Thursday, August 5, 2010

Complete DHS Daily Report for August 5, 2010

Daily Report

Top Stories

• According to the Latin American Herald Tribune, one of the four international bridges linking Ciudad Juarez, Mexico and El Paso, Texas, was closed for nearly 2 hours August 3 after a bomb was found and detonated on the Mexican side of the border. (See item 23)

23. August 4, Latin American Herald Tribune – (International) Bomb found on U.S.-Mexico border bridge. One of the four international bridges linking Ciudad Juarez, Mexico and El Paso, Texas, was closed for nearly 2 hours August 3 after a bomb was found and detonated on the Mexican side of the border. The bomb was spotted just after 8 a.m. on the Lerdo Bridge, which was immediately closed to traffic. Several of the main avenues in Ciudad Juarez leading to the bridge were also closed, causing massive traffic jams in Mexico’s murder capital. Army troops, federal police officers, municipal police and transit police went to the bridge to secure the area and direct traffic. Mexican authorities, working with the U.S. Border Patrol, detonated the bomb. The flow of traffic across the border resumed 2 hours after the controlled detonation, but officials have not said what type of explosive was used. This was the latest in a series of bombings in northern Mexico. Assailants suspected of having links to an organized crime group threw a bomb July 31 at one of the bridges connecting Nuevo Laredo, a city in the northeastern state of Tamaulipas, with Laredo, Texas. Source:

• PC Pro reports that experts at the SANS Institute are warning of potential failures in GPS and satellite broadband worldwide starting August 4, amid fallout from a huge solar storm. (See item 46 below in the Information Technology Sector)


Banking and Finance Sector

16. August 4, The Register – (International) Scotland Yard arrests six over multi-million phishing scam. Six suspected fraudsters have been arrested in the U.K. and Ireland over their alleged involvement in a bank and credit card phishing scam that affected tens of thousands of victims and resulted in losses of millions of pounds. Five men and one woman, aged 25 to 40, were arrested in London, and in County Meath, Ireland August 3 and 4, following an investigation led by officers from the Met’s Police Central e-Crime Unit (PCeU). The five U.K. suspects, all arrested following raids in London, remain in custody pending further police inquiries. Each faces possible computer fraud and hacking charges. The arrests were part of Operation Dynamophone, an investigation by the PCeU into a sophisticated phishing fraud network that systematically harvested online bank account passwords and credit card numbers. The MPS Territorial Support Group, and the Irish Garda SÃochána Fraud Investigation Bureau assisted the PCeU in serving warrants on the six suspects. Police reckon 10,000 online bank accounts and 10,000 credit cards have been compromised as part of a fraud that has resulted in the attempted theft of £1.14 million and losses of £358,000 from online bank accounts. The value of credit card fraud associated with the scam is less certain but estimated at more than £3 million. Source:

17. August 4, Dow Jones Newswires – (West Virginia) US Grand Jury indicts two women on $2.4 million credit-union fraud. A federal grand jury has indicted two women in a $2.4 million credit-union fraud scheme case. A former employee of the N&W Poca Division Federal Credit Union located in southern West Virginia was charged with taking money from the union from 2003 to August 2008 by creating fake deposits into her own account and those of family members. She also wrote official credit union checks made payable to family members and to third parties to pay for her personal expenses, according to the charges. The indictment, returned by a federal grand jury in Beckley also alleges a former co-worker aided in the schemes. If convicted, each defendant could receive 30 years in prison, a fine of $4.8 million and an order of restitution. Source:


18. August 3, Market Watch – (International) RBS hit with $8.9 million fine for terror watch list failings. The U.K.’s Financial Services Authority (FSA) said August 3 it has fined Royal Bank of Scotland 5.6 million pounds ($8.9 million) for failing to check certain customers and transactions against a government watch list of terror suspects. Between Dec. 15, 2007 and Dec. 31, 2008, RBS did not have the systems in place to properly screen its customers against the Treasury list. “By failing to screen relevant customers and payments against the HM Treasury sanctions list, RBS Group left itself open to the risk that it was facilitating terrorist financing,” the regulator’s director for enforcement and financial crime said. The regulator said RBS was the biggest processor of foreign payments in the U.K. during 2007, but that for a significant period it failed to screen any income payments from outside the U.K. The FSA said the fine is the biggest it has ever imposed in relation to its responsibility for preventing financial crime and that the fine would have been £8 million if the bank had not agreed to settle the probe at an early stage. Source:

19. August 3, Empire State News – (New York) Phishing scam warning. Police on Long Island, New York are warning of a cell phone, text-phishing scam. The text messages are designed to trick the receiver into divulging personal information. Several Suffolk County residents have notified police about the messages that claim to be from different financial institutions. The messages ask the recipient to “verify” account information. Police remind the public to never disclose information such as Social Security numbers, account numbers, or PIN numbers. Source:

20. August 3, Infosecurity – (National) Nationwide banks experience surge as phishing targets. Since February of this year, RSA’s Anti-Fraud Command Center has seen a marked uptick in phishing attacks targeting the largest nationwide banks. From June 2009 through February 2010, larger financial institutions were targeted in the 19 to 30 percent range, depending on the month. The latest trend, however, shows that these large nationwide banks are receiving almost two-thirds of all phishing attempts in the finance sector, topping out at 68 percent in June. Infosecurity notes that the proportion of attacks targeting larger bank brands seems to come directly from the share once held by smaller regional banks. This may be a result of a recovering economy and banking sector, as scammers shift their focus from smaller banks that were thought to be on more sound footing during the recent financial crisis. The report also revealed a 16 percent drop in total phishing attacks in June compared with the previous month. RSA believes one of the contributors was the dearth of activity from the Rock Phish gang (aka, Avalanche), which the company said has nearly halted its phishing activity in favor of launching malware attacks. Source:

21. August 2, Binghamton Press & Sun-Bulletin – (New York) Credit union warns about scam. Empower Federal Credit Union is warning consumers about a recent increase in telephone phishing calls being made to Binghamton, New York-area residents, who are being asked to provide secure information, such as a PIN or the three-digit code on the back of a credit card. Empower branches in the region are in Broome and Chemung counties, New York. The call is usually automated and asks the individual to press one to reach a security department. These calls are not being made by legitimate financial institutions but by scammers, according to Empower. While the calls are random and do not target any specific group, the recording may refer to a specific financial institution or reference “your financial institution,” Empower stated. The credit union is based in Syracuse. Source:

For another story, see item 41

Information Technology

41. August 4, The Register – (International) Botnet that pawned 100,000 UK PCs taken out. Security researchers of Trusteer have uncovered the command and control network of a Zeus 2 botnet sub-system targeted at U.K. surfers that controlled an estimated 100,000 computers. Trusteer researchers identified the botnet’s drop servers and command and control center before using reverse engineering to gain access its back-end database and user interface. A log of IP addresses used to access the system, presumably by the cybercrooks that controlled it, was passed by Trusteer onto metropolitan police. Cybercrooks based in eastern Europe used a variant of the Zeus 2 cybercrime toolkit to harvest personal data — including bank log-ins, credit and debit card numbers, bank statements, browser cookies, client side certificates, and log-in information for e-mail accounts and social networks, from compromised Windows systems. Source:

42. August 4, The Register – (International) Adobe confirms remote code-execution flaw in Reader (again). A security researcher has uncovered yet another vulnerability in Adobe Reader that allows hackers to execute malicious code on computers by tricking their users into opening booby-trapped files. A principal security analyst at Independent Security Evaluators disclosed the critical flaw at the Black Hat security conference in Las Vegas. It stems from an integer overflow in a part of the application that parses fonts, he said. That leads to a memory allocation that is too small, allowing attackers to run code of their choosing on the underlying machine. There are no reports of the flaw being targeted for malicious purposes. Details of his discovery come as hackers are exploiting a separate font-parsing bug in the PDF reader built by Apple to jailbreak the latest iPhone. While the hack is harmless, security firms including Symantec and McAfee have warned that the underlying flaw, when combined with a second one, could be used to execute malicious code on the Apple smartphone. Apple has yet to acknowledge the vulnerabilities. Source:

43. August 3, BBC – (International) Web attack knows where you live. One visit to a booby-trapped Web site could direct attackers to a person’s home, a security expert has shown. The attack, thought up by a hacker, exploits shortcomings in many routers to find out a key identification number. It uses this number and widely available net tools to find out where a router is located. Demonstrating the attack, the hacker located one router to within 9 meters of its real world position. Many people go online via a router, and typically only the computer directly connected to the device can interrogate it for ID information. However, the hacker found a way to booby-trap a Web page via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed. He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox Web browser. During the demonstration, the hacker showed how straightforward it was to use the attack to identify someone’s location to within a few meters. Source:

44. August 3, Computerworld – (International) Repetition breaks Google audio CAPTCHA. Google has fixed a flaw in its Audio CAPTCHA software that could have given scammers a way to automatically set up phony accounts. The flaw was described in a post to the Full Disclosure mailing list August 2. According to the post, anyone could pass a Google Audio CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test by typing in any 10 words as the response. CAPTCHA is testing software used by many Web sites to cut down on online fraud. Sites often use CAPTCHA systems to make sure that new accounts are created by human beings, instead of automated scripts. Typically, a CAPTCHA test presents a hard-to-read image of a word, which the user must then type in to prove he is not a machine. The audio version gives visually impaired users a way to use CAPTCHA by playing a recorded sound of the test word. Source:

45. August 3, DarkReading – (International) Researcher reads RFID tag from hundreds of feet away. A security researcher demonstrated his homegrown RFID-reading equipment at both Black Hat USA and Defcon 18 to illustrate the lack of security in the Electronic Product Code (EPC) Class 1 Generation 2 RFID technology used in U.S. passport cards (not books), enhanced driver’s licenses, and in clothing and other items at Walmart for inventory purposes. He was able to find the RFID card from a balcony 30 stories up at the Riviera Hotel in a demo for reporters during Defcon. But his hardware blew after he attempted to boost the signal, so he was unable to show the full tag-reading step as a Defcon volunteer held up the tag from the road below. “I’ve read it from 217 feet,” he said, but his homemade RFID-reading system, which included two large antennas, ham radio equipment, software radio peripheral, and a slimmed down Linux-based laptop, is capable of reading the EPC Class 1 Gen2 RFID cards at much greater distances. The RFID technology is not encrypted, he notes, nor does it contain any access control features. Among the information that could be read from the tags, he said, is the person’s name and state of residence via a unique identification number used in the tags. The tag’s prefix identifies the user by his home state, information that could be used to scam tourists. And tag-reading could be used by bad guys for reconnaissance prior to robberies or other crimes in a neighborhood. Source:

For another story, see item 47 below in the Communications Sector

Communications Sector

46. August 4, PC Pro – (International) Solar storm could hit GPS and satellite broadband. Experts at the SANS Institute are warning of potential failures in GPS and satellite broadband amid fallout from a huge solar storm. The storm blew up after a spectacular solar eruption August 1, and the impact is expected to reach Earth August 4, with effects showing themselves in diminished satellite and radio signals as well as the possibility of the “Northern Lights” being visible in the U.K. These events are not uncommon, according to a spokesman on the SANS Institute’s Internet Storm Center blog. “Long distance radio transmissions and satellite communications are usually affected first. Given our reliance on systems like GPS, an outage may have indirect ground-based effects. Sensitive electronics may be affected, and outdoor radiation levels may be higher then normal,” he said. Last year the U.S.-based Committee on the Societal and Economic Impacts of Severe Space Weather Events reported that solar storms could lead to widespread damage in network reliant countries. “The adverse effects of extreme space weather on modern technology — power grid outages, high-frequency communication blackouts, spacecraft anomalies — are well known and well documented,” the committee said in a report. Source:

47. August 4, Reuters – (International) Saudi and RIM in last-ditch talks. The makers of the BlackBerry smartphone held last-ditch talks with Saudi Arabia August 4 to avert a threatened cut-off of a key service, while India took a tough line with the Canadian company. Research In Motion (RIM) is facing mounting demands from governments around the world for access to its vaunted encryption system on national security grounds. The spat, which has highlighted the access some states seem to have in comparison to others, threatens to cut off some 2 million BlackBerry users in the Gulf and India. Security officials in India, a giant growth market for mobile communications, warned the service would be halted if the company failed to meet its concerns, a newspaper reported. “We are very clear that any BlackBerry service that cannot be fully intercepted by our agencies must be discontinued,” The Economic Times quoted an unnamed security official as saying. “Offering access to data is part of the telecom licensing guidelines and has to be adhered to.” An Indian government source told Reuters that RIM had proposed to share some details of its BlackBerry services, but security agencies were demanding full access to a messaging service it fears could be misused by militants. RIM has said BlackBerry security is based on a system where customers create their own key and the company neither has a master key nor any “back door” to enable RIM or any third party to gain access to crucial corporate data. Source:

48. August 3, Associated Press – (Alaska) Wayward satellite causing problems. GCI says customers in rural areas in Alaska may experience intermittent outages due to a wayward satellite. The communications company said outages are expected to occur from August 11 through August 14, and will impact customers and businesses that send or receive services via satellite. Those all across Alaska will be impacted, especially those off the road system. Land-based systems will not be affected. Satellite services expected to be affected include long-distance calling, Internet, private lines and networks. Outages will last from over 1 hour to more than 5 hours per day. GCI said the satellite is causing problems because it lost its propulsion system and has been drifting across the paths of other satellites, and will come close to the one GCI uses. Source:

49. August 3, Pottsville Republican Herald – (Pennsylvania) Burglars cut phone cables during Hegins break-in, interrupt phone service for 2,000. Burglars at Midway Supermarket in Hegins, Pennsylvania, cut telephone lines early August 2, leaving about 2,000 customers without service. Full service is not expected to be returned until sometime August 4, a spokesman from Frontier Communications said. A state police trooper of the Schuylkill Haven station said the burglary occurred just after 2 a.m. Two men, believed to be in their early 20s, used a crowbar to force their way into the supermarket through a restaurant door on the north side of the building. Once inside, the men entered the pharmacy section of the store, again using the crowbar, and stole narcotics. The two men tried to leave the building through a rear door where they were met by an employee. After seeing the worker, the men fled the building through the same door they entered. In the process of entering the building, the men apparently cut telephone lines in an attempt to disengage the alarm system. Frontier Communications had technicians on scene August 2 and expected to have some customers’ service returned within 24 hours. The remaining customers were expected to have service restored by August 4. Source:

50. August 3, Minnesota Public Radio – (Minnesota) 911 outage in NE Minn. not causing major problems. A fiber-optic cable that was severed by a work crew has cut off 911 service for several northern Minnesota towns, authorities said. A spokesman from the St. Louis County Communications Center said so far the outage has not caused major problems, although it also can cut off electronic communications. He said the cable break is near Aurora. “It was a contractor who was digging that struck the line, and it’s affected phone service intermittently, affects the cell phone service and the hard wire traditional land phone line service up in that area,” he said. The St. Louis County Sheriff’s Office said 911 service in Ely, Babbitt, Floodwood, International Falls, McGregor, Aurora, Tower, Two Harbors and Ranier might be interrupted until 9 p.m. August 3, when repairs are expected to be complete. Residents needing emergency services were asked to contact their local fire department, or go to the nearest fire department if they cannot get through by phone. Source: