Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, August 6, 2008

A personal note….my apologies for the late posting. Other obligations at the firm precluded anyone from posting today’s entries until after the end of the business day. For us, this is the first time in more than 2 years. May it never happen again.

Complete DHS Daily Report for August 6, 2008

Daily Report

• Homeland Security Today reports that a new bill referred August 1 to the House Energy and Commerce Committee would compel the U.S. Nuclear Regulatory Commission to require all new nuclear reactors to withstand the impact of a large commercial aircraft. (See item 9)

• According to Voice of America, a Pakistani scientist faces charges in a New York federal courtroom that she tried to kill U.S. military and civilian authorities in Afghanistan. Authorities say she carried documents on how to make explosives and also possessed descriptions of several U.S. landmarks, including landmarks in New York. (See item 41)

Banking and Finance Sector

12. August 5, USA Today – (International; National) Meet A-Z: The computer hacker behind a cybercrime wave. He goes by the nickname A-Z and is one of Russia’s bright young tech stars. A-Z’s masterstroke is a computer program called ZeuS that helps cybergangs steal people’s identity data and pull off Web scams on a vast scale. Last fall, German criminals used ZeuS to hijack $6 million from banks in the U.S., U.K., Spain, and Italy, says SecureWorks. One customer used ZeuS to steal user names and passwords from patrons of a Russian online stock-trading site. ZeuS was also deployed to swipe 1.6 million sensitive records from job seekers at and several other online job sites. In early summer 2007, A-Z agreed to form a partnership with a German

cybergang to pursue an ambitious heist. The gang was known for executing “man-in-the-middle” attacks. This involved infecting a PC with a virus that sits dormant until the user logs into an online bank account. The virus then comes alive and tries to execute a cash transfer to an account controlled by the crooks – while the victim is logged on and doing other banking, says the research director at iSight Partners, a risk-management firm. Still, man-in-the-middle attacks are notoriously hit-and-miss. Some banks have moved to thwart them by only allowing cash transfers from commercial accounts and requiring bank patrons to type in a special code, called a security certificate. As a rule, tech-security firms help banks under non-disclosure agreements. The names of the 20 affected banks have remained undisclosed. Source:

13. August 5, USA Today – (National) Thieves skim credit card data at fuel pumps. Customers and police agencies across the U.S. are dealing with another pain at the pump – thieves who install hard-to-detect electronic devices at stations to steal credit and debit card data. The skimmed data are used to create cards used at the victims’ expense, says the president and founder of Javelin Strategy and Research, a financial consulting firm that focuses on fraud and identity theft. Investigations of theft related to skimming devices at gas pumps continue in California, Washington, Nevada, Pennsylvania, and Delaware, according to various police departments. Though the most recent cases do not necessarily represent an epidemic, the Secret Service is investigating incidents across the country, says the spokesman for the agency, which has financial and electronic crimes units. Thieves increasingly target pumps because it is a cheap, easy way to steal credit and debit card information, the official says. The skimming devices can be installed outside or inside the pump. Thieves glue a plastic sleeve, equipped with covered wires that capture data, over the pump’s card reader or connect the device directly to the reader inside. The devices are molded and painted to match the machine and are small, making them hard to detect, he says. The combined cases total $1 million to $3.5 million stolen from hundreds of victims’ accounts, says a police official. The department is trying to prevent additional identity fraud by asking gas stations to consider placing sticker seals on the pumps that employees can check daily.


14. August 4, Atlanta Business Chronicle – (Georgia) Atlantan who headed $14M investment scheme sent to prison. A Georgia man was sentenced Monday to about ten years in jail on charges of wire fraud and money laundering relating to a $14 million scheme he used to fund a gambling habit. From the late 1990s through 2005, the suspect solicited more than $30 million from almost 100 people, as part of what turned out to be a phony real estate financing business. According to the testimony and statements from several of the victims, he told them that he would use their money to fund specialized short term “bridge” loans at high rates of interest to real estate developers and others who needed such financing. He lured this investment by offering extraordinary interest rates – often as high as five percent in 20 to 30 days. He claimed he could pay these rates because he was earning even higher rates of interest on the bridge loans he was making. However, the fraudster never actually made any short term loans or otherwise used any of the victims’ money for any business purpose. In the end, more than 20 victims lost more than $14 million. Source:

Information Technology

35. August 5, Computerworld – (National) Microsoft to predict exploitability of its own bugs. Microsoft will soon begin predicting each month whether newly found bugs in its software will be exploited, the company said Monday. The company also spelled out changes to how much information it gives customers and rival security companies about vulnerabilities, and when. Starting in October, Microsoft will add an “Exploitability Index” to the security bulletins it issues when it releases patches for Windows and its other software. Also in October, said Microsoft’s director of security response and outreach, the company will begin providing select third-party security vendors with technical information about each month’s vulnerabilities before patches are posted in order to give those companies a head start in crafting exploit-detection signatures. Source:

36. August 5, Computerworld – (International) Apple gets bruised in vulnerability report. Apple has taken the place of Microsoft for disclosing more vulnerabilities than any other vendor, according to an IBM security report. The company rose from second place in 2007 to take the top spot away from Microsoft, which had fallen into third place behind open source content management system Joomla. Final results were close, according to the IBM X-Force 2008 mid-year report, with Apple achieving vulnerability disclosure score of 3.2 percent, followed by Joomla with 2.7 percent and Microsoft at 2.5 percent. IBM remained in fourth spot, followed by Sun, a newcomer to the top five, while Oracle and Cisco fell from their former positions to sixth and seventh respectively. The company attributes their appearance to a rise in Web application flaws, predominantly cross-site scripting (XSS) and SQL injection attacks which account for 51 percent of all vulnerabilities. Source:;1490050411;fp;2;fpid;1

37. August 4, Register – (International) Dutch botnet herders arrested. Dutch police have arrested two Dutch brothers suspected of running a botnet controlling 40,000 to 100,000 computers, with only a small portion (1,100 computers) based in the Netherlands. The Federal Bureau of Investigation (FBI) has been investigating this case for a while before contacting the Dutch authorities. The arrests were made shortly after the two young bot-herders from the Frisian town of Sneek sold their network of compromised machines to a person in Brazil for €25,000 on Tuesday. The FBI has not revealed what the botnet was going to be used for, but Brazil along with Turkey and Russia hosts the highest number of zombies worldwide. Most botnets are exploited for denial-of-service attacks, click fraud, spamdexing and the theft of application serial numbers, login IDs, and financial information such as credit card numbers. Source:

Communications Sector

38. August 4, Reuters – (Minnesota) Telecom company challenges Minnesota city’s bond issue. The fate of $26.4 million of revenue bonds issued by Monticello, Minnesota, in May to finance a fiber optic network lies in the hands of a Wright County judge. The bond proceeds are parked in an escrow fund pending a ruling in a lawsuit filed against the city by Bridgewater Telephone Co, the Monticello-based subsidiary of TDS Telecom, which in turn is a unit of Chicago-based Telephone and Data Systems Inc. The lawsuit, filed in May, seeks to void the bonds. It contends the issuance of tax-exempt revenue bonds for a “fiber-to-the premises” broadband communications network was not allowed under Minnesota law, as well as claiming that the city failed to hold a referendum on the bond issue and unlawfully planned to use some bond proceeds for operating expenses. Source:

39. August 4, Florida Times-Union – (Florida) Comcast cable cut severs City Hall, school board and others. A sliced ComCast fiber optics cable has put Jacksonville’s City Hall web site (, the Duval County school district’s site (, and an unknown number of business customers on hold for the day. Comcast officials blamed the cut on a utility crew accident downtown Monday morning. Source: