Department of Homeland Security Daily Open Source Infrastructure Report

Monday, June 22, 2009

Complete DHS Daily Report for June 22, 2009

Daily Report

Top Stories

 According to the Associated Press, the U.S. Nuclear Regulatory Commission is notifying the owners of 26 nuclear plants that they are not saving enough money to dismantle the reactors once they are no longer operating. (See item 9)


9. June 18, Associated Press – (National) NRC to send shortfall letters to 26 atomic plants. The U.S. Nuclear Regulatory Commission will notify the owners of 26 nuclear plants June 19 that they are not saving enough money to dismantle the reactors once they are no longer operating. In a memo obtained by the Associated Press on June 18, the agency told congressional offices it would make a formal announcement of its findings on June 19. It said it would work with the plants on a case-by-case basis to develop remedial savings plans. The plants deemed coming up short range from the Vermont Yankee station near Brattleboro to the three Browns Ferry reactors near Decatur, Alabama. NRC officials also said another 19 plants would have to be mothballed for up to 60 years after they shut down, partly in hopes that their decommissioning funds would see enough investment growth to pay for dismantling the reactors and removing radioactive components. Such long periods of idleness have raised concerns that plant systems could decay over time, raising the chances of an accident that might release radioactivity to the environment. Various reports by government agencies and independent groups also have raised alarm that the plants could be tempting targets for terrorists bent on creating radioactive “dirty bombs.” Source: http://www.google.com/hostednews/ap/article/ALeqM5hZeDcJSPLxdu2GpLAtnsdeECXO3QD98TF44G3


 The New Orleans Times-Picayune reports that the discovery of an envelope bearing a suspicious white powder prompted public safety officials to seal off the F. Edward Hebert Federal Building in New Orleans for more than four hours on June 18. (See item 21)


21. June 18, New Orleans Times-Picayune – (Louisiana) New Orleans Federal Building locked down after white powder found in mailroom. The discovery of an envelope bearing a suspicious white powder prompted public safety officials to seal off the F. Edward Hebert federal building in the Central Business District of New Orleans for more than four hours Thursday. Though preliminary tests determined that the powder was not hazardous, the material was sent to an FBI laboratory, officials said. Firefighters and other first responders rushed the scene and officials put the building on lockdown, meaning no one could enter or exit. Nine federal employees and two New Orleans police officers were isolated and tested because they had been exposed to the powder, said a spokesman for the New Orleans Fire Department. No one was injured. After about four hours, authorities re-opened the building. Along with police and fire personnel, several other agencies, including the Louisiana State Police, FBI, U.S. Marshals and Regional Transit Authority, responded to the scene. The mailroom was cleaned and eventually cleared of any possible toxins. The lab test is pending. Details about the powder and the envelope were not available. Source: http://www.nola.com/news/index.ssf/2009/06/new_orleans_federal_building_l.html


Details

Banking and Finance Sector

14. June 19, Reuters – (International) Stanford indicted in massive U.S. fraud case. A Texas billionaire, three associates, and a top Caribbean regulator were indicted on fraud, conspiracy, and obstruction charges in an elaborate $7 billion pyramid scheme to bilk investors, U.S. Justice Department officials said on June 19. The financier was set to appear on June 19 in federal court in Virginia to answer Texas grand jury charges he orchestrated the fraud through his bank on the Caribbean island of Antigua. The financier, an executive, two accountants, and Antigua’s top regulator were hit with 21 charges alleging they concocted a broad ruse to deceive investors, fabricate financial statements, and hide their fraud. “This scheme was carefully orchestrated to make sure the true information never saw the light of day,” said the head of the Securities and Exchange Commission’s enforcement unit. Source: http://www.reuters.com/article/bondsNews/idUSN1942415420090619


Information Technology


36. June 19, Spamfighter – (International) Apple accepts Mac’s vulnerability to malware. Security company ‘SecureMac’ reports that Apple has eventually admitted that viruses and spyware pose a threat to Mac OS X and to its most recent operating system ‘Snow Leopard.’ According to Apple, Snow Leopard is being designed to add new mechanism that would facilitate in protecting against attacks like phishing and sandboxing in Safari. However, this technology is not a complete anti-malware solution. Apple claimed on its official website that Mac had built-in technologies, which helped to protect from malicious software as well as other security threats. Since computer systems were not cent percent immune from attacks, antivirus software might be deployed for additional protection, Apple suggested. Responding to Apple’s statement, SecureMac said that they appreciated Apple for acknowledging the fact that Mac was not immune to malware attacks. This statement contradicted Apple’s TV advertisements that criticized their counterparts by claiming that Macs were totally safe. Nevertheless, it was vital that one should realize that the new mechanisms built into the operating software would not safeguard from all attacks, SecureMac added. Source: http://www.spamfighter.com/News-12582-Apple-Accepts-Macs-Vulnerability-to-Malware.htm


37. June 18, CNET News – (International) Microsoft’s free antimalware beta on the way. Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on June 23 as it phases out its Live OneCare suite in favor of a simpler free consumer security offering. Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the U.S., Brazil, and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year. The service works like traditional antivirus products in which client software monitors programs on a PC. When something changes on the computer, such as files being downloaded or copied or software trying to modify files, the system checks against a set of malware signatures in the client program to see if the code matches the signature for known malware. If so, it blocks it from getting downloaded. If no signature match is found, the system will ping the server-based Dynamic Signature Service to see if any new signatures are available and, if so, it removes the malware. If it appears to be new malware, the Dynamic Signature Service may request a sample of the code in order to create a new signature. The service updates its anti-malware database constantly and publishes new antivirus signatures to Microsoft Update three times a day, the general manager of Microsoft’s Anti-Malware team said in an interview on June 18. Source: http://news.cnet.com/8301-1009_3-10268040-83.html


38. June 17, SC Magazine – (International) “Nine-Ball” mass injection attack compromised 40,000 sites. A new threat dubbed “Nine-Ball” has compromised up to 40,000 legitimate Web sites, which are, in turn, infecting users with an information-stealing trojan, according to security vendor Websense. The attack is called “Nine-Ball” because of the name of the final, malicious landing page, which is loaded with drive-by exploits, that unsuspecting users automatically are redirected to if they visit one of the compromised sites. Ninetoraq.in, the exploit site, contains malicious code that looks for already patched vulnerabilities in Acrobat Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy, which it then attempts to exploit, the manager of security research at Websense, told SCMagazineUS.com on June 17. The flaws have all been patched; some date back to 2006, the manager said. But, the Reader and QuickTime vulnerabilities are newer, making it less likely that users are patched for them. If the malicious code finds an unpatched vulnerability to exploit, it either drops a malicious PDF file or a trojan designed to steal user information, the manager said. All of the exploits currently have low detection rates, he added. The 40,000 legit but compromised Web sites were “sleeping” up until June 15, the manager said. Before then, if a user visited one of them, they were redirected to Ask.com. On June 15, though, the attack updated and users started being redirected to the ninetoraq malicious site. Source: http://www.scmagazineus.com/Nine-Ball-mass-injection-attack-compromised-40000-sites/article/138664/

Communications Sector

4. June 18, CleanTechnica.com – (National) Closer to the Sun: Satellite solar is out of this world. Another type of space race is to be the first company to get solar satellites into orbit. U.S. companies are aggressively researching the technology, reports Yale 360. One firm called PowerSat in Washington State has filed for patents to link as many 300 shiny satellites together in space, beam the energy to one big satellite, then transmit the power back to Earth. The star trek also includes using solar-powered thrusters to launch satellites into orbit 22,000 miles above Earth. California utility PG&E also has signed a deal with Solaren for 200 megawatts of space-based solar power in 2016, according to the Wall Street Journal. Source: http://cleantechnica.com/2009/06/18/closer-to-the-sun-satellite-solar-is-out-of-this-world/ See also: http://e360.yale.edu/content/digest.msp?id=1930

18. June 19, Associated Press – (Illinois) Storms sock city, slug airports. Chicago airports experienced storm-related delays, thousands of residents of northern and central Illinois lost power, and flash flooding closed roads and backed up traffic following heavy rains that beat down on the city. Chicago Police said flooding closed a northbound ramp on Lake Shore Drive. Flight delays at O’Hare International Airport averaged one hour and more than 50 flights were canceled. Midway was seeing shorter delays and no cancellations. The storm also kicked WBBM-AM off the air. Just after noon, the radio station’s broadcast tower was hit by lightning, a spokeswoman told the Chicago Sun-Times for a story on its Web site. WBBM was back on the air around 12:40 p.m., the paper reported. ComEd reported 5,800 customers without electricity, mostly in the Rockford area. About 7,300 Ameren customers were without power, mostly in Knox, Peoria, and Warren counties. According to Ameren, the storm left about 43,500 customers in the dark early Thursday morning. Source: http://www.chicagobusiness.com/cgi-bin/news.pl?id=34480 See also: http://www.marketwatch.com/story/ameren-illinois-utilities-report-service-restored-for-23600-majority-of-customers-to-have-lights-on-tonight

Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 19, 2009

Complete DHS Daily Report for June 19, 2009

Daily Report

Top Stories

 The New York Times reports that the EPA declared a public health emergency on Wednesday in and near Libby, Montana, where over the course of decades asbestos contamination in a vermiculite mine has left hundreds of people dead or sickened from lung diseases. It was the first health emergency ever declared under the Superfund law. (See item 7)

7. June 17, New York Times – (Montana) U.S. cites emergency in asbestos-poisoned town. The Environmental Protection Agency declared a public health emergency on June 17 in and near Libby, Montana, where over the course of decades asbestos contamination in a vermiculite mine has left hundreds of people dead or sickened from lung diseases. It was the first health emergency ever declared under the Superfund law, the 1980 statute that governs sites contaminated or threatened by hazardous substances. The Libby site has been designated a Superfund priority since 2002. A spokeswoman for the EPA said that in anticipation of the declaration, the Department of Health and Human Services had agreed to make $6 million available to the Lincoln County Health Clinic, which provides care to residents of the area, to finance treatment of people with asbestos-related conditions. She said the declaration also authorized the environmental agency to remove vermiculite, whose uses include insulating, from buildings there. The Libby mine, originally operated by the Zonolite Company, at one time provided 80 percent of the nation’s vermiculite insulation, according to the EPA. W.R. Grace & Company bought the mine in 1963 and, according to the agency, sold vermiculite insulation from there until 1983. Grace closed the mine in 1990. The company and three of its former executives were acquitted in federal court last month of charges that they had knowingly contaminated Libby with asbestos and then conspired to cover up the deed. Source: http://www.nytimes.com/2009/06/18/science/earth/18libby.html?_r=1&ref=global-home

 According to the Associated Press, water supplies for 33 million people could be endangered if millions of acres of beetle-ravaged forests in the Rocky Mountains catch fire, a U.S. Forest Service official told a House panel on Tuesday. Severe fires, fueled by these trees, could damage or destroy reservoirs, pipes, and other infrastructure that supply water in the region. (See item 25)

25. June 16, Associated Press – (National) Water supplies at risk from fires in dead forests. Water supplies for 33 million people could be endangered if millions of acres of beetle-ravaged forests in the Rocky Mountains catch fire, a U.S. Forest Service official said on June 16. The chief forester for the Rocky Mountain region told a House panel that the headwaters of the Colorado River, an important water source for residents of 13 States, are in the middle of 2.5 million acres of dead or dying forests in Colorado and southern Wyoming. Severe fires, fueled by these trees, could damage or destroy reservoirs, pipes and other infrastructure that supply water to millions of people in the Rocky Mountain region. Wildfires can “literally bake the soil,” leaving behind a water-repellent surface that sheds rain and leads to severe erosion and debris, he said. The loss of so many trees also will reduce shade in the region, which in turn could reduce water supplies in the hot, dry summer months and accelerate snowmelt in the spring, he said. A Forest Service analysis indicates people in San Diego, Los Angeles, Phoenix, and Tucson, Arizona who get their tap water from the Colorado River get one quart of every gallon from National Forests in the Rocky Mountain region. The current outbreak — which has killed nearly 8 million acres of trees — is the biggest in recorded history, a research entomologist with the Forest Service told the committee. Another concern is the 13,000 miles of electricity transmission lines that run through the forests. There is a possibility that multiple fires at the same time could cause widespread regional power outages, the special projects manager for the Western Area Power Administration told the committee. Source: http://www.miamiherald.com/news/politics/AP/story/1099113.html

Details

Banking and Finance Sector

11. June 18, Kennebec Journal & Morning Sentinel – (Maine) Phone scams hit area in ‘huge’ new wave. A phone scam is affecting residents of the Waterville area. An unlisted number contacts an individual telling them that their account has been locked to supermarket use only and they are instructed to press “1” to speak to a representative. “There have been a huge number of telephone scams going on in the area,” the Waterville chief of police said on June 17. “It is all over the place. It is prolific.” New Dimensions Federal Credit Union has fielded numerous complaints, he said. At least one complaint was filed with the Winslow Police Department on June 16, from a resident who received the pre-recorded message at 9:45 p.m., asking for her debit-card information. The woman contacted her bank, TD Banknorth, and was told that others had made the same complaint that day, according to a police log. The telephone scams, which are sometimes referred to as “phishing” calls, appear to involve both a pre-recorded message claiming to be from a financial institution and another that involves a live person, the Waterville chief of police said. Source: http://morningsentinel.mainetoday.com/news/local/6487903.html


12. June 17, KPTV 12 Portland – (National) Text scam says Visa account closed. A nationwide text messaging scam that aims to trick cell phone users into handing over their bank account information has swept the country in recent weeks. Thousands of people across the United States have received the same text message and some have called the phone number. The victims have reported fake charges on their Visa cards and others have had their accounts cleaned out. Because the scammers use phone numbers for just a few days, it is difficult for investigators to track them down. Consumer experts recommend never responding to text messages and always calling the bank first. Experts have warned that the scammers often send the messages on a Friday so they can use the bank account information over the weekend. The Federal Trade Commission has taken control of some of the phone numbers used by the scammers in hopes of getting the word out about the scam. Source: http://www.kptv.com/news/19779428/detail.html


13. June 17, Insurance Journal – (Texas) Texas AG warns of scam targeting credit union accounts. The Texas Attorney General has warned that Schlumberger Employees Credit Union members should be aware of a “smishing” scam that has been uncovered in the Houston area. Members of the Sugar Land-based credit union have complained to the Office of the Attorney General about receiving fraudulent text messages that claim their Schlumberger Employees Credit Union debit card has been deactivated for security reasons. The text messages claim that cardholders must call an 800-number and provide personal information to reactivate their cards. The Attorney General warned that personal information should never be provided in response to unsolicited text messages, e-mails or telephone calls — even if they appear to be from a legitimate business. Recipients should never click on links provided in unsolicited e-mails or text messages. Banks do not send unsolicited electronic messages or make unsolicited phone calls asking customers for their personal information. Customers with questions about the validity of communication that claims to be from a financial institution should contact the institution directly by telephone or in person. Source: http://www.claimsjournal.com/news/southcentral/2009/06/17/101495.htm


14. June 17, Reuters – (National) FDIC’s Bair says big firms “can and will fail.” Market participants should clearly get the message that large financial institutions “can and will fail” under the Presidential Administration’s regulatory reform proposal, the top U.S. bank regulator said on June 17. The chairman of the Federal Deposit Insurance Corp said addressing the idea of “too big to fail” is “of primary importance.” “Market participants should understand that large institutions can and will fail and that an effective resolution mechanism will be uniformly applied to institutions in a fair, transparent and consistent manner,” the chairman said in a statement. The U.S. President’s sweeping plan to reform financial regulation, which was unveiled on June 17, included a proposal to make the FDIC the resolution authority responsible for unwinding troubled financial firms. The chairman has told lawmakers that an effective resolution regime could discourage banks from growing too large and complex because they would no longer view government bailouts as a backstop. Source: http://www.reuters.com/article/GCA-BarackObama/idUSTRE55G6LD20090617


Information Technology


36. June 18, Spamfighter.com – (International) BKIS – Deep Freeze application fails to detect new Chinese worm. Security researchers at Bach Khoa International Security (BKIS) have warned computer users about a new worm called W32.SafeSys.Worm that has an ability to bypass security applications such as Deep Freeze. The worm was first detected in early March 2009, and since then, around 174 new variants of this Chinese born virus have been discovered on the Internet. Faronics has developed Deep Freeze application to facilitate administrators to restore their systems after being used by unauthorized parties. Cybercafes, school computer labs and libraries are increasingly using this application to protect their systems from hackers’ attacks. Deep Freeze prime function is to monitor changes in sectors (like data storage area) within hard disk partitions and save changes in another area (like buffer). When a normal program retrieves anyone of these sectors, it collects data from the buffer sector instead of the original sectors. As the system initiates the rebooting process, temporary data saved in the buffer gets deleted and the system is restored to its previous state. Hence, online shops often believe that their systems are safe from virus attacks as they have installed Deep Freeze application. However, W32.SafeSys.Worm utilizes a new technique in which it directly writes on sectors of hard disk by requesting for direct link with the disk controller. Interestingly, the worm does not leave any scope for its identification by frozen system programs such as Deep Freeze while writing on hard disk. It has been found that online shops solely depends on the abovementioned software and do not have other protections installed fall to W32.SafeSys.Worm. As per the figures given by BKIS, nearly 45,000 computers across Vietnam have been discovered with this virus. Source: http://www.spamfighter.com/News-12578-BKIS-%E2%80%93-Deep-Freeze-Application-Fails-to-Detect-New-Chinese-Worm.htm


37. June 18, ComputerWeekly – (International) Hackers to release Apple iPhone OS 3.0 software jailbreak. The Dev Team’s MuscleNerd has released a video demonstration of Ultrasnow, an updated version of the hacker group’s Yellosnow iPhone software jailbreak released on January 1, 2009. Apple has since patched the iPhone’s vulnerability exploited by Yellosnow to allow iPhone users to connect to the mobile phone carrier of their choice. Ultrasnow capitalizes on another weakness in newer Apple iPhones discovered by an Israel-based hacker just six weeks after Apple gave a preview of iPhone OS 3.0. MuscleNerd claims Ultrasnow will work on any iPhone 3G running 3.0, but does not mention Apple’s new iPhone 3GS, also due for release on June 19. But in a blog posting, the Dev Team said they will not be releasing any updates on their progress with iPhone 3G S. Source: http://www.computerweekly.com/Articles/2009/06/18/236493/video-hackers-to-release-apple-iphone-os-3.0-software.htm


38. June 17, CNET News – (International) ‘Golden Cash’ botnet-leasing network uncovered. Researchers at security firm Finjan said on June 17 that they have uncovered an underground botnet-leasing network where cyber criminals can pay $5 to $100 to install malware on 1,000 PCs for things like stealing data and sending spam. The Golden Cash network, dubbed “Your money-making machine” on its home page, sells access to botnets comprised of thousands of compromised PCs to cyber criminals for custom malware spreading jobs, according to issue 2 of the Cybercrime Intelligence Report for 2009. It works like this: a cyber criminal creates a botnet by hiding malicious code in a legitimate Web site that is used to turn Web surfing PCs into zombies. The code, typically an iFrame, points the PCs to a separate Web site where they are then infected with a Trojan backdoor that reports back to the Golden Cash command and control server. In order to increase the number of botnets, the Golden Cash server installs an FTP (file transfer protocol) grabber on new zombies to steal credentials used by the computers to run Web sites, giving the server control over additional legitimate Web sites. Approximately 100,000 domains, including corporate domains from around the world, were identified among the stolen FTP credentials under Golden Cash’s control, according to the report. Customers pay for the ability to install different types of malware on the Golden Cash bots, which are recycled for new jobs and new customers afterward. Prices are higher for compromised PCs in western countries, the report said. “This advanced trading platform marks a new milestone in the cybercrime evolution,” Finjan said in a statement. Source: http://news.cnet.com/8301-1009_3-10266977-83.html


Communications Sector

Nothing to report.

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, June 18, 2009

Complete DHS Daily Report for June 18, 2009

Daily Report

Top Stories

 According to the Associated Press, the number of Nebraska cattle herds quarantined because of bovine tuberculosis concerns has jumped to 42, and authorities warned the disease may have already spread to Colorado and South Dakota. (See item 22)

22. June 17, Associated Press – (National) Bovine TB quarantine expands to 42 Nebraska herds. The number of Nebraska cattle herds quarantined because of bovine tuberculosis concerns has jumped to 42 and two other states were warned the disease may have already spread there. The quarantine, which includes roughly 15,000 Nebraska cattle, is likely to continue growing in the weeks ahead, Nebraska agriculture director said, because investigators are still tracking down all the animals that may have had contact with the infected herd over the last two years. The director said the 10 herds added to the quarantine on June 16 included cattle bought from restricted herds before the quarantine was imposed. And Colorado and South Dakota officials have been alerted because animals from quarantined herds were sold to cattle producers in those two states. Ten Nebraska counties now have quarantined herds, up from five last week. The outcome of that investigation could create a significant disadvantage for Nebraska’s roughly $10 billion cattle industry. Meanwhile, Texas officials quarantined a West Texas dairy herd and slaughtered several cattle that tested positive for tuberculosis. They have not yet identified the source. Also, the Kentucky State veterinarian has imposed restrictions on certain livestock entering Kentucky from Nebraska and Texas as a result of outbreaks of tuberculosis in cattle in those states. Source: http://www.google.com/hostednews/ap/article/ALeqM5g-Ss18sZ5KvhQjwReuBIOADRhYCQD98SCD880

 The Associated Press reports that emergency crews’ response to the massive coal ash spill last year at the Kingston coal-fired plant in Tennessee was hampered by TVA’s failure to adopt Homeland Security’s National Incident Management System protocols for emergency communications, the public utility’s internal auditors said on Monday. (See item 40)

40. June 17, Associated Press – (Alabama; Tennessee) Report cites emergency communications, media errors, delayed victim response after ash spill. Emergency crews’ response to a massive coal ash spill last year was hampered by the Tennessee Valley Authority’s (TVA) failure to adopt emergency communication procedures recommended by the Federal Government, the public utility’s internal auditors said late June 16. The report by the TVA’s Inspector General’s Office also faulted the utility for making inaccurate statements to the media and a claims process that delayed reparations to victims. “TVA management generally agreed with the report and plans to take actions in regards to the recommendations,” the deputy inspector wrote. The utility’s managers disagreed with how the report described inaccurate statements to the media. The inspector general sharply criticized the agency’s 11 coal-fired power plants for failing to adopt Homeland Security’s National Incident Management System protocols for emergency communications, which are used by TVA’s nuclear and hydroelectric stations. Emergency responders with other agencies complained that TVA managers were “speaking a different language” in the key hours after the spill because they were unfamiliar with the protocol’s terms and concepts. Some TVA managers were even scrambling to look up terms on the Internet before consultants were finally hired to straighten things out at a cost of $510,000, the auditors said. The communications breakdown caused delays in getting environmental data about the ash, in assessing the stability of the remaining dike and in distributing health and safety information to the public, including a 12-hour delay in lifting an evacuation order. TVA misstatements to the media included initial reports that the spill was less than half its actual size. There were inconsistent statements on whether the Kingston dike failure was connected to earlier leaks. Source: http://www.newsday.com/news/nationworld/nation/wire/sns-ap-us-coal-ash-spill-response,0,4300469.story See also: http://www.tennessean.com/article/20090617/GREEN02/906170370/TVA%20wasn%20t%20trained%20to%20handle%20Kingston%20Springs%20ash%20spill

Details

Banking and Finance Sector

11. June 17, Wall Street Journal – (National) Obama wants SEC, CFTC to police derivatives. The Securities and Exchange Commission and Commodity Futures Trading Commission should get “clear, unimpeded authority to police and prevent fraud” in the derivatives markets, according to a new U.S. Presidential Administration proposal. The Administration also wants new record-keeping and reporting requirements on all over-the-counter derivatives as part of its proposed revamp of financial regulators. “All OTC derivatives markets, including CDS (credit default swaps) markets, should be subject to comprehensive regulation that addresses relevant public policy objectives,” according to a near-final draft of the regulator plan. The proposal, obtained on June 16, was being circulated through Washington ahead of the U.S. President’s announcement of a major proposed rewrite of U.S. financial regulations. Many of the proposals would require Congress to act, so significant changes are likely. The U.S. President’s proposal touches on regulation of banking, securities, mortgages and other financial products. For derivatives, the plan describes core principles, such as “preventing activities in those markets from posing risk to the financial system.” It also seeks to promote the efficiency and transparency while preventing market manipulation, fraud, and other market abuses. The plan also seeks to ensure “that OTC derivatives are not marketed inappropriately to unsophisticated parties.” It calls for ensuring the SEC and CFTC “have clear, unimpeded authority to police and prevent fraud, market manipulation, and other market abuses involving all OTC derivatives.” Source: http://online.wsj.com/article/SB124520844404822287.html


12. June 17, Financial Times – (National) Banks cut FDIC guarantee ties. JPMorgan Chase and Morgan Stanley will no longer issue government-guaranteed bonds in an effort to sever their financial ties to the U.S. authorities and show investors they can fund themselves without Washington’s help. In separate statements, the two banks said on June 16 they did not expect to have to sell short-term bonds backed by banking regulator, the Federal Deposit Insurance Corporation. The announcements by the two banks, which could be followed by Goldman Sachs and the other institutions that passed the government’s recent stress tests, make it likely the debt guarantee plan will not be extended beyond its October deadline. The move by JPMorgan and Morgan Stanley underline the gap between banks that have freed themselves from government aid and rivals such as Citigroup, Bank of America and Wells Fargo that still owe money to the authorities. Source: http://www.ft.com/cms/s/0/bed54412-5ad5-11de-8c14-00144feabdc0.html


13. June 16, Bloomberg – (Illinois) Lake Shore’s Baker indicted in $300 million fraud. The managing director of the collapsed Chicago hedge fund Lake Shore Asset Management Ltd. was indicted by a U.S. grand jury for allegedly operating a $300 million fraud. The 27-count indictment was unsealed June 15, the Chicago U.S. Attorney said in a statement on June 16. While an arrest warrant has been issued for the defendant, his whereabouts are unknown, the prosecutor said. The U.S. Commodity Futures Trading Commission last year accused the defendant in a civil-enforcement lawsuit of having defrauded at least 700 investors by hiding trading losses. The CFTC won court orders barring Lake Shore from commodities trading. “The defendant misrepresented and caused to be misrepresented that Lake Shore had a long history of trading success,” when in reality it had lost about $38 million between 2002 and 2007, according to the indictment. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=atvW964OYSr0


14. June 15, Reuters – (National) U.S. credit card defaults rise to record in May. U.S. credit card defaults rose to record highs in May, with a steep deterioration of Bank of America Corp’s lending portfolio, in another sign that consumers remain under severe stress. Delinquency rates, an indicator of future credit losses, fell across the industry, but analysts said the decline was due to a seasonal trend, as consumers used tax refunds to pay back debts, and they expect delinquencies to go up again in coming months. “I find it hard to believe that it is really a trend. You need to see stabilization in unemployment before you see anything else,” said an analyst at Stifel Nicolaus. “It is too early to see some kind of improvement.” Bank of America Corp, the largest U.S. bank, said its default rate, those loans the company does not expect to be paid back, soared to 12.50 percent in May from 10.47 percent in April. The bank is paying the price of expanding rapidly in recent years and of holding one of the highest concentrations of subprime borrowers among the top card issuers, analysts said. In addition, American Express Co, which accounts for nearly a quarter of credit and charge card sales volume in the United States, said its default rate rose to 10.4 percent from 9.90, according to a regulatory filing based on the performance of credit card loans that were securitized. Citigroup, the largest issuer of MasterCard branded credit cards, reported credit card chargeoffs rose to 10.50 percent in May from 10.21 percent in April. Source: http://www.reuters.com/article/newsOne/idUSTRE55E5GQ20090615


Information Technology


33. June 17, MX Logic – (International) Cligs URL shortener hacked to redirect 2.2 million links. Hackers managed to hijack some 2.2 million links posted through the URL shortening service Cligs, redirecting the links to a single page on freedomblogging.com, a website of the OC Register. The hack occurred sometime on June 15, Cligs, the fourth-most popular URL shortening service, said on the company’s blog. The hackers were able to exploit a security flaw in the company’s URL editing software to change the web addresses of the links. The company said on June 17 that it is moving to a new platform and 97 percent of the affected URLs were backed up and restorable. “I have identified the hole and disabled all cligs editing for now and I am restoring the URLs back to their original destination states,” the company blog said on June 16. Cligs also said the hackers were not able to hijack user accounts and passwords are encrypted on the site. Although the hacker did not redirect the URLs to a malicious site, web security experts said the attack demonstrates how URL shorteners could be used by cybercriminals to direct users to malicious sites for phishing or to spread malware. Source: http://www.mxlogic.com/securitynews/web-security/cligs-url-shortener-hacked-to-redirect-22-million-links091.cfm


34. June 16, San Francisco Chronicle – (International) Sophisticated online crime ring detected. Security researchers have uncovered a sophisticated online network for buying and selling access to infected PCs, raising concerns that businesses, governments and even home computer users are growing ever more vulnerable to cybercrime. Called GoldenCashWorld, the network acts as a one-stop shop for people who seek to acquire, sell or trade infected computers and Web sites. Infected PCs can be used to send spam or collect documents and personal information or inject new Web sites with malicious code that can in turn be passed on to fresh PCs. The network also includes tools for creating malicious code and stolen credentials for about 100,000 Web sites. Although it appears to be in Russia, about 40 percent of the computers compromised through the network belong to individuals or companies in the United States. “This is the most advanced network we have found,” said the chief technology officer of Finjan, a venture-funded security company based in San Jose that found the network two months ago. “They are trying to combine all the elements together and enable more people to participate in this crime.” Other security researchers said that they were not surprised by Finjan’s discovery, which the company announced on June 16. Source: http://www.sfgate.com/cgi-

bin/article.cgi?f=/c/a/2009/06/16/BUK618882A.DTL


Communications Sector

35. June 16, IDG News Service – (National) FCC chair nominee: broadband deployment a major priority. Rolling out broadband to rural and other areas that lack service will be a major priority for the U.S. Federal Communications Commission, the man nominated to be chairman of the agency said on June 16. The FCC, tasked by the U.S. Congress with creating a national broadband plan, will focus on making broadband available and affordable to U.S. residents, said the nominee to become chairman of the FCC. Congress, in requiring a national broadband plan in a huge economic stimulus package passed earlier this year, recognized that “we as a country are not where we need to be, with respect to our communications infrastructure,” said the nominee, who was a tech adviser to the U.S. President’s presidential campaign and a former special counsel at the FCC. “We should have, I believe, a communications infrastructure that is world-leading, a 21st-century infrastructure that generates economic growth, opportunity, prosperity.” The economic stimulus package provides $7.2 billion for broadband deployment in both unserved and “underserved” areas. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=networking_and_internet&articleId=9134465&taxonomyId=16&intsrc=kc_top