Department of Homeland Security Daily Open Source Infrastructure Report

Monday, February 1, 2010

Complete DHS Daily Report for February 1, 2010

Daily Report

Top Stories

 The Associated Press reports that an Amtrak passenger who alarmed fellow passengers in Colorado by talking about terrorist threats on a cell phone was pulled from the train and faces a felony charge of endangering public transportation. He was arrested Tuesday on an Amtrak passage from Los Angeles to Chicago. (See item 21)


21. January 29, Associated Press – (Colorado) Amtrak passenger carrying anarchist literature detained in Colorado after overheard threats. An Amtrak passenger who alarmed fellow passengers in Colorado by talking about terrorist threats on a cell phone was pulled from the train and faces a felony charge of endangering public transportation. The 64 year-old suspect, who was recently released from prison, was arrested Tuesday on an Amtrak passage from Los Angeles to Chicago. Passengers on the train alerted authorities after hearing the man from Elizabeth, New Jersey, mention al-Qaida and make threats in a cell phone conversation. Police said in an affidavit that passengers overheard the suspect saying he hadn't killed anyone yet, and that he talked about going to jail. Passengers say the man said, "We have to work in small groups. They can hold you for 18 months. Do they have security on these trains? Are you with me or not?" One passenger said he heard the suspect mention al-Qaida, saying, "17th century tactics won't work, we have 21st century tactics." The conductor said the suspect had a tan blanket over his entire body so the conductor could not see what he was doing. The suspect was taken into custody at the La Junta train station in southeastern Colorado. Police said he was not armed or carrying explosives. He was carrying propaganda for an anarchist group called Afrikan Liberation Army. The suspect was released Thursday night after posting $30,000 bond, said the Otero Country sheriff. The suspect's next court date in Otero County District Court is February 5. An FBI spokeswoman did not immediately have any information. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-colorado-train-threat,0,7652045.story


 The Register reports that the Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that is bombarding their Web sites with millions of compute-intensive requests. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo. (See item 37)


37. January 29, The Register – (International) CIA, PayPal under bizarre SSL assault. The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that is bombarding their websites with millions of compute-intensive requests. The "massive" flood of requests is made over the websites' SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo. "What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses," a Shadowserver researcher wrote. "This might be a big deal if you're used to only getting a few hundred or thousands of hits a day or you don't have unlimited bandwidth." Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org. It is not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect, and then repeat the cycle. They do not request any resources from the Web site or do anything else. "We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either," he wrote. Security mavens are not sure what targeted sites can do to thwart the attacks. Changing IP addresses may provide a temporary reprieve. Source: http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/


Details

Banking and Finance Sector

10. January 29, SC Magazine – (Oklahoma; National) Financial sites hit by malware and phishing scams as tax weekend beckons. As the deadline for global tax returns to be filed ends this weekend, residents of the US state of Oklahoma have been hit by a security scare. The chief research officer at AVG, detected that the Oklahoma State Tax website was hacked and infective recently, warning users not to go there ‘because until they clean it, it is dangerous'. When visited, the standard home page was present but an Adobe licence agreement appeared encouraging users to accept it. The researcher said that a look at the source reveals code ‘which is probably the culprit'. He said: “It's a simple hack, and probably just happened on January 27th because lots of our users are reporting it today. I expect that the web guys at OK Tax will remove the hacked html pretty quickly, but the bigger issue will be figuring out how the bad guys got in." In another incident, a security researcher at M86 Security, detected that the American Bankers Association (ABA) has been used as a lure by the Pushdo/Cutwail/Zeus gang, as spam was sent this week informing the recipient of an ‘unauthorised transaction billed to your bank card'. A link, along with financial details, is given which leads to the ABA website with the amount of the transaction and transaction ID. the security researcher said that clicking on the 'Generate Transaction Report' will prompt you to download the file transactionreport.exe, and this is the Zeus/Zbot Trojan horse. Source: http://www.scmagazineuk.com/financial-sites-hit-by-malware-and-phishing-scams-as-tax-weekend-beckons/article/162618/


11. January 29, North Carolina Bankers Association – (North Carolina) NC bankers and the FBI escalate war on bank robbers. The FBI and the North Carolina Bankers Association have joined forces to launch a new weapon to wage war on bank robbers. In December 2009, the FBI and NCBA unveiled a new web site, www.ncbankrobbers.com, as way to quickly get the word out when a bank robbery occurs. The web site is designed to provide information about the cases by including photographs, videos and other important details about the robbery. When the new web site was launched, officials expressed the hope it would reduce bank robberies. The SVP and Regulatory Counsel with the North Carolina Bankers Association said, "We hoped the web site would increase the odds against bank robbers. But the results have exceeded our expectations. It looks like we're on to something." The SVP is referring to the recent arrest of the so-called "Bearcat Bandit." According to press reports, only minutes after he attempted a robbery at a BB&T office in Mocksville, North Carolina, last Christmas Eve, a witness recognized the robber from the newly-launched website and called the police. The robber was promptly arrested at a local gas station and now faces multiple state and federal changes. The arrest of the Bearcat Bandit made him the fifth suspect featured on the website to be captured since the website was launched less than 60 days ago. Source: http://www.1888pressrelease.com/nc-bankers-and-the-fbi-escalate-war-on-bank-robbers-pr-181424.html


12. January 29, Milton Patriot Ledger – (Massachusetts) Police break scary ATM skimming ring in Greater Boston. Police say they have made the first dent in a sophisticated scheme to drain people’s bank accounts. The Bulgarian native arrested in Quincy and charged with trying to use a forged ATM card at a Citizens Bank on Hancock Street is part of a much larger operation of so-called skimmers, police say. Skimming is the practice of using bank-card readers to swipe people’s account information off ATM cards and capturing PIN numbers with tiny cameras. The information is then downloaded to a blank gift card or store card – any card with a magnetic strip will do – and used with the PIN number to access bank accounts. So far, police say, the skimming operation uncovered in Quincy has netted thieves hundreds of thousands of dollars across eastern Massachusetts. A Quincy police sergeant is among those whose information was stolen. At the time of his arrest, authorities say, the suspect was carrying eight Dunkin’ Donuts gift cards that had been re-coded with people’s bank card information. He was arraigned on January 28 in Quincy District Court for larceny over $250, improper use of a credit card, larceny of a credit card, and identity fraud. He also faces charges out of Milton. Source: http://www.wickedlocal.com/milton/news/x1685422766/Police-break-scary-ATM-skimming-ring-in-Greater-Boston


13. January 28, U.S. Department of Justice – (Texas) Texas attorney convicted for role in pump-and-dump stock manipulation schemes. A 51 year old from Dallas was indicted on March 12, 2009, and on January 28 was found guilty of one count of conspiracy to commit registration violations, securities fraud and nine counts of wire fraud. According to court records and evidence at trial, the defendant, an attorney in Dallas and a former attorney with the SEC, was retained by Phoenix attorney who pleaded guilty in March 2009 in the Eastern District of Virginia to conspiracy to commit securities fraud. According to the indictment, from approximately March 2004 through October 2004, the pair evaded federal securities registration requirements and provided co-conspirators with millions of unregistered and “free-trading” shares of nine companies’ common stock that the co-conspirators could not have otherwise legally obtained. Many of the shares were subsequently sold by co-conspirators to investors in the general public. By evading the registration requirements, the co-conspirators were able to hide from the investing public the actual financial condition and business operations of the companies. In connection with Emerging Holdings, MassClick and China Score, evidence at trial showed that the defendant knowingly participated in a conspiracy known as a ”pump-and-dump” scheme to manipulate the price of these companies’ securities. Co-conspirators falsely manipulated the price and volume of some of the companies’ stock by making materially false and misleading statements in press releases and in spam e-mails to tens of millions of e-mail addresses throughout the United States in an effort to create artificial demand for the three companies’ stock. Source: http://www.justice.gov/opa/pr/2010/January/10-ag-101.html


14. January 28, NationalCreditReport.com – (National) NationalCreditReport.com issues consumer advisory to warn consumers about credit report scams originating from Craigslist. NationalCreditReport.com issued a consumer advisory Thursday warning consumers of credit report scams. Consumers may become victims of such scams on Craigslist and other online classified listing sites as a result of responding to what they believe is a legitimate rental property or job posting. The scams appear on Craigslist and other classified websites offering an apartment for rent or a job posting and consumers respond to the listings via email. Once the consumer's inquiry is received, the consumer then becomes engaged in what they believe is legitimate communication between a potential employer or property manager. The alleged employer or property manager will include a link to a free credit report website, asking the consumer to go to the site to get their free report. The consumer is then instructed to email their credit report and/or credit score to the potential employer or property manager so they can "verify their employment or housing history" and proceed with the job or apartment application process. NationalCreditReport.com does not authorize or condone this type activity and warns all consumers not to share their credit report or credit score with anyone they do not know, as this is an open invitation for credit fraud and identity theft. Sites such as Craigslist.com have also recognized credit report scams and posted their own warnings such as this one to guide the public. www.craigslist.org/about/scams. Source: http://www.pr-inside.com/nationalcreditreport-com-issues-consumer-r1692226.htm


15. January 28, KNXV 15 Phoenix – (Arizona) PD: Man tries to rob Surprise bank using fake explosives. Officials say a man was arrested on January 28 after it was discovered he tried to rob a Surprise bank using a fake explosive device. A Surprise police department spokesperson said when officers first encountered the suspect, he told police he had been robbed and officers noticed cuts on the man's arms. After the suspect was escorted to the hospital, police discovered a suspicious device in his possession. The spokesman said the Glendale police department bomb squad was called in to investigate the device. Crews were able to determine the device was not real, but a simulated explosive. As police continued to investigate the incident it was discovered he had earlier in the day entered a Chase Bank near Cotton Lane and Bell Road with the device, and left without making any transaction. The spokesman said police also found the suspect with a handwritten note stating that he had an explosive device. Source: http://www.abc15.com/content/news/westvalley/surprise/story/PD-Man-tries-to-rob-Surprise-bank-using-fake/NOk2hNTJvU2MeFo6cX127A.cspx


16. January 28, Fairbanks Daily News Miner – (Alaska) Security breach may affect 77,000 public employees, retirees in Alaska, raising threat of identity theft. The Alaska attorney general announced on January 28 that the State of Alaska has reached a settlement with PricewaterhouseCoopers LLP to provide credit protection for about 77,000 former and current public employees whose names and confidential information were misplaced by the professional services firm. The lost personal information is for the public employees and retirees who were participants in the Public Employees Retirement System and the Teachers Retirement System in 2003-2004. “In this settlement, PricewaterhouseCoopers has accepted responsibility for this security failure,” the attorney general said. ”Most importantly, the firm has agreed to protect Alaskans by paying for identity theft protection and credit-monitoring, or a security freeze, for each of the 77,000 Alaskans who are potentially affected by this failure and by ensuring that Alaskans are reimbursed for losses that they might incur as a result of ID theft caused by this breach.” The attorney general also noted that other provisions of the settlement protect the state’s finances by, for example, requiring PricewaterhouseCoopers to pay for up to $100,000 of the cost of notifying affected individuals. Source: http://newsminer.com/pages/full_story/push?blog-entry-Security+breach+may+affect+77-000+Alaskans%20&id=5689968&instance=blogs_editors_desk


For another story, see item 37 below in the Information Technology Sector


Information Technology


36. January 29, Network World – (International) Stolen Twitter accounts can fetch $1,000. According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars. Since 2005, the bad guys have been developing new data-stealing malware that is now a growing problem on the Internet. Some of these programs look for banking passwords, others hunt for on-line gaming credentials. But the fastest-growing data stealers are generic spying programs that try to steal as much information as possible from their victims, said a Kaspersky researcher, speaking at a press event on January 29. In 2009, Kaspersky identified about 70,000 of these programs — twice as many as the year before, and close to three times the number of banking password stealing programs. They are popular because criminals are starting to realize that they can do better than simply swiping credit card numbers. The researcher has seen Gmail accounts for sale on Russian hacker forums, (asking price 2,500 roubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered. Asking prices can vary greatly, depending on the name of the account and the number of followers, but attackers are looking for an initial, trusted, stepping stone from which to send malicious Twitter messages and, ideally, infect more machines. Source: http://www.networkworld.com/news/2010/012910-stolen-twitter-accounts-can-fetch.html?hpg1=bn


37. January 29, The Register – (International) CIA, PayPal under bizarre SSL assault. The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that is bombarding their websites with millions of compute-intensive requests. The "massive" flood of requests is made over the websites' SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo. "What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses," a Shadowserver researcher wrote. "This might be a big deal if you're used to only getting a few hundred or thousands of hits a day or you don't have unlimited bandwidth." Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org. It is not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect, and then repeat the cycle. They do not request any resources from the Web site or do anything else. "We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either," he wrote. Security mavens are not sure what targeted sites can do to thwart the attacks. Changing IP addresses may provide a temporary reprieve. Source: http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/


38. January 29, SC Magazine – (International) Warnings made of application bug in new Facebook dashboard, as SEO poisoning causes concern after 'unnamed app' reports by users. A week of fresh bugs in Facebook has ended with a warning about a privacy oversight in the new Facebook dashboard. Blog site allfacebook.com has reported that users can view the latest applications that their friends have been using whether or not they want you to. It said that while Facebook will ‘probably' resolve this issue before launch, beta games and applications dashboards are visible to everybody. A developer told the site: “I may not want my boss to know that I'm playing games during work hours. Or I may not want my friends knowing that I ran the ‘How Perverted are You?' application.” A blogger reported that hundreds of people were continuing to post status updates about the issue and while users are claiming that it is spyware, Facebook has reported that it is a bug which should not damage your account or computer in any way. Source: http://www.scmagazineuk.com/warnings-made-of-application-bug-in-new-facebook-dashboard-as-seo-poisoning-causes-concern-after-unnamed-app-reports-by-users/article/162631/


39. January 29, The Register – (International) Experts fret over iPad security risks. Apple's much hyped iPad tablet may come tightly locked down but the device is still likely to be affected by many of the security issues that affect the iPhone, as well as some of its own. Security experts polled by The Register were concerned about a variety of risks, in particular phishing attacks and browser exploits. The senior technology consultant at Sophos commented: "The iPad, from the sound of things, will be as locked down as the iPhone. Hackers will no doubt try to jailbreak it. But the main threat would be phishing and browser exploits." Malware related risks may also trouble the iPad. The only risks to affect the iPhone to date have relied on a very small but well publicised number of threats that exploited default passwords and open SSH shells on jailbroken iPhones. However, while the iPad uses the same OS as the iPhone, it is more powerful; that means attacks based on doctored PDF files may potentially become a risk, explained a technical director of PandaLabs. Source: http://www.theregister.co.uk/2010/01/29/ipad_security/


40. January 28, Network World – (International) Phishing scam targets users of Adobe PDF Reader. A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes today, and the real Adobe urged any recipients to simply delete it. The phishing scam has a subject line "download and upgrade Adobe PDF Reader – Writer for Windows," includes a fake version of Adobe's logo and provides links that would lead to malicious code or other trouble if a victim clicked on them. The e-mail appears to come from Adobe newsletter@pdf-adobe.org, which is part of the scam. "It has come to Adobe's attention that e-mail messages purporting to offer a download of the Adobe Reader have been sent by entities claiming to be Adobe," the company said in a statement warning about it. "Many of these e-mails are signed as 'Adobe PDF' (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these e-mails are phishing scams and have not been sent by Adobe or on Adobe's behalf." Source: http://www.networkworld.com/news/2010/012810-phishing-scam-adobe.html


Communications Sector

41. January 29, IDG News Services – (National) FBI arrests alleged cable modem hacker. U.S. federal authorities arrested a 26-year-old man on January 28 for allegedly selling modified cable modems that enabled free Internet access, according to the U.S. Department of Justice. The suspect, of New Bedford, Massachusetts, is charged with one count of conspiracy and one count of wire fraud. If convicted, he could face up to 20 years in prison for each charge, and a $250,000 fine. He allegedly ran a now-defunct Web site called Massmodz.com, where hacked modems were sold. The modems had been modified in order to spoof the device's MAC (Media Access Control) address. It is possible then to either obtain free Internet access or make it appear that a different modem is obtaining access. Authorities alleged that the suspect sold two of the modified modems to an undercover FBI agent. He also allegedly posted to YouTube showing how to get free Internet access through modified cable modems. Source: http://www.computerworld.com/s/article/9149980/FBI_arrests_alleged_cable_modem_hacker


42. January 29, Palm Springs Desert Sun – (California) Phone service expected to be restored for 500 in Indio today after weeklong outage. Verizon expects to restore phone and Internet service should be restored to hundreds of Indio customers affected by an outage that began January 21, the company said. A Verizon spokesman said about 500 customers around Jackson Street between avenues 44 and 46 lost landline phone and DSL Internet service during a rainstorm on January 21. He said the outage was caused by a wet cable with cracked insulation. "Some water got inside, and that obviously causes electrical shorts when you have water mixing with electrical signals," he said. "We're replacing that whole section of cable." He said he was not aware of other large outages in the Coachella Valley caused by the storms. He said some smaller cables were similarly affected, but each of those outages only affected a handful of customers for a day or two. Source: http://www.mydesert.com/article/20100129/NEWS01/100129009/0/PREPSPORTS/Phone-service-expected-to-be-restored-for-500-in-Indio-today-after-weeklong-outage


43. January 29, CNET News – (National) T-Mobile data issues hit Nexus One owners. Nexus One owners are complaining of a widespread data outage Friday morning on T-Mobile's network. As with most reports of outages, it is always difficult to get a sense of just how many people are being affected. But Google's customer support forums are full of Nexus One owners reporting that they are unable to access the data network, and other news outlets are getting tips from their readers that something is amiss. A Google employee confirmed there was some sort of problem with T-Mobile's data network in a forum message: "We're aware of reports with T-Mobile data connections, including the error: 'To connect to the Internet with the device you are using, you'll need a webConnect data plan.' We're currently working with T-Mobile to resolve this issue." A T-Mobile representative did not immediately respond to a request seeking more information on the outage. Source: http://news.cnet.com/8301-30684_3-10444283-265.html


44. January 28, Green Bay Press-Gazette – (Wisconsin) WBAY, WPNE TV channels to be off air in Green Bay because of transmission problems. Channel 2, is experiencing transmission problems, and finding the cause will take six channels off the air starting at 9 a.m. on January 29. “It’s a short or flash-over occurring in the transmission system,” said the Green Bay station's general manager. WBAY is temporarily operating at low power, and viewers in outlying areas who receive its three digital channels may be affected. WPNE-TV, Channel 38, uses the same antenna on Scray’s Hill southeast of the city, so the shutdown will affect its three digital channels. The shutdown may last six hours. The shutdown will affect most cable systems, DirecTV customers and over-the-air viewers. Not all viewers might be affected. WBAY feeds its signal directly to Dish TV and AT&T U-Verse, and the signal probably will remain on those systems, the manager said. The testing won’t be the end of the disruptions. Source: http://www.greenbaypressgazette.com/article/20100128/GPG0101/100128169/1207/GPG01/Transmission-woes-will-take-6-WBAY--WPNE-channels-off-air-Friday


45. January 27, Redwood Times – (California) Emergency preparedness reviews earthquake, storms. The Southern Humboldt Emergency Preparedness Team met at the Garberville Cal Fire station on January 22. The recent earthquake and the series of storms that resulted in slides and road closures were on the minds of the team members. A spokesman of the Shelter Cove Fire Department reported that after the earthquake the Shelter Cove community lost its communication system. A new microwave Verizon installed on the communication tower failed and left the community without cell phone coverage or emergency 911 coverage for two days. A number of elderly people were left without their lifeline alert service. Because these individuals don’t drive and their phones are their only lifeline to the world, the spokesman and other SCFD personnel made the rounds of the lifeline households to make sure that everything was all right. A spokesman of the Southern Humboldt Amateur Radio Club reported that the local 14679 repeater has been off the air. Apparently some wildlife got into the system and caused damage. The 14733 repeater on Grasshopper Peak is available, he said. It has a positive offset, he said, and good coverage of the area from Eureka to Piercy. Source: http://www.redwoodtimes.com/garbervillenews/ci_14278623


For another story, see item 37

Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 29, 2010

Complete DHS Daily Report for January 29, 2010

Daily Report

Top Stories

 According to the Associated Press, Monrovia, California police say a man who barricaded himself in a bank entrance Wednesday and claimed to have a bomb has surrendered in the Los Angeles foothill suburb. Hundreds of people were evacuated from Citizens Business Bank and nearby buildings. (See item 18)


18. January 27, Associated Press – (California) Man who made bomb threat at LA-area bank surrenders. Monrovia police say a man who barricaded himself in a bank entrance and claimed to have a bomb has surrendered in the Los Angeles foothill suburb. The city spokesman says the man walked out and gave himself up on the afternoon of January 27. No bomb was found. Officials say hundreds of people were evacuated from Citizens Business Bank and nearby buildings after the man shoved a note under the closed door at around 10 a.m. claiming he had a bomb. The spokesman says the bank staff refused to open the bank door but the man barricaded himself in the foyer. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-bank-threat,0,4516737.story


 The Associated Press reports that federal officials are investigating an explosive device that was set off Thursday morning on train tracks near the James Madison University campus in Harrisonburg, Virginia. (See item 23)


23. January 28, Associated Press – (Virginia) Explosive device set off on Virginia train tracks, feds say. Federal officials say they are investigating an explosive device that was set off on train tracks near a college campus in Harrisonburg, Virginia. A spokesman for the Bureau of Alcohol, Tobacco, Firearms and Explosives said local residents reported hearing a boom about 6:30 a.m. Thursday. He said local police have investigated and determined there was an explosive device on train tracks near the campus of James Madison University at Cheapeake Street and Cantrell Avenue. He said there were no injuries and terrorism is not suspected. He said ATF and the Harrisonburg police department have launched a criminal investigation. He said ATF has sent seven people to the scene, including two explosives experts. Source: http://www.foxnews.com/story/0,2933,584155,00.html


Details

Banking and Finance Sector

15. January 28, WSAU 99.9 Rudolph – (Wisconsin) Credit card scam. There are reports of credit card scam in the Wausau, Wisconsin, area. Several people have received phone calls from people claiming to be from their bank, saying their credit card has been deactivated because of suspected fraud. The person asks for the card number and PIN over the telephone to fix the problem. Co-Vantage Credit Union says several of their members have received similar calls. Banks and credit card companies do not ask for PIN numbers over the phone. People who receive these calls should hang up and call police and their financial institution. Source: http://new.wsau.com/news/articles/2010/jan/28/credit-card-scam/


16. January 28, Bank Info Security – (National) Fed bank offers report on lessons learned from Heartland data breach. The Payment Cards Center of the Federal Reserve Bank (FRB) of Philadelphia has published “Heartland Payment Systems: Lessons Learned from a Data Breach,” a discussion paper on the Heartland Payment Systems breach. The paper is a summation of a workshop held in August 2009 at the Philadelphia FRB, where the CEO of Heartland led a discussion of the events surrounding the breach and lessons learned as a result. Heartland Payment Systems announced on January 20, 2009 that it had been the victim of what is now thought to be the largest breach of card data, an estimated 130 million payment cards taken by hackers over a six-month period. In his presentation, the CEO shared details of the breach and what actions the company and industry are taking. Joining the CEO in the workshop was the former director of the Payment Cards Center, who now is a senior payments advisor to Heartland. They outlined Heartland’s post-breach efforts, which are directed to improving information sharing and data security within the consumer payments industry. The CEO introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization and chip technology. Source: http://www.bankinfosecurity.com/articles.php?art_id=2125


17. January 28, eSecurity Planet – (International) Starwood a victim of credit card fraud. Hotel chain Starwood has warned that anyone who stayed at its hotels in Germany may have been a victim of credit card fraud. “The New York-based company owns chains such as Sheraton, Westin, and Le Méridien, and believes that some customers who carry ‘Miles and More’ cards — a frequent flyer partnership between Lufthansa and Deutsche Kreditbank (DKB) — may have been the victim of illegal charges during their stays, daily Financial Times Deutschland reported,” according to The Local. “The problem may be the result of electronic failures similar to the glitch that caused banks in Germany and Spain to recall some 250,000 bank cards between July and November of 2009,” the article states. Source: http://www.esecurityplanet.com/headlines/article.php/3861286/Starwood-a-Victim-of-Credit-Card-Fraud.htm


18. January 27, Associated Press – (California) Man who made bomb threat at LA-area bank surrenders. Monrovia police say a man who barricaded himself in a bank entrance and claimed to have a bomb has surrendered in the Los Angeles foothill suburb. The city spokesman says the man walked out and gave himself up on the afternoon of January 27. No bomb was found. Officials say hundreds of people were evacuated from Citizens Business Bank and nearby buildings after the man shoved a note under the closed door at around 10 a.m. claiming he had a bomb. The spokesman says the bank staff refused to open the bank door but the man barricaded himself in the foyer. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-bank-threat,0,4516737.story


19. January 27, DarkReading – (National) Identity thieves successfully targeting wealthy victims, study says. According to a study issued on January 27 by Experian, a company that does both identity fraud protection services and marketing demographics services, the most likely victims of identity fraud are those with the most money. The study — which was created using Experian’s unlikely combination of identity fraud incidence statistics with basic consumer demographics — indicates that identity thieves are successfully targeting the wealthy and affluent, regardless of the systems and software they use. According to Experian, consumers in the “Affluent Suburbia” category — the wealthiest of the company’s 12 demographic categories - are 43 percent more likely to fall victim to identity fraud as the average credit applicant. Experia describes Affluent Suburbia as “the wealthiest households in the U.S., living in exclusive suburban neighborhoods and enjoying the best everything has to offer.” Individuals in the “Upscale America” category are 22 percent more likely to fall prey to identity fraud than the average credit applicant, Experian says. Upscale America is defined as “college-educated couples and families living in metropolitan sprawl, earning upscale incomes that provide them with large homes and very comfortable, active lifestyles.” The study offers a different perspective on identity fraud than more technical studies, which suggest that the most likely victims of identity fraud are those who don’t deploy security software or are ignorant of best practices. Source: http://www.darkreading.com/securityservices/security/privacy/showArticle.jhtml?articleID=222600185


20. January 27, WTAE 4 Pittsburgh – (Pennsylvania) ATM hacked into at Forest Hills PNC bank. Some customers of a PNC bank ATM located in Forest Hills have been the victims of a skimmer. A Pittsburgh couple discovered $1,400 missing. The couple said they completed a fraud complaint with the bank and was expected to get the money back in a few days. PNC is warning their customers and ATM users to look for signs of tampering on the machines before use. Users are also to check their statements monthly and report any activity they see as suspicious. Source: http://www.thepittsburghchannel.com/allegheny/22360755/detail.html


For another story, see item 48 below in the Information Technology Sector


Information Technology


48. January 28, Network World – (International) DDoS attacks, network hacks rampant in oil and gas industry, other infrastructure sectors. Massive denial-of-service (DoS) attacks and “stealthy infiltration” of corporate networks by attackers is a common experience for companies in critical infrastructure sectors, including financial services, energy, water, transportation and telecom, according to a new survey. Extortion schemes related to distributed DoS attacks are also rampant, especially in some parts of the world, according to the survey. The report, titled “In the Crossfire — Critical Infrastructure in the Age of Cyber-War,” was prepared by the Washington, D.C. policy think tank Center for Strategic and International Studies (CSIS). CSIS asked 600 IT and security professionals across seven industry sectors in 14 countries about their practices, attitudes about security, and the security measures they employ. A little more than half of the respondents (54 percent) said they had experienced “large-scale denial of service attacks by high-level adversary like organized crime, terrorists or nation-state (for example, like in Estonia and Georgia).” The same proportion, according to the report, also said their networks had been subject to “stealthy infiltration,” such as by a spy ring using targeted malware attacks to allow hackers “to infiltrate, control and download large amounts of data from computer networks belonging to non-profits, government departments and international organizations in dozens of countries.” The oil and gas sector faces the highest rates of victimization, according to the CSIS survey. Overall, 71 percent of respondents in the oil-and-gas industry reported stealthy-infiltration, compared with 54 percent of respondents in other sectors. The CSIS survey also found distributed DoS attacks were “particularly severe” in the energy/power and water/sewage sectors, where attacks were usually aimed at computer-based operational control systems, like SCADA. Source: http://www.networkworld.com/news/2010/012710-ddos-oil-gas.html?hpg1=bn


49. January 27, DarkReading – (International) Anatomy of a targeted, persistent attack. A new report published on January 27 sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks — including the recent ones on Google, Adobe, and other companies — almost always are successful and undetectable until it’s too late. The so-called advanced persistent threat (APT) attack model and case studies outlined in the report from forensics firm Mandiant are based on real-world attacks Mandiant has probed during the past seven years in the government and private industries. Though the report describes the brand of attack that hit Google, Adobe, and 20 to 30 other organizations, Mandiant would not comment on whether its forensics experts are involved in the so-called Aurora attack that allegedly came out of China. Most of the APT attack cases that Mandiant has worked on for the past few years have had ties to China: “The vast majority of APT activity observed by MANDIANT has been linked to China,” the report says. And existing security tools are no match for these attacks — only 24 percent of the malware used in the attacks Mandiant has investigated were detected by security software, the report says. Source: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=222600139&subSection=Attacks/breaches


50. January 27, The Register – (International) IE Windows vuln coughs up local files. If a anyone uses any version of Internet Explorer (IE) to surf Twitter or other Web 2.0 sites, a security consultant at Core Security can probably read the entire contents of the primary hard drive. The security consultant said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies — even empty hashes of passwords. This is not the first time security researchers at Core have identified security weaknesses in IE. The company issued this advisory in 2008 and this one in 2009, each identifying specific links in the chain that could potentially be abused by an attacker. The security consultant said he has fully briefed Microsoft on his latest attack, which he plans to demonstrate at next month’s Black Hat security conference in Washington, DC. Microsoft’s “rapid response team” did not reply to an email, but a statement sent to other news outlets said the company is investigating the vulnerability and is not aware of it being exploited in the wild. The hole is difficult to close because the attack exploits an array of features IE users have come to rely on to make web application work seamlessly. Simply removing the features could neuter functions such as online file sharing and active scripting, underscoring the age-old tradeoff between a system’s functionality and its security. Source: http://www.theregister.co.uk/2010/01/27/ie_file_disclosure_attack/


51. January 26, V3.co.uk – (International) Google updates Chrome with 1,500 new features. Google has released an update to its Chrome browser, promising improved security and more than 1,500 new features. The browser is now much more stable, according to the search giant, and is a whopping 400 times quicker than when first released. “We are excited to usher in the new year with a bundle of browser goodness for the stable version of Google Chrome,” said a product manager for Chrome, in a blog post. The extension tool lets users choose the applications they want to install, and helps manage how they are used. This may be particularly useful when it comes to navigating through the 1,500 new features. Bookmark Sync, a tool that lets users migrate bookmarks to another machine, has come out of beta, while web developers will see a number of new HTML5 APIs, including LocalStorage, Database API, WebSockets, and others. The new features relate only to the Windows release so far, but users of other systems will get the updates soon, according to the manager. Source: http://www.v3.co.uk/v3/news/2256780/google-updates-chrome


Communications Sector

52. January 27, WTEN 10 Albany – (New York) Verizon employees evacuate man hole just before a small explosion. The tree that fell on a power line in Amsterdam, New York, on January 25 is still causing problems. According to a fire chief at 9:30 a.m. on January 27 two Verizon workers were checking a junction box 10 feet underground in a man hole located on East Main Street just off of Vrooman Avenue. The two men saw that the air monitor alert system located next to the box was at a level indicating toxic gas or explosion possible. The two men quickly evacuated the man hole just before the box sustained a small explosion and fire. The fire chief says that’s when the fire department was called in, but the chief says they could only monitor the fire as it burned because the Amsterdam Fire Department does not own any “confined space rescue equipment.” The chief called the New York State Office for Fire Prevention and Control who responded with the special equipment and two trained engineers. Amsterdam Fire assisted and the area was cleared at 12:16 pm. The chief says there were no injuries as a result of the incident. Source: http://www.wten.com/Global/story.asp?S=11890628


53. January 27, Associated Press – (Washington) Vandals cut fiber optic cables to Selah. The Yakima County sheriff’s office says vandals cut fiber optic cables that carry phone, TV and Internet service to Selah, Washington. The damage was reported early on January 27 by Charter Communications. Repair crews found two cables cut at the railroad trestle that crosses the Naches River between Yakima and Selah. Source: http://seattletimes.nwsource.com/html/localnews/2010903931_apwafiberopticvandals.html


For another story, see item 48 above in the Information Technology Sector