Tuesday, June 10, 2008

Daily Report

• Fox News reports that ConEdison, American Superconductor, and the U.S. Department of Homeland Security plan to launch a program, which will provide a new electrical superconducting cable in the New York City area. The change will link up substations and allow them to share excess capacity in case of natural disasters and terrorist attacks. (See item 4)

• According to ABC News, the FBI is warning computer users about fake e-mails purporting to be from the FBI’s Internet Fraud Complaint Center and the British government. The new scam claims to involve a reimbursement of funds lost from Internet fraud. (See item 15)

Banking and Finance Sector

11. June 9, Contractor UK – (International) Hackers disable anti-crime website. Hackers have defaced one of the United Kingdom government’s websites to tackle crime in an attempt to steal the bank account details of up to 20 million people. They effectively disabled the Home Office’s ‘crime reduction’ website last Sunday by superimposing on it a web page from Poste, an Italian bank, for about 12 hours. Posing as the bank, the hackers then emailed millions of its customers and instructed them to visit and use the page to enter their details as part of an account update. Poste was not immediately available to comment, though one former hacker said the attempted fraud seemed more of an attack on the Home Office than the bank. The Home Office has reportedly responded to last Sunday’s breach by undertaking a review of website security. Source: http://www.contractoruk.com/news/003824.html

12. June 8, Associated Press – (National) Feds investigating Chattanooga trader for investment scam. Federal investigators are looking into more than 100 reports of an investment scam involving a Chattanooga, Tennessee, foreign currencies trader with offices in multiple states. A South Carolina FBI agent confirmed the investigation into the business practices of a suspect as creditors are currently seeking relief in U.S. Bankruptcy Court. A U.S. Bankruptcy Judge issued an order Friday allowing an interim trustee to begin taking possession of his bank accounts and other property. A Chattanooga attorney filed a petition for involuntary bankruptcy last month on behalf of four out-of-state creditors who say they are owed a combined $1.1 million. He said based on e-mails from other investors that the amount could reach $10 million. The suspect had offices in Chattanooga, Spartanburg, South Carolina, Orlando, and Tulsa, Oklahoma, but they are all closed and he could not be reached for comment. Source: http://www.knoxnews.com/news/2008/jun/08/feds-investigating-chattanooga-trader-investment-s/

13. June 8, Consumer Affairs – (National) Report: Data breach disclosure laws don’t slow down identity theft. In the wake of the many high-profile data breaches, lost laptops, and other exposures of personal information, the conventional wisdom has been to pass laws governing how data is controlled. These laws emphasize security and notifying affected individuals that their data has been compromised. But a new research report claims that data breach disclosure laws have no measurable effect on cases of identity theft, due to the many factors that hinder accurate reporting of cases of identity theft and connecting them to known breaches. A research team at Carnegie Mellon University used data on identity theft supplied by the Federal Trade Commission (FTC) and performed analyses of states that had passed legislation governing data breaches from 2002 to 2006. According to the researchers, “We [found] no statistically significant effect that laws reduce identity theft, even after considering income, urbanization, strictness of law and interstate commerce.” An official survey released in 2007 by the FTC found that 8.3 million Americans claimed to be a victim of identity theft or related crimes. The team noted that the reliance on FTC data may harm their ultimate conclusions. The team also noted that consumers affected by breaches may not be doing enough to protect themselves or their information, and that companies may comply with breach laws, but do not exert enough serious effort to improve security procedures. The report also supports industry assertions that corporate data breaches, such as outside attacks or lost laptops, may not be as large a contributor to identity theft as other forms of theft. Source: http://www.consumeraffairs.com/news04/2008/06/data_breaches.html

14. June 7, Journal Gazette – (Indiana) ID scam hijacks Grabill Bank’s ID. Identity thieves are using Grabill Bank’s name in a flurry of e-mails, text messages, recorded phone messages, and live phone calls trying to trick area residents into revealing their personal financial information. Grabill’s executive vice president said she has no clue why the subsidiary of Fort Wayne, Indiana-based, Independent Alliance Banks Inc. was targeted. The scammers used a forceful approach Wednesday, Thursday, and Friday sending a deluge of messages. Some found Grabill Bank customers, but many others reached people who do not do business with the bank. Bank officials have worked with the Federal Trade Commission to shut down the website link included in some messages and the phone numbers mentioned in others, she said. At least one of the phone numbers had a Southern California area code. Bank officials also notified the Better Business Bureau of Northern Indiana. Source: http://www.journalgazette.net/apps/pbcs.dll/article?AID=/20080607/BIZ/806070369

15. June 6, ABC News – (National) Scammers send bogus FBI e-mails. In the latest of what seem to be an increasing number of Internet scams using official government logos, the FBI is warning computer users about fake e-mails purporting to be from the FBI’s Internet Fraud Complaint Center and the British government. The new scam claims to involve a reimbursement of funds lost from Internet fraud. The fake notice informs recipients, “The approved committees have approved the sum of $35,000.00 (Thirty five thousand dollars) for your scam compensations the bank of England [sic] will be contacting you soon to remit the approved amount to your account.” The scam notice indicates that failure to comply will place the funds on hold and a penalty will be applied to the recipient’s bank account. Source: http://abcnews.go.com/TheLaw/story?id=5018654&page=1

Information Technology

35. June 9, Security Pro Portal – (International) Security firm issues warnings over systemic web security vulnerability. Application vulnerability specialist Fortify Software has issued a warning about a bug in Web authorization technology. The problem, says Fortify’s director of product marketing, lies with the VBAAC (Verb-based access and authentication control) aspect of Web security technology. “The flaw is unusual in being systemic and therefore not directed at any one vendor’s products, and is essentially a bug in a security feature,” he said, adding that the most popular J2EE container applications all have the flaw inherent in their authorization procedures. The flaw allows hackers to manipulate the http: verb to by-pass otherwise effective security controls. “For example, a piece of http: code might seek to limit access to a given directory except for users logged in with ADMIN rights. Exploiting the flaw means that, instead of blocking approaches not specified in a security rule, the code allows almost any method that is not specified,” he said. Using this approach leaves the system open to infection by malware, or perhaps worse, by listing specific methods in the security rule, software developers end up opening the system a lot wider than they originally intended,” he added. Source: http://security.itproportal.com/articles/2008/06/09/security-firm-issues-warnings-over-systemic-web-security-vulnerability/

36. June 9, The State – (South Carolina) USC warns personal data may be on stolen computer. The University of South Carolina is warning about 7,000 faculty, staff and students that some of their personal information was on a desktop computer stolen from an office at the business school. The university spokesman said that over the Memorial Day weekend, several items were stolen from an office in the Moore School of Business. While university officials have no evidence anyone’s personal information was accessed, they will be notifying about 130 faculty and staff at the Moore School, and just under 7,000 students whose data was contained in the computer Source: http://www.thestate.com/breaking/story/428754.html

Communications Sector

37. June 9, CNet News – (National) Cell phone operators cautiously embrace Wi-Fi. U.S. cell phone operators are starting to embrace Wi-Fi in order to extend the reach of their high-speed wireless networks cheaply, but some are being more cautious than others. Wi-Fi is an inexpensive way to improve in-home coverage. Wi-Fi allows operators to leverage a high-speed wireless network that already exists in consumers’ homes. Also, because Wi-Fi mobile services are delivered over a consumer’s own broadband connection, it reduces the transport cost that the carrier has to pay to get the traffic from the cell tower to its wired backbone network. Some experts say that Wi-Fi can actually help reduce this so-called backhaul expense by a factor of about 10. T-Mobile USA was the first major U.S. wireless carrier to see the merits of using Wi-Fi. Last year the German-owned phone company, which is the fourth largest mobile operator in the U.S., launched its Hotspot @Home service that automatically switches between subscribers’ home Wi-Fi networks and its cellular network. For $10 more a month, subscribers are able to talk as much as they like while on the Wi-Fi network. While it looks like other carriers are taking similar actions, some operators, like AT&T, are hesitating when it comes to offering Wi-Fi services for handsets in fear of cannibalizing existing portions of their business models. Recently, however, AT&T said it would allow its broadband subscribers and 3G, or third-generation, laptop data users free access to its 17,000 Wi-Fi hot spots around the country. Source: http://news.cnet.com/8301-10784_3-9962474-7.html