Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, August 25, 2009

Complete DHS Daily Report for August 25, 2009

Daily Report

Top Stories

 According to Reuters, Singapore has downplayed media reports of a plot to attack the Asia-Pacific Economic Cooperation summit in Singapore in November, the Straits Times newspaper reported on Monday. The U.S. President will attend the summit. An investigation also revealed that terrorists planned to use snipers to attack the President’s convoy during a planned visit to Indonesia around the same time. (See item 29)


29. August 24, Reuters – (International) Singapore shoots down “rumor” of APEC attack plot. Singapore has downplayed media reports of a plot to attack an Asia-Pacific summit in the city-state in November, the Straits Times newspaper reported on Monday. The Singapore Police Force and the Ministry of Home Affairs were not available for immediate comment. An intelligence analyst from the Center for Intelligence and National Security in Indonesia told Reuters last week probes into last month’s bombings in Jakarta had uncovered a plot to target the Asia-Pacific Economic Cooperation (APEC) summit in Singapore. The U.S. President and other leaders of the 21-member APEC group will attend the mid-November summit in Singapore, a regional financial center and shipping hub. The investigation also revealed that terrorists planned to use snipers to attack the President’s convoy during a planned visit to Indonesia around the same time. The second home affairs minister said Singaporean authorities took security “very seriously.” Source: http://www.reuters.com/article/topNews/idUSTRE57N0N920090824


 The Associated Press reports that a girl died and 11 people were taken to the hospital after they were swept into the water on Sunday off Acadia National Park’s Thunder Hole in Maine, where an estimated 10,000 tourists gathered to try to get a good view of waves more than 15 feet high crashing against the rocky shore. (See item 40)


40. August 24, Associated Press – (Maine) Bill weakening after leaving 2 dead on East Coast. Hurricane Bill was hundreds of miles from shore and weakening as East Coast wave watchers and surfers came out to meet the storm. A 7-year-old girl died in Maine after she, her father, and a 12-year-old girl were swept into the water on August 23 off Acadia National Park’s Thunder Hole, where tourists often gather to watch waves crash into a crevasse and make a thundering sound while splashing high in the air. Park officials at Acadia National Park, about 110 miles northeast of Portland, said an estimated 10,000 people, lured by the wild ocean, converged on the park’s loop road trying to get a good view of waves more than 15 feet high crashing against the rocky shore. “The problem was there were thousands and thousands of people to try to keep an eye on,” said the chief ranger. The U.S. Coast Guard reported that the waves swept over 20 people. The chief ranger said 11 people were taken to the hospital, mainly for broken bones after being slammed onto the rocks. A Thunder Hole viewing platform was closed, and they were among hundreds of people watching the waves from nearby rocks. Many people did not even move when the waves splashed them and instead seemed to laugh it off, the chief ranger said. Source: http://www.google.com/hostednews/ap/article/ALeqM5gVWjsPEiqe1tEu2mhBIRaxxGi8owD9A93BK02


Details

Banking and Finance Sector

11. August 22, Credit Unions Online – (Alabama; Georgia; Texas) 4 banks closed by the FDIC on August 21st. The Federal Deposit Insurance Corporation (FDIC) took over 4 banks on Friday, August 21, 2009. These closings bring the total for the year to 81. The banks closed are located in Alabama, Georgia, and Texas. The banks include Guaranty Bank, Austin, Texas; CapitalSouth Bank, Birmingham, Alabama; First Coweta Bank, Newnan, Georgia; and ebank, Atlanta, Georgia. Source: http://www.creditunionsonline.com/news/2009/4-Banks-Closed-by-the-FDIC-on-August-21st.html


12. August 21, Investment News – (California) Court freezes San Diego firm’s funds after SEC accuses it of fraud. The Securities and Exchange Commission yesterday received a court order from the U.S. District Court for the Southern District of California to freeze the assets and halt alleged ongoing securities fraud by MAK 1 Enterprises Group LLC of San Diego. In its complaint, the SEC alleged that its owner claimed to have raised $70 million from 300 investors through his company, MAK 1 Enterprises — which provides business solutions, and wealth preservation and enhancement through consulting and private portfolio management, according to its website — and used the money to buy cars and homes. In reality, the SEC charges, the average daily balance in the account never exceeded $197,000. The complaint alleged that the owner and his company solicited investors in California and several other states and claimed to pool the funds to invest in commercial paper, foreign currency trading products and other guaranteed investments, the SEC said in a statement. But the investment products were non-existent and the accused used the money to buy luxury cars and residential properties, the SEC alleged. Source: http://www.investmentnews.com/apps/pbcs.dll/article?AID=/20090821/REG/908219983


Information Technology


34. August 21, The Register – (International) Open-source firmware vuln exposes wireless routers. A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made by Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it. The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many router users install to give their device capabilities not available by default. The bug allows unauthenticated users to remotely gain root access simply by luring someone on the local network to a malicious website. Messages sent through the DD-WRT website to the software designers were not returned by time of publication, but comments posted to this user forum thread said the vulnerability affected the most recent builds, prompting a user by the name of autobot to declare the vulnerability a “mini code red.” Source: http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/


35. August 21, SCMagazine – (National) Researcher details Facebook CSRF flaw. A security researcher this week described a flaw that hackers could exploit to siphon Facebook users’ personal information, without their knowledge, through the use of a rogue application. The researcher said that to be infected, a user must merely open a non-related website, ideally an online forum, where the attacker has seeded a malicious image tag link. If successful, the perpetrator could evade privacy settings and retrieve victims’ full names, profile pictures and friend’s lists. He described the cross-site request forgery (CSRF) vulnerability — which Facebook has since fixed — Wednesday on his Quaji blog. Much of the blame for the bug rests on a site feature known as “Automatic Authentication,” he said. This component allows Facebook applications to receive personal information about a user when he or she visits the application’s “canvas page.” Source: http://www.scmagazineus.com/Researcher-details-Facebook-CSRF-flaw/article/146986/

Communications Sector

36. August 23, WNEP 16 Scranton – (Pennsylvania) Verizon building filled with smoke. There was no major damage, but a lot of smoke at a fire in Lackawanna County, Pennsylvania on August 22. Firefighters said a cord on a generator caught fire inside the Verizon building in Olyphant around 9 a.m. No one was hurt, but there was some smoke damage to the building. The building supplies phone service to sections of the valley. Verizon officials said customers were not affected by the fire in Lackawanna County. Source: http://www.wnep.com/wnep-lacka-verizon-smoking,0,1286609.story