Department of Homeland Security Daily Open Source Infrastructure Report

Monday, October 5, 2009

Complete DHS Daily Report for October 5, 2009

Daily Report

Top Stories

 According to the Associated Press, FBI agents are investigating any possible similarities between two recent bomb threats made on American Airlines flights between Miami and Boston, authorities said on October 1. (See item 15)


15. October 1, Associated Press – (National) FBI probes bomb threats on American flights. Federal Bureau Investigation (FBI) agents are investigating any possible similarities between two recent bomb threats made on American Airlines flights between Miami and Boston, authorities said Thursday. An FBI spokeswoman said Thursday that agents are looking for common threads between the two cases. In the most recent incident Wednesday in Boston, a flight attendant found the words “bomb on board, Boston-Miami” scrawled on a bathroom cabinet. The aircraft was evacuated and luggage searched, though no bomb was found. On September 17, a flight attendant found a threatening note in a bathroom. The note used the word “bomb” and said explosives might be on board, the FBI said. The flight had taken off from Miami International Airport around 9:30 p.m. and had to return about 40 minutes later. The plane was searched and bags were re-screened after 168 passengers and six crew members safely disembarked. Nothing turned up in the search, according to the Transportation Security Administration. The passengers stayed overnight in Miami and left the next morning for Boston. American Airlines did not immediately return a call seeking comment. Source: http://www.msnbc.msn.com/id/33130494/ns/travel-news/


 The Register reports that two ongoing scams are tricking Google and other search engines into prominently displaying millions of compromised Web pages that attempt to hijack end users’ computers or steal their credit card numbers, researchers said. (See item 41 below in the Communications Sector)


Details

Banking and Finance Sector

11. October 2, Gaithersburg Gazette – (National) Community bankers wary of FDIC proposal. A proposal by the Federal Deposit Insurance Corp. (FDIC) requiring banks to prepay their annual assessments due through 2012 is better than another special assessment, but still needs some fine-tuning, Maryland bankers said Thursday. The fund, which insures bank deposits when institutions fail, was expected to reach a negative balance this week under the weight of increasing bank failures, FDIC officials said. So far this year, 95 banks have failed, compared with 26 all of last year, three in 2007 and none in 2006 and 2005. The FDIC is doing a great job dealing with the challenges of the recession, but the prepayment proposal needs to make sure that smaller community banks are not shouldering a disproportionate share of the assessments, said the president and CEO of Easton Bank and Trust Co. in Easton, Maryland. He is also chairman of the Independent Community Bankers of America, an organization in Washington, D.C., representing community banks. The FDIC should consider a discount for banks that prepay and should base the assessment on assets

minus core capital, not domestic deposits, he said. Using the latter method would exempt many of the assets owned by larger banks that are considered to be “too big to fail” by the government, he said. Source: http://www.gazette.net/stories/10022009/businew174459_32523.shtml


12. October 2, Associated Press – (National) TD Bank says it will refund fees from glitch. TD Bank says it will reimburse customers who incur fees because of computer problems that have delayed transaction postings all week. The bank, based in Cherry Hill, New Jersey, and Portland, Maine, says the problem came about as it tries to integrate the computer systems of the old TD Banknorth and Commerce Bank. The problem means direct deposits are not showing up immediately — and that could cause some people to be short of funds. On the bank’s Web site, it says it will not charge customers any fees because of the problem and that it will reimburse them for fees charged by other banks. Source: http://www.bankerandtradesman.com/news134996.html


13. October 1, WGN 9 Chicago – (Illinois) Former bank security head admits kickback scheme. A man who once oversaw security for LaSalle Bank pleaded guilty to one count each of bribing a bank official, bank fraud and tax fraud, according to prosecutors. The man, who did not reach a plea deal with prosecutors, faces up to 63 years in prison when he is sentenced January 13. He was charged in 2007 with soliciting $400,000 in kickbacks to steer bank security business to the owner of Integrity Security Solutions of Wood Dale. Source: http://www.chicagobreakingnews.com/2009/10/former-bank-security-head-admits-kickback-scheme.html


14. September 30, Bloomberg – (California) Golden State Mutual seized by California regulator. Golden State Mutual Life Insurance Co., the Los Angeles-based company that failed to make a profit for five straight years, was seized by California regulators after the insurer sold assets to cover losses. Golden State, which operates in 12 states, was served an “order of conservation” and must stop selling new policies immediately, the state insurance commissioner said today in a statement. The regulator will oversee payment of claims and receipt of premiums as it winds the company down. Life insurers have reported losses and profit declines in the past year as investments they hold to back policies fell in value. A.M. Best Co., which rates the ability of insurers to pay claims, said in May the investment losses will cause an increasing number of companies to be seized by state regulators this year and next. Golden State ranked 103rd in life insurance sales in California in 2007, according to data from the National Association of Insurance Commissioners. Source: http://www.bloomberg.com/apps/news?pid=20601103&sid=aPnr8jhvpPr4


Information Technology


37. October 2, The Register – (International) Google Chrome update fills in parsing bug. Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole. Chrome version 3.0.195.24 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome’s engine is of a type that might lend itself to drive-by download attacks, as explained in a Google advisory. Although any malware would only run inside Chrome’s sandbox, Google still defines the flaw as “high risk.” Security notification firm Secunia goes further and describes the flaw, discovered by a researcher at SecurityReason, as “highly critical.” Source: http://www.theregister.co.uk/2009/10/02/google_chrome_security_update/


38. October 1, Network World – (International) Security researchers ask: Does self-destructing data really vanish. Researchers the week of September 28 published a paper describing how they broke Vanish, a secure communications system prototype out of the University of Washington that generated lots of buzz when introduced over the summer for its ability to make data self-destruct. Researchers at Princeton University, the University of Texas, and the University of Michigan wondered how well the system could really stand up to attack and figured out how to beat Vanish. Their paper is titled “Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs.” Vanish exploits the churn on peer-to-peer networks by creating a key whenever a Vanish user puts the system to use and then divvying up that key and spreading across the P2P net. Such networks, the same kinds used to share music and other files, change over time as computers jump on or off. As such, portions of the key disappear forever and the original message can not be unencrypted. One researcher wrote that after reading about Vanish during the summer: “I realized that some of our past thinking about how to extract information from large distributed data structures might be applied to attack Vanish. [A fellow researcher] grabbed the project and started doing experiments to see how much information could be extracted from the Vuze DHT [Vuze is the P2P network used by Vanish and DHT is a distributed hash table]. If we could monitor Vuze and continuously record almost all of its contents, then we could build a Wayback Machine for Vuze that would let us decrypt [vanishing data objects] that were supposedly expired, thereby defeating Vanish’s security guarantees.” The University of Washington researchers note that Vanish does not have to be wedded to Vuze and in fact might be better based on a hybrid system that uses multiple distributed storage systems. They write: “However, we recommend that at this time, the Vanish prototype only be used for experimental purposes. We do encourage researchers, however, to analyze it and improve upon it. We strongly believe that realizing Vanish’s vision would represent a significant step toward achieving privacy in today’s unforgetful age.” Source: http://www.networkworld.com/news/2009/100109-vanish-researchers-crack.html


39. October 1, PC World – (International) Blackberry update fixes phishing flaw. Research In Motion on September 30 announced a new BlackBerry patch that fixes a display flaw that could help phishers conduct an attack. The flaw involves the dialog box that displays when a BlackBerry user visits a supposedly secured site that uses a mismatched security certificate. If a scammer creates a certificate that uses hidden (null) characters, the BlackBerry browser will correctly recognize a mismatch between such a certificate and a Web site’s name and display a warning dialog. However, the old dialog does not display hidden characters, which could make the certificate and site name look the same in the warning and lead users to ignore it. The new version will correctly display hidden characters in the dialog box. According to a RIM security advisory post, all versions of the BlackBerry Device Software need the patch, which is available from http://www.blackberry.com/updates/. Source: http://www.pcworld.com/article/172968/blackberry_update_fixes_phishing_flaw.html


For another story, see item 41 below


Communications Sector

40. October 1, Broadband DSL Reports – (National) CallCentric suffers national VoIP outage. Users in DSL Reports’ VoIP forum indicate that VoIP provider Callcentric had a national outage since around 11 a.m. Thursday, something users say is fairly uncommon for the operator. The company’s Web site was also up and down for much of the day. “All our engineers and developers were notified about 30 seconds after it started by both internal and external monitoring systems,” says the company. “We sincerely apologize for this outage and once we have restored service we will be investigating the cause further.” Source: http://www.dslreports.com/shownews/CallCentric-Suffers-National-VoIP-Outage-104772


41. October 1, The Register – (International) Google results flog millions of compromised Web pages. Two ongoing scams are tricking Google and other search engines into prominently displaying millions of compromised Web pages that attempt to hijack end users’ computers or steal their credit card numbers, researchers said. One of the attacks is being used to direct people searching the Web to an online store hawking pirated copies of popular software titles. Plugging the phrase “cheap vista for students” into Google, for instance, returned more than 19 million results, many of which redirected users to a site called soft4pcs.com. A separate attack is the work of a botnet dubbed ASProx, which injects malicious links into misconfigured ASP Web pages. Users who enter a wide array of search queries, such as “used corvette parts”, received results pointing to a page that redirected to ads-t.ru, which attempted to serve a hostile Adobe Flash file that installs malware. The director of research in computer forensics at the University of Alabama at Birmingham said that Google was returning more than 3.2 million results that contained the malicious script and Bing showed 188 million. Those numbers were significantly smaller when The Register tried the same search about 10 hours after the blog item was published. The attacks highlight the intricate role search engines, Web sites, domain name registrars, and Web hosts play in enabling campaigns that have the potential to scam large numbers of people. Most of the compromised Web pages appeared to be hosted by legitimate Web sites with administrators who simply were not careful enough. “We don’t comment on individual sites, but there is nothing particularly new going on here as far as I can tell,” a Google spokesman wrote in an email to The Register. “I think it’s important to keep in mind that search engines are a reflection of the content and information that is available on the Internet.” Representatives of Yahoo did not respond to emails seeking comment. Source: http://www.theregister.co.uk/2009/10/01/mass_compromise_google_results/


42. September 30, California Democrat – (Missouri) KRLL radio takes lightning hit. Lightning took California, Missouri radio station KRLL 1420 AM off the air when the station’s tower was struck on Friday evening, September 26. The lightning hit took out the station’s transmitter as well as causing other damage to devices on the tower. According to the KRLL owner, the transmitter sustained a large amount of damage. New equipment must be procured and installed on the tower. The warning light on the tower was also shattered, and the pieces are scattered over a wide area. Source: http://www.californiademocrat.com/articles/2009/09/30/news/092cal19krll09.txt


43. September 29, Periscope IT – (International) Gmail outage caused by heavy usage. Google’s Internet outage was caused by increased traffic levels that resulted from a change to the system code. The company was also hit by higher than normal traffic for its contacts service and suffered other data center issues. Highlighted in a report published by Google, the findings followed a thorough investigation and review. “The engineering team has determined that the root cause of the contacts issue was a high load on the service,” the report said. Affecting the company’s Google Apps and Google Talk accounts, some users were left without email services for almost 24 hours, however the majority of users did not experience problems for this long. Google also suffered a hit on its world-wide news aggregation service, Google News. When questioned by Computer World, a spokesperson for the firm did not make clear what had caused the outage. Source: http://www.periscopeit.co.uk/website-monitoring-news/article/gmail-outage-caused-by-heavy-usage/512