageLabs. Two days after the outbreak, spam activity peaked at 491 messages an hour.
Spam activity typically goes up after outbreaks of worms that can infect networked computers with malicious code to make them spam servers. Most of the spam consisted of text-based stock fraud messages intended to pump up the price of a stock so it could be sold for a large profit.
There are no firm figures for the number or size of botnets StormWorm has seeded, but estimates place the number of compromised computers at 1.5 million to 1.8 million. That figure is not high compared with the numbers of infections carried out by mass-mailing worms earlier in the decade, but “it’s certainly the biggest we've seen in the last five years or so,” Wood said.
Read more technology news on Government Computer News’ Web site at www.gcn.com.
