Department of Homeland Security Daily Open Source Infrastructure Report

Friday, February 26, 2010

Complete DHS Daily Report for February 26, 2010

Daily Report

Top Stories

 The Washington Post reported that the Washington Metro’s decision to mix different types of signaling equipment against strong warnings from the manufacturer could have caused the June 22 Red Line crash that killed nine people, a senior company engineer testified before a federal panel on February 24. (See item 17)


17. February 25, Washington Post – (District of Columbia) Parts manufacturer says it warned Metro about mixing signaling equipment. Metro’s decision to mix different types of signaling equipment against strong warnings from the manufacturer could have caused the June 22 Red Line crash that killed nine people, a senior company engineer testified before a federal panel on Wednesday. The site safety officer of Alstom Signaling, said at a National Transportation and Safety Board hearing that the combination of other manufacturers’ components with Alstom equipment just five days before the crash was at the heart of the failure of the train detection system. The previously undisclosed analysis by Alstom offers a new clue into what could have led to the Red Line crash. “ALSTOM believes that the use of third-party components presents, . . . not only a customer quality issue, but also constitutes a serious and increasing risk to overall signaling system safety,” Alstom said in a Sept. 7, 2004, letter that the safety officer said was distributed to all of its customers, including Metro and its then-assistant chief engineer, who retired February 1. In addition, the safety officer said an Alstom employee gave a Metro engineer an oral warning about the risks of mixing different manufacturer equipment during discussions over a bulletin issued on the topic in October 2006. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/24/AR2010022403006.html?wprss=rss_metro


 IDG News Service reports that on February 24 Microsoft, with the help of a U.S. federal judge, has struck a blow against one of the Internet’s worst sources of spam: the notorious Waledac botnet. Microsoft said it had been granted a court order that will cut off 277 .com domains associated with the botnet. (See item 45 in the Information Technology Sector below)


Details

Banking and Finance Sector

12. February 25, Miami Herald – (Florida) Mortgage fraud task force comes to Miami. The Financial Fraud Enforcement Task Force kicked off the first of its mortgage-fraud summits on February 24 in the epicenter of the nation’s mortgage-fraud crisis and pledged to begin finding solutions. The interagency task force — established last November by the U.S. President to combat financial crime — is a team of federal, state and local law enforcement agencies, financial regulators, and inspectors general dedicated to curbing mortgage fraud, predatory lending, and other financial crimes. There are 23 task forces and 67 mortgage-fraud working groups throughout the country. According to Fannie Mae, Florida ranked No. 1 in loan-origination fraud in 2008 and 2009. South Florida is ranked first in the nation for the number of residents named in mortgage fraud-related suspicious activity reports, called SARs, filed by financial institutions, according to the U.S. Financial Crimes Enforcement Network. Source: http://www.miamiherald.com/2010/02/25/1498709/task-force-comes-to-fraud-hotbed.html


13. February 24, The Register – (Massachusetts) 3 Bulgarians charged in 44-day ATM hacking spree. Three Bulgarian men were charged on February 24 with defrauding banks of more than $137,000 in a scheme that attached electronic skimming devices to numerous automatic teller machines in Massachusetts. In the 44-day hacking spree, the men planted skimmers on ATMs maintained by Bank of America and Citizens Bank and secretly recorded information stored on the magnetic strips of cards as they were being used. The men also allegedly used concealed cameras to record the corresponding personal identification numbers. The men compromised “numerous” ATMs throughout eastern Massachusetts and stole more than $120,000, according to a press release issued by federal prosecutors in Boston. Court documents filed in the case said proceeds from the alleged crime were $137,724. The three were each charged with using counterfeit ATM cards, bank fraud, and aggravated identity theft. Two of the suspects were also charged with possession of device-making equipment. Source: http://www.theregister.co.uk/2010/02/24/atm_skimming_charges/


14. February 24, DarkReading – (National) FTC issues report of 2009 top consumer complaints. The Federal Trade Commission released a report on February 24 listing top complaints consumers filed with the agency in 2009. It shows that while identity theft remains the top complaint category, identity theft complaints declined 5 percentage points from 2008. The FTC is releasing a new animated video showing how people can file a complaint, and offers examples of what complaints the FTC handles. The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted. Source: http://www.darkreading.com/security/client/showArticle.jhtml?articleID=223100659&subSection=End+user/client+security


15. February 24, Storefront Backtalk – (Alabama) Secret Service investigating debit-only breach of an Alabama Dairy Queen. For the mysterious data breach crime folder, the U.S. Secret Service is investigating a series of payment card thefts—originating at an Alabama Dairy Queen—that has only been impacting debit cards. The Hanceville, Georgia, police department’s captain is quoted in a local newspaper saying: “At that location, somebody has apparently tapped into the Internet server and hacked into the debit card system, and they’re printing out the customers’ debit card numbers and using them all over California and Georgia.” This is a disturbing trend, as retailers see debit card approaches as a way to try and reduce interchange costs. It’s even more frightening when factoring in that debit cards are more likely to suffer a processing glitch—as Best Buy and Macy’s discovered last year–than credit cards and that consumers impacted by a debit card data breach are far more exposed than they would have been had they used a credit card. Source: http://www.storefrontbacktalk.com/securityfraud/secret-service-investigating-debit-only-breach-of-an-alabama-dairy-queen


16. February 23, Federal Bureau of Investigation – (Illinois) FBI searches for ‘ESPN Bandit’. The special agent-in-charge of the Chicago office of the Federal Bureau of Investigation (FBI), is asking for the public’s help in identifying the individual who is believed responsible for the armed robbery of at least four (4) Chicago area banks and the attempted robbery of a fifth, dating to December of last year. The most recent theft occurred on February 22, when a Fifth Third Bank branch, in Chicago, was robbed of an undisclosed amount of money. As he has done in prior thefts, the robber entered the bank and approached a teller. He then handed her a manila colored envelope which contained a type written demand note. The note claimed that the robber was armed and threatened the teller with harm if his demands were not met. After obtaining money from the teller, the robber fled the bank on foot, disappearing into the passing crowd. Prior to the February 22 robbery, the “ESPN Bandit” last struck on January 13 of this year, when he robbed two banks and attempted the robbery of a third. The fourth theft this individual is suspected of committing is the December 10, 2009 robbery of the TCF Bank branch, in Melrose Park, Illinois. Source: http://www.enewspf.com/index.php?option=com_content&view=article&id=14059:fbi-searches-for-espn-bandit&catid=88888909&Itemid=88888905


Information Technology


44. February 25, SC Magazine – (International) Microsoft operating system vulnerability claims refuted. Claims made of a major vulnerability in the Microsoft Windows operating system have been refuted. The head of PCI at ProCheckUp Labs claimed that the findings by 2X Software, revealed exclusively by SC Magazine on February 24, were a ‘little sensationalist’. On February 24, 2X Software said that with a simple piece of code, an operating system from Windows 7/Server 2008 versions to Windows 2000/Server 2003 could be crashed with malicious applications installed. However the head of PCI refuted this, saying that the claims indicate that code needs to be run for the vulnerability to be exploited, so an attacker cannot just send some malicious traffic to a Microsoft server and crash it. Source: http://www.scmagazineuk.com/microsoft-operating-system-vulnerability-claims-refuted/article/164469/


45. February 25, IDG News Service – (International) Court order helps Microsoft tear down Waledac botnet. With the help of a U.S. federal judge, Microsoft has struck a blow against one of the Internet’s worst sources of spam: the notorious Waledac botnet. Microsoft said on February 24 that it had been granted a court order that will cut off 277 .com domains associated with the botnet. This will effectively knock the brains of Waledac off the Internet, by removing the command-and-control servers that criminals use to send commands to hundreds of thousands of infected machines. Thought to be used by Eastern European spammers, Waledac has been a major source of computer infections and spam over the past year. Microsoft believes the botnet can send over 1.5 billion [b] spam messages daily. In a lawsuit against the unknown spammers behind Waledac, filed Monday with the U.S. District Court of Eastern Virginia, Microsoft argues that Verisign, which manages the .com domain, is a choke-point for the botnet. The court has apparently ordered Verisign to remove the botnet’s command-and-control domains from the Internet. Source: http://www.networkworld.com/news/2010/022510-court-order-helps-microsoft-tear.html?hpg1=bn


46. February 25, The Register – (International) Microsoft’s wiretap guide goes online, security site goes offline. Long-established privacy and cryptology website Cryptome.org was pulled offline on February 24 after Microsoft launched a legal offensive over its publication of Redmond’s guide to internet wiretapping. Microsoft’s Global Criminal Compliance Handbook, a 22 page booklet designed solely for police and intelligence services, provides an overview of Microsoft’s online services, what information it collects on users and how long it keeps it. The guide also explains how to serve warrants and how to make sense of the records it stores to understand, for example, when and to who a Hotmail user sent an email. Redmond’s lawyers used the Digital Millennium Copyright Act (DMCA) in an attempt to force Cryptome to pull the guide, a request it refused, before going to hosting provider Network Solutions. The firm not only complied with this order but went one step further by placing a lock on the Cryptome.org domain to keep the site down. Cryptome, which began way back in 1996 and serves as an outlet for whistleblowers, previously got into hot water for publishing Microsoft’s point-and-click “computer forensics for cops” COFFEE tool back in November. Source: http://www.theregister.co.uk/2010/02/25/cryptome_dmca_takedown/


47. February 25, SC Magazine – (International) Phishing campaigns step up with hits on Twitter and Fotolog this week. Warnings have been made about a worm that spreads through the photo sharing website Fotolog. The worm, detected as FTLog.A by PandaLabs, spreads through the photo-blogging site by inserting a comment in the targeted user’s page prompting them to click a link, supposedly pointing to a video. If the user clicks the link, the system will ask for permission to download the worm, which is disguised as a DivX video codec. Once installed, FTLog.A redirects the browser to a site with explicit content and a web page that asks users for their data in order to claim a (false) prize. If the user clicks ‘Get Free Access’ a setup.exe file is downloaded which, once run, installs the Media Pass plug-in. This also changes the browser home page and injects code into the browser to display pop-up ads, disrupting the user’s browsing experience. Source: http://www.scmagazineuk.com/phishing-campaigns-step-up-with-hits-on-twitter-and-fotolog-this-week/article/164465


48. February 24, V3.co.uk – (International) Malware levels remain steady in 2009. A new report from security firm Kaspersky Lab suggests that there has been little growth in the number of new malware samples over the past year. The company reported that roughly 15 million new malware samples were found during 2009, a rate of about 30,000 a day which is “virtually the same” as the 2008 level. While the growth of new threats leveled off, Kaspersky said that the malware that did emerge was more sophisticated and widespread. The company noted that nine pieces of malware were able to infect more than a million systems in 2009, while sophisticated programs such as polymorphic worms became more common. Kaspersky also reported that web-based fraud schemes, such as fake anti-virus software, boomed in 2009 and netted some $150m (£97m) in profits. Much of the focus this year is expected to shift from PC-based malware to attacks on web services and new devices. Source: http://www.v3.co.uk/v3/news/2258418/malware-levels-stay-flat


49. February 24, MIS Asia – (International) Cyber attacks frequent on Asia Pacific enterprises. Three quarters of Asia Pacific enterprises — and two thirds of businesses in Singapore - have experienced cyber attacks in the past 12 months, according to new global research. The 2010 Symantec State of Enterprise Security Study, released today, found that 38 percent of Asia Pacific enterprises, and 67 percent in Singapore, rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined. Initiatives that IT executives rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualisation, endpoint virtualisation, and software-as-a-service. The study involved surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January this year, including 850 respondents from the Asia Pacific and 100 from Singapore. Source: http://www.networkworld.com/news/2010/022410-cyber-attacks-frequent-on-asia.html?hpg1=bn


50. February 24, ComputerWorld – (International) Baidu: Registrar ‘incredibly’ changed our e-mail for hacker. A hacker who took down top Chinese search engine Baidu.com last month broke into its account with a U.S. domain name registrar by pretending to be from Baidu in an online chat with the registrar’s tech help, according to a lawsuit filed by Baidu. Support staff at the registrar, Register.com, then refused to aid Baidu when first contacted about Baidu.com redirecting users to a Web page that declared, “This site has been hacked by the Iranian Cyber Army,” the Baidu complaint alleges. The complaint was filed last month in U.S. District Court for the Southern District of New York, but the court only recently released an unredacted copy of the complaint. The complaint says Baidu’s service was disrupted for five hours by the hack and seeks millions of dollars allegedly lost in revenue and other costs. Source: http://www.computerworld.com/s/article/9162118/Baidu_Registrar_incredibly_changed_our_e_mail_for_hacker


51. January 22, U.S. Government Accountability Office – (International) Border security: Better usage of electronic passport security features could improve fraud detection. The Department of State has developed a comprehensive set of controls to govern the operation and management of a system to generate and write a security feature called a digital signature on the chip of each e-passport it issues. When verified, digital signatures can help provide reasonable assurance that data placed on the chip by State have not been altered or forged. However, DHS does not have the capability to fully verify the digital signatures because it has not deployed e passport readers to all of its ports of entry and it has not implemented the system functionality necessary to perform the verification. Because the value of security features depends not only on their solid design, but also on an inspection process that uses them, the additional security against forgery and counterfeiting that could be provided by the inclusion of computer chips on e passports issued by the United States and foreign countries, including those participating in the visa waiver program, is not fully realized. Protections designed into the U.S. e-passport computer chip limit the risks of malicious code being resident on the chip, a necessary precondition for a malicious code attack to occur from the chip against computer systems that read them. GPO and State have taken additional actions to decrease the likelihood that malicious code could be introduced onto the chip. Source: http://www.gao.gov/htext/d1096.html


Communications Sector

52. February 24, Mobiledia – (National) FCC wants TV airwaves for wireless broadband. Federal regulators are hoping to get more wireless spectrum for advanced mobile services by offering to pay television broadcasters — including NBC, CBS, Fox and ABC — to give up their rights to airwaves worth an estimated $50 billion. As part of a proposal, called the “National Broadband Plan,” existing spectrum holders would be paid to give up their licenses for government auctions, in addition to receiving a portion of the airwave proceeds raised by selling the to rights wireless carriers. The plan would free up 500 megahertz of airwaves, more than doubling the existing spectrum available for wireless carriers, who have demanded more space as their customers increasingly watch videos, check email and update Facebook on high-end smartphones. “The highly valuable spectrum currently allocated for broadcast television is not being used efficiently — indeed, much is not being used at all,” said the Federal Communications Commission’s chairman. Source: http://www.mobiledia.com/news/71411.html

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, February 25, 2010

Complete DHS Daily Report for February 25, 2010

Daily Report

Top Stories

 CNN reports that a gunman wounded two students Tuesday at Deer Creek Middle School in Littleton, Colorado as classes were letting out. A teacher tackled the gunman as he was preparing to fire again. (See item 25)


25. February 24, CNN – (Colorado) School shooting suspect identified. The man suspected of shooting two students at a Littleton, Colorado, middle school has been identified authorities said Wednesday. The suspect, age 32, was arrested after the incident Tuesday at Deer Creek Middle School and is scheduled to appear in court Wednesday morning, according to the Jefferson County Sheriff’s Office. He is facing two counts of attempted first-degree murder, the sheriff’s office said. He is accused of shooting two students as classes were letting out at 3:15 p.m. Tuesday. A 6-foot-5 former college basketball player who is a math teacher and track coach tackled the suspected gunman as he was preparing to fire again, CNN affiliate KMGH reported. “[The shooter] was trying to rack another round,” the teacher told the station. “I knew he couldn’t get another round in before I got to him, so I grabbed him.” Source: http://www.cnn.com/2010/CRIME/02/24/colorado.school.shooting/?hpt=T2


 The Washington Post reports that, for the first time, U.S. officials plan to embed American intelligence agents in Mexican law enforcement units to help pursue drug cartel leaders and their hit men operating in Juarez, according to U.S. and Mexican officials. (See item 33)


33. February 24, Washington Post – (International) U.S. to embed agents in Mexican law enforcement units battling cartels in Juarez. For the first time, U.S. officials plan to embed American intelligence agents in Mexican law enforcement units to help pursue drug cartel leaders and their hit men operating in the most violent city in Mexico, according to U.S. and Mexican officials. The increasingly close partnership between the two countries, born of frustration over the exploding death toll in Ciudad Juarez, would place U.S. agents and analysts in a Mexican command center in this border city to share drug intelligence gathered from informants and intercepted communications. Until recently, U.S. law enforcement agencies have been reluctant to share sensitive intelligence with their Mexican counterparts for fear they were either corrupt or incompetent. And U.S. agents have been wary of operating inside Mexican command centers for fear they would be targeted for execution in the sensational violence and lawlessness in Ciudad Juarez that left more than 2,600 people dead last year. But those attitudes are changing amid strong support from Washington for the Mexican president’s war against the cartels, including a $1.4 billion aid package. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/23/AR2010022305560.html


Details

Banking and Finance Sector

8. February 24, Reading Eagle – (Pennsylvania) Ex-National Penn Bank officer charged in $4.4 million embezzlement scheme. Federal authorities on February 23 charged a former National Penn Bank officer with embezzling more than $4.4 million and using the money to pay off debts and buy property and vehicles. Prosecutors said a former vice president of loan operations created lines of credit using fictitious names and electronically transferred the funds into accounts held by herself and relatives. The 62 year old suspect of Boyertown is charged with one count each of bank fraud, embezzlement by a bank employee and filing a false tax return, a U.S. attorney said. She remains free pending arraignment. The suspect filed a tax return for 2007 that did not include $719,571 in income, prosecutors said. Prosecutors said the suspect, while employed at the Boyertown-based bank, spent much of the money on vehicles, several residences and other items. They said she also transferred hundreds of thousands of dollars to relatives and others. The National Penn senior vice president for corporate communications said in a statement that no customer funds were lost. Source: http://readingeagle.com/article.aspx?id=199051


9. February 24, Miami Herald – (Florida) Suspect charged in string of South Florida bank robberies. A prolific bank robber — who once served almost 10 years in federal prison for a string of heists — is believed to be behind at least eight recent South Florida bank robberies, an FBI spokeswoman confirmed on February 23. Police arrested the 55 year old suspect about noon on February 23 outside a Miami Springs restaurant, the spokesman said. He has been charged with two counts of bank robbery, but more charges could be filed, she said. The suspect, who decades ago was known as “the Joker” bank robber because he would present a note that said, “This is no joke,” was arrested in December 1990. He pleaded guilty in 1991 and served more than eight years in prison, according to the affidavit. By 2010, the suspect’s method of robbing a bank had not changed, authorities said, but his nickname did: the Old Man Bandit. He hit banks — some of the biggest names in the industry including Citibank, Wachovia, HSBC and Bank of America — from Palm Beach Gardens to Pinecrest over the past two years, authorities said. Source: http://www.miamiherald.com/2010/02/24/1496563/no-joke-heist-suspect-charged.html


10. February 23, TechWorld – (International) Virtualized USB key beats keyloggers. Is this the future of online banking? US company IronKey has come up with a USB drive that can be used to access accounts virtually without involving the operating system or applications that cause so many of today’s security problems. Aimed at companies that want to protect corporate bank accounts, Trusted Access for Banking is actually a standard IronKey USB drive that runs a walled or ‘hardened’ Linux virtual environment inside the PC’s OS. It comes complete with its own browser hardwired to access only a particular bank service, and incorporates RSA Secure ID tokens for authentication. According to an IronKey spokesman, the PCs used for corporate bank access were now considered so insecure that companies were being lumbered with impractical remedies such as having to dedicate a specific PC to be used only for bank access. Using IronKey Trusted Access, companies could simply plug the drive into any PC, and without the need for any additional drivers or software, after which the host PC was given a precautionary scan for malware, including specialized banking Trojans such as Zeus. Source: http://www.networkworld.com/news/2010/022310-virtualised-usb-key-beats.html?hpg1=bn


11. February 23, KOKI 23 Tulsa – (National) Tulsa’s “granddad bandit” wanted. He is dubbed the “Granddad Bandit” and the FBI believes he has hit 18 banks in a dozen states, including Midtown Tulsa’s Valley National Bank in December. Now the FBI is launching a campaign to capture him. They have posted wanted pictures of the bandit on Tulsa’s Lamar digital billboards and across the nation. Since April 2009, authorities believe he has been traveling all across the nation. Investigators say he started in Houston, headed east Georgia, then to Alabama, up to the state of New York and down to Florida. The man then headed to Oklahoma to Tulsa’s Valley National Bank in December.The FBI says he has also hit banks in Arkansas, Kansas, Michigan, Mississippi, Tennessee and Virginia. The FBI is offering a $10,000 reward for information that leads to an arrest and conviction in these interstate bank robberies. Source: http://www.fox23.com/news/local/story/Tulsas-Granddad-Bandit-Wanted/aYd3UIbQaEK2P0n_2LmJ1Q.cspx


12. February 22, Associated Press – (California) ‘Blue note’ bandit charged with 14 robberies in OC. An Orange County man has been charged with robbing 14 grocery store bank branches. Prosecutors say the 50-year-old suspect of Laguna Niguel was charged in Superior Court on February 22 with 14 felony counts of robbery. If convicted, he faces 18 years in prison. Because the robber sometimes used blue pieces of paper for demands, the Federal Bureau of Investigation dubbed him the “blue note bandit.” Prosecutors say the suspect carried out the robberies to support a drug habit and pay off major debts. Conviction on all counts would make the suspect Orange County’s most prolific bank robber. Source: http://www.marinij.com/tablehome/ci_14450977


For another story, see item 43 below in Information Technology


Information Technology


38. February 24, V3.co.uk – (International) Intel latest to admit January hacking attack. Intel has become the latest company to admit being targeted for a system intrusion earlier this year. The company said on February 23 in a filing with the US Securities and Exchange Commission that it was the target of an attack early last month around the same time that Google and Adobe were subject to their high-profile attacks. “We regularly face attempts by others to gain unauthorized access through the internet to our IT systems by, for example, masquerading as authorized users or the surreptitious introduction of software,” the company said. Intel said later that, other than the timing, there was nothing to suggest that the incident was related to the attempts to compromise systems at Google and other vendors. Source: http://www.v3.co.uk/v3/news/2258420/intel-latest-claim-january


39. February 24, SC Magazine – (International) Major long-standing flaw revealed in Microsoft Windows operating systems that could be crashed using code. Microsoft Windows operating systems can be crashed just by running simple code. In a major long-standing vulnerability in the Windows operating system, identified by 2X Software, it could affect PCs and servers running anything from the latest Windows 7/Server 2008 versions to Windows 2000/Server 2003. The flaw was discovered by 2X Software’s testing tools that resulted in a blue screen and system reboot. It claimed that the code needed to crash the system is very easy to develop and perfectly legal, with no ‘tricks’ or unusual techniques being required. With just a few lines of code an application can be created that will crash the whole Windows system and the flaw can be easily used inside malicious applications to generate a denial-of-service (DoS) attack. The problem can be easily corrected within the OS code by validating the arguments passed to the API. It said that as the vulnerability appears to have been introduced during the development of the Windows 2000 Operating System (as Windows NT 4.0 is unaffected), it is around ten years old. It is also present on 64-bit versions of the operating system (having tested Windows 2008). Source: http://www.scmagazineuk.com/exclusive-major-long-standing-flaw-revealed-in-microsoft-windows-operating-systems-that-could-be-crashed-using-code/article/164395/


40. February 23, Computerworld – (International) Adobe patches critical bug in Flash, Reader download tool. Adobe on February 23 patched a critical vulnerability in the Windows utility used to download the company’s two most popular products, Adobe Reader and Flash Player. It was the second time in the last six weeks that Adobe fixed a flaw in Download Manager, the program it installs on PCs when customers download Reader or Flash Player. The bug, Adobe acknowledged in an advisory, “potentially allow[s] an attacker to download and install unauthorized software onto a user’s system.” An Israeli security researcher disclosed the vulnerability recently, when he said that attackers could use the Download Manager to forcibly download and install any executable file, including attack code. Download Manager is not the update mechanism for Reader and Flash Player — that’s dubbed Adobe Update Manager — but instead oversees file transfers from Adobe’s site. Although Download Manager is automatically removed from a Windows PC the next time the machine is restarted, the researcher said it still posed a danger because some systems remain powered on for days or even weeks between reboots. Source: http://www.computerworld.com/s/article/9161258/Adobe_patches_critical_bug_in_Flash_Reader_download_tool


41. February 23, CNET News – (International) Experts warn of catastrophe from cyberattacks. Computer-based network attacks are slowly bleeding U.S. businesses of revenue and market advantage, while the government faces the prospect of losing in an all-out cyberwar, experts told Senators in a hearing on February 23. “If the nation went to war today in a cyberwar, we would lose,” said the executive vice president of Booz Allen Hamilton’s national security business and a former director of national security and national intelligence. “We’re the most vulnerable. We’re the most connected. We have the most to lose.” The U.S. will not be able to mitigate the risk from cyberattack until the government gets more actively involved in protecting the nation’s network, which may not occur until after a “catastrophic event” happens, he said in testimony during a hearing of the Senate Committee on Commerce, Science and Transportation. The subject of the hearing was the Cyber Security Act of 2009, which would regulate organizations and companies that provide critical infrastructure for the U.S., require licensing and certification for cybersecurity professionals, and provide funding for grant and scholarship programs. The U.S. House of Representatives passed its version of the Cyber Security Act earlier this month. The bill is necessary and overdue, said a senior fellow at the nonprofit Center for Strategic and International Studies (CSIS). The U.S. is “under attack every day, losing every day vital secrets. We can not wait,” he said. “We need a new framework for cybersecurity and this bill helps provide that.” “A cyberattack would be like being bled to death and not noticing it and that’s kind of what’s happening now,” the senior fellow said when asked to define what a cyber attack is. “The cyberattack is mainly espionage, some crime,” he added, noting as an example an attack in which $9.8 million was extracted from ATMs over a three-day weekend. Source: http://news.cnet.com/8301-27080_3-10458759-245.html


42. February 23, DarkReading – (International) Attack unmasks user behind the browser. A group of researchers have discovered a simple way to reveal the identity of a user based on his interactions with social networks. The ‘deanonymization’ attack uses social network groups as well as some traditional browser history-stealing tactics to narrow down and find the user behind the browser. The researchers were able to deanonymize more than half of the users in their initial test using their attack method, which entailed their joining and crawling groups within social networks, such as Germany’s Xing business social network and Facebook, using a fake profile. They then matched pilfered browsing histories with social-network group members to “fingerprint” and identify them. “Without using the group info, an attack that only uses history stealing is infeasible in a real-world scenario. So, in fact, it is the combination of history-stealing and group information that is novel,” said a post-doctoral researcher with the International Secure Systems Lab of the Vienna University of Technology in Austria, who co-developed the proof-of-concept. Criminals could use this for phishing and targeted attacks. The attack requires only that the victim visit a malicious Website that contains the attack code — there’s no malicious link, per se. Source: http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=223100436


43. February 23, V3.co.uk – (International) VeriSign targets e-retailers with Trust Seal. Web authentication firm VeriSign launched on February 23 a new service designed to offer e-commerce firms that do not need SSL certificates a new way to secure and build greater consumer trust in their sites. VeriSign Trust Seal has been created specifically for companies, usually at the smaller end of the e-commerce market, that do not require the vendor’s SSL service and trust mark because they outsource transactions to a third party. Organizations that buy the service will be able to display VeriSign’s familiar checkmark logo alongside the words ‘VeriSign Trusted’, and will therefore attract customers by showing that they are not a scam or phishing site, the firm said. The service also includes a new site scanning service, offered by a third-party provider, which will let administrators keep sites free from malware and the ‘drive-by download’ attacks such malware can enable. VeriSign claimed that the service could also keep sites from being blacklisted by browsers, search engines and anti-virus software. Source: http://www.v3.co.uk/v3/news/2258411/verisign-launches-trust-service


For more stories, see items 44, 46, and 47 below in the Communications Sector


Communications Sector

44. February 24, The Register – (National) Comcast (finally) brings security extensions to DNS. Comcast - one of the largest ISPs in the US - has deployed new technology designed to protect the internet against a well-known form of attack that allows attackers to surreptitiously lure end users to impostor websites. For now, Comcast users who want to use the technology, known as DNSSEC, or DNS Security Extensions, must manually configure their preference by changing their DNS server’s IP addresses to 75.75.75.75 and 75.75.76.76, Comcast said on February 23. By the end of next year, the ISP plans to make DNSSEC available to all of its customers. The move came as OpenDNS, which operates publicly available domain name system servers for free, criticized DNSSEC and said it was jump starting a competing measure known as DNSCurve. An OpenDNS engineer said it uses much stronger cryptography than DNSSEC and is also much easier to deploy and maintain. A recent survey found that only 20 percent of US government agencies had deployed DNSSEC, despite a December 31 deadline to adopt the standard. The technical imperfections of DNSSEC aside, its uneven adoption is also a major limitation because it is effective only if it is used uniformly across the internet. Source: http://www.theregister.co.uk/2010/02/24/comcast_dnssec/


45. February 24, LR Mobile – (International) New Zealand’s 3G network nightmare. The recent 3G network outages in New Zealand are the stuff of nightmares for carriers and their suppliers, and after yet another network failure on February 23 the mobile woes deepened for Telecom New Zealand Ltd. and its 3G supplier, Alcatel-Lucent. After suffering major outages on its new “XT” 3G network during the past month that have affected some 200,000 customers, the Telecom New Zealand CEO says he has put AlcaLu on notice, according to reports. On February 24, The CEO of Alcatel-Lucent apologized to Telecom New Zealand customers in an interview on Radio New Zealand. “We have to take a responsibility,” he said. “We have way too many issues in the network, and we have to fix them.” The cause of Tuesday’s network failure has not yet been identified. But the outage occurred just days after Telecom New Zealand announced what caused the XT outage at the end of January and the measures it was taking to resolve the network problems. According to the operator’s statement, the January outage was due to “traffic surges in the network overloading the radio network controller in Christchurch. During the outage on 27 January, the traffic surge was caused by thousands of users suddenly re-registering after a separate network routing fault took down some cell sites.” Source: http://www.lightreading.com/document.asp?doc_id=188334&f_src=lightreading_gnews


46. February 24, The Register – (International) Hordes of new threats ahead for mobile networks. Malware on smartphones is just the first in a series of new security threats for mobile networks ushered in by the embrace of internet technologies, according to mobile phone encryption firms. The chief executive of GSMK CryptoPhone warns that criminal gangs are able to steal private information and undermine fair business trading thanks to advances in technology that have made attacks possible on low-cost kit. Years ago such attacks were only possible for intelligence agencies, but have now become feasible as a means of industrial espionage. The first and most ambitious line of attack involves spoofing femtocells to feign that an individual or organization is the user’s mobile network provider, while in fact they are taking over the network traffic. This can be accomplished using cheap hardware and some free open-source software. The second line of attack involves passively intercepting and decrypting mobile network traffic, by exploiting the latest cryptographic advances in breaking GSM’s built-in encryption algorithms. A third line of attack involves remote takeover of mobile devices by using tricks such as BlackBerry Service Book updates, Trojans and SIM Toolkit attacks. Source: http://www.theregister.co.uk/2010/02/24/mobile_network_security_threats/


47. February 23, Network World – (International) Top-rated cell phones also rank high in radiation emissions. An environmental activist group has issued its latest list of popular cell phones that emit comparatively high levels of RF radiation, though all are within federal limits. The press release and full report on new 2010 cell phones by the Environmental Working Group (EWG), based in Washington, D.C., are intended in part to highlight the fact that technology writers and product reviewers rarely evaluate radiation emissions when rating cell phones. The press release singles out four recent, well-reviewed cell phones: Motorola Droid, Blackberry Bold 9700, LG Chocolate Touch and HTC Nexus One by Google. “EWG has found that all four phones’ emissions are pushing the edge of radiofrequency radiation safety limits set by the Federal Communications Commission (FCC),” according to the group’s press release. A separate document, “Cell Phone Radiation Science Review,” charges, among other things, that “Current FCC standards fail to provide an adequate margin of safety for cell phone radiation exposure and lack a meaningful biological basis.” Using the FCC’s data, EWG finds that the four phones (others are listed in the press release) have SAR levels close to the FCC maximum: Droid, 1.50 W/kg; Nexus One, 1.39; Bold 9700, 1.55, and LG Chocolate Touch, 1.46. Source: http://www.computerworld.com/s/article/9161479/Top_rated_cell_phones_also_rank_high_in_radiation_emissions