Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 23, 2008

Complete DHS Daily Report for December 23, 2008

Daily Report

Headlines

 According to an online report in the Wall Street Journal, braking problems may be to blame for a Continental Airlines flight running off a runway in Denver on Saturday, leaving many of those on board with injuries. (See item 17)

17. December 22, Reuters – (Colorado) Brakes looked at in Continental runway incident: report. Braking problems may be to blame for a Continental Airlines flight running off a runway in Denver this weekend, according to an online report in the Wall Street Journal on Sunday. On Saturday, a Continental-operated Boeing 737 failed to take off from Denver en route to Houston. The airplane subsequently ran off the runway, dramatically catching on fire, and leaving many of those on board with injuries. The Journal, citing people familiar with early data gathered by investigators, said preliminary indications point to a braking malfunction. No safety officials have officially commented, according to the report. “We can not speculate on the cause of the accident,” said a Continental spokeswoman, adding that the National Transportation Safety Board is in charge of the accident investigation. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN2146567620081222

 USA Today reports that communities nationwide have repaired fewer than half of the 122 levees identified by the government almost two years ago as too poorly maintained to be reliable in major floods, according to U.S. Army Corps of Engineers data. (See item 35)

35. December 22, USA Today – (National) Most levee repairs lagging. Communities nationwide have repaired fewer than half of the 122 levees identified by the government almost two years ago as too poorly maintained to be reliable in major floods, according to U.S. Army Corps of Engineers data. State and local governments were given a year to fix levees cited by the Corps for “unacceptable” maintenance deficiencies in a February 2007 review that was part of a post-Hurricane Katrina crackdown. Only 45 have had necessary repairs, according to data provided in response to a USA Today request. The remaining unrepaired levees are spread across 18 states and Puerto Rico — most in California and Washington. In an effort to put pressure on state and local governments, the Corps has removed many of the unacceptable levees from the Corps’ inspection program, making them ineligible for federal rehabilitation funding if they are damaged by floodwaters. Property owners behind those levees also could be required to buy flood insurance if the Federal Emergency Management Agency finds that the maintenance problems leave them unprotected against a 100-year flood. If communities with unrepaired levees are in the process of fixing them, they can apply for readmission to the Corps’ inspection program once the work is done. Only a fraction of the nation’s levees are inspected by the Corps. Levees in the inspection program typically were built by the Corps and turned over to local governments for maintenance. Source: http://www.usatoday.com/news/nation/2008-12-21-levees_N.htm

Details

Banking and Finance Sector


13. December 22, Bloomberg – (National) FBI uses triage to shift from terror to Madoff, subprime probes. The Federal Bureau of Investigation has engaged in “triage,” taking agents off terror and other crimes to respond to a cascade of financial frauds, the head of the bureau’s New York criminal division said. The FBI was forced to reallocate its manpower in New York to deal with recent frauds involving subprime mortgages, auction-rate securities, and a well-known stock broker, who prosecutors said confessed this month to bilking investors out of $50 billion. “We have to work those cases which we think pose the greatest threat,” he said. “In this case, it is a threat to the financial system and Wall Street.” Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aVHDu98R3s6s&refer=home


14. December 22, Nashville Business Journal – (National) Survey: Workers facing layoffs could be security threat. Fifty-eight percent of Wall Street office workers surveyed say they would take valuable company data with them if faced with a layoff, if they knew they could get away with it. The survey on the recession and its effects on work ethics were conducted among 226 office workers on New York City’s Wall Street by IT security firm Cyber-Ark. The survey found that many office workers are downloading sensitive company secrets right now under their bosses’ noses in anticipation they could lose their jobs. Among the survey’s findings were more than half the workers surveyed who admitted to already downloading competitive corporate data said they would use it as a negotiating tool to secure their next post because they know the information will be useful to future employers. The top-of-list of desirable information being extracted from employers is customer and contact databases. Plans and proposals, product information, and access and password codes are also popular choices. HR records and legal documents were the least favored data employees were interested in taking. Finally, 62 percent of workers admitted it was easy to sneak company information out of the office.

Source: http://www.bizjournals.com/nashville/stories/2008/12/22/daily3.html

15. December 22, KRNV 4 Reno – (Nevada) Reno residents contacted in apparent credit scam. The Reno Police Department is now investigating an alleged credit card scam. Reno residents say they received a phone call with a recorded message saying there was concern about their credit card account activity. The recording then asks them to key in a 14 digit credit card number. The Reno Police Department says subscribers of T-Mobile and Sprint cell services have also reported getting text messages saying their services would be disconnected if they did not respond with private information such as their social security number and street address. The fraud crimes unit of the Reno Police Department is now looking into all of the complaints. Source: http://www.krnv.com/Global/story.asp?S=9563092&nav=8faO

Information Technology


32. December 20, PC World – (International) Opera plugs ‘severe’ browser hole. Opera has released a security fix for seven flaws in its Web browser, Opera 9.6. Opera says the fix, which only applies to machines running Windows, covers two flaws categorized as “extremely severe” and three listed as “highly severe.” The “extremely severe” flaws could allow a hacker to take control of a PC, while those rated as “highly severe” leave PCs open to attack if users open Web sites hosting malicious software. In an advisory, Opera said the patch was a “recommended security upgrade.” Source: http://www.pcworld.com/article/155854/opera_plugs_severe_browser_hole.html


33. December 19, Reuters – (National) U.S. not ready for cyber attack. The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on December 18 after participating in a two-day “cyberwar” simulation. The game involved 230 representatives of government defense and security agencies, private companies, and civil groups. It revealed flaws in leadership, planning, communications, and other issues, participants said. “There isn’t a response or a game plan,” said senior vice president of the Booz Allen Hamilton consulting service, which ran the simulation. “There isn’t really anybody in charge,” he told reporters afterward. Officials cited attacks by Russia sympathizers on Estonia and Georgia as examples of modern cyberwarfare, and said U.S. businesses and government offices have faced intrusions and attacks. Source: http://uk.reuters.com/article/technologyNewsMolt/idUKTRE4BI00520081219?sp=true


Communications Sector


34. December 22, Media Line – (International) Plan for $400m undersea Mideast Internet cable. Several telecom companies in the Middle East are planning to invest in a joint undersea cable to prevent cable cuts, such as the one that disrupted Internet services last week. Saudi Telecom, Telecom Egypt, Lebanon’s Ogero, and the United Arab Emirates’ Etisalat will spend $400 million over the next two years on a link between India and Europe. The project will also involve Indian and European operators and is intended to avoid Internet disruptions when cables are severed, the Middle East economic magazine MEED reported. Lines running under the Mediterranean Sea were damaged on Friday, causing Internet and telephone disruptions throughout the region. The exact cause of the damage was unclear. A French repair crew has begun repairing the damaged lines. Source: http://www.allheadlinenews.com/articles/7013490230

Department of Homeland Security Daily Open Source Infrastructure Report

Monday, December 22, 2008

Complete DHS Daily Report for December 22, 2008

Daily Report

Headlines

 According to Reuters, a New York man pleaded guilty on Thursday to posting videos on YouTube in which he claimed he had arranged to poison millions of containers of Gerber baby food. (See item 15)

15. December 18, Reuters (National) NY man pleads guilty to YouTube baby food threat. A New York man pleaded guilty on Thursday to posting videos on YouTube in which he claimed he had arranged to poison millions of containers of Gerber baby food with the intent to kill babies. The 43-year-old, who called himself ”Trashman,” pleaded guilty to one count of transmitting threats in interstate commerce and faces a maximum sentence of five years in prison, said an acting U.S. attorney. The defendant posted his first video — in which he wore a black mask — on April 20, 2008, and followed up with a further two videos, posted on July 24 and July 27. “In the video, entitled “gerbersbabyfoodalert,” the defendant stated that Gerber employees acting at his direction had poisoned millions of bottles of Gerber baby food, to kill babies who ate it,” the U.S. attorney said in a statement. “The defendant further stated that it was “too late” to do anything about the poisoned baby food because it had already been shipped to consumers,” he said. Gerber, which is owned by Switzerland-based Nestle, found no evidence that anyone had tampered with its baby food. Source: http://uk.reuters.com/article/governmentFilingsNews/idUKN1841371220081218

 Bloomberg reports that Internet and telephone communications between the Middle East and Europe were disrupted by submarine cable failures between Italy and Egypt in the Mediterranean Sea. (See item 23)

See item 23 in Communications Sector below

Details

Banking and Finance Sector


7. December 19, DarkReading – (International) Researchers hone in on ‘dropzones’ for stolen credentials. Researchers at the University of Mannheim’s Laboratory for Dependable Distributed Systems in Germany have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people. The researchers were able to access nearly 100 so-called “dropzone” machines, and say the actual number of these servers is much more. “With our limited amount of machines, we found more than 300 dropzones, and we covered only two families of banking Trojans. In total, there are presumably many more,” said one of the researchers and a founder of the German Honeypot Project. The researchers were studying what they call “impersonation attacks,” where victims’ credentials are stolen so that the attacker can impersonate them. The researchers basically traced the steps of specific keyloggers and banking Trojans between April and October 2008, finding that one-third of the machines infected by this data-stealing malware are in Russia or the United States. Overall, the 170,000 victims whose data they discovered in the dropzones were from 175 different countries. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212501236


8. December 19, Associated Press – (National) Lawsuit filed against Countrywide over ID breach. A New Jersey couple is suing Countrywide Financial Corp. and two other people claiming the company allowed a security breach involving detailed financial information from more than two million customers. The couple of Mount Holly, New Jersey, want a judge to grant class-action status to claims that an employee of the mortgage giant stole detailed financial information from customers, sold it to another person, who then sold it to an unknown number of companies. The suit filed in federal court in Paducah, Kentucky, on Thursday is one of more than 30 filed nationally. All the suits have been transferred to Kentucky. Source: http://www.forbes.com/feeds/ap/2008/12/19/ap5843234.html


Information Technology


21. December 19, ComputerWeekly – (International) Firefox browser patched for critical security flaws. Mozilla has released critical security updates to its Firefox browser, its Thunderbird e-mail client, and its SeaMonkey application suite. The flaws addressed by the updates could expose users’ sensitive information to remote hackers. Users are being advised to update their Firefox browser to version 3.0.5, which was released last week. They are also advised to update to version 2.0.0.19 of Thunderbird and version 1.1.14 of SeaMonkey. The browser vulnerabilities were found in earlier versions of Firefox 3, as well as in versions of Firefox 2. Microsoft updated its own Internet Explorer browser with an “out of cycle” critical security patch earlier last week. Source: http://www.computerweekly.com/Articles/2008/12/19/234004/firefox-browser-patched-for-critical-security-flaws.htm


22. December 19, Computerworld – (International) Hackers exploit IE bug with ‘insidious’ Word docs. Attackers are hiding malicious ActiveX controls that make it call out to the site that’s hosting the malware in Word documents. Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, a security company said December 18. “Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that’s hosting the malware,” said the director of security research and communications for McAfee ‘s Avert Labs. “This is a pretty insidious way to attack people, because it’s invisible to the eye, the communication with the site.” The rogue documents can be delivered as attachments to spam e-mail or offered up by hacked sites. Attackers have been exploiting the IE bug since at least December 9, when reports first surfaced about malicious code found in the wild and on several Chinese hacker servers. McAfee was one of the first security companies to report the emerging exploit. Since then, Microsoft acknowledged the bug, and has offered up a series of advisories urging users to take protective steps until December 17, when the company released the patch. Source: http://www.infoworld.com/article/08/12/19/Hackers_exploit_IE_bug_with_insidious_Word_docs_1.html


Communications Sector


23. December 19, Bloomberg – (International) Severed cables in Mediterranean disrupt communication. Internet and telephone communications between the Middle East and Europe were disrupted by submarine cable failures between Italy and Egypt in the Mediterranean Sea. The failures cut the flow of “data of various kinds” between Europe and the Middle East, and there is no timeframe for when communications will be restored, said the director of assurance at Mumbai-based Reliance Globalcom Ltd. Three submarine cable systems linking Southeast Asia, the Middle East, and Europe are affected, according to Reliance and Melbourne-based Telstra Corp. The cables run from Alexandria in northern Egypt to southern Italy. In January, two cable systems were severed by an anchor 5.2 miles from Alexandria beach after bad weather conditions forced ships to moor off the coast. Source: http://www.bloomberg.com/apps/news?pid=20601085&sid=aFM6PQsd6i2Q&refer=europe