Monday, November 30, 2009

Complete DHS Daily Report for November 30, 2009

Daily Report

Top Stories

 DarkReading reports that researchers at Red Condor detected a new phishing attack that promises to enhance the security of the user’s emailbox and then downloads a banking Trojan instead. Red Condor says it has stopped more than 3.5 million messages belonging to the spam campaign, which was detected on November 20. (See item 46 in the Information Technology Sector below)

 According to the Associated Press, the Governor of New Jersey asked the President on November 25 to declare much of the Jersey shore a disaster area due to damages exceeding $49 million from a recent coastal storm. Tourism is New Jersey’s second-largest industry, accounting for nearly $39 billion a year, much of it from the shore. (See item 54)

54. November 25, Associated Press – (New Jersey) NJ Governor Corzine seeks Presidential declaration of disaster area for Jersey Shore. The Governor of New Jersey asked the President on November 25 to declare much of the Jersey shore a disaster area due to damage from a recent coastal storm. The Governor wrote that damages will exceed $49 million. He said emergency funds to restore beaches, dunes and structures are needed immediately to protect lives and homes from further winter storms now that many coastal areas are unprotected. “Beach erosion is extensive,” the letter stated. “Many of the beaches along our coast have been eroded to the point they offer little protection from future storms. The damages already sustained to the beaches and dunes will render New Jersey particularly vulnerable to these weather systems until restoration is completed.” The Governor also wrote that the beaches are a crucial part of the state and local economies. Tourism is New Jersey’s second-largest industry, accounting for nearly $39 billion a year, much of it from the shore. The storm, which lasted from November 11 to 15, caused extensive erosion in Cape May, Atlantic and Ocean counties. Roofs were blown off buildings, a key shore bridge was damaged and had to be closed when it was struck by a wayward barge, dunes were wiped out and entire communities flooded. Source: http://cbs3.com/local/New.Jersey.Governor.2.1334593.html

Details

Banking and Finance Sector

13. November 27, Lansing State Journal – (Michigan) Williamston man pleads guilty in Ponzi scheme. A 28-year-old Williamston man has pleaded guilty in federal court to running a $1.3 million Ponzi scheme, authorities said. According to the U.S. Attorney’s Office in Grand Rapids, the man admitted the week of November 23 that he set up a stock trading company, known as Kingdom First Trading, and solicited investors by promising returns higher than market rate. He consistently lost money in trading, but hid that from investors by e-mailing fake account statements that said they were earning sizable profits and accumulating large balances, authorities said. He took money from new investors to pay earlier investors. He also used that money for rent, automobiles and jewelry, authorities said. He will be sentenced on March 15, 2010 and faces up to 20 years in prison. He pleaded guilty Monday to wire fraud, according to court records. As part of the plea agreement, he must pay more than $1.31 million in restitution to the victims. Source: http://www.lansingstatejournal.com/article/20091127/NEWS01/311270006/1001/NEWS/Williamston-man-pleads-guilty-in-Ponzi-scheme

14. November 27, Wall Street Journal – (International) Technical glitch shuts London trade for hours. London Stock Exchange Group PLC (LSE) on November 26 was hit by a technical glitch, forcing it to suspend the trading of U.K. stocks for more than three hours. The exchange stopped trading of shares at 10:33 a.m. GMT (5:33 a.m. EST) after receiving reports that some stocks had “connectivity issues,” a spokesman said. Trading resumed at 2 p.m. GMT, but the cause of the problem was still being investigated. The glitch comes a day after the chief executive officer reiterated plans for the LSE to replace its TradeElect trading engine with a new, faster one. It also comes after another glitch earlier this month when 300 stocks could not be traded for an hour and a half before the market closed. An LSE spokesman said that “There were a number of connectivity issues this morning, so we placed all the order-driven securities into an auction period.” Source: http://online.wsj.com/article/SB10001424052748703499404574559372702658330.html?mod=rss_markets_main

15. November 23, WRTV 6 Indianapolis – (Indiana) Police: Skimmers take unsuspecting customers’ cash. Several suspected ATM skimming incidents have been reported in recent weeks in communities north of Indianapolis, prompting police to release a surveillance picture of one man believed to be involved. A Carmel police detective said the man pictured recently used a victim’s credit card to buy electronics at Fry’s Electronics on 96th Street in Fishers and a Best Buy store on Michigan Road in Carmel. He said he thinks the victim’s credit card may have been swiped and reproduced through a skimmer at an area gas station and that similar crimes have occurred recently in Fishers, Westfield, Noblesville, Lawrence and Indianapolis. “There have been several victims throughout Hamilton County, and that card information has been used everywhere from Avon to Muncie...down to Greenwood and a lot of places in between,” said the Carmel police lieutenant. Consumers should closely look at any device in which they are swiping a credit or debit card. Source: http://www.theindychannel.com/news/21698452/detail.html

16. November 23, The Register – (International) iPhone worm infects devices and redirecs Dutch online bank users to a phishing site. The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct. Surfers visiting the site with infected devices are redirected to a phishing site designed to harvest online banking login details, the BBC reports. ING Direct told the BBC it planned to warn users’ of the attack via its website, as well as briefing front line call center staff on the threat. The chief research officer at F-Secure said the threat had in any case been neutralized. “It [the worm] was targeting ING. The websites it needed for this to work have now been taken down.” Anti-virus analysts, still in the process of analyzing the malware, caution that the attack is a bit more complex than simple phishing and seems to involve an attempt to snatch SMS messages associated with online banking transactions. Although the “Duh” or Ikee-B worm exploits the same SSH backdoor as the original Ikee worm, the latest malware is far more dangerous than its predecessor. Doh turns compromised devices into a botnet under the control of unidentified hackers. The Rickrolling ikee worm, by contrast, only changes users’ wallpaper to an image of a pop singer. As previously reported, compromised phones are left under the control of a botnet server in Lithuania. Duh changes the root password of compromised iPhones, allowing crooks to log into compromised units and carry out malicious further actions. A SophosLabs researcher used a password cracking tool to discover the malware changes iPhone root passwords from ‘alpine to ‘ohshit’. In addition to the two iPhone worms, an earlier hacking/extortion attack (targeting iPhone users in the Netherlands) also exploited the default password SSH backdoor on jailbroken iPhones. Security experts strongly advise users of jailbroken phones to change their passwords from ‘alpine’ immediately to avoid further attacks along the same lines. Source: http://cyberinsecure.com/iphone-worm-infects-devices-and-redirecs-dutch-online-bank-users-to-a-phishing-site/

For another story, see item 46 in the Information Technology Sector below

Information Technology

44. November 27, The Register – (International) Smut-ladened spam disguises WoW Trojan campaign. A malicious spam campaign that attempts to harvest online game passwords under the guise of messages containing smutty photos is doing the rounds. The tainted emails have subject lines such as “Do you like to find a girlfriend like me?”, and an attached archive file called “my photos.rar”. The supposed video files actually harbored video files and a password-stealing Trojan called Agent-LVF, which is designed to steal the login credentials of World of Warcraft gamers. Security firm Sophos reckons it is likely the stolen credentials and associated in-game assets will be sold through underground sites, earning hackers a tidy profit in the process. “A surprising amount of malware is designed to steal registration keys, passwords and data from players of computer games,” said a consultant at Sophos. “This isn’t just about doing better in a computer game. Criminals are stealing virtual assets like armour, money and weapons to trade for hard cash in the real world.” Source: http://www.theregister.co.uk/2009/11/27/wow_trojan_spam/

45. November 25, ComputerWorld Canada – (National) H1N1’s IT threats may not be taken seriously. It appears that the threat of an H1N1 outbreak has not prompted enterprises to re-evaluate their disaster recovery plans or better enable a mobile workforce, according to a new Cisco Systems Inc. study. The networking giant found that only 22 percent of survey respondents consider their remote-access infrastructure to be disaster-ready. The survey polled 500 IT security decision-makers at U.S. health-care, financial, retail, and public sector organizations last month. In addition, the reported indicated that 21 percent of respondents admitted to having no employees enabled to work remotely and 53 percent said that less than half of their employees are capable of working from home. The director of security solutions marketing at Cisco said many of these organizations will be the hardest hit in the event of a flu pandemic. But even less extreme circumstances, such as a major road closure or a winter storm, would probably have a noticeable impact on the business as well. Ensuring that all essential workers are enabled with remote-access capabilities is crucial, he added, to operating business as usual during unexpected events. Providing remote VPN connectivity back into the office might be enough for a mobile worker that just requires e-mail or a select few applications, but for employees who require real-time communication and full telephony capabilities, some investments should be made, he said. A security analyst at Fusepoint Managed Services Inc. said the first issues he would address as an IT security leader would be technology-related. “Do we have the tools and technologies in place for employees to be working remotely?” he said. “Do we have the bandwidth? Do we have the storage capability within our phone systems and e-mail servers to be able to queue two or more weeks of data from more than 40 percent of your missing staff?” Source: http://www.itworldcanada.com/news/h1n1s-it-threats-may-not-be-taken-seriously/139420

46. November 25, DarkReading – (International) New exploit masquerades as Flash Player upgrade. Researchers have detected a new phishing attack that promises to enhance the security of the user’s emailbox — and then downloads a malicious Trojan instead. The email requests that recipients click on a link in the body of the email to update the “security mode” of their emailboxes, according to researchers at Red Condor, an email security tool vendor. Users who click on the link are taken to a Website that advises them to update to the latest version of the Macromedia Flash Player by downloading “flashinstaller.exe.” This executable is actually a banking Trojan that is known to disable firewalls, steal sensitive financial data, and provide hackers with remote access capabilities, Red Condor says. The malware is more commonly known as Win32:Zbot-MGA (Avast), W32/Bifrost.C.gen!Eldorado (F-Prot), PWS-Zbot.gen.v (McAfee), or PWS:Win32/Zbot.gen!R (Microsoft), the researchers note. The spam campaign was detected late on November 20; within the first six hours, Red Condor says it blocked more than 500,000 email messages. So far, the company says it has stopped more than 3.5 million messages belonging to this campaign. Source: http://darkreading.com/security/attacks/showArticle.jhtml?articleID=221901213&cid=ref-true

47. November 25, eWeek – (International) Symantec Web site hack exposes user data. A hacker recently demonstrated how a SQL injection vulnerability in a Symantec Web site could be exploited to reveal user data. Symantec says the vulnerability only impacts customers in Japan and South Korea. A Web site operated by security firm Symantec was hacked — giving an attacker a sneak peak at sensitive customer data. The Romanian hacker known as Unu exploited a blind SQL injection problem to get his hands on clear-text passwords associated with customer records and other data. Unu used sqlmap and Pangolin to demonstrate the vulnerability, and published screenshots to his blog. According to Symantec, the vulnerability was on its pcd.symantec.com site, which is used to facilitate customer support for Symantec’s Norton products in Japan and South Korea. “At this time, we believe that this incident does not affect Symantec customers anywhere else in the world,” a Symantec spokesperson said November 24. “This incident impacts customer support in Japanand South Korea but does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of ensuring that the Website is appropriately secured and will bring it back online as soon as possible.” According to Unu, his goal was not to cause harm, but to create a stir so the problem would be fixed. A Trend Micro Advanced threats Researcher said sensitive data should never be stored in clear text and bounds checking of input data can help avoid buffer overflows and SQL injection attacks. Source: http://www.eweek.com/c/a/Security/Symantec-Website-Hack-Exposes-User-Data-639128/

48. November 25, IDG News Service – (International) Metasploit releases IE attack, but it’s unreliable. Developers of the open-source Metasploit penetration testing toolkit have released code that can compromise Microsoft’s Internet Explorer browser, but the software is not as reliable as first thought. The code exploits an Internet Explorer bug that was disclosed recently in a proof-of-concept attack posted to the Bugtraq mailing list. That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals. The original attack used a “heap-spray” technique to exploit the vulnerability in IE. But for a while Wednesday, it looked as though the Metasploit team had released a more reliable exploit. They used a different technique to exploit the flaw, but Metasploit eventually pulled its code. Microsoft said via e-mail Wednesday afternoon that it was “currently unaware of any attacks in the wild using the exploit code or of any customer impact.” The two versions of the browser that are vulnerable to the flaw — IE 6 and IE 7 — are used by about 40 percent of Web surfers. The flaw lies in the way IE retrieves certain Cascading Style Sheet objects, used to create a standardized layout on Web pages. Concerned IE users can upgrade their browser or disable JavaScript to avoid an attack. Source: http://www.computerworld.com/s/article/9141485/Metasploit_releases_IE_attack_but_it_s_unreliable?taxonomyId=17

49. November 24, Forbes – (International) The year of the mega data breach. According to the Identity Theft Resource Center (ITRC), government agencies and businesses reported 435 breaches as of November 17, on track to show a 50 percent drop from the number of breaches reported in 2008. That would make 2009 the first year that the number of reported data breaches has dropped since 2005, when the ITRC started counting. But the decrease in data breaches is deceptive. In fact, the number of personal records that were exposed by hackers has skyrocketed to 220 million records so far this year, compared with 35 million in 2008. That represents the largest collection of lost data on record. “Why are organizations that have these massive amounts of our data still not encrypting it?” the ITRC director says. “When we know we have these super breaches going on, why are they resisting a technology that could prevent them?” Setting aside 2009’s two “super breaches” — Heartland Payment Systems and the National Archive and Records Administration — the ITRC only recorded around 14 million lost records this year, a comparatively small number. But the chief executive of the Ponemon Institute doubts that the ITRC accounting is complete. Ponemon does not believe the adoption of DLP and encryption is stemming the flood of personal data. He says those technologies are often implemented spottily and can not keep up with all the new places from which data can be stolen, from smart phones to Web collaboration tools. “We shouldn’t take false comfort in the idea that companies are doing a better job of this,” Ponemon says. “There’s no question that more companies are using DLP and encryption tools. But there’s always a human factor, and many people simply don’t take these technologies seriously.” Source: http://www.forbes.com/2009/11/24/security-hackers-data-technology-cio-network-breaches.html

For more stories, see item 16 in the Banking and Finance Sector above and 53 below in the Communications Sector

Communications Sector

50. November 27, Associated Press – (Iowa) Animal knocks out cable in eastern Iowa town. An animal chewed through a cable line, knocking out cable and Internet service to roughly 1,000 customers in an eastern Iowa town. The disruption occurred Thursday afternoon in Bellevue, near Dubuque. Officials say service is slowly being restored to subscribers of Bellevue’s municipal cable system. One official says cable and Internet service was restored by about 8:30 p.m Thursday, but that it is taking time to get all customers back on line. Source: http://www.kcautv.com/Global/story.asp?S=11579874

51. November 25, ZDNet – (National) DreamHost customers hit with nightmare. Hosting company DreamHost had trouble keeping its customer sites up and running as it migrates to a new data center. The problems began to appear on November 22 and were stretching almost into Thanksgiving. Customers reported that their sites were down for 24 hours at a clip and when there was a recovery it was not a reliable one. Among the problems are the following. DreamHost has been upgrading their shared hosting hardware. The upgrade went wrong. Customer support did not know what was going on. Source: http://blogs.zdnet.com/BTL/?p=27841

52. November 25, U.S. Environmental Protection Agency – (National) Verizon Wireless voluntarily discloses environmental violations. Verizon Wireless has agreed to pay a $468,600 civil penalty to settle self-disclosed violations of federal environmental regulations discovered at 655 facilities in 42 states. Verizon voluntarily entered into a corporate audit agreement with the U.S. Environmental Protection Agency and conducted environmental compliance audits at more than 25,000 facilities nation-wide. The Environmental Appeals Board at EPA has approved an administrative settlement resolving violations Verizon found through its compliance audits. Verizon audited facilities that include cell towers, mobile switch centers, call centers, and administrative offices. As a result of its audit, the company reported violations of clean water, clean air, and emergency planning and preparedness regulations to EPA. Verizon promptly corrected the violations found during its audit, which included preparing and implementing spill prevention, control, and countermeasure plans, applying for appropriate air permits, and submitting reports to state and local emergency planning and response organizations informing them of the presence of hazardous substances. Source: http://yosemite.epa.gov/opa/admpress.nsf/d0cf6618525a9efb85257359003fb69d/aa169813e7e6464085257679006910ef!OpenDocument

53. November 25, IDG News Service – (International) Redirecting DNS requests can harm the Internet, says ICANN. The Internet Corporation for Assigned Names and Numbers (ICANN) on Tuesday condemned the practice of redirecting Internet users to a third-party Web site or portal when they misspell a Web address and type a domain name that does not exist. Rather than return an error message for Domain Name System requests for nonexistent domains, some DNS operators send back the IP address of another domain, a process known as NXDOMAIN substitution. The target address is often a Web portal or information site. Handling DNS requests this way has a number drawbacks that could lead to the Internet not working properly, according to ICANN. For example, users sending e-mail to a domain that does not exist should get an immediate error message. However, if the message is redirected to a site set up to handle Web traffic, it is likely to get queued and an error message will not arrive for days, ICANN said. Also, users will get longer response times if the site to which they are supposed to be redirected goes down. Redirection sites are prime targets for attacks by hackers that want to send users to their own servers. There are also privacy issues, according to ICANN. If sensitive data is redirected via a country with a different jurisdiction and local law, there could be consequences for both users and registries, it said. ICANN published its opinions and findings in a draft memo before the introduction of new generic top-level domains (gTLDs). The organization discourages the practice of redirecting requests for nonexistent domains, and suggested banning it in a draft of the agreement owners of the new gTLDs would have to sign. ICANN wants domain owners wishing to redirect DNS requests to first explain why doing so will not cause any problems. Source: http://www.pcworld.com/article/183135/redirecting_dns_requests_can_harm_the_internet_says_icann.html

Friday, November 27, 2009

Complete DHS Daily Report for November 27, 2009

Daily Report

Top Stories

 According to the Associated Press, Toyota Motor Corp. said on November 25 it will replace accelerator pedals on 3.8 million recalled vehicles in the United States to address problems with the pedals becoming jammed in the floor mat. As a temporary step, Toyota will have dealers shorten the length of the gas pedals beginning in January while the company develops replacement pedals for their vehicles, the Transportation Department and Toyota said. (See item 8)

8. November 25, Associated Press – (National) Toyota to replace 3.8 million gas pedals. Toyota Motor Corp. said on November 25 it will replace accelerator pedals on 3.8 million recalled vehicles in the United States to address problems with the pedals becoming jammed in the floor mat. As a temporary step, Toyota will have dealers shorten the length of the gas pedals beginning in January while the company develops replacement pedals for their vehicles, the Transportation Department and Toyota said. New pedals will be available beginning in April, and some vehicles will have brake override systems installed as a precaution. Toyota, the world’s largest automaker, announced the massive recall in late September and told owners to remove the driver’s side floor mats to prevent the gas pedal from potentially becoming jammed. Popular vehicles such as the Toyota Camry, the top-selling passenger car in America, and the Toyota Prius, the best-selling gas-electric hybrid, are part of the recall. It includes the 2007-10 model year Camry, 2005-10 Toyota Avalon, 2004-09 Prius, 2005-10 Toyota Tacoma, 2007-10 Toyota Tundra, 2007-10 Lexus ES350 and 2006-10 Lexus IS250/350. The recall involving the accelerators was Toyota’s largest in the U.S. It was prompted by a high-speed crash in August involving a 2009 Lexus ES350 that killed a California Highway Patrol officer and three members of his family near San Diego. The Lexus hit speeds exceeding 120 mph, struck a sport utility vehicle, launched off an embankment, rolled several times and burst into flames. To fix the problem, Toyota and the government said dealers will shorten the length of the accelerator pedal on the recalled vehicles and in some cases remove foam from beneath the carpeting near the pedal to increase the space between the pedal and the floor. They said owners of the ES350, Camry and Avalon would be the first to receive notification because the vehicles are believed to have the highest risk for pedal entrapment. Source: http://www.msnbc.msn.com/id/34145358/ns/business-autos/

 The IDG News Service reports that a 32-year-old California man has pleaded guilty on November 20 to charges that he sold thousands of counterfeit chips to the U.S. Navy. (See item 11)

11. November 24, IDG News Service – (National) Man pleads guilty to selling fake chips to US Navy. A 32-year-old California man has pleaded guilty to charges that he sold thousands of counterfeit chips to the U.S. Navy. In a plea agreement reached on Friday, a Newport Coast, California man pleaded guilty to conspiracy and counterfeit-goods trafficking for his role in an alleged chip-counterfeiting scam that ran between 2007 and 2009. The man, his wife, and her brother operated several microchip brokerage companies that imported chips from Shenzhen, in China’s Guangdong province. They would buy counterfeit chips from China or else take legitimate chips, sand off the brand markings and melt the plastic casings with acid to make them appear to be of higher quality or a different brand, the U.S. Department of Justice said in a press release. Source: http://www.computerworld.com/s/article/9141438/Man_pleads_guilty_to_selling_fake_chips_to_US_Navy

Details

Banking and Finance Sector

13. November 24, KTVB 7 Boise – (Idaho) Text message scam targeting bank customers. Nampa, Idaho, officers say a text message scam is circulating that claims to be an “emergency notification” concerning their bank account – and tries to get the victim to call a toll-free number. When someone calls, they are solicited for account information or charged an extreme amount of money for making the call itself. Police say that the latest round is targeting customers of Mountain Gem Credit Union. Police warn you to ignore the text, and not to give any information out unless you are sure where it is going. If you have questions, you are advised to call your local bank branch. Source: http://www.ktvb.com/news/Text-message-scam-targeting-bank-customers-72748877.html

14. November 24, DarkReading – (International) CSI annual report: financial fraud, malware on the increase. Malware and financial fraud were among the chief “growth threats” posed to businesses in 2009, according to a new study from the Computer Security Institute that will be published next week. CSI’s 14th annual security survey, which will be distributed in conjunction with a free December 1 Webcast, covers a wide range of issues related to security management, including current threats, data loss statistics, and trends in technology usage. Respondents reported big jumps in the incidence of financial fraud (19.5 percent, over 12 percent last year); malware infection (64.3 percent, over 50 percent last year); denials of service (29.2 percent, over 21 percent last year), password sniffing (17.3 percent, over 9 percent last year); and Web site defacement (13.5 percent, over 6 percent last year). The survey showed significant dips in wireless exploits (7.6 percent, down from 14 percent in 2008), and instant messaging abuse (7.6 percent, down from 21 percent). “The financial fraud was a major concern because the cost of those incidents is so high,” says Sara Peters, senior editor at CSI and author of this year’s report. Financial fraud costs enterprises approximately $450,000 per incident, according to the study. While financial fraud costs rose in 2009, average losses due to security incidents of all types are down this year — from $289,000 per respondent to $234,244 per respondent, CSI says. Those numbers are still higher than 2005 and 2006 figures. Twenty-five percent of respondents stated the majority of their financial losses in the past year were due to nonmalicious actions by insiders. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221901046

Information Technology

27. November 24, Department of Justice – (Florida) Former United Way employee sentenced for damaging charity’s computer network. The acting United States attorney for the Southern District of Florida, and the Special Agent in Charge, Federal Bureau of Investigation, Miami Field Office, announced the sentencing of a defendant on charges of computer fraud. On November 24, a U.S. district court judge sentenced the defendant to 18 months’ imprisonment, to be followed by three years of supervised release. In addition, the Court ordered him to pay more than $50,000 in restitution. According to documents filed with the Court, the defendant was a former employee of United Way of Miami-Dade (“UWMD”). He was employed as a computer specialist from July to December 2007. Approximately one year after he left UWMD’s employ, the defendant accessed United Way’s network without authorization. He deleted numerous files from UWMD’s servers and disabled UWMD’s telephone voice mail system, which prevented callers from leaving messages for UWMD and prevented UWMD employees from accessing their voice mail accounts. The defendant pled guilty to computer fraud on September 16, 2009. Source: http://miami.fbi.gov/dojpressrel/pressrel09/mm112409.htm

28. November 24, GAO Info – (National) FBI puts cyber threats in perspective. The FBI considers the cyber threat against our nation to be one of the greatest concerns of the 21st century. Despite the enormous advantages of the Internet, U.S. networked systems have a gaping and widening hole in the security posture of both our private sector and government systems. An increasing array of sophisticated state and non-state actors have the capability to steal, alter or destroy our sensitive data and, in the worst of cases, to manipulate from afar the process control systems that are meant to ensure the proper functioning of portions of our critical infrastructure. Moreover, the number of actors with the ability to utilize computers for illegal, harmful, and possibly devastating purposes continues to rise. When assessing the extent of the cyber threat, the FBI considers both the sophistication and the intent of U.S. adversaries. The most sophisticated actors have the ability to alter our hardware and software along the global supply chain route, conduct remote intrusions into our networks, establish the physical and technical presence necessary to re-route and monitor our wireless communications, and plant dangerous insiders within our private sector and government organizations. The actors that currently have all of these capabilities - which is a finding that is distinct from whether and when they are using them - include multiple nation states and likely include some organized crime groups. The FBI has not yet seen a high level of end-to-end cyber sophistication within terrorist organizations. Still, the FBI is aware of and investigating individuals who are affiliated with or sympathetic to al-Qaeda who have recognized and discussed the vulnerabilities of the U.S. infrastructure to cyber attack, who have demonstrated an interest in elevating their computer hacking skills, and who are seeking more sophisticated capabilities from outside of their close-knit circles. Should terrorists obtain such capabilities, they will be matched with destructive and deadly intent. Source: http://www.govinfosecurity.com/articles.php?art_id=1962

For another story, see item 29 below

Communications Sector

29. November 24, IDG News Services – (International) Palm, Sprint pursue lost data from Pre, Pixi. Palm and Sprint are trying to solve problems some users have had moving data from one Palm webOS device to another, a task that has caused some to lose contacts and calendar entries, according to blogs and online user comments. Users of the Palm Pre and Pixi, the first two devices to run Palm’s webOS, can back up contacts, calendar entries, tasks and memos to an online Palm Profile. From that password-protected Web page, they can synchronize that data to another webOS device over the air if they have to change phones for any reason. Normally, one copy of that data resides on the handset and the other in the user’s Palm Profile on Palm’s servers. But some users who have had to replace or reset their webOS devices have found large amounts of their information missing and apparently irretrievable, according to a post last week on the Palm-oriented blog Pre Central. Several people posted comments on the item, describing data losses. Palm said in a statement it is working with Sprint to solve the problems those users are having. “We are seeing a small number of customers who have experienced issues transferring their Palm Profile information to another Palm webOS device,” the company said. “Palm and Sprint are working closely together to support these customers to successfully transfer their information to the new device.” It’s not the first glitch in online backup for mobile phones. Last month, many users of the T-Mobile Sidekick phone from Microsoft’s Danger division lost contacts, photos and other data permanently after a server failure. The incidents could raise concerns among consumers about relying on network-based synchronization instead of backing up data to their own PCs or Macs. Source: http://www.computerworld.com/s/article/9141461/Palm_Sprint_pursue_lost_data_from_Pre_Pixi

Wednesday, November 25, 2009

Complete DHS Daily Report for November 25, 2009

Daily Report

Top Stories

 According to the San Francisco Examiner, water officials are rushing to repair a massive pipe, one of the two pipes that carry drinking water into an out-of-service reservoir, to ensure the eastern half of San Francisco continues to have clean water. (See item 18)

18. November 24, San Francisco Examiner – (California) Half of the city in danger of losing water. Water officials are rushing to repair a massive pipe to ensure the eastern half of San Francisco continues to have clean water. With one of the two pipes that carry drinking water into an out-of-service reservoir, the San Francisco Public Utilities Commission, which handles water distribution, is rushing to make the repairs, lest anything damage the second pipe. Joints between steel pipes laid in recent decades inside a tunnel 40 feet underground were found to be corroded late last month after leaking water flooded Tioga Avenue in the Visitacion Valley neighborhood. The corroded, 36-inch pipe, called Crystal Springs 1, is one of two built to carry Hetch Hetchy Valley snowmelt north from the Crystal Springs Reservoir on the Peninsula into the University Mound Reservoir in San Francisco. The water is then stored and distributed to the eastern half of the city, including downtown. All the water that had been carried by the pipe is now being fed through Crystal Springs 2, a 60-inch pipe that runs roughly parallel to the older pipe. It is not known when Crystal Springs 1 began leaking, but 2,200 feet of piping was shut down after the leaks were detected last month, preventing any water from flowing through. If Crystal Springs 2 fails because of old age or due to an earthquake before Crystal Springs 1 is repaired, the University Mound Reservoir could run dry within two days, according to the Public Utilities Commission water manager. The reservoir is one of two major ones in the city. If such a scenario unfolds, utility workers would have to frantically attempt to reroute the water network to continue providing water for eastern and downtown San Francisco. “If [Crystal Springs] 2 went out for some reason, we would really be hard-pressed to deliver water,” the water manager said. “Our plumbers would have to work miracles.” The Public Utilities Commission is not equipped to repair the corroded pipe, agency documents show. Repair work by A. Ruiz Construction is expected to last until the end of December, agency documents show. Source: http://www.sfexaminer.com/local/Half-of-The-City-in-danger-of-losing-water-72191267.html

 The Register reported that a bug in Microsoft’s Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said. (See item 28 in the Information Technology Sector below)

Details

Banking and Finance Sector

9. November 24, CNN – (National) Bank ‘problem’ list climbs to 552. Despite the frenetic pace of bank failures this year, 552 banks are still at risk of going under, according to a government report published Tuesday. The Federal Deposit Insurance Corp. (FDIC) said that the number of lenders on its so-called problem list climbed to its highest level since the end of 1993. At that time, the agency red-flagged 575 banks. Mounting bank failures have proven costly for the FDIC, an agency created to cover the deposits of consumers and businesses in the event that a bank is shut down. On Tuesday, the agency revealed its deposit insurance fund slipped into the red for the first time since 1991. At the end of the quarter on September 30, the value of the fund was $8.2 billion in the hole. But that number accounts for $21.7 billion the agency has set aside in anticipation of future bank failures. The ongoing recession has already claimed 124 banks this year. But fears persist that the number will multiply in coming years because banks are still taking losses on mortgage-related loans and face growing problems with commercial real estate. The banks that end up on the problem list are considered the most likely to fail because of difficulties with their finances, operations or management. Still, history has shown just 13% of banks on the list have failed on average. Source: http://money.cnn.com/2009/11/24/news/companies/fdic_list/index.htm

10. November 23, WFAA 8 Dallas-Fort Worth – (National) Electronic pickpocketing threatens credit cards, passports. Thousands of travelers and consumers can fall victim to electronic pickpocketing and never even know it because they carry new credit cards and U.S. passports. Credit card issuers, along with the U.S. State Department, have begun installing radio frequency identification (RFID) chips in credit cards and passports because the technology holds more data than magnetic stripes and can be read quicker. But, that convenience, experts warn, can also put people at risk of having their information taken. RFID chips are commonly found in cards used to raise gates in parking garages and unlock doors at businesses. All one has to do is simply swipe the card in front of a reader. Within the last few years, that same technology has been introduced to credit cards and U.S. passports, potentially putting holders at risk. It does not matter if the cards are kept in a wallet or a purse since they can transmit through them when prompted by a RFID reader, which are for sale on eBay. Using free software, hackers using a RFID reader can easily obtain account numbers and expiration dates simply by placing the reader within a few inches of the card. The only credit cards that are vulnerable are those that allow users to tap or pass a reader to pay rather than swiping. Some might also have a symbol on them that indicate they transmit. Source: http://www.wfaa.com/home/Electronic-pick-pocketing-threatens-credit-cards-passports-72070657.html

11. November 23, DarkReading – (International) Employees willing to steal data; companies on the alert. Employees know it is illegal to steal company data, but they are prepared to do it anyway. Companies know their employees are a chief threat to their data, but most are not doing much about it. These are the takeaways from two separate studies published today by security vendors Cyber-Ark and Actimize. Taken together, the studies paint a sobering picture of the state of trust and security within the corporate walls. In its study, Cyber-Ark surveyed some 600 workers in the financial districts of New York and London and found that most workers are not shy about taking work home — and keeping it for their own use. Eighty-five percent of the respondents to the Cyber-Ark survey said they know it is illegal to download company data for personal use, but 41 percent said they already have taken sensitive data with them to a new position. About a third of respondents said they would share sensitive information with friends or family in order to help them land a job. Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers. Of those who plan to take competitive or sensitive corporate data, 64 percent said they would do so “just in case” the data might prove useful or advantageous in the future. Twenty-seven percent said they would use the data to negotiate their new position, while 20 percent plan to use it as a tool in their new job. Customer and contact lists were the top priority for employees to steal, registering 29 percent of the respondents. Plans and proposals were next (18 percent), with product information bringing up the rear (11 percent). Thirteen percent of savvy thieves said they would take access and password codes so they could get into the network once they have left the company and continue downloading information and accessing data. Source: http://www.darkreading.com/insiderthreat/security/management/showArticle.jhtml?articleID=221900815

Information Technology

27. November 24, IDG News Services – (International) Microsoft issues security advisory on IE vulnerability. Microsoft on November 23 issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer. Earlier in the day, the company said it was investigating the incident which emerged over the weekend when someone published the exploit code to the Bugtraq mailing list. By Monday night, Microsoft switched gears and issued the advisory. There have not been any active exploits of the vulnerability reported so far. Microsoft released Security Advisory 977981, which includes workarounds for an issue that exposes a flaw in Cascading Style Sheets that could allow for remote code execution. Vulnerabilities that allow remote-code execution generally result in patches rated as critical by Microsoft. The advisory confirmed the vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft’s said users running IE 7 on Vista can configure the browser to run in Protected Mode to limit the impact of the vulnerability. It also recommended setting the Internet zone security setting to “High” to protect against the exploit. The “High” setting will disable JavaScript, which currently is the only confirmed attack mode. Microsoft said IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected. For an attack to work, the hacker would first have to get his victim to visit a Web site that hosted the exploit code. This could be a malicious Web site set up by the hacker himself or it could be a site that allows users to upload content. Another way cyber criminals have launched this type of attack, however, is by hacking into legitimate Web sites. Earlier this week, for example citizen’s band radio vendor Cobra Electronics disclosed that it had been hacked in June, most likely by a professional hacker who had used the site to download malware to customers. Source: http://www.computerworld.com/s/article/9141378/Microsoft_issues_security_advisory_on_IE_vulnerability

28. November 23, The Register – (International) IE bug leaks private details from 50m PDF files. A bug in Microsoft’s Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said. The documents stored in Adobe’s PDF format display the internal disk location where the file is stored, an oversight that can inadvertently expose real-world names and login IDs of users, the operating system being used and other information that is better kept private. The data can then be retrieved using simple web searches. Google searches such as this one expose almost four million documents residing on users’ C drives alone. Combined with searches for other common drives, the technique exposes more than 50 million files that display the local disk path, according to Inferno, a security researcher for a large software company who asked that his real name not be used. “If they have those kind of PDFs, somebody can use search engines to find out user names or do more reconnaissance on the operating systems used,” he told The Register. “That actually invades the privacy of a user.” The potentially sensitive data is included in PDFs that have been printed using Internet Explorer. The full path location is appended to its contents as soon as the Microsoft browser is used to print the document. Although the data isn’t always exposed when the document is viewed with Adobe Reader, it is easily readable when the file is opened in editors such as Notepad, and the text is also available to Google and other search engines. This PDF, for example, was stored at C:\Program Files\Wids7\WizardReport.htm at time of printing. The path makes it clear that the file was stored on a Windows machine that has software from Worldwide Instructional Design System installed. Other PDFs give up directory names that reveal authors, projects or other data that may have been designated confidential. The only way to remove the path is erase the text in an editor and save the document. Source: http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/

29. November 23, The Register – (International) Google hoodwinked into pushing Chrome OS scareware. Rogue anti-virus scammers have tainted search results for Chromium OS - the open source version of Google’s Chrome OS - in a bid to expose surfers hunting the web operating system to a fake anti-virus scan scam instead. Search terms such as “chromium os download” point to sites featuring scripts that redirect stray surfers towards scareware scam portals. These sites falsely report that users PCs are loaded with malware before pushing users to download a clean-up tool little or no utility. The SecureKeeper utility offered through the scam uses a series of aggressive and misleading tricks to coerce people into paying $49.95 to purchase a licence, as explained in a blog post by security firm eSoft here. Something very similar happened when Google released its Wave collaboration tool. In both cases, surfers are only redirected to scareware-punting portals in cases where they arrive as bobby-trapped URLs via Google search results. Both the Google Wave and Chromium Os scams refer to a product or service that is not yet generally available, a factor that arguably increases the potency of scams. Both attacks (like many before them) rely on black hat Search Engine Optimisation techniques. Cybercrooks typically break into well-established sites and create webpages stuffed full with relevant keywords, cross-linked to other sites doctored using the same technique. The tactic is geared towards tricking search engines into pushing manipulated URLs higher up the search engine indexes for targeted terms. Source: http://www.theregister.co.uk/2009/11/23/chromium_scareware/

30. November 23, Wall Street Journal – (International) EarthLink says email service restored. EarthLink on Monday blamed a server migration for the outages that disrupted email service for its customers over the weekend but said the problem has been solved. Many EarthLink subscribers lost email access over the weekend due to a server migration. “Some EarthLink email customers experienced a delay in receiving emails over the weekend. This issue was associated with EarthLink’s migration of our MindSpring customers to a new EarthLink email server,” a spokeswoman for the Atlanta Internet-services providers said in a statement. “EarthLink has corrected the problem and we believe all delayed emails have been delivered to our customers.” Source: http://blogs.wsj.com/digits/2009/11/23/earthlink-says-email-service-restored/

Communications Sector

31. November 24, McClatchy – (Texas) TWTC fire in Dallas blamed for Sunday Internet out. A short-circuit and fire in Dallas is being blamed for a broadband outage Sunday night that left 7,314 Windstream customers in Kerrville and the surrounding Hill Country without Internet access for about 12 hours. A division vice president for Windstream, a telecommunications company providing Internet and telephone service, said the problem was with equipment for Time Warner Telecom. In order to provide broadband service to Kerrville, Windstream uses data transport lines operated by Time Warner Telecom that connect to a central hub in Dallas. He said he was informed by Time Warner Telecom that a short-circuit in the Time Warner Telecom equipment caused a “localized fire,” which caused an outage from around 3:50 p.m. Sunday until 4:10 a.m. Monday. The outage affected customers from Kerrville to the Harper area Source: http://www.tradingmarkets.com/.site/news/Stock News/2676502/

For more stories, see item 30 above in the Information Technology Sector

Tuesday, November 24, 2009

Complete DHS Daily Report for November 24, 2009

Daily Report

Top Stories

 According to the Macon Sun, officials say eight railroad cars, one loaded with thousands of gallons of sulfuric acid, derailed in a sparsely populated rural area west of Columbia on November 22. (See item 4)

4. November 22, Macon Sun – (South Carolina) Rail car loaded with acid derails in central SC. Officials say eight railroad cars, one loaded with thousands of gallons of sulfuric acid, derailed in a sparsely populated rural area west of Columbia. Officials tell The State newspaper that no injuries have been reported and that residents of two nearby houses have gone to stay with relatives. The derailment Sunday morning was near Gilbert, about 30 miles from the capital city. Officials say no immediate danger exists because the tank car containing the acid had not leaked. Sulfuric acid gives off harmful fumes that can burn the skin and eyes. About 50 emergency workers on the scene had gas masks ready. A spokesman for Norfolk Southern, says the train had 10 cars in all, including two locomotives. The spokesman says the train was traveling from Linwood, North Carolina to Savannah, Georgia. Source: http://www.macon.com/220/story/927044.html

 The Agence France-Presse reported that a radiation leak on November 21 at Three Mile Island, the site of the worst nuclear accident in US history, sent home about 150 workers. (See item 9)

9. November 22, Agence France-Presse – (Pennsylvania) Radiation leak at Three Mile Island nuclear plant. A radiation leak Saturday at Three Mile Island, the site of the worst nuclear accident in US history, has sent home about 150 workers, the Nuclear Regulatory Commission reported Sunday. “They had an airborne radiological contamination alarm,” an NRC spokeswoman told AFP. “They evaluated all the workers, a handful of workers — I don’t have a precise number — had contamination. They since have been decontaminated,” she said. About 150 people work in the building where the leak occurred. “There was no impact on public health safety and it does not appear to have an impact on the workers,” she said adding that “this kind of incident occurs once in a while.” So far, “they don’t know the origin of the contamination,” the spokeswoman said. “There were a lot of activities going on at the time and when the alarm sounded. The engineers are working to determine what the cause was.” “It’s a minor incident,” she said stressing it was “under control.” Source: http://www.google.com/hostednews/afp/article/ALeqM5gTVMy0-BHwG4jKMvQ8deGgaWwA-w

Details

Banking and Finance Sector

14. November 23, BBC – (International) New iPhone worm can act like botnet say experts. A second worm to hit the iPhone has been unearthed by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank’s customers to a lookalike site with a log-in screen. The worm attacks “jail-broken” phones - a modification which enables the user to run non-Apple approved software on their handset. The handsets at risk also have SSH (secure shell) installed. SSH is a file-transfer program that enables users to remotely connect to their phones. It comes with a default password, “alpine” which should be changed. Users who have installed SSH and not changed the password are especially at risk. The new worm is more serious than the first because it can behave like a botnet, warns F-Secure. This enables the phone to be accessed or controlled remotely without the permission of its owner. “It’s the second iPhone worm ever and the first that’s clearly malicious - there’s a clear financial motive behind it,” a F-Secure research director told the BBC. “It’s fairly isolated and specific to Netherlands but it is capable of spreading.” He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot. Source: http://news.bbc.co.uk/2/hi/technology/8373739.stm

15. November 23, Bank Info Security – (Texas) Former Texas credit union employee convicted in insider fraud case. A former credit union employee pled guilty to embezzling more than $30,000 from his employer, First Service Credit Union in Houston, says a U.S. attorney. The 41 year old, of Houston, pled guilty last week in the U.S. Southern District Court, admitting to bank fraud and aggravated identity theft arising from a scheme he devised while working at the credit union as the Senior Vice President of Area Operations. He was responsible for managing and supervising credit union employees and the daily operations of the branches of the credit union. In that position, he transferred money from one customer’s account into another without their knowledge, the U.S. attorney said. The guilty party would then withdraw the funds using ATM cards he also obtained without the customer’s consent. From December 1, 2006, through January 31, 2008, he made more than 200 ATM illegal account transfers and illegal ATM withdrawals, totaling more than $30,000. The guilty party’s fraud came to light in 2008, when a first Service Credit Union member reported suspicious activity. Source: http://www.bankinfosecurity.com/articles.php?art_id=1960

16. November 21, Miami Herald – (Florida) Commerce Bank of Southwest Florida seized, promptly sold. Banking regulators seized Commerce Bank of Southwest Florida and sold the tiny Fort Myers bank to Central Bank, of Stillwater, Minnesota, marking the 124th U.S. bank to fail during 2009 and the 12th in Florida. The sole branch of Commerce Bank of Southwest Florida is set to reopen Monday as a branch of Central Bank. Central Bank, a small Minnesota-based institution, has recently been buying up failed institutions. It previously had no banking presence in Florida. The Federal Deposit Insurance Corp. was appointed receiver of the failed bank by the Florida Office of Financial Regulation. The FDIC agreed to share in losses related to $61 million of Commerce Bank’s assets as part of its deal with Central Bank, which is taking on all of the bank’s $79.7 million in assets. The FDIC estimates the bank failure will cost its insurance fund $23.6 million, which it said was the least costly resolution it could find. Source: http://www.miamiherald.com/business/story/1345074.html

17. November 21, Eugene Register-Guard – (Oregon) 13 indicted in loan fraud case. A federal grand jury in Eugene has indicted 13 people, including a Junction City man, on mortgage and loan fraud charges linked to the collapse of a Bend real estate development firm, federal officials announced on November 21. According to the indictments, various financial institutions lost more than $19 million after lending Desert Sun Development officials money for several commercial and residential projects, some of which were never built. As part of the scheme, Desert Sun Development officials are alleged to have told lenders that construction was under way on some buildings when in fact it was not. The company shut down last year. The affected banks include Eugene-based Liberty Bank, Portland-based Umpqua Bank, Minneapolis-based US Bank and Tennessee-based First Horizon Home Loan Corp. “These indictments represent a significant step in the government’s efforts to detect and prosecute mortgage fraud,” an acting U.S. attorney said. “The conduct alleged in these indictments is typical of what has caused so much havoc in the mortgage and financial sectors.” The Desert Sun case is believed to be the largest lending fraud investigation in Oregon to arise from a decade long national real estate boom that finally went bust in 2008. Source: http://www.registerguard.com/csp/cms/sites/web/updates/23422053-55/story.csp

Information Technology

37. November 23, DarkReading – (International) Microsoft: ‘TaterF’ worm top malware threat so far this month. Microsoft’s Malicious Software Removal Tool (MSRT) removed malware from more than 1.5 million machines just three days after it was updated on November’s Patch Tuesday, and the software giant has detected two new fake antivirus threats on more than 110,000 machines. The latest statistics come on the heels of Microsoft’s recently published Security Intelligence Report, which found worms jumped 98.4 percent to the number two threat, behind Trojans. Trojans include rogue antivirus software. One of the worm families Microsoft attributed that jump to was TaterF, which so far is also the most prevalent piece of malware MSRT has killed this month, according to Microsoft’s latest statistics: The TaterF worm was found on 239,870 machines. TaterF is a worm that steals online gaming credentials and spreads via Microsoft’s Autorun feature and has hit enterprises hard because users who play games at home infect their work machines via USB keys, for instance, according to Microsoft. According to the SIR report from earlier this month, the number of machines infected with TaterF has increased from 2 million machines in the second half of last year to 4.9 million in the first half of this year. This month, the top threats found by Microsoft’s MSRT are mainly password-stealers like TaterF that grab online gaming credentials, online banking credentials, and other online user accounts. Rogue AV products and Trojan downloaders for them were also high on the list, as well as Trojan downloaders that typically infect machines via drive-by attacks. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221900560

38. November 21, CNET News – (International) Firefox: Heat and the CPU usage problem. Firefox has a CPU usage issue and, consequently, can cause overheating problems in some laptops, particularly ultraportables. This is documented on a Mozilla support page entitled “Firefox consumes a lot of CPU resources.” The page states: “At times, Firefox may require significant CPU [central processing unit] resources in order to download, process, and display Web content.” And forum postings like this one about a Dell Netbook are not uncommon: “Mini9 would get way too hot.” The Mozilla support page goes on to say that “you can review and monitor CPU usage through specific tools” and describes ways to limit CPU usage, such as: “A Firefox add-on, called Flashblock, allows you to selectively enable and disable Flash content on Web sites.” CPU usage can become an issue in ultraportables—typically under an inch thick—which are more sensitive to heat because of the design constraints. Source: http://news.cnet.com/8301-13924_3-10396076-64.html

39. November 21, Journal Register News Service – (National) Hackers indicted for disrupting Comcast. Three men associated with the computer hacker group Kryogeniks were indicted in federal court Thursday for allegedly disrupting Comcast Internet service and redirecting online traffic to Web sites they had set up. The 2008 cyber attack prevented subscribers of www.comcast.net from accessing their e-mail, digital voicemail and other services on the Web site that an estimated 5 million people connect to on a daily basis. The three men were charged with conspiring to hack into the computer network in May of last year, according to the U.S. Attorney’s Office of the Southeastern District of Pennsylvania. Source: http://www.pottstownmercury.com/articles/2009/11/21/news/srv0000006880580.txt

40. November 20, The Register – (International) Wrecking CRU: hackers cause massive climate data breach. The University of East Anglia has confirmed that a data breach has put a large quantity of emails and other documents from staff at its Climate Research Unit online. CRU is one of the three leading climate research centres in the UK, and a globally acknowledged authority on temperature reconstructions. CRU declined to say whether it would attempt to halt the data breach. In a statement a spokesman told The Register: “We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all of this material is genuine.” A 61MB ZIP file was posted on a Russian FTP server on November 20. It contains over a thousand emails, and around three thousand other items including source code and data files. A spokesman confirmed there had been a hack, and that staff documents had been published, but declined to say whether the University would be seeking to halt further dissemination of the data. Source: http://www.theregister.co.uk/2009/11/20/cru_climate_hack/

Communications Sector

41. November 23, Trading Markets – (International) VOD ‘Vodafone back-up system failed during recent network outage. The widespread failure of Vodafone Netherlands’ GSM and UMTS network on 18 and 19 November was caused by a unique combination of factors. On 18 November, one out of the four network nodes in Amsterdam fell out. There is a back-up system for such events but the system did not go into action. As a result, almost 5 million Dutch customers were unable to call, be called or send or receive SMSs. When the system was restored in the evening, disturbances were still felt during the entire day on 19 November, before call and SMS traffic went back to normal. Source: http://www.tradingmarkets.com/.site/news/Stock News/2673345/

Monday, November 23, 2009

Complete DHS Daily Report for November 23, 2009

Daily Report

Top Stories

 According to Wired, a health insurer lost 1.5 million patient records last May but waited six months to disclose the incident. The data, which was stored on a portable disk drive that disappeared from the insurer’s office, was unencrypted and included patient Social Security numbers, bank account numbers and health data. (See item 16)

16. November 19, Wired – (Connecticut) Health insurer loses 1.5 million patient records. A health insurer lost 1.5 million patient records last May but waited six months to disclose the incident. The data, which was stored on a portable disk drive that disappeared from the insurer’s office, was unencrypted and included patient Social Security numbers, bank account numbers and health data, according to the Hartford Courant. The disk also contained personal information on at least 5,000 physicians. Health Net discovered the loss in May but never informed patients, law enforcement or government entities, despite data breach laws in some states that require data spillers to notify victims and state officials when residents are affected by a breach. The insurer finally sent a letter to Connecticut’s attorney general and the state’s Department of Insurance this week. Health Net claimed it took six months to determine what data was on the missing disk. It said that data on the disk was compressed and stored in an image format that required special software to view, which was available only to HealthNet. Source: http://www.wired.com/threatlevel/2009/11/healthnet

 According to IDG News Services, a Seattle computer security consultant says he has developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack. (See item 25 in the Information Technology Sector below)

Details

Banking and Finance Sector

9. November 20, Empire State News – (National) Former investment company owner pleads guilty to laundering proceeds of mortgage fraud. A 35 year old of Albany pled guilty in United States District Court in Albany to a one-count information charging him with the felony offense of laundering of monetary instruments in connection with his role in an extensive mortgage fraud scheme that defrauded financial institutions and other mortgage lenders of over $5.3 million in loans. In court November 19, the guilty party admitted his participation in a mortgage fraud scheme that occurred from at least July 2003 through December 2007, in connection with his former businesses PB Enterprises, Inc., and Greater Atlantic Associates, Inc., located on Central Avenue in Albany. He admitted that, together with others, he knowingly and willfully executed a scheme to defraud banks and other mortgage lenders by arranging to secure excessive mortgages for numerous residential properties in the Capital District through the use of fraudulent loan applications and settlement statements, and by diverting mortgage funds for his personal use, and to others. Source: http://www.empirestatenews.net/News/20091120-6.html

Information Technology

25. November 20, IDG News Services – (International) Security pro says new SSL attack can hit many sites. A Seattle computer security consultant says he has developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack. The CEO of Leviathan Security Group says his “generic” proof-of-concept code could be used to attack a variety of Web sites. While the attack is extremely difficult to pull off — the hacker would first have to first pull off a man-in-the-middle attack, running code that compromises the victim’s network — it could have devastating consequences. The attack exploits the SSL (Secure Sockets Layer) Authentication Gap bug, first disclosed on Nov. 5. One of the SSL bug’s discoverers at PhoneFactor says he’s seen a demonstration of Heidt’s attack, and he’s convinced it could work. “He did show it to me and it’s the real deal,” he said. The SSL Authentication flaw gives the attacker a way to change data being sent to the SSL server, but there’s still no way to read the information coming back. The CEO sends data that causes the SSL server to return a redirect message that then sends the Web browser to another page. He then uses that redirect message to move the victim to an insecure connection where the Web pages can be rewritten by the COE’s computer before they are sent to the victim. Source: http://www.computerworld.com/s/article/9141206/Security_pro_says_new_SSL_attack_can_hit_many_sites

26. November 20, The Register – (International) IE8 bug makes ‘safe’ sites unsafe. The latest version of Microsoft’s Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe. The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago, they said. Ironically, the flaw resides in a protection added by Microsoft developers to IE 8 that’s designed to prevent XSS attacks against sites. The feature works by rewriting vulnerable pages using a technique known as output encoding so that harmful characters and values are replaced with safer ones. A Google spokesman confirmed there is a “significant flaw” in the IE 8 feature but declined to provide specifics. It’s not clear how the protections can cause XSS vulnerabilities in websites that are otherwise safe. A senior application security engineer at Aspect Security who has closely studied the feature but was unaware of the vulnerability speculates it may be possible to cause IE 8 to rewrite pages in such a way that the new values trigger an attack on a clean site. Source: http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/

27. November 20, The Register – (International) MS discovers flaw in Google plug-in for IE. Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users. The plug-in allows suitably coded web pages to be displayed in Internet Explorer using the Google Chrome rendering engine. Redmond [a Microsoft campus] warned that the plug-in made IE less secure as soon as it became available back in September, an argument bolstered by the discovery of a cross-origin bypass flaw in the add-in Successfully exploiting the flaw creates a means for hackers to bypass security controls though not to go all the way and drop malware onto vulnerable systems. Microsoft and a security researcher are jointly credited with discovering the vulnerability in Google’s browser add-on. Google acknowledged the flaw and urged users to update to version 4.0.245.1 of Google Chrome Frame. All users should be updated automatically to the latest version of the software, which also tackles a number of performance and stability glitches. Chief among these are problems handling iFrames, as explained in Google’s security advisory. Source: http://www.theregister.co.uk/2009/11/20/google_plug_in_bug/

28. November 19, Reuters – (International) Chinese military web site target of cyberattacks. A Web site set up by China’s Ministry of Defense this summer was hit by more than 230 million hacker attacks in its first month of operation, but none of the attacks were successful, state media reported on November 19. The China Daily report could not be independently confirmed. If true, that would equate to more than 5,000 attacks per minute. The web site editor told the English-language daily the site had been popular with less malign visitors as well, drawing 1.25 billion visits in the three months since its August 20 launch. Cyber attacks to steal information or disrupt operations are a growing concern for the world’s militaries as technology takes on an ever-increasing role. Source: http://www.msnbc.msn.com/id/34042775/ns/technology_and_science-security/

29. November 19, SCMagazine – (National) House committee passes cyber R and D, standards bill. Two draft bills intended to improve the security of cyberspace were combined into one piece of legislation that was passed Wednesday by the House Committee on Science and Technology. The Cybersecurity Enhancement Act of 2009, would support cybersecurity research and development and advance the creation of international cybersecurity standards. “[This legislation] is based on the concept that in order to improve the security of our networked systems, which are fundamentally both public and private in nature, the federal government must work in concert with the private sector,” the chairman of the House Committee on Science and Technology, said in his opening statement on November 18. The legislation is a combination of two draft bills that were recently approved by House subcommittees. It incorporates the draft bill Cybersecurity Coordination and Awareness Act, approved in early November by the House Subcommittee on Technology and Innovation, to require the National Institute of Standards and Technology (NIST) to facilitate U.S. involvement in the creation of international cybersecurity standards. The legislation also includes the Cybersecurity Research and Development Amendments Act of 2009, approved in late September by the Research and Science Education Subcommittee, to require federal agencies to submit a long-term research-and-development plan detailing objectives of the initiative and the funding needed to carry it out. Source: http://www.scmagazineus.com/house-committee-passes-cyber-rd-standards-bill/article/158110/

Communications Sector

30. November 19, ComputerWorld – (National) FAA glitch shines spotlight on troubled telco project. The outage of a computer system used by airline pilots to file flight plans in the U.S will likely prompt a closer look at a $2.4 billion telecommunications system that has grappled with numerous problems in the past. The U.S. Federal Aviation Administration (FAA) offered few details Thursday about the exact nature of the glitch, which caused major delays and flight cancellations in airports across the country. But in a statement, the agency blamed a “software configuration problem” within the FAA Telecommunications Infrastructure (FTI) in Salt Lake City. That problem brought down a system used mainly for traffic flow and flight planning services for about four hours this morning. The flight management system — it’s called the National Airspace Data Interchange Network (NADIN) — was affected because it relies on FTI services to operate, the FAA said. There was no indication that the disruption was the result of a cyberattack, the FAA said. FAA experts were investigating the outage and meeting with Harris Corp., the company that manages FTI to “discuss system corrections to prevent similar outages,” the agency said. Source: http://www.computerworld.com/s/article/9141195/FAA_glitch_shines_spotlight_on_troubled_telco_project

31. November 17, Periscope IT – (National) Fibre-optic cable cut causes website outage. Thousands of internet users in the United States have been affected by an internet outage, according to reports. Problems were experienced with the ATT.Net homepage on November 16, preventing both webmail and homepage access. After initially failing to comment, a spokesperson for major US telecoms firm AT&T confirmed that an outage was triggered at around 02:30 local time when a fibre-optic cable was cut. Source: http://www.periscopeit.co.uk/website-monitoring-news/article/fibre-optic-cable-cut-causes-website-outage/544

Friday, November 20, 2009

Complete DHS Daily Report for November 20, 2009

Daily Report

Top Stories

 MSNBC reports that a problem with the FAA system that collects airlines’ flight plans caused widespread flight cancellations and delays nationwide on November 19. It was the second time in 15 months that a glitch in the flight plan system caused delays. (See item 16)

16. November 19, MSNBC – (National) FAA computer glitch causes widespread delays. A problem with the FAA system that collects airlines’ flight plans caused widespread flight cancellations and delays nationwide Thursday. It was the second time in 15 months that a glitch in the flight plan system caused delays. An FAA spokeswoman said she doesn’t know how many flights are being affected or when the problem will be resolved. Another FAA spokesperson said the problem started between 5:15 a.m. and 5:30 a.m. EST. The outage is affecting mostly flight plans but also traffic management, such as ground stops and ground delays, he said. Regarding flight plans, airplane dispatchers are now sending plans to controllers and controllers in turn are entering them into computers manually, he said. “It’s slowing everything down. We don’t know yet what the impact on delays will be,” the spokesman said. An AirTran Airways spokesman said there’s no danger to flights in the air, and flights are still taking off and landing. However, another spokesman said flight plans are having to be loaded manually because of a malfunction with the automated system. “Everything is safe in the air,” he said. Hartsfield-Jackson Atlanta International Airport, the world’s busiest airport, has been particularly affected. AirTran had canceled 22 flights and dozens more flights were delayed as of 8 a.m. EST. Only minor delays were being reported at metropolitan New York City area airports, according to the Port Authority of New York and New Jersey. Source: http://www.msnbc.msn.com/id/34037203/ns/travel-news/

 According to CIO, the vice president of Research In Motion (RIM) explained that the production of more sophisticated smarphones, and the increase in the number of users, could allow the phones to become part of botnets to be used in DDOS attacks. (See item 32 in the Information Technology Sector)

Details

Banking and Finance Sector

11. November 18, The Register – (National) Second-hand ATM trade opens up fraud risk. Second-hand ATM machines containing sensitive transaction data are easily available for purchase on eBay or even Craiglist, according to an investigation by a U.S.-based security consultant. A security consultant to Intelius.com and personal ID theft expert, was able to buy an ATM machine through Craigslist for $750 from a bar in Boston. The previous owners hadn’t taken the trouble to clear out the data stored by the machines, making it possible for Siciliano to easily extract a log of hundreds of credit and debit card account numbers and transaction details. There are no regulations in the U.S. on who can own or operate an ATM, so the security consultant was able to make the purchase without any checks. He even managed to knock $250 off the asking price of $1,000. A manual supplied with the machine gave clear instructions on how to access the sensitive data it stored. Although the names and expiration dates of cards were not included in the logged data, there was still enough information to constitute a serious breach involving more than a thousand records. Most ATM machine operators are affiliated with reputable banks. However, there is very little to stop crooks from purchasing machines and setting them up with skimmers and cameras designed to capture PINs associated with particular cards. Source: http://www.theregister.co.uk/2009/11/18/second_hand_atm_fraud_risk/

12. November 18, IDG News Services – (International) FTC: Online check-writing service not authenticating users. The U.S. Federal Trade Commission (FTC) has filed a civil contempt complaint against an online check-writing service, saying the company continues to allow customers to create and e-mail checks without verification of their identities. Even after a January court order requiring the principle owners of G7 Productivity Systems and the company to implement fraud prevention safeguards at online check-writing service Qchex.com, the defendants continue to operate a “nearly identical” operation at FreeQuickWire.com, the FTC said in a complaint filed with the U.S. District Court for the Southern District of California. The defendants are “engaged in business as usual” [at] FreeQuickWire.com, even though the court in January issued an injunction and said their business model could help customers engage in fraud by stealing funds from unsuspecting people’s bank accounts, the FTC said. The FTC has asked the court to impose fines of $10,000 a day or send the defendants to prison, for their “utter disregard” of the January order. Qchex.com created and delivered checks without verifying that users had authority to access the accounts referenced on the checks, the FTC said. Fraudsters worldwide drew checks on the accounts of unwitting third parties and used the checks mainly for wire transfer schemes, the agency alleged. Source: http://www.computerworld.com/s/article/9141111/FTC_Online_check_writing_service_not_authenticating_users

13. November 18, Bloomberg – (National) FDIC’s loan guarantees would be extended under Frank’s proposal. The Federal Deposit Insurance Corp.’s (FDIC) temporary loan guarantee program would be extended under a proposal in Congress aimed at offering regulators tools to stabilize the economy in the event of a future financial crisis. The House Financial Services Committee on November 18 approved an amendment, introduced by the chairman, to a systemic-risk bill giving the FDIC power to guarantee the debt of solvent banks and other financial institutions, modeled on the short-term program set up last year to spur lending. “It’s an extension of a program that worked fairly well,” the chairman, a Massachusetts Democrat, said during debate. The FDIC program “made a profit for the federal government.” The agency set up the Temporary Liquidity Guarantee Program to back senior unsecured bank debt and boost liquidity in the banking system. Financial companies borrowed more than $190 billion with FDIC-backing this year through September, according to data compiled by Bloomberg. The proposal lets the FDIC institute the program when a proposed systemic-risk council determines “a liquidity event” exists. The voluntary program would be funded by fees paid by the industry. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=a9fEfRSjMyus&pos=5

14. November 18, Zanesville Times Recorder – (Ohio) Bomb threat called into bank. A bomb threat was called into the Community Bank on Maysville Pike around 12:50 p.m. on November 18. According to a police captain a single call came into the bank, and the bank immediately followed its emergency procedures. The Muskingum County Sheriff’s Office was notified and responded along with the Newton Township Fire Department and EMS, and the South Zanesville Fire Department. The captain said the bank was evacuated and an explosives K-9 unit was brought in to search the inside and outside of the bank. Nothing was found and there were no injuries reported. He said it remains under investigation. Source: http://www.zanesvilletimesrecorder.com/article/20091118/UPDATES01/91118010/1002/news01

Information Technology

32. November 18, CIO – (International) BlackBerry security exec warns of smartphone DDoS attacks. The plethora of new smartphone users in the world means the potential for gain by hackers or other nefarious online individuals looking to crack smartphone security measures is drastically increasing. The more smartphone users, the more devices that could potentially be commandeered and used in various attacks. That means smartphone users are going to have to smarten up when it comes to mobile security awareness and be more vigilant in spotting and stopping potential problems before they happen. Research In Motion’s (RIM) vice president of BlackBerry security agrees, and he recently spoke with Reuters on the subject. The vice president told Reuters that he’s concerned compromised or “rogue” smartphones could be used in the future to target and bring down wireless carrier’s cellular networks via distributed-denial-of-service (DDoS) attacks. Traditional DDoS attacks occur when hackers take control of large groups of computers and then order them to all access one Web site or service at the same time, overloading servers and eventually crashing or disabling the site. RIM’s vice president warned that DDoS attacks could also be perpetrated on smartphone users, with wireless data packets being used to overload and disable carriers’ wireless networks. Reuters also spoke with Flexilis, a maker of mobile security software. The company’s Chief Technical Officer suggests that such an attack could start with users carelessly installing infected or tainted mobile applications. Source: http://www.computerworld.com/s/article/9141107/BlackBerry_security_exec_warns_of_smartphone_DDoS_attacks

33. November 18, DarkReading – (National) FBI warns of spear phishing attacks on U.S. law firms and public relations firms. The FBI assesses with high confidence that hackers are using spear phishing e-mails with malicious payloads to exploit U.S. law firms and public relations firms. During the course of ongoing investigations, the FBI identified noticeable increases in computer exploitation attempts against these entities. The specific intrusion vector used against the firms is a spear phishing or targeted socially engineered e-mail designed to compromise a network by bypassing technological network defenses and exploiting the person at the keyboard. Hackers exploit the ability of end users to launch the malicious payloads from within the network by attaching a file to the message or including a link to the domain housing the file and enticing users to click the attachment or link. Network defense against these attacks is difficult as the subject lines are spoofed, or crafted, in such a way to uniquely engage recipients with content appropriate to their specific business interests. In addition to appearing to originate from a trusted source based on the relevance of the subject line, the attachment name and message body are also crafted to associate with the same specific business interests. Opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain. Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221900096&subSection=Attacks/breaches

34. November 17, Wired – (National) Senate panel: 80 percent of cyber attacks preventable. If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard on November 17. The remark was made by the National Security Agency’s information assurance director, who added that simply adhering to already known best practices would sufficiently raise the security bar so that attackers would have to take more risks to breach a network, “thereby raising [their] risk of detection.” The Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security heard from a number of experts offering commentary on how the government should best tackle securing government and private-sector critical infrastructure networks The president of the Internet Security Alliance told senators that public apathy and ignorance played as much a role in the current state of cyber security as the unwillingness of corporate entities to take responsibility for securing the public’s data. As for corporate and government entities that collect and store the public data, they “do not understand themselves to be responsible for the defense of the data,” said the president, whose group represents banks, telecoms, defense and technology companies and other industries that rely on the internet. “The marketing department has data, the finance department has data, etc, but they think the security of the data is the responsibility of the IT guys at the end of the hall.” A 2009 Price Waterhouse Cooper study on global information security found that 47 percent of companies are reducing or deferring their information security budgets, despite the growing dangers of cyber incursions. Source: http://www.wired.com/threatlevel/2009/11/cyber-attacks-preventable

For more stories, see items 25 and 26 below

25. November 18, Federal Computer Week – (National) Hospitals tighten security on patient data. More than half of the nation’s hospitals and health care providers surveyed intend to buy more cybersecurity tools to safeguard against breaches of electronic medical records as a result of requirements in the economic stimulus law, according to a new survey of 186 health care providers and associates. The stimulus law has provision known as the Health Information Technology for Economic and Clinical Health (HITECH) Act, which took effect on September 23. It includes a broader definition of what patient health data must be protected against unauthorized release, increased penalties for violations and provides for aggressive enforcement. The law also requires providers to notify the Health and Human Services Department of all data breaches and to call media outlets if more than 500 residents in an area are affected. More than 90 percent of the survey respondents said their organizations have either changed, or plan to change, their policies and procedures to prevent and detect data breaches. More than 75 percent plan to do additional staff training against breaches, and 75 percent are revising their organization’s security policies and procedures. Forty-six percent said they would take all those steps. Source: http://fcw.com/articles/2009/11/18/hospitals-beefing-up-cybersecurity-to-comply-with-hitech-survey-says.aspx

26. November 18, DarkReading – (National) Survey: Patient data at risk from healthcare partners. Companies that do business with healthcare providers, including accounting firms and offshore transcription vendors, are unprepared to meet data breach obligations included in new federal regulation, according to a survey released Tuesday. The survey by Healthcare Information and Management Systems Society (HIMSS) Analytics, commissioned by security vendor ID Experts, looked at preparedness for healthcare providers business partners, such as billing, credit bureaus, benefits management, legal services, claims processing, insurance brokers, data processing firms, pharmacy chains, and temporary office personnel providers. The survey gauged the readiness of companies to comply with the security provisions of the Health Information Technology for Economic and Clinical Health Act, a component of the U.S. American Recovery and Reinvestment Act of 2009. About a third of business associates were not aware they needed to comply with security and privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA). By comparison, 87 percent of health providers are aware. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221900153&subSection=Vulnerabilities+and+threats

Communications Sector

35. November 18, IDG News Service – (National) FCC identifies roadblocks to broadband adoption. Several factors, including the lack of a broadband subsidy program at the U.S. Federal Communications Commission (FCC), have contributed to gaps in broadband adoption in the U.S., a new report from an FCC task force said. Several “critical gaps” in the nation’s broadband efforts must be filled before all U.S. residents can get broadband, said the task force, which is working on a national broadband plan for the FCC. The task force report identified several often-mentioned factors for a lack of broadband adoption, including the cost of the service and a lack of deployment in some areas, but it also focused on some less obvious issues. The task force suggested that broadband deployment and adoption programs should be included in the FCC’s Universal Service Fund (USF) program, which subsidizes primarily telephone service for rural areas and low-income U.S. residents. Part of the fund, with an annual budget of about $7 billion, should be shifted to broadband, the task force said. In addition, the task force recommended that the FCC begin looking for additional wireless spectrum for mobile broadband. Freeing up new spectrum can take several years, and a handful of studies have predicted a spectrum shortage by the mid-2010s due to growth in subscribers and use of bandwidth-heavy applications, said the chief of the FCC’s Wireless Telecommunications Bureau. The task force report also suggested that video and a convergence between television sets and computers will drive the demand for broadband. Source: http://www.computerworld.com/s/article/9141108/FCC_identifies_roadblocks_to_broadband_adoption

Thursday, November 19, 2009

Complete DHS Daily Report for November 19, 2009

Daily Report

Top Stories

 The BBC reports that two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. The program, known as the ZeuS or Zbot trojan, is believed to have infected thousands of computers around the world. (See item 13 in the Banking and Finance Sector)

 According to the Associated Press, rogue employees at a major mobile phone company illegally sold millions of customer records to rival firms, Britain’s information watchdog reported on November 17. (See item 39 in the Information Technology Sector)

Details

Banking and Finance Sector

12. November 18, WPBF 25 West Palm Beach – (Florida) Police arrest suspect in bank robbery bomb scare. A bank robber who said he had a bomb prompted authorities to shut down a section of Forest Hill Boulevard on November 17, and police later arrested a suspect. Detectives with the Palm Springs and Greenacres police departments spent the afternoon at the Island Shores Apartments off Jog Road and Forest Hill Boulevard. They had been in the area searching for a bank robber. Palm Springs police and the Palm Beach County Sheriff’s Office bomb squad were called to a bank robbery at a Wachovia branch at 4300 Forest Hill Blvd. shortly after 11:15 a.m. Police said a man entered the bank and handed the teller a note that read: “I have a bomb, don’t panic, just empty the drawer, I used to work here, so no dye packs, thank you, cooperate and no one gets hurt.” Police said the man then left a bag on the teller counter before he left. Traffic on Forest Hill Boulevard was shut down between Kirk Road and Military Trail while authorities investigated, and the bank and surrounding businesses were evacuated. It was the third bomb scare in Palm Beach County in the span of a few hours. Students at Greenacres Elementary School and Palm Beach Community College’s Lake Worth campus were also kept out of their classrooms earlier November 17 while authorities investigated bomb threats at those schools. Authorities later cleared both scenes. Source: http://www.wpbf.com/news/21639387/detail.html

13. November 18, BBC – (International) Two held in global PC fraud probe. Two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. The trojan program is believed to have infected thousands of computers around the world, said the Metropolitan Police, which is leading the inquiry. A man and woman, both aged 20, have been questioned and bailed until March 2010 pending further inquiries. Police revealed the arrests were the first in Europe as part of the inquiry. The investigation focused on the ZeuS or Zbot trojan - “a sophisticated malicious computer program,” said police. The malicious software records online bank account details, passwords and credit card numbers to steal cash with the information accessed. It also copies passwords for social networking sites before causing each computer to forward the data to servers under the control of the hackers. It has emerged in several guises, including a false Facebook page that encouraged users to download a software update. The pair being questioned were arrested on 3 November under the 1990 Computer Misuse Act and the 2006 Fraud Act. Source: http://news.bbc.co.uk/2/hi/uk_news/england/manchester/8366504.stm

14. November 17, The Register – (Connecticut) Romanian cops to $150k ATM skimming spree. A Romanian national has admitted he defrauded Bank of America of about $150,000 in a scheme that secretly recorded customer information as it was entered into automatic teller machines. A 23-year-old pleaded guilty in U.S. District Court in Connecticut to one count each of bank fraud and aggravated identity theft. The man’s involvement in the three-month scheme cost the bank about $150,000, according to federal prosecutors. According to prosecutors, the individual attached skimming devices to Bank of America ATMs that automatically captured the data stored on the magnetic strips of customers’ bank cards. He also installed pinhole-sized video cameras that recorded the passwords entered during transactions. The guilty individual and unnamed accomplices then used the captured information to create cloned debit cards that allowed them to make withdrawals against the victims’ accounts. The skimming scheme was carried out against multiple Bank of America branches in Connecticut’s Fairfield county. Source: http://www.theregister.co.uk/2009/11/17/bank_of_america_skimming_plea/

15. November 17, Seattle Post Intelligencer – (Washington) Suspicious object’ in Coupeville bank sparks bomb scare. What was likely an absent-minded mistake turned into a full-scale bomb investigation in Coupeville on November 16. A customer left a black PVC container inside the bank. Authorities treated the potential threat as real until the object was deemed safe by the Navy. A Whidbey Island Bank employee called 911 after discovering a one-foot-long, black PVC container inside the bank. The Navy’s explosive ordnance disposal unit, DET-NW, used a radio jammer to scramble radio frequencies in the area, which would prevent anyone from remotely detonating the device if it were an explosive. The unit also employed the help of a small robot to test the device, and an individual in protective clothing to X-ray the object before it was entirely cleared as a hazard. The ordeal resulted in a nearly two-hour closure of Main Street between Third and Sixth streets in Coupeville. Source: http://www.seattlepi.com/sound/412376_sound70235817.html

Information Technology

35. November 18, Wall Street Journal – (International) FBI suspects terrorists are exploring cyber attacks. The Federal Bureau of Investigation is looking at people with suspected links to al Qaeda who have shown an interest in mounting an attack on computer systems that control critical U.S. infrastructure, a senior official told Congress on November 17. While there is no evidence that terrorist groups have developed sophisticated cyber-attack capabilities, a lack of security protections in U.S. computer software increases the likelihood that terrorists could execute attacks in the future, the official warned. If terrorists were to amass such capabilities, they would be wielded with “destructive and deadly intent,” the deputy assistant director of the FBI’s Cyber Division, told the Senate Judiciary Committee on November 17. “The FBI is aware of and investigating individuals who are affiliated with or sympathetic to al Qaeda who have recognized and discussed the vulnerabilities of the U.S. infrastructure to cyber-attack,” he told the committee, without providing details. Such infrastructure could include power grids and transportation systems. The control systems of U.S. infrastructure as well as money transfers are now connected directly or indirectly to the Internet. Hackers have been able to penetrate computer systems running components of the U.S. electric grid as well as divert bank transfers. In an interview Tuesday, a former Homeland Security secretary said al Qaeda already has some cyber-attack capability. “I don’t think they’re the most capable in the world, but they have some capability,” he said. The former Homeland Security secretary said he expects al Qaeda to develop more cyber-attack skills that would allow them to attack infrastructure that is less well protected, perhaps in the transportation and energy sectors. “It’s only a matter of time,” he said. “They’re getting the capability to do some damage.” Source: http://online.wsj.com/article/SB125850773065753011.html?mod=WSJ_hpp_MIDDLENexttoWhatsNewsSecond

36. November 17, ComputerWorld – (International) Firefox 3.6 locks out rogue add-ons. Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. The new feature, which Mozilla dubbed “component directory lockdown,” will bar access to Firefox’s “components” directory, where most of the browser’s own code is stored. The company has billed the move as a way to boost the stability of its browser. “We’re doing this for stability and user control [reasons],” said the manager of the Firefox front-end development team, in an e-mail on November 17. “Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren’t compatible with, the result can be a real pain for our shared users.” “Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems,” the manager added. His mention of “regular add-ons” referred to the new policy that will be enforced by Firefox 3.6, a minor upgrade to last summer’s 3.5 that is to ship before the end of the year. Because third-party developers will no longer be able to drop their code into the components directory, they must instead recreate their add-ons as XPI-based files, the standard Firefox extension format. Mozilla has posted information on its developer site to aid programmers who need to migrate add-ons to the XPI format. Source: http://www.computerworld.com/s/article/9141044/Firefox_3.6_locks_out_rogue_add_ons

37. November 17, IDG News Services – (National) Obama administration unsure about new cybersecurity laws. Current laws addressing cyber crime are not adequate to address growing attacks on the government and businesses, a representative of the U.S. President’s administration said November 17. But when a U.S. senator questioned what additional laws the U.S. President’s administration needed, the associate deputy attorney general at the U.S. Department of Justice, said he was not sure yet. “Are all of you, or any of you, satisfied with the existing legal structure under which you are operating?” a Rhode Island Democratic senator asked a panel of four government officials working on cybersecurity. “Senator, that’s a complicated question,” the associate deputy attorney general answered during a hearing before a subcommittee of the Senate Judiciary Committee. “I think the answer to it is no.” Senators heard conflicting views on what kind of new laws are needed. The U.S. Congress should not pass laws, as some lawmakers have suggested, mandating cybersecurity efforts at private businesses, said the president of the Internet Security Alliance, a cybersecurity advocacy group. Market-based incentives should be able to improve cybersecurity, while government mandates could harm the Internet, he said. But the vice chairman of the government advisory group the U.S.-China Economic and Security Review Commission, said some mandates may be necessary for private companies associated with national security. Source: http://www.computerworld.com/s/article/9141029/Obama_administration_unsure_about_new_cybersecurity_laws

38. November 17, DarkReading – (International) Only half of CEOs strongly support data security efforts. More than half of IT and security professionals worldwide believe their company’s laptops and other mobile devices pose security risks to their organizations, and only half of them have CEOs who are strong advocates and supporters of data security efforts, according to new report issued today. The new Ponemon Institute report, “State of the Endpoint: IT Security & IT Operations Practitioners in the United States, United Kingdom, Australia, New Zealand & Germany,” which was commissioned by Lumension Security, also found that IT security is more worried about endpoint security (60 percent) than IT operations (53 percent), as well as other signs of inadequate communication and collaboration between the two groups. And security and IT pros in the U.S. tend to be more pessimistic about security than their counterparts in other parts of the world. Only 40 percent of U.S. IT and security pros said their CEOs were strong supporters of data security efforts, and while 77 percent of German firms and 57 percent of U.K. firms said their networks are more secure now than a year ago, only 44 percent of U.S. firms thought so. Only 42 percent of Australian firms said their networks were more secure this year than last. Around 53 percent of all firms expect their security spending to remain flat, according to the report. U.S. firms were also less inclined to consider compliance helpful to security of their endpoints — 44 percent of U.S. companies said regulations improved their endpoint security, versus 54 percent in Germany, and 50 percent in the U.K. Source: http://www.darkreading.com/security/client/showArticle.jhtml?articleID=221800348&cid=ref-true

Communications Sector

39. November 17, Associated Press – (International) Millions of mobile phone customers’ records stolen, sold to rivals. Rogue employees at a major mobile phone company illegally sold millions of customer records to rival firms, Britain’s information watchdog said Tuesday. The information commissioner said the case was a serious breach of data privacy, and he called for harsher punishments for offenders. “The existing paltry fines ... are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent,” he said. The mobile phone company – which he said could not be identified because an investigation was ongoing – alerted the commissioner’s office after it found out about the suspected trade. Personal data, including customers’ contract expiry dates, were sold to several rivals, which then used the material to cold-call customers to offer them an alternative deal, the office said. “The number of records involved runs into the millions, and it appears that substantial amounts of money changed hands,” the government body said in a document submitted to the Ministry of Justice. He said his office was considering the evidence and preparing to prosecute those responsible. The Data Protection Act prohibits the selling on of data without prior permission from the customer. Offenders could be fined thousands of pounds (dollars). Source: http://www.huffingtonpost.com/2009/11/17/millions-of-mobile-phone-_n_360860.html