Thursday, July 17, 2008

Complete DHS Daily Report for July 17, 2008

Daily Report

• In its first regulations on the burial of carbon dioxide underground, the Environmental Protection Agency on Tuesday unveiled measures to protect drinking water from carbon dioxide. (See item 5)

• The Federal Aviation Administration announced Tuesday its plans to require that the safetyof thousands of airline jet fuel tanks be upgraded to prevent explosions like the one that downed TWA Flight 800 in 1996. (See item 19)

Banking and Finance Sector

12. July 16, Finextra – (National) U.S. bank fraud prevention spending on the rise – Gartner. According to a survey conducted by Gartner in March of 2008, about 60 percent banks expect to spend even more on fraud detection and customer authentication in 2009 than in 2008. This percentage rises to 71 percent among large banks with consumer deposits of more than $150 billion. About 20 percent of these banks expect spending to rise significantly. According to the survey, online banking fraud detection is the most widely implemented fraud management system across U.S. banks, followed closely by stronger consumer authentication at banks’ Web sites. Over the next two years, the most pervasive plans for new fraud prevention and customer-security-related projects include stronger caller authentication for customers that telephone call centers; enterprise fraud detection that manages fraud across customer channels and accounts; and a case management system for managing fraud. The president and distinguished analyst at Gartner said that, on average, banks tend to consider their Web channels to be more secure than their phone channels. Nevertheless, in 2008, most banks say they will spend more money on Web fraud detection than on call center fraud detection, which acknowledges that the Web channel is generally more vulnerable when it comes to outright monetary theft or account surveillance. Source:

13. July 16, Guardian – (International) Cybercrime: Teenage hacker in global scam discharged. A teenager from New Zealand who was accused of stealing millions of pounds has been discharged without a conviction, despite pleading guilty to hacking into computers around the world. The suspect was arrested last November after an investigation by New Zealand and Dutch police, the FBI and the US Secret Service, and was accused of leading computer hackers who had stolen more than £12m from victims around the world. He admitted accessing a computer for dishonest purposes, accessing computer systems without authorization, interfering with computer systems and possessing software with the intent to commit crime. His case was part of a crackdown on the ring, which has seen eight people around the world charged or convicted since last year. Thirteen others are subject to arrest warrants. The ring, said police, had built a network of more than a million zombie computers - a botnet - to steal credit card information, manipulate stock trades and crash the systems of large companies. Source:

14. July 16, CNNMoney – (National) SEC to limit Fannie, Freddie short sales. The Securities and Exchange Commission (SEC) has issued an emergency order to bolster investor protections against so-called ‘naked’ short selling of mortgage financiers Fannie Mae and Freddie Mac. ‘Naked’ short selling occurs when traders sell stocks short without actually owning or borrowing them. The SEC said it will require traders to borrow Fannie and Freddie stocks before selling them short, and they will be required to deliver the stocks at settlement. The requirement takes effect at 12:01 a.m. ET on July 21. The SEC order prevents the naked short selling of 19 firms in all. In addition to Fannie and Freddie, the order applies to BNP Paribas Securities Corp., Bank of America Corp., Barclays PLC, Citigroup Inc., Credit Suisse Group, Daiwa Securities Group, Deutsche Bank Group AG, Allianz SE, Goldman, Sachs Group, Royal Bank ADS, HSBC Holdings PLC ADS, J.P. Morgan Chase, Lehman Brothers Holdings, Merrill Lynch & Co., Mizuho Financial Group, Morgan Stanley and UBS AG. Source:

15. July 15, ABC News – (National) Who’s next? List of troubled banks worries Wall Street, DC. While the Federal Deposit Insurance Corporation (FDIC) is keeping secret its official list of 90 troubled banks, ABC News has obtained other lists prepared by several research groups and financial analysts. The lists use versions of the so-called “Texas ratio” which compare a bank’s assets and reserves to its non-performing loans, based on financial data made public by the FDIC in March. Analysts say banks with a ratio over 100 per cent would be the most likely to fail, based on what happened to Texas savings and loans during the 1980’s. At the top of the list was ANB Financial National Association of Bentonville, Arkansas, with a 344 ratio. The bank failed earlier this year and was later taken over by a Louisiana bank. The banks on the list are FDIC-insured, meaning that depositors with less than $100,000 would be covered should their banks go under. Source:

16. July 15, Bakersfield Californian – (National) Social Security warns of scam. The Social Security Administration is warning locals not to give out personal information to people claiming on the telephone to be from the agency. The warning comes after several people, including one from Delano, California, got caught in a scam. The bottom line, said a Social Security Administration spokeswoman: The agency does call people, but never asks for their name, Social Security number and bank account information as the scammers are doing. The official said the perpetrators claim they need the information to issue additional funds or rebates or because a computer glitch erased your data. There has been a similar scam via e-mail. When Social Security does need to update people’s information, she said, it notifies them by mail or phone before a personal visit is made. Source:

17. July 15, Crookston Daily Times – (National) CPD: FBI call is a scam. Crookston Police Department (CPD) chief wants the public to know that if they receive a call from the FBI about some of your money that has been recovered, they should not fall for it. The tactic is currently being used in this area, a CPD release states. Some people have received phone calls from a person pretending to be a representative of the Federal Bureau of Investigation. The person states that the FBI has recovered some money that has been taken from their bank account, and that the agency needs their bank account routing number in order to return the money to their account. Source:

Information Technology

36. July 16, Republican-American – (National) UPS warns of fake e-mail with real virus. United Parcel Service (UPS) issued a warning Tuesday about fake UPS e-mails that have a real computer virus attached. The e-mails claim to be from “UPS Packet Service” and state that the person receiving the e-mail sent a parcel that could not be delivered because of an incorrect address. The e-mail instructs the reader to open an attachment that contains a copy of the invoice. The attachment, though, instead contains a virus that can wreak havoc on a computer, according to comments posted on the Yahoo! Answers Web site. In a notice posted on its Web site, UPS said it is aware of the fake e-mail and recommends that anyone receiving it delete it without opening the attachment. Source:

37. July 16, Computerworld – (National) Mozilla patches Firefox side of Safari ‘carpet bomb’ threat. Mozilla Corp. has patched a pair of critical vulnerabilities in Firefox, taking the unusual step of updating the older version 2.0 on Tuesday but delaying the fixes for the newer version 3.0 until Wednesday. Both updates, labeled Firefox and Firefox 3.0.1, plug two holes rated “critical” by Mozilla, which uses a four-step threat ranking system. Firefox was posted to Mozilla’s servers Tuesday afternoon. Firefox 3.0.1, the first update since the open-source browser was upgraded almost a month ago, won’t reach users until Wednesday at the earliest, according to notes from a Mozilla status meeting published online. One of the flaws patched in and 3.0.1 was credited to a security researcher, who wrote last month about a “blended” threat to Windows users who had both Apple Inc.’s Safari browser and Firefox installed on the same system. Then, he said that Safari’s “carpet bomb” bug – first disclosed in May and patched in June by Apple – could be combined with other vulnerabilities to attack not only systems with Microsoft Corp.’s Internet Explorer, but also those equipped with Firefox. Source:

38. July 16, Times of Zambia – (International) Organized crime turns to malware. Cyber criminals are changing tactics by using malicious software (malware) as a tool for profit — and the trend is set to increase as hacking becomes easier. A security intelligence report by Microsoft has found that detection of malicious software rose by more than 300 percent from the second half of 2006 to last year. Malicious software is software designed to infiltrate or damage a computer system without the owner’s informed consent. A security specialist at Microsoft, said Tuesday: “We found that when a computer crashes, is slow or doesn’t work properly, 80 percent of the time it was because of presence of malware. Criminal gangs and organized crime syndicates such as the mafia and Russian mob are increasingly diversifying into cybercrime, funding malicious attacks on banks and other organizations with valuable information. There is a move away from pranksters who penetrate systems so they can brag about their feats, to more discreet spying or phishing to obtain users’ personal information and passwords. The report showed a 66.7 percent increase in the number of potentially unwanted software detections (programs that may impact on user privacy or security). For the second half of last year, a total of 129.5 million pieces of potentially unwanted software was detected. Source:

39. July 15, Computerworld – (International) Apple botches iPhone patching, says researcher. Apple took more than three months to patch an iPhone vulnerability, even though it had technical details of the bug and had crafted a fix for Mac OS X, the researcher who reported the flaw said Tuesday. “For three months I was walking around with a vulnerable iPhone. They had the vulnerability and the exploit, they understood the exploit because they patched it on Mac OS X, but then they said that they didn’t know that [the iPhone] was vulnerable,” the researcher said. The WebKit vulnerability, which Apple patched last Friday as part of the iPhone 2.0 update, was reported the company in late March after the researcher used it to hack a MacBook Air notebook on March 27 during the “PWN to OWN” contest held at the CanSecWest security conference. Source:

Communications Sector

40. July 16, InfoTech and Telecom News – (National) FCC takes second shot at D-block auction. The Federal Communications Commission (FCC) is making another attempt to auction the “D-block” spectrum and has issued a request for public comment on the idea. The May 14 FCC request came in the wake of the otherwise-successful spectrum auction held in March 2008. By the end of FCC’s auction of the 700 MHz part of the analog spectrum, the commission had earned a record high $19.1 billion, but it failed to sell a significant part of the spectrum--the 10 MHz D-block. The sale of the D-block would have required the buyer to build and operate a nationwide wireless system to be used mainly for public safety communications in addition to commercial wireless communications. According to the FCC’s commissioner, the successful sale of the D-block and construction of a wireless network dedicated to public safety was one of the most important parts of FCC’s plan for auctioning parts of the analog spectrum, which will be vacated by the mandatory switch to digital television broadcasts in February 2009. One bid was submitted for the block, but it was for far less than the $1.3 billion reserve price, so the spectrum segment went unsold. FCC is planning a new auction and has been taking comments and suggestions about how the D-block should be used. Some ideas offered include a public-private partnership to build a wireless public-safety network, similar to the original plans, or a national wireless Internet system. Source:

41. July 15, IDG News Service – (California) IT admin locks up San Francisco’s network. A network administrator has allegedly locked up a multimillion-dollar computer system for the city of San Francisco that handles sensitive data, and he is refusing to give police the password. The man was arrested Sunday and has been charged with four counts of tampering with a computer network. According to the office of San Francisco district attorney the man made changes to the city’s Fibre wide area network (WAN), allegedly rendering it inaccessible to administrators. He also “set up devices to gain unauthorized access to the system,” the DA’s office said in a statement. The Fibre WAN is used to connect computers in buildings throughout the city and carries about 60 percent of the networking traffic for the city government. On Tuesday it was functioning normally, but the city no longer has administrative access to the switches and routers on the network, according to the chief administrative officer with the city’s Department of Telecommunication Information Services. Source: