Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 28, 2008

Complete DHS Daily Report for November 28, 2008

Daily Report

Headlines

 The Associated Press reports that a part-time assistant harbor master on Cape Cod has been charged by federal authorities with pretending to be an armed federal agent so he could bypass security at Logan International Airport in Massachusetts. (See item 11)

11. November 26, Associated Press – (Massachusetts; National) Cape Cod harbor master charged with being fake fed. A part-time assistant harbor master on Cape Cod has been charged by federal authorities with pretending to be an armed federal agent so he could bypass airport security. The man from Rockland was freed on $50,000 unsecured bond following his initial appearance Tuesday in U.S. District Court in Boston. He was flying from Boston to San Diego on January 1, 2007, when he approached an American Airlines ticket counter at Logan International Airport and flashed a badge he carries as a part-time assistant harbor master in Chatham, according to federal prosecutors. The man, a medical supplies salesman, also filled out a “flying while armed” form and wrote that he worked for the U.S. Department of Homeland Security, prosecutors said. He did not bring a gun on the plane. He allegedly did the same on his return trip to Boston three days later. But this time, according to court documents, he was invited into the cockpit, was told the identity of the two air marshals on the flight, and was informed who else on the plane was armed. The man told WHDH-TV that he volunteered for a Coast Guard subcommittee, which is a division of Homeland Security. He is charged with impersonating a federal agent and making false statements. The case took almost two years to come to light so federal authorities could tighten airport security and prevent similar incidents, said a spokeswoman for the U.S. attorney’s office. “The flying public can be assured that this has led to a change of procedures to ensure that credentials are properly vetted,” said a spokeswoman for the Transportation Security Administration. Source: http://www1.whdh.com/news/articles/local/BO96509/


 According to eWeek, Google says GeekCondition.com’s claims about a Gmail vulnerability are incorrect. The issue is just an example of a successful phishing attack targeting Web domain owners, Google says. (See item 29)

See Information Technology section below for details

Details

Banking and Finance Sector


7. November 26, Wall Street Journal – (National) Mortgage rates fall as U.S. expands rescue. U.S. officials pledged to pump another $800 billion into ailing credit markets, much of it directly from the Federal Reserve. The Fed, whose traditional lending role has been to make emergency loans to banks, plans to purchase in coming months up to $600 billion of debt issued or backed by Fannie Mae, Freddie Mac, Ginnie Mae, and Federal Home Loan Banks, all mortgage-finance businesses with close ties to the government. The Treasury Secretary announced plans to try and help banks loan money out to people faster. But critics say that “throwing money at the problem” is what spurred the crisis to begin with. In addition, with support from the U.S. Treasury, the Fed will provide up to $200 billion in financing to investors buying securities tied to student loans, car loans, credit-card debt, and small-business loans. The intervention, the latest in a series of unprecedented government actions, immediately pushed down rates on 30-year mortgages by as much as one-half percentage point. Source: http://online.wsj.com/article/SB122761978389056335.html


8. November 25, New Jersey Star Ledger – (New Jersey) ID theft ring targeted NJ home equity lines of credit. Four men were arrested Monday in connection with an international identity theft scheme that siphoned at least $2.5 million from home equity lines of credit at dozens of banks, including at least eleven in New Jersey, authorities said. The suspects targeted homeowners with big credit lines at large and small financial institutions, including Citibank, JPMorgan Chase, and credit unions in Basking Ridge, Bridgewater, and Toms River, authorities said. They used stolen personal data and technological tricks to fool bank employees into transferring funds to accounts in at least seven countries, authorities said. “Home equity lines of credit are an expanding front in the battle against mortgage fraud,” a U.S. attorney said. Monday’s arrests follow an FBI investigation that began in November 2007. Source: http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-12/1227591361311770.xml&coll=1


9. November 25, Washington Post – (National) FDIC chair: more problem banks. The FDIC chairwoman said Wednesday that the number of “problem” banks and thrifts in the third quarter rose from 117 at the end of the second quarter of this year to 171 at the end of the third quarter, the highest level since 1995. “Community banks — those with total assets of under $1 billion — are beginning to exhibit stresses similar to those facing the industry as a whole,” the FDIC said. “However, capital levels and reliance on retail deposits remain higher at these banks than the industry average.” More people are putting their money in banks, the FDIC reported. Estimated insured deposits were up by 1.8 percent in the third quarter and 7.1 percent over the past four quarters, the agency said. Source: http://voices.washingtonpost.com/economy-watch/2008/11/fdic_chair_more_problem_banks.html?hpid=topnews

Information Technology


27. November 26, Softpedia – (International) Widespread malware attacks target Windows 7, Vista SP1, and XP SP3 vulnerability. Microsoft confirmed not only that malware attacks designed to take advantage of a Server Service vulnerability, affecting both Windows client and server versions of the platform, were no longer isolated and targeted cases, but also that infections with malicious code had been detected. On November 25, a Microsoft Security Response Center communications manager, and senior program manager and response coordinator, revealed that the company was aware of a new wave of attacks, targeting a vulnerability rated as critical, for which Microsoft Security Bulletin MS08-067 had been released in October as an out-of-band patch. The security update was designed to integrate with a variety of Windows operating systems, including Windows Vista SP1, Windows XP SP3, and even Windows 7. Microsoft pointed out that there were two pieces of malware associated with attacks exploiting the Server Service vulnerability: Win32/Conficker.A (also TA08-297A, CVE-2008-4250, VU827267 W32.Downadup (Symantec)) and Win32/IRCbot.BH (Win32/IRCBot.worm.Gen (AhnLab); Win32/IRCBot!generic (CA); WIN.IRC.WORM.Virus (Dr.Web); Exploit-DcomRpc.gen (McAfee); Mal/IRCBot-B (Sophos); Purple Exploit). According to Microsoft, Win32/Conficker.A even patches the very API vulnerability, which it uses to infect machines, in order to prevent any further exploits to take advantage of the security hole. The senior program manager and response coordinator explained that the majority of infection reports were generated in the United States, but that the worm was also detected in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina, and Chile. At the same time, Win32/Conficker.A completely avoids to exploit and infect Ukrainian computers. Source: http://news.softpedia.com/news/Widespread-Malware-Attacks-Target-Windows-7-Vista-SP1-and-XP-SP3-Vulnerability-98716.shtml


28. November 25, eWeek – (International) Spam levels creep back up 2 weeks after McColo shutdown. Spam levels are heading back up after dropping dramatically following the shutdown of Web hosting company McColo. According to Symantec security research, some notorious botnets are back in action. Spam levels appear to be rising again after a steep decline. According to researchers at MessageLabs, now part of Symantec, spam volumes have doubled since last week. Spam levels dropped off dramatically with the shutdown of Web hosting company McColo on November 11. Though the firm briefly gained new life the weekend of November 15, it was quickly shut down again, and spam at first remained at relatively low levels. In a blog post, Symantec Security Response noted that in addition to overall spam volumes being up, the percentage of spam messages containing the text/HTML content type mime part have jumped to 55 percent of all spam. Since the McColo takedown, that percentage has been around 34 percent. This change indicates that a return to normal spam activity could be in the works, according to the blog. Source: http://www.eweek.com/c/a/Security/Spam-Levels-Creep-Back-up-Two-Weeks-After-McColo-Shutdown/


29. November 25, eWeek – (International) Google says reports of Gmail flaw unfounded. Google says GeekCondition.com’s claims about a specific Gmail vulnerability are incorrect. The issue is just an example of a successful phishing attack targeting Web domain owners, Google says. Google officials have challenged the assertion that a Google Gmail security flaw was at the center of an issue described on the GeekCondition.com blog. A posting on GeekCondition.com November 23 warned of a flaw allowing attackers to force Gmail users to create a malicious message filter without their knowledge. As a result, the post said, attackers could hijack messages sent to a victim’s Gmail account by redirecting messages into the trash and forwarding copies to the attacker. Google, however, explained that the source of the problem was not a flaw in Gmail, but a phishing scheme in which attackers sought to lure Web domain owners to rogue sites so their information could be stolen. Source: http://www.eweek.com/c/a/Security/Google-Says-Reports-of-Gmail-Flaw-Unfounded/


Communications Sector

30. November 26, Associated Press – (Texas) Texas to test wireless call blocking in prison. Texas officials plan to test cell phone jamming technology after a prison system lockdown and search turned up hundreds of smuggled mobile devices. The test has been proposed for December 18 at the Travis County state jail in Austin. The House Corrections Committee Chairman said he requested the test. Officials at the Texas Department of Criminal Justice were working to set up the demonstration, said an agency spokeswoman. Florida-based CellAntenna Corp., which recently conducted a similar test in South Carolina, has agreed to do the Texas demonstration. Prison officials from several states gathered at a South Carolina prison on Friday to see how the equipment blocks wireless calls. The technology prevents cell tower transmissions from reaching the phone. Regulators can grant permission to federal agencies to use the technology, but federal law prevents State and local agencies from jamming cell phone signals. Still, prison officials hope they will be granted permission to use the blocking technology. Critics say it is impossible to contain the jamming technology to one or two buildings, and that using it runs the risk of affecting people using phones nearby. Source: http://www.chron.com/disp/story.mpl/headline/metro/6133209.html

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, November 26, 2008

Complete DHS Daily Report for November 26, 2008

Daily Report

Headlines

 According to Continuity Central, a new University of Minnesota report is the first to conceptualize what happens when a pandemic disrupts the fuel supply chain for electricity. (See item 1)

1. November 25, Continuity Central – (National) U.S. electrical supply is highly vulnerable during pandemic conditions. Reliable mining and delivery of coal, which generates nearly half the United States’ electricity, must be safeguarded to keep water and sewerage systems running, lights on, and vaccine and critical drugs available during a pandemic, according to a new University of Minnesota report, “Pandemic Influenza, Electricity, and the Coal Supply: Addressing Crucial Preparedness Gaps in the United States.” The report is the first to conceptualize what happens when a pandemic disrupts the fuel supply chain for electricity. The authors outline a four-point plan to reduce the risk of losing electricity, particularly in large portions of the Midwest and Eastern states during a pandemic. The authors challenge policymakers and industry leaders to take the following steps: build and maintain coal stocks at power plants year-round at the same level the industry maintains for summer months; place coal miners and supporting infrastructure personnel in the highest priority levels for pandemic response; plan for disruptions in the coal supply chain; and anticipate and develop strategies for responding to disruptions in electrical service. Source: http://continuitycentral.com/news04288.html

 The Seattle Post-Intelligencer reports that about 20 operators who dispatch Seattle police to emergency calls had to be evacuated Monday afternoon after a potentially hazardous material was found in the dispatch center. (See item 23)

23. November 24, Seattle Post-Intelligencer – (Washington) Possible hazardous liquid in 911 dispatch center. About 20 operators who dispatch Seattle police to emergency calls had to be evacuated Monday afternoon after a potentially hazardous material was found in the dispatch center. A few dispatchers remained to handle calls. About a half-hour later, all dispatchers began returning after emergency crews found nothing amiss with the air in the center. A spokeswoman for the Seattle Fire Department said the unknown liquid was discovered on the first floor of the call center. Medics treated three people on the scene for minor symptoms, including watery eyes, she said. A private ambulance took one person, who has asthma, to a hospital. A second group of firefighters checked the center, but found nothing hazardous. Source: http://seattlepi.nwsource.com/local/389206_hazmatt25.html?source=mypi

Details

Banking and Finance Sector


8. November 25, Kerrville Daily Times – (Connecticut) Text scam tries to fool bank customers. The Bank of the Hills Regional CEO is warning customers not to give information to unknown sources after area cell phones owners were inundated with text messages that stated that Bank of the Hills debit cards had been deactivated. The message also provided a reactivation phone number. According to the CEO, the text messages were sent out beginning Friday to Verizon and Sprint customers and blanketed the area. The Kerrville Police Department received two reports of the scam as of Monday afternoon. Callers to the number were offered two options — to activate the card or to change the PIN number. After choosing an option, callers are prompted to give personal information, such as their debit card and personal identification numbers A KPD spokesman said one of the victims’ bank accounts was emptied the day after responding to the text. Source: http://unified-communications.tmcnet.com/news/2008/11/25/3812984.htm


9. November 24, Business First of Columbus – (California) U.S. Bancorp takes over 2 California banks. U.S. Bancorp took over Downey Savings and Loan Association F.A. and PFF Bank & Trust late Friday, ending several weeks of speculation about the financially strapped, southern California institutions. The Federal Deposit Insurance Corp. handled the deal, ensuring that the combined 213 California branches of both banks will reopen as U.S. Bank. Customer deposits will automatically transfer to U.S. Bank, owned by Minneapolis-based U.S. Bancorp, while all accounts are insured by the FDIC. Source: http://www.bizjournals.com/columbus/stories/2008/11/24/daily6.html


Information Technology


25. November 25, InformationWeek – (International) Windows Vista, Multimedia Codec vulnerabilities found. Security researchers at Phion AG, an Austrian firewall company, report that Windows Vista has a TCP/IP vulnerability that could allow a local attacker to take control of an affected system. The vulnerability has been tested on Microsoft Windows Vista Enterprise (32-bit and 64-bit) and Microsoft Windows Vista Ultimate (32-bit and 64-bit). The researches consider it likely that other versions of Vista are affected. Windows XP, however, is not affected. Certain administrative rights are required for the vulnerability to be exploited. This makes it a risk primarily in malicious insider scenarios. The advisory states that Phion notified Microsoft on October 22. It is not immediately clear when Microsoft will address the issue. In any event, Phion’s advisory includes details about a temporary fix. Meanwhile, Vietnamese security research group Bach Khoa Internetwork Security (BKIS) has identified a buffer overflow vulnerability in the open source ffdshow multimedia codec that can be used to compromise computers using any Internet browser in which the Windows Media Player plug-in has been installed. The flaw has to do with the way the ffdshow software handles media streams. Upon parsing an extremely long link, ffdshow runs out of memory and returns a buffer-overflow error. This could be exploited by an attacker to execute remote code on the victim’s computer. Source: http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=212200255


Communications Sector

Nothing to report