Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 29, 2010

Complete DHS Daily Report for January 29, 2010

Daily Report

Top Stories

 According to the Associated Press, Monrovia, California police say a man who barricaded himself in a bank entrance Wednesday and claimed to have a bomb has surrendered in the Los Angeles foothill suburb. Hundreds of people were evacuated from Citizens Business Bank and nearby buildings. (See item 18)


18. January 27, Associated Press – (California) Man who made bomb threat at LA-area bank surrenders. Monrovia police say a man who barricaded himself in a bank entrance and claimed to have a bomb has surrendered in the Los Angeles foothill suburb. The city spokesman says the man walked out and gave himself up on the afternoon of January 27. No bomb was found. Officials say hundreds of people were evacuated from Citizens Business Bank and nearby buildings after the man shoved a note under the closed door at around 10 a.m. claiming he had a bomb. The spokesman says the bank staff refused to open the bank door but the man barricaded himself in the foyer. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-bank-threat,0,4516737.story


 The Associated Press reports that federal officials are investigating an explosive device that was set off Thursday morning on train tracks near the James Madison University campus in Harrisonburg, Virginia. (See item 23)


23. January 28, Associated Press – (Virginia) Explosive device set off on Virginia train tracks, feds say. Federal officials say they are investigating an explosive device that was set off on train tracks near a college campus in Harrisonburg, Virginia. A spokesman for the Bureau of Alcohol, Tobacco, Firearms and Explosives said local residents reported hearing a boom about 6:30 a.m. Thursday. He said local police have investigated and determined there was an explosive device on train tracks near the campus of James Madison University at Cheapeake Street and Cantrell Avenue. He said there were no injuries and terrorism is not suspected. He said ATF and the Harrisonburg police department have launched a criminal investigation. He said ATF has sent seven people to the scene, including two explosives experts. Source: http://www.foxnews.com/story/0,2933,584155,00.html


Details

Banking and Finance Sector

15. January 28, WSAU 99.9 Rudolph – (Wisconsin) Credit card scam. There are reports of credit card scam in the Wausau, Wisconsin, area. Several people have received phone calls from people claiming to be from their bank, saying their credit card has been deactivated because of suspected fraud. The person asks for the card number and PIN over the telephone to fix the problem. Co-Vantage Credit Union says several of their members have received similar calls. Banks and credit card companies do not ask for PIN numbers over the phone. People who receive these calls should hang up and call police and their financial institution. Source: http://new.wsau.com/news/articles/2010/jan/28/credit-card-scam/


16. January 28, Bank Info Security – (National) Fed bank offers report on lessons learned from Heartland data breach. The Payment Cards Center of the Federal Reserve Bank (FRB) of Philadelphia has published “Heartland Payment Systems: Lessons Learned from a Data Breach,” a discussion paper on the Heartland Payment Systems breach. The paper is a summation of a workshop held in August 2009 at the Philadelphia FRB, where the CEO of Heartland led a discussion of the events surrounding the breach and lessons learned as a result. Heartland Payment Systems announced on January 20, 2009 that it had been the victim of what is now thought to be the largest breach of card data, an estimated 130 million payment cards taken by hackers over a six-month period. In his presentation, the CEO shared details of the breach and what actions the company and industry are taking. Joining the CEO in the workshop was the former director of the Payment Cards Center, who now is a senior payments advisor to Heartland. They outlined Heartland’s post-breach efforts, which are directed to improving information sharing and data security within the consumer payments industry. The CEO introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization and chip technology. Source: http://www.bankinfosecurity.com/articles.php?art_id=2125


17. January 28, eSecurity Planet – (International) Starwood a victim of credit card fraud. Hotel chain Starwood has warned that anyone who stayed at its hotels in Germany may have been a victim of credit card fraud. “The New York-based company owns chains such as Sheraton, Westin, and Le Méridien, and believes that some customers who carry ‘Miles and More’ cards — a frequent flyer partnership between Lufthansa and Deutsche Kreditbank (DKB) — may have been the victim of illegal charges during their stays, daily Financial Times Deutschland reported,” according to The Local. “The problem may be the result of electronic failures similar to the glitch that caused banks in Germany and Spain to recall some 250,000 bank cards between July and November of 2009,” the article states. Source: http://www.esecurityplanet.com/headlines/article.php/3861286/Starwood-a-Victim-of-Credit-Card-Fraud.htm


18. January 27, Associated Press – (California) Man who made bomb threat at LA-area bank surrenders. Monrovia police say a man who barricaded himself in a bank entrance and claimed to have a bomb has surrendered in the Los Angeles foothill suburb. The city spokesman says the man walked out and gave himself up on the afternoon of January 27. No bomb was found. Officials say hundreds of people were evacuated from Citizens Business Bank and nearby buildings after the man shoved a note under the closed door at around 10 a.m. claiming he had a bomb. The spokesman says the bank staff refused to open the bank door but the man barricaded himself in the foyer. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-bank-threat,0,4516737.story


19. January 27, DarkReading – (National) Identity thieves successfully targeting wealthy victims, study says. According to a study issued on January 27 by Experian, a company that does both identity fraud protection services and marketing demographics services, the most likely victims of identity fraud are those with the most money. The study — which was created using Experian’s unlikely combination of identity fraud incidence statistics with basic consumer demographics — indicates that identity thieves are successfully targeting the wealthy and affluent, regardless of the systems and software they use. According to Experian, consumers in the “Affluent Suburbia” category — the wealthiest of the company’s 12 demographic categories - are 43 percent more likely to fall victim to identity fraud as the average credit applicant. Experia describes Affluent Suburbia as “the wealthiest households in the U.S., living in exclusive suburban neighborhoods and enjoying the best everything has to offer.” Individuals in the “Upscale America” category are 22 percent more likely to fall prey to identity fraud than the average credit applicant, Experian says. Upscale America is defined as “college-educated couples and families living in metropolitan sprawl, earning upscale incomes that provide them with large homes and very comfortable, active lifestyles.” The study offers a different perspective on identity fraud than more technical studies, which suggest that the most likely victims of identity fraud are those who don’t deploy security software or are ignorant of best practices. Source: http://www.darkreading.com/securityservices/security/privacy/showArticle.jhtml?articleID=222600185


20. January 27, WTAE 4 Pittsburgh – (Pennsylvania) ATM hacked into at Forest Hills PNC bank. Some customers of a PNC bank ATM located in Forest Hills have been the victims of a skimmer. A Pittsburgh couple discovered $1,400 missing. The couple said they completed a fraud complaint with the bank and was expected to get the money back in a few days. PNC is warning their customers and ATM users to look for signs of tampering on the machines before use. Users are also to check their statements monthly and report any activity they see as suspicious. Source: http://www.thepittsburghchannel.com/allegheny/22360755/detail.html


For another story, see item 48 below in the Information Technology Sector


Information Technology


48. January 28, Network World – (International) DDoS attacks, network hacks rampant in oil and gas industry, other infrastructure sectors. Massive denial-of-service (DoS) attacks and “stealthy infiltration” of corporate networks by attackers is a common experience for companies in critical infrastructure sectors, including financial services, energy, water, transportation and telecom, according to a new survey. Extortion schemes related to distributed DoS attacks are also rampant, especially in some parts of the world, according to the survey. The report, titled “In the Crossfire — Critical Infrastructure in the Age of Cyber-War,” was prepared by the Washington, D.C. policy think tank Center for Strategic and International Studies (CSIS). CSIS asked 600 IT and security professionals across seven industry sectors in 14 countries about their practices, attitudes about security, and the security measures they employ. A little more than half of the respondents (54 percent) said they had experienced “large-scale denial of service attacks by high-level adversary like organized crime, terrorists or nation-state (for example, like in Estonia and Georgia).” The same proportion, according to the report, also said their networks had been subject to “stealthy infiltration,” such as by a spy ring using targeted malware attacks to allow hackers “to infiltrate, control and download large amounts of data from computer networks belonging to non-profits, government departments and international organizations in dozens of countries.” The oil and gas sector faces the highest rates of victimization, according to the CSIS survey. Overall, 71 percent of respondents in the oil-and-gas industry reported stealthy-infiltration, compared with 54 percent of respondents in other sectors. The CSIS survey also found distributed DoS attacks were “particularly severe” in the energy/power and water/sewage sectors, where attacks were usually aimed at computer-based operational control systems, like SCADA. Source: http://www.networkworld.com/news/2010/012710-ddos-oil-gas.html?hpg1=bn


49. January 27, DarkReading – (International) Anatomy of a targeted, persistent attack. A new report published on January 27 sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks — including the recent ones on Google, Adobe, and other companies — almost always are successful and undetectable until it’s too late. The so-called advanced persistent threat (APT) attack model and case studies outlined in the report from forensics firm Mandiant are based on real-world attacks Mandiant has probed during the past seven years in the government and private industries. Though the report describes the brand of attack that hit Google, Adobe, and 20 to 30 other organizations, Mandiant would not comment on whether its forensics experts are involved in the so-called Aurora attack that allegedly came out of China. Most of the APT attack cases that Mandiant has worked on for the past few years have had ties to China: “The vast majority of APT activity observed by MANDIANT has been linked to China,” the report says. And existing security tools are no match for these attacks — only 24 percent of the malware used in the attacks Mandiant has investigated were detected by security software, the report says. Source: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=222600139&subSection=Attacks/breaches


50. January 27, The Register – (International) IE Windows vuln coughs up local files. If a anyone uses any version of Internet Explorer (IE) to surf Twitter or other Web 2.0 sites, a security consultant at Core Security can probably read the entire contents of the primary hard drive. The security consultant said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies — even empty hashes of passwords. This is not the first time security researchers at Core have identified security weaknesses in IE. The company issued this advisory in 2008 and this one in 2009, each identifying specific links in the chain that could potentially be abused by an attacker. The security consultant said he has fully briefed Microsoft on his latest attack, which he plans to demonstrate at next month’s Black Hat security conference in Washington, DC. Microsoft’s “rapid response team” did not reply to an email, but a statement sent to other news outlets said the company is investigating the vulnerability and is not aware of it being exploited in the wild. The hole is difficult to close because the attack exploits an array of features IE users have come to rely on to make web application work seamlessly. Simply removing the features could neuter functions such as online file sharing and active scripting, underscoring the age-old tradeoff between a system’s functionality and its security. Source: http://www.theregister.co.uk/2010/01/27/ie_file_disclosure_attack/


51. January 26, V3.co.uk – (International) Google updates Chrome with 1,500 new features. Google has released an update to its Chrome browser, promising improved security and more than 1,500 new features. The browser is now much more stable, according to the search giant, and is a whopping 400 times quicker than when first released. “We are excited to usher in the new year with a bundle of browser goodness for the stable version of Google Chrome,” said a product manager for Chrome, in a blog post. The extension tool lets users choose the applications they want to install, and helps manage how they are used. This may be particularly useful when it comes to navigating through the 1,500 new features. Bookmark Sync, a tool that lets users migrate bookmarks to another machine, has come out of beta, while web developers will see a number of new HTML5 APIs, including LocalStorage, Database API, WebSockets, and others. The new features relate only to the Windows release so far, but users of other systems will get the updates soon, according to the manager. Source: http://www.v3.co.uk/v3/news/2256780/google-updates-chrome


Communications Sector

52. January 27, WTEN 10 Albany – (New York) Verizon employees evacuate man hole just before a small explosion. The tree that fell on a power line in Amsterdam, New York, on January 25 is still causing problems. According to a fire chief at 9:30 a.m. on January 27 two Verizon workers were checking a junction box 10 feet underground in a man hole located on East Main Street just off of Vrooman Avenue. The two men saw that the air monitor alert system located next to the box was at a level indicating toxic gas or explosion possible. The two men quickly evacuated the man hole just before the box sustained a small explosion and fire. The fire chief says that’s when the fire department was called in, but the chief says they could only monitor the fire as it burned because the Amsterdam Fire Department does not own any “confined space rescue equipment.” The chief called the New York State Office for Fire Prevention and Control who responded with the special equipment and two trained engineers. Amsterdam Fire assisted and the area was cleared at 12:16 pm. The chief says there were no injuries as a result of the incident. Source: http://www.wten.com/Global/story.asp?S=11890628


53. January 27, Associated Press – (Washington) Vandals cut fiber optic cables to Selah. The Yakima County sheriff’s office says vandals cut fiber optic cables that carry phone, TV and Internet service to Selah, Washington. The damage was reported early on January 27 by Charter Communications. Repair crews found two cables cut at the railroad trestle that crosses the Naches River between Yakima and Selah. Source: http://seattletimes.nwsource.com/html/localnews/2010903931_apwafiberopticvandals.html


For another story, see item 48 above in the Information Technology Sector