Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 20, 2008

Daily Report

• According to the Chicago Tribune, a veteran food-contamination scientist at the U.S. Food and Drug Administration said that discovering where the salmonella bug originated may be impossible because an individual tomato typically carries no information of its origin. (See item 18)

• The Harris News Service reports that, according to a legislative report, confidential information was left on outdated state computers being released for sale to the public. That includes thousands of Social Security numbers, names of Medicaid beneficiaries, and personnel information about state employees. (See item 30)

Banking and Finance Sector

7. June 19, Marco News – (National) Authorities warn of scam using Marco bank’s name. The Collier County, Florida, sheriff’s office (CCSO) is warning the public about a scam involving a Collier County bank. In the scam, letters are sent in the mail asking a person to be a “secret shopper.” A check for a large amount of money is included with the letter. These checks carry the Marco Community Bank logo and routing number, and have apparently been circulated by mail across the United States. Deputies say these checks are counterfeit. Marco Community Bank officials alerted CCSO to the scam. The amount listed on the checks is generally $4,820. The checks are green and the numbers vary. On the bottom of each check in the left-hand corner reads: Re: Consumers View Inc. Various phone numbers also appear on the check and in the letter. When called, a person on the other end of the line answers “Marco Community Bank” and verifies that the amount of money on the check is available. Source: http://www.marconews.com/news/2008/jun/19/authorities-warn-scam-using-marco-banks-name

8. June 18, Wired Blog Network – (National) Citibank hack blamed for alleged ATM crime spree. A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors. The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank’s systems, experts say. Credit card and ATM PIN numbers show up often enough in underground trading, but they are invariably linked to social engineering tricks like phishing attacks, “shoulder surfing” and fake PIN pads affixed to gas station pay-at-the-pump terminals. But if federal prosecutors are correct, the Citibank intrusion is an indication that even savvy consumers who guard their ATM cards and PIN codes can fall prey to the growing global cyber-crime trade. Citibank denied that its systems were hacked to Wired.com’s Threat Level. But the bank’s representatives warned the FBI on February 1 that “a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached,” according to a sworn affidavit by a FBI cyber-crime agent. Source: http://blog.wired.com/27bstroke6/2008/06/citibank-atm-se.html

9. June 18, Atlanta Business Chronicle – (Georgia) Georgia Department of Revenue warns of check scams. The Georgia Department of Revenue (DOR) said June 18 it has discovered two check scams that involve phony checks claiming to be from the Georgia DOR and checks that use incorrect banking information. In the first scam, people get a letter from a Canadian-based company that says “your grant in the amount of $50,000.00 (Fifty Thousand Dollars) has been approved.” Attached to the letter is a check that appears to have been issued by the Georgia DOR. The letter asks the recipient to call a Canadian phone number “immediately to verify your file” and to “prevent any delay with the release of your grant.” The letter specifies a deadline for claiming the grant. But during the phone call, an agent will try to get the caller to divulge personal information including bank account information. Some recipients have deposited the check into their banking account. But the check is blocked when it attempts to clear Georgia DOR’s account. “The Georgia Department of Revenue does not mail checks to individuals through any third party,” said a Georgia Revenue Commissioner. “Checks issued by the Georgia Department of Revenue are mailed directly to the check’s payee.” The second scam involves a company identified on the check as AIRSERV in Atlanta that issues checks with inaccurate banking information. Anyone who gets one of the letters or AIRSERV checks should take it to their nearest law enforcement office and fill out a victim of fraud complaint, Georgia DOR said. Source: http://www.bizjournals.com/atlanta/stories/2008/06/16/daily59.html

Information Technology

38. June 18, IDG News Service – (National) Digital rights groups hit ISP ad firm for spying on users. A targeted advertising vendor being used by several U.S. broadband providers hijacks browsers, spies on users and employs man-in-the-middle attacks, according to a report released Thursday by two advocacy groups. NebuAd Inc., a behavioral advertising vendor being used by Charter Communications Inc., WideOpenWest Holdings LLC and other Internet service providers, also uses packet forgery, modifies the content of TCP/IP packets and loads subscribers’ computers with unwanted cookies, according to the report by Public Knowledge and Free Press, two Washington-based organizations focused on digital rights. “NebuAd exploits several forms of ‘attack’ on users’ and applications’ security,” the chief technology consultant for the two groups. “These practices – committed upon users with the paid-for cooperation of ISPs – violate several fundamental expectations of Internet privacy, security and standards-based interoperability.” NebuAd violates Internet Engineering Task Force standards that “created today’s Internet, where the network operators transmit packets between end users without inspecting or interfering with them,” he said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9100378&taxonomyId=17&intsrc=kc_top

39. June 18, IDG News Service – (National) Firefox 3 vulnerability found. Five hours after Mozilla officially released Firefox 3.0, researchers found a vulnerability in the new browser. Tipping Point has verified the bug and reported it to Mozilla, Tipping Point said on Wednesday. Since Mozilla is still working on a fix, the researchers will not share details about the problem. Tipping Point ranked the severity of the vulnerability as high, but said that users would have to click on a link in an e-mail or visit a malicious Web page before being affected. The issue affects users of Firefox 3.0 as well as Firefox 2.0. Once the problem is fixed, Tipping Point will publish an advisory on its Web site, it said. Source: http://www.networkworld.com/news/2008/061808-firefox-3-vulnerability.html

Communications Sector

Nothing to report

No comments: