Department of Homeland Security Daily Open Source Infrastructure Report

Friday, October 17, 2008

Complete DHS Daily Report for October 17, 2008

Daily Report

Headlines

 An Associated Press survey of the 20 busiest U.S. airports found that seven of them — Philadelphia, Detroit, Phoenix, Minneapolis/St. Paul, Dallas/Fort Worth, Los Angeles, and San Francisco — let people with gun permits carry firearms in the general public areas of the terminal. (See item 16)

16. October 15, Associated Press (National) In many U.S. airports, guns are OK outside security. Flying in the United States has been transformed since September 11th, with passengers forced to remove their shoes, take out their laptop computers, and put liquids and gels in clear plastic bags. Yet it is perfectly legal to take a loaded gun right up to the security checkpoint at some of the nation’s biggest airports. An Associated Press survey of the 20 busiest U.S. airports found that seven of them — Philadelphia, Detroit, Phoenix, Minneapolis/St. Paul, Dallas/Fort Worth, Los Angeles, and San Francisco — let people with gun permits carry firearms in the general public areas of the terminal. Some anti-terrorism experts say that is a glaring security loophole that could endanger airport workers, passengers, and people waiting to pick them up or see them off. Other authorities say the nonsecure areas of the terminal are no different from other public venues and do not warrant special restrictions. However, even at those airports that ban guns, officials are not frisking people or using metal detectors on them as they enter the terminal. Experts say such an additional layer of security would be unworkable at America’s bustling airports. Source: http://ap.google.com/article/ALeqM5ikpdm5j53syU55EbQ4KM2E54S55gD93R5DU04

 According to Occupational Health & Safety, the Occupational Safety and Health Administration has cited the U.S. Forest Service for 51 alleged serious safety violations, 77 repeat violations, and 16 other-than-serious violations at 10 locations throughout the Salmon-Challis National Forest and involving ranger districts in Idaho. (See item 35)

35. October 16, Occupational Health & Safety – (Idaho) U.S. Forest Service cited for 144 safety violations in Idaho. The Occupational Safety and Health Administration (OSHA) has cited the U.S. Forest Service for 51 alleged serious safety violations, 77 repeat violations, and 16 other-than-serious violations at 10 locations throughout the Salmon-Challis National Forest and involving ranger districts in Salmon, Challis, North Fork, Mackay, and Leadore, Idaho. The agency’s inspection found serious violations involving fall hazards, emergency egress design and maintenance, machine guarding, storage of compressed gas cylinders, liquefied petroleum gas, and flammable liquids and electrical hazards. In addition, OSHA cited the supervisor’s office for a broad spectrum of deficiencies in its agency-required safety and health program. A serious citation is issued when death or serious physical harm is likely to result from a hazard about which the employer knew or should have known. Source: http://ohsonline.com/Articles/2008/10/16-US-Forest-Service-Cited-for-144-Safety-Violations.aspx

Details

Banking and Finance Sector


7. October 16, Wall Street Journal– (National) U.S. agencies investigate WaMu failure. Federal prosecutors are investigating the failure of Washington Mutual Inc., citing the “intense public interest” in the largest bank collapse in the history of the country. A U.S. attorney in Seattle, said he has formed a task force with investigators from the Securities and Exchange Commission, the Federal Bureau of Investigation, the Internal Revenue Service, and the Federal Deposit Insurance Corp.’s inspector general. “Given the significant losses to investors, employees and our community, it is fully appropriate that we scrutinize the activities of the bank, its leaders and others to determine if any federal laws were violated,” the attorney said. The investigation into Washington Mutual is part of a wider effort by U.S. law enforcement to determine the extent of fraud connected to the subprime-lending troubles that have battered financial institutions. The Justice Department has allowed the probes to be handled largely in U.S. attorneys’ offices around the country. Source: http://online.wsj.com/article/SB122410840828437953.html?mod=googlenews_wsj


8. October 16, Daily Chronicle – (Illinois) Banking scam using email. A scam in which perpetrators claim to represent local banks now includes both phone calls and e-mails to area residents, the DeKalb County Sheriff’s Office said Wednesday. The e-mails advise the recipient that their account has been suspended and they should click on a link and enter some personal information to reactivate the account. Other county residents have received automated phone calls that also name local banks and direct recipients to call an 800 number to reactivate an account. So far, American National Bank of DeKalb County and Resource Bank have been identified as the banks whose names are being used in the scams. Source: http://www.daily-

chronicle.com/articles/2008/10/16/news/local/doc48f6dec42a231386405821.txt

9. October 15, Reuters – (National) SEC again makes case for regulation of CDS. The SEC (Securities and Exchange Commission) and other policymakers have called for oversight of the fast-growing $55 trillion credit default swap (CDS) market, which has been blamed for contributing to the global financial crisis. The Commodity Futures Trading Commission (CFTC) is calling for a centralized derivative clearinghouse to reduce the risk posed by CDS. The swaps can pose systemic risks because the secretive nature of the market makes it impossible to know the size and distribution of a counterparty’s exposures. The SEC’s current authority over the over-the-counter credit default swaps is limited to enforcing anti-fraud prohibitions such as insider trading. Source: http://www.reuters.com/article/innovationNews/idUSTRE49E6VE20081015

10. October 15, Bloomberg – (National) SEC makes hedge funds report short sales until 2009. Investment managers who oversee more than $100 million must disclose to the SEC the stocks they have bet will fall in price until August 1, the agency said in a statement on its Web site Wednesday. Those positions will not be made public, the SEC said. Under the SEC rule, hedge funds will have to report weekly any new short positions they take. The records will be shielded from public disclosure in Freedom of Information Act requests because they are considered “trade secrets,” the SEC said. Such documents are exempt from release. Source: http://www.bloomberg.com/apps/news?pid=20601103&sid=abBj84kfzaGY&refer=us

11. October 15, St. Petersburg Times – (Florida) 5 bay area firms targeted in credit scam inquiry. Florida’s attorney general is targeting five Tampa Bay area companies in a statewide campaign against scams on people desperate for relief from debt and credit problems. The state has already settled with New Leaf Associates of Port Richey. This week, the Attorney General filed suit against Dunedin-based Enterprise Technology Group, which was operating as Ameritrust Financial Card. The state says the company charged $200 enrollment fees for a credit card that it claimed would perform like a normal card and could improve a person’s credit score, but did not. The Attorney General’s office has also subpoenaed records from three other bay area debt-relief companies: Financial Freedom Resources Inc. of Clearwater, Specialized Funding of Largo and United Debt Solutions, also known as American Debt Arbitration of Tampa. The office said companies being looked at — there are 31 in Florida — are suspected of violating the state’s Deceptive and Unfair Trade Practices Act along with other laws regulating telephone solicitation and credit counseling services. Source: http://www.tampabay.com/news/politics/state/article856976.ece

Information Technology


31. October 16, VNUNet.com – (International) Security industry falling behind the hackers. A Georgia Tech Information Security Center (GTISC) panel comprising members of the government, IT specialists and academics warned in its 2008 Emerging Cyber Threats Report (PDF) that existing systems are falling behind hacking techniques, which are becoming more popular and effective. “The rapid rate of application development for these mediums has outpaced information security technology so far,” the report concludes. The report highlights five key areas that need addressing: botnets, Web 2.0 attacks, targeted messaging, telecommunications and RFID hacking. The panel suggests that carriers must do more to integrate firewalls within IP subsystems to check the spread for botnets. The emergence of Web 2.0 poses new threats to internet users, the report finds. “In 2008, expect to see underground organizations shift tactics and focus more on Web 2.0, particularly mashup technologies, leading to more abuses at the user end wherever possible.” The increasing convergence of communications systems and computing into voice over IP (VoIP) systems also poses new dangers. Finally, RFID hacking is expected to take off in 2008. “In the near future, GTISC expects mainstream exploit tools to enable less technical hackers to attack RFID technologies.” Source: http://www.vnunet.com/vnunet/news/2228330/security-industry-falling


32. October 16, IDG News service – (National) Woman is first to plead guilty in notorious spam case. A woman accused of helping a spam kingpin send out tens of millions of unwanted e-mail messages each day has pleaded guilty to spam charges. She pleaded guilty to fraud and conspiracy charges October 14 in federal court in Michigan. She was arrested in January and charged with participating in a complex pump-and-dump stock scam that flogged Chinese penny stocks. With her guilty plea, she has agreed to cooperate with the U.S. Department of Justice as it pursues its case against ten other people, including the spam kingpin, who were allegedly involved in the scam. She claims the kingpin is a legitimate business operator, but antispam advocates have long considered him one of the world’s most prolific junk e-mailers. The Department of Justice claims that the kingpin and others used a botnet network of infected computers to send out tens of millions of spam messages per day. . Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117300&intsrc=news_ts_head


Communications Sector


33. October 16, The Times – (International) Internet phone calls are crippling fight against terrorism. The huge growth in Internet telephone traffic is jeopardizing the capability of police to investigate almost every type of crime, senior sources have told The Times. As more and more phone calls are routed over the web – using software such as Skype – police are losing the ability to track who has called whom, from where, and for how long. The key difficulty facing police is that, unlike mobile phone companies, which retain call data for billing purposes, Internet call companies have no reason to keep the material. The U.K.’s Home Secretary outlined plans Wednesday for a huge expansion of the government’s capability to access data held by Internet services, including social networking sites such as Facebook and Bebo, and gaming networks. The move follows growing concern among police and the security services that serious criminals and terrorists are using websites as a way of concealing their communications. Source: http://www.timesonline.co.uk/tol/news/uk/crime/article4951864.ece


34. October 16, Aurora Beacon News – (Illinois) NTSB investigating cause of helicopter crash. The National Transportation Surface Board (NTSB) says it is investigating whether the radio tower that an Air Angels helicopter clipped Wednesday night was properly lit, whether the pilot was flying high enough, and whether there were any mechanical problems. Four people were killed in the crash when the helicopter went down in a cornfield late Wednesday in Aurora, Illinois. A spokesman for the NTSB said Thursday that the helicopter’s rotor blade may have separated during flight, but he would not speculate on the cause. The agency will issue a preliminary report within a week, he said. He said the helicopter was flying about 50 feet below the top of the tower when the wire was clipped. He said NTSB was investigating whether lights on the tower were on at the time or could have been knocked out during the incident. “I can say that when I was out here last night after the accident that the lights on the tower were not lit,” he said Thursday. The Air Angels chief executive officer said the pilot did not report mechanical problems, and weather was not an issue. Source: http://www.suburbanchicagonews.com/beaconnews/news/1225432,aurora-helicopter-crash-sidebar-au101608.article

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, October 16, 2008

Complete DHS Daily Report for October 16, 2008

Daily Report

Headlines

 According to Newsday, a propane leak caused a blast at a drinking water pump station at the Brookhaven National Laboratory in New York on Monday night. Officials said a heavy ion particle accelerator at the lab, a quarter-mile from the water pump station, was never threatened by the blast. (See item 25)

25. October 15, Newsday – (New York) Brookhaven lab officials: Explosion no danger to public. Brookhaven National Lab officials stressed yesterday that there was “no risk to the general public” from a nighttime explosion at the facility. A propane leak caused a blast at a drinking water pump station at the Upton lab on Monday night. No one was hurt. Officials said the explosion was so loud it was reported by residents near the 5,000-acre government lab. The water pump station is a quarter-mile from a world-renowned heavy ion particle accelerator at the lab. Officials said the Relativistic Heavy Ion Collider, which is used to study the state of matter formed in the first microseconds of the universe, was never threatened by the blast that leveled the 680-square-foot concrete block pump building. In a prepared statement, officials also said local, county, and U.S. Department of Energy officials were all notified about the emergency. It is believed a leak caused propane gas to build up adding that a spark from other pumping equipment may have caused that gas to explode. The Suffolk County fire marshal was on site investigating the accident yesterday. A Brookhaven Lab spokeswoman said there was no evidence the explosion was linked to a malicious act. Source: http://www.newsday.com/news/local/suffolk/ny-libnl155884042oct15,0,4964717.story

 VNUNet.com reports that the Federal Trade Commission has shut down what it claims was the world’s largest network of spammers. The network had sent out billions of messages, according to the FTC which has received over three million complaints about the activities. (See item 33)

See the Information Technology section for details

Details

Banking and Finance Sector


5. October 14, Baltic Course – (International) Young Estonian IT experts turn criminal. Bank and credit card fraud has apparently become the new trend crime among Estonians, as police reports suggest Estonia’s IT literate younger generations are adapting their expertise to criminal ends. Estonian police say that this new illegal enterprise has now become the most common criminal activity by Estonians abroad, a status previously held by drug smuggling. The focus on foreigners has not gone unnoticed internationally with the U.S. Department of State offering travel warnings highlighting the frequency of bank fraud, and particularly credit card fraud, in Estonia. Earlier this year the U.S. and the U.K. witnessed the biggest credit card fraud operations in their respective histories; both were IT based attacks and both involved Estonians. An Estonian man was involved in an 11 strong internet-based operation which breached over 40 million U.S. credit cards in August, while a fellow countryman was jailed in the U.K. in April after his gang of five was found to have stolen 17 million pounds (243.2 million Kroons or 21.9 million Euros) via internet infiltration. Source: http://www.baltic-course.com/eng/Technology/?doc=6129


6. October 14, Bloomberg – (National) FDIC lifts coverage as customers flee Sovereign, WaMu. The Federal Deposit Insurance Corp. (FDIC) expanded deposit coverage as Sovereign Bancorp Inc. became at least the fourth major lender since July to suffer sudden withdrawals amid waning confidence in the banking system. The FDIC said today it will fully protect through 2009 non-interest bearing accounts that process payments for payrolls and are used by businesses. The new FDIC measures are aimed primarily at reassuring small-business owners. The FDIC said today it will also temporarily guarantee new senior unsecured debt such as commercial paper and transfers between banks. The agency in August said 117 banks were classified as “problem” in the second quarter, a 30 percent jump from the first quarter. The agency does not name the “problem” lenders. Source: http://www.bloomberg.com/apps/news?pid=20601213&sid=a3GGWUu48388&refer=home


7. October 14, KGW 8 Portland – (Oregon) State warns consumers of banking scam. The Oregon Department of Consumer & Business Services (ODCBS) is warning Oregonians about a scam targeted at people looking for loans. According to ODCBS, scam artists working under the name Oregon Bankers Lending Network are offering loans that require an advance payment. However, victims who have wired money to the company found no loans existed. Ten arrests were made and ten arrest warrants issued following a raid by police officers at an apartment complex outside Toronto, Canada. Documentation of 21 fraudulent businesses was found related to the scams in Oregon. Source: http://www.kgw.com/news-local/stories/kgw_101408_news_banking_scam.11086a01e.html


8. October 14, Contra Costa Times – (California) Scam targets customers of Butte Community Bank. Customers of Butte Community Bank are among those being targeted by scammers looking for credit card information. Customers are reporting to the bank that they have received night-time automated calls, saying that their credit card has been compromised and asking for their account numbers. The president of Butte said, “We find these things are coming from foreign countries.” One customer noticed the call emanating from a San Jose area code, but the phone number listed is for a legitimate Internet provider, which has been having problems with the scammers too. A garlic.com technician, who declined to be identified, said his company filed complaints with the Federal Communication Commission and FBI over the use of its phone number by scammers. Source: http://www.contracostatimes.com/california/ci_10714165


Information Technology


31. October 15, Webroot Software, Inc. – (International) Webroot(R) threat advisory: Hackers infecting computers with phony Verizon multimedia messages. Webroot has detected a new malicious download disguised as a legitimate multimedia message service (MMS). “We are now seeing hackers use the Verizon Wireless name to send spam e-mails to PC users who unknowingly open a fake MMS which launches a Trojan to drop infected files onto their computers,” said the director of Threat Research, Webroot. “Hackers typically use downloads like this to harvest users’ personal information -- not to mention soak up significant bandwidth from users’ computers.” PC users targeted with this fraudulent spam receive a MMS that, when opened, activates the download of a file called “VerizonMMS.4837192. “ Once downloaded, the file instantly infects the PC with malware and also establishes connections to external Web sites that infect the computer with additional malware. “While it’s no surprise hackers continue to evolve how they attack PC users, the sheer volume of Verizon Wireless customers who may be deceived by this new threat means its effect may be significant,” said Webroot’s senior vice president and general manager of Consumer Business. Source: http://www.marketwatch.com/news/story/webrootr-threat-advisory-hackers-infecting/story.aspx?guid={006A2E51-190D-4B06-A93F-B79070311461}&dist=hppr


32. October 14, Computing SA – (International) Malicious security update spammed out, coincides with Patch Tuesday. IT security and control firm, Sophos, is warning computer users to be on their guard following the discovery of a malicious Trojan horse spam campaign disguised as Microsoft’s monthly security bulletin. The messages were first discovered Monday and continued to cause problems October 14, coinciding with Microsoft’s monthly ‘Patch Tuesday’ cycle - when the software giant issues an update of genuine critical patches. Samples intercepted at SophosLabs have the subject line ‘Security Update for OS Microsoft Windows’ and claim to come from Steve Lipnser at securityassurance@microsoft.com. Running the attached file infects Windows computer users with the Mal/EncPk-CZ Trojan horse, and could give hackers control over your PC. ”Computer users need to learn that Microsoft never sends out security updates as e-mail attachments, and that they should always visit the genuine Microsoft Web site, or use automatic updating processes, to keep their systems current,” says the CEO of regional Sophos distributor, Sophos SA. ”By timing their attack to coincide with Microsoft’s genuine monthly patch cycle, the spammers are hoping to trick more unwary computer users who might be awaiting the update, keen to defend themselves against future cyber attacks,” he says. Sophos recommends that all computer users exercise caution when opening unsolicited e-mails, and ensure they are fully defending against attacks, including spam, phishing and malware. Source: http://www.computingsa.co.za/article.aspx?id=863027


33. October 14, VNUNet.com – (International) FTC shuts down major spam network. The Federal Trade Commission (FTC) has shut down what it claims was the world’s largest network of spammers. The network had sent out billions of messages, according to the FTC which has received over three million complaints about the activities. With spammers in Australia, New Zealand, China, India, Russia, Canada, and the U.S., the group is estimated to have been responsible for up to a third of all junk email. “The defendants used spam email to sell prescription drugs. They claimed that the medications came from a bona fide US-licensed pharmacy that dispenses FDA-approved generic versions of drugs such as Levitra, Avodart, Cialis, Propecia, Viagra, Lipitor, Celebrex and Zoloft,” said the FTC. “In fact, the defendants do not operate a US-licensed pharmacy. They sell drugs that are shipped from India.” The FTC named two individuals as responsible for the spam network - a New Zealand citizen living in Australia, and a resident of Texas - and four companies they control: Inet Ventures Pty, Tango Pay, Click Fusion and TwoBucks Trading. The FTC already has a $2.2 million judgment outstanding against Atkinson from a case in 2005 over a similar spamming incident. Source: http://www.vnunet.com/vnunet/news/2228226/ftc-shuts-world-biggest-spam


Communications Sector


34. October 15, Associated Press – (National) Researchers expect hackers to prey on cell phones. Security researchers say cell phones, and not just PCs, are the next likely conscripts into the automated armies. The mobile phone as zombie computer is one possibility envisioned by security researchers from Georgia Tech in a new report coming out Wednesday. The report identifies the growing power of cell phones to open a new avenue of attack for hackers. Of particular concern is that as cell phones get more computing power and better Internet connections, hackers can capitalize on vulnerabilities in mobile-phone operating systems or Web applications. Botnets, or networks of infected or robot PCs, are the weapons of choice when it comes to spam and so-called “denial of service attacks,” in which computer servers are overwhelmed with Internet traffic to shut them down. For example, botnets were used against Estonia’s government and financial Web sites in a devastating wave of attacks last year. Source: http://ap.google.com/article/ALeqM5gRjgkVOGDem-xjpJ0p8nfO73bX0wD93QN32O0