Thursday, June 5, 2008

Daily Report

• According to the Associated Press, an outbreak of salmonella has been reported in nine states. CDC investigators are looking into whether uncooked tomatoes were culprits in all of the nine states. (See item 29)

• The Associated Press reports that most dangerous domains to navigate to are “.hk” (Hong Kong), “.cn” (China) and “.info” (information)., according to a McAfee Inc report based on results from 9.9 million Web sites. (See item 41)

Banking and Finance Sector

15. June 4, Quad-City Times – (Illinois) Telephone scam targets IH Mississippi Valley customers. IH Mississippi Valley Credit Union warned Tuesday that a telephone scam in the Quad-City area is attempting to solicit financial information from its credit union members as well as non-customers. The credit union’s vice president of marketing said people began receiving automated telephone messages late afternoon and early evening Monday indicating there had been suspected fraudulent activity on their IH Mississippi Valley account. The recorded message instructed recipients to call a telephone number where credit/debit card information was requested. The union official said IH Mississippi Valley Credit Union does not initiate any e-mail, telephone call or direct mail messages that request confidential information such as credit card or personal identification numbers. Early Tuesday, authorities shut down the 800 number connected to the scam, she said. IH Mississippi serves 85,000 members across the Quad-City area. Source:

16. June 4, Associated Press – (District of Columbia) 2 charged in another scam against DC tax office. A District of Columbia government worker and her boyfriend have been charged with stealing more than $180,000 in another alleged refund scam against the city’s tax office. Prosecutors say an employee of the tax office used a government computer system to create fake refund checks that were given to her boyfriend. The city is already dealing with the case of another former employee, who worked in the city’s tax office and allegedly embezzled millions through phony tax refund checks. Prosecutors have said at least $20 million was stolen from the city in that scheme. Authorities say the cases are not related. Source:

17. June 3, Digital Transactions News – (Indiana, Michigan) Indiana bank’s debit card breach underscores issuer vulnerability. South Bend, Indiana-based 1st Source Bank is reissuing its entire portfolio of debit cards after a hacker or hackers broke into a bank server containing debit card data. No fraud has been discovered as a result of the intrusion, a bank executive tells Digital Transactions News. The $4.5-billion-asset bank with 79 branches in northern Indiana and southern Michigan began alerting customers last month after an outside monitoring service it uses noticed on May 12 an unusual flow of data from a bank server containing debit card data, says the senior vice president of consumer and electronic banking. The bank notified law-enforcement authorities and hired outside forensic firms to analyze the breach. Exactly how the hackers tapped the server is not publicly known. They did, however, get Track 2 data contained on magnetic stripes, including account numbers, according to the official, as well as PINs in at least some cases. He would not disclose the size of the debit card file, but says the bank is reissuing all cards, which are MasterCard-branded, as a precaution. Source:

18. June 3, WAFB 9 Baton Rouge – (Louisiana) 11 people arrested in alleged identity theft ring. In total, eleven people are charged with obtaining and using financial information of more than 55 people and businesses throughout Louisiana. The case involves conspiracy, bribery, money laundering, and identity theft. The alleged ring leader managed to do all of this from prison and he has a long list of charges. An attorney says the ring leader bribed a prison guard to get his hands on cell phones. He would rally people to help him on the outside. Aside from a J.B Evans correctional officer, ten others were arrested for allegedly helping him. In one case, the group reportedly tried to steal $20 million from one victim’s bank accounts. Source:

19. June 3, SC Magazine US – (National) Spammers use hosted services to send unwanted mail. Spammers are increasingly turning to hosted services to ship out their junk mail, the latest threat report from MessageLabs revealed. The MessageLabs report also highlighted a new phishing trend in which criminals are promising environmental benefits for bank customers -- such as eliminating paper statements -- in exchange for providing their credentials. Source:

Information Technology

41. June 4, Associated Press – (International) New report identifies dangerous Web domains. Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are “.hk” (Hong Kong), “.cn” (China) and “.info” (information). Of all “.hk” sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of “.cn” sites and 11.7 percent of “.info” sites that way. A little more than 5 percent of the sites under the “.com” domain – the world’s most popular – were identified as dangerous. More spammers, malicious code writers and other cybercriminals can establish an online presence when domain name registry businesses cut requirements for registering a site in order to boost their profit and profile. The report does not identify domain name registration companies McAfee believes are responsible for those lapses. Hundreds, perhaps thousands, of companies register domain names; some are large and well known, while others are small and less reputable, offering their services cheaply and with flimsy or no background checks to lure in more customers. The McAfee report is based on results from 9.9 million Web sites that were tested in 265 domains for serving malicious code, excessive pop-up ads or forms to fill out that actually are tools for harvesting e-mail addresses for sending spam. Source:;_ylt=AuPMkJJI4GKE0X.lg22G2LSs0NUE

42. June 3, Associated Press – (International) EU sees security threats lurking in printers. Printers and copiers could be the weak link in many corporate cyber defenses, the European Union’s information security agency warned Tuesday. The EU said companies are often unaware of the dangers posed by printers that are connected to the Internet, which can serve as conduits to penetrate networks or a window to stored documents. The European Network and Information Security Agency also advised companies to take physical security precautions for their printers and copiers to prevent unauthorized access to documents or data cartridges. “Business in Europe must realize that printing and copying is not as safe as when Gutenberg started printing 540 years ago,” said the executive director of the agency. “Crucial company assets and confidential data” are at stake as even printers can get “hijacked,” he said. The agency surveyed 350 companies in France, Germany and Britain. Source:

Communications Sector

43. June 2, RCR Wireless News – (National) FEMA to oversee mobile-phone alert system. The Federal Emergency Management Agency said it will be the national coordinator for the mobile-phone alert system, after the agency earlier this year hesitated about taking on the role because of legal uncertainty. In doing so, FEMA touched off a minor controversy with the Federal Communications Commission. “FEMA supports the framework developed by the Federal Communications Commission for delivering cellular alerts and we have determined that we have both the necessary authorities and technical solutions to assume the responsibility as the federal cellular alert aggregator,” said FEMA’s assistant director of the National Continuity Programs Directorate. “We will work with DHS science and technology scientists to finalize the technical solutions and with the Federal Communications Commission as we make the alert aggregator operational.” She said FEMA, a unit of the Department of Homeland Security, will announce a common alerting protocol in the next 30 to 60 days and added that all the pieces should be in place to make the mobile-phone warning system operational 12 to 18 months from now. She told reporters a closer review — based in part on the technical solutions under development — indicated FEMA indeed has the statutory powers to be the federal aggregator/gateway for a mobile-phone alert system that would supplement and improve a Cold War-era public warning regime that is still largely broadcast-based. President Bush signed an executive order two years ago putting DHS in charge of modernizing the emergency alert system in the United States. Source: