Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, December 31, 2009

Complete DHS Daily Report for December 31, 2009

Daily Report

Top Stories

 Food Safety News reports that an E. coli outbreak tied to a nationwide recall of mechanically tenderized steaks is now linked to 21 illnesses in 16 states, according to public health officials. Oklahoma-based National Steak and Poultry announced last week it was initiating the recall. (See item 29)

29. December 30, Food Safety News – (National) E. coli outbreak expands to 16 states. An E. coli O157:H7 outbreak tied to a nationwide recall of mechanically tenderized steaks is now linked to 21 illnesses in 16 states, according to public health officials. Oklahoma-based National Steak and Poultry (NSP) announced last week it was initiating a recall of processed steak products after the Centers for Disease Control and Prevention (CDC) and the U.S. Department of Agriculture’s (USDA’s) Food Safety and Inspection Service (FSIS) identified a cluster of E. coli O157:H7 illnesses. According to the FSIS release, the outbreak is linked to illness in 6 states: Colorado, Iowa, Kansas, Michigan, South Dakota, and Washington, but a CDC spokeswoman confirmed this morning that 16 states are reporting E. coli cases tied to the outbreak. FSIS’s initial release also indicates that the product was distributed to restaurants across the country. According to NSP the product was distributed to Moe’s Southwest Grill, Carino’s Italian Grill, and KRM restaurants located primarily in the 6 states initially connected to the outbreak. Neither the CDC nor FSIS has released a complete list of states involved in the outbreak. There are 10 states with illnesses connected to the outbreak that have yet to be named. Source:

 Foster’s Daily Democrat reports that about 80 people will be offered antibiotics and the anthrax vaccine after tests confirmed the presence of the disease at the drumming room of the United Campus Ministry’s Waysmeet Center in Durham, New Hampshire. A young woman who attended a December 4 event has tested positive for gastrointestinal anthrax — the first such case in U.S. history. (See item 51)

51. December 30, Foster’s Daily Democrat – (New Hampshire) About 80 offered antibiotics after anthrax scare in Durham. About 80 people will be offered antibiotics and the anthrax vaccine after tests confirmed the presence of the disease at the drumming room of the Waysmeet Center. The medicine is being offered to people who took part in an West African drumming event at the center on December 4 and another 20 who had access to the building, along with two lab workers at risk of exposure. Meanwhile, the young Strafford County woman who attended the event and has tested positive for gastrointestinal anthrax — the first such case in U.S. history — remains in critical condition at an undisclosed out-of-state hospital. An adviser to New Hampshire’s division of public health services, said the state is contacting those 80 people and is merely offering the medicine, which is typically taken for 60 days, out of precaution because “this is a very low-risk situation.” So far, health officials believe “vigorous” drumming may have dispersed an anthrax spore into the air, where it was “briefly suspended” before the woman swallowed or inhaled it, causing it to end up in her digestive tract, the advisor said. The center is home to United Campus Ministry that is independent of the University of New Hampshire but offers a residential community for students. It remains closed per an order of the state Department of Health and Human Services. The advisor said environmental samples taken from electrical outlets in the drumming room came back positive for anthrax late Monday. Source:


Banking and Finance Sector

13. December 30, IT Business Edge – (International) Laptop theft puts MBNA customers at risk. MBNA has confirmed that customer data has been compromised following the theft of a laptop from the offices of credit and finance firm NCO Europe. According to SC Magazine, the laptop contained some personal details, but no PIN numbers. An MBNA spokesman said they believe that none of the details had been used fraudulently. Still, the company is offering affected customers free access to CreditExpert from Experian for the next 12 months. Source:

14. December 30, KYW 3 Philadephia – (Pennsylvania) Suspect robs Delaware County bank using a bomb threat. The bomb squad was called to the scene after reports of a bank robbery in Delaware County Wednesday morning. Police said a suspect entered an M&T Bank on Hinkley Avenue in Ridley Park at about 9:30 a.m. and told the teller he had a bomb. After receiving an undisclosed amount of cash, the suspect fled the scene. Following the robbery, police shut down the area surrounding the bank and called the Delaware County Bomb Squad as a precaution. No explosives were located. No arrests have been made. The incident remains under investigation. Source:

15. December 30, San Antonio Express-News – (Texas) Suspicious package was bag of trash, officials say. Authorities determined a suspicious package found at a North Side bank Wednesday morning was a paper bag full of trash, said a San Antonio Fire Department spokeswoman. Employees arriving to work at Chase Bank in the 12500 block of Northwest Military Highway and Wurzbach Parkway called 911 around 7 a.m. after they found a small bag in the bank’s drive-through automated teller machine lane. San Antonio Fire Department officials said the bag appeared to be from Las Palapas and had a note attached to it that says, “Open if you want a surprise.” The department’s hazardous materials crew, along with San Antonio Police Department’s bomb squad, investigated the package. Source:

16. December 29, Anchorage Daily News – (Alaska) Source of stolen credit card information was a restaurant. The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday. Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago. The scammers, in what appears to be a nationwide, organized effort, have spent thousands of dollars on the East Coast with the stolen data, according to police. According to the owners, the hack was actually perpetrated against a third-party network run by a nationwide corporation they would not name. The chief technology officer for Digital Securus, a local firm that has been helping examine the network at Little Italy, said his group found hacker programs on the point-of-sale terminals at the restaurant. “So what the bad guys did was, instead of trying to intercept that encrypted transmission, which they knew was futile, they came in and they installed a hacker program on the point-of-sale machines that actually intercepted that card number as it was being swiped,” he said. Both the restaurant and police say the breach has been fixed and the system is again secure. Police, however, are continuing to work with federal authorities to figure out who is behind the attack. Investigators suspect the stolen numbers were sold to third parties, who made fake cards with the information, an APD cyber crimes detective said last week. Source:

17. December 29, Reuters – (Florida; Texas) SEC alleges broker churned government accounts. U.S. securities regulators charged a Houston-based broker on Tuesday with defrauding two Florida government bodies while collecting $14 million in commissions. The Securities and Exchange Commission alleged the broker, while employed by First Allied Securities Inc, churned the accounts of the city of Kissimmee, Florida, and the Tohopekaliga Water Authority, and lied about what he was doing. The SEC’s civil complaint, filed in federal court in Orlando, Florida, accused him of engaging in risky, short-term trading strategies involving zero-coupon U.S. Treasury bonds, sometimes buying and selling them within days or on the same day. The watchdog agency said that he knew the municipalities’ ordinances prohibited his trading strategy. Neither municipality lost money, the SEC said, but only because the bond market swung in his favor. They could have lost $60 million over a two-year period, the SEC alleged. Source:

18. December 29, WTVC 9 Chattanooga – (Georgia) Bank scam hits Chickamauga hard. A bank account draining scam unfolded in Chickamauga the day after Christmas. It was a calculated “phishing” scam. A man’s recorded message claiming to be from the Bank of Chickamauga informed customers their ATM cards were restricted and gave them a number to call. After an unknown number of actual Bank of Chickamauga customers have been ripped off, the Federal Trade Commission has now taken over that number: 1-888-557-7512. A message on that number informs callers they have fallen victim to a scam. A bank executive says the number could be more than one hundred people. The bank’s vice president said, “Do not give information to anyone.” He added that if a customer did not initiate the phone call, then the customer must not divulge any information. From what WTVC-TV found out, this was a very widespread, random call. It appears they just used the prefix “375” and called all kinds of numbers in Chickamauga. This scam is not protected by the Federal Deposit Insurance Corporation. The bank’s executive vice president explains why. “Because it is fraud originated by a third party,” he said. The vice president of the bank says each case will be dealt with individually. But in all likelihood, customers lost whatever was in their account. Chickamauga police and the FBI are also aware of this scam. Investigators suspect this is a scam originating from another country. The bank would not reveal how much money was stolen, but it was all withdrawn electronically. Source:

19. December 29, WCAU 10 Philadelphia – (Pennsylvania) Smoke halts trading on Phila. Stock Exchange. The Philadelphia Stock Exchange was evacuated after smoke was reported on the trading floor late Tuesday morning. Smoke was first sighted on the first floor of the exchange at 1900 Market Street in Center City just after 11 a.m., officials said. The smoke was sucked into the building from a burning pile of leaves which caught fire outside, fire officials said. Trading was halted and the building evacuated. The fire was extinguished at 11:37 a.m. Exchange employees were allowed back into the building just before noon, though trading did not resume until after 12:30 p.m. Source:

20. December 29, SCMagazine – (National) Parties agree to settlement over Countrywide data breach. A federal judge in Kentucky has granted preliminary approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. Last week’s settlement, which still must undergo a final approval hearing, would provide free credit monitoring for up to 17 million people whose personal data was exposed, according to published reports. To be eligible, victims must have used Countrywide before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. A spokeswoman for Bank of America, which now owns Countrywide, did not respond to a request for comment on Tuesday. Some 35 lawsuits resulted from the breach before class-action status was granted, according to reports. Source:

21. December 29, Associated Press – (Alabama) Thieves make off with ATM machines from AL stores. Mobile, Alabama police are looking for three men who smashed a stolen car through the windows of 2 gas stations and made off with automated teller machines. A spokesman officer said the two robberies early Monday bring the number of smash & grab ATM thefts around the area to five since December 8. He said the men were masked and completely covered in clothing. The first robbery was at a Chevron station around 3:10 a.m. and another Chevron was robbed about two hours later. They smashed the car through the stations’ glass windows, then went in and removed the ATM machines. The car was later found burned and 1 of the ATMs was still inside. No one has been arrested in any of the incidents, and no one has been injured. Source:

22. December 29, U.S. Department of Justice – (National) Major international hacker pleads guilty for massive attack on U.S. retail and banking networks. A man from Miami pleaded guilty Tuesday to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards. The man, aka “segvec,” “soupnazi” and “j4guar17,” pleaded guilty to two counts of conspiracy to gain unauthorized access to the payment card networks operated by, among others, Heartland Payment Systems, a New Jersey-based card processor; 7-Eleven, a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. The plea was entered in federal court in Boston. The case is one of the largest data breaches ever investigated and prosecuted in the United States. According to information contained in the plea agreement, he leased or otherwise controlled several servers, or “hacking platforms,” and gave access to these servers to other hackers, knowing that they would use them to store malicious software and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by the man. He tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea agreement, it was foreseeable to the man that his co-conspirators would use malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions. Source:

Information Technology

46. December 27, PC World – (International) Good guys bring down the Mega-D botnet. For two years, a researcher with security company FireEye worked to keep Mega-D bot malware from infecting clients’ networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from deÂÂfense to offense. And Mega-D — a powerful, resilient botnet that had forced 250,000 PCs to do its bidding — went down. He and two FireEye colleagues went after Mega-D’s command infrastructure. His team first contacted Internet service providers that unwittingly hosted Mega-D control servers; his research showed that most of the servers were based in the United States, with one in Turkey and another in Israel. The FireEye group received positive responses except from the overseas ISPs. The domestic C&C servers went down. Next, the researchers contacted domain-name registrars holding records for the domain names that Mega-D used for its control servers. The registrars collaborated with FireEye to point Mega-D’s existing domain names to noÂÂwhere. By cutting off the botnet’s pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down. Finally, FireEye and the registrars worked to claim spare domain names that Mega-D’s controllers listed in the bots’ programming. The controllers intended to register and use one or more of the spare doÂÂmains if the existing domains went down — so FireEye picked them up and pointed them to “sinkholes” (servers it had set up to sit quietly and log efforts by Mega-D bots to check in for orders). Using those logs, FireEye estimated that the botnet consisted of about 250,000 Mega-D-infected computers. MessageLabs, a Symantec e-mail security subsidiary, reports that Mega-D had “consistently been in the top 10 spam bots” for the previous year. The botnet’s output fluctuated from day to day, but on November 1 Mega-D accounted for 11.8 percent of all spam that MessageLabs saw. Three days later, FireEye’s action had reduced Mega-D’s market share of Internet spam to less than 0.1 percent, MessageLabs says. Source:

Communications Sector

47. December 30, WYFF 4 Greenville – (South Carolina) Greenville radio station ransacked. A Greenville County radio station was ransacked and thieves took everything, including the microphone for the DJ. The trailer that houses WCSZ 1070 AM on White Horse Road is in shambles. The station’s former general manger told News 4 someone broke into the radio station on December 16, and then again this week. He thinks someone broke into the building looking for copper, but then saw a golden opportunity. There was very expensive equipment still at the radio station, including a transmitter worth $150,000, he said. It was picked apart. He said there is no way to broadcast out of the station until everything is replaced. A forensic investigator was at the radio station Wednesday morning collecting evidence. A Greenville County sheriff’s office spokesman said an investigator has been assigned to this case, and it is being looked at as a grand larceny. Source:

48. December 30, Landmark News Service – (Kentucky) Internet company expansion encounters extended outage. An Internet service outage expected to last about four hours has stretched into a week for some customers of U.S. Digital Online. In the process of relocating a server December 22, unexpected issues were encountered that have had staff members, including the company president, working around the clock through the holiday period. The company acquired approximately 800 KV Net accounts from Nolin RECC in July. Previously, U.S. Digital provided dial-up and wireless service to about 300 customers throughout Grayson County from its office in Leitchfield. The company president said the acquisition came with little documentation regarding software. Some customer connections that relied upon outdated technology contributed to the transfer. “It’s been a struggle for us to find out who’s hooked up how,” he said. During the switch over, U.S. Digital found some customers relied on static IP addresses and it had no record of the information necessary to enable the service. The company also encountered more than 5,000 lines of code that had to be rebuilt as part of the configuration. U.S. Digital is a wholesaler of DSL service through Windstream, which also sells Internet connectivity in the area as well as telephone and digital television. Source:

49. December 28, Associated Press – (National) Wireless phone companies pushing to use federal, defense frequencies. As mobile phones become more sophisticated, they transmit and receive more data over the airwaves. But the spectrum of wireless frequencies is finite — and devices like the iPhone are allowed to use only so much of it. TV and radio broadcasts, Wi-Fi networks, and other communications services also use the airwaves. Each transmits on certain frequencies to avoid interference with others. Now wireless phone companies fear they are in danger of running out of room, leaving congested networks that frustrate users and slow innovation. So the wireless companies want the government to give them bigger slices of airwaves — even if other users have to give up rights to theirs. Wireless companies are eyeing some frequencies used by TV broadcasters, satellite-communications companies, and federal agencies such as the Pentagon. Already, some of those groups are pushing back. That means tough choices are ahead. But one way or another, Washington will keep up with the exploding growth of the wireless market, insists a U.S. Representative from Virginia. He is sponsoring a bill that would mandate a government inventory of the airwaves to identify unused or underused bands that could be reallocated. The head of the National Telecommunications and Information Administration, the arm of the Commerce Department that manages the federal government’s use of the airwaves, says the agency is also hunting for more frequencies the wireless industry can use. The Pentagon has vacated some frequencies and is developing technology that can make more efficient use of airwaves. It also says it is committed to finding compromises that work for the government and commercial sector, so long as those do not jeopardize military capabilities. Source: