Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 30, 2010

Complete DHS Daily Report for June 30, 2010

Daily Report

Top Stories

• The FBI has arrested 10 people for allegedly serving for years in the U.S. as secret agents of Russia’s intelligence service, the SVR, with the goal of penetrating U.S. government policymaking circles, the Associated Press reports. (See item 38)

38. June 28, Associated Press – (National) 10 alleged Russian secret agents arrested in U.S. The FBI has arrested 10 people for allegedly serving for years as secret agents of Russia’s intelligence service, the SVR, with the goal of penetrating U.S. government policymaking circles. According to court papers unsealed June 28, the FBI intercepted a message from SVR headquarters, Moscow Center, to two of the defendants describing their main mission as “to search and develop ties in policymaking circles in US.” Intercepted messages showed they were asked to learn about a broad swath of topics including nuclear weapons, U.S. arms control positions, Iran, White House rumors, CIA leadership turnover, the last presidential election, Congress, and the political parties. After a secret multi-year investigation, the Justice Department announced the arrests in a blockbuster spy case that could rival the capture of a famous Soviet spy in 1957 in New York. There was no clue in initial court papers how successful the agents had been, but they were alleged to have been long-term, deep-cover spies, some living as couples. These deep-cover agents are the hardest spies for the FBI to catch because they take civilian jobs with no visible connection to a foreign government; one was a reporter, editor and columnist at a New York Spanish-language newspaper. They are more elusive than spies who operate from government jobs inside Russian embassies and military missions. Source: http://www.google.com/hostednews/ap/article/ALeqM5j_Fmz__pKb-YmXtA5fSYdbz6ptRAD9GKKPFG0

• Oil from the BP spill in the Gulf of Mexico washed ashore at one of the largest tourist beaches in Mississippi June 28, forcing tourists to pack their bags and evacuate the shore, according to Reuters. (See item 57)

57. June 28, Reuters – (Mississippi) Oil washes onto big Mississippi tourist beach. Oil from the BP spill in the Gulf of Mexico washed ashore at one of the largest tourist beaches in Mississippi June 28, forcing tourists to pack their bags and evacuate the shore. Sludgy brown oil, light sheen and tar balls arrived at a series of small towns June 27, the first time oil has hit Mississippi’s mainland. On June 28, the oil reached Biloxi, a major resort city famous for its casinos. One day after state and local officials complained vehemently about nonexistent cleanup efforts, busloads of workers in white plastic haz-mat suits showed up to scoop up the greasy tide and tar balls. In total, 700 boats were at work on the containment effort and the state was pressing for more resources, the Mississippi governor said in a statement. But residents disputed that figure. Rain and thunderstorms churned up the oil on beaches overnight, scattering it and making cleanup more difficult. But local officials said that despite the urgency of the task, they were struggling to mount a bigger effort because of problems in the chain of command. The state has closed additional areas to commercial and recreational fishing and it warned people to stay out of the water off all major tourist beaches. Source: http://www.reuters.com/article/idUSN2860045220100628

Details

Banking and Finance Sector

12. June 29, The Washington Post – (International) European Union, U.S. to share banking data to fight terrorism. The European Union has reached an agreement with the United States that will allow European bank data to continue to be shared for counter-terrorism purposes, but only after liberal members of parliament secured stronger privacy guarantees. Under a five-year agreement signed June 28 by the European Council, the E.U.’s governing body, U.S. officials can request European financial data relevant to a specific terrorist investigation if they substantiate the need for the data. The European Parliament is expected to approve the deal by a comfortable margin when it votes on it next week, lawmakers said. The deal would take effect August 1. Privacy concerns had prompted the European Parliament in February to reject a proposal to extend the information-sharing. But in recent weeks, a bloc of Liberal Democrats pushed for concessions from the European Council and the United States. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/06/28/AR2010062805052.html?wprss=rss_technology


13. June 29, Charleston Post and Courier – (South Carolina) Robber leaves suspected bomb. A man walked into the Summerville, South Carolina BB&T at noon June 28, robbed it and threatened that he left a bomb, authorities said. Over the next 2 and 1/2 hours, members of the Summerville Police Department, state law enforcement division, FBI and the Charleston County Sheriff’s Office Bomb Squad rushed to 904 North Main Street. They evacuated the bank’s staff — all of whom were safe — to a car dealership next door. No bomb was found. But traffic was shut down for two blocks on either side of the bank, which included the portion of North Main Street just in front of his business. The robbery was just another in a string of 11 that occurred this month in the Lowcountry. Five occurred the week of June 21 through 25, and at least 22 robberies have occurred this year. While some arrests have been made, other suspects remain at large. Source: http://www.postandcourier.com/news/2010/jun/29/robber-leaves-suspected-bomb/


14. June 29, Bank Info Security – (National) Red flags: No delay for credit unions. A new agreement to delay ID Theft Red Flags Rule-enforcement for physicians does not impact the current date for state-chartered credit unions. The Federal Trade Commission (FTC) June 25 signed a court-approved agreement to hold off on enforcing the Red Flags Rule for physicians until at least 90 days after an appellate court rules on a case involving enforcement of the rule for attorneys. But according to a FTC spokesperson, this agreement has no bearing on state-chartered credit unions or any other entities, which still face the December 31 enforcement date announced at the end of May. Under the Red Flags Rule, organizations that extend credit to their clients must develop and implement written, identity-theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as “red flags,” that could indicate identity theft. Source: http://www.bankinfosecurity.com/articles.php?art_id=2703


15. June 28, Krebs on Security – (California) e-Banking bandits stole $465,000 from California escrow firm. A California escrow firm has been forced to take out a pricey loan to pay back $465,000 stolen when hackers hijacked the company’s online bank account earlier this year. In March, computer criminals broke into the network of Redondo Beach-based Village View Escrow Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm. The owner said her financial institution — Professional Business Bank of Pasedena, California – normally notified her by e-mail each time a new wire was sent out of the company’s escrow account. But the attackers apparently disabled that feature before initiating the fraudulent wires. The thieves also defeated another anti-fraud measure: A requirement that two employees sign off on any wire request. The owner said that a few days before the theft, she opened an e-mail informing her that a UPS package she had been sent was lost, and urging her to open the attached invoice. Nothing happened when she opened the attached file, so she forwarded it on to her assistant who also tried to view it. The invoice was in fact a Trojan horse program that let the thieves break in and set up shop and plant a password-stealing virus on both the owner’s computer and the PC belonging to her assistant, the second person needed to approve transfers. Source: http://krebsonsecurity.com/2010/06/e-banking-bandits-stole-465000-from-calif-escrow-firm/


16. June 28, Dow Jones Newswires – (Virgin Islands) SEC alleges purported fund manager ran $105 million Ponzi scheme. The Securities and Exchange Commission (SEC) June 28 announced fraud charges and an emergency-asset freeze against a purported fund manager based in the U.S. Virgin Islands who allegedly perpetrated a $105 million Ponzi scheme against investors. The SEC alleges that the suspect, a resident of St. Thomas, used several entities and sales agents to misrepresent to investors that their money would be put in funds that, in turn, would be invested primarily in foreign currency. Investors were falsely told that the suspect’s funds had never lost money and historically produced profitable annual returns that one year reached over 180 percent, according to the SEC. The suspect instead used the funds raised from new investors to pay earlier investors, and misappropriated other funds to pay unrelated business expenses, the SEC said. He allegedly concealed the scheme by issuing phony documents to investors that led them to believe their investments were profiting. The SEC has obtained an emergency court order freezing the assets of of the suspect and his companies. An investigation into the alleged fraud is ongoing. Source: http://www.automatedtrader.net/real-time-dow-jones/1948/us-sec-alleges-purported-fund-manager-ran-105-million-ponzi-scheme


For another story, see item 44 below in the Information Technology Sector


Information Technology


42. June 29, The Register – (International) Developers plug critical PNG graphic bug. Developers have plugged a critical hole in a Portable Network Graphics (PNG) reference library used by many browsers to render graphics file. The 1.2.44 and 1.4.3 updates to the libpng open source reference library address a bug that, left unfixed, created a mechanism for hackers to inject code onto vulnerable systems. Older versions of the PNG format library contained a buffer overflow-style flaw. The bug was discovered by developers at Mozilla. It is unclear which browsers supported the vulnerable library files. Previous problems involving the rendering of PNG files have spawned drive-by download attacks. Source: http://www.theregister.co.uk/2010/06/29/png_graphic_bug_plugged/


43. June 28, ComputerWorld – (International) Social networks leak your information, study says. A new study from Worcester Polytechnic Institute in Massachusetts shows that mobile social networks are giving data about users’ physical locations to tracking sites and other social networking services. Researchers reported that all 20 sites that were studied leaked some kind of private information to third-party tracking sites. The study looked at the practices of 13 mobile, online social networks, including Brightkite, Flickr, Foursquare, Gowalla and Urbanspoon. They also studied seven traditional, online social networks, such as Facebook, LinkedIn, MySpace and Twitter, which allow users to access their sites using mobile devices. The researchers found that in many cases, the data given out contained the user’s unique social networking identifier, which could allow third-party sites to connect the records they keep of users’ browsing behavior with their profiles on social networking sites. Mobile social networks track users’ geographic location by tapping into data on mobile devices. The study noted that only two social networks directly gave location information to the third-party tracking sites, but several use a third-party map service to show the user’s location. The study also reported that six different sites transmit a unique identifier to the user’s mobile phone, enabling third-party sites to continue to track a user’s location even as the phone is used for other applications. Source: http://www.computerworld.com/s/article/9178648/Social_networks_leak_your_information_study_says


44. June 28, The Register – (National) Rancid IE6 ‘more secure’ than Chrome and Opera US bank says. Microsoft’s creaking Internet Explorer 6 (IE 6) is more secure and popular than either Google’s Chrome or Opera U.S. banking giant Chase has determined. The bank therefore decided its online banking services will continue to support the aging IE 6, but will drop support for Chrome and Opera. IE 6 is 9 years old and even Microsoft is now desperately speaking out against the browser, to get individuals and businesses to move on to IE 8. Microsoft’s Australian business unit recently equated using IE 6 to being as risky as drinking — or maybe, eating — a carton of 9-year-old milk as it lacked up-to-date cross-site scripting and anti-malware protection among other defenses. Chase has said it will support later versions of Microsoft’s browser, such as IE 8, that offer greater protection. Also making the cut are Mozilla’s Firefox 2.0 and higher, and version 3.0 and higher of Apple’s Safari on the Mac, but not the PC. Source: http://www.theregister.co.uk/2010/06/28/chase_ie_6_dumps_chrome_opera/


45. June 28, DarkReading – (International) Comodo update on VeriSign’s security vulnerability. Comodo announced June 28 it acknowledges that VeriSign has made some recent fixes to its security issues that were prompted by Comodo, which notified VeriSign through an independent third-party of problems it discovered . On June 23, Comodo provided VeriSign with a second disclosure document on the previously reported vulnerability. VeriSign’s response was to make further corrections with respect to the security issues reported to them. VeriSign acknowledged fixes to their certificate-management portal, including removing some of the features that were publicly assessable and ensuring that the portal is no longer found through methods of search and in Google, and that requests for revoking of certificates are no longer available publicly. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=225701689&subSection=Vulnerabilities+and+threats


46. June 28, DarkReading – (International) The blurred line between business and personal online use. Half of business users worldwide employ their smartphones and other Web applications for both work and personal use, mixing data from the two worlds freely. And most have purchased at least one device on their own for use at work, according to a new report. IDC’s new “Consumerization of IT” report, which was commissioned by Unisys, demonstrates how IT organizations are not keeping up with the adoption of new technologies. The report — which was researched in two parts, with a survey of 2,820 telecommuters in 10 countries and a survey of 650 IT decisionmakers from around the world — found that consumer devices, such as smartphones, and social networking and similar applications are blurring the lines between business and personal technology usage. IDC found that while 73 percent of IT executives said their enterprise networks are “very secure,” more than 40 percent of employees said they use instant messaging and texting for business purposes, and nearly 25 percent use blogs and professional online communities for work. Workers said they use an average of four consumer devices and various third-party applications, including social networking sites, during the workday. While IDC said the number of workers using smartphones in their jobs will double through 2014, less than half of enterprises said they let workers access enterprise apps via their smartphones today. Source: http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=225701662&subSection=End+user/client+security


47. June 28, The New New Internet – (International) 33 South Korean poker scammers booked. Police in South Korea recently arrested 33 hackers who used a DDoS program to cheat online poker players out of 55 million won (South Korean money), roughly $45,265, during a six-month period, according to Korean English-language newspaper JoongAng Daily. The Cyber Terror Response Center in South Korea said the hackers, led by a 30-year-old and a 29-year-old, used a DDoS attack to infect 11,000 computers across the country. According to police, one offender bought the Netbot Attacker program from a Chinese hacker last year, then sold copies online to others. The hackers then broke into the administrative systems of the PC rooms and installed the virus in their computers to allow them to see the hands of poker opponents. Netbot Attacker is one of the programs that attacked Korea’s major Web sites in 2009, slowing down connection speeds throughout the country and disabling the major sites for nearly a week. Recent versions of the program update too fast for security programs to keep up with them, but attempts to control DDoS attacks have inflated the price of the program from 3 million won to 15 million won in the last year. Source: http://www.thenewnewinternet.com/2010/06/28/33-south-korean-poker-scammers-booked/


48. June 28, Computer World – (National) Cisco access point gear could lead to Wi-Fi breach. Users of a popular Cisco Systems wireless access point may be setting themselves up for trouble if they leave a WPA wireless migration feature enabled, according to researchers at Core Security Technologies. The issue has to do with Cisco’s Aironet 1200 Series Access Point, which is used to power centrally managed wireless LANs. The Aironet 1200 can be set to a WPA (Wi-Fi Protected Access) migration mode, in which it provides wireless access for devices that use either the insecure WEP (Wired Equivalent Privacy) protocol or the more secure WPA standard. This gives companies a way to gradually move from WEP to WPA without immediately buying all-new, WPA-capable equipment. But while auditing the network of a customer who used the product, Core researchers discovered that even networks that had stopped using WEP devices could still be vulnerable, so long as the Aironet’s migration mode was enabled. Researchers were able to force the access point to issue WEP-broadcast packets, which they then used to crack the encryption key and gain access to the network. Source: http://www.computerworld.com/s/article/9178661/Cisco_access_point_gear_could_lead_to_Wi_Fi_breach


Communications Sector

49. June 29, Omaha World-Herald News Service – (Nebraska) 2 phone companies restoring service. Verizon wireless customers lost cell phone and landline service in Nebraska during an outage June 28 from about 8:30 a.m. until 12:15 p.m. Additional outages were reported in the afternoon. All wireless communication was affected — mobile to mobile, mobile to landline, landline to mobile, data usage, and 911 calls. The affected communities included Scottsbluff, Gering, Oshkosh, Bridgeport, Kimball, Harrisburg, Mitchell, Bayard, Potter, Broadwater and Lewellen. The network problem was resolved as of 12:13 p.m. but officials were unable to say exactly what caused the outage. In addition to the Verizon outage, many communities in the valley and in eastern Wyoming lost use of their CenturyLink landlines after a major fiber-optic phone line near Oshkosh, Nebraska was accidentally cut. The manager of market development for CenturyLink in Las Vegas said June 28 that crews were at the site of the damaged phone line, hand-digging to try to get to the affected line as quickly as possible. He said the company was unsure when service would be re-established to all customers in the area. Source: http://www.omaha.com/article/20100629/NEWS01/706299903


50. June 28, Houston Chronicle – (Texas) KPFT’s radio broadcasts may resume today. Houston’s KPFT-FM (90.1) was knocked off the air all day June 28 after suspected copper thieves broke into the nonprofit, independent radio station’s transmission tower site, cutting a power drop line and peeling a junction box off the building’s wall. The station’s signal dropped off Houston radio dials hours before KPFT was to begin broadcasting gavel-to-gavel coverage of the U.S. Supreme Court nominee’s confirmation hearings. KPFT is one of five radio stations owned by the Pacifica Foundation Network, an alternative media source that emphasizes peace, social justice, racial equality and the arts. The Houston station’s transmitter was bombed twice in 1970, with the first incident blamed on the Ku Klux Klan, according to KPFT’s Web site. The second bombing shut down KPFT for more than three months. Source: http://www.chron.com/disp/story.mpl/metropolitan/7085211.html


51. June 28, Contra Costa Times – (California) Some in Walnut Creek still without phone, Internet and cable. PG&E had restored power to most Walnut Creek, California homes by 4:30 p.m. June 28 after a pair of brief outages June 27 and 28 that also knocked out Astound Broadband cable for nearly 24 hours, according to a PG&E spokeswoman. A brief power outage at 6:30 p.m. June 27 affecting fewer than 400 residents resulted in an outage of cable television, phone and Internet service for Astound Broadband customers. The reason for the power outage is equipment failure, a PG&E spokeswoman said. It is unclear why Astound’s services were out much longer than the power outage. Source: http://www.mercurynews.com/breaking-news/ci_15394958


52. June 26, Rome News-Tribune – (Georgia) Wiring stolen from AT&T call center. Police in Cedartown, Georgia met with an employee of AT&T’s construction department to discuss the theft of wiring from telephone poles June 21. The employee said about 900 feet of copper wiring was stolen. During the incident, fiber optic wires and stand cable were also cut but left behind. The incident occurred along Davis Road in Cedartown, according to reports. The AT&T call center, 101 AT&T Drive, was shut down for an unknown amount of time, according to a Cedartown detective. A spokeswoman said the incident impacted the center for several hours, but calls coming in were able to be routed to other call centers. AT&T is offering a reward of as much as $3,000 for information that leads to an arrest and conviction of the individuals responsible. Source: http://romenews-tribune.com/view/full_story/8067297/article-Wiring-stolen-from-AT-T-call-center?instance=home_news_lead_story

Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 29, 2010

Complete DHS Daily Report for June 29, 2010

Daily Report

Top Stories

• One hundred percent of passengers flying domestically and internationally on U.S. airlines are now being checked against government watch lists through the Transportation Security Administration’s (TSA) Secure Flight program, the DHS Secretary announced late last week, according to Homeland Security Today. (See item 27)

27. June 28, Homeland Security Today – (National) Secure flight hits 100 percent mark. One hundred percent of passengers flying domestically and internationally on U.S. airlines are now being checked against government watch lists through the Transportation Security Administration’s (TSA) Secure Flight program, the DHS Secretary announced late last week. The Secretary called the achievement the second major step in fulfilling a key 9/11 Commission recommendation achieved in the past month. “Secure Flight fulfills a key recommendation of the of the 9/11 Commission Report, enabling TSA to screen passengers directly against government watchlists using passenger name, date of birth, and gender before a boarding pass is issued,” she said. “This achievement significantly enhances one of our many layers of security — coordinated with our partners in the airline industry and governments around the world — that we leverage to protect the traveling public against threats of terrorism.” Source: http://www.hstoday.us/content/view/13757/149/

• In a rare rebuke, federal officials criticized New Jersey State Police for mistakes made last month during an emergency drill involving the Salem and Hope Creek nuclear plants on Artificial Island in Lower Alloways Creek, the Newark Star-Ledger reports. (See item 54)

54. June 26, Newark Star-Ledger – (New Jersey) FEMA: New Jersey State Police too slow. In a rare rebuke, federal officials criticized New Jersey State Police for mistakes they made last month during an emergency drill involving the Salem and Hope Creek nuclear plants on Artificial Island in Lower Alloways Creek. During a simulated nuclear disaster, it took the state police 62 minutes to inform the public within 60 miles of the reactors whether to evacuate or seek nearby shelter, about 17 minutes too long for the Federal Emergency Management Agency (FEMA), which said the response was seriously deficient. The state police were also cited for identifying the wrong town in a press release warning local officials about potentially contaminated fish. The test will be re-run July 15. “The deficiency was not in the message, the right decisions were made,” said the executive officer for Office of Emergency Management (OEM), the division of the state police department that handles emergency responses in Trenton. FEMA has since told OEM that 40 to 45 minutes would be a reasonable response time. FEMA found no deficiencies in the role of Salem County’s emergency management team in the drill. Source: http://www.nj.com/sunbeam/index.ssf?/base/news-6/1277538618237410.xml&coll=9

Details

Banking and Finance Sector

19. June 28, Bloomberg – (International) Toronto’s financial sector returns to work after G-20 protests. Businesses in Toronto’s financial district were set to return to normalcy after a weekend of violent protests related to the Group of 20 summit left windows smashed, access restricted and office buildings vacated. Demonstrators spray-painted obscenities on walls, set fire to at least four police cars and threw rocks and golf balls at windows of stores and office buildings, including the headquarters of Bank of Montreal and Canadian Imperial Bank of Commerce. Police arrested more than 600 people across the city on a week when world leaders met in a protected zone around the Metro Toronto Convention Centre. Protests have been a feature of high-profile meetings of world leaders since riots broke out in Seattle at the World Trade Organization talks in 1999. Police clashed with demonstrators in Pittsburgh at the G-20 summit in September and arrested 83, according to The Associated Press. Confrontations led to 111 arrests during the 2009 G-20 summit in London. Toronto’s downtown is home to Canada’s five largest banks and two of its biggest insurers. There are 223,000 financial-services employees in the district, according to Toronto Financial Services Alliance. Source: http://www.businessweek.com/news/2010-06-28/toronto-s-financial-sector-returns-to-work-after-g-20-protests.html


20. June 28, Associated Press – (Massachusetts) Peabody bank teller sentenced in fraud case. A former bank teller from Peabody, Massachusetts has been sentenced to nearly three and a half years in prison for stealing customer account information that led to the theft of more than $330,000. Federal prosecutors said the 26-year-old suspect pleaded guilty to multiple counts of bank and identity fraud. Authorities said while working as a teller at a Bank of America branch, the suspect used his access to bank customer data to steal customer names and account information from November 2004 to February 2006. He then sold the information to someone who did not work for the bank, usually for $2,000 per account. The suspect was also sentenced to three years of probation and ordered to pay more than $270,000 in restitution. Source: http://www.bostonherald.com/news/regional/view.bg?articleid=1264455&srvc=rss


21. June 28, Creditcards.com – (Minnesota) Proposed Treasury rules take hard line against prepaid card fraud. The government’s efforts to crack down on criminal financing could make it tougher for consumers to buy gift cards, some experts warn. Published in the June 28 Federal Register, the newly proposed rules from the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) require prepaid card providers and sellers to fill out Suspicious Activity Reports on customers for suspicious transactions, such as those totaling more than $2,000. Amid concerns that so-called stored value cards and devices offer a way for criminals and terrorists to quietly move funds internationally, the government is looking to step up efforts to combat the misuse of these products. As a result, the proposed FinCEN rules look to better identify prepaid card users by placing requirements on nonbank providers and sellers. Mandated by the Credit CARD Act of 2009, the proposed rules require more data collection and reporting from businesses. Interested parties have 30 days to submit comments on the proposed rules. Source: http://www.creditcards.com/credit-card-news/fincen-study-prepaid-gift-card-suspicious-activity-report-required-1282.php


22. June 27, IDG News Service – (International) FTC says scammers stole millions, using virtual companies. The Federal Trade Commission (FTC) has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers — often by taking just pennies at a time. The scam, which had been run for about four years, according to the FTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud. The FTC has not identified those responsible for the fraud, but in March, it quietly filed a civil lawsuit in U.S. District Court in Illinois. This has frozen the gang’s U.S. assets and also allowed the FTC to shut down merchant accounts and 14 “money mules” — U.S. residents recruited by the criminals to move money offshore to countries such as Bulgaria, Cyprus, and Estonia. The scammers found loopholes in the credit-card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit-card transactions through legitimate credit-card processing companies. The scammers stayed under the radar from investigators for so long by charging very small amounts — typically between 25 cents and $9 per card — and by setting up more than 100 bogus companies to process the transactions. Source: http://www.computerworld.com/s/article/9178560/FTC_says_scammers_stole_millions_using_virtual_companies


23. June 26, Bank Info Security – (National) Three banks closed on June 25. Federal and state regulators closed three banks and placed one credit union into conservatorship June 25 raising the number of failed institutions to 96 so far in 2010. High Desert State Bank, Albuquerque, New Mexico, was closed by the New Mexico Financial Institutions Division, which appointed the Federal Deposit Insurance Corp. (FDIC) as receiver. The FDIC estimates that the cost to the Deposit Insurance Fund (DIF) will be $20.9 million. The National Credit Union Administration (NCUA) placed Arrowhead Central Credit Union (ACCU) of San Bernardino, California, into conservatorship. By assuming control, NCUA will continue credit-union service to the members and ensure safe and sound credit-union operations. ACCU is a full-service credit union, with assets of $876 million, that provides financial service to 152,000 members residing in the counties of San Bernardino and Riverside, California. First National Bank, Savannah, Goergia, was closed by the Office of the Comptroller of the Currency, which appointed the FDIC as receiver. The FDIC estimates that the cost to the DIF will be $68.9 million. Peninsula Bank, Englewood, Florida, was closed by the Florida Division of Financial Institutions, which appointed the FDIC as receiver. The FDIC estimates that the cost to the DIF will be $194.8 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2696


24. June 26, Associated Press – (Florida) SEC halts alleged $34 million Ponzi scheme. The government said June 25 it obtained a court order to halt an alleged $34-million Ponzi scheme targeting federal employees and law enforcement agents nationwide with promises of safe investments in a nonexistent bond fund. The Securities and Exchange Commission (SEC) said the order issued Thursday by a federal judge in Miami also froze the assets of the estate of the late suspect, his consulting firm Federal Employee Benefits Group of Jacksonville, Florida, and an affiliated investment firm. The SEC alleged that the suspect and the firms defrauded an estimated 260 investors starting in 1988. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/06/25/AR2010062504930.html


25. June 26, Indianapolis Star – (Indiana) Cloned cards used in local ATM thefts. A trio of high-tech thieves used cloned bank cards to rip off $212,000 from Indianapolis-area automated teller machines (ATMs) over the past seven months, police said. The fraudulent withdrawals came at ATMs in 13 different ampm convenience marts in Indiana since November 2009, according to an Indianapolis Metropolitan Police Department (IMPD) report. A cyber-security expert said such crimes have been going on for years, and called for changes in the ways banks and their customers use bank cards. Officials with Cardtronics in Houston told IMPD detectives that three men captured on security cameras used cloned cards to make hundreds of maximum withdrawals of $400. The money was withdrawn from stores in Indianapolis, Carmel, Avon, Plainfield and Brownsburg, police said. Armored car money collectors noticed the robberies when their hauls continually turned up $400 short at several machines. Source: http://www.indystar.com/article/20100626/NEWS02/6260325/Cloned-cards-used-in-local-ATM-thefts


26. June 25, Austin Business Journal – (National) Driskill Hotel guests’ credit-card data stolen. More than three dozen guests at the Driskill Hotel were among roughly 700 people nationwide whose credit card data was stolen when the computer system of Driskill’s parent company’s was hacked, according to news reports. Guests at up to 21 of Colorado-based Destination Hotels & Resorts’ U.S. properties “may have been victims,” the company said, adding that it is contacting recent guests who may have been affected. ABC News reports that the data theft enabled hackers to steal hundreds of thousands of dollars. The security breach has been fixed, but the thieves remain unknown. The FBI and local police are investigating, and the breach appears to be “isolated to locations where credit cards were physically swiped,” leaving Internet, phone and other transactions apparently uncompromised, the company said. Source: http://www.bizjournals.com/austin/stories/2010/06/21/daily58.html


Information Technology


57. June 28, The Register – (International) Google can kill or install apps on citizen Androids. Google has the power to not only remove applications from users’ Android phones, but remotely install them as well. Last week, Google told the world it had exercised its Android “Remote Application Removal Feature,” reaching out over the airwaves and lifting two applications from citizen handsets, and as pointed out by a security reseracher who built this pair of vanished applications, the company can use the same persistent handset connection to install applications as well. The researcher had delivered a talk on this proof-of-concept bootstrap at the SummerCon security conference in New York. The talk was written up by Forbes, and this alerted Google. Forbes quotes a Google researcher, who pointed out that unless they exploit a bug in the OS, Android apps are limited to the permissions set by users. Unlike some, the researcher is not angered by Google’s kill switch. But he does take issue with its INSTALL_APP mechanism. Source: http://www.theregister.co.uk/2010/06/28/google_remote_android_application_install/


58. June 28, V3.co.uk – (International) Hackers target instant-messaging applications. Security experts in Germany are warning of a new threat to MSN Messenger and Windows Live Messenger. G Data SecurityLabs research has found a recent surge in spam and phishing sites that link to the services, as well as a wave of seemingly “endless” fake-friend requests. Adding to these woes is a rogue application that promises to tell users who is blocking them, but in fact is a lure to a scam. Any links included in messages will take users to a Russian software site which offers products at unrealistically low prices, the firm warned, with the goal of the scammers to obtain personal information and credit card details from their victims. Other IM-borne threats include a sort of look-up service that lets IM users see who is blocking them as a contact. Source: http://www.v3.co.uk/v3/news/2265553/instant-messaging-applications


59. June 28, eWeek – (National) U.S. outlines security strategy for online identity. The White House has published a draft of a strategy designed to make the concept of trusted identities and authentication a reality in the digital world. In a 39-page document entitled the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), the White House promotes the “Identity Ecosystem”, an interoperable environment where individuals, organizations and devices can “trust each other because authoritative sources establish and authenticate their digital identities.” The ecosystem will consist of three main layers – a governance layer that establishes the rules of the environment; a management layer that applies and enforces the rules; and the execution layer that conducts transactions in accordance with the rules. “The federal government, in collaboration with individuals, businesses, non-profits, advocacy groups, associations, and other governments, must lead the way to improve how identities are trusted and used in cyberspace,” the document reads. “Ongoing collaboration ... has already resulted in significant gains towards establishing Identity Ecosystem components. However, much more remains to be done.” Source: http://www.eweek.com/c/a/Security/US-Outlines-Security-Strategy-for-Online-Identity-125949/


60. June 25, The New New Internet – (International) Cyber attacks via Excel? In order to conduct cyber espionage, miscreants need to find a way to access victims’ computers remotely. This often takes the form of sending an infected document, generally a PD, to the victim. A new targeted attack has been discovered by researchers at F-Secure who look to take advantage of people’s greater trust in Excel files. Rather than send infected PDF documents, this cyber attack uses infected Excel files that runs a backdoor when accessed. The attack files contain such seemingly innocuous information like personnel files, a list of terrorist organizations, a budget document, a World Cup schedule, and a conference agenda. Source: http://www.thenewnewinternet.com/2010/06/25/cyber-attacks-via-excel/


Communications Sector

61. June 28, Associated Press – (National) Obama to nearly double amount of wireless spectrum available. The President of the United States June 28 is expected to sign a memorandum to almost double the amount of federal and commercial spectrum available for smartphones and wireless Internet devices, according to an administration official. The move is aimed at fostering investment and economic growth and creating jobs as information flowing over wireless networks continues to grow at a rapid pace. The director of the White House National Economic Council is expected to detail the presidential memorandum in a speech June 28. The memorandum would make available 500MHz of federal and commercial spectrum over the next 10 years. Source: http://news.yahoo.com/s/ap/20100628/ap_on_bi_ge/us_obama_spectrum

62. June 28, Arizona Daily Star – (Arizona) Park Place phone outage easing up. Things started to return to normal June 27 for businesses at Park Place mall in Tucson, Arizona after phone service was knocked out the previous week, and debit and credit card transactions were halted. ATMs in the mall also were affected and were temporarily out of service. Qwest was informed June 24 that a third-party construction crew cut one of the phone company’s underground conduit lines, which has several lines running through it, at Craycroft Road and East Broadway, a Qwest spokesman said. In addition to Park Place, other prominent businesses in the area, including the Target in the 5200 block of East Broadway, also were affected. Residential lines were affected too, but there was no impact on 911 services. Source: http://azstarnet.com/news/local/article_03ede022-8a9b-581a-a3b1-c6e99003d399.html

63. June 25, Radio-info.com – (Connecticut) WICC, Bridgeport finally back on the air after tornado. A storm that spawned an F-1 tornado in Connecticut took news/talk WICC-AM (600) off the air June 24. It was reported back on by the Connecticut Board of Radio-Info by early June 26. The tornado, which hit downtown Bridgeport, caused extensive damage to buildings and trees, and forced the mayor to declare a state of emergency and a curfew. A spokesperson from WICC-AM/WEBE-FM (107.9) said, “the tornado decimated the station (WICC) transmitter links and knocked down power lines. Fifteen-ton (commercial) air conditioning units were flying through the air.” Damage to WICC’s operation is estimated at about $100,000. Source: http://www.radio-info.com/news/wicc-bridgeport-finally-back-on-the-air-after-tornado