Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, December 31, 2009

Complete DHS Daily Report for December 31, 2009

Daily Report

Top Stories

 Food Safety News reports that an E. coli outbreak tied to a nationwide recall of mechanically tenderized steaks is now linked to 21 illnesses in 16 states, according to public health officials. Oklahoma-based National Steak and Poultry announced last week it was initiating the recall. (See item 29)


29. December 30, Food Safety News – (National) E. coli outbreak expands to 16 states. An E. coli O157:H7 outbreak tied to a nationwide recall of mechanically tenderized steaks is now linked to 21 illnesses in 16 states, according to public health officials. Oklahoma-based National Steak and Poultry (NSP) announced last week it was initiating a recall of processed steak products after the Centers for Disease Control and Prevention (CDC) and the U.S. Department of Agriculture’s (USDA’s) Food Safety and Inspection Service (FSIS) identified a cluster of E. coli O157:H7 illnesses. According to the FSIS release, the outbreak is linked to illness in 6 states: Colorado, Iowa, Kansas, Michigan, South Dakota, and Washington, but a CDC spokeswoman confirmed this morning that 16 states are reporting E. coli cases tied to the outbreak. FSIS’s initial release also indicates that the product was distributed to restaurants across the country. According to NSP the product was distributed to Moe’s Southwest Grill, Carino’s Italian Grill, and KRM restaurants located primarily in the 6 states initially connected to the outbreak. Neither the CDC nor FSIS has released a complete list of states involved in the outbreak. There are 10 states with illnesses connected to the outbreak that have yet to be named. Source: http://www.foodsafetynews.com/2009/12/thechristmas-eve-recall-of-almos


 Foster’s Daily Democrat reports that about 80 people will be offered antibiotics and the anthrax vaccine after tests confirmed the presence of the disease at the drumming room of the United Campus Ministry’s Waysmeet Center in Durham, New Hampshire. A young woman who attended a December 4 event has tested positive for gastrointestinal anthrax — the first such case in U.S. history. (See item 51)


51. December 30, Foster’s Daily Democrat – (New Hampshire) About 80 offered antibiotics after anthrax scare in Durham. About 80 people will be offered antibiotics and the anthrax vaccine after tests confirmed the presence of the disease at the drumming room of the Waysmeet Center. The medicine is being offered to people who took part in an West African drumming event at the center on December 4 and another 20 who had access to the building, along with two lab workers at risk of exposure. Meanwhile, the young Strafford County woman who attended the event and has tested positive for gastrointestinal anthrax — the first such case in U.S. history — remains in critical condition at an undisclosed out-of-state hospital. An adviser to New Hampshire’s division of public health services, said the state is contacting those 80 people and is merely offering the medicine, which is typically taken for 60 days, out of precaution because “this is a very low-risk situation.” So far, health officials believe “vigorous” drumming may have dispersed an anthrax spore into the air, where it was “briefly suspended” before the woman swallowed or inhaled it, causing it to end up in her digestive tract, the advisor said. The center is home to United Campus Ministry that is independent of the University of New Hampshire but offers a residential community for students. It remains closed per an order of the state Department of Health and Human Services. The advisor said environmental samples taken from electrical outlets in the drumming room came back positive for anthrax late Monday. Source: http://www.fosters.com/apps/pbcs.dll/article?AID=/20091230/GJNEWS_01/712309957/-1/FOSNEWS


Details

Banking and Finance Sector

13. December 30, IT Business Edge – (International) Laptop theft puts MBNA customers at risk. MBNA has confirmed that customer data has been compromised following the theft of a laptop from the offices of credit and finance firm NCO Europe. According to SC Magazine, the laptop contained some personal details, but no PIN numbers. An MBNA spokesman said they believe that none of the details had been used fraudulently. Still, the company is offering affected customers free access to CreditExpert from Experian for the next 12 months. Source: http://www.itbusinessedge.com/cm/community/news/sec/blog/laptop-theft-puts-mbna-customers-at-risk/?cs=38435


14. December 30, KYW 3 Philadephia – (Pennsylvania) Suspect robs Delaware County bank using a bomb threat. The bomb squad was called to the scene after reports of a bank robbery in Delaware County Wednesday morning. Police said a suspect entered an M&T Bank on Hinkley Avenue in Ridley Park at about 9:30 a.m. and told the teller he had a bomb. After receiving an undisclosed amount of cash, the suspect fled the scene. Following the robbery, police shut down the area surrounding the bank and called the Delaware County Bomb Squad as a precaution. No explosives were located. No arrests have been made. The incident remains under investigation. Source: http://cbs3.com/topstories/bomb.bank.robbery.2.1397204.html


15. December 30, San Antonio Express-News – (Texas) Suspicious package was bag of trash, officials say. Authorities determined a suspicious package found at a North Side bank Wednesday morning was a paper bag full of trash, said a San Antonio Fire Department spokeswoman. Employees arriving to work at Chase Bank in the 12500 block of Northwest Military Highway and Wurzbach Parkway called 911 around 7 a.m. after they found a small bag in the bank’s drive-through automated teller machine lane. San Antonio Fire Department officials said the bag appeared to be from Las Palapas and had a note attached to it that says, “Open if you want a surprise.” The department’s hazardous materials crew, along with San Antonio Police Department’s bomb squad, investigated the package. Source: http://www.mysanantonio.com/news/80340842.html


16. December 29, Anchorage Daily News – (Alaska) Source of stolen credit card information was a restaurant. The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago. The scammers, in what appears to be a nationwide, organized effort, have spent thousands of dollars on the East Coast with the stolen data, according to police. According to the owners, the hack was actually perpetrated against a third-party network run by a nationwide corporation they would not name. The chief technology officer for Digital Securus, a local firm that has been helping examine the network at Little Italy, said his group found hacker programs on the point-of-sale terminals at the restaurant. “So what the bad guys did was, instead of trying to intercept that encrypted transmission, which they knew was futile, they came in and they installed a hacker program on the point-of-sale machines that actually intercepted that card number as it was being swiped,” he said. Both the restaurant and police say the breach has been fixed and the system is again secure. Police, however, are continuing to work with federal authorities to figure out who is behind the attack. Investigators suspect the stolen numbers were sold to third parties, who made fake cards with the information, an APD cyber crimes detective said last week. Source: http://www.adn.com/front/story/1073062.html


17. December 29, Reuters – (Florida; Texas) SEC alleges broker churned government accounts. U.S. securities regulators charged a Houston-based broker on Tuesday with defrauding two Florida government bodies while collecting $14 million in commissions. The Securities and Exchange Commission alleged the broker, while employed by First Allied Securities Inc, churned the accounts of the city of Kissimmee, Florida, and the Tohopekaliga Water Authority, and lied about what he was doing. The SEC’s civil complaint, filed in federal court in Orlando, Florida, accused him of engaging in risky, short-term trading strategies involving zero-coupon U.S. Treasury bonds, sometimes buying and selling them within days or on the same day. The watchdog agency said that he knew the municipalities’ ordinances prohibited his trading strategy. Neither municipality lost money, the SEC said, but only because the bond market swung in his favor. They could have lost $60 million over a two-year period, the SEC alleged. Source: http://www.reuters.com/article/idUSTRE5BS3YP20091229


18. December 29, WTVC 9 Chattanooga – (Georgia) Bank scam hits Chickamauga hard. A bank account draining scam unfolded in Chickamauga the day after Christmas. It was a calculated “phishing” scam. A man’s recorded message claiming to be from the Bank of Chickamauga informed customers their ATM cards were restricted and gave them a number to call. After an unknown number of actual Bank of Chickamauga customers have been ripped off, the Federal Trade Commission has now taken over that number: 1-888-557-7512. A message on that number informs callers they have fallen victim to a scam. A bank executive says the number could be more than one hundred people. The bank’s vice president said, “Do not give information to anyone.” He added that if a customer did not initiate the phone call, then the customer must not divulge any information. From what WTVC-TV found out, this was a very widespread, random call. It appears they just used the prefix “375” and called all kinds of numbers in Chickamauga. This scam is not protected by the Federal Deposit Insurance Corporation. The bank’s executive vice president explains why. “Because it is fraud originated by a third party,” he said. The vice president of the bank says each case will be dealt with individually. But in all likelihood, customers lost whatever was in their account. Chickamauga police and the FBI are also aware of this scam. Investigators suspect this is a scam originating from another country. The bank would not reveal how much money was stolen, but it was all withdrawn electronically. Source: http://www.newschannel9.com/news/bank-987486-chickamauga-hard.html


19. December 29, WCAU 10 Philadelphia – (Pennsylvania) Smoke halts trading on Phila. Stock Exchange. The Philadelphia Stock Exchange was evacuated after smoke was reported on the trading floor late Tuesday morning. Smoke was first sighted on the first floor of the exchange at 1900 Market Street in Center City just after 11 a.m., officials said. The smoke was sucked into the building from a burning pile of leaves which caught fire outside, fire officials said. Trading was halted and the building evacuated. The fire was extinguished at 11:37 a.m. Exchange employees were allowed back into the building just before noon, though trading did not resume until after 12:30 p.m. Source: http://www.nbcphiladelphia.com/news/local-beat/Smoke-Halts-Trading-on-Phila-Stock-Exchange-80272867.html


20. December 29, SCMagazine – (National) Parties agree to settlement over Countrywide data breach. A federal judge in Kentucky has granted preliminary approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. Last week’s settlement, which still must undergo a final approval hearing, would provide free credit monitoring for up to 17 million people whose personal data was exposed, according to published reports. To be eligible, victims must have used Countrywide before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. A spokeswoman for Bank of America, which now owns Countrywide, did not respond to a request for comment on Tuesday. Some 35 lawsuits resulted from the breach before class-action status was granted, according to reports. Source: http://www.scmagazineus.com/parties-agree-to-settlement-over-countrywide-data-breach/article/160332/


21. December 29, Associated Press – (Alabama) Thieves make off with ATM machines from AL stores. Mobile, Alabama police are looking for three men who smashed a stolen car through the windows of 2 gas stations and made off with automated teller machines. A spokesman officer said the two robberies early Monday bring the number of smash & grab ATM thefts around the area to five since December 8. He said the men were masked and completely covered in clothing. The first robbery was at a Chevron station around 3:10 a.m. and another Chevron was robbed about two hours later. They smashed the car through the stations’ glass windows, then went in and removed the ATM machines. The car was later found burned and 1 of the ATMs was still inside. No one has been arrested in any of the incidents, and no one has been injured. Source: http://www.wtvm.com/Global/story.asp?S=11743883


22. December 29, U.S. Department of Justice – (National) Major international hacker pleads guilty for massive attack on U.S. retail and banking networks. A man from Miami pleaded guilty Tuesday to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards. The man, aka “segvec,” “soupnazi” and “j4guar17,” pleaded guilty to two counts of conspiracy to gain unauthorized access to the payment card networks operated by, among others, Heartland Payment Systems, a New Jersey-based card processor; 7-Eleven, a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. The plea was entered in federal court in Boston. The case is one of the largest data breaches ever investigated and prosecuted in the United States. According to information contained in the plea agreement, he leased or otherwise controlled several servers, or “hacking platforms,” and gave access to these servers to other hackers, knowing that they would use them to store malicious software and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by the man. He tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea agreement, it was foreseeable to the man that his co-conspirators would use malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions. Source: http://www.justice.gov/opa/pr/2009/December/09-crm-1389.html


Information Technology


46. December 27, PC World – (International) Good guys bring down the Mega-D botnet. For two years, a researcher with security company FireEye worked to keep Mega-D bot malware from infecting clients’ networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from deÂÂfense to offense. And Mega-D — a powerful, resilient botnet that had forced 250,000 PCs to do its bidding — went down. He and two FireEye colleagues went after Mega-D’s command infrastructure. His team first contacted Internet service providers that unwittingly hosted Mega-D control servers; his research showed that most of the servers were based in the United States, with one in Turkey and another in Israel. The FireEye group received positive responses except from the overseas ISPs. The domestic C&C servers went down. Next, the researchers contacted domain-name registrars holding records for the domain names that Mega-D used for its control servers. The registrars collaborated with FireEye to point Mega-D’s existing domain names to noÂÂwhere. By cutting off the botnet’s pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down. Finally, FireEye and the registrars worked to claim spare domain names that Mega-D’s controllers listed in the bots’ programming. The controllers intended to register and use one or more of the spare doÂÂmains if the existing domains went down — so FireEye picked them up and pointed them to “sinkholes” (servers it had set up to sit quietly and log efforts by Mega-D bots to check in for orders). Using those logs, FireEye estimated that the botnet consisted of about 250,000 Mega-D-infected computers. MessageLabs, a Symantec e-mail security subsidiary, reports that Mega-D had “consistently been in the top 10 spam bots” for the previous year. The botnet’s output fluctuated from day to day, but on November 1 Mega-D accounted for 11.8 percent of all spam that MessageLabs saw. Three days later, FireEye’s action had reduced Mega-D’s market share of Internet spam to less than 0.1 percent, MessageLabs says. Source: http://www.pcworld.com/article/185122/good_guys_bring_down_the_megad_botnet.html


Communications Sector

47. December 30, WYFF 4 Greenville – (South Carolina) Greenville radio station ransacked. A Greenville County radio station was ransacked and thieves took everything, including the microphone for the DJ. The trailer that houses WCSZ 1070 AM on White Horse Road is in shambles. The station’s former general manger told News 4 someone broke into the radio station on December 16, and then again this week. He thinks someone broke into the building looking for copper, but then saw a golden opportunity. There was very expensive equipment still at the radio station, including a transmitter worth $150,000, he said. It was picked apart. He said there is no way to broadcast out of the station until everything is replaced. A forensic investigator was at the radio station Wednesday morning collecting evidence. A Greenville County sheriff’s office spokesman said an investigator has been assigned to this case, and it is being looked at as a grand larceny. Source: http://www.wyff4.com/news/22089937/detail.html


48. December 30, Landmark News Service – (Kentucky) Internet company expansion encounters extended outage. An Internet service outage expected to last about four hours has stretched into a week for some customers of U.S. Digital Online. In the process of relocating a server December 22, unexpected issues were encountered that have had staff members, including the company president, working around the clock through the holiday period. The company acquired approximately 800 KV Net accounts from Nolin RECC in July. Previously, U.S. Digital provided dial-up and wireless service to about 300 customers throughout Grayson County from its office in Leitchfield. The company president said the acquisition came with little documentation regarding software. Some customer connections that relied upon outdated technology contributed to the transfer. “It’s been a struggle for us to find out who’s hooked up how,” he said. During the switch over, U.S. Digital found some customers relied on static IP addresses and it had no record of the information necessary to enable the service. The company also encountered more than 5,000 lines of code that had to be rebuilt as part of the configuration. U.S. Digital is a wholesaler of DSL service through Windstream, which also sells Internet connectivity in the area as well as telephone and digital television. Source: http://www.thenewsenterprise.com/cgi-bin/c2.cgi?053+article+News+20091229053000895


49. December 28, Associated Press – (National) Wireless phone companies pushing to use federal, defense frequencies. As mobile phones become more sophisticated, they transmit and receive more data over the airwaves. But the spectrum of wireless frequencies is finite — and devices like the iPhone are allowed to use only so much of it. TV and radio broadcasts, Wi-Fi networks, and other communications services also use the airwaves. Each transmits on certain frequencies to avoid interference with others. Now wireless phone companies fear they are in danger of running out of room, leaving congested networks that frustrate users and slow innovation. So the wireless companies want the government to give them bigger slices of airwaves — even if other users have to give up rights to theirs. Wireless companies are eyeing some frequencies used by TV broadcasters, satellite-communications companies, and federal agencies such as the Pentagon. Already, some of those groups are pushing back. That means tough choices are ahead. But one way or another, Washington will keep up with the exploding growth of the wireless market, insists a U.S. Representative from Virginia. He is sponsoring a bill that would mandate a government inventory of the airwaves to identify unused or underused bands that could be reallocated. The head of the National Telecommunications and Information Administration, the arm of the Commerce Department that manages the federal government’s use of the airwaves, says the agency is also hunting for more frequencies the wireless industry can use. The Pentagon has vacated some frequencies and is developing technology that can make more efficient use of airwaves. It also says it is committed to finding compromises that work for the government and commercial sector, so long as those do not jeopardize military capabilities. Source: http://www.nextgov.com/nextgov/ng_20091228_6508.php

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 30, 2009

Complete DHS Daily Report for December 30, 2009

Daily Report

Top Stories

 Bloomberg reports that Somali pirates hijacked a U.K.- flagged chemical tanker and its 26 crew in the Gulf of Aden on Monday. Pirates also hijacked the Panama-flagged bulk carrier Navios Apollon as it was sailing in the Indian Ocean; it was carrying a cargo of fertilizer. (See item 5)


5. December 29, Bloomberg – (International) Pirates grab U.K. ship off Somali coast. Somali pirates hijacked a U.K.- flagged chemical tanker and its 26 crew in the Gulf of Aden, the first successful attack on a merchant ship in the heavily patrolled sea channel in almost six months. The St. James Park had registered its position with the European Union anti-piracy force though it had not joined a group transit, a spokesman for the force said in a telephone interview. It was seized Monday due north of the Somali port of Boosaaso, he said. The St. James Park was sailing to Thailand from Spain, and is now believed to be heading for the eastern coast of Somalia, the head of East Africa Seafarers’ Assistance Program said by phone from the Kenyan port city of Mombasa. Its 26-man crew includes Russians, Filipinos, Bulgarians, Indians, Turks, Ukrainians, a Georgian and a Pole, the EU said. The ship is owned by Philbox Ltd. Pirates Monday hijacked the bulk carrier Navios Apollon as it was sailing in the Indian Ocean, 240 nautical miles east- northeast of the Seychelles, the Greek government said. The Panama-flagged Navios Apollon, carrying a cargo of fertilizer, has a Greek captain and 18 Filipino crew members; it was sailing from Florida to India, a spokeswoman for the Citizen Protection Ministry in Athens said in a telephone interview. The 2000-built vessel, with a carrying capacity of 52,073 deadweight tons, belongs to the Angeliki Frangou-led Navios Maritime Partners. Pirates have also released two ships this week, the Chinese bulk carrier De Xin Hai and the Singapore-flagged container ship Kota Wajar. Source: http://www.businessweek.com/globalbiz/content/dec2009/gb20091229_798044.htm


 According to IDG News Service, computer security researchers say that the GSM phones used by the majority of the world’s mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. The flaw lies in the 20-year-old encryption algorithm used by most carriers, a 64-bit cipher called A5/1. (See item 39 below in the Communications Sector)


Details

Banking and Finance Sector

11. December 29, Associated Press – (Iowa) Iowa phone scam poses as credit union call. Nevada residents who have not yet gotten a phone call from a scammer posing as a credit union can expect one soon. Police say a scam to get people to give out banking or credit card information is making its way through every phone number in Nevada, Iowa. The recorded call purports to come from a Nevada credit union, but police say the credit union is unaware of the phone calls and is unaffiliated with the scam. Police say the calls are using “caller ID spoofing,” which allows their number to appear as a legitimate business. Because the scam likely crosses international borders, police say it will be difficult to prosecute, and any money lost to the scam will be nearly impossible to recover. Source: http://www.kwqc.com/Global/story.asp?S=11741849


12. December 28, WRAL 5 Raleigh – (North Carolina) SECU members fall victim to skimmers. In Raleigh, an investigation is under way after about 300 people had money skimmed from their State Employees Credit Union account. A SECU member said she got a call from the credit union on Christmas Day telling her she was a victim of skimming. Her account was skimmed by using her SECU debit card at a gas station. “This type of thing happens all the time, unfortunately,” the senior vice president of SECU’s card and record services department said. She advises SECU members to pay careful attention to their bank activity and credit card statements and report any irregularities or suspicions to police. “Any time you’re using a device anywhere, using your card, look for something unusual,” she said. Skimming devices are often color coordinated, making them difficult to spot on ATMs. Finding the skimming device on a gas pump is virtually impossible as it is often hidden on the inside. “Some of the more common ways to hide them is put an envelope holder close to the ATM, or what looks like an envelope holder with a small pin hole in it, and a small camera mounted inside. Sometimes they’re mounted overhead,” said a spokesman for the Raleigh Police Department. SECU officials said the recent thefts likely happened at gas stations and not by using their ATM machines. It is not yet clear if other banks or customers are affected. Source: http://www.wral.com/news/local/story/6700487/


13. December 28, KPTV 12 Portland – (Oregon) Suspicious packages found outside Tigard Bank. Two suspicious packages prompted the evacuation of a bank in Tigard on Monday, police said. The packages — two stacked cardboard boxes — were discovered near an ATM outside the Bank of America at Southwest Greenburg Road and 99W at about 2:30 p.m. The Portland bomb squad X-rayed the boxes, which were determined to be full of garbage. The boxes were considered suspicious because of an attached note, Tigard police said. The note was not threatening, police said, but officers would not go into detail. The evacuation order for the bank was also lifted. Source: http://www.kptv.com/news/22075719/detail.html


14. December 28, Gainesville Sun – (Florida) Hawthorne bank robber linked to bomb hoax in Starke. A bank robber, who used a fake bomb to hold up a Starke bank last week, apparently struck again at a Hawthorne bank Monday. The man used the same tactic to rob the M&S Bank, 6875 S.E. 221st St., at about 11:30 a.m., the Alachua County Sheriff’s Office reported. The suspect entered the business, got cash, and left behind a suspicious package, said the Sheriff’s Office spokesman. No one was injured during the robbery. But bank employees and customers left the building after the robber left behind a suspicious container. People in nearby buildings also were evacuated while the Sheriff’s Office bomb squad was called out to determine whether the package inside the bank was a bomb. The package, described as leather-type case that resembled a shaving kit, was not a bomb, the Sheriff’s Office spokesman said. He did not elaborate further on what the container looked like but said, “It had something that led them to believe that it could be possibly an explosive device.” Monday’s robbery mirrored reports from a Starke bank robbed last week. In that case, a man left a device with protruding wires at the Capital City Bank, 350 N. Temple Ave., on December 22. He walked up to the teller and demanded $50 and $100 bills and left on foot with the stolen cash. The Jacksonville Sheriff’s Office Bomb Squad was called in and later determined the device was not a bomb. Police in Starke still are searching for the robber in that case, said a police spokesman. After officers from the different agencies reviewed the two cases, the Alachua County Sherriff’s Office spokesman said they “definitely” believe they are dealing with the same suspect. Source: http://www.gainesville.com/article/20091228/ARTICLES/912289970/1002


Information Technology


34. December 29, IDG News Service – (International) Adobe will be top target for hackers in 2010, report says. Adobe Systems’ Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week. “Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot,” security vendor McAfee said in its “2010 Threat Predictions” report. Adobe’s CTO acknowledged recently that his company’s software is being attacked more frequently, and said the company has stepped up its efforts to respond. Mozilla’s Firefox browser and Apple’s QuickTime software have also faced new attacks. Among its other predictions, McAfee expects more sophisticated attacks next year against social networking sites such as Twitter and Facebook. It also sees the emergence of a new vehicle for attacks in the form of HTML 5, an update to the Web markup language that will support delivery of online video and allow Web applications to run offline. “HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users,” McAfee said. There was some good news, however. The security firm sees law enforcement having more successes next year in its pursuit of cybercriminals, thanks to closer cooperation and improved skills at international crime-fighting agencies. Source: http://www.computerworld.com/s/article/9142829/Adobe_will_be_top_target_for_hackers_in_2010_report_says


35. December 28, SCMagazine – (International) New IIS flaw deemed low risk in proper configurations. Administrators following secure configuration best practices should not be at risk to a new, zero-day vulnerability in Microsoft’s Internet Information Services (IIS), according to the software giant. A senior security program manager at Microsoft said Sunday night in a blog post that the company is investigating reports of a flaw in the IIS web server but is unaware of any active attacks. He said that for an attack to occur, IIS must be in a “nondefault, unsafe configuration,” and an intruder would have to be authenticated with privileges to execute commands that do not comply with Microsoft guidance. “Customers using out-of-the-box configurations and who follow security best practices are at reduced risk of being impacted by issues like this,” he said. A handler posting on the SANS Internet Storm Center site said Sunday that administrators still must be careful because they could unknowingly be running a vulnerable web server due to a webmaster’s mistake. Source: http://www.scmagazineus.com/new-iis-flaw-deemed-low-risk-in-proper-configurations/article/160283/


Communications Sector

36. December 29, Charleston Daily Mail – (West Virginia) Verizon customers losing their patience. At least 5,000 Verizon customers still were without phone service Monday, 10 days after a winter storm downed power and phone lines across West Virginia. The company does not know when phone service will be restored to all its customers. A Verizon spokesman said there were 5,000 open repair requests, a number that likely gives a low ballpark figure of the total outage. On Monday, there were roughly twice as many people in the state without phone service as without power. By afternoon, about 2,700 customers were still without power, down from the 100,000 customers who were powerless at the beginning of last week, according to the state division of emergency management. Some of those outages Monday were because of Sunday night’s winds. Verizon’s spokesman said the number of people without phone service did not approach the number of people without power. Part of the reason for the lag between people getting their power back and still having their phone off comes from the practice the phone company has of working after power crews for both safety and technical reasons. Verizon also has fewer workers on hand than American Electric Power. In the Charleston area alone, more than 160 power company crews and nearly 800 people from more than 20 companies in more than a half dozen states worked during the holidays to restore power, an AEP spokesman said. Verizon, by contrast, has about 300 technicians working to restore phone service in West Virginia, company officials said. Not many of them are from out of state and, instead, the company is shifting technicians from the northern part of West Virginia into the southern part, where the damage has been the most extensive. Source: http://www.dailymail.com/News/statenews/200912280483?page=1&build=cache


37. December 29, CBS – (Illinois) Phone service being restored in Robbins. AT&T has restored phone and Internet service to many customers in the south Chicago suburb of Robbins who lost their service over the weekend. Some residents of Robbins were without AT&T phone and Internet service since Saturday. An AT&T spokeswoman said the winter storms caused a utility hole in the area to flood, causing some cables to get wet. She said Tuesday that phone service had been restored for “many customers,” and more households would get their service back “as restoration efforts move forward throughout the day.” While service was out, AT&T gave prepaid wireless phones for residents who wanted to stay connected during emergency situations. She said parts of Chicago’s Pilsen neighborhood also suffered outages over the weekend. Source: http://www.wbbm780.com/Phone-service-being-restored-in-Robbins/5994814


38. December 28, BusinessWeek – (New York) An AT&T mystery: abrupt New York iPhone shutdown. A brief halt in online sales of the Apple iPhone in the New York area kept alive concerns that AT&T’s network is not up to the task of handling smartphone traffic in some of the largest U.S. cities. Customers who shopped for an iPhone on AT&T’s Web site and gave ZIP codes for areas in and around New York City were told that the device was unavailable during a period starting on December 27 and lasting until the afternoon of the following day. Sales of the iPhone through AT&T and Apple retail stores in the New York area, as well as via Apple’s Web site, were unaffected. AT&T offered little explanation for the halt in sales, and Apple kept mum on the subject. “We periodically modify our promotions and distribution channels,” an AT&T spokesman said. Some analysts speculated that the change, however short-lived, was further confirmation that AT&T’s equipment is too flimsy to handle the heavy data use typically associated with the iPhone. “Clearly AT&T is struggling with quality-of-service concerns,” says the head of the Envisioneering Group, a research firm. “It’s the first time I’m aware of this happening with any wireless product.” Source: http://www.businessweek.com/technology/content/dec2009/tc20091228_366556.htm


39. December 28, IDG News Service – (International) Hackers show it’s easy to snoop on a GSM call. Computer security researchers say that the GSM phones used by the majority of the world’s mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. In a presentation given Sunday at the Chaos Communication Conference in Berlin, a researcher said that he had compiled 2 terabytes worth of data — cracking tables that can be used as a kind of reverse phone-book to determine the encryption key used to secure a GSM (Global System for Mobile communications) telephone conversation or text message. While he stopped short of releasing a GSM-cracking device – that would be illegal in many countries, including the United States — he said he divulged information that has been common knowledge in academic circles and made it “practically useable.” The flaw lies in the 20-year-old encryption algorithm used by most carriers. It is a 64-bit cipher called A5/1 and it is simply too weak, according to the researcher. Using his tables, antennas, specialized software, and $30,000 worth of computing hardware to break the cipher, someone can crack the GSM encryption in real time and listen in on calls, he said. If the attacker was willing to wait a few minutes to record and crack the call, the total cost would be just a few thousand dollars, he said. There are about 3.5 billion GSM phones worldwide, making up about 80 percent of the mobile market, according to data from the GSM Alliance, a communications industry association representing operators and phone-makers. A spokeswoman with the GSM Association said that her group would be looking into the researchers’ claims in the coming days and stressed that any type of mobile-phone eavesdropping would be illegal in many countries. Source: http://www.computerworld.com/s/article/9142819/Hackers_show_it_s_easy_to_snoop_on_a_GSM_call?taxonomyId=16&pageNumber=1


40. December 28, KQDS 21 Duluth – (Minnesota) WEBC radio forced off air by water leak. Water problems have temporarily silenced the Northland’s oldest radio station. WEBC radio, also known as ESPN 560, has been off the air since at least Christmas Eve. Station officials say water got into the station’s transmitter building, which is located near U.S. Highway 2/53 in the Town of Parkland near Superior. On Monday, a crew was out putting a new roof on the building while engineers worked to dry out the equipment. There is no word when the station might return to the air. During the outage, listeners may hear a Chicago station on 560 at night. Source: http://www.fox21online.com/news/webc-radio-forced-air-water-leak