Department of Homeland Security Daily Open Source Infrastructure Report

Monday, December 21, 2009

Complete DHS Daily Report for December 21, 2009

Daily Report

Top Stories

 KWTX 10 Waco reports that fire departments responded Thursday afternoon to the report of a possible chlorine fire in a building owned by the Downsville Water Department in McLennan County, Texas. A 3-mile radius was evacuated during the fire. (See item 25)


25. December 17, KWTX 10 Waco – (Texas) Three mile radius evacuated during chlorine fire. Area fire departments responded Thursday afternoon to the report of a possible chlorine fire in a building owned by the Downsville Water Department. The fire was reported Thursday by a deputy of the McLennan County Sheriff’s Office patrolling along South 3rd Street near Downsville. Chlorine is a light greenish-yellow gas with an irritating odor; it is considered toxic and can be fatal if inhaled. The deputy saw fire and a yellow mushroom cloud. Initial readings at the site had the chlorine level at 8.5 times the lethal level. Two chlorine canisters — both 5-foot tall and 1-foot in diameter — caught fire in a storage shed. The storage shed holding the canisters caught fire at first, then the canisters themselves caught fire, officials said. It was not immediately clear Thursday afternoon when service would be restored. Source: http://www.kwtx.com/home/headlines/79562917.html


 According to the Associated Press, South Korea’s military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea. The suspected hacking occurred late last month and involved a USB device. (See item 31)


31. December 18, Associated Press – (International) Hackers steal SKorean-U.S. military secrets. South Korea’s military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea. The suspected hacking occurred late last month when a South Korean officer failed to remove a USB device when he switched a military computer from a restricted-access intranet to the Internet, a Defense Ministry spokesman said. The USB device contained a summary of plans for military operations by South Korean and U.S. troops in case of war on the Korean peninsula. The spokesman said the stolen document was not a full text of the operational plans, but an 11-page file used to brief military officials. He said it did not contain critical information. He said authorities have not ruled out the possibility that Pyongyang may have been involved in the hacking attack by using a Chinese IP address — the Web equivalent of a street address or phone number. Source: http://news.yahoo.com/s/ap/20091218/ap_on_re_as/as_koreas_cyberattack


Details

Banking and Finance Sector

31. December 18, Associated Press – (International) Hackers steal SKorean-U.S. military secrets. South Korea’s military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea. The suspected hacking occurred late last month when a South Korean officer failed to remove a USB device when he switched a military computer from a restricted-access intranet to the Internet, a Defense Ministry spokesman said. The USB device contained a summary of plans for military operations by South Korean and U.S. troops in case of war on the Korean peninsula. The spokesman said the stolen document was not a full text of the operational plans, but an 11-page file used to brief military officials. He said it did not contain critical information. He said authorities have not ruled out the possibility that Pyongyang may have been involved in the hacking attack by using a Chinese IP address — the Web equivalent of a street address or phone number. Source: http://news.yahoo.com/s/ap/20091218/ap_on_re_as/as_koreas_cyberattack


Information Technology


38. December 18, CNN – (International) Twitter hacked by ‘Iranian Cyber Army’. The popular microblogging Web site Twitter was hacked overnight, leaving the millions who use the site tweetless. Those who tried to access Twitter were redirected to a site that had a green flag and proclaimed “This site has been hacked by Iranian Cyber Army.” The Web site was down for nearly an hour. Representatives from Twitter could not be immediately reached for comment, but the company spoke about the issue on its official Twitter page. “Twitter’s DNS records were temporarily compromised but have now been fixed. We will update with more information soon,” the company posted at about 2:30 a.m. ET on December 18. It was unclear who the group Iranian Cyber Army was and if it is connected to Iran. Source: http://www.cnn.com/2009/TECH/12/18/twitter.hacked/index.html


39. December 18, The Register – (International) Film review site hacked to spew malicious PDFs. Hackers on December 17 exploited a vulnerability on Ain’t It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file. The attack targeted a vulnerable PHP script on one of AICN’s servers that automatically appended the malicious link to banner ads served on the site, its publisher said. As a result, anyone visiting the site over a 90-minute period on December 17 was silently redirected to speedconnection .cn which served a malicious file named annonce.pdf. The booby-trapped PDF, according an analysis by researchers at Praetorian Prefect, exploited two vulnerabilities in Adobe Reader that the company has already fixed. When the file is opened by unpatched versions of Reader, it launches malicious shell code that hijacks the machine. Only 12 of the 41 major anti-virus programs currently detect the trojan, according to this VirusTotal analysis. In September, Mozilla found that more than half of Firefox users used insecure versions of Adobe Flash. It would not be surprising to find a similarly large proportion of the population using out-of-date versions of Reader, too. Source: http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/


40. December 18, V3.co.uk – (International) ‘Donbot’ launches pump-and-dump run. A huge botnet credited with launching an attack on Twitter and Facebook last month has moved into pump-and-dump spam attacks. The Donbot network has recently been connected by researchers to a rash of stock-related spam messages that attempt to persuade users to invest in a low-priced stock. Once demand for the stock has inflated its price, the spammer then sells at a profit. Researchers at MessageLabs said that the attack is unique because pump-and-dump scams, once a common occurrence, have all but disappeared in recent years. Much of the drop was attributed to the recent arrest and conviction of a spam kingpin. However, with the changes believed to be taking place in the cyber crime world, such attacks could soon return to favor. Experts throughout the industry have predicted that an increasingly crowded and competitive market could force criminals to look for new ways to make money online. The size and structure of new botnets may also play a part. A MessageLabs senior analyst noted that stock spam operations are perfect for Donbot and other large botnets. Source: http://www.v3.co.uk/v3/news/2255229/donbot-launches-pump-dump-run


41. December 17, DarkReading – (International) Report: over 97% of November email was Spam. Spam constituted 97.1 percent of total e-mail traffic in October and November 2009. This is one of the findings of the eleven E-mail Security Report for October and November 2009, which was presented Thursday by eleven, Germany’s leading e-mail security specialist. Spam traffic continued to be dominated by casino and pharmaceutical-related spam. The main source of spam is Brazil, followed by Vietnam and India. Spam constituted 97.1 percent of total e-mail traffic in October and November, “clean” e-mails constituted 1.9 percent, e-mail viruses just under 0.1 percent. Casino and pharmaceutical spam lead the “hit list” of spam content. More than one sixth of all spam e-mails originated from IP addresses in Brazil, followed by Vietnam and India. Backdoor Trojans, which constantly load new malware onto infected systems, constituted 75 percent of all viruses. E-mails spreading the Trojans are usually disguised as important messages. The content ranged from e-cards, delivery notifications, and software updates to requests for the reactivation of accounts. Source: http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=222002610&subSection=Application+Security


42. December 17, DarkReading – (International) Lab test results: Symantec, Kaspersky Lab, PC Tools, AVG, detect the most zero-day attacks. Top Internet security suite products scored high when detecting zero-day attacks during a three-month period, according to new data released today from independent German lab AV-Test, with Symantec and Kaspersky Lab finding 98 and 97.5 percent, respectively. AV-Test tested 10 zero-day threats during a three-month period on Windows XP SP3 machines running Symantec Norton Internet Security 2010, Kaspersky Internet Security 2010, PC Tools Internet Security 2010, AVG Internet Security 9.0, G Data Internet Security 2010, Panda Internet Security 2010, Avira Premium Security Suite 9.0, McAfee Internet Security 2010, CA Internet Security 2010, F-Secure Internet Security 2010, BitDefender Internet Security 2010, and Trend Micro Internet Security 2010. AVG caught 92.2 percent of the threats, followed by G Data, 90 percent; Panda, 90 percent; Avira, 87.7 percent; McAfee, 87.2 percent; CA, 86.7 percent; F-Secure, 85.8 percent; BitDefender, 84.3 percent; and Trend Micro, 83.3 percent. Source: http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=222002625&subSection=Antivirus


43. December 16, Homeland Security News Wire – (International) Prediction for 2010: The coming cloud crash. The chief executive of Strategic News Service predicts a big remote-computing service disaster: “My hunch is that there will never really be a secure cloud,” he says; businesses will view cloud services more suspiciously and consumers will refuse to use them for anything important, he says. Next year, computing services handled remotely and delivered via the Internet may undergo some kind of “catastrophe” that alerts companies and consumers to the risks of relying on the so-called cloud, says the chief executive of Strategic News Service, an industry newsletter circulated to senior executives at technology companies including Intel, Dell, and Microsoft. A writer for BusinessWeek wrote that a growing number of businesses and individuals are handing storage and various other tasks to outside providers, from photographers archiving pictures with Yahoo!’s Flickr to companies turning over complicated computing operations to Amazon. Source: http://homelandsecuritynewswire.com/prediction-2010-coming-cloud-crash


44. December 15, Federal Computer Week – (Michigan) DHS, Michigan team on cybersecurity. The Homeland Security Department on December 15 said Michigan is deploying DHS’ Einstein 1 network flow monitoring system across the state’s cyber networks in a first-of-a-kind DHS partnership with a state government. Under the agreement, DHS’ U.S. Computer Emergency Readiness Team will identify possible abnormal activities on Michigan’s networks and deal with threats to critical computer infrastructure, the department said in announcing the partnership. DHS is in charge of protection the civilian .gov domain and interfaces with non-federal partners on cybersecurity efforts. Federal agencies have used Einstein 1 for several years, and a more advanced version of the system, Einstein 2 — an intrusion detection system — is being deployed at civilian agencies. The DHS and Michigan partnership only uses Einstein 1, according to the announcement. “This proof of concept will benefit Michigan’s cybersecurity interests by further enhancing its ability to identify and resolve a greater range of threats to its cyber infrastructure in coordination with a broad range of federal government entities,” said the Michigan governor. “It will enable greater federal and state coordination to promote mutual cybersecurity interests and, if successful, will inform the efforts of state governments to enhance their own cybersecurity efforts,” she added. Source: http://www.fcw.com/Articles/2009/12/15/Web-DHS-and-Michigan-cybersecurity.aspx


For another story, see item 48 below in the Communications Sector


Communications Sector

45. December 18, San Francisco Chronicle – (California) AT&T cell service restored in Pacifica. AT&T cell phone service in Pacifica’s Linda Mar neighborhood was restored Friday evening, six days after vandals cut wires at an antenna on a mountain that was inaccessible to repair crews because of a muddy road, a company spokesman said. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/12/17/BANS1B64HS.DTL&tsp=1


46. December 17, BlackBerry Examiner – (National) Outages galore all across the nation. Earlier Thursday there was a huge BlackBerry BIS outage where countless users all across the nation were not receiving their emails. At about 2:30 PM ET, things started to get a little better. Now reports are out there that T-Mobile is having yet another outage in various parts of the nation. While this may be frustrating for those who are not only BlackBerry users, but BlackBerry users on T-Mobile, rest assured that many people believe that the recent influx of outages from The Magenta is in preparation for the major improvement on their 3G network that are supposed to be rolled out by the end of the year. Source: http://www.examiner.com/x-19475-BlackBerry-Examiner~y2009m12d17-Outages-galore-all-across-the-nation


47. December 17, Anchorage Daily News – (Alaska) AT&T gets 2G service back up and running: Anchorage. AT&T’s cell phone network is fully operating again. Some AT&T wireless customers in Alaska lost their connection to the cell phone network at about noon Wednesday. Voice and text services for those customers have been restored, an AT&T spokeswoman said Thursday. On Wednesday, the company attributed the problem to “a commercial power outage caused by a hardware issue that is affecting 2G service.” Customers with the newer 3G service from AT&T reported that their cell phones still worked. Source: http://www.adn.com/news/alaska/anchorage/story/1060839.html


48. December 16, Government Computer News – (National) DNSSEC implemented in the .us registry. Domain Name Security Extensions (DNSSEC) have been implemented in the registry of the .us top-level Internet domain. Neustar Inc., which has operated the .us registry since 2001, received permission to apply DNSSEC in October and signed the .us zone earlier this month. The company said it will encourage domain name registrars and registrants to incorporate a digital signature via DNSSEC into their domain records in early 2010. The .us domain, one of a number of country codes used to identify the location of an entity within its Uniform Resource Locator (URL), joins a growing number of top level domains — including .gov and .org — getting ready to secure the Internet’s Domain Name System by digitally signing DNS requests and responses. Source: http://gcn.com/articles/2009/12/16/dnssec-deployed-dot-us-domain.aspx


For another story, see item 41 above in the Information Technology Sector

No comments: