Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 24, 2008

Daily Report

• The Associated Press reports that 150 U.S. embassies fall short of security standards, such as setting buildings significantly back from major roads and reinforcing walls and windows. U.S. embassies around the globe are among the most high-profile overseas targets for terrorists and protesters. (See item 31)

• According to the New York Times, Testwell Laboratories in some instances failed to do preliminary tests and later falsified the results of some tests on concrete poured over the last two years at the new Yankee Stadium in the Bronx and the foundation of the Freedom Tower in Lower Manhattan. (See item 45)

Banking and Finance Sector

10. June 22, United Feature Syndicate – (National) Con artists are stealing homeowners’ identities, properties. The sagging housing market has presented swindlers with endless opportunities to prey on troubled homeowners. But even people who are making their payments on time are susceptible to being cheated out of their homes. In house stealing, the con artist picks out a home and assumes the owner’s identity to create fake IDs, Social Security cards, etc. Then the con artist obtains forms to transfer the property, forges the owner’s signature and files the papers with the proper authorities. Often, targets are empty houses, for example a vacation home in a seasonal resort. In other cases, swindlers steal an occupied house and sell it to someone who is so enamored of the great price that he or she buys based on a few online photos. Or the perpetrators pose as the rightful owners and take out home-equity lines of credit against the property. Source:,0,5218514.story

11. June 20, Reuters – (National) SEC nominees support more i-bank regs if needed. Democratic nominees to the Securities and Exchange Commission (SEC) said they support adding regulations and staff to oversee investment banks if needed, according to testimony received by Reuters on Friday. Two representatives, who are being considered to fill the Democratic SEC commissioner spots, said they would support additional rules for firms like Goldman Sachs and Lehman Brothers, if needed, to protect investors and promote market stability. Investment banking supervision has been scrutinized and criticized since Bear Stearns nearly collapsed when its liquidity dried up in March. The Federal Reserve (Fed) opened its discount window to investment banks out of concern that the Bear crisis could lead to a systemic financial failure. Now the Fed is working with the SEC to ensure that investment banks remain safe and sound. Under the SEC’s voluntary supervisory program, the agency oversees the country’s four largest investment banks -- Goldman Sachs, Lehman Brothers, Merrill Lynch, and Morgan Stanley -- for liquidity and capital levels. The SEC’s chairman has urged Congress to decide which regulator should have primary oversight over the investment firms and to make it mandatory. Source:

12. June 20, Associated Press – (National) U.S. bomb threat suspect held in Portugal. Portuguese police have arrested a U.S. fugitive who allegedly phoned bomb threats to extort money from American banks and stole from multinational companies by hacking into their internal computer networks, authorities said Friday. Police suspect most of the scammer’s victims were companies in the U.S., but he also targeted companies in Canada, Britain, and Switzerland, a Portuguese detective said. The man’s alleged fraud schemes are believed to have netted “large quantities” of money, but the exact amount is not known. Police seized 15 laptop computers and 53 cellular phones during the arrest. In January, a U.S. District Court in Manhattan indicted the man on charges he made threats by telephone to Deutsche Bank, the Bank of New York, Bank of America, and Societe Generale. In November, federal authorities in Miami said they had asked that the suspect be arrested on charges that he made international phone calls earlier that year threatening to blow up a Miami Beach bank unless workers there gave an alleged accomplice money. In the U.S., the suspect faces a possible life prison sentence if convicted of a charge of threatening to use weapons of mass destruction by making bomb threats. Three other counts charging him with threatening acts of terrorism across national boundaries each carry 10-year prison sentences. Source:

Information Technology

36. June 23, – (National) Microsoft security fix clobbers 2 million password stealers. Microsoft’s June security updates were bad news for online criminals who make their living stealing password information from online gamers. The company’s Malicious Software Removal Tool -- a program that detects and removes viruses and other bad programs from Windows machines -- removed game password-stealing software from more than 2 million PCs in the first week after it was updated to detect these programs on June 10. One password stealer, called Taterf, was detected on 700,000 computers in the first day after the update. That is twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September. Between June 10 and June 17, Microsoft removed Taterf from about 1.3 million machines, a spokesman with Microsoft’s Malware Response Center said. Microsoft’s September detections seriously hobbled the Storm Worm botnet, once considered a top Internet threat. Password stealers such as Taterf are among the most common types of malicious software on the Internet. That is because there is big money to be made selling the virtual currencies used in online games for real-world cash. Source:

37. June 23, Register – (International) Rare Mac Trojan exploits Apple vulnerability. A rare Mac OS X Trojan has been spotted on the internet. The AppleScript-THT Trojan horse exploits a vulnerability within the Apple Remote Desktop Agent to load itself with root privileges onto compromised Mac machines. The malware, which is capable of infecting Mac OS X 10.4 and 10.5 boxes, surrenders control of compromised systems to hackers. Keystroke logging on compromised systems, taking pictures (using the built-in Apple iSight camera) or capturing screenshots are among the hacker exploits enabled by the malware, Mac security outfit SecureMac reports. The malware weaves its malicious spell while attempting to remain undetected by opening ports in the firewall and turning off system logging. SecureMac, which specialises in making anti-spyware software for Mac PCs, reports that miscreants have published multiple variants of the Trojan on a hacker-controlled website. Hackers on the site are discussing the possible distribution of the Trojan through the iChat instant messaging client and Limewire file sharing software. The Trojan comes packaged either as a compiled AppleScript, called ASthtv05, or as an application bundle, weighing in at around 3.1 MB. Despite the use by the Trojan of a recently-discovered Apple Mac vulnerability, users need to download and open the Trojan horse before they become infected. Source:

38. June 20, Red Orbit – (International) Why global hackers are nearly impossible to catch. Two U.S. Congressmen recently accused Beijing of sending hackers to ferret out secret documents stored on Congressional computers. The Chinese deny any involvement, but if they were lying, would we be able to prove it? The answer, according to computer and security experts, is probably not. At least, not conclusively enough for a court of law. “It’s very difficult to track hacker attacks and, even if you can track it, you don’t always know with 100 percent certainty if you’re right,” said the director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C. It is possible to track such attackers, to a point. When you use the Internet, you leave the equivalent of digital footprints, he explained. Every message your computer sends to a different computer travels in a series of hops from one router or server to another. Even after the message is received, the record of its path remains. He said authorities can sometimes follow that path back to a hacker’s computer. But not always. For one thing, not all servers and routers save records. Another big problem is that hackers will often conceal their location by creating a fake trail, essentially leading authorities to a computer user who had nothing to do with the attack. More frustrating, he said, is the fact that even when you can successfully trace a hacker, the information you get doesn’t tell you who signed his paycheck. While the attacks on the congressmen were apparently traced to a computer in China, knowing that does not necessarily implicate the Chinese government. Source:

Communications Sector

39. June 23, Network World – (National) Are smartphone viruses really a threat to your network? All evidence points to the fact that smartphone viruses will be a significant threat to networks even though they are not at this moment. The latest mobile devices contain more and more applications and corporate data, are enabled for real Web browsing and online collaboration, and can access corporate servers. Additionally, they operate outside firewalled environments and often make use of three wireless networks (Bluetooth, Wi-Fi and cellular). A 2007 survey of 450 IT managers found that eighty percent had antivirus products installed. Yet about 40 percent had been hit by a worm or virus in the past 12 months Of those that were hit, 30 percent said that being unable to reach mobile users who were disconnected from the network contributed to the intrusion or failure that allowed a virus onto their network. To date, however, major malware outbreaks on smartphones, on the scale of PC infections of past years, are almost unheard of. Early mobile phone viruses, such as Cabir, Skulls and Fontal, targeted a specific operating system, usually Symbian, and required users to accept a download and then actually install files. Infections were limited to a few score of devices typically. Source:

40. June 23, ZDNet Asia – (International) 3.5G laptops to overwhelm mobile networks? While, laptops packing 3.5G+ for mobile broadband provide mobile phone companies with a higher ARPU (average revenue per user), they could also prove a network nightmare, warns industry analyst Berg Insight. Berg predicts laptops with HSPA/LTE (high speed packet access/long term evolution) mobile broadband connectivity will grow from 8.4 million in 2007 to 49 million in 2013--a compound annual growth rate of just over a third. Embedded HSPA/LTE chipsets will gradually become a standard feature of laptops over the coming three to five years, it added. Networks are likely to suffer under the strain of the increased usage and urgently need significant investment to cope with looming demand, one of the firm’s senior analysts warned. Meanwhile, a survey of more than 350 telecom industry professionals, conducted by Tellabs and research company IDC, has found just over half of telecoms workers believe increasing bandwidth demands will eventually ‘break’ the Internet, with many pointing to online video as a key drain on bandwidth. Eighty percent of respondents said European operators will face greater demand for mobile broadband services over the next two years than operators in North America. And half of those polled said video puts the biggest bandwidth demands on mobile networks today, with the vast majority (81 percent) believing that will still be true in five years. Source:,39044192,62042973,00.htm

41. June 23, Associated Press – (National) New computer network linking Indiana campuses. A new ultra high-speed Internet connection that already links many Indiana colleges and universities could be available at nearly 40 public and private campuses across the state by the end of the year. Indiana University (IU) officials say the “I-Light” network gives campus users Internet speeds more than 20 times faster than what they would have at home. IU and Ivy Tech Community College officials joined Indiana House Speaker on Friday in announcing the completion of 1,178 miles of fiber-optic cable that forms the backbone of the network. The network also will vastly improve distance learning programs by enabling high-quality video streaming and high-definition learning tools like telepresence, a videoconferencing technology that gives users the impression of being in the classroom. There are 26 campuses across the state are already online with the network, with 13 more expected to join by December, IU officials said. I-Light is jointly managed by IU and Purdue University personnel, who provide the network engineering support for the project. The initial project, a $5.3 million effort which linked IU-Bloomington, IUPUI and Purdue, was expanded in 2005 with $7 million in state money to link up other campuses across Indiana. Source:,0,6189303.story

42. June 20, IDG News Service – (National) House approves surveillance bill, protects telecoms. The U.S. House of Representatives has approved legislation that would continue a controversial surveillance program at the U.S. National Security Agency with limited court oversight, while likely ending lawsuits against telecommunications carriers that participated in the program. The House on Friday voted to approve a bill that would extend the NSA surveillance of phone calls and e-mail messages going in and out of the U.S., while giving the U.S. Foreign Intelligence Surveillance Act (FISA) Court an opportunity to review Bush administration requests for wide-ranging surveillance powers. The bill, called the Foreign Intelligence Surveillance Act Amendments Act, allows the NSA to receive blanket surveillance orders covering multiple suspects of 4 terrorism and other crime. The compromise also sends the dozens of outstanding lawsuits against telecom carriers for their alleged participation in the NSA program to a district court, which will review whether they should be dismissed. The lawsuits will be thrown out if telecom companies can show that the U.S. government issued them orders for the surveillance that were presented as lawful. Source: