Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 27, 2009

Complete DHS Daily Report for November 27, 2009

Daily Report

Top Stories

 According to the Associated Press, Toyota Motor Corp. said on November 25 it will replace accelerator pedals on 3.8 million recalled vehicles in the United States to address problems with the pedals becoming jammed in the floor mat. As a temporary step, Toyota will have dealers shorten the length of the gas pedals beginning in January while the company develops replacement pedals for their vehicles, the Transportation Department and Toyota said. (See item 8)

8. November 25, Associated Press – (National) Toyota to replace 3.8 million gas pedals. Toyota Motor Corp. said on November 25 it will replace accelerator pedals on 3.8 million recalled vehicles in the United States to address problems with the pedals becoming jammed in the floor mat. As a temporary step, Toyota will have dealers shorten the length of the gas pedals beginning in January while the company develops replacement pedals for their vehicles, the Transportation Department and Toyota said. New pedals will be available beginning in April, and some vehicles will have brake override systems installed as a precaution. Toyota, the world’s largest automaker, announced the massive recall in late September and told owners to remove the driver’s side floor mats to prevent the gas pedal from potentially becoming jammed. Popular vehicles such as the Toyota Camry, the top-selling passenger car in America, and the Toyota Prius, the best-selling gas-electric hybrid, are part of the recall. It includes the 2007-10 model year Camry, 2005-10 Toyota Avalon, 2004-09 Prius, 2005-10 Toyota Tacoma, 2007-10 Toyota Tundra, 2007-10 Lexus ES350 and 2006-10 Lexus IS250/350. The recall involving the accelerators was Toyota’s largest in the U.S. It was prompted by a high-speed crash in August involving a 2009 Lexus ES350 that killed a California Highway Patrol officer and three members of his family near San Diego. The Lexus hit speeds exceeding 120 mph, struck a sport utility vehicle, launched off an embankment, rolled several times and burst into flames. To fix the problem, Toyota and the government said dealers will shorten the length of the accelerator pedal on the recalled vehicles and in some cases remove foam from beneath the carpeting near the pedal to increase the space between the pedal and the floor. They said owners of the ES350, Camry and Avalon would be the first to receive notification because the vehicles are believed to have the highest risk for pedal entrapment. Source:

 The IDG News Service reports that a 32-year-old California man has pleaded guilty on November 20 to charges that he sold thousands of counterfeit chips to the U.S. Navy. (See item 11)

11. November 24, IDG News Service – (National) Man pleads guilty to selling fake chips to US Navy. A 32-year-old California man has pleaded guilty to charges that he sold thousands of counterfeit chips to the U.S. Navy. In a plea agreement reached on Friday, a Newport Coast, California man pleaded guilty to conspiracy and counterfeit-goods trafficking for his role in an alleged chip-counterfeiting scam that ran between 2007 and 2009. The man, his wife, and her brother operated several microchip brokerage companies that imported chips from Shenzhen, in China’s Guangdong province. They would buy counterfeit chips from China or else take legitimate chips, sand off the brand markings and melt the plastic casings with acid to make them appear to be of higher quality or a different brand, the U.S. Department of Justice said in a press release. Source:


Banking and Finance Sector

13. November 24, KTVB 7 Boise – (Idaho) Text message scam targeting bank customers. Nampa, Idaho, officers say a text message scam is circulating that claims to be an “emergency notification” concerning their bank account – and tries to get the victim to call a toll-free number. When someone calls, they are solicited for account information or charged an extreme amount of money for making the call itself. Police say that the latest round is targeting customers of Mountain Gem Credit Union. Police warn you to ignore the text, and not to give any information out unless you are sure where it is going. If you have questions, you are advised to call your local bank branch. Source:

14. November 24, DarkReading – (International) CSI annual report: financial fraud, malware on the increase. Malware and financial fraud were among the chief “growth threats” posed to businesses in 2009, according to a new study from the Computer Security Institute that will be published next week. CSI’s 14th annual security survey, which will be distributed in conjunction with a free December 1 Webcast, covers a wide range of issues related to security management, including current threats, data loss statistics, and trends in technology usage. Respondents reported big jumps in the incidence of financial fraud (19.5 percent, over 12 percent last year); malware infection (64.3 percent, over 50 percent last year); denials of service (29.2 percent, over 21 percent last year), password sniffing (17.3 percent, over 9 percent last year); and Web site defacement (13.5 percent, over 6 percent last year). The survey showed significant dips in wireless exploits (7.6 percent, down from 14 percent in 2008), and instant messaging abuse (7.6 percent, down from 21 percent). “The financial fraud was a major concern because the cost of those incidents is so high,” says Sara Peters, senior editor at CSI and author of this year’s report. Financial fraud costs enterprises approximately $450,000 per incident, according to the study. While financial fraud costs rose in 2009, average losses due to security incidents of all types are down this year — from $289,000 per respondent to $234,244 per respondent, CSI says. Those numbers are still higher than 2005 and 2006 figures. Twenty-five percent of respondents stated the majority of their financial losses in the past year were due to nonmalicious actions by insiders. Source:

Information Technology

27. November 24, Department of Justice – (Florida) Former United Way employee sentenced for damaging charity’s computer network. The acting United States attorney for the Southern District of Florida, and the Special Agent in Charge, Federal Bureau of Investigation, Miami Field Office, announced the sentencing of a defendant on charges of computer fraud. On November 24, a U.S. district court judge sentenced the defendant to 18 months’ imprisonment, to be followed by three years of supervised release. In addition, the Court ordered him to pay more than $50,000 in restitution. According to documents filed with the Court, the defendant was a former employee of United Way of Miami-Dade (“UWMD”). He was employed as a computer specialist from July to December 2007. Approximately one year after he left UWMD’s employ, the defendant accessed United Way’s network without authorization. He deleted numerous files from UWMD’s servers and disabled UWMD’s telephone voice mail system, which prevented callers from leaving messages for UWMD and prevented UWMD employees from accessing their voice mail accounts. The defendant pled guilty to computer fraud on September 16, 2009. Source:

28. November 24, GAO Info – (National) FBI puts cyber threats in perspective. The FBI considers the cyber threat against our nation to be one of the greatest concerns of the 21st century. Despite the enormous advantages of the Internet, U.S. networked systems have a gaping and widening hole in the security posture of both our private sector and government systems. An increasing array of sophisticated state and non-state actors have the capability to steal, alter or destroy our sensitive data and, in the worst of cases, to manipulate from afar the process control systems that are meant to ensure the proper functioning of portions of our critical infrastructure. Moreover, the number of actors with the ability to utilize computers for illegal, harmful, and possibly devastating purposes continues to rise. When assessing the extent of the cyber threat, the FBI considers both the sophistication and the intent of U.S. adversaries. The most sophisticated actors have the ability to alter our hardware and software along the global supply chain route, conduct remote intrusions into our networks, establish the physical and technical presence necessary to re-route and monitor our wireless communications, and plant dangerous insiders within our private sector and government organizations. The actors that currently have all of these capabilities - which is a finding that is distinct from whether and when they are using them - include multiple nation states and likely include some organized crime groups. The FBI has not yet seen a high level of end-to-end cyber sophistication within terrorist organizations. Still, the FBI is aware of and investigating individuals who are affiliated with or sympathetic to al-Qaeda who have recognized and discussed the vulnerabilities of the U.S. infrastructure to cyber attack, who have demonstrated an interest in elevating their computer hacking skills, and who are seeking more sophisticated capabilities from outside of their close-knit circles. Should terrorists obtain such capabilities, they will be matched with destructive and deadly intent. Source:

For another story, see item 29 below

Communications Sector

29. November 24, IDG News Services – (International) Palm, Sprint pursue lost data from Pre, Pixi. Palm and Sprint are trying to solve problems some users have had moving data from one Palm webOS device to another, a task that has caused some to lose contacts and calendar entries, according to blogs and online user comments. Users of the Palm Pre and Pixi, the first two devices to run Palm’s webOS, can back up contacts, calendar entries, tasks and memos to an online Palm Profile. From that password-protected Web page, they can synchronize that data to another webOS device over the air if they have to change phones for any reason. Normally, one copy of that data resides on the handset and the other in the user’s Palm Profile on Palm’s servers. But some users who have had to replace or reset their webOS devices have found large amounts of their information missing and apparently irretrievable, according to a post last week on the Palm-oriented blog Pre Central. Several people posted comments on the item, describing data losses. Palm said in a statement it is working with Sprint to solve the problems those users are having. “We are seeing a small number of customers who have experienced issues transferring their Palm Profile information to another Palm webOS device,” the company said. “Palm and Sprint are working closely together to support these customers to successfully transfer their information to the new device.” It’s not the first glitch in online backup for mobile phones. Last month, many users of the T-Mobile Sidekick phone from Microsoft’s Danger division lost contacts, photos and other data permanently after a server failure. The incidents could raise concerns among consumers about relying on network-based synchronization instead of backing up data to their own PCs or Macs. Source: