Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 24, 2008

Complete DHS Daily Report for July 24, 2008

Daily Report

• More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity. (See item 10)

• The national stockpile of antidotes is being built, the federal government is working with companies to develop vaccines and antidotes to biological threats and more technology is needed to detect an airborne biological hazard. (See item 32)

Banking and Finance Sector


9. July 23, Deseret News – (National) FBI warns of new e-mail scam. The Salt Lake City office of the Federal Bureau of Investigation (FBI) is warning of an e-mail scam purporting to come from the FBI director. It claims that a large amount of money has been deposited into customers’ bank account and that the FBI wants to know if it is terrorist-related. “The FBI advises the best thing to do if you receive this e-mail or one similar is to immediately file a complaint with the FBI, then delete it and ignore it,” an FBI Special Agent said in a statement. Source: http://deseretnews.com/article/1,5143,700245267,00.html


10. July 23, Science Daily – (National) Potentially serious security flaws found in most bank websites. More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity. The study examined the Web sites of 214 financial institutions in 2006. These design flaws stem from the flow and the layout of these Web sites, according to the study. The flaws include placing log-in boxes and contact information on insecure web pages as well as failing to keep users on the site they initially visited. A researcher said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement. The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The design flaws that the team looked for are: placing secure login boxes on insecure pages, putting contact information and security advice on insecure pages, having a breach in the chain of trust, allowing inadequate user IDs and passwords, and e-mailing security-sensitive information insecurely. Source: http://www.sciencedaily.com/releases/2008/07/080722175802.htm


11. July 22, Web Host Industry Review – (National) Phishing attack uses Vegas theme. Internet intelligence firm Envisional has warned online banking customers about a new Vegas-themed phishing fraud that dupes them into revealing credit card information through fraudulent emails. The criminals behind the attacks claim to be from Visa, MasterCard and American Express and offer email recipients the chance to win $100,000 or an all-inclusive Las Vegas holiday package. Most phishing attacks come in the form of spam emails addressed to customers of a particular bank and manage to trick a few dozen victims. However, this new tactic threatens more victims, because it uses a single email to target online account holders with any one of 12 major banks, and appears to be more legitimate in that it allows the victim to personally select the right bank from a drop-down list. Envisional analysts say the latest email appears to be from an online travel website, with photos and write-ups depicting grand Las Vegas hotels. Those who click through to the website that offers further information are invited to choose their bank from a drop-down list, making them susceptible to phishing attacks. One further click takes them to a fraudulent web page that mimics the log-in page of the bank in question, with the username in one slot and password in the other. Source: http://www.thewhir.com/marketwatch/072208_Phishing_Attack_Uses_Vegas_Theme.cfm


Information Technology


36. July 23, Independent – (International) Virus ‘has infected major Government websites’. Key U.K. Government websites have been infected by a virus that allows cyber-criminals to steal browsers’ personal details, it was reported today. More than a thousand government and consumer sites are said to have been hit, including some run by the National Health Service and a local council. The Times Online said the hackers are Eastern European and that security experts estimate at least two million computers worldwide have been affected. It reports that the Asprox virus is unlink other viruses; it sits undetected on mainstream sites and automatically installs itself on a user’s computer potentially allowing the hackers to have access to financial information. The director of malware research at SecureWorks, said Asprox “appears to be trying to build up the size of the botnet, infecting people through web pages by adding an IFRAME.” According to securecomputing.net, the attacks occur on websites that are running Microsoft SQL-SVR (Server) that already have some sort of vulnerability. Source: http://www.independent.co.uk/news/uk/home-news/virus-has-infected-major-government-websites-875306.html


37. July 23, IDG News Service – (California) San Francisco’s mayor gets back keys to the network. San Francisco’s mayor met with a jailed IT administrator on Monday, convincing him to hand over the administrative passwords to the city’s multimillion-dollar wide-area network (WAN). The man made headlines last week when he was arrested and charged with four counts of computer tampering, after he refused to give over passwords to the Cisco Systems switches and routers used on the city’s FiberWAN network, which carries about 60 percent of the municipal government’s network traffic. Childs, who managed the network before his arrest, has been locked up in the county jail since July 13. The mayor secured the passwords without first telling Department of Telecommunications and Information Services (DTIS) about the meeting, according to DTIS’ chief administrative officer. The department now has full administrative control of the network, he said in an interview Tuesday night. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110520&taxonomyId=17&intsrc=kc_top


38. July 23, IDG News Service – (National) With DNS flaw now public, attack code imminent. One day after a security company accidentally posted details of a serious flaw in the Internet’s Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon. Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said the chief technology officer at security vendor Immunity Inc. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. The author of one widely used hacking tool said he expected to have an exploit by the end of Tuesday. In a telephone interview, the author of the Metasploit penetration testing software agreed that the attack code was not going to be difficult to write. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110521&taxonomyId=17&intsrc=kc_top


Communications Sector

39. July 23, Buffalo News – (New York) Strike possible Aug. 2 at Verizon. Union workers at Verizon have authorized a strike if talks fail to reach an agreement with the phone company by August 2, when the current contract expires. The Communications Workers of America (CWA) approved the strike authorization by a 91 percent vote, the union said Monday. Another phone-workers union, the International Brotherhood of Electrical Workers (IBEW), previously authorized a strike on July 11 if talks fail. The CWA and the IBEW are in talks with Verizon to replace their current five-year contracts. A total of 65,000 union workers from Virginia to Maine are covered by contracts that expire August 2. In Western New York, the two unions represent nearly 2,800 workers who install lines, maintain equipment and answer customer service calls at Verizon. Verizon said that contingency plans are in place to continue phone service in the event of a strike, and called the authorization votes a routine action. Source: http://www.buffalonews.com/145/story/397752.html

40. July 23, Tech Herald – (National) RIM offers critical patch for BlackBerry. Research in Motion (RIM) has released a security patch for businesses that rely on its BlackBerry PDA. The patch addresses vulnerabilities in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5 and BlackBerry Professional Software 4.1.4.A vulnerability exists in the PDF distiller of some versions of the BlackBerry Attachment Service. An e-mail message containing a specially crafted PDF file, which, when opened for viewing on a BlackBerry, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. Rated ‘Critical,’ with a Common Vulnerability Scoring System (CVSS) score of 9.0, RIM advises everyone to patch as soon as possible. Source: http://www.thetechherald.com/article.php/200830/1554/RIM-offers-critical-patch-for-BlackBerry-Brief

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 23, 2008

Complete DHS Daily Report for July 23, 2008

Daily Report

• The U.S. Nuclear Regulatory Commission proposed a $9,600 fine against Source Production and Equipment Co., Inc. in Louisiana, for failing to comply with NRC safety requirements regarding the use of a specific shipping package for transporting radioactive material. (See item 4)

• Government inspectors found the same bacteria strain on a single Mexican-grown jalapeno pepper handled in Texas and issued a stronger warning for consumers to avoid fresh jalapenos. (See item 23)

Banking and Finance Sector



9. July 22, Tampa Tribune – (Florida) Negligent Florida let criminals infect mortgage industry. A Miami Herald investigation has found that from 2000 to 2007, regulators approved 10,529 people with criminal records to work in the mortgage profession. Some of these criminals committed nearly $85 million in mortgage fraud, stealing customers’ identities, their savings and even their homes. Regulators ignored a state law adopted in 2006 requiring criminal background checks on mortgage brokers. The backgrounds of more than half the people who wrote mortgages in Florida were never checked. Despite the epidemic of mortgage fraud in recent years, license revocations declined during the last five years. And regulators allowed at least 20 brokers to keep their license after committing fraud. The Herald also found more than 5,000 people with criminal records became loan originators between 2000 and 2007 - including 2,201 who had committed financial crimes such as “fraud, money laundering and grand theft.” Source: http://www2.tbo.com/content/2008/jul/22/na-negligent-florida-let-criminals-infect-mortgage/


10. July 21, KING 5 Seattle – (Washington) Dozens of bank accounts drained in debit card scam. Dozens of victims have come forward after their bank accounts were drained by thieves. At least 75 people fell victim to a scam by simply using their debit card at a gas station and detectives expect many more reports to come in. Over the Fourth of July weekend, a highly organized group using stolen debit card information withdrew thousands of dollars from Pierce County, Washington, citizens’ bank accounts. The information was obtained by using electronic skimming machines placed on gas pumps at an ARCO gas Station in Pierce County. Detectives believe the information was stolen in August 2007. Almost a year later, the information was used at multiple banks to withdraw thousand of dollars from each account. This was done over the three-day weekend to avoid detection. The card numbers and pins were trapped and stolen at the station and were used at ATMs throughout the King County area. Most card loses are around $1,200, but some are much higher – up to $4,000, depending on account balance or overdraft rules. If anyone has used that ARCO station during that time frame, they should contact their financial institution and get a new card issued. Source: http://www.king5.com/localnews/stories/NW_072108WAB_credit_card_scam_KC.7bbe6bc4.html


11. July 21, Better Business Bureau Connecticut – (National) BBB Connecticut reports rogue debt collectors breaking the law. As Americans struggle to cope with rising debt loads, complaints to Better Business Bureaus about some debt collection practices increased 26 percent in 2007. Consumers’ most common complaints concern rude telephone calls, threats to have them arrested, using other forms of intimidation and violating federal law by ignoring the Do Not Call Registry. Some victims have even received repeated telephone calls on their cellular and home telephones. According to the Connecticut Better Business Bureau President, so-called third party debt collectors are going far beyond what the law permits them to do. Under the Fair Debt Collection Practices Act, debt collection companies are prohibited from abusive tactics to frighten people in debt, and obliged to treat debtors fairly. Some of the worst cases involve collectors calling neighbors, friends and employers in an effort to shame debtors into paying up. Consumers have a right to a written notice within five days after being contacted by a debt collector spelling out the name of the company, how much money they owe and how they can contest their claim if they believe they do not owe the amount stated in the document. Collectors are not allowed to contact consumers after receiving a letter asking them to stop, though they may still inform them what action they intend to take. Source: http://www.pr.com/press-release/96063


Information Technology


37. July 21, IDG News Service – (National) Details of major Internet flaw posted by accident. A computer security company on Monday inadvertently published details of a major flaw in the Internet’s Domain Name System (DNS) several weeks before they were due to be disclosed. The flaw was discovered several months ago by an IOActive researcher, who worked through the early part of this year with Internet software vendors such as Microsoft, Cisco, and the Internet Systems Consortium to patch the issue. The companies released a fix for the bug two weeks ago and encouraged corporate users and Internet service providers to patch their DNS systems as soon as possible. Although the problem could affect some home users, it is not considered to be a major issue for consumers. At the time he announced the flaw the researcher, who had planned to disclose details of the flaw during a presentation at the Black Hat security conference set for August 6, asked members of the security research community to hold off on public speculation about its precise nature in order to give users time to patch their systems. Some researchers took the request as a personal challenge to find the flaw before the talk. On Monday, the CEO of Zynamics.com (who uses the hacker name Halvar Flake) took a guess at the bug. His findings were quickly confirmed by Matasano Security in its Eastern publication. Matasano’s post discusses the technical details of the bug, saying that by using a fast Internet connection, an attacker could launch what’s known as a DNS cache poisoning attack against a Domain Name server and succeed, for example, in redirecting traffic to malicious Web sites within about 10 seconds. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110418&taxonomyId=17&intsrc=kc_top


38. July 21, IDG News Service – (National) Ex-Microsoft manager gets 22 months for fraud. The woman formerly responsible for managing Microsoft Corp.’s Internet domain names was sentenced to nearly two years in prison for bilking the software maker out of $1 million in fake registration fees. The woman, a former program manager at Microsoft’s MSN division, pleaded guilty in January to charges that she used her position within the company to run a number of scams between 2000 and 2004. On Friday, she was sentenced to 22 months in prison, followed by three months of supervised release, and ordered to pay $923,641 in restitution. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110384&taxonomyId=17&intsrc=kc_top


Communications Sector


39. July 20, Al Bawaba – (International) Omantel signs agreement to extend fiber optic submarine cable to Omani coasts. Oman Telecommunications Company (Omantel) and Middle East and North Africa Company (MENA) of Egypt have recently signed an agreement on the landing of a submarine fiber optics cable on the Omani coasts to enhance international telecommunications traffic between the Sultanate of Oman and the world. The chief executive officer of Omantel stressed the importance of the agreement as it would introduce huge capacities for submarine cables in the Sultanate. The project would provide great services for international telecommunications traffic, especially the Internet, through fiber optics in case of any cable cutoffs. It would provide alternative lines for international telecom network, as well as upgradable transmission facilities in support of Internet, e-commerce, video, data, and voice. The total cost of the project is about 400 million U.S. dollars. The 8000-kilometer long cable, which would provide a total capacity of 5.7 terra bytes, will arrive at Wilayat Al Seeb during the third quarter of 2009. Source: http://www.albawaba.com/en/countries/Oman/232383