Wednesday, May 28, 2008

Daily Report

• The Associated Press reports that a new Government Accountability Office (GAO) report finds that gaps in port security make the U.S. vulnerable to a terrorist attack. (See item 11)

• ComputerWorld reports that a penetration tester was able to hack into a major FBI database in six hours using lapses in infrastructure design and patch management. (See item 34)

Banking and Finance Sector

7. May 27, Salt Lake Tribune – (National) D.A.: Rearrest fraud suspect. The U.S. district attorney wants to rearrest a man accused of creating a fake bank in Utah and taking millions of dollars from banks, investors and casinos nationwide, even while he was in jail. The suspect surrendered to the FBI in March after he allegedly tried to buy part of a Utah company with a $535,000 counterfeit check. He was released after a detention hearing and his assurances to make good on the payment. The scheme now appears to be part of a complex web of phony bank transactions backed by fake cashier’s checks, according to U.S. District Court documents. Authorities say the illegal acts continued after the man’s release. More than 50 victims have been identified, and authorities think there may be more. The plot started in November 2007, when the man created the First Mutual Bank, portraying it on a Web site as an international bank based in London with locations in New York, Los Angeles and Salt Lake City. First Mutual and several other false banks with similar names were based in South Jordan and never were legitimate. The man allegedly printed three boxes of cashier’s checks in the First Mutual name. Using a variety of schemes, he swindled collateral payments from banks, credit unions and at least one real estate investor. After his release, documents state, he “continued unabated,” representing himself with a false name to new investors and reassuring others that he was not under investigation. On May 16, the U.S. Attorney’s Office released the results of its continued investigation and asked that his release be revoked. The man, according to court documents, had committed similar crimes in Switzerland. Source:

8. May 27, Pittsburgh Post-Gazette – (Pennsylvania) Scam artists play ‘dialing for dollars.’ The latest telephone and text message scam to surface in Philadelphia spread into Wilkes-Barre and Scranton and then into Harrisburg, Pennsylvania. “It may be moving into your area next,” said the deputy press secretary for Attorney General, referring to Pittsburgh and other cities and towns in Western Pennsylvania. “The scammers are using boiler rooms [no-frills call centers] and working their way through the state’s area codes.” The latest attempt to separate Pennsylvanians from their money is an international long-distance telephone scam with two variations: Consumers receive phone or text messages asking them to call what appears to be an ordinary long-distance number to confirm a lottery or sweepstakes prize. The other, more insidious variation of the scam asks consumers to call the number to get information about a relative who purportedly has been injured in an accident or is hospitalized. “Unsuspecting consumers who return these messages are actually calling international long-distance numbers, mainly in the Caribbean, and can be charged hundreds of dollars per minute for the calls,” said the official. He said the crooks are taking advantage of the fact that some international numbers, such as 876 (Jamaica), 345 (the Cayman Islands), 284 (the British Virgin Islands) and 809 (the Dominican Republic), look like ordinary domestic area codes. Consumers should call directory assistance or an operator to check on the location for any unfamiliar number, and ask what the per-minute charges are for the number. They also should carefully review their monthly phone bills and immediately contact their phone company to dispute any unauthorized charges. Source:

9. May 26, Examiner – (District of Columbia) D.C. finance office workers took thousands in funds, report says. Employees in the District of Columbia’s finance office helped themselves to thousands of dollars from an emergency cash fund that was supposed to help city workers, the Examiner has learned. Three employees, including a high-ranking finance official, have been fired in the wake of the scandal, sources familiar with an ongoing investigation said. Employees were taking petty cash from boxes around the city, the sources said. They were also keeping cash and checks from payments back into the fund to cover themselves in case their drawers were short. The allegations are detailed in a report from the D.C. Auditor office that is still being drafted. The city’s inspector general is also investigating. It is unclear how extensive the damage was. Records are scattershot, and the cash advance program did not have internal controls to spot trouble, the sources said. Source:

10. May 24, The Day – (Connecticut) Troopers’ office warns of bank check scam. The Montville, Connecticut, Resident Troopers’ Office said citizens are receiving fraudulent bank checks for promising to return 10 percent of the funds to a third party. A Resident State Troop sergeant said phone solicitation is also on the rise, with parties calling to claim they are bank representatives. He said anyone who receives such a call should hang up and immediately call his or her bank branch directly. Source:

Information Technology

34. May 27, ComputerWorld – (National) Six hours to hack the FBI. A penetration tester at PatchAdvisor Inc. hacked his way into a major FBI crime database within a mere six hours. He used “security lapses in both infrastructure design and patch management.” He said that during a routine network scan, he discovered a series of unpatched vulnerabilities in the civilian government agency’s Web server, as well as other parts of the enterprise. He then used a hole in the Web server to pull down usernames and passwords that were reused on a host of enterprise systems. In those systems, he found further account details that allowed him to get Windows domain administrator privileges. Using this privileged access, he was able to gain full control of almost all Windows-based systems in the enterprise, including workstations used by the on-site police force. He noticed that several police workstations had a second networking card installed that used the SNA protocol to directly talk to an IBM mainframe. By covertly installing remote control software on those workstations, he found programs on their desktops that automatically connected the workstations to the FBI’s NCIC database. “That software, coupled with a keystroke capture program, would allow an attacker to grab the credentials needed to log into the FBI’s National Crime Information Center database,” he says. Like most vulnerabilities he’s found over his years of paid ethical hacking, this one could have easily been eliminated with some basic security strategies, he says. For instance, the police network should have been firewalled off from the main enterprise network, and the investigators’ workstations kept out of the larger domain. Also, he says the agency should not have allowed those workstations both NCIC and general enterprise network access, since they were connected to something with such obvious national security implications. Finally, the system administrators should have monitored and blocked the common reuse of passwords. Source:

35. May 27, Reuters – (International) Hackers make way for criminals in cyberspace. Attacking the European Union’s Internet backbone is now the preserve of organized crime, not young hackers out to prove a point, the executive director of the European Network and Information Security Agency (ENISA) said, adding that public authorities have been able to hold their own in the contest – so far. There is a continuous struggle between the attackers and the increases in protection of information systems. “It’s a contest,” he told Reuters. The economy of the EU’s 27 nations, like elsewhere in the world, increasingly depends on a trouble-free Internet to operate, but there have been reminders of what can go wrong. Last year, government websites in Estonia crashed with the Baltic state accusing Russia of being behind what many saw as the first major cyber attack in Europe. But with a budget of just $12.6 million a year and a staff of 50, ENISA needs more resources, ENISA’s director added. Source:

36. May 27, Search Engine Watch – (International) CAPTCHA hacks for Gmail, Blogspot, Craigslist causing problems. Hackers seem to have found a way to work around CAPTCHA – the once great hope of stopping bots from spamming. A Search Engine Watch Forum member noted that there are now programs being offered that work around the filter. Source:

Communications Sector

37. May 27, Wall Street Journal – (National) Do hackers pose a threat to smart phones? Like computers, smart phones are vulnerable to viruses and other types of malicious software. By all accounts, the risk of a smart-phone attack is low, but as people start using the devices for more sensitive tasks – handling customer data and transferring corporate files – security experts say smart phones may become more vulnerable. So companies are working to protect both the devices and the networks behind them. At the corporate level, IT departments are cracking down, mainly by limiting access these devices have to internal networks. On the consumer front, computer-security companies are selling antivirus software that scans for rogue applications. Smart phones are used mainly by professionals who want to access corporate email and send documents on-the-go. But the market for these high-end devices is growing. So far, there are about 300 to 500 known versions of malicious software, or malware, written for phones – a small number compared to those that attack personal computers. Malware infects phones through email attachments and text messages that ask users to download an application. They also can be delivered over wireless connections using Bluetooth technology. The majority of mobile malware has been written for phones using the Symbian operating system, which is found in about 65 percent of the global smart-phone market, according to ABI Research. Phones that run Symbian include some models made by Nokia, Samsung and Sony Ericsson. Regardless of the operating system, the greatest risk of infection comes from third-party applications, such as games and ringtones. Beyond downloading software only from trusted companies, individuals who own personal smart phones can protect themselves with antivirus software. Source:

38. May 25, Financial Mail – (International) Huge security alert over BT broadband. Hundreds of thousands of British Telecom (BT) broadband customers are at risk of massive breaches of their computer security because of a flaw in the Home Hub wireless network systems installed by the telecoms giant. BT has 4.4m broadband customers and it is believed most of those supplied with wifi boxes are vulnerable to hacking. Only the latest versions of the BT system are safe from attack. And though BT has been aware of the problem for months, it has not written to customers to warn them of the risk and the simple fix. Computer experts last week demonstrated to Financial Mail how easy it was for a hacker to use a free computer program to join a household network without being told the password. It took five minutes for the program to probe the wi-fi hub and gain access. From there, more skilled computer criminals could access and seize vital personal data from individual computers. Source: