Department of Homeland Security Daily Open Source Infrastructure Report

Monday, January 11, 2010

Complete DHS Daily Report for January 11, 2010

Daily Report

Top Stories

Stars and Stripes reports that messages posted recently by prominent contributors to jihadist Web sites are seeking specific information on U.S. military targets in hopes of carrying out an attack on Navy ships in the Persian Gulf, according to the Middle East Media Research Institute. The specificity and the call for personal familial information led the Naval Criminal Investigative Service to caution U.S. Naval Forces Central Command/5th Fleet on December 31, a Navy official said. (See item 35)


35. January 9, Stars and Stripes – (International) Group: Internet posts indicate threat to Navy in Persian Gulf. Messages posted recently by prominent contributors to jihadist Web sites are seeking specific information on U.S. military targets in hopes of carrying out an attack on Navy ships in the Persian Gulf, according to the Washington, D.C.-based Middle East Media Research Institute (MEMRI). One post on the jihadi forum Al-Falluja calls for information such as the “name of the particular naval unit to be targeted, its exact location, the number of troops on board the warship and their ranks, familial status, where their families live, the type of weapons the warship carries…and the number of nuclear bombs onboard,” reads a report compiled by MEMRI. “The postings that have come out recently are from al-Qaida in the Arabian Peninsula…from some of their leaders and some of the main people and…head moderators,” MEMRI’s executive director said. The Naval Criminal Investigative Service warned U.S. Naval Forces Central Command/5th Fleet of the threats on December 31, said a Navy spokesman. Citing security reasons, he declined to say whether the Navy changed any force-protection measures or policies or tactics as a result of the threats. It was the specificity and the call for personal familial information that led NCIS to caution 5th Fleet, a Navy official said. A December 30 Al-Falluja post called for a gathering of intelligence on U.S. Navy targets. Included on the post were diagrams and a dated picture of the USS Enterprise aircraft carrier. The photos, however, are from open-source Web sites, said MEMRI’s executive director, and easily attainable. “Anyone who thinks our enemies don’t monitor what our sailors, families and commands are doing via the Internet and social media had better open their eyes,” wrote a master chief petty officer in a message posted Wednesday on the Navy’s Web site. “These sites are great for networking, getting the word out and talking about some of our most important family readiness issues, but our sailors and their loved ones have to be careful with what they say and what they reveal about themselves, their families or their commands.” Source: http://www.stripes.com/article.asp?section=104&article=67112


The Huntington Herald-Dispatch reports that ten communication tower sites in Cabell County, West Virginia have been vandalized and the copper stolen from them since December 28. The county commissioner said that the crime “needs to be looked at as terrorism.” (See item 45 below in the Communications Sector)


Details

Banking and Finance Sector

11. January 8, eWeek – (International) HSBC customers hit by mainframe failure. HSBC customers were unable to use ATM cash machines, as well as online banking on January 8, after the bank suffered an outage with its mainframe computer. “We experienced a mainframe outage at 11.45am this morning,” an HSBC spokesman told eWeek Europe. “This impacted our ATM network and Internet banking, as well as credit and debt cards.” “This outage lasted for two hours and the network is now fully back up and running,” the spokesman added. “We would obviously like to apologise to our customers for any inconvenience this caused.” Failures of this nature are rare as mainframes are normally robust machines with a high degree of fault tolerance, which makes this two hour failure so surprising. When asked about the nature the mainframe failure, the spokesman was unable to identify the exact problem, although he did confirm the mainframe in question is from IBM. Source: http://www.eweekeurope.co.uk/news/hsbc-customers-hit-by-mainframe-failure-2969


12. January 8, Winston-Salem Journal Reporter – (North Carolina) Man operated a Ponzi scheme, FBI says. An Ashe County, North Carolina, businessman arrested last month by the FBI was operating a Ponzi scheme that defrauded investors of more than $35 million, according to court documents. The owner of Black Diamond Capital Solutions and other businesses had at least 240 investors nationally, and he told them that he was investing their money in the foreign-currency exchange system. But he did not invest any money in foreign-currency exchange, according to a FBI agent’s affidavit requesting an arrest warrant. Rather, the Ponzi schemer deposited money into banks and spent the money on payments to other investors, and on cars, real estate, lavish trips and other things. The suspect was arrested December 17 in an Ashe County parking lot. He has been charged with conspiracy to commit money laundering, wire fraud and securities fraud. He remains in federal custody. Source: http://www2.journalnow.com/content/2010/jan/08/man-operated-a-ponzi-scheme-fbi-says/news/


13. January 8, Wall Street Journal – (New York) NY fed told AIG to shield payouts. The Federal Reserve Bank of New York told American International Group Inc. (AIG) not to disclose key details of their agreements to make big payouts to banks in the insurer’s regulatory filings in late 2008, according to a set of email exchanges released on January 7. AIG later amended its regulatory filings several times over the following months and provided the information after the Securities and Exchange Commission requested more disclosure. Congress also pressured the insurer to release the names of banks that were paid off in full on $62 billion in bets on soured mortgage securities. The biggest payouts went to French bank Societe Generale and to Wall Street firm Goldman Sachs Group Inc., AIG finally said publicly in mid-March 2009. The government’s handling of the AIG bailout continues to draw scrutiny and has created political difficulty for the Treasury Secretary, who was president of the New York Fed when it first bailed out AIG in September 2008. He played a key role in the regional Fed bank’s controversial November 2008 decision to make U.S. and European banks whole on their mortgage gambles with AIG, according to a government audit last year. “There was no effort to mislead the public,” said a general counsel of the New York Fed, on January 7. He said it was “appropriate” for the institution to comment on AIG’s disclosures on transactions involving the New York Fed, “with the understanding that the final decision rested with AIG and its external securities counsel.” Source: http://online.wsj.com/article/SB10001424052748704130904574644542588515508.html?mod=rss_Today’s_Most_Popular


14. January 8, NJBiz – (National) Heartland agrees to $60M settlement over data breach claims. Princeton, New Jersey-based Heartland Payment Systems, one of the nation’s largest payments processors, announced Friday a settlement with Visa Inc. under which issuers of Visa-branded credit and debit cards will have an opportunity to obtain a recovery from Heartland over losses they may have incurred from a breach of Heartland’s online systems in 2008. Heartland will pay as much as $60 million to fund the settlement program, which is subject to certain conditions. Visa will present details of the settlement to eligible issuers in the coming days. Late last month, a Miami hacker pleaded guilty to conspiring to breach Heartland’s systems. Source: http://www.njbiz.com/article.asp?aID=80241


15. January 7, Tallahassee Democrat – (Florida) Bank reports appearance of fake cashier’s checks. ProBank of Tallahassee, Florida, has contacted the Federal Deposit Insurance Corp. to report that counterfeit cashier’s checks bearing the institution’s name are in circulation. The FDIC issued an alert Thursday morning regarding the matter. The counterfeit items display the routing number 063116407, which is assigned to ProBank. A security feature statement is embedded in the top and bottom borders. The words “CASHIER’S CHECK” (spelled with an apostrophe) are in the top-right corner. The words “Tallahassee, FL” are shown below the bank’s name in the top-left corner. The FDIC said authentic cashier checks are light blue and graduate horizontally to white in the center. A padlock and vertical security feature statement are along the right border. The words “CASHIER’S CHECK” (spelled without an apostrophe), “Date” and “Branch” are in the top-right corner. The word “REMITTER” is shown below the bank’s name in the top-left corner. Regulators cautioned that the appearance of counterfeit items can be modified and that additional variations may be presented. Source: http://www.tallahassee.com/article/20100107/BREAKINGNEWS/100107003/Bank-reports-appearance-of-fake-cashier-s-checks


16. January 7, Credit Union Times – (North Carolina) Novel skimming cases hitting North Carolina. Financial institutions in North Carolina, including the $18 billion State Employees’ Credit Union have been wrestling since roughly mid-December with a novel approach to card skimming. Customarily card skimming has involved devices being attached to the outside of ATMs that capture the card numbers of machine users and cameras to record their personal identification numbers. The thieves then use this information to steal money from cardholder accounts. But this most recent skimming attack relies not on devices attached to ATMs, but instead on devices placed on this inside of gasoline pumps at busy, high traffic, service stations in the Triangle part of the state. According to the senior vice president with SECU, the device’s locations on the inside of the gas pumps mean they are hidden to cardholders and the credit union has launched a public relations effort to alert all cardholders, whether members or not, to ways they can protect their information. The credit union adopted a pro-active media stance, contacting local media outlets with the story. SECU executives urged cardholders to either use their cards as credit rather than debit cards, which means they would not use their PINs or to cover the keypad with the other hand to block the view of any hidden cameras. Source: http://www.cutimes.com/News/2010/1/Pages/Novel-Skimming-Cases-Hitting-North-Carolina.aspx


17. January 7, Reuters – (International) Canada police search for “Chinese Warren Buffett”. Canadian police issued an arrest warrant on Wednesday for a man who promoted himself as the “Chinese Warren Buffett” accused in Canada of operating a US$29 million Ponzi scheme. He is accused of defrauding more than 100 victims in Canada, China, and the United States, according to Toronto police. Ontario securities regulators barred him in June from any trading activity and warned investors on Wednesday they believed he was soliciting business from relatives of his previous victims. Local news reports said he was believed to have fled to Hong Kong. He was scheduled to go on trial in Ontario for alleged security violations in April, according to the Ontario Securities Commission. Source: http://www.reuters.com/article/idUSTRE6055QN20100107


Information Technology


41. January 8, SC Magazine – (International) Adobe plans to release auto-updater for Acrobat Reader as exploits are seen of unpatched vulnerability. Adobe is testing the functionality of an auto-updater for its Acrobat Reader following a number of recent PDF threats. PC World has reported that the company will begin a beta test of its new updater, called the Acrobat Refresh Manager, with next week’s critical security updates. A group product manager at Adobe Systems revealed in October on the Adobe reader blog that Adobe Reader and Acrobat 9.2 and 8.1.7 were shipping with a new beta updater technology, which was initially in a passive state. It is planned for the updater to be turned on the week of January 11 and if all goes well, Reader and Acrobat users on Macintosh and Windows computers will be offered the new update mechanism as a default option with the company’s next security update, currently scheduled for release on 13th April. Adobe is also expected to patch a vulnerability next week in Adobe Reader and Acrobat, after it announced in December that the update would be released by 12th January 2010 to resolve the issue. Source: http://www.scmagazineuk.com/adobe-plans-to-release-auto-updater-for-acrobat-reader-as-exploits-are-seen-of-unpatched-vulnerability/article/160895/


42. January 8, The Register – (International) Microsoft readies singular fix for first Patch Tuesday of 2010. Microsoft’s first Patch of the year on Tuesday is designed to fix just one critical vulnerability that affects Windows 2000, XP, Vista, and Windows 7. It will also patch the same bug in Windows Server 2003, Server 2008, and 2008 R2, although the security flaw in those products is marked as low by Microsoft. However, a spokesman for the firm claimed on the company’s security blog that the “Exploitability Index” rating for the vulnerability would not be high, thereby lowering the overall risk. He also admitted that Microsoft had not patched a Denial of Service bug in SMB (Server Message Block), which the company went public about in November 2009. The security bug in Windows 7 and Windows 2008 R2 makes it possible to lock up affected systems. The crash would happen without a Blue Screen of Death or other visible indication that anything was amiss. The software giant’s light-footed approach to its latest round of updates contrasts with the hefty collection of patches that trundled out of MS Towers and onto the Internet in October last year. Source: http://www.theregister.co.uk/2010/01/08/patch_tuesday_january/


43. January 8, Reuters – (California) Silicon Valley shaken by another mild quake. Silicon Valley technology companies and residents were shaken by another light 3.8 magnitude earthquake on Friday. There were no immediate reports of damage, according to local news outlets. Friday’s earthquake follows a 4.1 magnitude earthquake in the same region on Thursday. Silicon Valley is home to a number of large technology companies including Google, Cisco, and Oracle. The U.S. Geological Survey said the quake, which struck at 11:48 a.m. local time, was at a depth of 5 miles. Source: http://www.reuters.com/article/idUSTRE6074RM20100108


44. January 7, Techworld.com – (International) SpamAssassin ‘2010’ bug blocked e-mail across world. If anyone sent an email in the first few hours of 2010, there is a chance that it never reached its recipient thanks to a ‘2010’ bug buried in the open source SpamAssassin anti-spam engine used by many Internet Service Providers. According to a UK-based techie who first blogged on the issue, the fault lies with the ‘FH_DATE_PAST_20XX’ rule used in conjunction with many others by the program to score the likelihood of an email being spam. This assigns an especially high score to any email it encounters that has within its header a date beyond a defined point in the future, normally a reliable sign that the email in question is suspicious. Unfortunately, due to an oversight this rule was not updated in compiled versions of Apache SpamAssassin 3.2.0 thru 3.2.5 in time for the turning of the year, and so any email sent with a sending date between 2010 and 2099 would have had the higher score applied to it automatically. Although this on its own would be unlikely to have stopped an email, it is likely that the number of false positives would have increased dramatically until service providers noticed the issue. Non-packaged versions of SpamAssassin would not have been affected, though only a small minority of users download the software in this form. It is impossible to say how many emails were affected, but reports have emerged of false positives in Sweden, Germany, and The Netherlands. Source: http://www.pcworld.com/article/186215/spamassassin_2010_bug_blocked_email_across_world.html


Communications Sector

45. January 7, Huntington Herald-Dispatch – (West Virginia) EMS services could be hindered. Ten communication tower sites in Cabell County have been vandalized and the copper stolen from them since December 28. The communications site at Rotary Park, which includes four towers, was vandalized and had its copper stolen Wednesday, and two more tower sites in the county were hit Thursday. The EMS director estimates that damage has totaled about $50,000, while only about $1,000 worth of copper was stolen from the sites. Since the thefts began, crews were working to replace all missing and damaged parts at emergency services communications sites before the snowstorm. The Cabell County Commission passed a resolution on Thursday to implore the state’s congressional delegation to push for federal legislation that would make theft or damage to communications infrastructure a felony crime. The commission also said it would look into installing electric fences and razor wire to deter criminals from the sites. “This deserves attention and needs to be looked at as terrorism,” the commissioner said. Although 10 separate communications sites have been damaged in the county, the EMS director said only two of the four emergency services tower sites have been hit. The rest of the towers and communications sites that have been damaged belong to cell phone companies. One major worry is the theft from the four Rotary Park towers, the EMS director said. Thieves stole the copper from the propane tank that runs the backup generator used for the tower when bad weather causes an outage at the tower. He said the West Virginia State Police, Cabell County Sheriff’s Department, and several local police forces are working to find the people responsible for the thefts. He said he suspects the same people to be involved in all the crimes. Source: http://www.herald-dispatch.com/news/x300704187/Damage-from-thefts-could-affect-EMS-services


46. January 7, Reuters – (International) Cellular group says mobile calls safe from hackers. A wireless industry group said mobile phone conversations are safe from eavesdropping, even after a German security expert released the code for unscrambling calls made using most of the world’s cell phones. Concerns spread recently that cell phone calls could easily be intercepted after an encryption expert unveiled his research at Europe’s largest hacking conference in Berlin. The London-based GSM Association said on Thursday that it has spent the past few years figuring out ways to thwart hackers who might try to tap into wireless calls using his research, which it first learned of in 2007. GSM Association engineers have figured out a short-term solution to block eavesdroppers, said the head of security for the association. It involves making slight changes to the settings in each wireless operator’s network. Carriers can quickly make those adjustments by tweaking existing features in the technology, GSM’s head of security said in an interview. “Should people be worried? I think no,” he said. The research by the German security expert applies to GSM technology, which runs about 80 percent of the world’s mobile phones, including systems run by AT&T Inc, Deutsche Telekom, and France Telecom. Over the next several years, GSM carriers will adopt a new standard for encrypting, or scrambling, voice conversations that will be tougher to crack, according to GSM’s head of security. Source: http://www.reuters.com/article/idUSTRE60641G20100107?type=technologyNews