Department of Homeland Security Daily Open Source Infrastructure Report

Monday, November 16, 2009

Complete DHS Daily Report for November 16, 2009

Daily Report

Top Stories

 Global Security Newswire reports that while the U.S. government and the atomic energy industry are confident that the country’s nuclear power plants are safe from any terrorist attack, critics caution that there are holes in those defenses. (See item 6)

6. November 12, Global Security Newswire – (National) Concerns raised over terrorism threat to nuclear plants. While the U.S. government and the atomic energy industry are confident that the country’s nuclear power plants are safe from any terrorist attack, critics caution that there are holes in those defenses, CNN reported November 12. “The protection level at nuclear power reactors is not anywhere near that required,” said a Princeton University nuclear physicist. “The utilities are unwilling to spend the money and the Nuclear Regulatory Commission, which is basically under the thumb of the utilities, is not willing to make them.” The September 11 attacks increased fears that terrorists might try to initiate a nuclear meltdown by flying an airplane into a nuclear facility and crashing it against a reactor. A 1980s report by the U.S. Government’s Argonne National Laboratory had highlighted the risks of such an event occurring. The U.S. Government plays down the likelihood of such an event. A terrorist would find it extremely hard to overcome airport security and hijack an airplane, avoid military fighter aircraft and hit a plant that is significantly smaller than the World Trade Center buildings or Pentagon, officials say. Nuclear power plants also have concrete reinforcements around their reactors, and an attack would not create an explosive-like detonation. It would take hours, possibly days, for a nuclear meltdown to occur. That is enough time, authorities say, to remove people from the surrounding area. Source:

 According to SCMagazine, although a number of trusted sources continually decry the vulnerabilities present in web applications, this vector remains the primary avenue of attack for cybercriminals, according to a WhiteHat Website Security Statistics Report released on on November 12. (See item 36 In the Information Technology Sector below)


Banking and Finance Sector

14. November 1, KOCO 5 Oklahoma City – (Oklahoma) State warns about credit card scam. The Oklahoma Attorney General’s Office is issuing a warning about scam artists who are trying to steal credit card numbers. Scammers are receiving text messages that alert users that their credit card has been deactivated and giving them a number to call to reactivate it. The Oklahoma Attorney General’s Office said the message is coming from a scammer, not a bank. Source:

15. November 13, St. Louis Post-Dispatch – (National) Digg Yahoo! Facebook Reddit Drudge Google Fark logo Fark Stumble It! Prosecutors seek to seize properties tied to Iranian bank. Federal authorities on Thursday moved to seize a wide array of U.S.-based properties, bank accounts and religious sites that they charge in court documents are funneling money to an Iranian bank involved in that country’s alleged nuclear weapons program. Prosecutors sought the forfeiture of Islamic centers containing mosques and schools in California, Maryland, New York City and Houston, as well as 100 acres of land in Virginia. The U.S. attorney’s office in New York stressed that “no action has been taken against any tenants or occupants of those properties.” They also took steps to seize financial control of a 36-story office tower at 650 Fifth Avenue in Manhattan that they say is part of a business empire controlled by the Alavi Foundation, which it alleges has been illegally “providing numerous services to the Iranian Government,” including a large amount of money. The properties and bank accounts being sought by the federal government in a civil lawsuit are worth more than $500 million, and represent one of the largest attempted seizures of alleged assets linked to Iran. Source:

16. November 13, Agence France-Presse – (New York) FBI probes potential billion dollar Ponzi scheme. The FBI is investigating a prominent Florida lawyer suspected of organizing a Ponzi scheme that may have defrauded investors of more than a billion dollars, the agency said. “I estimate that this scheme could well exceed one billion dollars,” the agent in charge of the FBI’s Miami office, said at a news conference here. In Ponzi schemes, investors typically are lured by an appearance of high returns to put money into a fund or some other investment. New money coming into the fund is used to sustain the returns until the scheme collapses of its own weight. The FBI and the Internal Revenue Service issued a statement asking investors in Rothstein Structured Settlement Investment or others with pertinent information to come forward in order to establish the scope of the fraud. Source:

17. November 13, IDG News Service – (International) Spam campaign targets payment transfer system. A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters. The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH). ACH is a widely used but aging system used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. In 2002, ACH was used for nearly 9 billion [b] transactions worth more than US $24.4 trillion. Over the last few months, many businesses have lost money through ACH fraud, primarily when fraudsters obtain the authentication credentials required to transfer money. In many cases, significant portions of the fraudulent transfers are never recovered, and businesses are on the hook with their bank. NACHA has no direct involvement in the processing of the payments, but spammers have nonetheless launched a spam campaign with messages purporting to be from the organization saying that an ACH payment has been rejected. The spam messages have a link to a fake Web site that looks like NACHA’s. The site asks the victim to download a PDF file, but it is actually an executable. If launched, the executable will install Zbot, also known as Zeus, an advanced piece of banking malware that can harvest the authentication details required to initiate an ACH transaction, according to M86 Security. The spam campaign is coming from the Pushdo botnet, M86 said on its blog. Source:

Information Technology

35. November 12, ComputerWorld – (International) Flash flaw puts most sites, users at risk, say researchers. Hackers can exploit a flaw in Adobe’s Flash to compromise nearly every Web site that allows users to upload content, including Google’s Gmail, then launch silent attacks on visitors to those sites, security researchers said on November 12. Adobe did not dispute the researchers’ claims, but said that Web designers and administrators have a responsibility to craft their applications and sites to prevent such attacks. The problem lies in the Flash ActionScript same-origin policy, which is designed to limit a Flash object’s access to other content only from the domain it originated from, added a senior security researcher at Foreground. Unfortunately, said the researcher, if an attacker can deposit a malicious Flash object on a Web site — through its user-generated content capabilities, which typically allow people to upload files to the site or service — they can execute malicious scripts in the context of that domain. “This is a frighteningly bad thing,” the researcher said. “How many Web sites allow users to upload files of some sort? How many of those sites serve files back to users from the same domain as the rest of the application? Nearly every one of them is vulnerable.” Source:

36. November 12, SCMagazine – (International) Study finds 64 percent of websites contain serious flaws. While a number of trusted sources continually decry the vulnerabilities present in web applications, this vector remains the primary avenue of attack for cybercriminals, according to a WhiteHat Website Security Statistics Report released on on November 12. Despite metrics that substantiate the claims and any number of security best practices recommendations, many organizations, particularly those building custom web applications, are at risk, says the report, which measured data collected from January 1, 2006 to October 1, 2009, across more than 1,300 websites. The problem is exacerbated because it is not possible to patch against custom web application software, such as that used by big e-commerce sites, the founder and CTO of WhiteHat, told And that, he said, includes the vast majority of sites. The amount of time it takes to repair a vulnerability once discovered is also an issue for those charged with maintaining network security. According to the WhiteHat report: “The time to fix should be as short as possible because an open vulnerability represents an opportunity for hackers to exploit the website, but no remedy is instantaneous.” But, the good news is that more organizations are repairing the technical issues associated with these threats. Source:

37. November 12, ComputerWorld – (International) Apple issues week’s second patch set, fixes 7 Safari flaws. Apple on November 11 issued its second security update in three days, patching seven vulnerabilities in Safari, including one in the Windows version that the company fixed two months ago for most Mac users. But unlike the operating system security update issued on November 9 , which did not deliver patches for Mac OS X 10.4, aka Tiger, the November 11 upgrade applies to users running Safari on that 2005 operating system. Apple traditionally stops providing security updates for its oldest still-supported OS several months after the release of a new edition, but apparently will continue supporting Safari on Tiger. Of the seven holes that Safari 4.0.4 plugs, six apply to the little-used Windows version of the browser, six affect Tiger, but just three impact Mac OS X 10.5 and 10.6, Leopard and Snow Leopard , respectively. Only two of the vulnerabilities were accompanied by Apple’s “may result in arbitrary code execution” phrasing, its way of noting that the bugs are serious and if exploited, could let attackers hijack a machine. Both of those critical vulnerabilities affect the Windows edition of Safari only. Source:

38. November 11, Info World – (National) Hackers will exploit Windows kernel bug. Hackers will quickly jump on one of the 15 vulnerabilities Microsoft patched Tuesday to build attack code that infects Internet Explorer users, security researchers agreed today. The bug, which Microsoft patched as part of a record-tying security update for the month of November, is in the Windows kernel, the heart of the operating system. The kernel improperly parses EOT (Embedded OpenType) fonts, a compact form of fonts designed for use on Web pages that can also be used in Microsoft Word and PowerPoint documents. Microsoft rated the flaw as “critical,” its highest threat rating, and gave the bug an exploitability ranking of “1,” which means it expects a working exploit to appear in the next 30 days. Source:

Communications Sector

39. November 12, IDG News Services – (National) Telecom experts worry about Net neutrality rules. Net neutrality rules proposed by the U.S. Federal Communications Commission (FCC) could slow down improvements to the nation’s broadband networks, some telecom experts said Thursday. But others speaking at an Institute for Policy Innovation (IPI) forum in Washington, D.C., said they believed the FCC could find the right balance between protecting broadband consumers and allowing new telecom business models, while allowing broadband providers to manage their networks against congestion, malware and illegally shared copyright materials. The proposed rules would prohibit broadband providers from selectively blocking or slowing legal Web content and services, while allowing them to engage in “reasonable” network management. Some speakers at the event worried about how the FCC will define reasonable network management, with no definition in a notice of proposed rulemaking released by the FCC in October. With new rules potentially on the way, broadband providers may be reluctant to invest new money in their networks, added the co-chairman of Arts+Labs, an Internet content advocacy group. Source: