Department of Homeland Security Daily Open Source Infrastructure Report

Monday, October 6, 2008

Complete DHS Daily Report for October 6, 2008

Daily Report


 The Anchorage Daily News reports that BP and Alaska state officials are investigating a series of recent mishaps at the Prudhoe Bay oil field, including the rupture of a high-pressure natural gas pipeline. (See item 1)

1. October 3, Anchorage Daily News – (Alaska) High-pressure BP gas line blows at Prudhoe Bay field. BP and state officials are investigating a series of recent mishaps at the Prudhoe Bay oil field, including the dramatic rupture of a high-pressure natural gas pipeline. A 7-inch-diameter steel pipe supplying gas to an oil well production pad blew September 29, flinging a pipe segment several feet long some distance away on the tundra, according to BP. No one was hurt, and there was no spill or fire in that incident, according to BP and state regulators. Separately, about 30 minutes after the pipe blew, a valve on a different well production pad, called the S Pad, leaked natural gas. And on October 2, BP reported a crude oil spill of about 150 gallons. The blown pipeline has resulted in oil wells being shut down at two Prudhoe production pads — the Y and P pads — curtailing daily oil production by 3,000 to 7,000 barrels a day, said a BP Alaska spokesman. Prudhoe Bay typically produces more than 300,000 barrels a day. BP shut down production as a precaution, he said. BP said it has launched an internal investigation of the pipeline accident. The oil leak occurred on the Y Pad, the same location where the gas pipeline blew, state regulators said. BP said the spill happened when workers were “freeze protecting” a well on the pad, and a connection failed. The Alaska Department of Environmental Conservation is investigating the spill. Source:

 According to Computerworld, a researcher said Friday that several criminal gangs have acquired administrative log-in credentials for more than 200,000 Web sites and have used the compromised domains to attack unsuspecting users’ PCs with a notorious hacker exploit kit. (See item 37)

See details in the Information Technology section below.


Banking and Finance Sector

12. October 3, Reuters – (International) UBS pares investment banking, to cut 2,000 jobs. UBS AG said it is cutting another 2,000 jobs at its troubled investment bank and closing most of its commodities business but will remain a universal bank and will not quit investment banking completely. The 2,000 job losses come on top of 4,100 investment banking positions cut in the past year. Risky investments have forced UBS to write down $42 billion — the most of any bank in Europe. A spokeswoman said the cuts would mostly fall in the United States and Britain. The main commodities businesses UBS is exiting include power and gas, agriculturals and base metals, but it will keep its precious metals business. It said it will cut back its real estate and securitization division and proprietary trading, while preserving its core foreign exchange, rates and credit businesses. Source:

13. October 3, Precision Marketing – (International) Barclays hit by phishing scam. Barclays is the latest bank to be hit by a hoax phishing campaign, which encourages customers to log their personal details on to a fake site. The email scam entitled, ‘restore your account’ encourages consumers to click on to a hoax Barclays log-in site, in a bid to extract personal banking details. Barclays denies having anything to do with the email. The bank is urging customers to delete the email or forward it on to its internet security address. Source:

14. October 3, Reuters – (National) Wells to buy Wachovia for $15.1 billion. Wells Fargo & Co. said it agreed to buy Wachovia Corp. for about $15.1 billion, without U.S. government help, thwarting a planned Citigroup Inc. deal that had been seen as big boost for both Citi and Wachovia. Citi had said Monday it reached a preliminary agreement to buy Wachovia’s banking assets for $2.16 billion in a government-brokered deal. Wells Fargo said it expects to incur merger and integration charges of about $10 billion. It also intends to issue up to $20 billion in new Wells Fargo securities, primarily common stock, “to maintain its strong capital position. A Wachovia spokeswoman said neither Citigroup nor the Federal Deposit Insurance Corp. is involved in the transaction. Source:

15. October 2, PR Newswire – (New Jersey) Verizon Business data-breach report examines industry-specific challenges. Enterprises should assess their security strategies knowing that the challenges differ significantly by industry and that a one-size-fits-all approach is rarely effective. Those are the key findings in a supplemental analysis of data breaches released by Verizon Business October 2. The latest study is based on the 2008 Verizon Business Data Breach Investigations Report, issued in June. The landmark report analyzed breaches spanning four years and more than 500 forensic investigations involving 230 million compromised records including three of the five largest breaches ever reported. In its supplemental analysis, Verizon Business security experts used the original data to provide a rare glimpse at the differences and similarities among attacks across four key industries: financial services, high-tech, retail, and food and beverage. “The supplemental report provides further insight into the nature of breaches, underscoring that good security does not lend itself to a cookie-cutter approach,” said the vice president of research and intelligence, Verizon Business Security Solutions. Source:

16. October 2, SC Magazine – (National) Cyber gang moles steal company data. Criminal gangs have been placing staff members in companies to operate as moles, an internet security expert said this week. A member of the Information Systems Audit and Control Association conference committee and founder of First Base Technologies said, “Some people in the banking community have quietly and anonymously said to me over the last year that they have found employees who have been placed in their company by criminal gangs and they have been operating as moles over that period. I think there is a huge gulf between the technical controls that firms put in place and the human and (human relations) control and the physical premises control,” he said. “There is little or no communication between the three areas and it’s through those gaps that criminals can walk unchallenged.” This could be overcome by training, he added. Source:

17. October 1, Network World – (National) IBM software bundle targets retail theft, data breaches. International Business Machines (IBM) is targeting retail security with a package of software and services designed to prevent physical loss of merchandise, protect against electronic threats, and comply with credit card industry regulations. SecureStore combines surveillance and radio-frequency identification (RFID) systems with software that protects online and in-store transactions, as well as software that protects databases and applications from network-based threats. IBM officials also spoke about how they are embedding security into products across the company’s software lines. Through Internet Security Systems, IBM is providing assessments to determine compliance with the Payment Card Industry Data Security Standard (PCI DSS). For in-store security, IBM offers RFID systems and Smart Surveillance software that analyzes surveillance video to uncover potential theft. SecureStore brings together capabilities from ISS, Rational, and Tivoli to protect database and applications from malware, viruses, and other network-based threats. Finally, SecureStore offers software utilizing a service-oriented architecture to secure electronic transactions both on the internet and inside stores. Source:

Information Technology

36. October 3, IDG News Service (International) Two Europeans charged in U.S. over DDOS attacks. Two European men have been indicted for allegedly orchestrating cyberattacks against two Web sites, a continuation of the first successful U.S. investigation ever into distributed denial-of-service (DDOS) attacks, according to the U.S. Department of Justice. One of the men is believed to be the programmer behind Agobot, a well-known malicious software program used to create a botnet or network of compromised PCs. The men, who were indicted Thursday by a grand jury in Los Angeles, California, on one count of conspiracy and one count of intentionally damaging a computer system, were allegedly hired by the owner of Orbit Communication, a Massachusetts-based company that sold home satellite systems, to carry out DDOS attacks. Those attacks were directed at the public Web sites of two of Orbit’s competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles. Source:

37. October 3, Computerworld (International) Researcher finds evidence of massive site compromise. Several criminal gangs have acquired administrative log-in credentials for more than 200,000 Web sites — including the one used by the U.S. Postal Service — and have used the compromised domains to attack unsuspecting users’ PCs with a notorious hacker exploit kit, a researcher said Friday. More than a month ago, the director of security research at Aladdin Knowledge Systems Inc. found and infiltrated a server belonging to a longtime customer of Neosploit, a hacker tool kit used by cybercriminals to launch exploits against browsers and popular Web software such as Apple Inc.’s QuickTime or Adobe Systems Inc.’s Adobe Reader. On that server, he uncovered logs showing that two or three hacker gangs had contributed to a massive pool of Web site usernames and passwords. “We have counted more than 208,000 unique site credentials on the server,” he said, “and over 80,000 had been modified with malicious content.” The site credentials were only the means to an end: The 80,000 modified sites were used as attack launchpads. Each served up exploit code provided by the Neosploit kit to any visitor running a Windows system that had not been fully patched. Source:

Communications Sector

38. October 2, Birmingham News (Alabama) USCarrier expanding Alabama fiber-optic network. Atlanta-based USCarrier Telecom Thursday said it will expand its fiber-optic network to the Birmingham area and onward to Montgomery to provide telephone companies access to its high-speed, long-haul services. USCarrier said in a statement it expects to complete the expansion in early 2009. A surge in demand for telecommunications services “is pushing the use of fiber and driving USCarrier’s growth and expansion,” the company said. USCarrier has more than 3,400 route-miles of optical fiber connecting more than 40 cities in Georgia, Alabama, Florida, Tennessee, and the Southeast. Source: