Department of Homeland Security Daily Open Source Infrastructure Report

Monday, December 28, 2009

Complete DHS Daily Report for December 28, 2009

Daily Report

Top Stories

 The Associated Press reports that a man who held three people for more than eight hours December 23 inside a Wytheville, Virginia post office surrendered to police after freeing the hostages unharmed. Dozens of SWAT members surrounding the building did not have to fire a shot. (See item 25)


25. December 24, Associated Press – (Virginia) Man in wheelchair surrenders after Va. hostage standoff. A disabled man in a wheelchair who authorities say held three people for more than eight hours inside a small-town Virginia post office surrendered to police after freeing the hostages unharmed. The suspect, from Sullivan County, Tennessee, was being questioned and authorities did not have a motive, a police spokesman said. The suspect was scheduled to appear in federal court in Roanoke at 9:30 a.m. Thursday. The standoff began at about 2:30 p.m. Wednesday after the suspect, who has an artificial leg, pushed the wheelchair into the one-story post office in the mountain town of Wytheville in western Virginia, state police said. Shots were fired soon after the suspect entered the building, but no one was injured and at least two of the hostages were able to call family or friends. About 8 hours later, authorities ordered the suspect to come out. The three hostages walked out first and the suspect followed, this time sitting in the wheelchair. Dozens of SWAT members surrounding the building did not have to fire a shot. Source: http://www.usatoday.com/news/nation/2009-12-23-virginia-hostage_N.htm?loc=interstitialskip


 According to the Wall Street Journal, multiple Internet sites were temporarily disrupted for some Web users after Neustar Inc., the company that provides them directory service with UltraDNS, suffered a “denial of service” attack before Christmas. Sites included those run by Amazon.com Inc. (See item 45 below in the Information Technology Sector)


Details

Banking and Finance Sector

25. December 24, Associated Press – (Virginia) Man in wheelchair surrenders after Va. hostage standoff. A disabled man in a wheelchair who authorities say held three people for more than eight hours inside a small-town Virginia post office surrendered to police after freeing the hostages unharmed. The suspect, from Sullivan County, Tennessee, was being questioned and authorities did not have a motive, a police spokesman said. The suspect was scheduled to appear in federal court in Roanoke at 9:30 a.m. Thursday. The standoff began at about 2:30 p.m. Wednesday after the suspect, who has an artificial leg, pushed the wheelchair into the one-story post office in the mountain town of Wytheville in western Virginia, state police said. Shots were fired soon after the suspect entered the building, but no one was injured and at least two of the hostages were able to call family or friends. About 8 hours later, authorities ordered the suspect to come out. The three hostages walked out first and the suspect followed, this time sitting in the wheelchair. Dozens of SWAT members surrounding the building did not have to fire a shot. Source: http://www.usatoday.com/news/nation/2009-12-23-virginia-hostage_N.htm?loc=interstitialskip


Information Technology


45. December 24, Wall Street Journal – (National) Attack disrupts Web sites. Multiple Internet sites, including those run by Amazon.com Inc., were temporarily disrupted for some Web users after a company that provides them directory services suffered what it called a “denial of service” attack. Neustar Inc., which runs the UltraDNS service that helps process the connections between individual computers and Web sites, says the disruption lasted about an hour and only affected Web users in Northern California. The company said it began to notice an unusual spike in traffic on its servers at about 7:45 p.m. Eastern Time, which led to the outage. “Immediately we identified it and put mitigation measures into effect,” said a Neustar spokesman. The attack caused Web users in Silicon Valley and other parts of Northern California to get either an error message or delayed response when trying to access a site that uses the directory service from UltraDNS. The spokesman said the company is still investigating the source of the attack. He said the attack “was not focused on one particular site or another.” But he declined to name the companies that were affected. Though limited geographically, the disruption came during the final hours of online shopping in the crucial holiday season. Besides affecting sites that serve their customers directly, the attack underscores the risks as companies increasingly outsource computing tasks to be managed by other vendors. A site run by Amazon that tracks availability of its Web services reported that “some customers in the West Coast are experiencing issues with resolving DNS. A spokeswoman for Salesforce.com Inc., which provides online software for businesses, said that the company also experienced an hour-long service interruption. Source: http://online.wsj.com/article/SB10001424052748703521904574615032671717354.html?mod=WSJ_hpp_MIDDLTopStories


46. December 23, DarkReading – (International) Facebook hit by clickjacking attack. Facebook is cleaning up after a clickjacking attack that infiltrated the social networking site this week — and security experts say this will not be the last such attack. Clickjacking, in which an attacker slips a malicious link or malware onto a legitimate Web page that appears to contain normal content, is an emerging threat experts have been warning about. The attack on Facebook was in the form of a comment on a user’s account with a photo that lured the victim to click on it. The embedded link took the victim to a Web page that presented like a CAPTCHA or Turing test, and asked the user to click on a blue “Share” button on the Facebook page. Once clicked, the victim is redirected to a YouTube video, and then the same post shows up on the victim’s account and thus tries to infect his or her friends. Security experts say the attack appeared to be more of a prank or trial balloon, and it affects only Firefox and Chrome browsers, according to a security expert who blogged about the attack the week of December 14. Facebook has now blocked the URL to the malicious site, fb.59.to. “This problem isn’t specific to Facebook, but we’re always working to improve our systems and are building additional protections against this type of behavior. We’ve blocked the URL associated with this site, and we’re cleaning up the relatively few cases where it was posted — something email providers, for example, can’t do,” a Facebook spokesperson says. Source: http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=222100098


47. December 23, IDG News Service – (International) Hackers hit OpenX ad server in Adobe attack. Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week. The attackers are taking advantage of a pair of bugs in the OpenX advertising software to login to advertising servers and then place malicious code on ads being served on the sites. On December 21, cartoon syndicator King Features said that it had been hacked the week of December 14, because of the OpenX bugs. The company’s Comics Kingdom product, which delivers comics and ads to about 50 Web sites, was affected. Another OpenX user, the Ain’t It Cool News Web site, was reportedly hit with a similar attack the week of December 14. OpenX said that it was aware of “no major vulnerabilities associated with the current version of the software – 2.8.2 – in either its downloaded or hosted forms,” in an e-mailed statement. At least one OpenX user believes that the current version of the product may be vulnerable to part of this attack, however. In a forum post, a user said that he was hacked while running an older version of the software, but that the current (2.8.2) version is also vulnerable. “If you are running a current, unmodified release of OpenX, it is possible to anonymously log in to the admin site and gain administrator-level control of the system,” he wrote. When researchers at Praetorian Security Group looked at the Adobe attack, it did not leverage the unpatched Adobe bug, said a partner with the security consultancy. Instead, the attack marshalled an assortment of three different Adobe exploits, he said. “We’re seeing no evidence that it’s the 0day that will be patched by Adobe in January.” Source: http://www.computerworld.com/s/article/9142643/Hackers_hit_OpenX_ad_server_in_Adobe_attack?taxonomyId=17&pageNumber=1


Communications Sector

48. December 24, WTOV 9 Steubenville – (Ohio) Thieves knock out phone service to hundreds of local residents. Hundreds of AT&T customers were without landline telephone service after thieves stole 1,200 telephone wires over Wednesday night. The theft happened near Tweed Avenue in Jefferson County. Crews on Thursday were still trying to local a replacement wire but said they do not know if it will arrive in time to fix the lines for Christmas. The theft is the fourth time copper wire has been stolen in the area in the last 1 1/2 years. Source: http://www.wtov9.com/news/22053958/detail.htm

For another story, see item 45 above in the Information Technology Sector