Department of Homeland Security Daily Open Source Infrastructure Reprot

Monday, July 14, 2008

Daily Report

• At least 2,000 campaigners from the 2008 Camp for Climate Action are vowing to force their way into Kingsnorth power station in Britain. Kingsnorth power station is a huge 2,000 megawatt plant that supplies electricity to 1.5 million homes. (See item 2)

• Salmolux Inc. is recalling lot # 01418 of its Wild Alaskan Smoked Salmon Nova Lox sold in three ounce packages due to the potential to be contaminated with Listeria monocytogenes. (See item 23)

Banking and Finance Sector

8. July 11, Washington Post – (National) New oversight system is likely for mortgage workers. If a new housing and mortgage legislation is approved by Congress and goes to the president later this month, it would create a vast new, mandatory licensing and registration system covering anyone who originates home mortgages, whether an independent broker, a bank employee, mortgage company loan officer, or even a realty agent who gets money from a lender for helping buyers with loan applications. The idea, say proponents, is to require more stringent professional standards at the front lines of the mortgage industry – tougher educational and competency tests, annual recertifications, and a national tracking system based on fingerprints and other “unique identifiers.” These new standards, in turn, could help eliminate two of the key problems that led to widespread fraud and predatory lending abuses during the housing boom years of 2002-06: minimal barriers for entry into the industry and inadequate regulatory oversight and coordination at the federal and state levels. Besides fingerprinting submissions to the Federal Bureau of Investigation for background screening, license applicants would be required to produce current credit reports and detailed personal employment histories. Applicants convicted of a felony during the prior seven years would be rejected. Persons convicted of serious financial crimes such as money laundering would be banned for life. Employees of nationally chartered banks and credit unions who originate loans would have to meet similar standards, but under programs run by federal financial regulators rather than states. Source:

9. July 10, WMAQ 5 Chicago – (National) IRS warns of new rash of identity theft. The Internal Revenue Service (IRS) is warning about a rash of identity theft scams. The most common is said to involve tax refunds and the economic stimulus payments. The IRS said people are getting e-mails saying they must supply personal information to get their money. Another scam says the IRS is updating its files and people who do not respond risk more taxes. Those who comply will supposedly get nominal tax refunds. Even entire companies are being targeted. The IRS said e-mails are asking companies to download an IRS report on the firm. The report includes software that can hijack the company’s hard drive, giving the scammer remote access. The IRS said almost 700 attempted incidents of identity theft were reported in May and June, and some 1,600 so far this year. Source:

10. July 10, Consumer Warning Network – (Florida; National) FSU profits off of student credit card debt. The Consumer Warning Network has just released a report exposing secret details of a marketing agreement between Florida State University (FSU) and credit card giant Bank of America. At the same time FSU is warning students in a video to avoid the “credit card monster,” the university is funneling their names and addresses to credit card giant Bank of America. The bank then uses that information to market credit cards to those very same students, as part of an “exclusive” deal allowing the bank to use FSU’s official colors and symbols. Under the secret terms of the agreement, FSU pockets a piece of every dollar charged by students and alumni under the program, with a guarantee of more than $10 million over seven years. That money goes directly to the private Seminole Boosters, FSU’s athletic fundraising arm. The card marketed to students by Bank of America has less favorable terms, like higher interest rates, than its non-student credit cards. FSU is not alone. Bank of America has acknowledged it has arrangements similar to the one with FSU with more than 900 participating schools and colleges. Congress and some state attorneys general are investigating these relationships between credit card companies and universities. Source:

Information Technology

31. July 11, ComputerWorld – (National) DNS researcher convinces skeptics that bug is serious. Once-skeptical security researchers now agree that the critical bug in the Internet’s Domain Name System (DNS) protocol is the real deal. The researcher who uncovered the design flaw in DNS, and who then led a months-long effort to coordinate the large-scale, multi-vendor patching that was unveiled Tuesday, admitted he had made a mistake in not reaching out to the security research community earlier. Source:

32. July 10, Dark Reading – (National) Trojan attacks multimedia files stored on hard drives. A particularly aggressive Trojan is on the loose that infects multimedia files stored on a user’s hard drive. “We’ve not seen such a sophisticated Trojan infecting multimedia files before,” said the lead for the anti-malware team at Secure Computing, which has been studying the Trojan. “We’ve been seeing infected multimedia files for about a month now and [had been] wondering where they came from.” Like many malware infections, it starts with a visit to a suspicious, where the user downloads what he thinks is a serial key for a copy-protected software package, for example, but instead gets the Trojan that automatically infests all of his multimedia files. When he shares one of those music or video files with another user via a peer-to-peer network, the recipient in turn gets infected by a fake codec. The Trojan basically relies on legitimate multimedia functions, meaning there are no vulnerabilities you can patch. It preys on the Advanced Systems Format (ASF) file feature in MP3 and Windows Media Audio (WMA) music files, as well as Windows Media Video (WMV) files, for instance. ASF lets you embed script commands in these file.


33. July 10, Computer World – (National) Chip maker sues to quash research on RFID smart card security flaws. A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards. The cards are used to open doors in corporate and government buildings and to board public transportation systems. NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts to keep university researchers from publishing a paper about reported security flaws in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. The paper is slated to be presented at the Esorics security conference in Malaga, Spain, this October, according to a graduate student who was part of a research group that originally broke the encryption last year. He told Computerworld on Thursday that he gave his research to the Dutch university so it could build on what he had done, and he has been closely following its progress. Source:

34. July 10, Dark Reading – (National) ‘Blue screen of death’ masks spyware invasion. Researchers at FaceTime Security Labs say a new attack imitates the dreaded blue screen of death as cover so it can silently install bundles of spyware onto the machine. “Seems the bad guys are not without a sense of humor. Hiding a blizzard of infection file installs behind a legitimate screensaver created by a security expert is pretty bizarre,” blogged FaceTime’s director of malware research. He said it is unclear how widespread the infection is so far, but it is still fairly new. “It’s recent enough that the spread probably is not huge yet, but it’s bundled with the screensaver, which has been a popular joke for a few years.” The attack installs the Fake.AV and Smiddy spyware families, which come with Trojans that give an attacker control of the infected PC. “Fake.AV tricks the user into purchasing various different rogue anti-spyware applications. It produces numerous official-looking advertisements in order to manipulate the user into purchasing the product,” he says. “Smiddy manipulates the victim’s computer into using a malicious copy of explorer.exe in order to the let attacker to gain control. It also looks for and deletes critical anti-malware components related to QQDoctor and Eset Nod32.” When the spyware installation is complete, the screen displays various fake warnings about spyware being detected on the machine, with links to “clean” the machine. Source:

35. July 10, Computer World – (National) Feds moving ahead on effort to reduce Internet connections, but with adjusted target. Federal agencies continue to report that they are making progress on a government-wide initiative aimed at reducing their exposure to Internet-based threats, according to the administrator of e-government and IT at the White House Office of Management and Budget. But she also disclosed that the effort to consolidate the government’s connections to the Net has been scaled back because of feedback from agency officials. During a press conference Thursday, she provided a status update on the Trusted Internet Connections (TIC) initiative launched by the OMB last November. As part of the effort civilian agencies are working to reduce the number of external Internet connections that they have in place. The goal is to lower the risk that government systems will be hit by online attacks, and to make it easier to monitor the Internet connections agencies are using. Instead of having each individual agency manage its own connections, the plan is to have a small group of TIC access providers offering centralized connectivity and gateway-monitoring services to some agencies. She said that as of May, the number of external connections had been reduced from a total of more than 4,300 when the TIC initiative was announced to just over 2,750, based on reports submitted to the OMB by agencies. But she added that instead of whittling down the overall number of connections to 50, which is what the plan originally called for, the OMB now is looking to lower that number to about 100 by the end of 2009. Source:

Communications Sector

36. July 10, Lompoc Record – (California) Firefighers work to protect communications facilities. Firefighters battling the Gap Fire above Goleta were focusing their efforts on the northwest corner of the blaze Wednesday, and were taking steps to protect Broadcast Peak, home to numerous important communications antennas and repeaters. “Certainly that’s a consideration, because it is sort of near,” said the public information officer for the U.S. Forest Service. “But I know that will be something they’re keying (in) on.” Source: