Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 28, 2008

Complete DHS Daily Report for November 28, 2008

Daily Report

Headlines

 The Associated Press reports that a part-time assistant harbor master on Cape Cod has been charged by federal authorities with pretending to be an armed federal agent so he could bypass security at Logan International Airport in Massachusetts. (See item 11)

11. November 26, Associated Press – (Massachusetts; National) Cape Cod harbor master charged with being fake fed. A part-time assistant harbor master on Cape Cod has been charged by federal authorities with pretending to be an armed federal agent so he could bypass airport security. The man from Rockland was freed on $50,000 unsecured bond following his initial appearance Tuesday in U.S. District Court in Boston. He was flying from Boston to San Diego on January 1, 2007, when he approached an American Airlines ticket counter at Logan International Airport and flashed a badge he carries as a part-time assistant harbor master in Chatham, according to federal prosecutors. The man, a medical supplies salesman, also filled out a “flying while armed” form and wrote that he worked for the U.S. Department of Homeland Security, prosecutors said. He did not bring a gun on the plane. He allegedly did the same on his return trip to Boston three days later. But this time, according to court documents, he was invited into the cockpit, was told the identity of the two air marshals on the flight, and was informed who else on the plane was armed. The man told WHDH-TV that he volunteered for a Coast Guard subcommittee, which is a division of Homeland Security. He is charged with impersonating a federal agent and making false statements. The case took almost two years to come to light so federal authorities could tighten airport security and prevent similar incidents, said a spokeswoman for the U.S. attorney’s office. “The flying public can be assured that this has led to a change of procedures to ensure that credentials are properly vetted,” said a spokeswoman for the Transportation Security Administration. Source: http://www1.whdh.com/news/articles/local/BO96509/


 According to eWeek, Google says GeekCondition.com’s claims about a Gmail vulnerability are incorrect. The issue is just an example of a successful phishing attack targeting Web domain owners, Google says. (See item 29)

See Information Technology section below for details

Details

Banking and Finance Sector


7. November 26, Wall Street Journal – (National) Mortgage rates fall as U.S. expands rescue. U.S. officials pledged to pump another $800 billion into ailing credit markets, much of it directly from the Federal Reserve. The Fed, whose traditional lending role has been to make emergency loans to banks, plans to purchase in coming months up to $600 billion of debt issued or backed by Fannie Mae, Freddie Mac, Ginnie Mae, and Federal Home Loan Banks, all mortgage-finance businesses with close ties to the government. The Treasury Secretary announced plans to try and help banks loan money out to people faster. But critics say that “throwing money at the problem” is what spurred the crisis to begin with. In addition, with support from the U.S. Treasury, the Fed will provide up to $200 billion in financing to investors buying securities tied to student loans, car loans, credit-card debt, and small-business loans. The intervention, the latest in a series of unprecedented government actions, immediately pushed down rates on 30-year mortgages by as much as one-half percentage point. Source: http://online.wsj.com/article/SB122761978389056335.html


8. November 25, New Jersey Star Ledger – (New Jersey) ID theft ring targeted NJ home equity lines of credit. Four men were arrested Monday in connection with an international identity theft scheme that siphoned at least $2.5 million from home equity lines of credit at dozens of banks, including at least eleven in New Jersey, authorities said. The suspects targeted homeowners with big credit lines at large and small financial institutions, including Citibank, JPMorgan Chase, and credit unions in Basking Ridge, Bridgewater, and Toms River, authorities said. They used stolen personal data and technological tricks to fool bank employees into transferring funds to accounts in at least seven countries, authorities said. “Home equity lines of credit are an expanding front in the battle against mortgage fraud,” a U.S. attorney said. Monday’s arrests follow an FBI investigation that began in November 2007. Source: http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-12/1227591361311770.xml&coll=1


9. November 25, Washington Post – (National) FDIC chair: more problem banks. The FDIC chairwoman said Wednesday that the number of “problem” banks and thrifts in the third quarter rose from 117 at the end of the second quarter of this year to 171 at the end of the third quarter, the highest level since 1995. “Community banks — those with total assets of under $1 billion — are beginning to exhibit stresses similar to those facing the industry as a whole,” the FDIC said. “However, capital levels and reliance on retail deposits remain higher at these banks than the industry average.” More people are putting their money in banks, the FDIC reported. Estimated insured deposits were up by 1.8 percent in the third quarter and 7.1 percent over the past four quarters, the agency said. Source: http://voices.washingtonpost.com/economy-watch/2008/11/fdic_chair_more_problem_banks.html?hpid=topnews

Information Technology


27. November 26, Softpedia – (International) Widespread malware attacks target Windows 7, Vista SP1, and XP SP3 vulnerability. Microsoft confirmed not only that malware attacks designed to take advantage of a Server Service vulnerability, affecting both Windows client and server versions of the platform, were no longer isolated and targeted cases, but also that infections with malicious code had been detected. On November 25, a Microsoft Security Response Center communications manager, and senior program manager and response coordinator, revealed that the company was aware of a new wave of attacks, targeting a vulnerability rated as critical, for which Microsoft Security Bulletin MS08-067 had been released in October as an out-of-band patch. The security update was designed to integrate with a variety of Windows operating systems, including Windows Vista SP1, Windows XP SP3, and even Windows 7. Microsoft pointed out that there were two pieces of malware associated with attacks exploiting the Server Service vulnerability: Win32/Conficker.A (also TA08-297A, CVE-2008-4250, VU827267 W32.Downadup (Symantec)) and Win32/IRCbot.BH (Win32/IRCBot.worm.Gen (AhnLab); Win32/IRCBot!generic (CA); WIN.IRC.WORM.Virus (Dr.Web); Exploit-DcomRpc.gen (McAfee); Mal/IRCBot-B (Sophos); Purple Exploit). According to Microsoft, Win32/Conficker.A even patches the very API vulnerability, which it uses to infect machines, in order to prevent any further exploits to take advantage of the security hole. The senior program manager and response coordinator explained that the majority of infection reports were generated in the United States, but that the worm was also detected in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina, and Chile. At the same time, Win32/Conficker.A completely avoids to exploit and infect Ukrainian computers. Source: http://news.softpedia.com/news/Widespread-Malware-Attacks-Target-Windows-7-Vista-SP1-and-XP-SP3-Vulnerability-98716.shtml


28. November 25, eWeek – (International) Spam levels creep back up 2 weeks after McColo shutdown. Spam levels are heading back up after dropping dramatically following the shutdown of Web hosting company McColo. According to Symantec security research, some notorious botnets are back in action. Spam levels appear to be rising again after a steep decline. According to researchers at MessageLabs, now part of Symantec, spam volumes have doubled since last week. Spam levels dropped off dramatically with the shutdown of Web hosting company McColo on November 11. Though the firm briefly gained new life the weekend of November 15, it was quickly shut down again, and spam at first remained at relatively low levels. In a blog post, Symantec Security Response noted that in addition to overall spam volumes being up, the percentage of spam messages containing the text/HTML content type mime part have jumped to 55 percent of all spam. Since the McColo takedown, that percentage has been around 34 percent. This change indicates that a return to normal spam activity could be in the works, according to the blog. Source: http://www.eweek.com/c/a/Security/Spam-Levels-Creep-Back-up-Two-Weeks-After-McColo-Shutdown/


29. November 25, eWeek – (International) Google says reports of Gmail flaw unfounded. Google says GeekCondition.com’s claims about a specific Gmail vulnerability are incorrect. The issue is just an example of a successful phishing attack targeting Web domain owners, Google says. Google officials have challenged the assertion that a Google Gmail security flaw was at the center of an issue described on the GeekCondition.com blog. A posting on GeekCondition.com November 23 warned of a flaw allowing attackers to force Gmail users to create a malicious message filter without their knowledge. As a result, the post said, attackers could hijack messages sent to a victim’s Gmail account by redirecting messages into the trash and forwarding copies to the attacker. Google, however, explained that the source of the problem was not a flaw in Gmail, but a phishing scheme in which attackers sought to lure Web domain owners to rogue sites so their information could be stolen. Source: http://www.eweek.com/c/a/Security/Google-Says-Reports-of-Gmail-Flaw-Unfounded/


Communications Sector

30. November 26, Associated Press – (Texas) Texas to test wireless call blocking in prison. Texas officials plan to test cell phone jamming technology after a prison system lockdown and search turned up hundreds of smuggled mobile devices. The test has been proposed for December 18 at the Travis County state jail in Austin. The House Corrections Committee Chairman said he requested the test. Officials at the Texas Department of Criminal Justice were working to set up the demonstration, said an agency spokeswoman. Florida-based CellAntenna Corp., which recently conducted a similar test in South Carolina, has agreed to do the Texas demonstration. Prison officials from several states gathered at a South Carolina prison on Friday to see how the equipment blocks wireless calls. The technology prevents cell tower transmissions from reaching the phone. Regulators can grant permission to federal agencies to use the technology, but federal law prevents State and local agencies from jamming cell phone signals. Still, prison officials hope they will be granted permission to use the blocking technology. Critics say it is impossible to contain the jamming technology to one or two buildings, and that using it runs the risk of affecting people using phones nearby. Source: http://www.chron.com/disp/story.mpl/headline/metro/6133209.html

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, November 26, 2008

Complete DHS Daily Report for November 26, 2008

Daily Report

Headlines

 According to Continuity Central, a new University of Minnesota report is the first to conceptualize what happens when a pandemic disrupts the fuel supply chain for electricity. (See item 1)

1. November 25, Continuity Central – (National) U.S. electrical supply is highly vulnerable during pandemic conditions. Reliable mining and delivery of coal, which generates nearly half the United States’ electricity, must be safeguarded to keep water and sewerage systems running, lights on, and vaccine and critical drugs available during a pandemic, according to a new University of Minnesota report, “Pandemic Influenza, Electricity, and the Coal Supply: Addressing Crucial Preparedness Gaps in the United States.” The report is the first to conceptualize what happens when a pandemic disrupts the fuel supply chain for electricity. The authors outline a four-point plan to reduce the risk of losing electricity, particularly in large portions of the Midwest and Eastern states during a pandemic. The authors challenge policymakers and industry leaders to take the following steps: build and maintain coal stocks at power plants year-round at the same level the industry maintains for summer months; place coal miners and supporting infrastructure personnel in the highest priority levels for pandemic response; plan for disruptions in the coal supply chain; and anticipate and develop strategies for responding to disruptions in electrical service. Source: http://continuitycentral.com/news04288.html

 The Seattle Post-Intelligencer reports that about 20 operators who dispatch Seattle police to emergency calls had to be evacuated Monday afternoon after a potentially hazardous material was found in the dispatch center. (See item 23)

23. November 24, Seattle Post-Intelligencer – (Washington) Possible hazardous liquid in 911 dispatch center. About 20 operators who dispatch Seattle police to emergency calls had to be evacuated Monday afternoon after a potentially hazardous material was found in the dispatch center. A few dispatchers remained to handle calls. About a half-hour later, all dispatchers began returning after emergency crews found nothing amiss with the air in the center. A spokeswoman for the Seattle Fire Department said the unknown liquid was discovered on the first floor of the call center. Medics treated three people on the scene for minor symptoms, including watery eyes, she said. A private ambulance took one person, who has asthma, to a hospital. A second group of firefighters checked the center, but found nothing hazardous. Source: http://seattlepi.nwsource.com/local/389206_hazmatt25.html?source=mypi

Details

Banking and Finance Sector


8. November 25, Kerrville Daily Times – (Connecticut) Text scam tries to fool bank customers. The Bank of the Hills Regional CEO is warning customers not to give information to unknown sources after area cell phones owners were inundated with text messages that stated that Bank of the Hills debit cards had been deactivated. The message also provided a reactivation phone number. According to the CEO, the text messages were sent out beginning Friday to Verizon and Sprint customers and blanketed the area. The Kerrville Police Department received two reports of the scam as of Monday afternoon. Callers to the number were offered two options — to activate the card or to change the PIN number. After choosing an option, callers are prompted to give personal information, such as their debit card and personal identification numbers A KPD spokesman said one of the victims’ bank accounts was emptied the day after responding to the text. Source: http://unified-communications.tmcnet.com/news/2008/11/25/3812984.htm


9. November 24, Business First of Columbus – (California) U.S. Bancorp takes over 2 California banks. U.S. Bancorp took over Downey Savings and Loan Association F.A. and PFF Bank & Trust late Friday, ending several weeks of speculation about the financially strapped, southern California institutions. The Federal Deposit Insurance Corp. handled the deal, ensuring that the combined 213 California branches of both banks will reopen as U.S. Bank. Customer deposits will automatically transfer to U.S. Bank, owned by Minneapolis-based U.S. Bancorp, while all accounts are insured by the FDIC. Source: http://www.bizjournals.com/columbus/stories/2008/11/24/daily6.html


Information Technology


25. November 25, InformationWeek – (International) Windows Vista, Multimedia Codec vulnerabilities found. Security researchers at Phion AG, an Austrian firewall company, report that Windows Vista has a TCP/IP vulnerability that could allow a local attacker to take control of an affected system. The vulnerability has been tested on Microsoft Windows Vista Enterprise (32-bit and 64-bit) and Microsoft Windows Vista Ultimate (32-bit and 64-bit). The researches consider it likely that other versions of Vista are affected. Windows XP, however, is not affected. Certain administrative rights are required for the vulnerability to be exploited. This makes it a risk primarily in malicious insider scenarios. The advisory states that Phion notified Microsoft on October 22. It is not immediately clear when Microsoft will address the issue. In any event, Phion’s advisory includes details about a temporary fix. Meanwhile, Vietnamese security research group Bach Khoa Internetwork Security (BKIS) has identified a buffer overflow vulnerability in the open source ffdshow multimedia codec that can be used to compromise computers using any Internet browser in which the Windows Media Player plug-in has been installed. The flaw has to do with the way the ffdshow software handles media streams. Upon parsing an extremely long link, ffdshow runs out of memory and returns a buffer-overflow error. This could be exploited by an attacker to execute remote code on the victim’s computer. Source: http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=212200255


Communications Sector

Nothing to report

Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 25, 2008

Complete DHS Daily Report for November 25, 2008

Daily Report

Headlines

 Reuters reports that Boeing shut down production at a military helicopter plant outside Philadelphia on Friday after a third incident involving foreign objects prompted the Pentagon to issue a corrective action against the company. (See item 11)

11. November 21, Reuters – (National) Boeing halts rotorcraft output after debris found. Boeing shut down production at a military helicopter plant outside Philadelphia on Friday after a third incident involving foreign objects prompted the Pentagon to issue a corrective action against the company. A Boeing spokesman said the company received the notice from the Pentagon’s Defense Contracts Management Agency on Friday, which means the government will not accept any aircraft manufactured at the plant until certain requirements are met. Boeing produces its CH-47 Chinook helicopters and MH-47G Special Operations Chinook the at the plant, as well as the fuselages for the V-22 tilt-rotor aircraft that it builds with Textron Inc’s Bell Helicopter unit. He said Boeing had halted production at the plant until the company was able to determine how the foreign object debris had gotten into the V-22 fuselage. He said the latest incident was discovered by Boeing during a quality inspection last week. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN2149982520081121

 According to the Army Times, the U.S. Defense Department confirmed Friday that a virus has infected some of its computer networks. (See item 28)

28. November 23, Army Times – (National) DOD confirms computer virus in networks. The U.S. Defense Department confirmed Friday that a virus has infected some of its computer networks but declined to identify the infection, say whether it was a direct attack on the networks, or confirm published directives that ban the use of portable storage media such as thumb drives. “We are aware of a global virus for which there are some public alerts,” said a Pentagon spokesman. “And we’ve seen some of this on our networks. We’re taking steps to identify and mitigate the virus.” The spokesman would not characterize the infection further except to call it a “global issue” that also is affecting worldwide networks outside the Defense Department. He also declined to confirm a ban on the use of thumb drives, although the ban was spelled out in at least two recent Air Force directives, one of which says the order comes from the Defense Department command that oversees the military computer domains shared by all the services. He also would not comment on whether officials think the infection may have been transmitted to the military’s networks by way of a thumb drive or other flash media. Source: http://www.armytimes.com/news/2008/11/military_thumbdrives_computerworm_112108w/

Details

Banking and Finance Sector


12. November 24, BBC News – (National) U.S. rescues ailing Citigroup bank. The U.S. Treasury is set to invest $20 billion in Citibank in return for preferred shares. The Treasury and the Federal Deposit Insurance Corp will also guarantee up to $306 billion of risky loans and securities on Citigroup’s books. “Equity markets have responded positively to the Citigroup news,” said an individual at ECU Group. The new plan follows a $25 billion injection of public funds in the bank last month. Source: http://news.bbc.co.uk/2/hi/business/7745168.stm


13. November 24, Associated Press – (International) Hands-off hackers: Crooks opt for surgical strikes. A new report by antivirus software vendor Symantec Corp. details a startling trend that highlights the inventive ways criminals are figuring out ways to make money online. Instead of stealing customer data, a small subset of hackers have concerned themselves with accessing the compromised companies’ payment-processing systems, and nothing else, according to the “Symantec Report on the Underground Economy,” slated for release Monday. Those systems allow the criminals to check whether credit card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment or not. It is a service the crooks sell to other fraudsters who do not trust that the stolen card numbers they are buying from someone else will actually work. Source: http://tech.yahoo.com/news/ap/20081124/ap_on_hi_te/hands_off_hackers


14. November 22, McClatchy-Tribune Information Services – (North Carolina) Personal information of 70 people stolen from tax office. New Bern, North Carolina, police say a computer stolen from B.J. Accessories and Tax Preparation last week contains identity information of about 70 people. Police are still investigating the theft, and had no suspects as of Friday night. The owner of the tax-preparation business has been told to notify clients about a possible breach of their personal information. Source: http://www.tmcnet.com/usubmit/2008/11/22/3807787.htm

15. November 21, Forbes – (Missouri) Six indicted for alleged mortgage fraud. Six area individuals were indicted Thursday by a federal grand jury in Springfield for their alleged roles in a mortgage fraud scheme involving 29 homes in Greene and Christian Counties, according to the U.S. Attorney’s Office. Four of the six people indicted were former mortgage brokers operating in the Springfield area. One was the owner of Master Marketing Consultants and former branch manager for Gateway Mortgage. Another was the former branch manager for Choice Mortgage. An FBI supervisory special agent said the investigation into local mortgage fraud schemes is continuing and that additional indictments are possible. Source: http://www.forbes.com/technology/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches.html

Information Technology


33. November 24, Register – (International) Domain hijack fears over Gmail exploit. A Gmail exploit which might be abused to allow domain hijacking has reared its ugly head once more. The reported vulnerability revolves around the potential ability for hackers to create a malicious filter without needing to obtain the login credentials for a Gmail account. A flaw of this type hit a web designer back in December 2007. Security watchers thought that Google had a handle on the problem, but now it seems that this confidence might have been misplaced. The exploit kicks off by tricking surfers into visiting a maliciously constructed website. This site uses cross-site request forgery trickery to set up a filter on a targeted Gmail account which forwards email to a hacker’s account while deleting it from a victim’s inbox. The exploit involves stealing a cookie and creating a fake iFrame with a URL containing the variables that instruct Gmail to create a filter. Source: http://www.theregister.co.uk/2008/11/24/gmail_exploit/


34. November 22, CNET News – (National) 2 engineers sentenced for espionage. Two Silicon Valley engineers from China have been sentenced to prison for stealing chip designs and attempting to smuggle them back into their native country, the Associated Press reported. The two men pleaded guilty two years ago. They were sentenced Friday in U.S. District Court in San Jose, California. According to the AP, they are the first ones convicted of the most serious violations under the Economic Espionage Act of 1996. One of the accused is a U.S. citizen, the AP said, and the other is a permanent resident of the United States. Prosecutors did not allege that China’s government actually knew of the crime. Prosecutors said documents showed the two accused were trying to sell the idea of the start-up as a way to boost China’s chip-making abilities. Source: http://news.cnet.com/8301-1001_3-10106100-92.html?tag=mncol


Communications Sector


Nothing to report