Department of Homeland Security Daily Open Source Infrastructure Report

Monday, October 26, 2009

Complete DHS Daily Report for October 26, 2009

Daily Report

Top Stories

 The Associated Press reported an explosion at a Gulf gasoline facility on October 23 that rocked a neighborhood outside Puerto Rio’s capital, causing minor injuries, forcing evacuations as firefighters raced to prevent additional blasts, and causing the diversion of air traffic away from the area. (See item 1)


1. October 23, Associated Press – (Puerto Rico) Explosion rocks Gulf facility in Puerto Rico. An explosion at a Gulf gasoline facility on October 23 rocked a neighborhood outside Puerto Rico’s capital, causing minor injuries and forcing evacuations as firefighters raced to prevent additional blasts. Several columns of black smoke and flames were rising from the Caribbean Petroleum Corp., a gasoline warehouse and distribution center on San Juan’s bay that owns the Gulf brand in this U.S. Caribbean territory. FBI agents on the scene were among those investigating what caused the blast, which struck around 12:30 a.m. ET, according to the police chief. A police helicopter that flew over the area confirmed that 11 of more than 30 tanks had exploded, he said. Firefighters were planning to chill the remaining tanks in an effort to keep them from exploding. Dozens of fuel trucks were also being moved from the area. The fuel company told authorities that all of its employees who were at the plant are safe, a firefighter said. A Federal Aviation Administration spokeswoman said the agency put a temporary flight restriction in place over the area because of smoke. The flames, which could be seen from miles away, intensified several hours after the explosion and the police chief said it would likely take several days to put out the fire. Environmental authorities urged nearby residents to keep their windows shut to avoid potentially dangerous smoke. Source: http://www.msnbc.msn.com/id/33445763/ns/world_news-americas/


 According to the Wall Street Journal, the Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found on October 23, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing. (See item 9)


9. October 23, Wall Street Journal – (International) China expands cyberspying in U.S., report says. The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing. The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are “straining the U.S. capacity to respond,” the report concludes. The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing trade with China, is made up largely of former U.S. government officials in the national security field. The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report. The analysts would not name the company described in the case study, describing it only as “a firm involved in high-technology development.” The report did not provide a damage assessment and did not say specifically who was behind the attack against the U.S. company. But it said the company’s internal analysis indicated the attack originated in or came through China. The report concluded the attack was likely supported, if not orchestrated, by the Chinese government, because of the “professional quality” of the operation and the technical nature of the stolen information, which is not easily sold by rival companies or criminal groups. The operation also targeted specific data and processed “extremely large volumes” of stolen information, the report said. Attacks like that cited in the report hew closely to a blueprint frequently used by Chinese cyberspies, who in total steal $40 billion to $50 billion in intellectual property from U.S. organizations each year, according to U.S. intelligence agency estimates provided by a person familiar with them. In the highly organized cyberspy scheme that drained valuable research and development information from a U.S. company, the report said, the hackers “operated at times using a communication channel between a host with an [Internet] address located in the People’s Republic of China and a server on the company’s internal network.” Source: http://online.wsj.com/article/SB125616872684400273.html


Details

Banking and Finance Sector

11. October 23, Kansas City infoZine News – (New York) SEC charges New York broker for manipulating stock prices through fake press releases and internet postings. The Securities and Exchange Commission (SEC) on October 23 charged a securities broker from Merrick, New York, with securities fraud for repeatedly creating and then distributing fake press releases to manipulate the stock prices of multiple publicly traded companies. The SEC alleges that a registered representative of New York stock brokerage firm Global Arena Capital Corporation purported to announce good news regarding the companies, including that Google was buying one of them at a substantial premium. He then posed as an investor on Internet message boards, touting the announcements he had fabricated. In one instance, his scheme caused the stock price to increase by nearly 80 percent within a few hours of the issuance of his phony press release. Source: http://www.infozine.com/news/stories/op/storiesView/sid/38094/


12. October 23, KPHO 5 Phoenix – (National) Fraud reported in homebuyer program. A Treasury Department audit found thousands of taxpayers have filed fraudulent claims for the First-Time Homebuyer Tax Credit. The audit found 70,005 examples of claimants who appear not to be first-time buyers applying for the $8,000 credit. The audit also found 19,351 tax returns on which taxpayers claimed the credit for a home they had not yet purchased, costing the government $139 million. Auditors blamed the IRS for the abuse. The audit says the agency should have required taxpayers to provide documentation they bought a home. They also said the IRS failed to review forms homeowners did fill out. It appears 3,238 illegal immigrants applied for the credit. The audit also found 582 children under 18, including some as young as 4 years old, claimed to be homebuyers. Source: http://www.kpho.com/money/21399505/detail.html


Information Technology


35. October 23, The Register – (International) Botnet click fraud at record high. Malware-infected computers are increasingly being used to perpetrate click fraud, according to a study released on October 22 that found their contribution was the highest since researchers began compiling statistics on the crime. In the third quarter of this year, 42.6 percent of fraudulent clicks were generated by computers that were part of botnets, compared with 36.9 percent the previous quarter and about 27.6 percent in the same period of 2008. The increase comes as criminals trying to profit from click fraud take advantage of new advances in malware that make the practice harder to detect. “As the botnets get more sophisticated, they’re able to perpetrate more click fraud,” said the CEO of Click Forensics, the advertising auditing firm that prepared the report. “They’re finding new ways of being distributed, and that’s reflected in the data.” The jump in botnet use over the past year comes as the overall amount of click fraud dropped, from 16 percent of all paid ads in Q3 of 2008 to 14.1 percent last quarter. That means manual forms of click fraud, in which large numbers of individuals engage in the practice, has decreased by an even larger margin. Many of those people get paid to knowingly gin the advertising results, while others are tricked into it. Source: http://www.theregister.co.uk/2009/10/23/botnet_generated_click_fraud/


36. October 22, KPIX 5 San Fransisco – (California) Security flaws discovered in Calif. EDD website. A serious security breach was discovered on October 22 concerning the CalJOBS website. The state-run web site may be putting hundreds of thousands of Californians at risk of identity theft. To get unemployment benefits in California you have to post your resume on CalJOBS. “I filled out my employment history and I saved it,” said an unemployed person, who bookmarked it for future reference. The problem emerged when users attempted to access their accounts. Instead of seeing their own personal information, they were seeing someone different. “I saw someone else’s information. I saw their name, where they live, their email, their phone number. I was shocked, really,” said the unemployed person.”Resumes are really fantastic tools for identity theft, because you get a person’s name, you get their home address and you get a lot of information about them, so you can impersonate them much more easily,” an expert with the World Privacy Forum said. Three quarters of a million people in California use the website in order to find employment and to collect unemployment benefits. Source: http://cbs5.com/local/caljobs.security.breach.2.1265861.html


37. October 22, DarkReading – (International) Major secure email products and services miss spear-phishing attack. A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of a very well known philanthropist which landed successfully in users’ inboxes. The CEO of PacketFocus sent a spoofed LinkedIn email to users in different organizations who had agreed to participate in his test. He was able to get his spoofed message through 100 percent of the time and across a wide variety of major email products and services, including smartphone email tools. The CEO will not name names yet, he is contacting the affected vendors first, but says he even tried it on willing vendors and was successful. “I tested [this on] six different enterprise networks using the latest email security technology from most of the major vendors, and not a single one picked up on the spoofed email,” he says. He has written a white paper on the attack and plans to reveal the vendors in the test after he has contacted them and received their responses. The CEO says he tested 10 different combinations of email security appliances, services, and open-source and commercial products; four major client email products; and three major smartphone brands. The problem is that most anti-phishing technology is built to catch large-scale phishing attacks, but not the insidious and dangerous small, targeted ones. “If it’s small-scale, the technology definitely can’t stop it,” he says. “When the attacks get into the hundreds, it starts triggering [the security],” he says. Source: http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=220900191


For another story, see item 9, below.


9. October 23, Wall Street Journal – (International) China expands cyberspying in U.S., report says. The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing. The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are “straining the U.S. capacity to respond,” the report concludes. The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing trade with China, is made up largely of former U.S. government officials in the national security field. The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report. The analysts would not name the company described in the case study, describing it only as “a firm involved in high-technology development.” The report did not provide a damage assessment and did not say specifically who was behind the attack against the U.S. company. But it said the company’s internal analysis indicated the attack originated in or came through China. The report concluded the attack was likely supported, if not orchestrated, by the Chinese government, because of the “professional quality” of the operation and the technical nature of the stolen information, which is not easily sold by rival companies or criminal groups. The operation also targeted specific data and processed “extremely large volumes” of stolen information, the report said. Attacks like that cited in the report hew closely to a blueprint frequently used by Chinese cyberspies, who in total steal $40 billion to $50 billion in intellectual property from U.S. organizations each year, according to U.S. intelligence agency estimates provided by a person familiar with them. In the highly organized cyberspy scheme that drained valuable research and development information from a U.S. company, the report said, the hackers “operated at times using a communication channel between a host with an [Internet] address located in the People’s Republic of China and a server on the company’s internal network.” Source: http://online.wsj.com/article/SB125616872684400273.html


Communications Sector

38. October 22, Bellingham Herald – (Washington) Phone service restored at Whatcom County’s flu call center. Phone and Internet services for Bellingham and Whatcom County government - including the countywide call center for flu clinics - have been restored after going down for a little over an hour starting at 1 p.m. on October 22. Officials said the service went down because of an internal electrical fault at Bellingham-based FiberCloud Data Center, a major Internet service provider for a wide range of local and regional businesses. The city of Bellingham has some of its network computer and phone systems housed at FiberCloud. When FiberCloud’s power went out, no calls could get into or out of city offices, and its Internet, e-mail and intranet were down. E-mail and Internet services for Whatcom County government also was down, but its phones were working because they are on a separate internal system. Phone calls into the center, which is located in a city of Bellingham facility, to set up appointments for two mass vaccination clinics for the H1N1 flu also couldn’t get through. Internet and phone service were restored around 2:15 p.m. Source: http://www.bellinghamherald.com/latestheadlines/story/1125655.html