Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 4, 2008

Complete DHS Daily Report for November 4, 2008

Daily Report

Headlines

 According to Computerworld, a cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen the log-ons to more than 300,000 online bank accounts and almost as many credit cards during that time, a security company said Friday. (See item 13)

See Item 15 in the Banking and Finance section below

 KTLA 5 Los Angeles reports that a portion of Highway 101 was closed Monday in both directions in downtown Santa Barbara, California, after a masked gunman was spotted on a freeway overpass. (See item 17)

17. November 3, KTLA 5 Los Angeles – (California) Gunman in army fatigues shuts down freeway. A portion of Highway 101 is closed in both directions in downtown Santa Barbara after a masked gunman was spotted on a freeway overpass. Witnesses say the gunman, wearing brown fatigues and a black ski mask, was spotted waving a gun around on the La Cumbre overpass around 7:10 a.m. Monday. Police said the man is armed with a revolver and is also waving an American flag. The freeway was shut down in both directions at La Cumbre as a precaution, and traffic is being diverted through downtown Santa Barbara. The California Highway Patrol (CHP) reports the freeway closure has caused a massive traffic backup throughout the area. The roadway will remain closed until further notice, according to the CHP. No shots have been fired. Source: http://www.ktla.com/content_landing_page/?Masked-Gunman-Shuts-Down-Highway-101-in-=1&blockID=124961&feedID=171

Details

Banking and Finance Sector


12. November 1, Washington Post – (National) Money-laundering risk of hedge funds gauged. The roughly $2 trillion hedge-fund industry remains free of government restrictions, and this week the Treasury Department formally withdrew its once proposed rules. There are several reasons the Treasury has been delayed in requiring hedge funds to adopt money-laundering measures. For one thing, because the industry is unregulated there are no government examiners to enforce the measures. For another, hedge funds are indirectly regulated because they do business through bank and other financial firms that are required to monitor transactions for possible money-laundering. One key reason for the delay is that the risk that a terrorist group might use a hedge fund to launder money is deemed relatively small. For similar reasons the Treasury Department last year exempted casinos from a requirement that they report currency transactions on slot machine jackpots and video lottery terminals. Source: http://www.washingtonpost.com/wp-dyn/content/article/2008/10/31/AR2008103103210.html?hpid=sec-business


13. October 31, Computerworld – (International) “Ruthless” Trojan horse steals 500K bank, credit card log-ons. A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen the log-ons to more than 300,000 online bank accounts and almost as many credit cards during that time, a security company said today. Researchers at RSA Security Inc.’s FraudAction Research Labs tracked the Sinowal Trojan horse, also known as Mebroot and Torpig, to a drop server that contained the stolen credentials, said the product marketing manager at RSA’s ID and access assurance group. All told, the gang behind Sinowal managed to obtain access to nearly half a million bank accounts and credit cards, a volume RSA dubbed “ruthless” and “extraordinary.” Sinowal has infected hundreds of thousands of PCs worldwide during its run, and it continues to attack machines. It is triggered by more than 2,700 specific Web addresses, a massive number compared with other Trojan horses. Due to the global distribution of the malware attacks, RSA Security suspects that the group responsible for Sinowal is based in Russia. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9118718&intsrc=hm_list


14. October 31, Government Technology – (National) Red flag security regulation in effect as of November 1. As of November 1, 2008, federal regulation will require all organizations in the United States that offer consumer credit accounts to have implemented Red Flag programs to address consumer identity theft. Businesses will now be required to seriously address the identity theft problem in the interest of their customers, rather than just in their own business interests. Compliance is not a complex process, but it requires senior management’s attention to ensure the organization gets the full benefit of both compliance and reduction of identity theft as a major inhibitor of consumer economic activity. Source: http://www.govtech.com/gt/427073?topic=117671


15. October 31, CNN Money – (Florida) Fla’s Freedom Bank becomes 17th FDIC insured failure this year. Florida-based Freedom Bank was closed by state regulators Friday and its deposits were sold to Fifth Third Bancorp (FITB) under an agreement orchestrated by the Federal Deposit Insurance Corp. The FDIC said the cost of the failure to its deposit insurance fund will be between $80 million and $104 million — the “least costly” option, according to the regulator. Freedom Bank had assets of $287 million as of October 17, along with $254 million in total deposits, according to the FDIC. Fifth Third acquired Freedom Bank’s deposits for a premium of 1.16 percent, and also bought $36 million of assets from the bank. Any remaining assets will be held by the FDIC. Source: http://money.cnn.com/news/newsfeeds/articles/djf500/200810311851DOWJONESDJONLINE000897_FORTUNE5.htm


16. October 31, Twin City Pioneer Press – (Minnesota) FDIC chastises BankCherokee. The FDIC chastised BankCherokee for its “excessive concentration of real estate loans” and for not having enough capital to support the risk it was taking. A BankCherokee CEO said the bank already has taken steps to address the FDIC’s concerns, shoring up its capital and moving to diversify its loan portfolio. The FDIC’s action, called a cease and desist order, is at the middle level of enforcement actions. Such orders prohibit certain practices and usually require that bank officers correct problems that led to the order. Since 1975, the FDIC has issued about three dozen cease-and-desist orders in Minnesota. Most of the other orders from bank regulators require a change in a bank’s management or board makeup. The FDIC made no such request of BankCherokee. Source: http://www.twincities.com/ci_10869862


Information Technology


39. October 31, Dark Reading – (International) Antivirus ‘scareware’ is lucrative. An infamous pop-up aimed at spooking users into downloading a phony anti-virus program does detect a little malware, but it also make big bucks for its developers and distributors. According to new research conducted by SecureWorks director of malware research, who recently dissected the infamous software program and its money trail, affiliates who sell the so-called Antivirus XP 2008 (and now 2009) get a 58 to 90 percent commission on sales of the around $50 package. The program infects Web sites with phony pop-ups warning users that their machine is infected and to download the “anti-virus” software. Source: http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=211800542


40. October 31, VNUnet.com – (International) Warning on Halloween web fraud. Scammers are latching onto Halloween Web sites as a method of spreading infectious code, internet monitoring company Websense is warning. The company said that sites selling Halloween gifts and services have been targeted as never before and Internet users can be put at risk of infection from code embedded within the sites. “One particular example is a Web site selling Halloween costumes. The ‘deobfuscation’ returned by ThreatSeeker shows that the JavaScript has multiple layers of obfuscation, the company said in an alert. “The script contacts a malicious server in the .biz TLD. Within the ThreatSeeker network, we have seen almost 10,000 sites infected with the same obfuscation technique.” Another technique involves building a redirect into a popular Web site. Websense has detected over 13,000 such script injections in popular sites. Source: http://www.vnunet.com/vnunet/news/2229576/warning-halloween-web-fraud


Communications Sector


41. November 3, RIA Novosti – (National) Russia starts preparations to launch U.S. telecoms satellite. Russian space technicians have started launch preparations for a Zenit carrier rocket with a U.S. Telstar telecom satellite on board, Russia’s space agency said on Friday. A Zenit-3SLB carrier rocket equipped with a DM-SLB booster is scheduled to lift off from the Baikonur space center in Kazakhstan at the end of December. The Telstar 11N, built by Space Systems/Loral for Loral Skynet telecoms company, will provide services from 39 high-power Ku-band transponders spread across four different geographic beams in each of North and Central America, Europe, Africa, and the maritime Atlantic Ocean Region. Source: http://www.space-travel.com/reports/Russia_Starts_Preparations_To_Launch_US_Telecoms_Satellite_999.html

No comments: