Thursday, December 4, 2008
Complete DHS Daily Report for December 4, 2008
Daily Report
Headlines
According to the Knoxville News Sentinel, a new report by the U.S. Department of Energy’s Inspector General criticized three sites where protective force officers were not trained to use their 40 mm grenade launchers under reduced visibility. (See item 9)
9. December 1, Knoxville News Sentinel – (National) Y-12 security not on IG’s hit list. A new report by the Department of Energy’s Inspector General criticized three sites (two National Nuclear Security Administration [NNSA] and one non-NNSA) where protective force officers were not trained to use their 40 mm grenade launchers under reduced visibility (night conditions). The IG report did not name the sites for security reasons. However, a federal spokesman at the Y-12 nuclear weapons plant said Y-12 was not in the wrong, saying “SPOs (security police officers) protecting Y-12 train under all conditions, including low-light situations.” A spokeswoman for security contractor Wackenhut Services said the Oak Ridge team is “fully compliant” for training regulations associated with the grenade launchers. Wackenhut Services provides protective services at all of the Oak Ridge sites under two contracts (one for Y-12, one for the other DOE sites). She said she could not discuss which weapons are deployed at which sites, but said the contractor was in full compliance on this training issue. Source: http://blogs.knoxnews.com/knx/munger/2008/12/y12_not_on_igs_hit_list_this_t.htm
WFTV 9 Orlando reports that Social Security numbers for 250,000 people were accidentally posted online by the Florida Agency for Workforce Innovation in October. (See item 29)
29. December 2, WFTV 9 Orlando – (Florida) Agency accidentally posts 250,000 SS numbers online. Social security numbers for 250,000 people were posted online by mistake, and a state agency is facing serious questions about why it was so careless with the information. The Agency for Workforce Innovation accidentally posted the sensitive information for people looking for work. All those numbers were left online for at least 19 days. Potential victims do not even know it yet. When thousands of Floridians went to a career center, their personal information was forwarded to the state. Then, by mistake, that information ended up on a state website visible to anyone with Internet access. Local jobseekers’ identities have been compromised. Names, social security numbers, and employment information of more than 250,000 people who sought state help was accidently posted online. The Washington D.C. based Liberty Coalition spotted the error. “This is obviously a case of gross negligence,” said a spokesman for the Liberty Coalition. The Florida Agency for Workforce Innovation made the mistake in October when setting up a computer server. Somehow information that should have been kept private became public, available by an online search. It has since been taken down. The security breach affects people who went to a career service center between 2002 and 2007; even the identities of some their children were posted online. The Florida Agency for Workforce Innovation says it will send out a letter to all the people affected by the breach. Source: http://www.wftv.com/news/18190154/detail.html#-
Details
Banking and Finance Sector
10. December 3, KXII 12 Sherman – (Texas) Bank links over 400 identity theft cases to Gainesville restaurant. Gainesville police say there have been over 30 cases of identity theft in just the past month, and one restaurant in Gainesville has put about 400 customers in danger of being victims of identity theft. One Gainesville bank official says Golden Chick has put 400 of its customers were in danger of identity theft between October and mid-November. First State Bank in Gainesville received a number of phone calls from their customers about transactions they never made. It turned out they were victims of fraud. First State Bank investigated all of their customers’ accounts and found there were more people in danger than they expected. “We had a list of accounts that reported the fraud, so we pulled transactions back from an earlier point in time, and we noticed that a common denominator that all these customers went to Golden Chick,” a senior vice president at First State Bank of Gainesville says. Source: http://www.kxii.com/home/headlines/35421434.html
11. December 3, Register – (International) Online payment site hijacked by notorious crime gang. Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by a notorious crime gang believed to be based in Eastern Europe. A regular reader reported receiving a bogus secure sockets layer certificate when attempting to log in to his Mycheckfree.com account early Tuesday morning. On further examination, he discovered the site was mapping to 91.203.92.63. To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the U.S. and got the same result. “I managed to get through to a commercial customer support tech, and reported the problem,” the reader wrote in an email sent early Tuesday morning. “He was not aware of any problem.” The account is consistent with results of passive DNS search queries. Security experts say the 91.203.92.63 IP address has long served as a conduit for online crime. Source: http://www.theregister.co.uk/2008/12/03/checkfree_hijacked/
12. December 3, KOMO 4 Seattle – (Washington) Beware of phishing scams by crooks posing as banks. While banks work to clean up their money mess, con artists are working to clean out your account. They are focusing on customers of Washington Mutual and JP Morgan Chase, but every bank customer is a potential target. It is a new wave of email “phishing” that claims to be from Chase bank. One email promises $50 for answering an online banking survey. Click to answer and one gets what looks like an official survey from Chase bank asking for account information — it is a fake. Another email claims to be an account verification alert. Unlike previous imposter scams which claim there has been a security breach or technical problem, this latest version goes to extra lengths to tie in the economy, with an elaborate explanation about the financial crisis, and a threat, that unverified accounts will be shut down in three business days. By using the Chase name, scammers are reaching potentially millions of costumers of JP Morgan Chase, and recently acquired Washington Mutual. And, in what may be a first, the scammers are using the name of an actual Chase executive. The email is signed by the chief operations officer. In a statement, a bank spokesperson said, “It is definitely not a legitimate email, as you already know.” Source: http://www.komonews.com/news/consumer/35442584.html
13. December 3, CNNMoney.com – (National) AIG, Fed stemming insurer’s liquidity crisis. Troubled insurer American International Group moved another step closer to stabilizing its finances on Tuesday. The company announced that a financing entity — funded by the Federal Reserve Bank of New York and AIG — has purchased $46.1 billion in complex debt securities insured by AIG. As part of the deal, the insurance-type contracts, called credit default swaps, were terminated. The insurer also has agreements to purchase another $7.4 billion of these debt securities, called collateralized debt obligations or CDOs. The move stanches some of the bleeding at the insurer, which was on the verge of bankruptcy in September because of these CDOs. As the debt securities’ value declined, AIG was forced to post more collateral to prove to swaps holders it could pay them if the debt securities defaulted. Source: http://money.cnn.com/2008/12/02/news/companies/AIG/index.htm
14. December 3, Bank Technology News – (National) M&A surge jeopardizes sensitive data. The recent wave of bank mergers is making protecting data all the more difficult. It is hard to imagine a more likely time for security holes to open up than when two banks — rife with legacy systems, custom patches, and unique protocols — try to mesh it all together. To make matters worse, mergers usually result in layoffs, and disgruntled, soon-to-be ex-employees will be tempted to take advantage of any security lapse. The chief scientist at RedSeal Systems, a company that develops proactive security risk management software, refers to these as “toxic networks.” If an acquired company has a different approach to security “you could be taking on a problem every bit as bad as toxic assets...If you attach to a network that is unacceptably weak, now you are weak.” Each network needs to be reconstructed so IT personnel can have a complete view of all the networks to locate the best pathways to connect the networks, while securing assets and regulating who has access to which assets. As risky and intensive as linking networks is, the chief scientist and others note that IT personnel are under incredible pressure to “parachute in” and act fast. They must assess the risk, do it quickly, often examining an unfamiliar structure. Source: http://www.americanbanker.com/btn_article.html?id=20081202LQTUGON6
15. December 3, Oxford Press – (Ohio) FBI involved in Mason firm’s ID theft case. The FBI has become involved in an identity theft case involving a Mason, Ohio, eye wear retailer. The Federal Bureau of Investigation became involved Tuesday in the investigation of Luxottica’s computer servers after a hacker tapped into them, said a Hamilton Township lieutenant, who heads the Warren County Cyber Crimes Task Force. The hacker grabbed personal information from about 59,000 former employees, he said. He said he was called in by Luxottica’s technology staff in September, after they discovered the breach. The server contained information — such as Social Security numbers and addresses — for 59,419 employees of the Things Remembered retail chain, a subsidiary of Luxottica, whose retail headquarters is in Mason, he said. Investigators traced the breach to an IP address owned by a resident of the Glendale, Arizona, area. However, he was careful to note that person might not have been the one on the keyboard. Source: http://www.oxfordpress.com/hp/content/oh/story/news/local/2008/12/03/pjm120408luxottica.html
16. December 2, Computerworld – (International) Feds nab more members of alleged identity theft gang. Federal authorities say they have taken another step toward busting a multinational identity theft ring that is alleged to have used stolen personal data to withdraw millions of dollars from home equity line-of-credit accounts at dozens of financial institutions in the U.S., including some of the country’s largest banks. Four individuals were arrested last week in connection with the alleged scheme, which has resulted in more than $2.5 million being stolen from the affected financial institutions, according to law enforcement officials. Another $4 million worth of attempted withdrawals by the gang were unsuccessful, the U.S. attorney’s office in New Jersey said in announcing the arrests last Wednesday. Court documents filed in connection with the case described an operation that appears to have been highly sophisticated and global in nature. The identity theft gang operates in the United States as well as the United Kingdom, Canada, China, Japan, Vietnam, South Korea, and several other countries, the court documents said. Four other men already were charged with participating in the scheme after being arrested between August and October. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122121&intsrc=hm_list
17. December 2, ARS Technica – (National) Odd microtransactions may point to credit card breach. A wave of unauthorized microtransactions is currently sweeping the accounts of a number of U.S. credit card holders, though the size and scope of the fraud scheme have not yet been determined. Beginning on or around November 20, consumers apparently began to notice small charges—typically for 19-29 cents—appearing on their bank statements or online account information. These small withdrawals or deposits are typically test fees, sent to verify account authenticity. Paypal, for example, makes two small deposits in a user’s bank account in order to verify its authenticity. While legitimate companies will reverse the fee (or occasionally let you keep the extra quarter), thieves use the transactions to verify that a credit card number is good. If the deposits complete successfully, the hacker knows he has got a live card (or a live card number). The next step is usually to burn through the account’s balance as quickly as possible before anyone notices what is happening. Beginning on or about November 20, various card holders began complaining online about unauthorized microtransactions that were suddenly showing up on their accounts. The charges fit the model described above, and were labeled as coming from Adele Services. Adele Services appears to be a dummy corporation; the 1-800 number listed as the customer contact point is disconnected and there is no official website. The company may not officially exist, but that has not stopped it from continuing to test accounts. It is impossible to state how many card holders have been pinged in this manner, but the number of online reports is growing steadily. Theories on which company’s security was breached abound, although PayPal has been collectively ruled out, given the number of non-PayPal users affected. Amazon seems to be a current favorite, based on the fact that a number of the irate forum posters recently shopped there. Source: http://arstechnica.com/news.ars/post/20081202-odd-microtransactions-may-point-to-credit-card-breach.html
Information Technology
35. December 3, Heise Security – (International) Adobe admits Acrobat 9 passwords can be guessed more quickly. Adobe recently replied to the online discussion of Acrobat’s vulnerability to brute-force attacks. Adobe claims that the specification for the 256-bit AES encryption in Acrobat 9 provides greater performance than the 128-bit implementation in previous versions. It is this improved performance that allows Acrobat 9 to open protected documents much more quickly. Adobe has admitted that brute-force attacks and dictionary-based password cracks benefit from the program’s extra speed, because “fewer processor cycles are required” to test each password guess than with AES 128-encrypted documents. Adobe does not say how much faster attacks can be carried out, but Elcomsoft, a manufacturer of password-recovery tools, claims that passwords can now be cracked 100 times faster. To help mitigate dictionary attacks, Adobe advises customers to use long passwords or pass-phrases. Version 9 supports Unicode pass-phrases up to 127 characters in length. For even greater security, Adobe recommends using encryption based on the Public Key Infrastructure, although this requires the use of Adobe LiveCycle Rights Management. Source: http://www.heise-online.co.uk/news/Adobe-admits-Acrobat-9-passwords-can-be-guessed-more-quickly--/112138
36. December 3, Blackberry Cool – (International) BlackBerry Desktop Software contains critical security flaw. RIM has posted a knowledge base article describing a critical security flaw within the BlackBerry Desktop Software. The flaw has been confirmed by Secunia, a leading vulnerability intelligence provider. Here’s the problem as described by RIM: “The BlackBerry Desktop Manager includes the Roxio Media Manager for managing media synchronization between the BlackBerry smartphone and the Microsoft Windows computer. The Roxio Media Manager includes a Microsoft ActiveX control used for retrieving and installing application updates. A buffer overflow exists in the DWUpdateService ActiveX control that could potentially be exploited when a user visits a malicious web page that invokes this control.” Source: http://www.blackberrycool.com/2008/12/blackberry-desktop-software-contains-critical-security-flaw/
Communications Sector
37. December 2, Space.com – (International) Russians track wayward U.S. spy satellite. The U.S. Air Force apparently has a malfunctioning Defense Support Program satellite on its hands. DSP-23 is one piece of a constellation of such Earth-staring satellites designed to detect missile launchings and nuclear detonations, and gather other technical intelligence. DSP-23 seems to be drifting out of its high-altitude slot — and might prove troublesome to other high-value satellites in that populated area. One person who has flagged the problem to a U.S. satellite tracking expert is a Russian space analyst — a project partner of the International Scientific Optical Network (ISON). He said ISON is monitoring the entire ring of objects in geostationary Earth orbit (GEO). The network tracks all operational satellites, as well as space debris, spent rocket bodies, dead spacecraft, operational fragments, and objects originating from satellite fragmentations that have appeared in geostationary orbit. “We have continuously tracked an object we have identified as DSP F23 since January 10, 2008,” he said. The spacecraft has strayed from its spot in space — moving along in geostationary orbit as a passive object. It is not clear from optical data alone just what the operational status of the satellite truly is at present, he added. Asked about the possibility of DSP-23 smacking into others satellites in GEO, he said that “it exists.” Sauntering willy-nilly through space, the classified satellite could have close encounters with many operational satellites, he said. Source: http://www.msnbc.msn.com/id/28023768/
No comments:
Post a Comment