Department of Homeland Security Daily Open Source Infrastructure Report

Monday, June 23, 2008

Daily Report

• CNN reports that beginning June 21, travelers who “willfully refuse” to show IDs will not be allowed through checkpoints or onto planes. The Transportation Security Administration says it is changing the policy to smooth passenger flows and improve security. (See item 19)

• According to the Associated Press, a report by the Government Accountability Office found that Medicare health providers diverted money into personal accounts instead of paying those payroll taxes to the government. The culprits owe the federal government more than $2 billion in payroll and other back taxes. (See item 34)

Banking and Finance Sector


11. June 20, WTVQ 36 Lexington – (Kentucky) Credit Union scam warning. Wednesday night, hundreds of people in Kentucky received calls telling them their bank accounts had been suspended. The calls were allegedly from the Commonwealth Credit Union, but they were not. The Better Business Bureau of Central Kentucky was also getting calls. Commonwealth Credit Union is warning their members of the scam and assuring them no accounts have been compromised. Source: http://www.wtvq.com/news/1-latest/304-credit-union-scam-warning.html


12. June 20, BankInfoSecurity – (Maine) TD BankNorth warns customers of phishing attempt. Less than a month after TD BankNorth customers in New Hampshire were alerted by the bank that their Visa debit or credit cards may have been compromised comes news of a phishing email scam against the bank’s customers. The bank, headquartered in Portland, Maine, has $119 billion in assets and 1,100 locations on the east coast. TD BankNorth is warning customers about an email scam that could infect computers. The email messages say the notes are from TD BankNorth’s president and chief executive officer. The email asks for personal information. The bank says clicking on a link in the note probably infects a customer’s computer with a program that sends their information to the hacker. The bank posted an alert on its web site home page on June 4 after reporting the emails to law enforcement agencies. The bank declined to say whether customer information or money was taken as a result of people responding to the phishing email. Source: http://www.bankinfosecurity.com/articles.php?art_id=890


13. June 19, WBBM 2 Chicago – (Illinois) 67 charged in federal mortgage fraud probe. Federal authorities have charged 67 people in a dozen new mortgage fraud cases uncovered in Chicago as part of a nationwide investigation. The cases involve over $170 million in fraudulent mortgages, which were given out by a variety of lenders and security by several hundred homes in the Chicago area and other places across the country. When the mortgage holders in the cases defaulted, the lending companies suffered losses of more than $40 million, the U.S. Attorney’s office said. In the Chicago case, mortgage brokers, loan officers, realtors, home builders, and attorneys were among those charged, according to the U.S. Attorney’s office. Source: http://cbs2chicago.com/topstories/operation.malicious.mortgage.2.752302.html


14. June 19, South Bend Tribune – (Indiana) Common link found in bank scam. A breach of the computer system affecting customers’ debit cards at 1st Source Bank in early May appears to be at the center of the fraudulent overseas withdrawals this past weekend affecting the accounts of hundreds in Michiana. “As we are piecing it together, it appears transactions coming out of Eastern Europe, Ukraine, Czech Republic, Turkey, Nigeria, Spain are most likely related to our breach,” said the senior vice president, consumer and electronic banking for 1st Source Bank. People who used cards from other banks in 1st Source machines at any local site might have been victimized. Information has been sent to various card associations like Discover, Visa, and Master Card, the official said.

Source: http://www.southbendtribune.com/apps/pbcs.dll/article?AID=/20080619/News01/80619 0400/1013/Biz


Information Technology


41. June 19, Computerworld – (National) Apple does about-face, fixes Safari’s ‘carpet bomb’ bug. Apple Inc. updated the Windows version of Safari today, patching four vulnerabilities, including one that prompted rival Microsoft Corp. three weeks ago to urge users to stop using Apple’s browser. The fix stymies the kind of attacks that a security researcher disclosed last month, dubbing them “carpet bomb” attacks because they could litter the Windows desktop with malware files by taking advantage of a design flaw in Safari. Today’s patch is an about-face of sorts for Apple. The company earlier said that it did not consider the problem a security issue because Safari had no option to require a user’s permission to download a file. Instead, Apple said it would consider the change an “enhancement request,” and perhaps make a modification in a future feature update. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxono myName=security&articleId=9101239&taxonomyId=17&intsrc=kc_top


42. June 19, PC Magazine – (National) Dangerous malware e-mail making the rounds. An e-mail message with a provocative, socially-engineered fake news story titles in it subject line has been circulating in an attempt to spread a Trojan that will download additional malware onto a victim’s computer. The e-mail’s objective is to install an ActiveX control and run a file named video.exe, thereby installing the Trojan. Source: http://www.pcmag.com/article2/0,2817,2320835,00.asp


43. June 19, CNet News – (International) Storm worm version uses China earthquake to lure victims. On Thursday, US-CERT (Computer Emergency Readiness Team) advised against opening e-mails that contain a link to a video with information about the earthquake in China. The group has received reports of a new variant of the Storm worm that targets people interested in the May 12 earthquake that killed nearly 70,000 people and left 5 million homeless. Some of the e-mails also have subject lines that deal with the Olympic Games that China is hosting. In the e-mail is a link that sends a recipient to a malicious Web site, US-CERT says. Opening the purported video link on the site runs executable code that infects the computer with malicious code that can be used to turn the machine into a zombie on a spam botnet. Previous versions have used April Fools’ Day and Valentine’s Day themes, as well as masqueraded as a fix for another worm to lure victims to sites. Source: http://news.cnet.com/8301-10784_3-9972672-7.html


Communications Sector


44. June 19, Associated Press – (National) FCC expected to rule Verizon violated privacy laws. The Federal Communications Commission is expected to rule that Verizon Communications Inc. violated privacy laws when it tried to keep phone customers from switching providers, a person at the agency who is familiar with the issue said Thursday. The ruling could come as early as Friday, according to this person, who spoke on condition of anonymity because the decision was not yet public. The ruling would uphold a complaint brought by Comcast Corp., Time Warner Cable Inc. and privately owned Bright House Networks, and it goes against an earlier staff recommendation that Verizon did not violate any consumer privacy laws. In that April recommendation, FCC’s enforcement bureau said the commission needs further public input on rules governing competition for voice, video and Internet services and whether further regulation is needed. Source: http://ap.google.com/article/ALeqM5hHhkq9rtvf57XoFxbRDvsQrjFzngD91DE8D03

Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 20, 2008

Daily Report

• According to the Chicago Tribune, a veteran food-contamination scientist at the U.S. Food and Drug Administration said that discovering where the salmonella bug originated may be impossible because an individual tomato typically carries no information of its origin. (See item 18)

• The Harris News Service reports that, according to a legislative report, confidential information was left on outdated state computers being released for sale to the public. That includes thousands of Social Security numbers, names of Medicaid beneficiaries, and personnel information about state employees. (See item 30)

Banking and Finance Sector

7. June 19, Marco News – (National) Authorities warn of scam using Marco bank’s name. The Collier County, Florida, sheriff’s office (CCSO) is warning the public about a scam involving a Collier County bank. In the scam, letters are sent in the mail asking a person to be a “secret shopper.” A check for a large amount of money is included with the letter. These checks carry the Marco Community Bank logo and routing number, and have apparently been circulated by mail across the United States. Deputies say these checks are counterfeit. Marco Community Bank officials alerted CCSO to the scam. The amount listed on the checks is generally $4,820. The checks are green and the numbers vary. On the bottom of each check in the left-hand corner reads: Re: Consumers View Inc. Various phone numbers also appear on the check and in the letter. When called, a person on the other end of the line answers “Marco Community Bank” and verifies that the amount of money on the check is available. Source: http://www.marconews.com/news/2008/jun/19/authorities-warn-scam-using-marco-banks-name

8. June 18, Wired Blog Network – (National) Citibank hack blamed for alleged ATM crime spree. A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors. The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank’s systems, experts say. Credit card and ATM PIN numbers show up often enough in underground trading, but they are invariably linked to social engineering tricks like phishing attacks, “shoulder surfing” and fake PIN pads affixed to gas station pay-at-the-pump terminals. But if federal prosecutors are correct, the Citibank intrusion is an indication that even savvy consumers who guard their ATM cards and PIN codes can fall prey to the growing global cyber-crime trade. Citibank denied that its systems were hacked to Wired.com’s Threat Level. But the bank’s representatives warned the FBI on February 1 that “a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached,” according to a sworn affidavit by a FBI cyber-crime agent. Source: http://blog.wired.com/27bstroke6/2008/06/citibank-atm-se.html

9. June 18, Atlanta Business Chronicle – (Georgia) Georgia Department of Revenue warns of check scams. The Georgia Department of Revenue (DOR) said June 18 it has discovered two check scams that involve phony checks claiming to be from the Georgia DOR and checks that use incorrect banking information. In the first scam, people get a letter from a Canadian-based company that says “your grant in the amount of $50,000.00 (Fifty Thousand Dollars) has been approved.” Attached to the letter is a check that appears to have been issued by the Georgia DOR. The letter asks the recipient to call a Canadian phone number “immediately to verify your file” and to “prevent any delay with the release of your grant.” The letter specifies a deadline for claiming the grant. But during the phone call, an agent will try to get the caller to divulge personal information including bank account information. Some recipients have deposited the check into their banking account. But the check is blocked when it attempts to clear Georgia DOR’s account. “The Georgia Department of Revenue does not mail checks to individuals through any third party,” said a Georgia Revenue Commissioner. “Checks issued by the Georgia Department of Revenue are mailed directly to the check’s payee.” The second scam involves a company identified on the check as AIRSERV in Atlanta that issues checks with inaccurate banking information. Anyone who gets one of the letters or AIRSERV checks should take it to their nearest law enforcement office and fill out a victim of fraud complaint, Georgia DOR said. Source: http://www.bizjournals.com/atlanta/stories/2008/06/16/daily59.html

Information Technology

38. June 18, IDG News Service – (National) Digital rights groups hit ISP ad firm for spying on users. A targeted advertising vendor being used by several U.S. broadband providers hijacks browsers, spies on users and employs man-in-the-middle attacks, according to a report released Thursday by two advocacy groups. NebuAd Inc., a behavioral advertising vendor being used by Charter Communications Inc., WideOpenWest Holdings LLC and other Internet service providers, also uses packet forgery, modifies the content of TCP/IP packets and loads subscribers’ computers with unwanted cookies, according to the report by Public Knowledge and Free Press, two Washington-based organizations focused on digital rights. “NebuAd exploits several forms of ‘attack’ on users’ and applications’ security,” the chief technology consultant for the two groups. “These practices – committed upon users with the paid-for cooperation of ISPs – violate several fundamental expectations of Internet privacy, security and standards-based interoperability.” NebuAd violates Internet Engineering Task Force standards that “created today’s Internet, where the network operators transmit packets between end users without inspecting or interfering with them,” he said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9100378&taxonomyId=17&intsrc=kc_top

39. June 18, IDG News Service – (National) Firefox 3 vulnerability found. Five hours after Mozilla officially released Firefox 3.0, researchers found a vulnerability in the new browser. Tipping Point has verified the bug and reported it to Mozilla, Tipping Point said on Wednesday. Since Mozilla is still working on a fix, the researchers will not share details about the problem. Tipping Point ranked the severity of the vulnerability as high, but said that users would have to click on a link in an e-mail or visit a malicious Web page before being affected. The issue affects users of Firefox 3.0 as well as Firefox 2.0. Once the problem is fixed, Tipping Point will publish an advisory on its Web site, it said. Source: http://www.networkworld.com/news/2008/061808-firefox-3-vulnerability.html

Communications Sector

Nothing to report