Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, May 27, 2010

Complete DHS Daily Report for May 27, 2010

Daily Report

Top Stories

 The Wall Street Journal reports that public health officials are battling a host of new infectious threats to the nation’s blood supply on May 24, but new screening tests are hard to develop and can take years to win government approval. (See item 43)

43. May 24, Wall Street Journal – (National) New threats to U.S. blood supply. Public health officials are battling a host of new infectious threats to the nation’s blood supply. Blood centers, which have long tested for risks like hepatitis C and AIDS, have added a number of new tests on donated blood in recent years, including checks for West Nile virus and Chagas, a tropical parasitic disease. But new screening tests are hard to develop and can take years to win government approval. Currently, for instance, there’s no way to screen for newer threats like babesiosis, a parasitic infection that has been linked to 10 U.S. deaths through blood transfusions since 2006. And a dangerous virus known as Chikungunya has spread to the U.S. and Europe from Africa in the last several years. Blood supply officials are urging the U.S. government to adopt so-called pathogen-reduction technology that can kill a wide range of contaminants in blood after it has been donated. One method already in use in about a dozen countries in Europe, Asia and elsewhere destroys most pathogens with a combination of chemicals and ultraviolet light. The Food and Drug Administration declined to approve the technology several years ago, citing possible side effects. But the agency is continuing to evaluate it. Source:

 AT&T’s new digital home phone service failed across the country on May 25, illustrating continuing reliability issues with Internet-based phone service, according to the Associate Press. (See item 56 below in the Communications Sector)


Banking and Finance Sector

14. May 26, The New New Internet – (Minnesota; North Dakota) Hackers target small businesses. The Better Business Bureau of Minnesota and North Dakota, and the Minnesota Cyber Crime Task Force are urging all small businesses with outdated or lacking online security software to be aware of foreign hackers stealing credit card information and then selling it on the Web. Businesses targeted by these cyber intrusions could be liable for any losses involving stolen credit card data, which could potentially bankrupt smaller enterprises. All small businesses that process, store or transmit credit card information are advised to bring up to date their security software and become PCI compliant immediately. The Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that deal with credit card information maintain a secure environment. Although the PCI is not law, it was created by major credit card brands that can, at their discretion, fine merchants that do not comply with the standards in case of a data breach. Source:

15. May 26, SC Magazine – (International) American Express may have failed to encrypt data. American Express may be in hot water after a computer engineer discovered a portion of the card brand’s Web site, which claims to be secure, sending private information in the clear. The engineer wrote in a blog post May 25 that he received a promotional e-mail from American Express encouraging him to sign up for the Daily Wish service, through which cardholders can receive hefty discounts on a limited amount of merchandise, such as computers and camcorders. If users click on the “Sign up for Daily Wish” button, they are prompted to enter personal information, such as name, card number, security code, expiration date and billing zip code, into a pop-up box. The box includes a “this page is secure” notification link, but upon further review, the engineer found this not to be the case. The domain for the sign-up box was not using https, he said. He used the open-source packet analyser Wireshark to confirm that the (fake) information he entered into the form was delivered in clear text back to American Express’ server. The card company, in a tweet posted May 25, said it was aware of the issue and was investigating. Source:

16. May 26, BBC – (International) German bank ‘blown up by robbers. Suspected robbers in Germany appear to have miscalculated the quantity of explosives needed to blow their way into a rural bank. The building housing the bank in the northern village of Malliss was largely destroyed by an overnight explosion. The bank’s cash machine survived intact and the suspected thieves are not thought to have made away with any money, Germany’s Welt Online reported. No one was injured, though the blast damaged nearby cars and buildings. Investigators were working on the assumption that robbers had placed their explosives, possibly made from petrol or acetylene, at the entrance to the bank, German broadcaster NDR said. The presence of a delivery van near the site of the explosion indicated that the suspected thieves may have intended to drive off with the cash dispenser, local media reported. Source:

17. May 25, Montgomery County Courier – (International) Russian Mafia funds recovered in eBay scam. Montgomery County (Texas) Sheriff’s Office (MCSO) detectives, and the district attorney’s office recovered $11,200 in an eBay scam from a bank account suspected of belonging to the Russian Mafia, officials said. The complainant in the case had ordered a tractor on eBay in February, with March 5 as the expected delivery date, according to a MCSO press release. When the equipment never arrived, the complainant contacted eBay, who informed the complainant that the transaction was fraudulent. A MCSO detective learned the transaction was part of a much larger multimillion dollar scam, with the proceeds of the transaction linked to an account that had recently been seized in a criminal investigation involving the Russian Mafia, the release stated. All documentation regarding the account was linked to stolen passports, the release stated, making it next to impossible to locate the thieves. Source:

18. May 25, Triangle Business Journal – (National) RBC Bank, Wachovia, SunTrust on Weiss list of vulnerable banks. Raleigh, North Carolina-based RBC Bank is one of 20 large U.S. banks and 11 Triangle, North Carolina-based banks considered vulnerable by Weiss Ratings, a Florida-based company that evaluates the financial strength of insurers, banks and savings and loans. A new Weiss report gives RBC Bank, the U.S. banking arm of the Royal Bank of Canada, a “D-” The bank, with $27.5 billion in assets, has been dealing with a loan portfolio weighed down by depressed real estate in Florida. Three other huge players in the Triangle banking market also are on the Weiss list of weakest banks. Atlanta-based SunTrust Banks joins RBC Bank in receiving a D- rating. Weiss gave D ratings to Bank of America, the country’s largest commercial bank but No. 5 in the Triangle, and Triangle-market leader Wachovia, a Charlotte-based bank now owned by San Francisco-based Wells Fargo & Co. All told, Weiss said, 2,259 U.S. banks and savings and loans, controlling $5.8 trillion, or 43.8 percent of the industry’s total assets, are vulnerable. Those banks are given grades ranging from D+ to D-. Source:

19. May 25, WPTV 5 West Palm Beach – (National) Gas stations protect customers from ‘skimming’. Criminals have found an easy way to make money — breaking into gas pumps and installing tiny card-skimming machines that can read credit cards. It has become such a worldwide problem, that as of this summer, credit card companies are requiring all gas station owners to purchase and install new technology to curtail the crime. “The penalties are stiff,” said a West Palm Beach, Florida Exxon owner. “If we do not upgrade, we will not get to take credit cards and that’s 90 percent of our business.” The cost is roughly $4,000 per pump. Add that to requirements for station generators and hurricane-proof pumps, and the Exxon owner fears the few little guys in the gas station business may be driven out of business. All stations are required to have the new technology by June 30. There is one exception, because of an equipment shortage, Exxon and Mobil stores, have been given an extension until December. Source:

20. May 25, KMGH 7 Denver – (Colorado) FBI: ‘Bad Hatter Bandit’ hits another bank. A woman dubbed the “Bad Hatter Bandit” for her floppy sun hats robbed a south Denver bank May 25, the FBI said. The woman is believed to be responsible for two other bank robberies in the Denver metro area, a FBI spokesman said. She was wearing a red floppy hat, a flowered pink tank top and khaki shorts when she entered the Bank of the West, 2050 S. Downing St., at about 2:08 p.m. She handed a note to a teller demanding money and implying she had a weapon, police said. The FBI Rocky Mountain Safe Streets Task Force has nicknamed the bank robber the Bad Hatter Bandit “for obvious reasons.” Source:

Information Technology

50. May 26, SC Magazine – (International) Spam and viruses see minor rises, as 9 out of 10 spam e-mails have a hyperlink or URL contained in the message. In the May 2010 Symantec MessageLabs Intelligence Report, analysis has revealed that nine out of 10 spam e-mails now contain a URL link in the message and in May, 5 percent of all domains found in spam URLs belonged to genuine Web sites. Of the most frequently used domain names contained in spam URLs, the top four belong to well-known Web sites used for social networking, blogging and file sharing and host other forms of user-generated content. The report also found that there was a minor increase by 0.3 percent of spam in e-mail traffic, while analysis of Web security activity showed that 12.4 percent of all Web-based malware intercepted was new in May, an increase of 1.5 percent since April. MessageLabs Intelligence also identified an average of 1,770 new Web sites per day harbouring malware and other potentially unwanted programs such as spyware and adware, an increase of 5.6 percent since April. Source:

51. May 25, The Register – (Nebraska) Second man jailed over Scientology DDoS attacks. A second U.S. man has been jailed over controversial denial of service attacks against the Church of Scientology two years ago. The 20-year-old suspect, of Grand Island, Nebraska, was jailed for a year and ordered to pay $20,000 in compensation to the Hubbardists at a sentencing hearing May 24, The Associated Press reports. The suspect had earlier pleaded guilty to taking part in attacks protesting Internet censorship by the church and organized under the loose banner of Anonymous. As part of an earlier plea bargaining agreement, he admitted using custom software from a message board run by Anonymous to throw useless traffic at Church of Scientology Web sites. Some sites became intermittently unavailable in January 2008 as a result of the efforts of the suspect and many others. The attacks began after the church demanded the takedown of videos featuring an actor and member of the church at an awards event. Source:

52. May 25, IDG News Service – (Massachusetts) ISP sues Google over Wi-Fi sniffing. Galaxy Internet Services, an ISP for homes and businesses in Massachusetts, has filed a class-action lawsuit against Google over the search company’s admitted blunder that it sniffed and stored data from Wi-Fi networks. Through its legal representative, Carp Law Offices, Galaxy said May 25 that Google violated U.S. federal and Massachusetts privacy laws when it captured residential and business Web activity data. Google declined to comment about the lawsuit. Earlier this month, Google disclosed that its Street View cars, which take photos for services like Google Maps, had since 2006 mistakenly collected “payload data” from Wi-Fi networks they drove by that weren’t password-protected. Galaxy filed its lawsuit on its behalf and on behalf of its customers and anyone else similarly affected in Massachusetts, and is seeking class certification. Galaxy is also requesting that Google be forbidden from destroying the Wi-Fi data it collected and that it be required to pay damages as determined by a jury, along with attorneys’ fees. Source:

53. May 25, DarkReading – (International) Default database passwords still in use. The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers said. “It’s a problem that has been around for a long, long time,” said the manager of Team SHATTER, Application Security Inc.’s research arm. “A lot of default passwords out there get installed when you deploy a database, you install an add-on to it, or even if you install a third-party application that uses the database.” As he puts it, the problem of default passwords lingering in the wild has built up during the years as a result of cumulative errors by both vendors and database administrators. In the past, the majority of vendors had no compunction about pushing out installers that automatically created default accounts to expedite the deployment of new databases, add-ons, or applications on top of the database. Users did nothing to clean up these default accounts once installation was complete. The manager said the situation on the vendor front has improved considerably in recent years, but default passwords continue to be a problem for a number of reasons. To date, AppSec’s team has collected more than 1,000 well-known default user name and password combinations used by different vendors within databases across the IT spectrum. Organizations should do a thorough check of their database accounts to ensure they are not using any of the combos on the list. Source:

54. May 25, CNET News – (International) Web hoster Media Temple shut down by attack. Media Temple, Web hosting provider for Adobe, ABC, Sony, NBC, Time, Volkswagen, and Starbucks, was hit with a sophisticated distributed denial-of-service (DDoS) attack May 25. The outage began about 3:50 p.m. Pacific Daylight Time (PDT), when Media Temple’s domain name servers were deluged by a flood of traffic coming from outside the U.S., and lasted a total of about two-and-a-half hours, according to a tech support representative at the Los Angeles-based company. “Due to the sophistication of the attack, our normal DDoS firewall prevention techniques didn’t block the attack adequately, as the traffic appears to be legitimate,” the company reported at around 5:40 p.m. PDT. The company said it had initially blocked all traffic from Asia, South America, and Mexico to reduce strain on the network, but later removed the blocks. As of 6:10 p.m. PDT the network was reported stable. “Overall, network health is normalizing, however more work must be done to mitigate the effects of this incident and prevent future occurrences,” the company said, adding that it would provide an update at 10 p.m. PDT. Source:

55. May 25, Nextgov – (International) DHS official stresses cybersecurity is industry’s responsibility. Contractors that fail to live up to security requirements in federal technology contracts should be held accountable, even if the vulnerabilities originated in products or capabilities provided by suppliers, a top Homeland Security Department (DHS) official said May 25. In most business situations, “if we have a contractual arrangement and you fail [to meet the requirements], I have legal recourse,” said the director of global cybersecurity management at DHS. “Why wouldn’t the same be true when the supply chain [is involved]? I’m buying a product from you, and you represent that it’s a product with the following characteristics. If you fail, I have a right to sue you.” The director spoke at the SecureAmericas conference in Arlington, Virginia, an event hosted by the cybersecurity provider International Information Systems Security Certification Consortium. He noted a number of examples where failures in the supply chain led to serious security implications, including a wave of hard drives infected with viruses that infiltrated the U.S. market from Asia in 2007 and a recent case in which thumb drives were shipped preinstalled with malicious software, eventually leading to the Defense Department imposing a temporary ban on the storage devices. Source:

Communications Sector

56. May 26, Associated Press – (National) AT&T digital network outage silences landlines. AT&T’s new digital home phone service failed across the country Tuesday, illustrating continuing reliability issues with Internet-based phone service. Customers of AT&T Inc.’s U-Verse Voice said their landline phones have had no dialtones since the morning. Reached by cell phone, the customers said those who call them get a message that the line has been disconnected. Support personnel are telling customers that a server crash brought down U-Verse Voice in AT&T’s entire 22-state local-phone service area. AT&T spokeswoman said the outage started at about 10:30 a.m., and service was restored to most subscribers at 2:45 p.m. She said the extent of the outage was unknown. Source:

57. May 25, Forbes – (National) Cisco aims new gear at smart grids. For more than a year, information technology giants have been talking up their readiness to power the much hyped “smart grid,” a digitally enabled upgrade to electric utilities that promises to make the world’s power supply far more flexible and efficient. On Tuesday, Cisco is finally replacing some of that hot air with hardware. The networking giant plans to release two pieces of equipment — a router and a network switch — aimed at helping utilities create better communication systems designed not only to help automate electrical substations, but someday connect “smart meters” in homes and variable sources of power like solar and wind. “The idea is that data can be interpreted and used to make the flow of electrons more productive, to make everything more efficient around the grid,” said a newly appointed chief technology officer for Smart Grid. Source:

58. May 25, Bloomberg – (International) Satellite-killing junk risks $250 billion market, TV world cup. Trash in space may bring commerce and communications on Earth to a halt unless policy makers and executives take steps to prevent satellite collisions with orbiting junk, according to a Pentagon report. Potential crashes between satellites and debris — refuse from old rockets, abandoned satellites and missile shrapnel — are threatening the $250 billion space-services market providing financial communication, global-positioning navigation, international phone connections, Google-Earth pictures, television signals and weather forecasts, the report said. Space is “increasingly congested and contested,” said the U.S. Defense Department’s interim U.S. Space Posture Review, which was sent to Congress in March and not publicly released. Scientists are warning that space collisions could set off an uncontrolled chain reaction that might make some orbits unusable for commercial or military satellites because they are too littered with debris. The February 2009 crash between a defunct Russian Cosmos satellite and an Iridium Communications Inc. satellite left 1,500 pieces of junk, each whizzing around the earth at 7.8 kilometers (4.8 miles) a second and each capable of destroying more satellites. Source:

59. May 24, ComputerWorld – (International) Owner: us cable service unhurt by rogue satellite. The owner of a satellite that transmits programming to all U.S. cable systems says it avoided interference from another, out-of-control satellite that was drifting into its path. SES World Skies says programming transmitted by its AMC 11 satellite was not affected by the Galaxy 15 satellite, which is drifting out of control thousands of miles above the Earth and had threatened to wander into AMC 11’s orbit. Galaxy 15 was expected to move into the second satellite’s orbit around May 23. SES had been weighing whether to move AMC 11 in its orbit, along with other protective measures it declined to specify. Various U.S. cable companies contacted Monday by the Associated Press, including comcast, Time Warner and cablevision Systems Corp., said they had had not experienced any disruption or outages. Source:

60. May 24, IDG News Service – (National) Democrats to launch effort to rewrite Telecom Act. Four leading Democratic lawmakers will begin a process of rewriting the 14-year-old law that is the regulatory framework for the U.S. telecommunications and broadband industries, with the group ready to hear proposals starting in June, they said Monday. The four lawmakers, all chairmen of committees or subcommittees that have jurisdiction over telecommunications and the Internet, said they will invite interested parties to participate in a series of “bipartisan, issue-focused” meetings on a rewrite of the Telecommunications Act of 1996, with the meetings starting in June. The Telecom Act was an update of the 1934 Communications Act. Source: