Department of Homeland Security Daily Open Source Infrastructure Report

Monday, December 7, 2009

Complete DHS Daily Report for December 7, 2009

Daily Report

Top Stories

 According to the Associated Press, a fire in the basement of the DuPont chemical plant in Fort Madison, Iowa caused about $30,000 to $40,000 in damage on December 3. The building was evacuated. (See item 3)

3. December 4, Associated Press – (Iowa) Fire damage to cost more than $30,000 at Iowa chemical plant. A fire in the basement of a Fort Madison chemical plant caused thousands of dollars in damage and the building was evacuated. No one was injured in the fire at the DuPont plant on Thursday morning. Investigators say the factory suffered about $30,000 to $40,000 in damage. Employees first reported the fire in the basement and shipping area of the plant, which makes colorants and pigmented inks for digital printing systems. The Fort Madison fire chief says employees cutting metal for maintenance likely set fire to the wooden floor framing accidentally. Source:,0,119783.story

 The Associated Press reports that backpacks have been banned and eight students have been suspended from Keyser Primary-Middle School in Mineral County, West Virginia after bomb threats disrupted class four days in a row the week of November 30. Police are also investigating a bomb threat at Keyser High School. (See item 33)

33. December 4, Associated Press – (West Virginia) Bomb threats disrupt week of class at W.Va. school. Backpacks have been banned and eight students suspended from Keyser Primary-Middle School after bomb threats disrupted class four days in a row. Police are also investigating a Wednesday bomb threat at Keyser High School that canceled a basketball game. Backpacks also have been banned from that school. The Mineral County Schools superintendent says administrative hearings for the students have been scheduled for December 15. The students are also facing criminal charges. Since the students are juveniles, their names are not being released. Bomb threats at the primary-middle school disrupted class and prompted police searches from Monday through Thursday the week of November 30. Source:


Banking and Finance Sector

18. December 3, IDG News Service – (International) Two sentenced to prison for online money laundering. Two Bulgarians have been sentenced for their roles in an online money-laundering scheme that collected about $1.2 million from U.S. residents and sent it to a criminal group in Eastern Europe, the U.S. Department of Justice (DOJ) said. The two used eBay and other Web sites to advertise expensive vehicles and boats they did not own, the DOJ said. The two defendants and co-conspirators ran the scheme from about July 2005 to May 2006, the DOJ said in a news release. When victims expressed interest in the vehicles or boats, they were contacted directly by an e-mail from a purported seller, the DOJ said. The victims were then instructed to wire transfer payments through eBay Secure Traders, an entity with no affiliation to eBay. EBay Secure Traders was supposedly an escrow account service, but instead, the victims’ funds were wired directly into bank accounts in Hungary, Slovakia, the Czech Republic and Greece that were controlled by the two and their co-conspirators. Both were sentenced in U.S. District Court in the District of Columbia on December 2. Source:

19. December 2, Reuters – (International) Who’s afraid of high-frequency trading? High-frequency trading now accounts for 60 percent of total U.S. equity volume, and is spreading overseas and into other markets. Yet critics worry fast trading may undermine the integrity of the U.S. equity market and could even spark another financial crisis. They question the amount of money high-speed traders make, especially after holding a stock for only a few seconds. They wonder what purpose such quick turnover serves. The market “is not trading on fundamentals anymore. It makes no sense, it’s very frustrating for traders,” said the director of floor trading at NYSE member Kabrik Trading. “It’s all programs.” But high-frequency traders point to last year’s steep sell-off as proof of their value in helping the market run smoothly. While over-the-counter and other markets seized up, exacerbating the worst financial crisis since the Great Depression, fast traders continued to buy and sell shares. Proponents also laud computerized trading for eliminating the shady transactions that often occurred in the past when people were directly involved in trading. But many institutional money managers are uneasy about how the fast traders anticipate their transactions, and worry that there might be information leakage about their trading intentions. Critics fear an errant computer code, similar to the program trading behind the Black Monday crash of 1987, could engender another deep market plunge. With worries over systemic risk growing, the U.S. Securities and Exchange Commission has jumped into the fray. It has proposed a ban on so-called flash orders and wants to crack down on the scores of anonymous trading venues known as dark pools. The regulator plans to issue a report early next year that officials said would focus on whether markets reliant on high-frequency trading are more or less efficient for long-term investors, including those trading small- and mid-cap stocks. Source:

Information Technology

39. December 4, – (International) RIM warns of BlackBerry server risk from PDFs. Research in Motion (RIM) has issued a security alert warning of a new attack vector targeting its software. BlackBerry users are being warned about accessing PDF files after RIM discovered flaws in the BlackBerry Attachment Service used to send and read the files on mobile devices. “Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server,” the company said. “These vulnerabilities could enable a malicious individual to send an email containing a specially crafted PDF file which, when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to a denial of service condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server.” RIM has posted up several security updates to fix the flaws in its BlackBerry Enterprise Server and Professional software. As a workaround, RIM also suggests that users open PDF attachments only from trusted sources. “RIM has advised customers that it has removed PDF files from the list of allowed extensions as a stop-gap measure,” said a senior technology consultant at Sophos. “Of course, PDFs are widely used in business, so I can’t imagine that many firms will find that an acceptable solution for very long.” Source:

40. December 3, IDG News Service – (National) New study calls for cybersecurity overhaul in U.S. The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said. The alliance, in a report released on December 2, also called for permanent international cybersecurity collaboration centers, new security standards for VoIP (voice over Internet Protocol) communications and programs to educate corporate leaders about the benefits of enhanced cybersecurity efforts. Many groups have called for better information security education for students, but education for enterprise leaders is often overlooked, said the president and CEO of Direct Computer Resources, a data security products vendor. “At some point, almost every public official who addresses this subject stresses the need to train our kindergarten to 12th-graders on this topic,” he said. “In many instances, these officials also note the need to upgrade cyber expertise in the federal workforce. Something else is necessary.” The report, intended as a response to the U.S. President’s call in May for increased cybersecurity efforts, proposes to create more educational programs on risk management for C-level executives. ISA has already begun an education effort aimed at chief financial officers and other executives. The report as a whole focuses largely on changing the economics of cybersecurity with incentives and other programs. Source:

41. December 3, The Register – (International) Linux kernel cured of remote panic-attack bug. Developers of the Linux kernel have patched a bug that allowed attackers to remotely crash a machine by sending it malicious Wi-Fi signals. The flaw in the delBA handling of mac80211 has been fixed in version 2.6.32, the latest stable release of the Linux kernel. Various distributions of the open-source operating system have already acknowledged the issue and are expected to push out updates soon. Based on developer notes on the official Linux website, the vulnerability appears to have been introduced in February. The flaw stemmed from faulty code that called the BUG_ON macro before various checks were performed. That raised the possibility of NULL being passed to TX/RX_STOP parameter, which in turn caused a kernel panic. The end result: an attacker within Wi-Fi range of a vulnerable machine might be able to effectively shut it down. Source:

42. December 3, SCMagazine – (International) Microsoft slates six fixes for decade’s final Patch Tuesday. Microsoft on December 8 expects to push out six patches to address 12 vulnerabilities as part of its monthly security update, the company announced. The fixes — three are rated “critical,” the rest are labeled “important — will address bugs in Windows, Internet Explorer (IE) and Microsoft Office, according to an advance notification released on December 3. The update plans to address at least one known zero-day vulnerability, an issue impacting IE versions 6 and 7. Microsoft confirmed the flaw, rated critical on all Windows platforms except Server 2008, in an advisory it released late last month. “We know that customers are concerned about this issue, and we are also aware that proof-of-concept code is available publicly,” a senior security program manager at Microsoft wrote on November 30 in a blog post. Experts at Rapid7, a vulnerability management firm, said organizations should make this patch a priority. The other critical bulletins set to be released impact Windows and Microsoft Project, a project management software program for Office. Apparently not slated for repair is a zero-day vulnerability in the Server Message Block (SMB) protocol, according to an advisory released last month. The company said successful exploitation of the flaw, which affects Windows 7 and Server 2008 Release 2, can lead to a denial-of-service that results in a system crash — but not the injection of malicious code. Exploit code has been published, but Microsoft is not aware of any active attacks underway. Source:

43. December 3, IDG News Service – (International) With new attack released, Adobe to patch next week. Adobe Systems’ security response team is scrambling to fix a newly disclosed bug in its Illustrator software, even as it readies another security patch the week of December 7. On December 1, an unidentified hacker posted a proof of concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorized software on a victim’s computer. Adobe said on December 1 that it was investigating the attack, but it is not clear when the software company will fix the issue. For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post. Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue. However, the Adobe director of Product Security said on December 1 that his team has not yet confirmed that the attack could be used to install a virus on a computer. “We’ve been able to trigger a crash on at least one version and platform,” he said. “As soon as we get all of our details together we’ll do an advisory.” Security vendor Secunia says the flaw exists in Illustrator Creative Suite versions 13 and 14, and that other versions of the product may be affected. Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software on December 8. This update is not related to the Illustrator issue and had been previously scheduled, the director said. “As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player.” Source:

44. December 3, CNET News – (International) Defense Dept. pulls software over privacy issues. The Department of Defense has pulled a parental control product from its online store serving military families after learning that the company collects childrens’ data, according to documents the Electronic Privacy Information Center (EPIC) obtained from the government agency. EPIC has filed a complaint (PDF) with the Federal Trade Commission alleging that Echometrix, maker of FamilySafe parental control software, violates the Children’s Online Privacy Protection Act by collecting personal information from children and disclosing it to third parties for market intelligence purposes. Echometrix denies the allegations. After learning that the Defense Department’s Army and Air Force Exchange Service (AAFES) Web site offers the Echometrix product for sale, EPIC filed a Freedom of Information Act request with the Defense Department. The agency complied with the FOIA request. Among the documents provided to EPIC were e-mails between Echometrix and a manager at the AAFES Exchange Online Mall who wanted to know how customer information is collected and whether it is used for marketing purposes. Source:

For more stories, see items 37 below and 46 in the Communications Sector

37. December 3, CNSNews – (National) U.S. not fully prepared to stop cyber attacks, federal report says. A government audit found that the threat of cyber attacks on federal computer networks is increasing and that the United States is not entirely prepared to deal with the threat. The Government Accountability Office (GAO) in a November 17 report titled “Cybersecurity: Continued Efforts Are Needed to Protect Information Systems from Evolving Threats” said “reports of security incidents from federal agencies are on the rise, increasing by over 200 percent from fiscal year 2006 to fiscal year 2008.” Cyber attacks at the Department of Homeland Security during that time, for example, rose from 5,503 to 16,843, according to the report. The culprits include foreign nations, criminals, and hackers, the report says, entities that can use technology to “cross multiple state and national borders” to carry out an infiltration at high speed by “attacking a vast number of victims at the same time.” In so doing, attackers “can more easily remain anonymous,” said the GAO. These threats can be targeted at a specific system, or untargeted, which would be a virus, worm, or malicious software released on the Internet with no specific target. The lack of preparedness could hit home for the average American as “sensitive information, such as taxpayer data, Social Security records, medical records, intellectual property, and proprietary business information, could be inappropriately disclosed, browsed, or copied for purposes of identity theft, espionage, or other types of crime,” said the GAO. According to the report, “resources, such as federal payments and collections, could be lost or stolen,” and “computer resources could be used for unauthorized purposes or to launch attacks on other computer systems.” Further, the report states, “Critical operations, such as those supporting critical infrastructure, national defense, and emergency services, could be disrupted,” that “data could be added, modified, or deleted for purposes of fraud, subterfuge, or disruption,” and “agency missions could be undermined by embarrassing incidents that result in diminished confidence in the ability of federal organizations to conduct operations and fulfill their responsibilities.” The GAO found significant weaknesses at 23 of 24 major federal agencies it surveyed for the study. Source:

Communications Sector

45. December 4, PC World – (International) Microsoft Bing suffers outage. Microsoft’s Bing site was offline Thursday night. Bing suffered an outage and was offline for about half an hour Thursday. It was particularly bad timing for Microsoft, though, considering that it just unveiled an array of changes and updates and there has been a lot of attention focused on the beta rollout of the new Bing Maps. Users were unable to use Bing from around 6:30pm to 7:00pm (give or take 10 minutes on either side) Pacific time. Initially the site was simply unresponsive or returned partial search results. Eventually Microsoft published an error page explaining that the site was unavailable. Microsoft responded rather quickly and leveraged social networking tools like Twitter to communicate the current status with users. Microsoft’s senior vice president of the online services division wrote a blog post about the outage. The executive explained that “The cause of the outage was a configuration change during some internal testing that had unfortunate and unintended consequences.” Source:

46. December 3, Computerworld – (International) Flash storage should be a top data center priority, Gartner says. Flash-based storage will quickly become one of the most important technologies in the data center, Gartner, a global technology research company, said recently. Flash-based solid state memory is still 25 to 30 times more expensive than spinning disk drives on a per-gigabyte basis, and there are questions about its durability, but it carries several advantages over traditional storage devices, a Gartner analyst said at the research firm’s annual data center conference. “If you compare it to disk drives it’s a lot faster,” he said. “It’s small. It’s very rugged so you can put flash memory in something where a rotating disk drive would fail because of the shock.” There are technical limits that place a ceiling on the number of times you can rewrite data to a particular location with flash drives, but clever use of software that controls how, where and when data is written is extending product lifespan. “The reality today is you can create flash that lasts about as long as a real disk drive,” he said. “We’re really getting to the point where this is interesting.” The biggest strategic reason that flash is gaining prominence in the enterprise is that, for years, server processor speeds have improved exponentially while disk access speed has improved at slower rates. “The gap between the two keeps getting wider,” he said. Using RAM cache and other mechanisms can help eliminate performance penalties, but enterprises are still struggling with erratic application performance because of slow disk drives, he said. Flash should not replace disk on a one-to-one basis because of the cost, but applications can be sped up dramatically if files and bits that are critical to system performance are moved onto flash, he said. Flash was one of several products Gartner listed as among “the most important technologies in your data center future.” Source:

For another story, see item 41 above in the Information Technology Sector