Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, October 21, 2008

Complete DHS Daily Report for October 21, 2008

Daily Report

Headlines

 Computerworld reports that two key systems that the U.S. Internal Revenue Service is deploying contain serious security vulnerabilities that pose a direct risk to taxpayer data, according to a report by the Treasury Inspector General for Tax Administration. (See item 24)

24. October 17, Computerworld – (National) Two new IRS systems have major security weaknesses, federal report says. Two key systems that the U.S. Internal Revenue Service (IRS) is deploying contain serious security vulnerabilities that pose a direct risk to taxpayer data, according to a report by the Treasury Inspector General for Tax Administration. The 29-page report is dated September 24 but was just publicly released on Thursday. It identifies weaknesses in several areas — including access control, monitoring of system access, and disaster recovery — in a new Customer Account Data Engine (CADE) system that the IRS is rolling out, plus a related Account Management Services system. According to the Inspector General’s report, systems administrators and other privileged users are able to access, modify, and delete taxpayer data with impunity because of a lack of monitoring capabilities in the two systems. In addition, contractors working for the IRS can make configuration changes without prior notice or approval, the report said. Similarly, there are no processes in place for verifying whether data that is archived on backup tapes is being stored properly and can easily be recovered if needed, according to the report. In addition, a vulnerability scan of the mainframe environment that hosts the CADE system uncovered at least one critical vulnerability that posed a risk to taxpayer data, plus several configuration errors, the

report said. It added that sensitive personal information about taxpayers was being transmitted without being encrypted or otherwise disguised within IRS computing centers, and also was not encrypted when it was stored. And, the report said, the IRS used live taxpayer data in at least 18 test environments for application development purposes. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117447&intsrc=news_ts_head

 According to the Chattanooga Times Free Press, the Dalton, Georgia, police chief told residents Sunday he doubts anyone else was involved in the Friday morning bombing of a local law firm that killed the bombing suspect and injured four others. (See item 29)

29. October 20, Chattanooga Times Free Press – (Georgia) Dalton: No other suspects in bombing. The Dalton, Georgia, police chief told residents Sunday he doubts anyone else was involved in the Friday morning bombing of a local law firm that killed the bombing suspect and injured four others. He said the bombing suspect rammed an SUV into the front of the building before running around the back of the building, bursting out a window, and placing a metal explosive device the size of a five-gallon bucket inside, where it exploded. An attorney at a local firm said he and others were still trying to sort out what had happened. “It was a freakish, random act,” he said. The bombing suspect had been in an ongoing property dispute with his son, and an attorney at the firm represented the son in the dispute. Source: http://timesfreepress.com/news/2008/oct/20/dalton-no-other-suspects-bomb

Details

Banking and Finance Sector


10. October 20, Computer Weekly – (International) Hackers crack Sarkozy’s online bank account and steal cash. Thieves hacked the French president’s bank account, stealing cash after gaining access to the President’s online passwords. The French secretary of state for consumer affairs also said more needed to be done to tighten the security of internet banking in France. The French President is said to have reported the theft last month, but no one has yet been charged with the crime. Source: http://www.computerweekly.com/Articles/2008/10/20/232733/hackers-crack-sarkozys-online-bank-account-and-steal.htm

11. October 19, Atlantic Journal Constitution – (Georgia) Several Georgia banks in jeopardy. Dozens of Georgia banks are struggling with surging levels of delinquent loans, the result of a dangerous concentration on lending for metro Atlanta’s once-thriving real estate development. The bad loans have caused one Georgia bank to fail this year and could put another dozen under by year’s end. Some banking experts say a delinquency rate of even 2 percent suggests an institution faces serious financial challenges. In Georgia, 159 banks exceed that level. Twenty-five of them have seen seriously past-due loans rise into the double digits. Federal insurance guarantees the safety of depositors’ money, but stockholders stand to lose their entire investments. Source: http://www.ajc.com/news/content/business/stories/2008/10/19/georgia_banks.html

12. October 17, SC Magazine – (International) Darkmarket forum closed following police raids. Darkmarket forum, described as a ‘one stop shop’ for criminals, was closed down following dawn raids in Manchester, Hull, and London, U.K., as well as Germany, Turkey, and the United States. The forum was used by criminals to buy and sell credit card details and bank logins and was running for around three years. Soca (Serious Organized Crime Association) claimed that there were 2,000 users registered on Darkmarket, but many of those were not unique. SC revealed earlier that the FBI had used Darkmarket to capture the details of thousands of hackers and spammers via an undercover agent posing as a forum member. About 60 people were arrested. Source: http://www.scmagazineuk.com/Darkmarket-forum-closed-following-police-raids/article/119603/

Information Technology


26. October 18, CyberInsecure – (International) MSN Messenger used as lure in another malicious spam wave. Websense Labs are reporting a new malicious spam lure that uses the threat of a virus to encourage users to download a malicious Trojan. The email explains that by downloading the application linked within the email, users can protect themselves against a virus that spams messages to a user’s contacts. The email offers an update to Live Messenger Plus which is actually a Trojan. The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to msn.com.br. A browser then opens pointing to a different site. A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such key loggers and other malware. The malware then goes on to conduct information-stealing activities. Source: http://cyberinsecure.com/msn-messenger-used-as-lure-in-another-malicious-spam-wave/


27. October 17, Internet News – (International) Adobe sites hit by malware. Adobe has had to deal with two of its websites compromised by an SQL injection attack. The manager of the U.S. offices of security vendor Sophos Laboratories, confirmed the sites had been affected. The manager said after Sophos contacted Adobe, the software issues at both of its websites had been cleaned up; a follow up check by Sophos found them “clean” and no longer at risk. One of the Adobe websites infected was its Vlog It support section, an area providing tips for video bloggers. Sophos today notified users about this. The other infected Adobe site Sophos discovered is Serious Magic which produces high-quality video and communication software. The Vlog It site was affected by malware known as Mal/Badsrc-C. It was delivered by a botnet known as Asprox, which was also used in the attack on Adobe’s Serious Magic site. Source: http://www.internetnews.com/security/article.php/3779021/Adobe+Sites+Hit+by+Malware.htm



Communications Sector


28. October 20, Mobile Marketing News – (International) Expert warns of new mobile virus. A new mobile virus that is causing havoc with many people’s handsets has been highlighted by an expert. A researcher from Adaptive Mobile, a British firm that tracks malware and provides security software for mobile firms, told BBC News that the Beselo virus has been responsible for a rise in spam from 0.5 percent of traffic to 6 percent over the last 12 months for a typical network operator. Beselo spreads via MMS or by searching for nearby Bluetooth devices - a true ‘airborne virus’ that has grounded many affected mobile phones. There are thought to be around 400 mobile viruses in circulation today and there are compelling reasons why experts think that number is about to grow. Source: http://www.mobilemarketingnews.co.uk/Expert_warns_of_new_mobile_virus_18833519.html