Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 2, 2010

Complete DHS Daily Report for June 2, 2010

Daily Report

Top Stories

• After years of allowing corporations to withhold vital safety information, the Environmental Protection Agency (EPA) screamed “stop” on Thursday, AOL News reported. In the Federal Register, the agency said it will no longer permit the obstruction of safety evaluations by allowing firms to hide behind age-old claims of business secrecy. (See item 9)

9. May 28, AOL News – (National) EPA moves to close key chemical safety loophole. After years of allowing corporations to withhold vital safety information, the Environmental Protection Agency (EPA) screamed “stop” on Thursday. In the Federal Register, the agency said it will no longer permit the obstruction of safety evaluations by allowing firms to hide behind age-old claims of business secrecy. The EPA Administrator had told Congress earlier this year that the heavily lobbied for “confidential business information” protection was keeping the agency’s risk assessors from obtaining vital health and safety data on chemical substances awaiting approval. Thousands of chemicals were not properly evaluated because of the withheld information, she told lawmakers. The agency’s new stance has real-world implications. The EPA’s move means that protection may no longer exist, at least within that agency. Other federal safety agencies, such as the Occupational Safety and Health Administration and the Food and Drug Administration, apparently still allow the corporate obfuscation. A careful legal interpretation of the long maligned but vital Toxic Substance Control Act (TSCA) convinced the agency that it could provide more valuable information to the public by identifying data where information may have been claimed and treated as confidential in the past but is not and was not in fact entitled to confidentiality under the TSCA. The EPA said it expects to begin reviews of confidentiality claims — both newly submitted and existing — August 25. Source: http://www.aolnews.com/nation/article/epa-moves-to-close-key-chemical-safety-loophole/19496225

• According to The Associated Press, federal investigators alleged that a Canadian national who the U.S. government said swindled $70 million from 40,000 investors on six continents carried out the same kind of Ponzi scheme that the one-time bank robber mocked on his Web site. The man warned clients of his online business, “Pathway to Prosperity,” to stay away from high-yield investment programs that often boast of unrealistic returns for little or no risk. Yet a federal criminal complaint alleges that he promised “outlandish” return rates — investigators said anywhere from 546 percent to 17,000 percent — with no explanation of his methodology or his identity. (See item 19 below in the Banking and Finance Sector)

Details

Banking and Finance Sector

18. June 1, Associated Press – (National) FBI says ‘Grandad Bandit’ may be responsible for 21 bank holdups across the eastern U.S. He may be old, but a man dubbed the “Granddad Bandit” is proving elusive. The FBI in St. Louis said an older man suspected of robbing a Regions Bank branch in St. Louis County May 18 is also suspected of 20 other bank robberies across the eastern and central United States. FBI officials plan a midday news conference Tuesday to discuss the case, including plans to launch a digital billboard campaign to help identify and capture the bandit. The FBI describes the suspect as tall, white, bald and heavy, 50 to 60 years old. He is wanted in at least 10 states in addition to Missouri: Alabama, Arkansas, Georgia, Kansas, Florida, Michigan, New York, Oklahoma, Texas and Virginia. Source: http://www.fox4kc.com/news/sns-ap-mo--granddadbandit,0,4906092.story


19. May 31, Associated Press – (International) Feds: Man’s global Ponzi scheme ‘massive,’ mocking. A Canadian national who the U.S. government said swindled $70 million from 40,000 investors on six continents carried out the same kind of Ponzi scheme that the one-time bank robber mocked on his Web site, federal investigators alleged. The man warned clients of his online business, “Pathway to Prosperity,” to stay away from high-yield investment programs that often boast of unrealistic returns for little or no risk. Yet a federal criminal complaint alleges that he promised “outlandish” return rates — investigators said anywhere from 546 percent to 17,000 percent — with no explanation of his methodology or his identity. The defendant also hid an extensive criminal past that included convictions for burglary and drug trafficking in Canada, according to the documents. “He warned: ‘The bigger the return on offer, the louder the warning bells should sound,’ “ the complaint, dated Friday and obtained Monday by The Associated Press, alleged. “Investors, however, did not heed the ‘warning bells’ of the defendant’s ridiculous claims of unrealistic rates of return and instead invested by the thousands.” The man, who prosecutors believe lives in the Philippines though his whereabouts Monday were unclear, was charged with conspiracy and securities, mail and wire fraud. Some of the charges carry up to 20 years in prison and $250,000 in fines. Source: http://www.google.com/hostednews/ap/article/ALeqM5gafYa2Dc3WL14vp6tHoN_VG9_o7gD9G21F900


20. May 29, CVN News – (National) Three Florida banks among five seized. Three Florida banks, along with single banks in California and Nevada, were seized by the Federal Deposit Insurance Corporation (FDIC) Friday. The three Florida banks had assets of around $1.5 billion and will cost the Deposit Insurance Fund (DIF) an estimated $200 million. Altogether, the five banks had assets of around $2 billion and will cost the DIF a little over $300 million. In the first five months of 2010, the FDIC has seized 76 banks, 13 in Florida. Source: http://www.coosavalleynews.com/np85570.htm


21. May 28, WBNS 10 Columbus – (Ohio) Alleged ‘Robin Hood’ bandit in custody. A man who police said robbed a Short North bank in Columbus, Ohio earlier this month and gave some of the cash to some unsuspecting shoppers was charged Friday with seven armed robberies. A Columbus man was indicted on 15 counts stemming from robberies that occurred between June 2009 and this month. The indictment charges the man with four counts of bank robbery. The man allegedly robbed the Cooper State Bank June 9; a Huntington National Bank May 3; a Huntington National Bank May 7; and a U.S. Bank May 10. Each count of bank robbery is punishable by up to 25 years imprisonment, according to the FBI. The grand jury also charged Green with three counts of interfering with interstate commerce by robbery for hold-ups of a restaurant, drug store, and department store between April 25 and May 6. The FBI dubbed the robber of the May 3 robbery the “Robin Hood bandit” after the robber gave a mother and her daughter each a $100 bill outside the bank. Source: http://www.10tv.com/live/content/local/stories/2010/05/28/story-columbus-bank-robber-robin-hood.html?sid=102


22. May 28, eSecurity Planet – (National) Phishing scam targets military credit unions. U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Armed Forces to be on high alert for a new phishing scam that targets customers at a pair of credit unions catering to servicemen and their families. The STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. In a blog posting this week, Symantec officials said the phishing sites ask customers to fill in a form with their sensitive data to unlock what the corrupt Web page claims is a log-in error created by too many failed log-in attempts. This information includes Social Security numbers, credit card information, birth dates and mothers’ maiden names. “The page also includes a fake CAPTCHA that accepts data irrespective of the number entered,” Symantec’s security team wrote. “When the sensitive information is entered, the phishing site states that the customer’s password is unlocked for logging in. The page is then redirected to the legitimate site.” Earlier this month, the Anti-Phishing Working Group (APWG) released a study that found that one phishing gang known as the “Avalanche” syndicate was responsible for more than two-thirds of the 126,000-plus phishing scams it unearthed in the last six months of 2009. Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URL have been used to spoof other online brands, as well. Source: http://www.esecurityplanet.com/news/article.php/3884866/Phishing-Scam-Targets-Military-Credit-Unions.htm


23. May 26, ComputerWorld – (California) Five indicted in cybertheft of city’s bank accounts. Five people were indicted this week on wire fraud and other criminal charges stemming from a 2007 cybertheft in which nearly $450,000 was stolen from the bank accounts of the city of Carson, California. The federal indictment, handed down in the U.S. District Court for the Eastern District of North Carolina, charges two men of allowing their bank accounts in North Carolina to be used as conduits for accepting stolen money and for sending it to bank accounts belonging to three other suspects. The treasurer for Carson said the money was siphoned out of the city’s coffers via two unauthorized money transfers in May 2007. The first transfer, from the city’s bank account at the City National Bank (CNB) of Carson, was for an amount of $90,500, which was sent to an account at Branch Banking & Trust in Wilson, North Carolina. The second transfer, a day later from the same CNB account, involved $358,500 that was sent directly to a National City Bank account in Detroit belonging to a company called Broadbase Financial that was owned by one of the defendants. The alleged thieves used valid log-in credentials to access the city’s bank account and initiate both the money transfers, a bank spokeswoman said. The city later recovered about $304,000 of the stolen money and was reimbursed $100,000 more by its insurance provider. But it is still short of about $44,000 as a result of the theft, she added. The CEO of Ligatt Security, which was hired by Carson officials to conduct a forensics investigation of the incident, said the city’s log-in credentials were stolen via spyware installed on a city-issued laptop computer. Source: http://www.computerworld.com/s/article/9177409/Five_indicted_in_cybertheft_of_city_s_bank_accounts


Information Technology


50. June 1, DarkReading – (National) House OKs cybersecurity reforms. The House of Representatives has passed a bill that would update the federal government’s cybersecurity requirements and create a permanent cybersecurity office within the White House, putting some long-sought reforms closer to passage. The reforms were passed as an amendment that made its way into the annual defense spending bill, the National Defense Authorization Act for Fiscal Year 2011. The defense authorization bill passed the House Friday by a 229-186 vote. Any differences would be reconciled in conference before the bill is sent to the President to sign. The most wide-ranging changes of the amendment, which combines legislation offered earlier this session by two Representatives, include creating a permanent National Office for Cyberspace and Office of the Federal Chief Technology Officer (CTO) within the White House, giving both the director of the National Office for Cyberspace and the federal CTO specific responsibilities, and adding new cybersecurity requirements for agencies in areas like acquisition, budgeting, and actually securing IT systems. Source: http://darkreading.com/security/government/showArticle.jhtml?articleID=225200733


51. June 1, The Register – (International) ‘Clickjacking’ worm hits hundreds of thousands on Facebook. A vulnerability on Facebook forced hundreds of thousands of users to endorse a series of Webp ages over the holiday weekend, making the social networking site the latest venue for an attack known as clickjacking. The exploit works by presenting people with friend profiles that recommend — or “Like,” in Facebook parlance — links with titles including “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.” Those who click on the link see a page that’s blank except for the words “Click here to continue.” Clicking anywhere on the page automatically forces the person to add the link to his list of Likes. Clickjacking is a term that describes attacks that allow malicious Web site publishers to control the links visitors click on. Virtually every browser that uses Adobe Flash is vulnerable, although many browsers come with safeguards that make exploitation harder. The Facebook worm that hit over the weekend superimposes an invisible Flash iframe over the entire page that links back to the victim’s Facebook page. As a result, as long as the person is logged in, his profile automatically recommends the link to new friends as soon as the page is clicked on. Source: http://www.theregister.co.uk/2010/06/01/facebook_clickjacking_worm/


52. June 1, The Register – (International) Mac spyware infiltrates popular download sites. A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday. Dubbed OSX/OpinionSpy, the spyware is distributed through software available on sites including Softpedia, MacUpdate, and VersionTracker, according to Intego, a provider of anti-virus software for Macs. The app isn’t contained in the downloads themselves, but rather gets downloaded during the installation process, Intego said. A Windows version of the program has existed since at least 2008. Once installed, OpinionSpy scans files and folders on all attached hard drives and regularly sends data in encrypted form to several servers, according to Intego. It also injects code into the Safari, Firefox, and iChat applications and mines them for e-mail addresses, message headers, and other data. The program remains active even if the screensaver or other application that was originally downloaded is uninstalled. Source: http://www.theregister.co.uk/2010/06/01/mac_spyware/


53. June 1, V3.co.uk – (International) Mass market Web scams raking in billions. The Serious Organized Crime Agency (Soca) has warned that mass market fraud campaigns are robbing United Kingdom Internet users of billions of pounds a year. Organizations in the UK, including Soca, the National Fraud Authority (NFA), the Office of Fair Trading and the Metropolitan Police, have today joined forces with others worldwide in an attempt to raise public awareness about the scams and the cyber criminals behind them. People in the UK lose an estimated £3.5bn every year to mass market fraud, according to Soca, and the scams are becoming more plausible and complex all the time. Soca advised affected users to contact the NFA’s Action Fraud site immediately, to be wary of unsolicited messages, especially those claiming that the recipient has won a prize, and to never provide personal information or money upfront. Users should also be wary of poor spelling in e-mails or on Web sites. A director at Web authentication firm VeriSign, warned that dating sites are becoming particular favorites of cyber criminals looking to mine personal information. “Soca’s research further highlights how criminals are continuing to widen the techniques they use to target their victims, and that online fraud is now a major industry,” he said. “Consumers are at risk of losing cash, and face wider headaches in solving identity theft problems at the hands of

increasingly agile cyber fraudsters.” Source: http://www.v3.co.uk/v3/news/2263963/soca-warns-internet-scams


54. May 31, Financial Times – (International) Google ditches Windows on security concerns. Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees. The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally. “We’re not doing any more Windows. It is a security effort,” said one Google employee. “Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another. New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.” In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy. Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems. The greater number of attacks on Windows has much to do with its prevalence, which has made it a bigger target for attackers. Employees wanting to stay on Windows required clearance from “quite senior levels”, one employee said. “Getting a new Windows machine now requires CIO approval,” said another employee. Source: http://www.ft.com/cms/s/2/d2f3f04e-6ccf-11df-91c8-00144feab49a.html


For more stories, see items 22 and 23 above in the Banking and Finance Sector


Communications Sector

55. May 31, Multichannel News – (National) Does the Internet need a beat cop? The Federal Communications Commission’s (FCC) effort to reclassify a portion of broadband service ran into a major setback in the form of a cable-and telephone company-backed lobbying effort to get Congress to step in instead. Last week, House Democrats and Republicans warned the FCC in separate letters to halt its plan to reclassify broadband to exert more control over Internet access. Meanwhile, four key House Democrats announced plans to update the Communications Act with a new law. Reclassifying broadband “is not something that should be taken lightly and should not be done without additional direction from Congress,” said a letter from 73 House Democrats to the FCC chairman. If last week was round three in the Title II fight, the round goes to incumbent Internet-service providers looking to head off common-carrier regulations applied to broadband. Title II refers to the Communications Act regulations for common-carrier services like legacy phone service, meant to ensure nondiscriminatory rates and practices in basic telecommunications service. Source: http://www.multichannel.com/article/453202-Does_The_Internet_Need_A_Beat_Cop_.php