Department of Homeland Security Daily Open Source Infrastructure Report

Monday, July 13, 2009

Complete DHS Daily Report for July 13, 2009

Daily Report

Top Stories

 According to the Associated Press, Egyptian authorities arrested 25 people on suspicion of plotting attacks on oil pipelines and ships in the Suez Canal, the interior ministry said in a statement on July 9. Egyptian authorities said the group had links to al-Qaeda. (See item 21)

21. July 9, Associated Press – (International) Egypt arrests group it says plotted Suez attacks. Egyptian authorities arrested 25 people on suspicion of plotting attacks on oil pipelines and ships in the Suez Canal, the interior ministry said in a statement on Thursday. The group, which Egypt said had links to al-Qaida, was made up of two dozen Egyptians — most of them engineers and technicians — and their Palestinian leader. They also had contacts with militants in the Gaza Strip, the ministry said. “They believe in takfiri and jihadi thought,” a ministry statement said, referring to the radical Sunni Muslim ideology espoused by groups like al-Qaida. The group planned to use explosives rigged with mobile phone-activated detonators against shipping in the busy Suez Canal, and learned about explosives from al-Qaida militants on jihadi Web sites, the statement said. One of the suspects in the case announced on July 9 crossed into the Gaza Strip to meet up with the Palestinian Army of Islam group to receive instructions on attacking vital and important targets in Egypt, the ministry said. A group by that name did once operate in Gaza, but was later dismantled by the local Hamas rulers. Also July 9, a security official in northern Sinai said 1,550 pounds (700 kilograms) of TNT destined for Palestinian militants in the Gaza Strip was found during a search of a storage area outside the city of el-Arish in the northern Sinai Peninsula. The official, speaking on condition of anonymity because he was not authorized to speak to the media, said no arrests were made. In Lebanon, meanwhile, a military court convicted 12 Palestinians, also described as inspired by al-Qaida, of committing terrorist attacks. Five of them were sentenced in absentia and given life in prison. All the defendants, most of whom are Palestinians, were members of the militant Fatah Islam group, which battled Lebanese troops for three months in northern Lebanon in 2007. The 12 were found guilty of carrying out bomb attacks in the north and south of the country and establishing an armed gang with the aim of attacking people and weakening state authority. Source:

 FOX News reports that police in New York City are scrambling to locate the producers of a YouTube video that depicts a stolen replica of the Statue of Liberty blindfolded, beheaded, and smashed into pieces — a display that one terror expert says is intended to “instill fear” in Americans. (See item 49)

49. July 9, FOX News – (New York) NYPD probes beheading of Statue of Liberty replica seen on YouTube video. Police in New York City are scrambling to locate the producers of a YouTube video that depicts a stolen replica of the Statue of Liberty blindfolded, beheaded and smashed into pieces — a display that one terror expert says is intended to “instill fear” in everyday Americans. The 59-second video shows the 8-foot, 200-pound replica statue, which was stolen from a Brooklyn coffee shop last month, being decapitated and pulverized — accompanied by the words “We don’t want your freedom” and “Death to America.” A NYPD detective told that investigators are searching for whoever stole the statue. That individual or individuals could face charges of criminal possession of stolen property and grand larceny or petit larceny. Computer experts are also trying to determine who posted the video, the detective said. The video, which was dated July 4, was sent anonymously to the New York Daily News and to the owner of Vox Pop, a coffee shop known for left-wing-leaning political debate. The clip had been viewed at least 2,500 times as of midday Thursday. A $250 reward has been offered for the statue’s return, the Post reported. Calls to the FBI in New York were not immediately returned. Source:,2933,531062,00.html?test=latestnews


Banking and Finance Sector

14. July 10, IDG News Service – (National) Text message scammers quietly prey on regional banks. Law enforcement and security experts say that for more than a year now, scammers have been using scam text messages to prey on small regional banks and their customers. And according to a report set to be released on July 14 by Cisco Systems, the problem has only been getting worse in recent months. “It’s a serious problem,” said a security researcher with Cisco. Here is how the scam works. The criminals pick a bank, say a credit union in Medford, Oregon, then they bombard every phone in Medford’s 541 area code with a phishing message sent by SMS (Short Message Service) telling the victims to call a fake 800 number that looks like it is from a local credit union. Because they are targeting a bank in the region, the bad guys have a pretty good chance of hitting real customers who may not have heard about the scam. The scammers use the open-source asterisk software to set up a fake voice-operated system and steal information when people enter their account numbers, passwords and other sensitive information to authenticate themselves on the system. When the criminals use this information to transfer money overseas, the banks take the loss. By targeting regional banks, the scam has managed to stay somewhat under the radar and not attract a lot of attention, said a computer crimes specialist with the National White Collar Crime Center. Big banks have large security teams set up to tackle this type of fraud, but with a regional institution such as a credit union, “their entire IT team for the bank might be only five people,” he said. Another problem for the banks is that the scam subverts one of the main techniques that banks and security experts have been trying to drill into their customer’s heads for years now, the specialist said. “We always say, ‘If you have any questions, call your bank, or they’ll call you.’ Well SMS is pretty close to calling your bank. It gets to the point where it’s like, ‘What do we tell people to do now?’” Source:

15. July 10, Reuters – (National) U.S. SEC, CFTC to police OTC derivatives – document. The U.S. Treasury Secretary is expected to propose on July 10 giving securities and futures regulators authority to police the largely unregulated over-the-counter derivatives market, according to a document obtained by Reuters. “Our plan will help prevent market manipulation, fraud and other abuses by providing full information to regulators about activity in the OTC derivative markets,” the Treasury Secretary said in the testimony to be delivered to Congress. The $450 trillion privately-traded global derivatives market includes credit default swaps, the financial instrument that nearly toppled insurer American International Group. Later on July 10, the Treasury Secretary is due to testify before two key Congressional committees on the government’s plan to regulate derivatives. According to the document, all major dealers such as JPMorgan Chase and Goldman Sachs would be subject to “substantial supervision and regulations,” including conservative capital requirements and strong business conduct standards. The Securities and Exchange Commission, which oversees securities, and the Commodity Futures Trading Commission, which supervises futures markets, would have authority to impose recordkeeping and reporting requirements on the derivatives. The SEC and the CFTC would also have clear authority for civil enforcement and regulation of fraud, market manipulation and other abuses, the document said. Source:

16. July 9, Los Angles Times – (California) SEC says California IOUs are ‘securities’ under U.S. law. As expected, the Securities and Exchange Commission on July 9 decided that California’s IOUs are “securities” under the agency’s definition. The SEC’s move will not have any effect on the state’s ability to issue the IOUs, because the agency has no jurisdiction over state governments. Rather, the decision is aimed at limiting the potential for recipients of the IOUs to be defrauded by individuals or companies that offer to buy the scrip, which cash-strapped California is issuing to pay certain of its bills. The state says the IOUs will accrue tax-free interest at a 3.75 percent annualized rate and will be redeemed for cash on October 2. “As securities, the IOUs are subject to the antifraud provisions of the securities laws,” the SEC said in a statement. “As a result, buyers and sellers will have certain rights and remedies for fraud, and the Commission will be able to take action against any person committing fraud in connection with the purchase or sale of an IOU.” Source:

17. July 8, Reuters – (New York) NY says 13 indicted in $100 million mortgage fraud. Thirteen people and an unspecified mortgage origination company are under indictment for a $100 million mortgage fraud scheme, the Manhattan District Attorney’s office said on July 8. Another dozen defendants who also participated in the purported scheme have already waived indictment and pleaded guilty, the District Attorney’s office said. The defendants include lawyers, bankers, appraisers and mortgage brokers, according to his office.


Information Technology

42. July 10, IDG News Service – (International) Twitter suspends accounts of users with infected computers. Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace. The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person’s Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC. The popular microblogging service has had a strong impact as a new communication platform. Bis also being targeted by fraudsters and hackers, who are using it as a way to infect people’s PCs with malicious software. Twitter is the latest site to be targeted by a Koobface variant, said a senior security advisor for Trend Micro. Other sites have included Bebo, Hi5, Friendster and LiveJournal, according to the U.S. Computer Emergency Readiness Team. Source:

43. July 10, Bloomberg – (International) South Korea blocks sites to help end cyber attacks. South Korea blocked five Internet addresses to help end the cyber attacks that sought to cripple dozens of Web sites in the nation and the U.S. recently. Web sites based in the U.S., South Korea, Germany, Austria and Georgia may have spread malicious code, the Korea Communications Commission said on July 10. The software, whose targets included Korea’s presidential office and the U.S. State Department, may begin self-destructing from July 10 by erasing the hard drives of infected computers, according to Seoul-based Ahnlab Inc., the nation’s largest maker of anti-virus software. South Korean and U.S. authorities are seeking to trace the attackers after they infected an estimated 20,000 computers using a tactic called “distributed denial of service” to crash Web sites by flooding them with data. While the scheme itself is common, the targeting of government sites and the coordinated nature of the assaults the week of July 6 was unusual, according to some security-industry officials. “I believe they want to warn the government,” said a technical support director at Internet security firm Trend Micro Inc. in Taipei. “Most DDoS attacks are for a specific purpose — mostly it’s them wanting to make money — but this time the purpose was to attack the Korean government and the U.S. government.” Source:

See also: Korea DDOS virus mission shifts to destroying, erasing data and S. Korea says attackers used IP addresses in 5 nations

44. July 9, Computer Associates & CNET News – (International) Users upset after CA anti-virus detects Windows system file as virus. Users of Computer Associates anti-virus software were complaining on July 9 after the company’s anti-virus software mistakenly identified a Windows XP systems file as a virus. Some customers were concerned that the Windows Service Pack 3 and files from the commercial Cygwin application files deleted when they could not find them. However, CA said the files were intact but quarantined and the file extensions were modified. CA said it learned on July 8 that its software had detected the file “Win32/AMalum.ZZQIA” as a false positive and was urging customers to update Signature 6606 to address the situation. Through its customer support CA also is offering a tool to search for the affected files and restore them to the original extension. Source:

Communications Sector

45. July 10, Albuquerque Express – (National) “Space Internet” to link planets by 2011. NASA missions are planning to adopt the Disruption Tolerant Networking (DTN) system, or “Space Internet,” which has the potential to link planets, by the year 2011. According to a report in National Geographic News, the DTN system, which has entered another phase of testing, will allow astronauts to Google from the moon or tweet their observations from space. But DTN provides far more than a connection to check email. It is also essential for simplifying space command and control functions-such as power production or life-support systems-crucial for future space initiatives. “You need an automated communications technology to sustain planetary exploration on the scale that NASA and others want to perform over the next decade,” said a senior research associate at BioServe Space Technologies at the University of Colorado, Boulder. “DTN enables the transition from a simple point-to-point network, like a walkie-talkie, to a true multimode network like the Internet,” he added. After a decade of development, DTN has advanced quickly over the past year, and NASA missions are planning to adopt the network by 2011. Source:

46. July 9, Waco Tribune-Herald – (Texas) Grande restores Waco cable service after limited disruption. About 20 percent of Grande Communications’ cable customers in Waco lost service on July 9 when a fiber accidentally was cut near the Grande headquarters at 7200 Imperial Drive. They lost cable service about 1:45 p.m., and did not get it restored until three hours later, said the general manager of Grande operations locally. The general manager said Grande’s Internet and telephone services were not affected. He said another company digging near Grande cut the main fiber, forcing Grande to find alternate fiber routes to restore service. He said crews probably will work all night restoring the main fiber. Source: