Department of Homeland Security Daily Open Source Infrastructure Report

Monday, February 11, 2009

Complete DHS Daily Report for February 11, 2009

Daily Report

Headlines

 According to Reuters, an oil tanker carrying around $9 million worth of petroleum products collided with a container vessel off the Dubai coast on Tuesday, setting both vessels on fire and sending up a thick plume of black smoke. (See item 1)


1. February 10, Reuters – (International) Oil tanker in collision and burning off Dubai. An oil tanker carrying around $9 million worth of petroleum products was in collision with a container vessel off the Dubai coast on Tuesday, setting both vessels on fire and sending up a thick plume of black smoke. The tanker, called the Kashmir, was built in 1988. It was carrying some 30,000 tons of oil condensates from Iran to the United Arab Emirates port of Jebel Ali, oil industry sources said. The second ship was a container vessel called Sima Buoy, which was leaving the port when the incident took place, ship brokers said. The two vessels collided around seven nautical miles from Jebel Ali port. It was not immediately clear what caused the incident, but one witness said the oil tanker appeared to be badly damaged. Oil industry sources said the fire did not involve any of Dubai’s offshore oil platforms. Source: http://af.reuters.com/article/worldNews/idAFTRE5192KN20090210?pageNumber=1&virtualBrandChannel=0


 The Associated Press reports that hackers broke into the Federal Aviation Administration’s computer system during the week of February 2-6, accessing the names and Social Security numbers of 45,000 employees and retirees. (See item 31)


31. February 10, Associated Press – (National) FAA says hackers accessed personal data in agency computers. Hackers broke into the Federal Aviation Administration’s (FAA) computer system during the week of February 2-6, accessing the names and Social Security numbers of 45,000 employees and retirees. The agency said in a statement on February 9 that two of the 48 files on the breached computer server contained personal information about employees and retires who were on the FAA’s rolls as of the first week of February 2006.The server that was accessed was not connected to the operation of the air traffic control system and there is no indication those systems have been compromised, the statement said. “These government systems should be the best in the world and apparently they are able to be compromised,” said an FAA contracts attorney. “Our information technology systems people need to take a long hard look at themselves and their capabilities. This is malpractice in their world.” The FAA statement said the data theft has been reported to “law enforcement authorities,” who are investigating. All affected employees will receive letters notifying them of the breach, the statement said. Source: http://www.mercurynews.com/ci_11669846?source=rss


Details

Banking and Finance Sector

10. February 10, Bradenton Herald – (Florida) Bank fraud mastermind arrested. The accused mastermind of an $83 million bank-fraud scheme involving land sales in Manatee and Sarasota counties has been arrested in Jordan, a federal prosecutor said on February 9 during the trial of a co-defendant. The defendant, formerly of Sarasota, has since been released on bond, the assistant U.S. attorney said on the opening day of the co-defendant’s trial in Tampa. The assistant U.S. attorney did not say when the defendant was arrested. The defendant is accused of buying seven parcels for $43 million, reselling them to the co-defendant and others for $117 million and helping the buyers obtain $83 million in bank loans. The co-defendant has pleaded not guilty, while two others have pleaded guilty as part of deals. Source: http://www.bradenton.com/business/story/1215889.html


11. February 10, Washington Post – (National) SEC reaches deal with Madoff. The Securities and Exchange Commission (SEC) announced an agreement with a disgraced money manager that could eventually force him to pay a civil fine and return money raised from investors. The partial judgment, which renders permanent a preliminary injunction that froze the money manager’s assets after his arrest in December 2008, must be approved by the federal judge overseeing the case. The civil proceeding is separate from the criminal case against the prominent Wall Street figure, who is accused of bilking $50 billion from investors. The SEC said the defendant agreed to the partial judgment without admitting or denying the allegations in its civil complaint. However, the agreement says the defendant cannot contest the “facts” of the complaint for the purposes of determining his obligation to pay civil fines and restitution — which will be specified later. The SEC says the basic facts of the complaint are that the defendant committed a $50 billion fraud and told his sons his investment business was a sham. Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/02/09/AR2009020903410.html


Information Technology


36. February 10, Computerworld – (International) Verizon expands DoS defenses in 24 countries. Verizon Business on February 10 announced a global expansion of its WAN-based service to detect and defend against denial-of-service attacks. Verizon Business, a unit of Verizon Communications Inc., said it has added a detection component to its DoS Defense service for mitigating DoS attacks. The monthly price for the service is $5,500 for both mitigation and detection. No customer on-premises equipment is required, since all the detection and mitigation is managed in the cloud over the Verizon IP network backbone and with several Verizon security centers, including three in the United States, said Verizon’s director of product management for DoS Defense. The detection component of DoS Defense works by scanning Internet traffic flow for suspicious activity, while the mitigation component diverts malicious traffic away from a customer’s network, he said. A Copenhagen-based Current Analysis Inc. analyst said Verizon is expanding its previous defense service in this offering by guaranteeing customers that it will stop a DoS attack within 15 minutes of an alert. The service does not provide an automatic Web defense, which might be undesirable for some companies. For example, a sudden surge of traffic to a retail Web site might be explained because the company has a special sale going on, the analyst said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9127548&taxonomyId=17&intsrc=kc_top


37. February 9, DarkReading – (International) Hacker lays claim to breaches of two security vendors’ Web sites. A single Romanian hacker claims he has broken through the Web site defenses of two prominent security vendors in an attempt to show vulnerabilities in their security. Kaspersky, one of the industry’s best-known antivirus and security software makers, gave a press conference on February 9 confirming that a Romanian hacker had launched an SQL injection attack on its newly implemented U.S. customer support site, exposing a potentially data-threatening vulnerability in its Web site. The attacker did not publish any sensitive data, even though he could have gained access to it, Kaspersky said. The hacker, known as “unu,” claims to have launched a similar SQL injection attack on the Web site of security vendor BitDefender in Portugal. “It seems Kaspersky are not the only ones who need to secure their database. Bitdefender has the same problems,” unu said in an online message. As of this posting, BitDefender had not confirmed whether unu’s claims were accurate. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=213401799&subSection=Attacks/breaches


Communications Sector

Nothing to report

Department of Homeland Security Daily Open Source Infrastructure Report

Monday, February 10, 2009

Complete DHS Daily Report for February 10, 2009

Daily Report

Headlines

 According to AVweb, the Federal Aviation Administration admits that it is relaxing lightning protection standards for commercial aircraft because manufacturers, notably Boeing with the 787, can not meet the rules that have been in place since 2001. (See item 14)


14. February 8, AVweb – (National) FAA relaxes lightning protection for 787. The Federal Aviation Administration (FAA) admits that it is relaxing lightning protection standards for commercial aircraft because manufacturers, notably Boeing with the 787, cannot meet the rules that have been in place since 2001. “To this day, we have not had one manufacturer that has been able to demonstrate compliance with that rule,” said the head of the FAA’s Seattle office dealing with commercial-airplane certification. “We decided it’s time to re-evaluate our approach.” In the 787’s case, that re-evaluation involves allowing a single level of spark protection for some parts in the fuel tanks and wings rather than the triple redundancy that the 2001 rule requires. The FAA and Boeing argue that a new system that will pump inert nitrogen into the void of emptying fuel tanks more than makes up for the lessened spark protection but FAA inspectors, many of them former Boeing employees, have formally challenged that view. The National Air Traffic Controllers Association submitted a formal critique to the agency saying the relaxed standards put the 787 “one failure away from catastrophe.” While the engineers say the tank inerting system is a big improvement, they note that the aircraft’s certification will allow it to fly without the system operating if it breaks down. Boeing insists the 787 will be the most lightning-resistant aircraft ever made. Source: http://www.avweb.com/avwebflash/news/FAARelaxesLightningProtectionFor787_199725-1.html


 The Associated Press reports that a holding tank at a Caterpillar facility in a Chicago suburb broke Sunday, spilling about 65,000 gallons of oil sludge and contaminating a 3-mile section of the Des Plaines River. (See item 20)


20. February 9, Associated Press – (Illinois) 65,000 gallons of oil sludge spills near Chicago. A holding tank at a Caterpillar facility in a Chicago suburb broke Sunday, spilling about 65,000 gallons of oil sludge and contaminating a 3-mile section of the Des Plaines River, officials said. The substance was reported to be hydraulic and cutting oil, said a spokeswoman for the Illinois Emergency Management Agency. “It is being contained, and there is no evidence of a fish kill or harm to water fowl,” she said in an e-mail. Most of the sludge spilled on land, but 6,000 gallons seeped into Des Plaines River water, a U.S. Coast Guard petty officer said. He said the oil waste poses no risk to human health but could be dangerous to animals in the contaminated area. The Coast Guard said barge and boat traffic along the river had been stopped. Caterpillar Inc., the Peoria-based maker of mining and construction machinery, confirmed in a statement Sunday that “an undetermined amount of waste oil” overflowed from a storage area at the company’s manufacturing facility in Joliet. The Environmental Protection Agency said the oil waste leaked when a pump failed on a 40,000-gallon open-air holding tank. Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/02/08/AR2009020801640.html?hpid=sec-nation


Details

Banking and Finance Sector


10. February 8, MarketWatch – (California; Georgia) Two banks in California, 1 in Georgia are closed. Regulators shut two banks in California and one in the Atlanta area on February 6, bringing the number of U.S. failures this year to nine, while marking the 34th collapse since the recession began. FirstBank Financial Services, McDonough, Georgia, Alliance Bank of Culver City, California, and County Bank, Merced, California, were seized, according to the Federal Deposit Insurance Corp (FDIC). Regions Bank of Birmingham, Alabama, has agreed to assume all of FirstBank’s deposits and purchase roughly $17 million of the failed bank’s assets, the FDIC said. As for California’s Alliance Bank, San Diego-based California Bank & Trust has agreed to assume the failed bank’s deposits, the FDIC said. Finally, regarding County Bank, Westamerica Bancorp, San Rafael, California, will buy the bank’s assets and assume its deposits. Source: http://www.marketwatch.com/news/story/two-banks-california-one-georgia/story.aspx?guid={0ADB4918-43F9-46A3-8EDD-19A2503A81B3}&dist=msr_2


11. February 6, Associated Press – (National) Calif. fugitive charged in $100M mortgage fraud. Federal prosecutors said February 6 that they charged a suspect in a $100 million mortgage fraud and investment scheme that spanned five states after he fled the country in a private jet the week of February 1-7. Two assistant U.S. attorneys said the 27-year-old suspect had been cooperating in their investigation before he fled. They believe he flew to Mexico on February 2 by chartering a private jet for $156,000. Federal agents are investigating the suspect, directors of Loomis Wealth Solutions, a Roseville, California-based investment company, and people affiliated with several related companies. A sworn statement by an Internal Revenue Service agent says they had defrauded investors and mortgage companies of $100 million since 2006, although an attorney for the owner of Loomis Wealth Solutions denied his client did anything illegal. The suspects arrest warrant says the scam involved 500 properties in at least five states, including Arizona, California, Florida, and Illinois. The fifth state was not disclosed. New York-based Citimortgage Inc. alone lost more than $6 million on 15 bogus loans, according to the IRS affidavit. The other lenders were not listed. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/02/06/financial/f161919S28.DTL


Information Technology


37. February 9, ComputerWeekly – (International) Kaspersky’s Web site hacked. Security firm Kaspersky has downplayed claims that its U.S. Web site was hacked over the weekend, exposing a database containing customer details. A hacker claimed in a blog posting that he was able to access Kasperky’s databases containing customer details including users, administrators, activation codes and e-mail addresses. A posting on Hackers Blog said the SQL injection vulnerability in usa.kaspersky.com is very real, but Kaspersky “does not need to worry about us spreading their confidential stuff.” “Our staff will never save or keep any confidential data, we just point our fingers to big websites with security problems,” the posting said. Kaspersky has admitted a vulnerability in a section of the usa.kaspersky.com site, but said the problem was fixed within half an hour of detection, according to the Tech Herald. “The vulnerability was not critical and no data was compromised from the site,” the company said in a statement. Source: http://www.computerweekly.com/Articles/2009/02/09/234692/kasperskys-website-hacked.htm

38. February 6, DarkReading – (International) Doubling of rejected mail makes China ‘top of the bots.’ A massive increase in spam originating from China and the Far East could mark the beginning of a worrying trend that will create more problems for organizations already struggling to cope with unwanted emails. The rise could potentially outweigh any lasting gains from more sophisticated detection and enforcement efforts in the United States and Europe which recently saw a reduction of spam following the shutdown of McColo, the California-based Internet service provider, in November 2008. Latest figures from U.K. security specialist iCritical show that mail from Chinese IP addresses rejected by the company’s servers before reaching client accounts more than doubled from 10.4 million in November 2008 to 22.9 million in December. In the same period, mail from Vietnam rose 62 percent from 2.9 million to 4.7 million and from South Korea nearly 26 percent from 6.2 million to 7.8 million. Illegitimate mail originating in the other five highest spam-producing countries — the United States, the United Kingdom, Russia, Brazil, and Turkey — all fell significantly in the fourth quarter of 2008. According to iCritical, total spam levels from all eight countries fell from a height of 137.5 million in October to 72.3 million in December, suggesting that the closure of McColo and the prolific botnets it hosted has had a greater effect than some had predicted. Source: http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=213300930&subSection=Attacks/breaches

Communications Sector

Nothing to report