Tuesday, November 9, 2010

Complete DHS Daily Report for November 9, 2010

Daily Report

Top Stories

• TechWorld reports that weeks after Microsoft added anti-Zeus Trojan detection to its free Malicious Software Removal Tool, it is unable to detect the latest versions of the malware designed to steal banking information, a rival security company has claimed. See item 22 below in the Banking and Finance Sector

• Missing security features designed to prevent terrorism on the new rail line linking Loudoun County, Virginia, to the Washington D.C. region’s Metro system were identified in a triennial audit, according to the Washington Post. (See item 28)

28. November 4, Washington Post – (Virginia) Metro’s Silver Line in need of post-9/11 security upgrade. Missing security features on the new rail line linking Loudoun County, Virginia, to the Washington D.C. region’s Metro system were identified in a triennial audit by the Tri-State Oversight Committee. Released last month, the nearly 300-page report noted dozens of problems at Metro, but it also highlighted the lapse in planning for the new rail line to include the “additional processes, design features, and equipment necessary in a ‘post-9/11’ environment.” The Metropolitan Washington Airports Authority, which oversees Reagan National and Dulles airports, is supervising construction, but Metro will own and operate the line. Rail project officials said they are awaiting word from Metro about what security elements to include. Among those missing features and policies cited in the audit: closed-circuit televisions currently in use at all Metro stations; technology used to detect weapons of mass destruction and outside intruders on rail tracks; and routine threat and vulnerability assessments, which are used by Metro to gauge how likely or imminent an attack is. A full accounting of Metro’s required security features, which are now being updated, is not publicly available because of its highly sensitive content, officials said. But the failure to include Metro’s security construction and technical guidelines in the plan for the Silver Line could have a substantial impact on the project’s ballooning costs. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/11/04/AR2010110406989.html?hpid=newswell

Details

Banking and Finance Sector

16. November 8, InformationWeek – (National) Financial data at risk in development: A call for data masking. An Informatica sponsored study conducted by the Ponemon Institute surveyed 437 senior IT professionals in the financial services industry whose firms have been engaged in application testing and development in order to better understand if the risk of using real data in development is being addressed. An overlooked privacy risk is the vulnerability of personal and business information used for testing and application development. During the test and development phase of new software, real data — including financial records, transactional records, and other personally identifiable information (PII) — is being used by as many as 80 percent of organizations. Further, test environments are less secure because data is exposed to a variety of unauthorized sources, including in-house testing staff, consultants, partners and offshore development personnel. The study found security decision-making may be motivated more by achieving business objectives than by addressing data security risks. Given the potential for heavy fines and penalties, customer churn, reputation damage, and overall costs associated with a data breach, financial services firms should proceed with great caution before outsourcing to third parties. This should include a vigorous evaluation of prospective partners’ security policies and procedures, and implementation of detailed contractual provisions. Source: http://www.informationweek.com/whitepaper/Risk-Management-Security/Privacy/financial-data-at-risk-in-development-a-call-for-wp1288885160847;jsessionid=GKHQN5E55EBILQE1GHPCKH4ATMY32JVN?cid=iwhome_wp_Risk+

17. November 8, PrisonPlanet.com – (National) ATMs crash across the country after ‘Bank Holiday’ warning. Following rumors of a “bank holiday” that could limit or prevent altogether cash withdrawals later the week of November 8, Twitter and other Internet forums were raging November 7 about numerous ATMs across the United States that crashed early November 7, preventing customers from performing basic transactions. It is unknown whether the crashes were partly a result of a surge of people trying to withdraw money in preparation for any feared bank shutdown, or if mere technical glitches were to blame. The fact that the problem affected numerous different banks in different parts of the United States would seem to indicate the former. The Orange County Register reported that the problems were “part of a national outage” which prevented people from performing simple transactions such as cashing checks and withdrawing money. “Computer issues” were blamed for similar issues in Phoenix, Arizona, while in Birmingham, Alabama, Wells Fargo customers’ online banking accounts and ATMs displayed incorrect balances. The banks primarily affected were Wells Fargo, Chase, and Bank of America, but according to a blogger who studied Twitter feeds and other Internet message boards that were alight with the story, numerous other financial institutions were also affected, including US Bank, Compass, USAA, Sun Trust, Fairwinds Credit Union, American Express, BB&T on the East Coast, and PNC. Source: http://www.prisonplanet.com/atms-crash-across-the-country-after-bank-holiday-warning.html

18. November 8, Associated Press – (Ohio) Ohio State bank robber suspected in another holdup. The FBI said a woman suspected of robbing several banks, including one at Ohio State University, appears to have struck again. A Special Agent said the latest hold-up was at a Charter One Bank branch November 7 inside a Kroger supermarket in Columbus, Ohio. The woman approached the teller counter while appearing to talk on a cell phone. She then told the teller she needed cash and was robbing the bank. The FBI said the teller gave the woman some money though there was no sign of a weapon. The Special Agent said the same woman is suspected in seven other robberies around Columbus since January 2006, including three earlier this year. The last was October 20 at a US Bank branch inside Ohio State’s new student union building. Source: http://www.daytondailynews.com/news/ohio-news/ohio-state-bank-robber-suspected-in-another-holdup-997799.html

19. November 8, KOCO 5 Oklahoma City – (Oklahoma) Police: Robber barricades self in hotel before surrender. A bank robbery suspect in Oklahoma City, Oklahoma was arrested after barricading himself in a hotel room for 2 hours, police said November 8. Surveillance video shows the heist of the bank on North May Avenue. Oklahoma City police said they worked closely with the FBI to track down the suspect. Investigators said they found the suspect hiding in a southwest Oklahoma City hotel November 8. Police said the suspect barricaded himself inside one of the rooms at the hotel near Southwest 8th Street and MacArthur Boulevard. After 2 hours, police said, the suspect surrendered inside the hotel room. Investigators said the robbery was not the suspect’s first crime. In the 1980s, he spent time in a state prison for armed robbery. Police said the suspect also faces time for escaping from prison. Source: http://www.koco.com/r/25669571/detail.html

20. November 6, Birmingham News – (Alabama) Computer glitch hits Wells Fargo customers. Wells Fargo & Co., Birmingham, Alabama’s third-largest bank by deposits, said November 6 that computer problems that afternoon led to some account information not being displayed correctly on the Internet and on automated teller machines. “We had some issues that affected some customers across our operating area,” the spokesman said. The San Francisco-based banking giant operates nationwide. The spokesman said the problems meant the company did not correctly reflect the account balances of some customers. “We are sorry for the inconvenience and are now back up and running at 100 percent,” the spokesman said at 7:30 p.m., November 6. Other banks, including Bank of America, also were affected by a computer glitch November 6, according to a report by the Orange County Register. Source: http://blog.al.com/businessnews/2010/11/computer_glitch_affects_wells.html

21. November 5, Denver Post – (Colorado) Bank robber’s bomb threat bogus. A well-dressed robber left what he claimed was a bomb on the counter of an Edgewater, Colorado bank November 4. The metal box, however, contained nothing dangerous, the Jefferson County bomb squad determined. The robbery happened just before 9:30 a.m. at a TCF Bank at 1709 Sheridan Blvd., when a man in a dress shirt, slacks and a tie entered the bank and took the metal box from his backpack, Edgewater police told 9News. He told a bank teller, “This is a bomb. Touch it, it will go off,” police said. He jumped over a counter, took cash, reminded bank employees the box would explode if they touched it, then left the bank on a purple bicycle, police said. The man was described as black, 25 to 30 years old, about 5 feet, 8 inches tall and about 150 pounds. Witnesses said his black hair contained some gray, and he had “spotty facial hair,” the FBI said. Source: http://www.denverpost.com/news/ci_16528461

22. November 5, TechWorld – (International) Zeus Trojan defeats Microsoft security tool. Only weeks after Microsoft added anti-Zeus Trojan detection to its free Malicious Software Removal Tool (MSRT), it is unable to detect the latest versions, a rival security company has claimed. The analysis by Trusteer is a reminder that ordinary users face a battle to keep state-of-the-art Trojans such as Zeus (or Zbot or Wnspoem), which targets online bank accounts, off their PCs. According to Trusteer, MSRT detected and removed Zeus version 2.0 about 46 percent of the time in its tests, but failed to spot updated versions, which are now circulating. The company also thinks that such Zeus detection is seriously flawed because it relies on the user downloading and running a tool when it might already be too late — Zeus typically steals banking logins soon after infection. Ironically, because MSRT’s effectiveness is still superior to many antivirus products, it might cause criminals to up their game once again, shortening the infection-to-theft period and even attacking MSRT itself. Source: http://www.networkworld.com/news/2010/110510-zeus-trojan-defeats-microsoft-security.html

For another story, see item 53 below in the Information Technology sector

Information Technology

51. November 8, IDG News Service – (International) Zscaler develops free tool to detect Firesheep snooping. A security company has developed a free Firefox add-on that warns when someone on the same network is using Firesheep, a tool that has raised alarm over how it simplifies an attack against a long-known weakness in Internet security. Firesheep, which was unveiled at the ToorCon security conference in San Diego October 2010, collects session information that is stored in a Web browser’s cookie. The session information is easily collected if transmitted back and forth between a user’s computer and an unencrypted Wi-Fi router while a person is logged into a Web service such as Facebook. While most Web sites encrypt the traffic transmitted when logging into a Web site, indicated by the padlock on browsers, many then revert to passing unencrypted information during the rest of the session, a weakness security analysts have warned of for years, particularly for users of public open Wi-Fi networks. Firesheep identifies that unencrypted traffic and allows an interloper to “hijack” the session, or log into a Web site as the victim, with just a few clicks. The style of attack has been possible for a long time, but because of its simple design, Firesheep has given less-sophisticated users a powerful hacking tool. Zscaler’s The Blacksheep add-on, however, will detect when someone on the same network is using Firesheep, allowing its users to make a more informed security decision about their behavior while on an open Wi-Fi network, for example. Source: http://www.computerworld.com/s/article/9195398/Zscaler_develops_free_tool_to_detect_Firesheep_snooping

52. November 8, Computerworld – (International) Danger to IE users climbs as hacker kit adds exploit. An exploit of an unpatched Internet Explorer vulnerability has been added to a popular crimeware kit, a move that will likely push Microsoft to fix the flaw with an emergency update, a security researcher said November 7. Microsoft has warned users of its IE6, IE7, and IE8 browsers that hackers were already exploiting a vulnerability in the programs by tricking them into visiting malicious or compromised Web sites. Once at such sites, users were subjected to “drive-by” attacks that required no action by them to succeed. Symantec was the first to report the IE bug to Microsoft after the antivirus vendor captured spam posing as hotel reservation notifications sent to select individuals within several organizations. On November 7, the chief research officer of AVG Technologies said an exploit for the newest IE flaw had been added to the Eleonore attack kit, one of several readily-available toolkits that criminals plant on hacked Web sites to hijack visiting machines, often using browser-based attacks. Microsoft has promised to patch the vulnerability, but said the threat didn’t warrant an “out-of-band” update, the company’s term for a fix outside the usual monthly Patch Tuesday schedule. Microsoft will deliver three security updates November 9, but will not fix the IE bug then. Microsoft has urged IE users to enable DEP, or data execution prevention, for IE7, use IE8 or IE9, or run one of its automated “Fix-it” tools to add a custom CSS template to their browsers as protection until a patch is available. Source: http://www.computerworld.com/s/article/9195380/Danger_to_IE_users_climbs_as_hacker_kit_adds_exploit

53. November 8, ITWeb – (International) PayPal network problems worsen. PayPal’s recent outage was the result of a network hardware failure, and the problem worsened when the failover systems did not spring into action as designed, reported Fierce CIO. PayPal has more than 87 million active accounts in 24 currencies around the world. It is owned by e-Bay, who acquired the company for $1.5 billion in 2002. The outage illustrates the challenges inherent to maintaining a cloud-based system in which zero downtime is tolerated, with merchants and customers globally relying on PayPal to be able to complete orders and transfer funds. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=38514:paypal-network-problems-worsen&catid=69

54. November 8, The Register – (Ohio; National) Former student jailed for U.S. political hack attacks. A U.S. student began a 30-month sentence November 5 after he was convicted of using a network of compromised PCs he established to flood the Web sites of conservative politicians and pundits. The convict, 23, of Bellevue, Ohio, had earlier admitted launching denial of service (DoS) attacks against the sites between 2006 and March 2007, Security Week reported. He also copped to launching a DOS attack on the University of Akron, the university where he was enrolled at the time of the March 2007 attack. The assault knocked Akron offline for more than 8 hours, obliging a subsequent clean-up operation that cost the university $10,000. The convict was ordered to pay $10,000 in restitution to the university and a further $40,000 to BillO’Reilly.com. After he gets out of jail, he will spend a further 3 years on parole. The former student also admitted to harvesting personal data from compromised machines including user names, passwords, and credit card numbers. It is unclear how much, if anything, he raked in via fraudulent abuse of this information. It could be the compromised details were used to buy and facilitate his politically motivated hack attacks. Source: http://www.theregister.co.uk/2010/11/08/us_hacktivist_jailed/

55. November 8, Techworld – (International) Boonana Mac Trojan was ‘not Koobface’, says Microsoft. The widely-reported “Boonana” Trojan was a new piece of malware and had nothing directly to do with “Koobface,” Microsoft and other security companies reported 1 week after the event. However, according to Microsoft, ESET, and SecureMac, the similarity with Koobface does not appear to stretch beyond its general tactics and the fact that it attacks using Facebook and other social media sites. At a code level, what Microsoft now identifies as Trojan:Java/Boonana is a distinct piece of malware. The main significance of Boonana could be its Java design allows it to attack Windows PCs and Apple Mac computers, and at least run on Linux. Where the software hails from is unknown although one of its first actions on infecting computers is to try to contact a Russian FTP server. The fact Boonana is a distinct family of malware rather than a variant matters in a small but important way. A new branch of malware capable of attacking across operating systems suggests a new direction in malware innovation. If Boonana was a simple variant it might count more as a one-off experiment. Programming and platforms apart, Boonana’s use of Facebook shows social engineering skill is its real forte. Originally pushed with basic “watch this video” lures, the malware has subsequently tried more sophisticated messages, including one based on an apparent suicide notice. Source: http://news.techworld.com/security/3247749/

56. November 8, Phnom Penh Post – (International) Hacker hits state website. The Web site of the General Department of Mineral Resources of Cambodia has been periodically defaced by hackers, the latest in a number of similar attacks conducted against government Web sites since early 2010. A picture claiming “Hacked by Ashiyane” overlaying an image of Iran appeared on the department’s Web site November 7, before the site returned to normal by early afternoon. The director of ASC Information Security Consulting and Training, said a more aggressive stance by the public and private sectors towards information security would send more “reassuring signals”. Cambodia is presently conducting consultations on a cyber-crime law, but it would be difficult to prosecute hacking in the kingdom until a law was in place, the National ICT Development Authority secretary general said. “Not much can be done yet,” he said. “No law, no crime.” The latest vandalism follows a number of similar attacks staged against Cambodian government Web sites earlier this year. Source: http://www.phnompenhpost.com/index.php/2010110844562/National-news/hacker-hits-state-website.html

Communications Sector

57. November 8, IDG News Service – (National) FCC warns of looming wireless spectrum shortage. Mobile data traffic in the United States will be 35 times higher in 2014 than it was in 2009, leading to a massive wireless spectrum shortage if the government fails to make more available, the Federal Communications Commission (FCC) said in a paper released October 2010. About 42 percent of U.S. mobile customers now own a smartphone, up from 16 percent 3 years ago, and between the first quarter of 2009 and the second quarter of 2010, data use per mobile line grew by 450 percent, the paper said. The FCC expects smartphone use — and a corresponding increase in mobile data use — to continue to skyrocket, the FCC Chairman said. “If we don’t act to update our spectrum policies for the 21st century, we’re going to run into a wall — a spectrum crunch — that will stifle American innovation and economic growth and cost us the opportunity to lead the world in mobile communications,” he warned. In a national broadband plan released in March 2010, the FCC called for 300 MHz of spectrum to be made available for mobile broadband uses in the next 5 years, and an additional 200 MHz in the subsequent 5 years. Much of that spectrum would come from bands now controlled by the FCC or other government agencies, but 120 MHz would come from spectrum now owned but unused by U.S. television stations. Under the broadband plan, the stations would give back unused spectrum in exchange for part of the profits when the spectrum is sold at auction. The FCC would need congressional approval to hold these so-called incentive auctions. Source: http://www.computerworld.com/s/article/352502/FCC_Wireless_Spectrum_Shortage_Looms?taxonomyId=70

58. November 8, Bend Bulletin – (Oregon) Hackers chat for 26 hours on town’s dime. The city of Coos Bay, Oregon, has learned that hackers accessed the City Hall phone system and racked up more than 26 hours of phone calls to an overseas location last month. The city just found out about the breach two weeks ago. Police say an investigation showed the city’s previous security systems were inadequate but they have since been reinforced. Source: http://www.bendbulletin.com/apps/pbcs.dll/article?AID=/20101108/NEWS0107/11080311/1001/NEWS01&nav_category=NEWS01

59. November 6, Gaithersburg Gazette – (Maryland) Montgomery Village residents without phone, Internet. Verizon promised to have 240 landlines and Internet lines back in service by November 7 in Montgomery Village, Maryland. An outside contractor accidentally cut the lines while digging during traffic signal maintenance at Montgomery Village Avenue near Lost Knife Road, at the entrance to Lakeforest mall November 6, a Verizon spokeswoman said. The affected neighborhoods were Stedwick, Whetstone, and South Village. Verizon workers were able to find the completely severed cable about 5 feet underground, after pumping water from two manholes. Workers replaced about 15 feet of cable. The spokeswoman said the area should have been marked prior to digging, but apparently was not. Source: http://www.gazette.net/stories/11062010/montnew90715_32591.php

60. November 5, IDG News Service – (International) Report: Sprint rejected Huawei, ZTE for security concerns. Sprint Nextel turned down bids from ZTE and Huawei Technologies because of U.S. government concerns over possible dangers to national security from the Chinese vendors building critical infrastructure in the United States, the Wall Street Journal reported November 5. Sprint, the nation’s third-largest mobile operator, rejected ZTE and Huawei’s bids to modernize its network even though they were lower than those of three rival companies, the Journal reported. The other bidders were Ericsson of Sweden, Samsung Electronics of South Korea, and Alcatel-Lucent, which is based in Paris and incorporates the former U.S. telecom vendor Lucent. Some U.S. lawmakers have expressed concern over letting Huawei or ZTE participate in major infrastructure projects because of concerns over possible links with the Chinese government and military. They worry the Chinese military could use equipment from the companies to disrupt U.S. communications. The Journal reported that the U.S. Secretary of Commerce had called the Sprint CEO the week of November 1 to voice concerns about possible deals between Sprint and the two companies, though not to ask him to reject the companies’ bids. Source: http://www.computerworld.com/s/article/9195278/Report_Sprint_rejected_Huawei_ZTE_for_security_concerns

Monday, November 8, 2010

Complete DHS Daily Report for November 8, 2010

Daily Report

Top Stories

• The Austin American-Statesman reports that the Department of Defense has released recommendations for military installations to help identify threats and respond to them in response to last year’s deadly Fort Hood shooting. (See item 39)

39. November 4, Austin American-Statesman – (National) Security boosted at U.S. military posts. In the year since an Army major is accused of bringing two handguns and 400 rounds of ammunition onto Fort Hood in Fort Hood, Texas and shooting dozens of people in a busy medical processing building and killing 13 in the process, Army officials have taken steps to improve security on American military installations and ferret out similar threats from American soldiers. Department of Defense (DOD) officials are recommending an array of fixes aimed at identifying future threats at all U.S. military installations, and improving response time to incidents. Among the recommendations made by the U.S. Defense Secretary in response to an independent review of the shooting at Fort Hood are: bringing enhanced 911 services to military installations, which would notify dispatchers of call locations and broadcast emergency notifications to designated areas; strengthening background checks of recruits entering the military and foreign nationals working for the DOD abroad; conducting violence risk assessments for service members before and after they deploy; developing a policy to help commanders distinguish between “appropriate religious practices” and those that indicate the “potential for violence or self-radicalization”; and standardizing personal firearms policies, which vary by installation. Source: http://www.statesman.com/news/texas/security-boosted-at-u-s-military-posts-1022445.html

• According to SecurityNewsDaily, a top security expert said the massive set of undersea cables that make up global Internet infrastructure must be revamped because a malicious attack or natural disaster could jeopardize worldwide communications. See item 54 below in the Communications Sector

Details

Banking and Finance Sector

12. November 5, ABC Newspapers – (Minnesota) Anoka bank robbed Friday morning. Two African American males in their mid-20s to early 30s robbed the U.S. Bank at the corner of 7th Avenue and Tyler Street in Anoka, Minnesota, just after 6 a.m. November 5. There may be a third suspect, according to the Anoka police chief. Authorities are reviewing the bank’s video footage and plant to release photos to the media. The robbers were wearing dark-colored clothing, the police chief said. He noted U.S. Bank is offering a $50,000 reward for information that leads to arrests. According to the police chief, the two males were waiting for the U.S. Bank employee in the driveway of her home in Ramsey sometime after 6 a.m. They implied they had a gun and told her to drive them to her bank branch, the police chief said. After stealing an undisclosed amount of money, the robbers left. The FBI and the Anoka County Sheriff’s Office Criminal Investigation Division and crime lab responded. Source: http://abcnewspapers.com/2010/11/05/anoka-bank-robbed-friday-morning/

13. November 5, Empire State News – (International) Seven Israeli defendants charged in multi-million dollar lottery telemarketing fraud scheme. Federal prosecutors and the FBI announced the extradition from Israel to the United States of seven individuals, all residents of Israel, on charges relating to a lottery telemarketing fraud scheme through which they stole approximately $2 million from elderly victims in the United States between 2007 and September 2008. This is the largest number of Israeli citizens ever extradited to a foreign country in a single case. The defendants participated in a phony “lottery prize” scheme that targeted hundreds of victims, mostly elderly, throughout the United States. They identified victims by purchasing the names and contact information of U.S. residents who subscribed to sweepstakes lotteries from list brokers. They then contacted the victims and solicited information about their finances by falsely telling them they had won a substantial cash prize they would receive as soon as they paid the necessary fees and taxes. In reality, there was no lottery prize and the victims were ultimately robbed. All seven defendants were provisionally arrested in Israel in September 2008 based on the indictments. Source: http://www.empirestatenews.net/News/20101105-2.html

14. November 4, CNET News – (National) Firm finds security holes in mobile bank apps. A security firm disclosed holes November 4 in mobile apps from Bank of America, USAA, Chase, Wells Fargo, and TD Ameritrade, prompting a scramble by most of the companies to update the apps. “Since Monday [November 1], we have been communicating and coordinating with the financial institutions to eliminate the flaws,” research firm viaForensics wrote in a post on its site. “The findings we published reflect testing completed on November 3. Since that time, several of the institutions have released new versions and we will post updated findings shortly.” The company had reported its findings to The Wall Street Journal earlier in the day. On November 3, viaForensics went public with problems in PayPal’s iPhone app, spurring the online payment provider to action. Specifically, viaForensics concluded that: the USAA’s Android app stored copies of Web pages a user visited on the phone; TD Ameritrade’s iPhone and Android apps were storing the user name in plain text on the phone; Wells Fargo’s Android app stored user name, password, and account data in plain text on the phone; Bank of America’s Android app saves a security question (used if a user was accessing the site from an unrecognized device) in plain text on the phone; and Chase’s iPhone app stores the username on a phone if the user chose that option, according to the report. Source: http://news.cnet.com/8301-27080_3-20021874-245.html

15. November 4, Life Settlements Report – (Illinois) Illinois man defrauded investors in $1.9M life settlement scam, FBI says. A 42-year-old Illinois man was charged November 2 with allegedly defrauding more than $5 million from about 150 people, including raising $1.9 million from 25 investors in a life settlement scheme, according to the FBI in Chicago. The suspect was charged with three counts of mail fraud for swindling people who invested in funds he claimed to operate, according to the U.S. Attorney for the Northern District of Illinois and the FBI. He raised $1.9 million for the Elucido Fund, which claimed to invest in life settlements, and another $3 million from about 134 investors in the Moondoggie Fund, which purported to invest in the company’s stock and its reported development of a dual-sided computer monitor. He allegedly used the funds raised for the Elucido Fund to pay expenses of the so-called Maize Fund, made Ponzi-type payments to investors in the Moondoggie Fund, bought a $75,000-a-year sky box at the Indianapolis Colts’ football stadium and paid himself a $319,000 salary. He told investors in the Elucido Fund they could expect returns as high as 34 percent from investments in life settlements and viaticals, although he never purchased such contracts, the FBI said. Source: http://lifesettlements.dealflowmedia.com/wires/article.cfm?title=Illinois-Man-Defrauded-Investors-19M-Life-Settlement-Scam-FBI&id=vgefepxxornudkh

16. November 4, Wisconsin State Journal – (International) International sting nabs two men in Wisconsin for alleged computer virus scheme. Two Moldovan men who allegedly took part in a complex scheme to siphon millions of dollars out of American bank accounts were arrested November 3 in Wisconsin, and are to be shipped to New York to face charges. The two suspects appeared November 4 in U.S. District Court in Madison where they agreed to be sent back to New York City to face charges stemming from the use of computer viruses to raid bank accounts through the Internet. Thirty-seven people from Eastern Europe, including the two suspects, were charged in U.S. District Court in Manhattan September 30 for the scheme that led to the theft of about $3 million, mostly from small business and municipality accounts. The two suspects are each charged with conspiracy to commit bank fraud. One suspect is also charged with conspiracy to possess false identification. It is not clear what the suspects, both 21, were doing in Wisconsin. Source: http://host.madison.com/wsj/news/local/crime_and_courts/article_7f1ddf58-e870-11df-bf94-001cc4c03286.html

17. November 4, Network World – (National) Financial services firms expand online fraud defense. As guardians of wealth, financial-services firms have always been a high-value target for cybercrime, and with online banking and trading, banks find they have to work harder than ever to safeguard their operations. Tech-savvy gangs of cybercrooks have been stealing tens of millions over time by breaking into computers of online banking customers to install malware like the Zeus banking Trojan to make phony funds transfer requests to a bank, so the need for vigilance is only increasing. At Stillwater National Bank and Trust, the concern about the threat of cybercriminals hijacking customers’ PCs is enough to spur the Oklahoma-based bank to extend its security to a verification system that add use of automated phone calls to online banking customers to verify the funds requests they are making online are genuine. There’s a need to validate transfer requests beyond what the customer PC appears to be telling the bank because “with the endpoint PC, I just can’t control what they’re doing,” said the vice president of information security at Stillwater National Bank and Trust. Source: http://www.csoonline.com/article/633422/financial-services-firms-expand-online-fraud-defense

For another story, see item 47 below

Information Technology

47. November 5, The New New Internet – (International) Stock traders become targets for hackers exploiting mobile platforms. Once mobile online trading platforms become popular, the nature of the cyber-crime scene will most likely change, according to an Internet security expert. It is just a matter of time when Internet crime, which mostly has targeted personal computers, will expand to the mobile platform, according to a McAfee Labs Technical Product Manager. He outlined the possible threats to traders who use mobile platforms, including denial of service (DoS) attacks, session hijacking, cross-site scripting and SQL injection. When a lot of data is sent around the same time, systems are likely to slow down and block access to thousands of users, as seen with a DoS attack, he said. This is particularly crucial in trading sessions, where the price of stocks can fluctuate by the minute, he added. With session hijacking, the hacker can eavesdrop or pose as the legitimate user. If session hijacking takes place during an online stock trading, it can be dangerous as the details of the transaction are compromised. It could also mean the customer is dealing with a hacker, not his trader. Source: http://www.thenewnewinternet.com/2010/11/04/stock-traders-become-targets-for-hackers-exploiting-mobile-platforms/

48. November 4, CNET News – (National) Attack cause Intuit Web-hosting service outage. Intuit’s Web-hosting service for small businesses remained inaccessible for several hours November 4 — possibly due to a denial-of-service (DOS) attack, a customer service representative told CNET. The Web hosting service, at Intuit’s Web site, had been out at least 2 hours and would hopefully be back up by the end of the business day, the customer service rep said. Asked if it could be the result of a DOS attack, she said: “It’s looking like an attack.” Intuit spokespeople could not immediately confirm what the phone rep said, but said the sites were back up. However, checks by CNET employees on the West Coast and East Coast found the site was still down late in the afternoon November 4. Other Intuit sites remained accessible. Source: http://news.cnet.com/8301-27080_3-20021862-245.html

49. November 4, PC World – (International) Facebook and Twitter flunk security report card. Digital Society, a self-professed security think tank, has given failing security grades to both Twitter and Facebook. Both sites are vulnerable to attacks that can give someone partial or full control over one’s account, the group claimed. According to Digital Society, the main problem with Facebook and Twitter is that neither site allows full Secure Sockets Layer (SSL) protection. Both sites create unencrypted sessions for the user by default. Although the actual logins are encrypted, they’re not authenticated — which means one cannot pull up security information in one’s browser to verify the sites’ identities. Even if a user forces a secure session by going to the main sites for Twitter and Facebook, the sites still have links to non-secure parts of the site and JavaScript code that transmit authentication cookies without SSL, Digital Society found. These are not new concerns, but the news fits hand-in-hand with the release of FireSheep, a FireFox add-on that lets people with limited technical knowledge hijack other people’s Web accounts over unencrypted Wi-Fi networks. Digital Society’s report card essentially spells out what an attacker using FireSheep or another packet-sniffing program could accomplish. In Facebook, for instance, an attacker can gain access to every part of an account except username and password, allowing the attacker to send status updates and read private messages. Source: http://www.computerworld.com/s/article/9195021/Facebook_and_Twitter_Flunk_Security_Report_Card

50. November 4, Computerworld – (International) Google quashes 12 Chrome bugs, gives users early Flash fix. Google November 4 patched 12 vulnerabilities in its Chrome browser, all of them rated as high-level threats by the company’s security team. The patched version of Chrome also included an update to Adobe’s Flash Player, giving Google users an early fix for a critical flaw that hackers have been exploiting with rigged PDF documents. Adobe plans to release that Flash patch to users of other browsers later November 4. The dozen flaws fixed in Chrome 7.0.517.44 include a pair related to SVG (Scalable Vector Graphics), a collection of XML specifications for describing two-dimensional vector graphics; one in Chrome’s V8 JavaScript engine; and three involving aspects of the browser’s text handling. Google paid $7,500 in bounties to eight researchers who reported 11 of the 12 bugs, the most it’s awarded since mid-August when the company handed out $8,674. Source: http://www.computerworld.com/s/article/9194947/Google_quashes_12_Chrome_bugs_gives_users_early_Flash_fix

51. November 4, DarkReading – (International) New technique spots sneaky botnets. Researchers have devised a new method to root out botnets that try to hide behind alternating domain names. A research scientist said he and a team of colleagues came up with a prototype method of detecting botnets like Conficker, Kraken, and Torpig that use so-called DNS domain-fluxing for their command and control (C&C) infrastructure. The team created a method of studying in real-time all DNS traffic for domain-flux activity. The researchers presented their findings this week at the ACM Measurement Conference in Melbourne, Australia. Their method basically looks at the pattern and distribution of alphabetic characters in a domain name to determine whether it’s malicious or legitimate: This allows them to spot botnets’ algorithmically generated (rather than generated by humans) domain names. Bottom line: Given that most domain names are already taken, botnet operators have to go with gibberish-looking names like Conficker does: joftvvtvmx.org, gcvwknnxz.biz, and vddxnvzqjks.ws, which their bots generate. Source: http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=228200254

52. November 4, Data Center Knowledge – (International) Transfer switch glitch KOs iWeb customers. About 3,000 servers at Montreal, Canada Web host iWeb experienced an outage November 3 after a fire near the iWeb-CL data center prompted the company to shift the facility to generator power. All three generators started properly, but one of the transfer switches failed. Once UPS power was exhausted, a third of the data center wound up without power. Power was restored in about 1 hour, but at least 450 dedicated servers failed to restart properly and needed manual attention, according to the account of the incident on the iWeb blog. As of November 4, the last of the affected servers were being brought back online. The iWeb event was the fourth significant data center power outage this year in which an automatic transfer switch (ATS) failure was cited. The other three occurred in California, Arizona, and Virginia. When operating correctly, an ATS switches a facility’s electric power source from the utility grid to backup power, usually supplied by a diesel backup generator. Source: http://www.datacenterknowledge.com/archives/2010/11/04/transfer-switch-glitch-kos-iweb-customers/

Communications Sector

53. November 4, IDG News Service – (Texas; National) Researcher releases Web-based Android attack. A computer security researcher released code November 4 that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It was disclosed November 4 at the HouSecCon conference in Houston by a security researcher with Alert Logic. The researcher said he has written code that allows him to run a simple command line shell in Android when the victim visits a Web site that contains his attack code. The bug used in the attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. “We’re aware of an issue in WebKit that could potentially impact only old versions of the Android browser,” a Google spokesman confirmed in an e-mail. “The issue does not affect Android 2.2 or later versions.” Version 2.2 runs on 36.2% of Android phones, Google says. Older phones such as the G1 and HTC Droid Eris, which may not get the updated software, could be at risk from this attack. Android 2.2 is found on phones such as the Droid and the HTC EVO 4. Source: http://www.computerworld.com/s/article/9195058/Researcher_releases_Web_based_Android_attack

54. November 4, SecurityNewsDaily – (International) Web’s undersea cables need revamp to prevent catastrophe. The massive set of undersea cables that makes up the infrastructure of the Internet needs to be revamped to ensure security during a crisis, according to a top security expert. “At the national level, it’s been implemented — the most important communications get through. But other countries don’t have the capability to communicate across borders” in an emergency, explained a Distinguished Fellow at the EastWest Institute, who was instrumental in forming the U.S. strategy for communications-infrastructure protection following the calamity of September 11. This bottlenecking comes partly as result of the spectacular — and speedily growing — amount of bandwidth consumed throughout the world every day, the fellow told SecurityNewsDaily. While it is common to think of the Internet as an amorphous entity that is always available, there are actual “geographical choke points” — physical locations where the undersea cables that make up the global Internet infrastructure receive such heavy volumes of information that Web traffic literally gets backed up or stopped, like a freeway that narrows to a single lane. He identified three major choke points as the Luzon Strait near Taiwan, the Strait of Malacca, and the Red Sea. If any of those sets of cables were compromised by either natural disaster or malicious attack, worldwide Internet and phone communication would be highly jeopardized, he said. Source: http://www.livescience.com/technology/internet-undersea-cables-101104.html