Department of Homeland Security Daily Open Source Infrastructure Report

Monday, November 2, 2009

Complete DHS Daily Report for November 2, 2009

Daily Report

Top Stories

 The BBC reports that BP has been fined a record $87m for failing to correct safety hazards at its Texas City refinery in the U.S on October 30. An explosion in 2005 at the Texas plant killed 15 people and injured 180 more. (See item 4)

4. October 30, BBC – (Texas) BP fined $87m for Texas explosion. BP has been fined a record $87m (£53m) for failing to correct safety hazards at its Texas City refinery in the U.S. An explosion in 2005 at the Texas plant killed 15 people and injured 180 more. The Occupational Safety and Health Administration (OSHA) cited 270 violations at the oil refinery, a U.S. Labor Department official said. BP said it believed it was in “full compliance” with a 2005 settlement agreement with OSHA and would work with the agency to resolve the issue. The $87m fine is the largest in OSHA’s history. In 2005, BP paid a $21.3m fine to OSHA and entered into a four-year agreement to repair hazards at the Texas City refinery, which is the third largest in the U.S. The latest fine follows a six-month inspection into whether BP had complied with that agreement. Source:

 According to Reuters, the U.S. Federal Bureau of Investigation (FBI) has lost 3 percent of its linguists and failed to sift through millions of documents as the agency’s workload of terrorism cases grows, according to a report issued on October 26. (See item 31)

31. October 26, Reuters – (National) FBI lagging on translation efforts: report. The U.S. Federal Bureau of Investigation (FBI) has lost 3 percent of its linguists and failed to sift through millions of documents as the agency’s workload of terrorism cases grows, according to a report issued on Monday. After the September 11, 2001 attacks, the FBI and U.S. intelligence agencies were widely and repeatedly criticized for failing to have enough linguists, especially for languages spoken in the Middle East, Pakistan and Afghanistan. In addition to losing 40 of the 1,338 linguists the FBI had at its peak in March 2005, the agency now takes 19 months on average to hire a contract linguist, up from 16 months, the Justice Department’s inspector general found. The report also found that the FBI fell short in its hiring goals last year in all but two of the 14 languages for which it had hiring goals, but the review did not identify which ones because that information was classified. While the FBI reviewed all of the 4.8 million foreign language documents and intercepts it collected for terrorism and criminal cases from fiscal year 2006 to 2008, 31 percent of some 46 million electronic files were not examined, most of them collected in fiscal 2008, the report said. Further, some 25 percent of the 4.8 million audio hours collected from wiretaps and other surveillance between fiscal 2003 and 2008 had not been reviewed, mostly counterintelligence information but also some English material, the report said. To wade through that backlog, it would take 100 linguists and other personnel more than seven years if they worked the typical 40 hours a week, according to the report. Included in the material that had not been reviewed were some 737 hours of audio and 6,801 electronic files, some of it in English, that were deemed part of the FBI’s top tier of counterterrorism and counterintelligence cases in fiscal 2008. Responding to the report, FBI Deputy Director said the agency’s translation capabilities, including hiring and retaining linguists, are better than ever before. “I am confident that with respect to counterterrorism translation matters, we have made progress to address our collected material in a timely way,” he said in a statement. “With regard to counterintelligence collections, we are doing a careful job of prioritizing and monitoring the most important material,” he added. Source:


Banking and Finance Sector

10. October 30, Reuters – (International) K1 hedge fund founder arrested in fraud probe. German authorities placed the founder of Germany’s K1 hedge fund group under arrest on October 29 in a multi-million-dollar corruption probe of a Caribbean-registered fund he ran. His arrest warrant said Barclays and BNP Paribas may have lost millions of dollars in the case, which prosecutors say spanned the Atlantic and featured lavish personal spending on planes, a helicopter and luxury properties. FBI agents in Miami also arrested a German wealth consultant and the founder’s business partner on money-laundering charges. Authorities are investigating the founder over allegations of fraud and breach of trust, the chief prosecutor in the southern German city of Wuerzburg, told Reuters. “There is a suspicion that the 50-year-old suspect did not comply with investment guidelines agreed with an English and a French bank among others and has used several millions in funds contrary to agreements,” prosecutors said in a statement. The case centers on the founder of K1 Global Sub Trust hedge fund, a psychologist by training who once sold ads for the Yellow Pages in Germany before moving into the financial sector. Barclays may have lost most of the nearly $220 million (133 million pounds) it invested with the fund, authorities said. The warrant for the founder, dated October 20, said France’s BNP Paribas invested $60 million with K1 between 2007 and 2008. Source:

Information Technology

32. October 30, Associated Press – (International) Cyberattacks traced To North Korea. The North Korean government was the source of high-profile cyberattacks in July that caused Web outages in South Korea and the United States, news reports said Friday. The IP address – the Web equivalent of a street address or phone number – that triggered the Web attacks was traced back to North Korea’s Ministry of Post and Telecommunications, the chief of South Korean’s main spy agency reportedly told lawmakers. The ministry leased the IP address from China, a individual of the National Intelligence Service told lawmakers Thursday, according to JoongAng Ilbo newspaper. South Korea’s Yonhap news agency carried a similar report. The spy agency declined to confirm the reports. Two lawmakers on parliament’s intelligence committee contacted Friday also refused to confirm the reports. The Unification Ministry, which monitors North Korea, said it cannot comment on intelligence matters. The July attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in the U.S. and South Korea. Affected sites include those of the White House and the South’s presidential Blue House. Source:

33. October 30, IDG News Services – (National) Spammer ordered to pay Facebook $711 million. Facebook was awarded $711 million in damages from a convicted spammer on Thursday, but the social networking site is hoping a separate criminal action will eventually send him to jail. Three men were sued by Facebook in February for allegedly obtaining the login credentials for accounts. The accounts were then used to send spam to those users’ friends starting around November 2008. The spam either linked to other phishing sites that sought to collect more Facebook account credentials or linked to other commercial Web sites that paid spammers for referrals. Facebook “doesn’t expect to receive the vast majority of the award,” according to a company blog. According to court filings, one of the men filed a bankruptcy petition in U.S. Bankruptcy Court for the District of Nevada earlier this year, although the petition was eventually dismissed. However, the U.S. District Court for the Northern District of California has sent a request to the U.S. Attorney’s Office to prosecute one of the men for criminal contempt. The court came up with the $711 million figure by awarding $50 per violation of the CAN-SPAM Act. Source:

34. October 29, Federal Bureau of Investigation – (International) Former CEO of YouSendIt charged with denial of service of attack. A former CEO of YouSendIt Inc., was indicted by a federal grand jury yesterday with four counts of mail fraud, a United States Attorney announced. The indictment states that between December 2008 and June 2009 the former CEO used the ApacheBench software program to launch four denial of service (DOS) attacks against YouSendIt’s servers. Each DOS attack temporarily rendered the servers incapable of handling legitimate network traffic and deprived YouSendIt’s customers use of the company’s services. YouSendIt is a company based in Campbell, California, that is engaged in the business of digital content delivery through the Internet. YouSendIt enables users to send, receive and track large files of digital data. According to the indictment, when the company was established in 2004, the former CEO was one of YouSendIt’s founders. He served as the company’s chief executive officer until August 2005. Thereafter, the former CEO served as the company’s chief technology officer until he departed from YouSendIt in November 2006. The maximum statutory penalty for each count of mail fraud in violation 18 U.S.C. §§ 1030(a)(5)(A) & (c)(4)(A) is five years imprisonment, three years of supervised release and a fine of $250,000, plus restitution if appropriate. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553. Source:

35. October 29, DarkReading – (International) New Honeypot mimics the web vulnerabilities attackers want to exploit. A next-generation Web server honeypot project is under way that poses as Web servers with thousands of vulnerabilities in order to gather firsthand data from real attacks targeting Websites. Unlike other Web honeypots, the new open-source Glastopf tool dynamically emulates vulnerabilities attackers are looking for, so it’s more realistic and can gather more detailed attack information, according to its developers. “Many attackers are checking the vulnerability of the application before they inject malicious code. My project is the first Web application honeypot with a working vulnerability emulator able to respond properly to attacker requests,” says the individual who created Glastopf. The creator who is also a student, built Glastopf through the Google Summer of Code (Gsoc) 2009 program, where student developers write code for open-source projects. His Web honeypot was one of the Honeynet Project’s Gsoc projects. Unlike other Web honeypots that use templates posing as real Web apps, Glastopf basically adapts to the attack and can automatically detect and allow an unknown attack. Glastopf uses a combination of known signatures of vulnerabilities and also records the keywords an attacker uses when visiting the honeypot to ensure it gets indexed in search engines, which attackers often use to find new targets. The project uses a central database to gather the Web attack data from the Glastopf honeypot sensors installed by participants who want to share their data with the database. Aside from researchers, ISPs and Web hosting companies could use Glastopf to collect data about ongoing attacks, the creators mentor says. “They can, for example, find compromised servers in their space that host PHP bots, or other data related to remote file inclusion vulnerabilities,” he says. The Glastopf creator says he’s working with ISPs in Germany and France, as well as universities in Germany and an anti-abuse team in the Netherlands, on the project. The organizations hope to use the honeypot data to generate abuse tickets, shut down servers that are hosting malware, and to track the bad guys. “We are planning to set up a publicly accessible Web interface to your central database to illustrate the impact of Web-based attacks against Web applications,” he says. Source:

36. October 29, IDG News Services – (National) U.S. cyber war policy needs new focus, experts say. U.S. policies toward defending against cyber warfare need to take a different approach than the government has against other forms of attack, three cybersecurity experts said on October 29. It will be difficult for the U.S. government to voice and follow through with a policy of cyber deterrence, like it has with nuclear attacks, said a senior management scientist specializing in cybersecurity at Rand, a nonprofit think tank. First, it’s difficult to identify attackers, especially when some nations appear to be sponsoring private attackers, he said during a meeting of the Congressional Cyber Caucus in Washington. But it may also be difficult for the U.S. to follow through with threats of counterattacks, when U.S. cyber experts don’t know how much damage the attacks could do, he added. With cyberattacks, some countries may be willing to gamble on the U.S. capability, unlike with nuclear attacks, he said. “Any deterrence policy is designed to scare people away,” he said. “The problem is, though, if you can’t execute it, you’re bluffing. It’s possible to believe people will call our bluff. If it turns out we can’t do what we say, we not only look embarrassed for ourselves, but we end up calling all of our other deterrents into question.” The senior management scientist and two other cybersecurity experts, talking to members of the Congress and their staff members, said that crafting the right cyber war policy will be difficult. The forum was organized by members of Congress interested in cyber defense policy. Source:

37. October 28, DarkReading – (International) Facebook phishing attack powered by Zeus botnet, researchers say. A new attack on Facebook users is a cunning combination of social engineering, Trojan horses, and botnets, according to researchers who’ve been studying it. The new phishing email, which masquerades as a message from Facebook, promises to give users a new and easier login process. The “new login system” is thoughtfully sent with the user’s username already filled in, researchers say. All the user has to do is “give your password to update your account.” According to a blog by researchers at security company AppRiver, the phishing attack has been spotted on smartphones using Facebook applications, where it carries the actual Facebook logo. AppRiver says the attack emanates from the Zeus botnet, and researchers are seeing “Facebook phishing emails at a rate of about 1,000 messages per minute per domain used, with about 30 domains being utilized. That’s 30,000 messages per minute from this botnet, or 500 per second. On top of that, we’ve already seen about 1.65 million messages from this campaign.” In some cases, the exploit has been seen as an official Facebook message that asks the reader to click on a link to receive an updated Facebook password. Clicking on that link causes the user to download the Bredolab Trojan, according to researchers at MX Lab. Source:

Communications Sector

38. October 30, Monroe News-Star – (Louisiana) 600 Sicily Island residents without telephone service. About 600 Sicily Island, Louisiana, residents are without home telephone service after an AT&T fiber optic cable snapped Wednesday night and fell into the Mississippi River. AT&T said the company has ordered a replacement cable and will install it as soon as it arrives. “We’re scrambling to replace it as soon as possible,” an AT and T representative said. “Our crews will work around the clock to get it done.” The representative said she believed the cable was downed by inclement weather. She did not have an estimate on when service will be restored. Source:

39. October 29, Pine Journal – (Minnesota) FCC mandates county to upgrade radio communications system. Carlton County, Minnesota, will soon join other counties throughout the nation in facing a costly upgrade of its public radio communications system. In a series of reports to the county board on Monday, commissioners learned that the Federal Communications Commission (FCC) has mandated that all entities utilizing public radio communications systems must upgrade to a narrowband system by January 1, 2013. What that boils down to is the necessity to migrate to radio frequencies of a narrower band width that will accommodate more information while at the same time taking up less radio spectrum. Most current public safety radio systems currently use 25 kHz-wide channels, but beginning in 2013, the FCC will require that all non-Federal public safety licensees migrate to narrowband 12.5 kHz channels. At an undetermined date in the future, that requirement will likely be reduced still further to 6.25 kHz. The move comes, in part, in the face of a rapidly increasing demand for radio frequencies due to the prevalence of cell phones and other personal communications devices. Source:

No comments: