Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, May 11, 2010

Complete DHS Daily Report for May 11, 2010

Daily Report

Top Stories

 According to the Associated Press, radioactive water that leaked from Oyster Creek Nuclear Generating Station in Lacey Township, New Jersey has now reached a major underground aquifer that supplies drinking water to much of southern New Jersey, the state’s environmental chief said on May 7. (See item 47)

47. May 8, Associated Press – (New Jersey) Tainted nuke plant water reaches major NJ aquifer. Radioactive water that leaked from the nation’s oldest nuclear power plant has now reached a major underground aquifer that supplies drinking water to much of southern New Jersey, the state’s environmental chief said May 7. The New Jersey State Department of Environmental Protection has ordered the Oyster Creek Nuclear Generating Station in Lacey Township to halt the spread of contaminated water underground, even as it said there was no imminent threat to drinking-water supplies. The department launched a new investigation May 7 into the April 2009 spill and said the actions of plant owner Exelon Corp. have not been sufficient to contain water contaminated with tritium. The tritium leaked from underground pipes at the plant April 9, 2009, and has been slowly spreading underground at 1 to 3 feet per day. At the current rate, it would be 14 or 15 years before the tainted water reaches the nearest private or commercial drinking water wells about two miles away. But the mere fact that the radioactive water — at concentrations 50 times higher than those allowed by law — has reached southern New Jersey’s main source of drinking water calls for urgent action, the chief said. He ordered the Chicago-based company to install new monitoring wells to better measure the extent of the contamination, and to come up with a plan to keep the tainted water from ever reaching a well. Should the plant fail to stem the spread of the contaminated water, the state will do it and bill the company for three times the cost as a penalty, the environmental department said. Source: http://www.google.com/hostednews/ap/article/ALeqM5jrD4xonSoPnaXaZTftwd4RXuoA2gD9FI7LJ80


 The Associated Press reports that a 17-year-old with a grudge against his former Long Island, New York high school planned with his girlfriend to buy shotguns, enter his old school, and indiscriminately shoot down students and teachers, days before his ex-classmates were scheduled to graduate, police said on May 7. The two teenagers set a June 10 date for the planned attack on Connetquot High School in Bohemia. (See item 53)

53. May 8, Associated Press – (New York) 2 NY teens arrested in plot to attack high school. A 17-year-old with a grudge against his former Long Island, New York high school planned with his girlfriend to buy shotguns, enter his old school and indiscriminately shoot down students and teachers, days before his ex-classmates were scheduled to graduate, police said May 7. The two teenagers extensively researched bomb making, attempted to buy a shotgun and set a June 10 date for the planned attack on Connetquot High School in Bohemia, a Suffolk County police sergeant said. Evidence from the 16-year-old girl’s computer and cell phone showed they had searched bomb-making and explosives Web sites, and exchanged text messages in which they discussed plans to buy firearms and kill people, police said. Both were arrested and charged as adults with conspiracy. The boy pleaded not guilty at his arraignment May 7, while his girlfriend entered a not-guilty plea last week. Each could face up to a year in jail if convicted. Source: http://www.google.com/hostednews/ap/article/ALeqM5hMAjanxTBPm4bq3Ph_FSNHKxpnsgD9FID3600

Details

Banking and Finance Sector

20. May 9, KEZI 9 Eugene – (National) ATM users on alert after skimming cases along West Coast. An unidentified suspect is wanted by authorities in three different states, including Oregon. Police said he is stealing bank card numbers and pins using an ATM skimming device. He then produces cloned bank cards and pilfering accounts. A surveillance photo taken at a Vancouver, Washington, bank shows a white male, around 30 to 40 years old. Police said he has short brown hair, a mustache and a goatee. They said he’s about 5’9” to 6 feet tall and has a stocky build. Vancouver is one area the suspect allegedly hit the hardest. Police said they are still looking for him. The case extends to California, Nevada, Idaho and Washington, with incidents occurring from August 2009 to April 2010. Source: http://kezi.com/news/local/173171


21. May 9, Philadelphia Inquirer – (Pennsylvania) Grays Ferry man is sought in 4 Center City bank heists. Federal agents continued their hunt May 8 for a serial Center City bank robber whose latest of four heists was occurred just before lunchtime May 7 in Philadelphia, Pennsylvania’s business district. The FBI released a photo and description of the 31-year-old suspect saying he was linked to the Susquehanna Bank holdup at 1635 Market St. around 11:35 a.m. May 7 and three other downtown bank robberies since April. The FBI said the suspect had been captured on videotape inside the Susquehanna Bank and had “presented a threatening note to a teller.” The robber fled on foot with an unknown amount of cash, the FBI said. Authorities believe the suspect is also linked to the robberies of Republic First Bank at 1601 Market St. Monday, the TruMark Financial Credit Union branch at 1811 JFK Blvd. April 26, and PNC Bank at 230 S. Broad St. April 21. Source: http://www.philly.com/inquirer/local/pa/20100509_Grays_Ferry_man_is_sought_in_4_Center_City_bank_heists.html


22. May 8, Bank Info Security – (National) Four banks fail May 7. State and federal regulators closed four banks Friday, May 7. These closings raise to 75 the number of failed institutions so far in 2010. The Bank of Bonifay, Bonifay, Florida, was closed by the Florida Office of Financial Regulation, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. The First Federal Bank of Florida, Lake City, FL will assume all of the deposits of the failed bank. The failed bank had $242.9 million in total assets .The estimated cost to the Depositors Insurance Fund (DIF) will be $78.7 million. Access Bank, Champlin, MN, was closed by the Minnesota Department of Commerce, which appointed the FDIC as receiver. The bank’s assets were sold to PrinsBank, Prinsburg, MN. Access Bank had $32 million in assets. The estimated cost to the DIF will be $5.5 million. Towne Bank of Arizona, Mesa, AZ, was closed by the Arizona Department of Financial Institutions, which appointed the FDIC as receiver. Commerce Bank of Arizona, Tucson, AZ will assume all of the deposits of the failed bank. The Towne Bank of Arizona branch will become a branch of Commerce Bank of Arizona. Towne Bank of Arizona had $120.2 million in total assets. The FDIC estimates that the cost to the DIF will be $41.8 million. 1st Pacific Bank of California, San Diego, California, was closed by the California Department of Financial Institutions, which appointed the FDIC as receiver. The six branches of 1st Pacific Bank of California will reopen as branches of City National Bank. 1st Pacific Bank of California had $335.8 million in assets. The estimated cost to the DIF will be $87.7 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2502


23. May 8, Krebs on Security – (International) Visa warns of fraud attack from criminal group. Visa is warning financial institutions that it has received reliable intelligence that an organized criminal group plans to attempt to move large amounts of fraudulent payments through a merchant account in Eastern Europe, possibly as soon as this weekend. In an alert sent to banks, card issuers and processors this week, Visa said it “has received intelligence from a third-party entity indicating that a criminal group has plans to execute “a large batch settlement-fraud scheme.” The alert states that the criminals claimed to have access to account numbers and the ability to submit a large batch-settlement upload to occur over a weekend. Visa does not have any information as to when the fraudulent settlement activity may occur. The criminals claim to have access to a merchant account placed with a bank in Eastern Europe. Upon receipt of this notification from the third-party, Visa immediately implemented monitoring of large-settlement activity for banks located in Eastern Europe. To date, Visa has not seen abnormal or large-settlement activity. Visa is continuing to monitor and will alert any affected Visa clients of abnormal activity, if necessary. Visa said institutions should start monitoring for large or unusual settlement activity, conduct monitoring daily, especially over weekends and long holidays, and review settlement and charge-back activity for high-risk merchants and agents. Source: http://krebsonsecurity.com/2010/05/visa-warns-of-fraud-attack-from-criminal-group/


24. May 8, Contra Costa Times – (California) Improper disposal of hundreds of loan applications raises security concerns. The financial and personal details of about 300 property-loan applicants were compromised when confidential documents were mistakenly tossed into an outdoor waste bin. The paperwork, belonging to FHG Finance, a home-loan business at 548 Contra Costa Blvd. in Pleasant Hill, California was discarded recently by a cleaning crew hired to clear out a portion of the building where FHG is based, an official at the business said. The documents, which contained bank account and Social Security numbers, were found by employees at a neighboring store, who alerted FHG. The company secured the trash bin with a padlock until the documents could be shredded. The vice president of FHG described it as a close call. Source: http://www.contracostatimes.com/news/ci_15041466


25. May 8, Roanoke Times – (Virginia) National Bank again targeted in scam. The National Bank of Blacksburg, Virginia has been the target again of a scam that attempts to obtain confidential account information from residents. Bank officials said May 7, that residents are reporting receiving scam phone calls requesting confidential debit card and bank account information. The fraudulent automated calls say they are from the National Bank of Blacksburg, which is a subsidiary of National Bankshares Inc. The National Bankshares’ chairman, president, and CEO said in a news release that the bank’s computer system has not been compromised and the bank is not the source of any information, including phone numbers. Officials said the calls appear to be a continuation of a large-scale phishing attack on the bank in mid-April when fraudulent e-mails, phone calls and text messages using the bank’s name, logo and Web site were sent to some Southwest Virginia residents. Source: http://www.roanoke.com/news/nrv/wb/246122


26. May 7, Sarasota Herald-Tribune – (Florida) Bomb used as weapon in Bradenton bank robbery. The Manatee County Sheriff’s bomb squad is examining a device left inside a Bradenton, Florida bank during a robbery May 7. A man put the pipe-bomb type device on the counter of a Wachovia bank in the 3700 block of Manatee Avenue West and demanded money about 2:40 p.m. He fled with an undisclosed amount of money, leaving the device on the counter, said a sheriff’s spokesman. Bomb squad deputies are using a robot to check out the device. The bank has been evacuated. The man is described as white, in his 30s, about 5-foot-9 with dark hair and a scruffy beard. He was wearing a black shirt, sunglasses and a black baseball cap. Source: http://www.heraldtribune.com/article/20100507/BREAKING/100509812/2055/NEWS


27. May 7, Associated Press – (Georgia) 3 accused in massive bank fraud. Federal prosecutors said two former executives of Integrity Bank of Alpharetta, Georgia, and a Florida developer are charged with fraud in connection with $80 million in loans made before the bank collapsed two years ago. A U.S. attorney said May 7, the 50-year-old developer of Coral Gables, Florida, used some of the loan money to buy a private island. She said the 40-year-old and 42-year-old executives dumped their Integrity stock before the failed loans came to light. The indictment alleges that with the assistance of individuals within the bank, the developer paid interest on existing loans with money from other loans, and kept borrowing to pay interest. Source: http://wsbradio.com/localnews/2010/05/3-accused-in-massive-bank-frau.html


28. May 6, U.S. Government Accountability Office – (National) Financial crisis highlights need to improve oversight of leverage at financial institutions. In 2009, the U.S. Government Accountability Office (GAO) conducted a study on the role of leverage in the recent financial crisis and federal oversight of leverage, as mandated by the Emergency Economic Stabilization Act. This testimony presents the results of that study, and discusses (1) how leveraging and deleveraging by financial institutions may have contributed to the crisis; (2) how federal financial regulators limit the buildup of leverage; and (3) the limitations the crisis has revealed in regulatory approaches used to restrict leverage and regulatory proposals to address them. The crisis has revealed limitations in regulatory approaches used to restrict leverage. First, regulatory capital measures did not always fully capture certain risks, which resulted in some institutions not holding capital commensurate with their risks and facing capital shortfalls when the crisis began. Federal regulators have called for reforms, including through international efforts to revise the Basel II capital framework. The planned U.S. implementation of Basel II would increase reliance on risk models for determining capital needs for certain large institutions. The crisis underscored concerns about the use of such models for determining capital adequacy, but regulators have not assessed whether proposed Basel II reforms will address these concerns. Such an assessment is critical to ensure that changes to the regulatory framework address the limitations the crisis had revealed. Second, regulators face challenges in counteracting cyclical leverage trends and are working on reform proposals. Finally, the crisis has revealed that with multiple regulators responsible for individual markets or institutions, none has clear responsibility to assess the potential effects of the buildup of system-wide leverage or the collective effect of institutions’ deleveraging activities. Source: http://www.gao.gov/products/GAO-10-555T


29. May 5, WIS 10 Columbia – (South Carolina) ATM skimmers, which can steal info in seconds, becoming more popular. Investigators said a person can get cleaned out in seconds when they unknowingly slip a debit card through a crook’s skimming device. It’s a new crime, and now the Secret Service and the South Carolina State Law Enforcement Division say card skimming cases are up, five times higher, so far this year. “This is actually a skimming device that was recovered from one of the local area grocery stores, here in Columbia,” said a Secret Service agent as he showed a device agents found about a month ago. The skimmer came from an ATM outside the Harbison Publix. A crook put it on the machine, and stole electronic data from dozens of debit cards. The Secret Service spent 12 hours waiting for the crook to come back for the skimmer, but the crook never showed before agents took the device as evidence. Luckily, agents took the skimmer off the ATM before the bad guys could download the information and create a new batch of victims. Source: http://www.wistv.com/Global/story.asp?S=12399919


Information Technology


57. May 10, Help Net Security – (International) Highly critical vulnerability in Safari for Windows. A vulnerability has been discovered in Apple Safari 4.0.5 for Windows, which can be exploited to compromise a system. The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted Web page and closes opened pop-up windows. Source: http://www.net-security.org/secworld.php?id=9267


58. May 10, TG Daily – (International) Hackers target WordPress in large-scale attack. Hackers have reportedly targeted a number of Web sites powered by the popular WordPress platform.รข_¨ The attacks have affected sites hosted by various providers, including DreamHost, GoDaddy, Bluehost and Media Temple. In addition, other PHP-based management systems - such as Zen Cart eCommerce - have also been targeted in the ongoing cyber offensive. “The hacked Web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page,” reported H Open. “When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.” Source: http://www.tgdaily.com/security-features/49690-hackers-target-wordpress-in-large-scale-attack


59. May 10, The Register – (International) Dodgy Facebook pages used to power ‘spam a friend’ joke scam. Dubious Facebook pages host rogue Javascript code that creates a means for miscreants to spam people on a user’s friends list, security researchers warn. A security researcher at Sunbelt Software, who goes by the online name Paperghost, explains that the ruse relies on duping prospective marks into completing surveys. Users who complete these studies would inadvertently grant access to their friends list by following instructions on misleading dialogue boxes. Baits being used in the ruse offer supposed access to the “world’s funniest joke,” among other ruses. Users are taken through a series of steps that results in them copying and then pasting JavaScript code into their address bar. Once this happens a “suggest this to your friends” dialogue box will automatically appear briefly on users’ screens before it is replaced by a captcha prompt. Users who follow through will post a spam-link on the news feed of anybody who happens to be their friend. This “spamvertised” link, in turn, promotes a fake Internet survey aimed at flogging “expensive ringtones, and fake iPod offers, as explained in a blog post. A depressing total of over 600,000 links to four pages containing the malicious JavaScript reveals that numerous users have been exposed, if not already taken in, by the scam. Source: http://www.theregister.co.uk/2010/05/10/facebook_spam_friend_scam/


60. May 7, eWeek – (International) Worms attack Skype, Yahoo Messenger. Security researchers have reported a new wave of attacks targeting users of Yahoo Messenger and Skype. BKIS (Bach Khoa Internetwork Security) researchers May 7, said the attack comes via messages such as, “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The messages contain malicious links. “The users are more easily tricked into clicking the link by these messages, because users tend to think that ‘their friend(s)’ are asking for [advice],” said the BKIS blog post. “Moreover, the URL shows a .jpg file to users, reinforcing the users’ thought of an image file.” BKIS’ discovery follows the appearance of another worm targeting Yahoo Messenger that was reported recently. “The page at the end of the link is basic and does not employ any exploits in order to install the worm, it relies solely on social engineering to trick victims into believing they are opening a picture from a friend, while in fact they run the worm,” explained a Symantec researcher May 2. Once executed, “the worm copies itself to %WinDir%\infocard.exe, then it adds itself to the Windows Firewall List, blocks the Windows Updates service and sets the following registry value so that it runs whenever the system boots: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”Firewall Administrating” = “%WinDir%\infocard.exe,” the researcher wrote. With that done, the worm then blasts itself out to everyone on the victim’s Yahoo Messenger contact list, and it may also download and execute other malicious files. Source: http://www.eweek.com/c/a/Security/Security-Researchers-Report-Attacks-on-Skype-Yahoo-Messenger-199929/


61. May 7, Kapersky Lab Security News Service – (International) Main PHP-Nuke site compromised. Researchers at Websense found that the main site for the PHP-Nuke content-management system software, phpnuke.org, has been compromised and is serving malicious iFrame exploits to visitors. The attack uses the common iFrame-redirection technique to hijack users’ browsers and send them off to a malicious site. The code on that site is highly obfuscated and contains exploits for three separate vulnerabilities, two in Internet Explorer and one in Adobe Reader. The first attack tries to exploit a four-year-old flaw in Internet Explorer. If that part of the attack works, it downloads a Trojan onto the victim’s machine. The malware then tries to connect to several Web sites, the researchers said. The second attack uses a Java exploit, which ends up with the same infection routine as the first one. The third exploit is a PDF exploit — this actually merges three exploits targeting Adobe Reader. First the JavaScript in the HTML page checks if Adobe Reader is exploitable by checking its version number. Source: http://threatpost.com/en_us/blogs/main-php-nuke-site-compromised-050710


62. May 7, The Register – (International) New attack bypasses virtually all AV protection. Researchers say they have devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it’s executed, swaps it out with a malicious payload. The exploit has to be timed just right so the benign code is not switched too soon or too late. But for systems running on multicore processors, matousec’s “argument-switch” attack is fairly reliable because one thread is often unable to keep track of other simultaneously running threads. As a result, the vast majority of malware protection offered for Windows PCs can be tricked into allowing malicious code that under normal conditions would be blocked. All that is required is that the AV software use SSDT, or System Service Descriptor Table, hooks to modify parts of the OS kernel. Source: http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/


63. May 7, V3.co.uk – (International) Botnets exploit Linux owners’ ignorance. A lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam, according to new Symantec Hosted Services research. The firm’s latest monthly MessageLabs Intelligence Report found that Linux-based computers are five times more likely to send spam than Windows PCs. A malware data analyst at Symantec Hosted Services explained in a blog post May 6 that he decided to dig deeper into the potential causes. “On investigating the originating IPs of a random selection of spam from Linux, I found that in most cases it came from a machine running an open-source mail transfer agent, such as Postfix or SendMail, that had been left open,” he said. “This suggests that one reason there is so much spam from Linux could be that many companies that have implemented their own mail servers, and are using open-source software to keep costs down, have not realized that leaving port 25 open to the Internet also leaves them open to abuse.” Source: http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners


Communications Sector

Nothing to report

Department of Homeland Security Daily Open Source Infrastructure Report

Monday, May 10, 2010

Complete DHS Daily Report for May 10, 2010

Daily Report

Top Stories

 The Associated Press reports that Freshway Foods of Sidney, Ohio has recalled lettuce sold in 23 states and the District of Columbia because of an E. coli outbreak that has sickened at least 19 people in Michigan, Ohio, and New York. The FDA is focusing its investigation on lettuce grown in Arizona as a possible source for the outbreak. (See item 31)

31. May 7, Associated Press – (National) E. coli outbreak sickens 19 people in three states. A food company has recalled lettuce sold in 23 states and the District of Columbia because of an E. coli outbreak that has sickened at least 19 people, three of them with life-threatening symptoms. The Food and Drug Administration (FDA) said May 6 that 12 people had been hospitalized and the federal Centers for Disease Control and Prevention (CDC) said it was looking at 10 other cases probably linked to the outbreak. Freshway Foods of Sidney, Ohio, said it was recalling romaine lettuce sold under the Freshway and Imperial Sysco brands because of a possible link to the E. coli outbreak. College students at the University of Michigan in Ann Arbor, Ohio State in Columbus and Daemen College in Amherst, New York, are among those affected, according to local health departments in those states. The FDA is focusing its investigation on lettuce grown in Arizona as a possible source for the outbreak, according to two people who have been briefed by the agency. Freshway Foods said the lettuce was sold to wholesalers, food service outlets, in-store salad bars and delis. The company issued a statement May 6 that said the FDA informed it about the positive test in New York, May 5. The statement said “an extensive FDA investigation” of Freshway Foods’ facility in Sidney has not uncovered any contamination at the plant. The recalled lettuce has a “best if used by” date of May 12 or earlier. The recall also affects “grab and go” salads sold at Kroger, Giant Eagle, Ingles Markets, and Marsh grocery stores. The lettuce was sold in Alabama, Connecticut, the District of Columbia, Florida, Georgia, Illinois, Indiana, Kansas, Kentucky, Maryland, Massachusetts, Michigan, Missouri, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Rhode Island, South Carolina, Tennessee, Virginia, West Virginia, and Wisconsin. Source: http://www.foxnews.com/story/0,2933,592365,00.html?test=latestnews

 The U.S. Department of Justice announced on May 6 that Operation Network Raider, a domestic and international enforcement initiative targeting the illegal distribution of counterfeit network hardware manufactured in China, has resulted in 30 felony convictions and more than 700 seizures of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million. (See item 48)

48. May 6, U.S. Department of Justice – (International) Departments of Justice and Homeland Security announce 30 convictions, more than $143 million in seizures from initiative targeting traffickers in counterfeit network hardware. Operation Network Raider, a domestic and international enforcement initiative targeting the illegal distribution of counterfeit network hardware manufactured in China, has resulted in 30 felony convictions and more than 700 seizures of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million. In addition, nine individuals are facing trial and another eight defendants are awaiting sentencing. This operation is a joint initiative by the Federal Bureau of Investigation, U.S. Immigration and Customs Enforcement, and U.S. Customs and Border Protection working with the U.S. Department of Justice. On May 6, as a part of this joint initiative, a Saudi citizen who resides in Sugarland, Texas, was sentenced in the Southern District of Texas to 51 months in prison and ordered to pay $119,400 in restitution to Cisco Systems. A federal jury found him guilty on January 22 of charges related to his trafficking in counterfeit Cisco products. He purchased counterfeit Cisco Gigabit Interface Converters (GBICs) from an online vendor in China with the intention of selling them to the U.S. Department of Defense for use by U.S. Marine Corps personnel operating in Iraq. The computer network for which the GBICs were intended is used by the U.S. Marine Corps to transmit troop movements, relay intelligence and maintain security for a military base west of Fallujah, Iraq. ICE and CBP seized more than 94,000 counterfeit Cisco network components and labels during the course of the operation. There has been a 75 percent decrease in seizures of counterfeit network hardware at U.S. borders from 2008 to 2009. Source: http://www.justice.gov/opa/pr/2010/May/10-crm-534.html

Details

Banking and Finance Sector

16. May 7, V3.co.uk – (National) Input error leads to huge Dow Jones fall. The Dow Jones fell by nearly 1,000 points, and the Nasdaq and New York Stock Exchange announced that all trades more than 60 per cent above or below market that occurred between 2.40pm and 3.00pm New York time would be cancelled. The dramatic fall in the Dow Jones industrial average appears to have been caused by a trader hitting the button for ‘billion’ not ‘million’. Proctor & Gamble shares fell by over a third on the day’s trading. A report on CNBC said that the problem came when a deal involving Proctor & Gamble shares was incorrectly entered. “We, along with the rest of the financial industry, are investigating to find the source of today’s market volatility,” Citigroup said in a statement. “At this point we have no evidence that Citi was involved in any erroneous transaction.” “We don’t know what caused it,” said a Procter & Gamble spokeswoman. “We know that that was an electronic trade, and we’re looking into it with Nasdaq and the other major electronic exchanges.” Source: http://www.v3.co.uk/v3/news/2262620/computer-input-error-leads


See items 19 and 51


17. May 7, Krebs on Security – (International) Fun with ATM skimmers, part III. According to the European ATM Security Team (EAST), a not-for-profit payment security organization, ATM crimes in Europe jumped 149 percent form 2007 to 2008, and most of that increase has been linked to a dramatic increase in ATM skimming attacks. During 2008, a total of 10,302 skimming incidents were reported in Europe. A short video authorities in Germany released recently showing two men caught on camera there installing a skimmer and a pinhole camera panel above to record PINs. EAST estimates that European ATM fraud losses in 2008 were nearly 500 million Euros, although roughly 80 percent of those losses resulted from fraud committed outside Europe by criminals using stolen card details. EAST believes this is because some 90 percent of European ATMs now are compliant with the so-called “chip and pin” or EMV (an initialism for Europay, Mastercard and VISA) standard. U.S. based financial institutions do not require chip-and-PIN, and that may be a contributor to the high fraud rates in the United States. The U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Source: http://krebsonsecurity.com/


18. May 7, WBBM 780 Chicago – (National) Sad stories as mortgage scam complaints leap. The number of complaints involving mortgage foreclosure scams is up 126 percent, according to the Better Business Bureau. Officials with the organization say consumers need to continue to research the potential company offering to help, talk to the lender involved, and take time before signing a contract. Source: http://www.wbbm780.com/Sad-stories-as-mortgage-scam-complaints-leap/6994297


19. May 7, Marketwatch – (National) Stock sell-off leads to probe of faulty trade. Securities and futures regulators said they were working with exchanges to examine “unusual” trading activity during the day’s massive sell-off, which saw bellwethers such as Procter & Gamble Co. plunge nearly 40%, and prompted a senator to call for tighter trading controls. The U.S. Commodity Futures Trading Commission and the U.S. Securities & Exchange Commission said in a joint statement late May 6 that they are working closely with other financial regulators and exchanges “to review the unusual trading activity that took place briefly this afternoon.” The regulators said they would make the findings of their review public. In a brief statement, the Nasdaq OMX Group Inc. said later in the evening that it will cancel all trades made between 2:40 p.m. Eastern time and 3 p.m. Eastern time which were “greater than or less than 60% away from the consolidated last print in that security at (2:40 p.m.) or immediately prior.” Reports said the New York Stock Exchange would also cancel some trades. Source: http://www.marketwatch.com/story/stocks-sell-off-leads-to-faulty-trade-probe-2010-05-06?reflink=MW_news_stmp


20. May 6, KDAF 33 Dallas – (Texas) Woman warns of bombs during bank robbery; Wal-Mart evacuated. McKinney , Texas, police are looking for a woman who robbed bank inside of a Wal-Mart and caused the entire store to be evacuated by saying there were two bombs in the store. According to police, she entered a Woodforest National Bank just before 11 a.m. and handed a teller a note demanding money. The teller gave the suspect an undisclosed amount of money. Police say she also told the teller there were bombs in the store. She then left the bank inside the Wal-Mart in a silver, four-door sedan. Wal-Mart management evacuated customers from the store. Officers on the scene helped management walk through the store to look for any suspicious packages or devices in the store. Nothing suspicious was found. Source: http://www.the33tv.com/news/kdaf-woman-bomb-robs-mckinney-bank-walmart-story,0,6220710.story


21. May 6, Bloomberg – (National) Freddie Mac falls after seeking $10.6 billion from Treasury. Freddie Mac fell 8 percent in New York trading after requesting $10.6 billion more in Treasury Department aid while reporting a first-quarter loss. Freddie Mac asked for aid and reported a $6.7 billion first-quarter loss in a Securities and Exchange Commission filing May 5. The new request would add to the $50.7 billion in taxpayer aid the company has received since November 2008. The company’s shares fell 11 cents to $1.32 at 12:21 p.m. in New York Stock Exchange composite trading. Freddie Mac and Fannie Mae have borrowed almost $137 billion from the Treasury since U.S. regulators seized the two government-sponsored enterprises in September 2008, after rising delinquencies and foreclosures pushed them to the brink of collapse. However, the Treasury Secretary said the current Administration “made a choice” not to seek legislation to address Fannie Mae and Freddie Mac this year. Source: http://www.bloomberg.com/apps/news?pid=20601206&sid=aS5g.vrcsoZM


Information Technology


45. May 7, V3.co.uk – (International) Microsoft planning two critical fixes in May update. Microsoft has published its advance notification for this month’s Patch Tuesday update on 11 May, revealing fixes for two critical vulnerabilities in Windows and Office. A group manager for response communications at Microsoft said in a blog post that both issues allow for the remote execution of code. Windows 7 and Windows Server 2008 R2 customers will be offered the Windows-related update, but the manager claimed that “they are not vulnerable in their default configurations.” A recently uncovered problem with SharePoint will not be patched this month, as Microsoft is continuing to work on a solution. Administrators have been advised to apply an access control list to the SharePoint Help.aspx file to prevent unauthorized users gaining access to the vulnerable components, or to disable certain features in Internet Explorer. Source: http://www.v3.co.uk/v3/news/2262645/microsoft-plans-slight-patch


46. May 7, IDG News Service – (International) Chinese companies join to rid handsets of poisoned apps. More than a dozen mobile phone makers in China have teamed up to tackle a growing problem of poisoned applications that are designed to slowly bleed money from a user in a number of ways, either by increasing phone usage charges, such as charging to the monthly bill every time a user clicks on the app, or offering products or services that are paid for but never delivered. The group of companies, which includes Lenovo, Haier, TCL and chip maker MediaTek, pledged to answer the call by China’s Ministry of Industry and Information Technology to crack down on the illegal applications. They signed an agreement not to pre-install any such applications on the cell phones they make and to take appropriate action if they discover any such malicious software in their products. The government has worked to clean up the industry and the companies formed the group to support the efforts. Source: http://www.networkworld.com/news/2010/050710-chinese-companies-join-to-rid.html?hpg1=bn


47. May 6, DarkReading – (International) Breaches rise in U.K. firms along with wireless, VoIP, social networking. According to recent survey by Pricewaterhouse Coopers, more than 90 percent of large organizations (more than 250 employees) say they suffered a data breach in the past year, up from 72 percent in 2008, the last time the survey was conducted. About 83 percent of small organizations (50 or fewer employees) were hit last year, up from 45 percent in 2008. On average, large U.K. firms were hit with 45 breaches in the past year, three times as many incidents as they reported in 2008. Small firms were hit with an average of 14 breaches, more than two times the number they logged two years ago. At the same time, U.K. organizations are rapidly adopting new technologies and services. Nearly half use voice-over-IP (VoIP) — up from 17 percent two years ago — and 85 percent run wireless networks, twice as many as in ‘08. Social networking is important to business for 32 percent of the organizations, and 34 percent say they are “critically dependent” on cloud-based, hosted software services. Meanwhile, staffers lost or leaked confidential data in 46 percent of the large organizations, with 45 percent of those saying the information exposed was “very serious” or “extremely serious.”

Source: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=224701015


48. May 6, U.S. Department of Justice – (International) Departments of Justice and Homeland Security announce 30 convictions, more than $143 million in seizures from initiative targeting traffickers in counterfeit network hardware. Operation Network Raider, a domestic and international enforcement initiative targeting the illegal distribution of counterfeit network hardware manufactured in China, has resulted in 30 felony convictions and more than 700 seizures of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million. In addition, nine individuals are facing trial and another eight defendants are awaiting sentencing. This operation is a joint initiative by the Federal Bureau of Investigation, U.S. Immigration and Customs Enforcement, and U.S. Customs and Border Protection working with the U.S. Department of Justice. On May 6, as a part of this joint initiative, a Saudi citizen who resides in Sugarland, Texas, was sentenced in the Southern District of Texas to 51 months in prison and ordered to pay $119,400 in restitution to Cisco Systems. A federal jury found him guilty on January 22 of charges related to his trafficking in counterfeit Cisco products. He purchased counterfeit Cisco Gigabit Interface Converters (GBICs) from an online vendor in China with the intention of selling them to the U.S. Department of Defense for use by U.S. Marine Corps personnel operating in Iraq. The computer network for which the GBICs were intended is used by the U.S. Marine Corps to transmit troop movements, relay intelligence and maintain security for a military base west of Fallujah, Iraq. ICE and CBP seized more than 94,000 counterfeit Cisco network components and labels during the course of the operation. There has been a 75 percent decrease in seizures of counterfeit network hardware at U.S. borders from 2008 to 2009. Source: http://www.justice.gov/opa/pr/2010/May/10-crm-534.html


49. May 5, DarkReading – (International) Red Condor warns of ‘Adobe Security Update’ malware campaign. Red Condor on May 5 issued a warning of a new malware threat crafted to appear as an email thread discussing vulnerabilities in Adobe software. The campaign targets Adobe customers and consists of a fake thread of forwarded emails that begins with a security update message from an employee in “Adobe Risk Management.” The campaign warns recipients of a “Denial of Service Vulnerability” in the Adobe software and “strongly advises” that companies running the software update their systems with the “latest security patch.” The most convincing and potentially damaging aspect of the campaign is the structure of the forwarded thread, which is spoofed and customized per message and recipient. The thread contains what appear to be the full names and email addresses of people in higher positions in the recipient’s organization, possibly a technique to make the message and call to action seem legitimate. Embedded in the body of the email are links to a PDF file that contains the update instructions for the security patch, and an executable, which has been identified as a Trojan virus. Red Condor is the first to detect the malware campaign; the vast majority of AV engines failed to recognize the malicious download.

Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=224700896&subSection=Vulnerabilities+and+threats


For another story, see item 52


Communications Sector

50. May 7, Los Angeles Times – (National) FCC chooses a middle ground in enforcing net neutrality. The Federal Communications Commission has come up with a new way to apply some net neutrality rules that would force Comcast Corp., AT&T Inc. and other broadband Internet service providers to handle all Web traffic the same, without imposing limits on users or blocking websites. Its proposal released May 6 is aimed at blunting an April federal appeals court ruling involving Comcast that found the agency had limited authority to regulate broadband Internet service. FCC Chairman said in a statement that the Comcast decision had created a “serious problem” and that his agency believes more regulation of broadband Internet service is needed, though not the heavier restrictions that apply to telephone companies.The Democratic appointee to the commission said existing law allows the agency to apply a “narrowly tailored broadband framework” to regulate Internet traffic. His proposal seeks to give the agency direct authority over broadband service. Source: http://www.latimes.com/business/la-fi-internet-fcc-20100507,0,3891841.story


51. May 7, Computerworld – (International) Stock market crash takes down financial sites. The stock market crash on Thursday afternoon took financial Web sites down with it, as people hurried online to make trades and check their investments. Yahoo Finance, Fidelity.com, and Google Finance are among the sites that people complained were unavailable or slow for a period during the afternoon. A Yahoo spokeswoman would say only that Yahoo Finance experienced intermittent issues. Google said a small percentage of visitors may have experienced “sluggishness” for a brief period of time. Fidelity said it saw near-record peak transaction volumes and had intermittent slowness but no interruption throughout the day. Source: http://blogs.computerworld.com/16064/stock_market_crash_takes_down_financial_sites


See item 16


52. May 6, BBC – (International) ‘Historic’ day as first non-Latin web addresses go live. Net regulator Icann has switched on a system that allows full web addresses that contain no Latin characters. Egypt, Saudi Arabia and the United Arab Emirates are the first countries to have so-called “country codes” written in Arabic scripts. The move is the first step to allow web addresses in many scripts including Chinese, Thai and Tamil. More than 20 countries have requested approval for international domains from the Internet Corporation for Assigned Names and Numbers (Icann). It said the new domains were “available for use now” although it admitted there was still some work to do before they worked correctly for everyone. However, it said these were “mostly formalities”. Icann’s senior director for internationalized domain names told BBC News that this has been “the most significant day” since the launch of the internet, adding that “it’s been a very big day for Icann, more so for the three Arabic countries that were the first to be introduced”. Icann president described the change as “historic.” Source: http://news.bbc.co.uk/1/hi/technology/10100108.stm


53. May 6, Associated Press – (International) How an unfixed Net glitch could strand you offline. A member of the “hacker think tank” called the L0pht told Congress in 1998 that he could use a Border Gateway Protocol (BGP) vulnerability to bring down the Internet in half an hour by misdirecting data. In recent years, the expert — who now works for the Pentagon’s Defense Advanced Research Projects Agency — has said the exploit would still work. However, it would likely take a few hours. In 2003, the Presidential Administration concluded that fixing this flaw was in the nation’s “vital interest.” Fast forward to 2010, and very little has happened to improve the situation. The flaw still causes outages every year. The crux of the problem is that each carrier along the way figures out how to route the data based only on what the surrounding carriers in the chain say, rather than by looking at the whole path. And while there is some progress being made, there is little industry-wide momentum behind efforts to introduce a permanent remedy. Data carriers regard the fallibility of the routing system as the price to be paid for the Internet’s open, flexible structure. Internet growth has also increased the risks exponentially. Spokesmen at AT&T Inc. and Verizon Communications Inc. said they were unable to find anyone at their companies who could discuss the issue of routing reform. The chief technology officer at Qwest Communications International Inc. says that he would support some simple mechanisms to validate data routes, but he argues that fundamental reform is not necessary. Hijackings are typically corrected quickly enough that they do not pose a major threat, he argues. In the meantime, network administrators deal with hijacking the old-fashioned way: calling their counterparts close to where the hijacking is happening to get them to manually change data routes. Source: http://www.dailymail.com/News/TechnologyNews/201005060418?page=1&build=cache


54. May 5, CNNMoney – (National) AT&T dropping more calls than ever. AT&T announced in January that it was spending $2 billion this year to improve its much maligned cellular network. A survey of smartphone customers was released May 4 by ChangeWave Research, the consumer polling division of InvestorPlace.com. In a poll that asked 4,040 smartphone users in March how many dropped calls they had experienced in the past three months, AT&T — the exclusive U.S. carrier of Apple’s iPhone and iPad mobile devices — came in last among the country’s four largest carriers. Verizon customers reported losing only 1.5 percent of their calls over the past three months, the lowest in the smartphone industry and the lowest percentage for a carrier ever recorded by ChangeWave. AT&T customers, by contrast, reported 4.5 percent of calls dropped in the last three months. That is one out of every 22 calls — three times as many as Verizon’s and the worst percentage ChangeWave has ever seen. Sprint was the country’s second most reliable carrier, with 2.4 percent of calls dropped, and T-Mobile the third, with 2.8 percent of calls dropped. The survey was conducted between March 9 and March 23. Source: http://tech.fortune.cnn.com/2010/05/05/att-dropping-more-calls-than-ever/


55. May 5, St. Paul Pioneer Press – (Minnesota) Qwest investigating cause of local Internet outage. A high-speed Internet network serving the Twin Cities metro area was down for nearly an hour May 5. Qwest Communications International, the state’s largest phone provider, is investigating the cause of the outage, which occurred from about 10:40 to 11:30 a.m., a spokeswoman said. The problem created a “routing loop” in the telecommunication company’s Metro Optical Ethernet, or MOE. “Data was coming in but it couldn’t figure out where to send itself,” she said. “So it was looping and looping and looping and getting stuck.” The outage knocked out Internet access to about 1,000 large-, medium- and small-business customers of Qwest, including the St. Paul Pioneer Press and St. Paul-based Minnesota Public Radio. IPHouse, a Minneapolis Internet service provider that serves MPR and uses the MOE service, was told by Qwest technicians that they could see no single point of failure in the network, the IPHouse CEO said. An unknown number of residential customers using DSL also may have been affected, the Qwest spokeswoman said. Qwest business customers that do not use MOE were not affected by the outage, she said. Source: http://www.twincities.com/business/ci_15023615