Department of Homeland Security Daily Open Source Infrastrucutre Report

Thursday, April 30, 2009

Complete DHS Daily Report for April 30, 2009

Daily Report

Top Stories

 Amid growing concern over the vulnerability of the U.S. electric grid to cyberattacks, two lawmakers are preparing to introduce new legislation aimed at bolstering the industry’s responsiveness to such threats. (See item 3.)


3. April 28, Computerworld – (National) New cybersecurity bill for electric grid readied. Amid growing concern over the vulnerability of the U.S. electric grid to cyberattacks, two lawmakers are preparing to introduce new legislation aimed at bolstering the industry’s responsiveness to such threats. The Critical Electric Infrastructure Protection Act is scheduled to be introduced on April 30. A brief statement issued by the house committee today described the proposed legislation as one that would primarily empower the Federal Energy Regulatory Commission, an independent agency that regulates the interstate transmission of gas, oil and electricity, to issue “emergency rules or orders” if a cyberthreat is imminent. The rules or orders may be issued if the Secretary of Homeland Security determines that a national security threat exists, the statement said. It did not, however, clarify what kind of rules and orders the proposed bill is specifically referring to. In addition, the bill would require the commission to assess existing cybersecurity standards within the electric sector and establish new standards, as needed, for dealing with cyberthreats. It would also require the Department of Homeland Security to conduct an investigation to determine if the electric infrastructure has been compromised by outsiders. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9132288&taxonomyId=17&intsrc=kc_top


 Due to swine flu concerns, Russia, China and Ukraine began banning pork products that come from some U.S. states — a move that a U.S. trade representative said could “do extraordinary damage” to the U.S. economy and other countries. (See item 19.)


19. April 29, USA Today – (National) Agriculture chief to public: U.S. pork products are safe. Federal officials moved on April 28 to bolster the $15 billion U.S. pork industry and reassure consumers that eating pork is safe amid the swine-flu outbreak. The effort comes after countries such as Russia, China and Ukraine began banning pork products that come from some U.S. states. The bans led to lower prices of pork, as well as for soybeans and corn, used as hog feed. “The livelihoods of a lot of people are at stake here,” U.S. Agriculture Secretary said, referring to the country’s 67,000 pork producers as well as soybean and corn farmers. “It is perfectly safe to consume pork and pork products from America.” He also said people should stop using the term “swine flu” and should call the disease H1N1 virus, which refers to the subtype of influenza virus causing the outbreak. “This really is not swine flu,” he said. A U.S. Trade Representative said he will talk to officials in countries that are restricting U.S. pork products. “That could do extraordinary damage” to the U.S. economy and other countries, he said. Source: http://www.usatoday.com/news/health/2009-04-29-agriculture-pork-swine-flu_N.htm


Details

Banking and Finance Sector

8. April 28, MarketWatch – (National) Senate OKs $490 million to fight mortgage scams. The Senate voted on April 28 to give federal investigators more tools to combat mortgage fraud and other scams. The bipartisan legislation would authorize $490 million over two years to hire fraud prosecutors, increase enforcement actions and add funds to the Secret Service and Housing and Urban Development Inspector General. It also allocates funds to the Postal Inspection Service. It also sets up a commission of outside experts with subpoena power to examine the financial crisis and make recommendations. Of those funds, $165 million is being allocated to hire fraud prosecutors and investigators at the Justice Department and $140 million goes to increase the number of Federal Bureau of Investigation officials for the agency’s mortgage-fraud task forces. It also provides $50 million a year to expand the staff of the U.S. Attorney’s office and $40 million to expand the Justice Department’s criminal, civil, and tax divisions. The legislation, known as the Fraud Enforcement and Recovery Act, extends federal fraud laws to include mortgage loan companies that are not regulated or insured by the government. This expanded fraud statute would only have an impact on future crimes. Source: http://www.marketwatch.com/news/story/senate-approves-490-mln-fight/story.aspx?guid=5EAB0934-6896-46C0-8D34-401C8F5D50FC


9. April 28, WTOC 11 Savannah – (Georgia) New text message scam involves bank fraud. Beware if you get a text message claiming to be from your bank. The latest texting scam involves con artists texting your cell phone claiming to be from a variety of banks. One WTOC viewer warned about a text message pretending to be Suntrust Bank. The phone number is not associated with Suntrust and the bank does not send out text message alerts. Experts warn to take down the number and immediately report the text to the bank’s fraud department. Do not respond and do not give any information. Source: http://www.wtoctv.com/Global/story.asp?S=10263225


10. April 28, Associated Press – (Maryland) 5 charged in ‘nightmare’ $70M mortgage scheme. More than 1,000 people were defrauded out of about $70 million by a group advertising the dream of homeownership in what turned out to be a nightmare Ponzi scheme, federal and Maryland officials said on April 27. Five officers for Laurel, Md.-based Metro Dream Homes company are accused of tricking homeowners into pouring money into the business with the promise that the revenue would be used to pay off their mortgages. The scheme ran from 2005 until October 2007, authorities said. The newly confirmed Assistant U.S. Attorney General said the charges should send a message to those engaging in mortgage fraud. “Our resolve as a group is great,” he said at a news conference in Washington. “We will find you. We will prosecute you, and we are going to put you in prison.” “Some people hope to get rich quickly just by dreaming, without the hard work,” said the U.S. attorney for Maryland. “Usually, people can achieve that only by breaking the rules.” Prosecutors say the company marketed the mortgage program in seminars at luxury hotels in Maryland, Washington and Beverly Hills, California. An investor had to put up a minimum of $50,000 for each home. The company was then supposed to pay off their mortgages within five to seven years. Source: http://www.google.com/hostednews/ap/article/ALeqM5gB7--kEDtgOugiNfRih85sahLr7gD97R2HG02


11. April 27, Los Angeles Business Journal – (California) FDIC pays out deposits from First Bank of Beverly Hills. First Bank of Beverly Hills was shut down by the California Department of Financial Institutions on April 24, and the Federal Deposit Insurance Corp. will pay out the deposits of the bank. As of December 31, 2008, First Bank of Beverly Hills, which was actually based in Calabasas, had total assets of $1.5 billion and total deposits of $1 billion, of which an estimated $179,000 was uninsured, according to a statement from the FDIC. According to a statement from the DFI, the bank was ordered it to increase its capital reserves, but efforts by the bank to do so were unsuccessful. The FDIC will begin mailing customers checks for their insured money starting on April 27. First Bank of Beverly Hills is the 28th FDIC-insured institution to fail this year and the fourth in California. Source: http://www.bizjournals.com/losangeles/stories/2009/04/27/daily4.html


Information Technology


35. April 27, Cnet News – (International) Puerto Rico sites redirected in DNS attack. An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on April 26 to sites that were defaced, according to security firm Imperva. Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, the chief technology officer at Imperva, said on April 27. A group calling itself the “Peace Crew” claimed that they used a SQL injection attack to break into the Puerto Rico registrar’s management system, he said. “We are seeing more and more of these DNS-related attacks and seeing them scale up,” he added. While the sites that visitors were redirected to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information. People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited. Source: http://news.cnet.com/8301-1009_3-10228436-83.html


36. April 27, IDG News Service – (International) Bitlocker, TPM won’t defend all PCs against VBootkit 2.0. Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled recently but these technologies will not be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows. VBootkit 2.0 is proof-of-concept code that was unveiled by security researchers of NVLabs, at the Hack In The Box (HITB) security conference held in Dubai recently. The code, which is just 3KB in size, allows an attacker to take control of a Windows 7 computer by patching files as they are loaded into the system’s main memory. Because no software is modified on the computer’s hard disk, the attack is nearly undetectable. VBootkit 2.0 is an updated version of an earlier tool, called VBootkit 1.0, that can take control of a Windows Vista computer by a similar method. With VBootkit 2.0, once an attacker has taken control of the Windows 7 computer during the boot process they are able to get system-level access to the computer, the highest level possible. They can also remove user passwords to gain access to protected files and strip DRM (digital rights management) protection from multimedia files. The passwords can then be restored, hiding any evidence that it was compromised. “There is no fix for this. It cannot be fixed. It is a design problem,” one of the program designers said during his presentation last week, referring to Windows 7’s assumption that the boot process is safe from attack. In response, a Microsoft representative said Windows 7’s support for Trusted Platform Module (TPM) and BitLocker Drive Encryption (BDE) means the attack is “void,” downplaying the threat to users. Source: http://www.pcworld.com/businesscenter/article/163949/bitlocker_tpm_wont_defend_all_pcs_against_vbootkit_20.html


Communications Sector

Nothing to report.

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, April 29, 2009

Complete DHS Daily Report for April 29, 2009

Daily Report

Top Stories

 The Associated Press reports that the nation’s busiest air traffic control facility in Southern California relies heavily on inexperienced trainees, who are expected to make up more than 40 percent of controllers there later this year, according to a Transportation Department inspector general report released Monday. (See item 15)


15. April 27, Associated Press – (California) California air traffic facilities rely on trainees. The nation’s busiest air traffic control facility in Southern California relies heavily on inexperienced trainees, who are expected to make up more than 40 percent of controllers there later this year, according to a report released Monday. The Transportation Department inspector general report expressed concern about air traffic controller staffing levels at the Southern California Terminal Radar Approach Control Facility near San Diego, as well at the Northern California Terminal Radar Approach Facility near Sacramento. The two facilities handle planes approaching and leaving California airports. There are currently 76 trainee controllers — 32 percent of the work force — at the Southern California TRACON, the report said. But the Federal Aviation Administration plans to hire another 34 trainees later this year to make up for expected retirements, raising the share of controllers at the facility who are trainees to more than 40 percent. The report also said that overtime by controllers working in the tower at Los Angeles International Airport has increased more than 800 percent since 2006, and was up 120 percent at the Northern California TRACON. The report recommended that FAA “take immediate action” to address staffing and overtime concerns. Source: http://federalnewsradio.com/?nid=27&sid=1661678


 According to the Seattle Times, Seattle’s winter-storm strategy, which involved dumping nearly 12,400 tons of sand on iced-over streets last December, is causing new problems for the West Point Wastewater Treatment Plant, where unprecedented amounts of grit from city storm drains have plugged up pumps and triggered emergency repairs. (See item 22)


22. April 27, Seattle Times – (Washington) Latest storm headache: Seattle sand clogs sewer plant. Seattle’s failed winter-storm strategy, which involved dumping nearly 12,400 tons of sand on iced-over streets last December, is causing new problems for the West Point Wastewater Treatment Plant, where unprecedented amounts of grit from city storm drains have plugged up pumps and triggered emergency repairs. Plant operators called the situation “unprecedented” and attributed it to heavy rains that apparently flushed out pockets of sand and gravel still remaining on city streets four months after it was dropped. The volume of material became so heavy April 16 that it shut down a pump and forced the early shutdown of a basin that filters grit from wastewater before it is treated and released into Puget Sound. A spokesman for Seattle’s transportation department said in an e-mail that the city has swept up more than 11,300 tons of sand since January. That is more than 91 percent of the nearly 12,400 tons the city says it dropped in what proved to be a largely futile effort to make city streets passable. The city refused to use salt to clear the roads, citing concerns about its impact on chinook salmon habitat. That policy has since been changed. Transportation managers dispatched sweepers to clean up the sanding material after the storms passed. A spokeswoman for King County’s wastewater division said most of the sand was generated by the city’s snow-control efforts. But plant operators were hesitant to attribute an exact figure to the city. Instead they had only a general year-to-year comparison for grit removed at the plant: 2,800 tons in 2008 versus 300 tons in 2007. Source: http://seattletimes.nwsource.com/html/localnews/2009127486_sand27m.html


Details

Banking and Finance Sector

10. April 27, HedgeFund.net – (Florida) SEC charges hedge fund manager with a new fraud. The Securities and Exchange Commission is charging that a Florida-based hedge fund manager, who had already agreed to stop violating securities fraud provisions, was up to his old tricks. The SEC alleged that the defendant had shifted his strategy for his firm, Founding Partners Capital Management and that he was investing in riskier securities without telling investors. About $550 million in investments was involved the SEC claimed. Founding Partners, which is headquartered in Naples, Florida, invests in Sun Capital Inc. and Sun Capital Healthcare Inc., two related companies that provide loans to healthcare and other businesses guaranteed by accounts receivables. Starting in 2004, the SEC claimed, Founding Partners let the Sun Capital companies invest in healthcare companies that were financially troubled, without informing investors that it was taking on the more risky securities. The SEC also charged that the defendant used investor money improperly to pay personnel expenses. The defendant also told investors that the funds had audited financial statements for 2007, when they did not, the SEC complaint alleged. Source: http://www.hedgefund.net/publicnews/default.aspx?story=9995


11. April 27, St. Paul Business Journal – (Idaho; Wyoming) U.S. Bancorp buys Idaho bank assets from FDIC. U.S. Bancorp on April 24 took over the deposits of a small Idaho bank from the Federal Deposit Insurance Corp. (FDIC). Minneapolis-based U.S. Bank, which is the second-largest bank in the Milwaukee area, acquired $225 million in deposits of the First Bank of Idaho and branches that operate under the name First Bank of the Tetons. The deal includes seven branch banks in Ketchum, Hailey, Bellevue, Driggs and Victor, Idaho and in Jackson, Wyoming. The First Bank of Idaho, which has about 115 employees, had faced a capital shortage and received a cease-and-desist order April 15 from the Office of Thrift Supervision, a division of the U.S. Department of the Treasury that oversees federal savings associations, according to media reports. The branches involved in the April 24 acquisition will all be re-branded as U.S. Bank in the near future, according to a press release from U.S. Bank. Prior to the acquisition, U.S. Bank had 90 branch offices in Idaho and 14 in Wyoming. U.S. Bank did not acquire any brokered deposits of the bank or assets or liabilities of the First Bank of Idaho’s parent holding company, Sun Valley Bancorp., based in Ketchum, Idaho. Source: http://www.bizjournals.com/milwaukee/stories/2009/04/27/daily10.html


Information Technology


30. April 28, Spamfighter News – (Massachusetts) Teenaged hacker decreed for 11 months. A teen computer hacker who controlled several systems in botnet attacks has to face an imprisonment of 11 months in an adolescent prison. The 17 year old from Worcester, Massachusetts, referred to N.H. in court records or by his online name Dshocker, beseeched guilty of system fraud, four cases of wire cheating, and interstate threats during November 2008. N.H. also obtained stolen credit card numbers and purchased goods and services from them both for himself as well as for others. He assisted several carders purchase goods from these stolen cards teaching an associate who worked for a big shipping firm to redirect the packages of goods either to himself or to other carders. While announcing his punishment in the second week of April 2009, he was also granted two years probation period. Federal prosecutors informed that from November 2005 to May 2008, the accused also hacked the commercial computer systems to steal details and spread bogus bomb threats. As per the U.S. Attorney Office, the teenager issued orders to a control server commanding a network of thousands of systems to assail the target system, collapsing it or turning it slow, refuting services of that computer to the users. That is called “distributed denial of service attack.” The accused also confessed to obtaining unauthentic access to several systems repeatedly, which includes Road Runner, Comcast and Charter Communications, and robbed customer data. He also gained unauthentic access to the proprietary software and firmware of a company to amend cable modems, enabling him and others free web access. Source: http://www.spamfighter.com/News-12271-Teenaged-Hacker-Decreed-for-11-Months.htm


31. April 27, PC Magazine – (International) Swine flu scam sites may evolve into malware. Opportunistic people are registering domain names related to “swine flu.” F-Secure has a list of them and a warning. They say that none of them are pushing malware yet, although based on history it is only a matter of time. One of them does try to scam people. The site is selling a report, for $19.95 on how to deal with swine flu, including which Chinese herbs one should buy for it. Source: http://www.pcmag.com/article2/0,2817,2345974,00.asp


32. April 27, CNET News – (International) McAfee launches free online cybercrime help center. Instead of worrying if a computer is infected with a virus, a user can now go to a new Web site McAfee is launching on April 28 that is designed to help computer users figure out if they have legitimate reason to be concerned. The new Cybercrime Response Unit offers a forensic scanning tool that checks for malware on the computer and cookies left by suspicious Web sites to help determine if the machine has been compromised. A toll-free number is available for people whose scan results are worrisome. If visitors feel they may have been victimized by cybercrime, they can click through to a page that contains a series of questions that will be used to determine the level of risk. They are asked whether there are unexplained charges or suspicious activity on any financial accounts or other indications of identity fraud and whether the computer is running more slowly than usual, displaying pop ads, or having difficulty shutting down or starting up. There are also questions about user behavior, including whether the visitor responded to an e-mail or Web site request for personal information that may have been a scam, whether an e-mail attachment was opened that could have been malicious, and whether the computer was lost or stolen. The visitor is then prompted to run the McAfee Cybercrime Scanner. However, the tool does not run on Firefox. The scanner looks for unwanted processes or unauthorized programs running on the computer, visits to known malicious Web sites, unauthorized connections to the computer, unauthorized modifications to the computer protections, security sessions or browser and other unauthorized activity. Source: http://news.cnet.com/8301-1009_3-10228520-83.html

Communications Sector

33. April 28, Dayton Daily News – (Ohio) Dispatch center to handle emergency calls in May. Emergency 911 calls will again be handled out of the new Regional Dispatch Center sometime in May after problems with a Nortel switch are resolved and equipment has been tested, the Montgomery County sheriff said. On April 27, the Emergency Communication Policy Committee, which oversees the center, was briefed on what went wrong March 26 when several 911 calls about a Harrison Township house fire were not received at the center on the first day of operations. Currently, 911 calls are being handled at the sheriff’s dispatch center in Dayton, while the new dispatch center is handling calls to member jurisdiction’s regular police and fire lines. The sheriffs captain blamed AT&T for improperly programming the switch. A full report from AT&T is due May 1 or May 4. The report and AT&T’s testing will be reviewed by a consultant hired by the county. Source: http://www.daytondailynews.com/news/dayton-news/dispatch-center-to-handle-emergency-calls-in-may-97985.html


34. April 28, Associated Press – (New Jersey; New York) Cablevision has fastest Internet speeds for cable. Cablevision Systems Corp. is set to unveil April 28 the fastest Internet speeds available from any cable or phone company. Starting May 11, the Bethpage, New York-based cable operator will offer speeds of up to 101 megabits per second downstream throughout its service area, and 15 Mbps upstream. Cablevision has three million subscribers in the New York metro area. The company also plans to double the downstream speed of its Wi-Fi Internet service up to 3 Mbps for free. Cablevision offers wireless Internet at several Wi-Fi hotspots in New York’s Long Island, Connecticut and Westchester service areas, and in parts of New Jersey. Source: http://www.google.com/hostednews/ap/article/ALeqM5hVLD2ZjUpD0si5FcgL2E85D4i9WAD97R7VB81

35. April 27, KSWO 7 Lawton – (Oklahoma) Comanche County upgrades the 911 system. Comanche County, Oklahoma has upgraded to an enhanced 911 system that was originally approved by voters in December 2005. The system helps locate people who make 911 calls from cell phones. Taxpayers had to pay 50 cents extra each month on their cell phone bills to pay for the upgrades. Cell phone companies had to upgrade their towers to provide emergency dispatchers with the technical information they needed for their computers to pinpoint those callers. So far Sprint and Nextel are the only two companies that have completed their tower upgrades. Other cell phone providers in the area are still in the process of updating their systems and towers. Officials said all the systems and upgrades will be done by the end of April. Source: http://www.kswo.com/Global/story.asp?S=10259454

Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, April 28, 2009

Complete DHS Daily Report for April 28, 2009

Daily Report

Top Stories

 According to Reuters, a car accident triggered a power outage that shut two refineries on Puget Sound in Washington State, electric utility Puget Sound Energy said on Friday. (See item 3)


3. April 24, Reuters – (Washington) Car wreck triggered power outage at refineries. A car accident triggered a power outage that shut two refineries on Puget Sound in Washington State, electric utility Puget Sound Energy said on April 24. A car struck a power pole the evening of April 23 along Washington State Highway 20 as maintenance was being done at another location on a transformer bank that would have re-routed electrical supply to the refineries and about 100,000 other customers, said a Puget Sound Energy spokeswoman. “Because of very unusual circumstances, we lost power,” she said. Electricity was restored within about two hours to most customers. On April 24, Shell Oil Co said it was restarting its 145,000 barrel per day (bpd) Anacortes, Washington, refinery. Tesoro Corp said power was restored at its 120,000 bpd Anacortes refinery where workers were checking for damage before beginning the restart process. Source: http://uk.reuters.com/article/oilRpt/idUKN2445349720090424


 WJW 8 Cleveland reports that police say 53 people were arrested when an end of the year party near the Kent State University campus in Kent, Ohio turned into a riot on Saturday. The university secured campus buildings in the area as a preventive measure. (See item 42)


42. April 26, WJW 8 Cleveland – (Ohio) 53 people arrested after off-campus party turns into riot in Kent. Police say 53 people were arrested when an end of the year party in Kent, Ohio, known as College Fest on East College Street, turned into a riot on April 25. The event attracted thousands of students and heavy alcohol consumption. Tensions began escalating after police arrested an underage girl for drinking alcohol in the middle of the street and then arrested one of the girl’s acquaintances. A local resident said people started throwing bottles at officers because he forcefully pushed the girl. Kent Police responded by bringing in reinforcements from multiple agencies in full riot gear. Police officials declined requests for interviews on April 26 but said in a written statement that officers announced a dispersal order and arrested a number of people who failed to leave with multiple warnings. The crowd continued to throw objects such as bottles at officers and even firefighters who arrived to put out bonfires in the middle of the street. Paint balls filled with pepper spray were fired at some of the students. Most of the people arrested were charged with failure to disperse. They have been ordered to appear in Kent Municipal Court on either April 29 or April 30. A Kent University press statement released on the night of April 25 read in part that: The university secured campus buildings in the area as a preventive measure. There have reportedly been approximately 125 arrests. It is unknown at this time how many of the arrest are students. No injuries have been reported. Source: http://www.fox8.com/news/wjw-party-riot-ksu-0422,0,3290409.story


Details

Banking and Finance Sector

16. April 24, MarketWatch – (National) Four banks closed by regulators as credit crunch shakes out. Four banks in Georgia, Michigan, California and Idaho were closed by regulators on April 24, costing the Federal Deposit Insurance Corp.’s deposit insurance fund nearly $700 million as the effects of the credit crisis continued rippling throughout the U.S. economy. Kennesaw, Georgia-based American Southern Bank marked the 26th bank failure of the year and the fifth in the state of Georgia, the FDIC said. Farmington Hills, Michigan-based Michigan Heritage Bank then became the 27th failure of 2009, followed by the closure of Calabasas, California-based First Bank of Beverly Hills. Alpharetta, Georgia-based Bank of North Georgia has agreed to assume American Southern Bank’s deposits, the FDIC said in a statement. American Southern’s one office will reopen as a branch of Bank of North Georgia on April 27. American Southern had roughly $112.3 million in assets and $104.3 million in deposits as of March 30, according to the FDIC. Bank of North Georgia has also agreed to buy roughly $31.3 million of the failed bank’s assets, the FDIC said. The FDIC estimated the cost of American Southern’s failure to its deposit insurance fund will be $41.9 million. American Southern’s collapse marks the 51st bank failure since the credit crisis began last year. Source: http://www.marketwatch.com/news/story/Another-Georgia-bank-shuttered-regulators/story.aspx?guid={982438DE-54E6-4F2E-84FF-FA3F1556A589}


17. April 24, National Credit Union Administration – (Florida) Eastern Financial Florida Credit Union placed in conservatorship. The National Credit Union Administration (NCUA) on April 24 assumed control of the operations of Eastern Financial Florida Credit Union, a state-chartered, federally insured credit union headquartered in Miramar, Florida. The Florida Office of Financial Regulations, Bureau of Credit Union Regulation appointed NCUA as conservator on April 24 after placing Eastern Financial Florida Credit Union into conservatorship. NCUA has assumed control of the credit union and has appointed officials from Space Coast Credit Union of Melbourne, Florida to temporarily manage Eastern Financial Florida Credit Union’s day-to-day operations. NCUA’s goal is to continue credit union service to the members and ensure safe and sound credit union operations. Service continues uninterrupted at Eastern Financial Florida Credit Union and members are free to make deposits, access funds, make loan payments and use share drafts. While the credit union was placed into conservatorship because of declining financial condition, the decision to conserve a credit union enables the institution to continue normal operations with expert management in place. Source: http://ncua.gov/news/press_releases/2009/MR09-0424a.htm


18. April 24, KDAF 33 Dallas (Texas) Duncanville police warn of scam. The Duncanville Police Department has received more than 20 calls from citizens regarding a possible scam. Citizens reported that they started receiving phone calls on April 23 and 24. The phone call was of a recording advising individuals that their credit card had been compromised and asked them to enter a number on the phone. It is unknown at this time if the subjects committing this scam were attempting to take over the individual’s phone service or if they were attempting to gather personal information from the individuals they called. The Duncanville Police Department continues to advise citizens that if they receive a phone call — be it a recording or a live person — asking for personal information or directing them to enter credit card numbers on the phone, to just hang up and do not call the number back. At this time, Duncanville Police do not have any reports of any criminal offenses taking place. Source: http://www.the33tv.com/pages/content_landing_page/?Duncanville-Police-Warn-of-Scam=1&blockID=275113&feedID=460


Information Technology


50. April 27, CNET News – (International) Google plugs PC power into cloud computing. Google has released experimental but still very much real software that brings in some of the power of the PC, where people often use Web applications. Google Native Client, first released in 2008 but updated with a new version on April 23, is a browser plug-in for securely running computationally intense software downloaded from a Web site. And on April 21, Google released O3D, a plug-in that lets Web-based applications tap into a computer’s graphics chip, too. The projects are rough around the edges, to say the least. Native Client (NaCl) is more security research project than usable programming foundation right now, and O3D exists in part to try to accelerate the arrival of some future, not necessarily compatible, standard for building 3D abilities into Web applications. But both fundamentally challenge the idea that Web apps necessarily are stripped-down, feeble counterparts to the software that runs natively on a personal computer, and they come from a company that has engineering skill, a yen for moving activity to the Internet, and search-ad profits that can fund projects that do not immediately or directly make money. Source: http://news.cnet.com/8301-17939_109-10227150-2.html


51. April 27, The H – (International) Vulnerability patched in Symantec Brightmail Gateway. Symantec has released an update for its Brightmail Gateway email security appliance to fix a cross-site scripting and privilege escalation vulnerability in the appliance’s Web based Control Center. Attackers could exploit the vulnerabilities from the internal network as the Control Center failed to properly filter client input from authorized users of the Control Center console. The update is available via the Software Update feature of Brightmail and is also available to registered users to download. Source: http://www.h-online.com/security/Vulnerability-patched-in-Symantec-Brightmail-Gateway--/news/113155


52. April 26, Detroit Observer & Eccentric News – (Michigan) Patterson’s phishing bill breezes through senate. A bill sponsored by a Michigan state senator that is pushing tougher punishments for Internet crimes sailed through the senate on April 23. In particular the legislation targets phishing, or fraudulently acquiring personal information over the Internet. Phishing is a unique form of identity theft where criminals use e-mails or pop-up ads to lead consumers to counterfeit Web sites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Because the criminals highjack the names and logos of reputable banks, e-retailers and credit card companies, they convince consumers to respond. If the bill becomes law it would increase to a maximum of 10 years in prison and $500,000 in fines from the current five years and $25,000. The bill also would allow the attorney general or the Internet provider to file civil actions against the phishing site operators. Source: http://www.hometownlife.com/article/20090426/NEWS15/904260584


53. April 24, IDG News Service – (International) Worm solves Gmail’s CAPTCHA, creates fake accounts. A Vietnamese security company has detected what it believes is a new worm that thwarts Google’s security protections in order to register new dummy Gmail accounts from which to send spam. Bach Koa Internetwork Security (BKIS) said the worm was discovered earlier the week of April 20 in one of its honeypots, the term for a computer set up to catch samples of malicious software. BKIS has named the malware “W32.Gaptcha.Worm.” Once a computer is infected with Gaptcha, the worm launches the Internet Explorer browser and goes to Gmail’s new account registration page. It begins to fill in random names of fictitious users. When confronted with a CAPTCHA, the worm sends the image to a remote server for processing, wrote a senior malware researcher, on the BKIS blog. A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is the distorted text that a person must solve before a new account can be created. It used to be hard for computers to translate the text, but improvements in OCR (optical character recognition) technology have overcome that barrier. In some cases, spammers are believed to employ people in low-income countries to figure out the CAPTCHA in order to gain new e-mail accounts. Once a new registration is complete, the account details are then e-mailed to a spammer. After too many account registrations, Google will eventually block the particular computer creating the accounts. The worm then removes itself, the researcher wrote. Source: http://www.pcworld.com/businesscenter/article/163788/worm_solves_gmails_captcha_creates_fake_accounts.html

Communications Sector

54. April 27, WGRZ 2 Buffalo – (New York) Regional outage affected Time Warner phone, Internet customers. A spokeswoman for Time Warner Cable says an outage at the company’s regional headquarters caused customers across the Northeast to lose telephone and Internet services early April 26. Crews worked to bring the Northeast Regional Office in Syracuse back online, thousands of customers from Buffalo to Portland, Maine were without phone and Internet access. However, the outage did not affect cable TV services. It took several hours to get the regional high-speed data network back up and running. Source: http://www.wgrz.com/news/local/story.aspx?storyid=66211&provider=gnews