Monday, June 16, 2008

Daily Report

• The Chicago Tribune reports that a House subcommittee voted Thursday to subpoena the records of nine private laboratories involved in food testing as part of a congressional investigation into allegations that some companies have withheld information on tainted food from federal regulators. The other labs, according to the subcommittee, refused to turn over records. (See item 19)

• Kansas City infoZine reports that, according to experts speaking at a House hearing, laws regulating the security of most factories and other businesses that possess a large amount of chemicals should also cover drinking water and wastewater treatment plants. Currently, drinking water and wastewater treatment facilities are exempt from the 2006 legislation because they are regulated by the Environmental Protection Agency. (See item 21)

Banking and Finance Sector

9. June 12, WOAI 4 San Antonio – (Texas) Attorney General warns new check cashing scam. The Texas Attorney General (AG) is warning of a new scam involving checks that resemble refund checks issued through a state settlement with an unlicensed online payment service. The AG’s office said people have been getting the fake checks and depositing them. When the checks are not honored by the bank that is printed on them, the money is then taken from the account of the person who deposited them. Most of the checks come with a letter claiming you’ve won a sweepstakes or been selected to be a mystery shopper. Source:

10. June 12, Greeneville Sun – (Tennessee) Andrew Johnson Bank warns public of e-mail scam. Andrew Johnson Bank is warning its consumers that a fraudulent e-mail is circulating, purportedly issued by the Greeneville, Tennessee-based bank. The bank says, “This e-mail appears to link to Andrew Johnson Bank’s Internet banking service, but instead redirects customers to a fraudulent (spoofed) Web site which requests responses to a ‘survey’ that solicits personal account information. Andrew Johnson Bank has not issued this e-mail.” A press release from the bank says the fraudulent e-mail contains the following: “The Andrew Johnson Bank Online department kindly asks you to take part in our quick and easy 5 questions survey. In return we will credit $20 to your account just for your time!” A hyperlink to a Web site follows the bogus message. Source:

Information Technology

34. June 12, IDG News Service – (National) U.S. hacker gets 41 months for running rogue botnet. A U.S. hacker who hooked up a botnet within Newell Rubbermaid’s corporate network was sentenced to 41 months in prison on Wednesday, according to the U.S. Department of Justice. He must also pay $65,000 restitution. He pleaded guilty to charges of computer fraud and conspiracy to commit computer fraud for using the botnet to install advertising software on PCs located throughout Europe without permission. Newell Rubbermaid reported its European computer network had been hacked around December 2006. At least one other European-based company also complained. The hacker’s indictment was enabled by investigations conducted by several law enforcement agencies worldwide, including London’s Metropolitan Police Computer Crime Unit, the U.S. Secret Service, the U.S. Federal Bureau of Investigation, the Finland National Bureau of Investigation, and other local U.S. agencies. Others who helped in the hack are still under investigation, the department said. The man received a commission from a company called DollarRevenue for every installation of the advertising software. Ad software can be very difficult to remove and trigger unwanted pop-ups. Many hackers have become astute at installing the software through surreptitious means, such as exploiting software vulernabilities in a PC’s operating system or Web browser. In December 2007, DollarRevenue was fined €1 million ($1.54 million) in the Netherlands, one of the largest fines ever levied in Europe against a company over adware. That investigation found that hackers were paid €0.15 each for installation of DollarRevenue software on computers in Europe and $0.25 for PCs in the U.S. Source:

35. June 11, USA Today – (International) Olympic visitors’ data is at risk. National security agencies are warning businesses and federal officials that laptops and e-mail devices taken to the Beijing Olympics are likely to be penetrated by Chinese agents aiming to steal secrets or plant bugs to infiltrate U.S. computer networks. Chinese government and industry use electronic espionage to “easily access official and personal computers,” says one recent report by the Overseas Security Advisory Council, a federally chartered panel comprising security experts from corporations and the State, Commerce, and Treasury departments. Equipment left unsupervised for just minutes in a hotel or even during a security screening can be hacked, mined, and bugged, adds the chair of the U.S.-China Economic and Security Review Commission, a federal panel that monitors China-related security issues for Congress. China’s government also controls Internet service providers and wireless networks, he says, so computers and PDAs can be monitored and planted with bugs remotely, too. “There is a high likelihood — virtually 100% — that if an individual is of security, political, or business interest to Chinese … security services or high technology industries, their electronics can and will be tampered with or penetrated,” he says. China’s embassy did not respond to requests for comment, but usually dismisses espionage charges. Source:

Communications Sector

36. June 13, PC Advisor – (National) IPhones present Wi-Fi risk to businesses. IPhones are creating an increased security threat to businesses, especially when used with Wi-Fi networks, an Australian expert has warned. A senior security consultant at Pure Hacking highlighted that the adoption by businesses of the iPhone will “elevate risk to a level never seen before.” “We’re going to find a lot of executives using the iPhone’s push e-mail to combine their personal and business messages... combined with the ever-increasing use [on the iPhone] of Web 2.0 applications, there are a lot of vulnerabilities,” he said at the IDC SecurityVision conference in Sydney this week. “Like it or not, there’s about to be a whole lot more risks for a lot of organizations,” he added. He identified the further increased risk when iPhones are used on Wi-Fi networks. “Wi-Fi spots aren’t encrypted ... nor is a great amount of the information you receive from Web 2.0 applications.” He also warned that as prices for data plans fall, Wi-Fi use will increase, which in turn will “increase the vulnerability of the iPhone.” Source:

37. June 12, Belfast Telegraph – (International) Council telephones targeted by hacker. A Northern Ireland council suffered fraudulent use of its phone system involving 18 hours of international calls in a three-day period, it has been revealed. The details of the hacking case are given in a newly-published annual report by the province’s Chief Local Government Auditor. The council itself was not named in the report. The auditor said the calls had been mainly to Morocco, Senegal, and Pakistan. The council was alerted to the problem by the customer fraud management section of its telephone company. “Over three days there had been approximately 18 hours of international usage, all out of normal working hours, which had not been dialed from the council’s system,” the report said. “They indicated that this call pattern strongly suggested that the council’s telephone system had been compromised. The council took steps to protect its systems but the fraud is highlighted in this report for the information of and appropriate action by other councils.” Source: