Tuesday, October 20, 2009

Complete DHS Daily Report for October 20, 2009

Daily Report

Top Stories

Nextgov reports that NASA networks contain security weaknesses that open up highly sensitive personal and scientific data to hackers, possibly affecting space missions, according to a report released on October 15 by the Government Accountability Office. (See item 12)

12. October 16, Nextgov – (National) NASA systems and data vulnerable to hackers, malicious employees. NASA networks contain security weaknesses that open up highly sensitive personal and scientific data to hackers, possibly affecting space missions, federal auditors said. The Government Accountability Office (GAO), in a report released on Thursday, found that NASA centers failed to restrict access to legitimate users. Also, the NASA centers that GAO audited had not applied a critical patch for a program bug on a number of outside applications, and the agency’s e-mail systems allowed file attachments that could be harmful. “As a result, increased risk exists that an attacker could exploit known vulnerabilities in these applications to execute malicious code and gain control of or compromise a system,” the report states. Three centers the audit agency assessed did not always restrict access to sensitive files or prevent improper remote access. Therefore, networks were at a higher risk of allowing users to “gain inappropriate access to computer resources, circumvent security controls, and deliberately or inadvertently read, modify or delete critical mission information,” GAO officials stated. Separately, NASA acknowledged that one facility reported the theft of a laptop containing data subject to International Traffic in Arms Regulations, which cover permanent and temporary export, as well as temporary import of defense articles and services. In February, the department found that 82 NASA devices had been communicating with a malicious server, most likely in Ukraine, since January. The specific vulnerabilities that GAO identified include a lack of effective passwords, coding of sensitive data, monitoring of security-relevant events, and physical security. Two centers did not require users to create long passwords and users did not need any passwords to access certain network devices. In addition, passwords were not encrypted, or converted into a secret code. The Jet Propulsion Laboratory in Pasadena, California, a contractor-operated facility supporting NASA’s efforts to explore the Moon and Mars, did not require contractors to deploy major parts of its information security program. And the contract does not cite the oversight roles of the agency’s administrator, chief information officer or its senior agency information security officer. Source: http://www.nextgov.com/nextgov/ng_20091016_8808.php?oref=topnews

 Bloomberg reports that a billionaire hedge-fund manager, who founded the Galleon Group in 1997, was arrested with five alleged conspirators in New York and California on October 16 in what prosecutors called the biggest insider-trading ring targeting a hedge fund. (See item 16 below in the Banking and Finance Sector)


Banking and Finance Sector

15. October 19, Reuters – (International) Financial services industry hit hardest by fraud according to global report. The global financial services industry saw a dramatic spike in fraud activity with companies losing an average of $15.2 million over the past three years, according to the latest edition of the Kroll Annual Global Fraud Report. Despite sector-specific spikes and declines in fraud activity, the worldwide fraud rate remained steady in 2009. Companies lost an average $8.8 million to fraud over the past three years, an increase of seven percent over last year`s figure which stood at $8.2 million. The findings are the result of a survey Kroll commissioned from the Economist Intelligence Unit of more than 700 senior executives worldwide. Fraud levels varied markedly by sector with five industries experiencing a rise in fraud losses (financial services; professional services; healthcare, pharmaceuticals & biotechnology; retail, wholesale & distribution; and travel, leisure & transportation) and five sectors reporting declines (manufacturing; technology; media & telecoms; natural resources; and consumer goods & construction). Source: http://www.reuters.com/article/pressRelease/idUS92412+19-Oct-2009+BW20091019

16. October 19, Bloomberg – (National) U.S. said to target wave of insider-trading networks. Federal investigators are gearing up to file charges against a wider array of insider-trading networks, some linked to the criminal case against a billionaire hedge-fund manager that shook Wall Street recently, people familiar with the matter said. U.S. prosecutors allege that the billionaire’s own hedge fund was illegal. He was arrested on October 16 at his home on Manhattan’s Sutton Place, charged with using inside information to trade shares including Google Inc., Polycom Inc., Hilton Hotels Corp. and Advanced Micro Devices Inc., according to complaints. The billionaire hedge-fund manager, who founded the Galleon Group in 1997, was arrested with five alleged conspirators in New York and California on October 16 in what prosecutors called the biggest insider-trading ring targeting a hedge fund. Prosecutors said he and his firm reaped as much as $18 million by investing on tips from a hedge fund, a credit- rating firm and employees within companies including Intel Capital, McKinsey & Co. and IBM Corp. The pending crackdown, based on at least two years of investigation, targets securities professionals including hedge- fund managers, lawyers and other Wall Street players, the people said, declining to be identified because the cases are not public. Some probes, like the one that focused on the billionaire, rely on wiretaps. Others stem from a secret Securities and Exchange Commission data-mining project set up to pinpoint clusters of people who make similar well-timed stock investments. Investigators have struggled for years to build cases against large institutional investors such as hedge fund managers, who often deflect regulatory queries about suspiciously timed bets, arguing they are statistical flukes amid their millions of trades. The case against the billionaire, built on recorded conversations within a web of alleged conspirators, offers a glimpse of how U.S. investigators are using more aggressive tactics to cut through the blizzard of trading and trace the flow of information. Source: http://www.bloomberg.com/apps/news?pid=20601103&sid=ajxDWr3piK3M

17. October 19, KCCI 8 Des Moines – (Iowa) Bomb squad called for suspicious bag. Des Moines police blocked off a street near a credit union after a suspicious package was reported in front of the building. The call came in around 6:30 am on October 19 when a suspicious item was found in front of the Community Choice Credit Union. Police blocked off the street at East 7th Street and Lyon Street. A Des Moines police spokeswoman said the suspicious item was a black duffel bag with a cell phone on top of it. Police took the situation seriously based on the cell phone on the bag, and the location, which is just a couple of blocks from the Iowa Statehouse complex. A KCCI News reporter reported from the scene that a member of the bomb squad opened the duffel bag, which appeared to have only clothing in it. A bomb squad robot was first deployed to take images of the suspicious item. The reporter said the package was cleared and the streets have been reopened. Source: http://www.kcci.com/news/21335946/detail.html

18. October 17, CNN – (California) FDIC announces 99th bank failure. The nation’s tally of 2009 bank casualties hit 99 Friday night when state regulators closed San Joaquin Bank, based in Bakersfield, California. This was the tenth bank to fail in that state. Customers of San Joaquin Bank are protected, however. The Federal Deposit Insurance Corp., which has insured bank deposits since the Great Depression, currently covers customer accounts up to $250,000. The Citizens Business Bank in Ontario, California will assume all of San Joaquin Bank’s $631 million deposits, according to the FDIC. Citizens also entered into a loss-share agreement with the FDIC on $683 million of San Joaquin Bank’s $775 million in assets. The October 16 closure will cost the FDIC an estimated $103 million. Source: http://money.cnn.com/2009/10/16/news/economy/bank_failure/?postversion=2009101710

19. October 17, New Jersey Star Ledger – (New Jersey) Hamburg businesses evacuated after bomb threat at Wachovia bank. Businesses near the intersection of Route 23 and Route 94 in Hamburg were evacuated on October 17 after a bomb threat at a Wachovia bank on Route 23 spurred a police search. The bomb threat was reported around 11:15 a.m. and neighboring businesses were emptied and shut down, said a Hamburg Police sergeant. No explosives were found on the bank premises during the search. The area was cleared around 5:15 p.m., the sergeant said. Source: http://www.nj.com/news/index.ssf/2009/10/hamburg_businesses_evacuated_a.html

Information Technology

37. October 19, ComputerWorld – (International) Hijacked Web sites attack visitors. Here is the scenario: Attackers compromise a major brand’s Web site. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. The issue goes unnoticed until it is exposed publicly. Such attacks are a common occurrence, but most fly under the radar because the users never know that a trusted Web site infected them, says a senior director of product management at Symantec Corp. When his company tracks down the source of such infections, it often quietly notifies the Web site owner. But word can get out, leaving the Web site’s customers feeling betrayed, and seriously damaging a brand’s reputation. Attackers, often organized crime rings, gain entry using techniques such as cross-site scripting, SQL injection and remote file-inclusion attacks, then install malicious code on the Web server that lets them get access to the end users doing business with the site. “They’re co-opting machines that can be part of botnets that send phishing e-mail, that are landing sites for traffic diversion and that host malware,” says the chief marketing officer at MarkMonitor. But because the business’s Web site isn’t directly affected, the administrators of most infected Web sites don’t even know it’s happening. Source: http://www.computerworld.com/s/article/342457/Visitors_Under_Attack?taxonomyId=16

38. October 18, CNET – (International) Firefox blocks insecure .Net add-on—awkwardly. Mozilla on October 16 disabled a Microsoft plug-in for Firefox called the .Net Framework Assistant because of a security problem—then scrambled to give people with patched systems an override option. Mozilla’s vice president of engineering, announced the first step late on October 16 on his blog. “It’s recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on,” he said. “Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.” This warning sign greeted The .Net Framework Assistant add-on lets Firefox use Microsoft’s ClickOnce technology for installing applications that run on its .Net programming foundation. The add-on already was something of a thorn in the sides of some Firefox users: it was automatically installed via Windows Update with the .Net Framework 3.5 Service Pack 1 without telling the user the add-on was being installed or giving an option. More hackles were raised because it was not compatible with Firefox 3.5, the vice president said, and because removing it initially required people to edit their Windows Registry—a technically onerous task for most people. Mozilla’s add-on blocking technology could not tell if people had patched their software and so were not vulnerable anymore. “We can’t distinguish patched from unpatched, so we’re blocking it while we sort that out,” Mozilla’s vice president of engineering twittered. Over the weekend, Mozilla worked to remedy the situation. Source: http://news.cnet.com/8301-30685_3-10377445-264.html

Communications Sector

39. October 18, Cellular-news – (District of Columbia) Improved cell phone coverage for Washington underground railway. Sprint Nextel has announced the availability of mobile phone coverage within the Washington DC underground railway network. The coverage is available in 20 of the network’s 47 underground stations. Sprint expects to offer service in the Metro’s remaining underground stations by the autumn of 2010. Service should be available in 50 percent of the Metro system’s tunnels by the fall of 2011, with complete coverage expected to be established in all the tunnels by the fall of 2012. Verizon Wireless, Sprint Nextel, AT&T and T-Mobile are jointly building the new wireless network that is currently being installed. The firms also will build a second wireless network, which Metro will own, operate and maintain for Metro’s own public safety and operational communications. Sprint has traditionally offered coverage on the Metro, but only via a roaming agreement with an older Verizon network. Stations with this expanded service include: Ballston, Bethesda, Columbia Heights, Crystal City, Dupont Circle, Farragut North, Farragut West, Federal Triangle SW, Foggy Bottom-GWU, Friendship Heights, Gallery Place-Chinatown, Judiciary Square, L’Enfant Plaza, McPherson Square, Metro Center, Pentagon, Pentagon City, Rosslyn, Smithsonian and Union Station. The wireless contract will generate a minimum of nearly $25 million during the initial 15-year term and an additional $27 million during the five, two-year renewal terms. Source: http://www.cellular-news.com/story/40109.php