Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 2, 2009

Complete DHS Daily Report for January 2, 2009

Daily Report


 The Knoxville News Sentinel reports that two felons face federal charges after they were caught December 17 trying to get inside the Y-12 National Security complex in Tennessee with a gun and ammunition inside their vehicle. (See item 9)

9. December 31, Knoxville News Sentinel – (Tennessee) 2 felons accused of trying to enter Y-12 with weapon. Two felons face federal charges after authorities allege they were caught trying to get inside the Y-12 National Security complex with a gun and ammunition inside their vehicle, court records show. The pair have been jailed pending trial on federal weapons charges lodged against the pair after a December 17 incident at the Oak Ridge facility. According to an affidavit filed by an FBI agent, a vehicle driven by one felon, carrying the other felon as a passenger, drove up to a checkpoint at the Y-12 facility at 7:45 a.m. on December 17 in an apparent attempt to get inside the facility. It is not clear from the affidavit why the men sought entry or what connection they had to the complex. Source:

 According to SC Magazine, researchers on Tuesday demonstrated an attack that allowed them to successfully create a rogue Certification Authority certificate, which would be trusted by all Web browsers and allow an attacker to impersonate any Web site, including those secured by the HTTPS protocol. (See item 35)

See item 35 in the Information Technology Sector below


Banking and Finance Sector

10. December 31, Chicago Tribune – (Illinois) 8 arrested in ring targeting police credit unions. Police have arrested eight people in a two-month-long investigation of at least $150,000 in credit card fraud against members of two police credit unions, officials announced late Tuesday. The fraud ring, which involved seven employees of Chicago-area retail stores, hit 140 accounts at the Illinois State Police Credit Union and the Chicago Patrolmen’s Credit Union, according to Illinois State Police. The ring operated out of Crestwood, although most of those arrested were from Chicago, according to a police press release. The investigation involved state police, the U.S. Secret Service, the Illinois Attorney General’s office, and the Chicago Police Department, according to police. Police did not identify the retail stores involved, but corporate security for Wal-Mart Stores, Inc., also assisted in the investigation. According to police, the ring involved seven employees of retail stores who either bought merchandise fraudulently or helped other people buy goods fraudulently. Investigators began their probe after people with accounts at the two credit unions found out someone was making fraudulent purchases on their cards. Seven people were arrested by state police Tuesday morning, and one more Tuesday night, police said. Each was charged with one count of theft and one count of wire fraud, class three felonies that carry up to five years in prison. Source:

11. December 30, WSMV 4 Nashville – (Tennessee) Credit card scam worries airport workers. There are worries at Nashville International Airport that a credit card scheme is taking advantage of workers and possibly travelers. Some airport workers reported that their checking accounts were suddenly short of hundreds of dollars. An airline employee said someone got his debit card numbers and went on a shopping spree in Texas. It appears some of the employee’s co-workers have had the same thing happen to them, too. All of the victims said they used their debit card at an airport food vendor. The Nashville International Airport Police Department said they are investigating the cases, and an internal memo said the Secret Service is looking into the matter as well. Source:

12. December 30, Reuters – (National) SEC halts alleged $23 million Ponzi scheme. U.S. securities regulators obtained an emergency court order to stop an alleged Ponzi scheme that collected more than $23 million from thousands of investors in Florida’s Haitian-American community, the Securities and Exchange Commission (SEC) said on Tuesday. The SEC alleged that Creative Capital and its principal owner launched a scheme as early as November 2007 urging investors to form investment clubs to funnel funds to the owner and Creative Capital. The SEC alleged the owner has lost at least $18 million trading stocks and options over the last year and that Creative Capital repaid early investors with money from later investors. The owner combined investor funds with his personal funds and misappropriated at least $3.8 million for himself and his family, the SEC alleged. Source:

Information Technology

34. December 31, DarkReading – (International) Hundreds of Israeli websites hacked. More than 300 Israeli web sites over the past few days have been hacked and defaced with anti-Israeli and anti-U.S. messages in an online propaganda campaign, a security expert says. The director of research in computer forensics at the University of Alabama at Birmingham and a co-chair of the Anti-Phishing Working Group warned in his blog that U.S. web sites should be prepared for similar attacks. “American webmasters may wish to be especially vigilant right now,” he blogged. He says these types of web site attacks are all about location, not size or prominence of the targeted site. “It only matters WHERE the Website is,” he says. Source:

35. December 30, SC Magazine – (International) Hackers find hole to create rogue digital certificates. Researchers on Tuesday demonstrated an attack that allowed them to successfully create a rogue Certification Authority (CA) certificate, which would be trusted by all Web browsers and allow an attacker to impersonate any Web site, including those secured by the HTTPS protocol. The researchers presented the research at the 25th Chaos Communication Congress in Berlin. They identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure Web sites. The weakness exists in the MD5 cryptographic hash function, which allows the construction of different messages with the same MD5 hash — known as an MD5 “collision,” according to their research paper. In other words, criminals would be able to create a fake CA certificate, which would be trusted by the Web browsers, allowing them to display any Web site as SSL-secured — represented by the padlock at the corner of the page. Specifically, attackers would be able to perform transparent man-in-the-middle attacks against SSL connections and monitor or tamper with the traffic to secure Web sites or email servers. While warnings against MD5 signing have been made since 2004, it is still used today by the certification authorities, including RapidSSL, FreeSSL, TrustCenter, RSA Data Security, Thawte, and CAs that are still using MD5 are recommended to transition to more secure cryptographic hash functions, such as SHA-1 or more preferably, SHA-2. The researchers said that the affected CAs have been notified and will be switching to the SHA-1 hash function “very, very soon.” Source:

Communications Sector

36. December 29, IDG News Service – (International) Cable repairs set back by second undersea break. Efforts to restore normal communications between Europe and Asia have suffered a setback after an important undersea cable broke for a second time, this time at a much greater depth. Engineers from France Telecom had just finished repairing the Sea Me We 4 cable on December 25 when the same cable broke again in a different place, this time 241 miles off the coast of Alexandria in Egypt, a France Telecom spokesman said Monday. The repair ship the “Raymond Croz,” which had just finished repairing the first break, was on its way to Sicily on Monday to pick up more cable to repair the second break, which happened more than 9,800 feet under the sea, the spokesman said. The ship is expected to arrive at the site of the latest incident on December 31 and the repairs now won’t be completed until January 4 or 5, the spokesman said, which would be 10 days later than originally expected. Source: