Thursday, March 29, 2012

Complete DHS Daily Report for March 29, 2012

Daily Report

Top Stories

• The San Onofre nuclear plant near San Diego will remain shut down while investigators try to discover what is causing the rapid decay of generator tubing that carries radioactive water. – Associated Press

6. March 28, Associated Press – (California) Feds: State nuke plant to remain shut for probe. The San Onofre nuclear plant near San Diego will remain shut down while investigators try to solve a mystery inside its massive generators — the rapid decay of tubing that carries radioactive water, federal regulators said March 27. A four-page letter to plant operator Edison from the Nuclear Regulatory Commission regional administrator laid out a series of steps the company must take before restarting the seaside reactors, underscoring the concern over the unusual degradation in the tubes. The administrator wrote that the problems in the generators must be resolved and fixed and “until we are satisfied that has been done, the plant will not be permitted to restart.” The plant’s 4 steam generators each contain nearly 10,000 alloy tubes that carry hot, pressurized water from the reactors. The Unit 3 reactor was shut down as a precaution in January after a tube break, and extensive wear was found on similar tubing in its twin, Unit 2, which has been shut down for maintenance. Source: State nuke plant to remain shut for probe

• The Securities and Exchange Commission sued a former United Commercial Bank vice president, accusing him of creating false records that contributed to the bank’s failure. The collapse cost the federal government $2.5 billion. – Bloomberg See item 9 below in the Banking and Finance Sector.

• A section of railroad in northeastern Indiana that carries up to 100 trains per day was shut for a second day while crews contended with a chemical fire caused by a train derailment. – Fort Wayne Journal Gazette

14. March 28, Fort Wayne Journal Gazette – (Indiana) Derailment, fire prompt evacuation near Ligonier. Officials said a heavily traveled stretch of railroad in northeastern Indiana would likely be closed through March 28, a day after a freight train derailed and spewed molten sulfur that caught fire. Firefighters were still at the site near Ligonier March 28 monitoring the fire caused after 21 cars of the eastbound 59-car Norfolk Southern train derailed. The Noble County sheriff said firefighters decided to let the cars burn because water could wash the chemical into the Little Elkhart River. He said the fire was expected to burn until at least noon March 28. Up to 100 trains, including two Amtrak passenger trains, use the route daily, Norfolk Southern said. It said that trains that normally use the route have been rerouted with other carriers and alternate routes. The train that derailed had 3 locomotives, 43 cars loaded with freight, including 11 with hazardous materials such as molten sulfur and toluene, and 16 empty freight cars. The derailment forced detours of two Amtrak trains carrying about 400 passengers combined. It also forced the evacuation of about six homes in the rural area. Source:

• For the second time in 6 months, researchers from Kaspersky Lab led an operation to take down the newest iteration of the Kelihos botnet. The bot is used to send spam, carry out distributed denial-of-service attacks, and steal online currency. – Threatpost See item 36 below in the Information Technology Sector.


Banking and Finance Sector

9. March 27, Bloomberg – (California; National) SEC sues former United Commercial Bank executive. The Securities and Exchange Commission (SEC) sued a former United Commercial Bank vice president (VP) March 27, accusing him of creating false records tied to the defunct San Francisco-based bank’s evaluation of loan risks. United Commercial, a unit of UCBH Holdings Inc., was seized by regulators in November 2009. It failed following the 2008 credit crisis and caused a $2.5 billion loss to the Federal Deposit Insurance Corporation’s insurance fund, according to the SEC. The VP was in charge of the bank’s commercial banking division, the SEC said. The VP, taking orders from his superiors during the financial crisis, “misstated and omitted material information in documents provided to the bank’s independent auditors,” the SEC said in its complaint. He “altered memoranda addressing the risks associated with certain large loans and the potential losses the bank faced from the loans,” which auditors relied on, according to the complaint. Three former executives at the bank were sued by the SEC in 2011 over claims they misled investors by concealing at least $65 million in loan losses before the lender collapsed. Source:

10. March 27, Burlington Free Press – (Connecticut; Vermont) Chiropractor pleads not guilty to $28 million investment fraud scheme. A Connecticut chiropractor was accused of being a silent partner, but prime beneficiary, in an alleged $28 million investment fraud scheme, the Burlington Free Press reported March 27. A renowned Vermont storyteller was a central fundraiser in the case. According to a federal indictment, the chiropractor induced the Vermont man to raise $28 million for for a still-unreleased film. The chiropractor, who was arrested in Connecticut the week of March 19, pleaded not guilty to an 18-count indictment March 27 in a U.S. district court in Burlington, Vermont. He is facing nine wire fraud counts, five mail fraud counts, three money laundering counts, and a single conspiracy count. Court documents allege that most of the investor money the Vermonter raised for the film went to pay off earlier investors. Some of the remainder went into the film project, but an estimated $3.8 million was diverted to the chiropractor. The Vermont man pleaded guilty the week of March 19 to conspiracy to commit wire fraud, and one count of filing a fraudulent tax document. He has agreed to cooperate with the government’s case. Source:

11. March 27, Manchester Union Leader – (New Hampshire) Prosecutors: NH mortgage scam stiffed homeowners. A man accused of running a mortgage scam that duped dozens of people into believing they were saving their homes while he pocketed loan proceeds that he never repaid was on trial March 27 in a U.S. district court in New Hampshire. According to an indictment, the man approached people who were struggling to make mortgage payments from 2005 to 2008. He would offer to take the deed to their property while allowing them to stay in the home. According to prosecutors, part of his scheme would have them pay rent while offering them an option to buy their homes back in 2 years. Instead, he leveraged the properties to take out more loans and would also use agents, or “straws,” who would pose as purchasers and take out mortgages to buy homes from the man’s companies. The loans, which totaled more than $13 million, were never repaid, prosecutors allege. The defendant paid associates and straws with the money, and pocketed much of it, spending it for personal expenses. “When [he] later defaulted on the mortgages and the homes went to foreclosure, the distressed homeowners were not notified because the straws were the owners of record,” the indictment alleged. Meanwhile, the defendant continued collecting rent payments from the homes’ former owners, the indictment said. Source:

For more stories, see items 36 and 39 below in the Information Technology Sector.

Information Technology

35. March 28, Threatpost – (International) Adobe patches Flash Player, unveils new silent updater. Adobe released a security update for its Flash Player March 28, patching two critical holes and introducing a new silent update option. The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux, and early Android builds that could lead to remote code execution according to a bulletin (APSB12-07). Users updating to 11.2 on Windows machines will notice a new background updater for Flash that has been shipped with the patch. After users update Flash, they will be asked how they want to receive Adobe updates going forward. The updater gives three options, including one that will automatically install updates in the background. If selected, the updater will check with Adobe every hour until it receives a response. If there is no available update, the updater will check back 24 hours later. Source:

36. March 28, Threatpost – (International) Kaspersky knocks down Kelihos botnet again, but expects return. For the second time in 6 months, researchers from Kaspersky Lab carried out an operation to take down the newest iteration of the Kelihos botnet, also known as “Hlux.” Microsoft and Kaspersky worked together in September, 2011, on the first Kelihos take-down. The bot then resurfaced in January only to be shut-down again in March by a combination of private firms including Kaspersky, Dell Secure Works, and Crowd Strike Inc. Kelihos is used to send spam, carry out distributed denial-of-service attacks, and steal online currency such as bitcoin wallets. It operates as a “peer-to-peer” bot network, which are more difficult to take down than those with centralized command and control (C&C) servers, according to a senior researcher at CrowdStrike. Peer-to-peer botnets are distributed, self-organizing, and may have multiple command and control servers that disguise themselves as peers. In Kelihos’s case, there were three C&C servers and each had two unique IP addresses, he said. Source:

37. March 28, H Security – (International) Opera 11.62 closes security holes. Opera released version 11.62 of its Web browser. This maintenance update fixes a number of bugs, improves overall stability, and closes seven security holes, five of which affect all supported platforms. Two of the vulnerabilities are rated as “high” severity and could be exploited by an attacker to download and execute a possibly malicious file. This is done by tricking a victim into clicking a hidden dialogue box or by entering a specific keyboard sequence. Three other problems rated as “low” severity, including an address-spoofing bug, an address-bar problem and a cross-domain information disclosure bug, were also fixed. A moderate vulnerability affecting Opera for Mac and a low risk bug on Linux/Unix were also corrected. Source:

38. March 28, H Security – (International) Critical Java hole being exploited on a large scale. Criminals are increasingly exploiting a critical hole in the Java Runtime Environment to infect computers with malicious code when users visit a specially crafted Web page. According to a security blogger, the reason for this increased activity is that the arsenal of the BlackHole exploit kit has been extended to include a suitable exploit. The hole patched by Oracle in mid-February allows malicious code to breach the Java sandbox and permanently anchor itself in a system. Varying types of malware are injected; for example, it is believed the hole is exploited to deploy the Zeus trojan. According to an analysis by Microsoft, the dropper is distributed across two Java classes. The first class exploits the vulnerability to elevate its privileges when processing arrays, and then executes a loader class that will download and install the payload. Users can protect themselves by installing or updating to one of the current Java releases: Java SE 6 Update 31 or version 7 Update 3. Source:

39. March 27, Threatpost – (International) Carberp: It’s not over yet. March 20, Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp trojan. Evidently, those arrested were just one of the criminal gangs using the trojan. At the same time, those who developed Carberp are still at large, openly selling the trojan on cybercriminal forums. There are still numerous “affiliate programs” involved in the distribution of Carberp, particularly “traffbiz(dot)ru.” In short, those responsible for developing Carberp remain at large and the cybercriminal gangs using the trojan remain active. Source:

40. March 27, Dark Reading – (International) Malware to increasingly abuse DNS. Security researchers have looked at ways to abuse the domain-name service (DNS) for years. Now, some researchers are warning the protocol may increasingly be used to help criminals communicate with compromised systems. At the RSA Conference in February, a senior security consultant with InGuardians predicted more malware would hide its commands and exfiltrated data in DNS packets. The advantage for malware writers is that, even if a company bars a potentially infected computer from contacting the Internet, malware could send DNS requests to a local server, which would then act as a proxy, bypassing defenses. To date, the tactic has been relatively rare: Perhaps a dozen malware variants have used the domain-name system to send commands and updates to botnets. Source:

41. March 27, CNET News – (International) New exploit uses old Office vulnerability for OS X malware delivery. Some malware groups have recently been found to be taking advantage of an old, patched vulnerability in Microsoft Office for OS X in an attempt to spread command-and-control malware to OS X systems. The vulnerability used in the attack was outlined in a Microsoft security bulletin in June 2009, which applied to all versions of Office 2004 version 11.5.4 or earlier, Office 2008 version 12.1.8 or earlier, and OpenXML Converter 1.0.2 or earlier. The vulnerability was patched soon after it was found and currently all supported Office programs are well beyond these versions. However, malware developers are attempting to exploit unpatched systems. These efforts mark the first time Office documents have been used as a vehicle for attacks in OS X. For this attack to work, a person would need to open a maliciously crafted Word file that has likely been distributed via spam and other suspicious means that could easily be avoided. When a maliciously crafted Word file is opened in an unpatched version of Word for Mac, it runs a script that writes the document’s malware payload to the disk and executes a shell script that runs the malware. In addition, it displays a Word document containing a poorly formatted political statement about Tibetan freedoms and grievances. Source:

For another story, see item 42 below in the Communications Sector

Communications Sector

42. March 28, Taos News – (New Mexico) Gunshot blamed for Taos cell phone, Internet outage. A gunshot was identified as the cause of a cell phone and Internet outage that affected an estimated 7,800 residents in Taos, Questa, Penasco, Red River, Eagle Nest, Angel Fire, Cimarron, and Raton, New Mexico. The outage began just before 7 p.m. March 24. Service was restored by midday March 25. The loss of service was the result of a bullet that apparently cut an overhead fiber optic cable owned by CenturyLink. Several Internet providers and cell phone companies that serve Taos lease space on the same cable. E-mailed outage updates provided by the Public Regulation Commission showed CenturyLink reported that 7,774 residential, business, and government customers were impacted by the cut line. Outage updates from CenturyLink stated that mobile phone customers with Verizon, AT&T, and Sprint all went without service because of the break. Source:

For another story, see item 35 above in the Information Technology Sector

Wednesday, March 28, 2012

Complete DHS Daily Report for March 28, 2012

Daily Report

Top Stories

A freight train hauling hazardous materials derailed in rural Indiana, causing a tanker to burst into flames, prompting the evacuation of several nearby homes, and delaying two large passenger trains. – Associated Press

3. March 27, Associated Press – (Indiana) Freight train derails, catches fire in NE Indiana. A freight train hauling hazardous materials derailed in rural northeastern Indiana March 27, causing a tanker to burst into flames, and prompting the evacuation of several nearby homes. Twenty-two cars came off the rails near Ligonier. A tanker containing liquid sulphur caught fire and firefighters decided to let it burn because dousing it with water could wash the chemical into the Little Elkhart River, the Noble County sheriff said. The fire was still ablaze after more than 5 hours and it was not clear how long it would continue. A second tanker carrying the gasoline additive toluene was also derailed. Forty-three of the train’s 59 freight cars were loaded, said a Norfolk Southern spokesman. Crews used heavy trucks to lift the derailed cars back onto the track. The sheriff said he did not believe chemicals were reaching the river because they were flowing into stagnant water. He said four cars were leaking chemicals, but officials did not believe they were toxic. A spokeswoman for the Indiana Department of Environmental Management said the area around the track is a wetland that feeds into the Little Elkhart, but said they did not see any impact on aquatic life or waterfowl. She said authorities evacuated residents within a half-mile area. The sheriff said about six homes were evacuated. The Agency for Toxic Substances and Disease Registry Web site said exposure to high levels of the two chemicals that spilled from the derailed cars could cause serious injury or death. More than 300 Amtrak passengers traveling on 2 trains to Chicago were stranded for 3 hours in Ohio as the derailment closed the tracks along the way. Source:

Web sites that offer consumers a chance to see their credit reports are being used by hackers to steal information, according to Internet security researchers. – MSNBC See item 18 below in the Banking and Finance Sector.

• Federal safety regulators are investigating 4,000 buses made over the past 20 years after equipment failures led to crashes that killed 2 people and injured 50 others. – Associated Press

21. March 26, Associated Press – (National; International) Feds probe bus defect that may have caused crashes. Federal safety regulators have begun investigating buses made by Motor Coach Industries Inc. over the past 20 years because the drive shafts can fall out and cause drivers to lose control. The problem has led to two crashes that killed 2 people and injured 50 others, said documents filed March 26 on the National Highway Traffic Safety Administration’s (NHTSA) Web site. The probe covers about 4,000 MCI D-Series buses with a steerable rear axle made from 1992 until 2012. Schaumburg, Illinois-based MCI said on its Web site it is the leading maker of intercity buses in the United States and Canada. The probe stems from a complaint filed with the NHTSA by transportation company FirstGroup America, parent of Greyhound bus lines. The company said several drive shafts failed on MCI buses starting March 2010, and the shafts were not held up by safety loops that are supposed to keep them in place. In two cases, drivers lost control, causing multiple injuries and fatalities, the complaint said. Source:

• Information technology supply chains of federal agencies that deal with national security data and programs are vulnerable to malicious or counterfeit software, a new U.S. government report said. – Nextgov

41. March 23, Nextgov – (National) Malicious code in the IT supply chain threatens federal operations. Agencies that deal with national security data and programs must do more to secure their information technology supply chains, said a report released by the Government Accountability Office (GAO) March 23. Federal agencies are not required to track “the extent to which their telecommunications networks contain foreign-developed equipment, software or services,” the report said, and they typically are aware only of the IT vendors nearest to them on the chain, not the numerous vendors downstream. That has left IT systems at the Energy, Homeland Security, and Justice departments more vulnerable to malicious or counterfeit software installed by other nations’ intelligence agencies or by non-state actors and hackers. U.S. enemies could use the software to secretly pull data from government systems, erase or alter information on those systems, or even take control of them remotely. The Justice Department has identified measures to protect its supply chain, but has not developed procedures to implement those measures, the report said. Energy and Homeland Security have not identified measures to protect their supply chains at all, according to the GAO. It also examined the Defense Department, which it said had designed and effectively implemented a supply chain risk management program. Defense has reduced its supply chain risk through a series of pilot programs and expects to have “full operational capability for supply chain risk management” by 2016, the report said. The U.S. Computer Emergency Readiness Team inside the DHS found about one-fourth of roughly 43,000 agency-reported security incidents during fiscal 2011 involved malicious code that could have been installed somewhere along the supply chain, the GAO said. The report recommended that Energy and Homeland Security officials develop and implement firm procedures to protect against supply chain threats. The departments largely agreed with the GAO’s assessments, the report said. Source:

• Fire management officials battled an uncontrolled wildfire in Jefferson County, Colorado, that killed 2 people, scorched more than 4,500 acres, and burned 16 structures. – Denver Post (See item 52)

52. March 27, Denver Post – (Colorado) Colorado wildfire: New spot blaze prompts warnings to 6,500 homes. Authorities have sent out a pre-evacuation notice to 6,500 homes after a spot fire flared up one mile northwest of Waterton Canyon in Colorado, March 27. The homes are just north of the uncontrolled Lower North Fork Fire in Jefferson County where 4,500 acres have burned and two people have died. Several helicopters and tankers were being flown in to Jefferson County to drop water and flame retardant on the wildfire. Investigators said a second person was found dead within the Lower North Fork Fire zone, and they were searching for a third person unaccounted for in the same area. The Jefferson County Sheriff’s Office said the fire has burned 16 structures. Fire crews were bracing for a wind-swept day with winds expected up to 45 mph. About 900 telephone notifications telling residents to evacuate their homes were made March 26. Most of the homes destroyed were in the northeast section of the fire. About 25 evacuees stayed at a shelter at Conifer High School, March 26. Some chose to spend the night in their vehicles, in the parking lot to be with their pets. The Federal Emergency Management Agency has authorized the use of federal funds to help with firefighting costs, a spokesman said. Source:


Banking and Finance Sector

12. March 27, San Antonio Express-News – (Texas; California; International) Bogus plastic used at high-end stores. Fraudsters dressed like tourists have been shopping at high-end stores on San Antonio’s northwest side, buying iPods, iPhones, computers, and designer clothes, among other luxuries, according to authorities, the San Antonio Express-News reported March 27. Agents with a U.S. Secret Service-led task force have arrested 3 men from Mexico’s capital who possessed more than 200 fake credit cards. Court records show they had been in San Antonio a few times before, making similar weekend trips for products they could sell back home. The men were indicted the week of March 19 on credit card fraud charges carrying penalties of up to 20 years. The case came to a head in February when U.S. Customs and Border Protection, helped by the South Texas Regional Task Force, tracked packages delivered to San Antonio from Mexico, with two of the suspects as the recipients. The agents found one suspect with 99 fake credit cards, a second with 52, and the third with 56, the indictment said. A criminal complaint said one suspect admitted he had made four trips to make fraudulent purchases, while another admitted he traveled to San Diego twice and to San Antonio three times for fake card sprees. The men told investigators they bought the fake cards in Mexico. The special agent in charge of the Secret Service in San Antonio said whoever made the cards encoded them with stolen numbers. Source:

13. March 27, U.S. Department of the Treasury – (International) Treasury targets Iranian arms shipments. The U.S. Department of the Treasury March 27 announced the designation of an Iranian cargo airline, Yas Air; Behineh Trading; three Iranian Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) officials; and one Nigerian shipping agent – all pursuant to Executive Order 13224 for acting for, on behalf of, or providing support to, the IRGC-QF, a designated terrorist entity. The airline, the trading company, and the IRGC-QF officials were involved, respectively, in shipments of weapons to the Levant and Africa, further demonstrating Iran’s determination to evade international sanctions. Based in Tehran, Yas Air is an Iranian cargo airline that acts for or on behalf of the IRGC-QF to transport illicit cargo – including weapons – to Iran’s clients in the Levant. Yas Air has moved IRGC-QF personnel and weapons under the cover of humanitarian aid. Behineh Trading and the Nigerian agent were involved in a weapons shipment seized in Nigeria in late October 2010. This weapons shipment – orchestrated by the IRGC-QF and intended for The Gambia – is part of a larger pattern of Iranian lethal aid shipments to clients in Africa and around the world. Source:

14. March 26, Dow Jones Newswires – (National) JP Morgan Chase says banking Web site issues resolved. J.P.Morgan Chase & Co. said its consumer banking Web site experienced technical difficulties March 26 that slowed online banking for several hours, and intermittently made access to the site unavailable, including through mobile devices. However, the bank said the issues had been resolved by the early afternoon. At issue was a glitch related to an upgrade made over the weekend of March 24, a spokesman said. The bank sent a social media alert via Twitter at around 10 a.m. saying it was “working to restore access ASAP & will keep you updated.” Online services continued to be spotty until about 1 p.m. Technology in Chase bank branches was not impacted. Source:

15. March 26, FBI – (Missouri) Car dealership owner pleads guilty to multi-million-dollar bank fraud conspiracy. A U.S. attorney has announced that the owner of several used car dealerships in the Kansas City, Missouri metropolitan area pleaded guilty in federal court March 26 to his role in a bank fraud conspiracy that resulted in losses of millions of dollars by several financial institutions. Between May 2000 and February 2009, the man operated several used car dealerships including Better Than New Automobiles LLC, On Time Auto, and Hart Family Motors. He and others obtained loans and lines of credit from various financial institutions in connection with vehicles. He admitted he provided false and fraudulent financial data to obtain loans and lines of credit. He also admitted he obtained multiple loans in which the same vehicle was pledged as collateral. He also said he and his wife borrowed more than $1 million from First Missouri National Bank between November 15, 2006 and March 26, 2008. They provided copies of their 2004 and 2005 income tax returns to the bank. However, the plea agreement said they did not actually file those returns until 2009. The filed returns were materially different from those submitted to the bank in support of their loan application, claiming a much lower adjusted gross income. The government believes the loss attributed to the man is between $2.5 million and $7 million. Source:

16. March 26, Associated Press – (New York; International) Guilty plea entered in NY online poker case. One of two men nearing trial in a case that shut down U.S. operations for three Internet poker companies has admitted he conspired with others to deceive U.S. financial institutions so they would process hundreds of millions of dollars in gaming transactions. The defendant entered his guilty plea March 26 in a U.S. district court in Manhattan to a count of conspiracy to commit bank fraud and to operate illegal gambling businesses. A plea deal reached between prosecutors and the defendant recommends a sentence of 6 months to a year in prison. He also agreed to forfeit $500,000 along with his interest in more than $25 million held in payment-processing accounts in the United States and abroad. Prosecutors have sought $3 billion in money laundering penalties and forfeiture after targeting three companies based overseas: PokerStars, Full Tilt Poker, and Absolute Poker. The defendant admitted serving as a payment processor for all three companies at various times from 2008 through early 2011. The government said he and others created phony corporations and Web sites to disguise payments to the poker companies. Source:

17. March 26, KGTV 10 San Diego – (California) Woman says she stole from ATMs after cartel threat. A couple is facing at least 4 years in prison for allegedly stealing $150,000 from a Chula Vista, California bank. Local prosecutors said the scheme had the woman stealing money from automated teller machines at the Chase Bank where she was the lead teller. It was her responsibility to stock the machines with money. According to a search warrant, the woman stole upwards of $150,000 from three ATMs at the bank during a 4-month stretch in 2010. In November 2010, an audit was done incorrectly on one of those machines. An investigation revealed the woman was allegedly overstocking the ATMs and skimming off the top. The search warrant said she admitted taking $150,000 from the machines, but she and her husband said they did it to protect their daughter. The search warrant said: “[They] claimed they had been approached by a male who identified himself as a member of a Mexican drug cartel. The male threatened to kidnap [their] 14-year-old daughter unless they paid the cartel $150,000.” Each member of the couple is facing multiple felonies including grand theft and conspiracy. Source:

18. March 26, MSNBC – (International) Hackers turn credit report websites against consumers. The most important tool consumers have to fight against identity theft has been turned against them by hackers, MSNBC reported March 26. Web sites that offer consumers a chance to see credit reports are being brazenly used by hackers to steal information. The prices of the reports rise and fall depending on the credit score of the victim. For consumers with credit scores in the 750s, report data might fetch $80; reports from victims with scores in the low 600s sell for about half that, according to “for sale” pages viewed by MSNBC. The most troubling part of these markets however –- many hosted in the .su domain, which stands for the now-defunct Soviet Union –- is the ready availability of credit reports and the hackers’ bragging about how easy it is to infiltrate Web sites such as or Criminals with stolen credit cards can obtain background reports, credit reports, and ultimately open new accounts using the data, a researcher with Internet security firm said. In one how-to posted on a bulletin board, a hacker describes one brute-force attack used to gain access to credit report Web sites. Most sites are protected by “challenge” questions such as, “Which bank holds the mortgage on your home?” But there us a critical flaw, the hacker said: “Normally all ... of them will ask you the same question,” the hacker wrote. Because the sites use the multiple choice format, it is easy to use the process of elimination and determine the correct answers, he claims. Source:

Information Technology

43. March 27, – (International) LulzSec hackers return to target CSS Corp and military dating sites. Hacker group LulzSecReborn targeted CSS Corp and Military Singles’ sites, publishing data reportedly taken in the cyber raid online. The hackers claim to have obtained the e-mail details for all staff at IT services firm CSS Corp, and published some details online. Prior to the attack March 25, LulzSecReborn published what it claims are the names, usernames, passwords, and e-mails of 170,937 accounts on The group has since suggested it still has access to the two sites’ networks and could delete CSS’s information at will. LulzSecReborn said it is not affiliated with the original LulzSec group and has no knowledge regarding the authenticity of LulzSec’s rumored April 1 return. Source:

44. March 26, Dark Reading – (International) FTP ubiquitous and dangerously noncompliant. FTP servers might be easy to provision and a convenient means for users to share information across corporate boundaries, but the way most organizations use the protocol introduces unnecessarily high levels of security and compliance risks to organizations. Despite the risks, a new survey shows that more than half of enterprises still depend on insecure and non-compliant FTP connections to collaborate with business partners and customers. Not only do insecure FTP deployments make organizations more prone to detection by regulatory auditors, but as several high-profile incidents over the last year demonstrated, they are very likely to expose sensitive information stores. Source:

45. March 25, ZDNet – (International) Study: More than 50% of Global 500 use vulnerable open source components. According to a joint research report issued March 25 by Sonatype and Aspect Security, more than 50 percent of the world’s largest corporations have open source applications with security vulnerabilities. That is because more than 80 percent of software applications built in-house by enterprise developers incorporate open source components and frameworks that may be vulnerable. The report — based on a survey of 2,550 developers, architects and analysts — maintains that the widely held view that open source software is consistently high quality “overlooks ecosystem flaws,” chiefly the lack of a notification system alerting developers about vulnerabilities and new versions with fixes. Source:

For more stories, see items 14, 16 and 18 above in the Banking and Finance Sector and 41 above in the Top Stories

Communications Sector

46. March 26, WBNG 12 Binghamton – (New York) Phone service interruptions for Southern Tier. TW Telecom said March 26 its crews were out trying to fix a damaged line that left customers in the Oneonta, Johnson City, and Norwich, New York areas without landline phone service. The company said the outage was impacting some of its TW Telecom customers, primarily business customers. TW Telecom said it was not sure where, but somehow a fiber line was cut in the region. Most service was restored through rerouting calls. Emergency service providers and hospitals were attended to first. Source:

47. March 26, Taos News – (New Mexico) Major cell phone and internet failure reported in Taos County. At 6:50 p.m. March 24 cell phones all over Taos, New Mexico, suddenly went dead. Then, reports started coming in that Internet services also were down. Land line telephones, however, appeared to not be affected. According to a recorded message at TaosNet, a local Internet service provider, the incident was termed a “major circuit outage ... affecting all circuits out of Taos.” According to a TaosNet spokesman, the outage was due to a CenturyLink cable that was severed 17 miles east of Taos. It is not known at this time what caused the line to be cut. Taos police dispatch said March 24 that calls started pouring in sometime after 7 p.m. from concerned citizens unable to use their cell services. Some of their own services were being routed through Red River. The TaosNet spokesman said CenturyLink was working to have the line fixed by March 25. Source: