CA warns that the bot has been revised to be more resistant to reverse engineering and more focused:

The latest Zeus bot configuration contains list of targeted financial institution from Spain, Germany, United Kingdom, and USA. The previous versions contains all the list of financial institutions from different countries around the world, while the new version only contains two targeted countries and currently paired as: Spain-Germany and UK-USA

One could guess that these targets are derived from the success of past bot versions. Attackers are evolving their product for better return margins.

The State of California, like most states, is struggling with their budget. Police departments are announcing layoffs and other tough decisions to save money. Meanwhile, well-paid information security positions are open to hire.

Here is an example from Alameda County:

FORENSIC COMPUTER EXAMINER II
$82,264.00 – $99,195.20 Annually

Forensic Computer Examiners are non-sworn employees of the Sheriff’s Office who work in the Digital & Multimedia Evidence Unit of the Criminalistics Laboratory and investigate and analyze digital evidence by performing hardware, software and virtual analyses of digital evidence in the criminalistics laboratory and in the field. They process and analyze digital evidence including disassembly of computer hardware; forensic imaging of digital media; examination of data related to criminal offenses; recovery of data from cellular telephones; and perform related duties as required. The Forensic Computer Examiner will interpret the results of their findings to law enforcement officers/attorneys, prepare materials for presentation in court, appear as an expert witness, and perform other related duties.

PDF of their recruitment brochure.

Note the cellular telephone requirement. I am certain that anyone who works with technology near Oakland will need to be very familiar with SIMs and the 1.8″ ZIF…

Disclaimer: I was asked to post this

BlueTooth is said to be at the heart of a gas station credit-card scam in the Southeast

Thieves are stealing credit-card numbers through skimmers they secretly installed inside pumps at gas stations throughout the Southeast, using Bluetooth wireless to transmit stolen card numbers, according to law enforcement officials.

“We’ve sent detectives out to every gas station within a mile of Interstate 75,” says Lt. Steve Maynard, spokesman for the Alachua County Sheriff’s Office

I suspect the “mile of Interstate” alludes to how the attackers are collecting the data.

It could be a dead-drop architecture instead, however. An attacker would come to a station and pickup all the numbers stored in the skimmer.

One of the biggest problems with payment card readers is how different they are from the surface of the device they are installed into. If the device had a flush/smooth surface it would be far easier to detect a skimmer or other device placed over the reader.

This attack shows how even a smooth and secure surface appearance may be bypassed. The attackers are said to have keys to get to the inside of the pump.

Maynard says criminals wanting to hide the credit-card skimmers in gas pumps must have a key to the pump, but in some cases, a single key will serve to get into many gas pumps. It’s not known whether the gas-pump skimming operation involves insiders. Law enforcement is encouraging gas-station operators to train video surveillance they may use on the pumps.

The need for monitoring capabilities is much higher when keys are non-unique. The device should notify the owner the date/time it has been opened. Surveillance of an area accepting payment is also a step to consider. These two combined would significantly assist an investigation.

Another good idea would be to start to require wireless monitoring around payment systems. This could be tricky at a pump station, since so many other BlueTooth devices could be present. My guess is a signal would still appear as too consistent to be payment related; it would be detected through off-peak or closed hours.

Wireless monitoring is not far-fetched. It is already required for anyone who needs to be PCI compliant. ATMs are increasingly wireless devices, so the technology is already being installed. They simply need to have detection capabilities added, and monitoring of course.