Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 4, 2008

Complete DHS Daily Report for November 4, 2008

Daily Report

Headlines

 According to Computerworld, a cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen the log-ons to more than 300,000 online bank accounts and almost as many credit cards during that time, a security company said Friday. (See item 13)

See Item 15 in the Banking and Finance section below

 KTLA 5 Los Angeles reports that a portion of Highway 101 was closed Monday in both directions in downtown Santa Barbara, California, after a masked gunman was spotted on a freeway overpass. (See item 17)

17. November 3, KTLA 5 Los Angeles – (California) Gunman in army fatigues shuts down freeway. A portion of Highway 101 is closed in both directions in downtown Santa Barbara after a masked gunman was spotted on a freeway overpass. Witnesses say the gunman, wearing brown fatigues and a black ski mask, was spotted waving a gun around on the La Cumbre overpass around 7:10 a.m. Monday. Police said the man is armed with a revolver and is also waving an American flag. The freeway was shut down in both directions at La Cumbre as a precaution, and traffic is being diverted through downtown Santa Barbara. The California Highway Patrol (CHP) reports the freeway closure has caused a massive traffic backup throughout the area. The roadway will remain closed until further notice, according to the CHP. No shots have been fired. Source: http://www.ktla.com/content_landing_page/?Masked-Gunman-Shuts-Down-Highway-101-in-=1&blockID=124961&feedID=171

Details

Banking and Finance Sector


12. November 1, Washington Post – (National) Money-laundering risk of hedge funds gauged. The roughly $2 trillion hedge-fund industry remains free of government restrictions, and this week the Treasury Department formally withdrew its once proposed rules. There are several reasons the Treasury has been delayed in requiring hedge funds to adopt money-laundering measures. For one thing, because the industry is unregulated there are no government examiners to enforce the measures. For another, hedge funds are indirectly regulated because they do business through bank and other financial firms that are required to monitor transactions for possible money-laundering. One key reason for the delay is that the risk that a terrorist group might use a hedge fund to launder money is deemed relatively small. For similar reasons the Treasury Department last year exempted casinos from a requirement that they report currency transactions on slot machine jackpots and video lottery terminals. Source: http://www.washingtonpost.com/wp-dyn/content/article/2008/10/31/AR2008103103210.html?hpid=sec-business


13. October 31, Computerworld – (International) “Ruthless” Trojan horse steals 500K bank, credit card log-ons. A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen the log-ons to more than 300,000 online bank accounts and almost as many credit cards during that time, a security company said today. Researchers at RSA Security Inc.’s FraudAction Research Labs tracked the Sinowal Trojan horse, also known as Mebroot and Torpig, to a drop server that contained the stolen credentials, said the product marketing manager at RSA’s ID and access assurance group. All told, the gang behind Sinowal managed to obtain access to nearly half a million bank accounts and credit cards, a volume RSA dubbed “ruthless” and “extraordinary.” Sinowal has infected hundreds of thousands of PCs worldwide during its run, and it continues to attack machines. It is triggered by more than 2,700 specific Web addresses, a massive number compared with other Trojan horses. Due to the global distribution of the malware attacks, RSA Security suspects that the group responsible for Sinowal is based in Russia. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9118718&intsrc=hm_list


14. October 31, Government Technology – (National) Red flag security regulation in effect as of November 1. As of November 1, 2008, federal regulation will require all organizations in the United States that offer consumer credit accounts to have implemented Red Flag programs to address consumer identity theft. Businesses will now be required to seriously address the identity theft problem in the interest of their customers, rather than just in their own business interests. Compliance is not a complex process, but it requires senior management’s attention to ensure the organization gets the full benefit of both compliance and reduction of identity theft as a major inhibitor of consumer economic activity. Source: http://www.govtech.com/gt/427073?topic=117671


15. October 31, CNN Money – (Florida) Fla’s Freedom Bank becomes 17th FDIC insured failure this year. Florida-based Freedom Bank was closed by state regulators Friday and its deposits were sold to Fifth Third Bancorp (FITB) under an agreement orchestrated by the Federal Deposit Insurance Corp. The FDIC said the cost of the failure to its deposit insurance fund will be between $80 million and $104 million — the “least costly” option, according to the regulator. Freedom Bank had assets of $287 million as of October 17, along with $254 million in total deposits, according to the FDIC. Fifth Third acquired Freedom Bank’s deposits for a premium of 1.16 percent, and also bought $36 million of assets from the bank. Any remaining assets will be held by the FDIC. Source: http://money.cnn.com/news/newsfeeds/articles/djf500/200810311851DOWJONESDJONLINE000897_FORTUNE5.htm


16. October 31, Twin City Pioneer Press – (Minnesota) FDIC chastises BankCherokee. The FDIC chastised BankCherokee for its “excessive concentration of real estate loans” and for not having enough capital to support the risk it was taking. A BankCherokee CEO said the bank already has taken steps to address the FDIC’s concerns, shoring up its capital and moving to diversify its loan portfolio. The FDIC’s action, called a cease and desist order, is at the middle level of enforcement actions. Such orders prohibit certain practices and usually require that bank officers correct problems that led to the order. Since 1975, the FDIC has issued about three dozen cease-and-desist orders in Minnesota. Most of the other orders from bank regulators require a change in a bank’s management or board makeup. The FDIC made no such request of BankCherokee. Source: http://www.twincities.com/ci_10869862


Information Technology


39. October 31, Dark Reading – (International) Antivirus ‘scareware’ is lucrative. An infamous pop-up aimed at spooking users into downloading a phony anti-virus program does detect a little malware, but it also make big bucks for its developers and distributors. According to new research conducted by SecureWorks director of malware research, who recently dissected the infamous software program and its money trail, affiliates who sell the so-called Antivirus XP 2008 (and now 2009) get a 58 to 90 percent commission on sales of the around $50 package. The program infects Web sites with phony pop-ups warning users that their machine is infected and to download the “anti-virus” software. Source: http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=211800542


40. October 31, VNUnet.com – (International) Warning on Halloween web fraud. Scammers are latching onto Halloween Web sites as a method of spreading infectious code, internet monitoring company Websense is warning. The company said that sites selling Halloween gifts and services have been targeted as never before and Internet users can be put at risk of infection from code embedded within the sites. “One particular example is a Web site selling Halloween costumes. The ‘deobfuscation’ returned by ThreatSeeker shows that the JavaScript has multiple layers of obfuscation, the company said in an alert. “The script contacts a malicious server in the .biz TLD. Within the ThreatSeeker network, we have seen almost 10,000 sites infected with the same obfuscation technique.” Another technique involves building a redirect into a popular Web site. Websense has detected over 13,000 such script injections in popular sites. Source: http://www.vnunet.com/vnunet/news/2229576/warning-halloween-web-fraud


Communications Sector


41. November 3, RIA Novosti – (National) Russia starts preparations to launch U.S. telecoms satellite. Russian space technicians have started launch preparations for a Zenit carrier rocket with a U.S. Telstar telecom satellite on board, Russia’s space agency said on Friday. A Zenit-3SLB carrier rocket equipped with a DM-SLB booster is scheduled to lift off from the Baikonur space center in Kazakhstan at the end of December. The Telstar 11N, built by Space Systems/Loral for Loral Skynet telecoms company, will provide services from 39 high-power Ku-band transponders spread across four different geographic beams in each of North and Central America, Europe, Africa, and the maritime Atlantic Ocean Region. Source: http://www.space-travel.com/reports/Russia_Starts_Preparations_To_Launch_US_Telecoms_Satellite_999.html

Department of Homeland Security Daily Open Source Infrastructure Report

Monday, November 3, 2008

Complete DHS Daily Report for November 3, 2008

Daily Report

Headlines

 According to the Associated Press, the European Union has agreed to meet U.S. standards for air cargo screening for half of the cargo on U.S.-bound passenger flights by February and all cargo on all flights by 2010. (See item 13)

13. October 30, Associated Press – (International) U.S., EU agree on air cargo screening. The European Union (EU) has agreed to meet U.S. standards for air cargo screening for half of the cargo on U.S.-bound passenger flights by February and all cargo on all flights by 2010. This fulfills an important recommendation intended to lower the threat of terrorists shipping dangerous items on commercial passenger flights. The agreement, long in the works, establishes consistent screening requirements for air cargo between the U.S. and the EU. For instance, the EU and the U.S. will use the same screening equipment, provide the same training to screeners and impose the same security requirements for the facilities where the cargo is screened. There are about 300 flights a day from EU countries to the U.S. Currently, 95 percent of flights within the U.S. and departing from the U.S. undergo cargo screening. For security reasons, officials would not say what percentage of EU flights are currently screened. Source: http://ap.google.com/article/ALeqM5j50X92W5lDhP-j1lxqjitZe0xCfAD94555JG1

 eWeek reports that Sony, Hewlett-Packard, Toshiba, and Dell are recalling as many as 100,000 laptops worldwide that used faulty Sony-made lithium-ion battery packs. In the United States, this could impact about 35,000 notebooks that were sold between 2004 and 2006. (See item 33)

See item 33 in the Information Technology section below.

Details

Banking and Finance Sector

9. October 31, Boise 2 News – (National) DBSI accused of investment fraud, facing suit. DBSI, one of the nation’s leading real-estate investment companies based near Boise, Idaho, is accused of investment, and bank fraud and violating the Idaho Securities Act, in a $2 billion class action lawsuit. Court documents claim, since 2003, DBSI has acquired 250 commercial properties in the U.S., worth more than $2 billion dollars. The company allegedly sought 12,000 investors around the world. The suit claims DBSI made an illegal profit in excess of $500 million dollars. An attorney for one of the plaintiffs says DBSI skirted securities laws requiring the disclosure of investment information that would have leveled the playing field for the average investor. There are 17 defendants named in the suit including three members of DBSI’s executive team. Source: http://www.2news.tv/news/33620874.html

Information Technology


33. October 30, eWeek – (International) Sony, HP, Dell, Toshiba recall thousands of faulty lithium-ion laptop batteries. Sony, Hewlett-Packard, Toshiba and Dell are recalling as many as 100,000 laptops worldwide that used faulty Sony-made lithium-ion battery packs. In the United States, this could impact about 35,000 notebooks that were sold between 2004 and 2006. So far, the U.S. Consumer Product Safety Commission (CPSC) said there have been 19 incidents of overheating and two reported injuries. All together, the three notebook vendors and Sony are recalling about 100,000 notebook battery packs worldwide. To date, there have been 19 separate incidents of batteries overheating, according to the CPSC. Of those 19 incidents, 17 involved fire and flames, and 10 consumers also reported some minor property damage. At least two people suffered minor burns after the batteries caught on fire, according to the CPSC. Source: http://www.eweek.com/c/a/Desktops-and-Notebooks/Sony-Notebook-Vendors-Recall-Thousands-of-Faulty-LithiumIon-Notebook-Batteries/


34. October 30, Dark Reading – (International) New phishing attacks target legitimate web domain owners. A new brand of phishing attack now under way and aimed at legitimate Web site domain owners could be the result of efforts to shut down a notorious domain registrar popular among spammers and malware writers, security experts say. The phishing emails, pretending to be from legitimate registrars eNom and Network Solutions Inc., attempt to fool domain name owners into giving up their account credentials. The eNom phishing email claims that eNom will be conducting database and data center maintenance, while the fake Network Solutions message says the customer needs to renew his or her expired domain registration. Security experts say the timing of this phishing attack, complete with slick and authentic-looking messages and phony Web pages, is unlikely a coincidence. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=211800362


35. October 30, SC Magazine – (International) Source of rogue malware tracked down. Cybercriminals have unleashed a blizzard of rogue anti-virus software to plunder naive users. A director of malware research at SecureWorks, said one leading set of fake AV programs is Antivirus XP 2008 and its more recent edition, Antivirus XP 2009. Both are rogue AV programs put out by Russian company Bakasoftware and sold to English-speaking computer users. The director discovered that top earners are likely making up to $5 million a year by controlling large botnets of infected computers and siphoning money into their own accounts, he told SCMagazineUS.com on October 30. Antivirus XP 2008 is the most prevalent rogue antivirus program right now, the director said. The director said he hopes his findings illustrate that users have to be suspicious of things popping up unexpectedly, which would indicate fake anti-virus software. Source: http://www.scmagazineus.com/Source-of-rogue-malware-tracked-down/article/120204/


Communications Sector

36. October 30, Bowling Green Daily News – (Indiana; Kentucky; Tennessee) Cut fiber optic line leads to phone outage in area. Several Bowling Green businesses experienced a phone outage Wednesday morning as a result of a cut fiber optic line in the provider’s main system. About 10,000 Norlight Inc. customers in Kentucky, Tennessee, and Indiana were without service for hours after a construction crew cut a line near the company’s headquarters in Evansville, Indiana. The general manager of Norlight said he did not know the number of people affected in Bowling Green or Kentucky, but that Norlight was not the only company affected. Several carriers were struck by the cut line, which resulted in lost internet, cell phone and cable service, as well as land lines. In some areas, 911 emergency service also was lost. Source: http://bgdailynews.com/articles/2008/10/30/news/news7.txt