Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, June 10, 2010

Complete DHS Daily Report for June 10, 2010

Daily Report

Top Stories

• According to The Associated Press, General Motors said Tuesday it was recalling about 1.5 million vehicles worldwide to address a problem with a heated windshield wiper fluid system that could lead to a fire, its second recall over the issue in two years. The recall affects several pickup trucks, sport utility vehicles, crossovers and passenger car models from the 2006 to 2009 model years. (See item 14)

14. June 8, Associated Press – (International) GM recalling 1.5M vehicles over fire concerns. General Motors said Tuesday it was recalling about 1.5 million vehicles worldwide to address a problem with a heated windshield wiper fluid system that could lead to a fire, its second recall over the issue in two years. The recall affects several pickup trucks, sport utility vehicles, crossovers and passenger car models from the 2006 to 2009 model years. GM conducted a similar recall in 2008 but came across new reports of fires in vehicles that had been fixed. GM said it would disable the heated washer fluid system module that could lead to fires. The Detroit automaker will pay owners and those leasing vehicles $100 each since the feature is being disabled. GM said it was aware of five fires but there had been no injuries or crashes reported. Nearly 1.4 million vehicles are in the U.S. and more than 100,000 vehicles are in Canada, Mexico and other international markets. Source:

• In its largest patch push so far this year, Microsoft June 8 released 10 security updates to fix at least 34 security vulnerabilities in its Windows operating system and software designed to run on top of it, reports Krebs on Security. Separately, Apple has shipped another version of Safari for both Mac and Windows PCs that plugs some four dozen security holes in the Web browser. (See item 60 below in the Information Technology Sector)


Banking and Finance Sector

17. June 9, SC Magazine – (International) Financial institutions increase security spending, as threats and regulatory penalties rise. Financial institutions are investing heavily in information security in light of a growing number of threats and increased regulatory pressure. Deloitte’s 2010 Financial Services Global Security Study found that the security practices of global financial institutions are focusing primarily on identity and access management tools (IAM) and data loss prevention. Accordingly, security budgets have been boosted, with 70 percent of U.K. financial institutions having increased their information security budgets over the past 12 months, compared with 56 percent globally. The head of Deloitte’s security practice said: “Financial institutions are facing a battle on two fronts in their efforts to protect consumers’ financial assets and data. The threat landscape has evolved; on one side they are tackling the growing sophistication of targeted attacks by criminal gangs and on the other recognizing the increasingly expensive secure perimeter is no protection from internal threats. Our findings demonstrate that financial organizations are less confident about their ability to protect themselves from internal attacks than external threats. It is vital that companies are vigilant in protecting their data assets placing appropriate emphasis on monitoring internally as much as spending ever more at the perimeter. This includes recognizing that implementing checks and measures to reduce the potential impact of human error is key.” Source:

18. June 9, The Wall Sreet Journal – (National) FBI uses terror-probe tactics on fraud. Federal Bureau of Investigation officials in New York are increasingly employing tools and techniques used to hunt terrorists to take aim at a different kind of criminal: white-collar con artists and inside traders. At a time when the public has grown suspicious of Wall Street and lost confidence in the government’s ability to police it, investigators say they are expanding a number of methods, including the use of human sources, so-called tripwire programs, and internal intelligence reports, to try to get a better handle on crimes in the marketplace. The FBI special agent in charge who is head of the New York field office’s intelligence division, said he is trying to change what he says is the culture of silence on Wall Street along with the culture of investigative work in his office. To get a better sense of Ponzi schemes and other crimes, the FBI has created a system of internal intelligence reports on ongoing investigations into financial crimes. The contents of the reports, called domain intelligence notes, can give early warning to agents not involved in the investigation about new frauds that have been uncovered. Source:

19. June 9, Courthouse News Service – (National) Non-FDIC insured banks to get signs in windows. The Federal Trade Commission (FTC) will be letting consumers know which banks lack federal deposit insurance by placing placards in windows, and by other means, beginning July 6. This is to enforce mandatory disclosure requirements, which apply to only a few state-chartered banks and savings associations, including most banks in Puerto Rico, which are insured by the territorial government. The FTC also will monitor the inclusion of notices of non-insured status in periodic statements sent to account holders, in all forms of advertising and in all contracts and authorization documents issued to customers by banks whose deposits are not insured by the Federal Deposit Insurance Corporation. Source:

20. June 9, The Wall Sreet Journal – (New York) $217,000 ‘Skimmed’ from ATMs. ”Cloned” debit cards have been used to steal more than $200,000 from Long Island banks between April and the end of May, police said. The scam involves the use of a device known as a “skimmer” or a “parasite,” a piece of equipment made to look exactly like an ATM’s bank-card reader. The skimmer is slipped over the ATM’s regular card slot, and when a legitimate customer slides in a bank card the device records the customer’s banking information, even while allowing the transaction to be conducted. The suspects were able to re-encode the pilfered debit-card information onto the magnetic strips of blank gift cards. The head of the Suffolk County Police’s Identity Theft Unit said it appears the bank-card information was stolen in February and March, but was not used until April and May. He said the thefts occurred at four Bank of America branches in Suffolk County, but he declined to identify them, citing the ongoing investigation. He said Bank of America, which reimburses its customers for fraudulent withdrawals, has pegged its loss so far at $217,000. He estimated that between 100 and 200 accounts may have been cloned. Source:

21. June 8, San Jose Mercury News – (California) Antioch bank teller sentenced to five years for armed robbery scheme. A bank teller was sentenced in federal court Tuesday for his role in an armed takeover of an Antioch, California credit union. The 21-year-old suspect of Pittsburg, California was sentenced to five years in prison, and ordered to pay nearly $37,000, for conspiring in a bank robbery at the Metro 1 Credit Union in 2009. He was found guilty on three charges related to the robbery plot earlier this year. Authorities said the suspect pretended to be a hostage while helping to orchestrate the February 25, 2009, robbery at the Metro 1 on Lone Tree Way, modeling the plan after a takeover robbery he witnessed the previous year. He used his inside knowledge of the bank’s layout and security procedures to facilitate the robbery, according to the news release. Source:

22. June 8, WTTG 5 Washington, D.C. – (Maryland) ATM skimming thieves hit banks in Waldorf. Over the last several weeks, thieves have been targeting ATMs in Waldorf, Maryland where they have made off with thousands of dollars in cash. “At nighttime, late night hours or over the weekend, they will place these skimming devices on the ATM and just let them operate for a few hours,” said a spokesperson for the Charles County Sheriff’s Office. “They’ll get enough information to go and deplete several customer accounts.” Twice in May and once in April, the thieves attached devices onto ATMs at two Bank of America branches in Waldorf as well as a BB&T bank on Leonardtown Road. Investigators have obtained surveillance photos of a man believed to be involved in the scheme. Source:

23. June 7, The H Security – (International) Skimming from the sofa. Skimming devices attached to cash machines to read users’ card details increasingly return their data to the criminals via SMS text messages. The devices copy the magnetic strip of cash point and credit cards at the card slot and spy on PINs via keyboard attachments or mini cameras. The data is subsequently used by the skimmers to withdraw money from users’ accounts. More details on this method of attack can be found in The H Security article “Manipulated ATMs - Attack of the card cloners.” The new generation of skimming devices no longer store the data over a period of time for later collection, but transmit it via SMS directly to the criminals, allowing them to clone card details from the comfort of their own living room. The risk of getting caught is reduced by 50 percent because criminals no longer need to retrieve the skimming device to read out the data. The only time a perpetrator needs to go to the cash machine is to mount the device. This method isn’t entirely new, of course, as some skimming devices have transmitted their data via short-distance radio for quite a while. However, with a radio link, the criminals need to keep their receivers within range of the device. Source:

Information Technology

57. June 9, The New New Internet – (International) Vietnam accused of cyber attacking bloggers. The Vietnamese government is being accused of conducting cyber attacks to bring down the Web sites of independent bloggers, as well as arresting some of the dissidents. Human Rights Watch (HRW) recently listed a series of arrests and police harassment of Web dissidents since mid-April. The organization alleges the Vietnamese government masterminded a series of malware and distributed denial-of-service attacks on alternative political Web sites over the past year. HRW said police beat one Internet dissident while interrogating her April 28. Another blogger discovered his Internet and phone lines were cut off May 8, following a written order from authorities in his hometown, accusing him of spreading “anti-government” information. In April, McAfee and Google said they had traced a series of cyber attacks on Vietnamese-language political Web sites to IP addresses inside Vietnam. HRW said two foreign Vietnamese-language Web sites hit by hundreds of DDoS attacks had traced them to an IP address belonging to a government-owned telecommunications company under the Ministry of Defense. Source:

58. June 9, Help Net Security – (National) Cyberattacks still top security priority. USIS released a study that identified key issues facing government and industry security personnel and identified a key issue in terms of security vendor structure and organization. USIS surveyed more than 250 government and industry leaders in the safety, security, and law enforcement market. Survey respondents were asked to rate the top threats to U.S. national security. Cyberattacks ranked the highest, followed by terrorist activity. Tied for third place were insider threats and information security breaches. The survey also asked participants about their most important security business imperatives. Cybersecurity topped this list at 84 percent, followed by physical security and infrastructure protection at 74 percent, and then risk management planning at 73 percent. A key finding of the survey showed that organizations with one vendor in place (rather than multiple vendors) to manage, install, maintain, and monitor security did a better job at securing the organization’s infrastructure. The survey revealed that 62 percent of those with one vendor in place were able to use the data available to monitor and manage threats “very well.” The majority (74 percent) of those who had one vendor in place to manage the installation, maintenance and monitoring of security said that they monitored security either “very well” or “perfectly.” Source:

59. June 9, SC Magazine – (International) Adobe to release emergency patch for Flash tomorrow, while Reader and Acrobat remain exposed until the end of this month. Adobe has said that it will issue a patch for the Flash Player vulnerability by tomorrow. In an update, the product security program manager at Adobe said that the company had updated the security advisory posted on June 4 to include the planned schedule for a patch to resolve CVE-2010-1297, and that it plans to make available an update for Flash Player 10.x for Windows, Macintosh and Linux by June 10. However, a date for Flash Player 10 for Solaris is still to be determined, and Adobe is expected to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and Unix by June 29. The company previously warned of a critical vulnerability in Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems. It said that the vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player, Adobe Reader and Adobe Acrobat. Source:

60. June 8, Krebs on Security – (International) Microsoft, Apple ship big security updates. In its largest patch push so far this year, Microsoft today released 10 security updates to fix at least 34 security vulnerabilities in its Windows operating system and software designed to run on top of it. Separately, Apple has shipped another version of Safari for both Mac and Windows PCs that plugs some four dozen security holes in the Web browser. Microsoft assigned three of the updates covering seven vulnerabilities a “critical” rating, meaning they can be exploited to help attackers break into vulnerable systems with no help from users. At least 14 of the flaws fixed in this month’s patch batch are in Microsoft Excel, and another eight relate to Windows and Internet Explorer (IE). According to Microsoft, the most serious of the bugs involves a weakness in the way Windows handles certain media formats, and is present in all supported versions of Windows. Another critical update nixes six different insecure ActiveX controls (plug-ins for Internet Explorer), while the third critical update corrects at least a half dozen vulnerabilities in IE. Microsoft notes that Office XP users may not be able to install one of the needed updates; Rather, Redmond is releasing what it calls a “shim,” or essentially and point-and-click “FixIt” tool that apparently does the job. Users of Office XP, should go ahead and click the “FitIt” icon at this link when done installing the rest of the updates. Source:

61. June 8, IDG News Services – (National) After Google hack, warnings pop up in SEC filings. Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property. In the past few months Google, Intel, Symantec and Northrop Grumman — all companies thought to have been targets of a widespread spying operation — have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks. Google does not talk about the specific attack against its systems, but it now warns shareholders that this type of event is a material risk. “[O]utside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our data or our users’ or customers’ data,” Google wrote in a section added to its annual financial report in February, a month after it disclosed the hacking incident. Google warned that it could lose customers following a breach, as users question the effectiveness of its security. Google’s admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT). Source:

62. June 8, The Register – (International) Safari purged of decade-old browser history leak. Apple Safari has become the first major browser to be purged of one of the Web’s longest-running privacy defects: The ability for any site owner to effortlessly steal a complete copy of one’s recent browsing history. This leak is as old as the World Wide Web itself, and it afflicted every major browser – until now. Starting with versions released June 7, Safari no longer coughs up the list of Web sites a user has visited. According to the results of more than 271,000 visits captured in a recent study, the vast majority of people browsing the Web are vulnerable to attacks that expose detailed information about their viewing habits, including news articles they have read and the zip codes they have entered into online forms. The proportion was even higher for those using Safari and Chrome and among browsers that turned off JavaScript. The history leak is the result of the same CSS, or cascading style sheet, technology that causes a browser to display links that have been visited in a different color than addresses that have not been visited. It also allows Webmasters to customize content and user interfaces on their sites based on the links individual users regularly visit. Browser makers have long been aware that it can reveal potentially sensitive Web sites users visit, but have been reluctant to patch the hole for fear it will remove functionality people have come to depend on. In April, Mozilla said it planned to fix the browser history leakage in an upcoming version of Firefox. While recent beta versions of the browser have the feature turned on, the latest production version remains wide open. Chrome and Internet Explorer are also vulnerable. Source:

63. June 7, IDG News Service – (International) Researchers: Poor password practices hurt security for all. A large-scale study of password-protected Web sites revealed a lack of standards across the industry that harms end-user security, according to two researchers working at the University of Cambridge in England. In particular, the weak implementations of password-based authentication at lower-security sites compromises the protections offered at higher-security sites because individuals often re-use passwords, the two researchers asserted in a paper presented at the Workshop on the Economics of Information Security in Cambridge, Massachusetts June 7. Attackers can use low-security Web sites such as news outlets to figure out passwords associated with certain e-mail addresses, and then use those passwords to access accounts at higher-security sites such as e-commerce vendors, one of the researchers said. In an effort that the researchers said is the largest empirical investigation into password implementations to date, they collected data from 150 Web sites and found widespread “questionable design choices, inconsistencies, and indisputable mistakes,” according to the researchers. The researchers seemed disinclined to blame users for re-using passwords or making them easy to guess, arguing that most users have too many online accounts to manage them all securely. The large majority — 78 percent — of sites examined failed to provide users with feedback or advice on choosing a strong password. Only five sites let the user register password hints, a strategy that encourages users to come up with stronger passwords. Just seven sites required users to mix numbers and letters, and only two demanded passwords include non-alphanumeric characters as well. Source:

Communications Sector

64. June 9, McClatchy Tribune information Services – (Colorado; Wyoming) Verizon apologizes a second time: More glitches at Aurora switching center cited for latest outage. Verizon Wireless issued an apology and noted customers may qualify for a partial billing credit after a second major service outage in six weeks in Pueblo and other parts of Colorado and Wyoming. As of Tuesday morning, the service disruptions that began Monday were ending in Pueblo but continued in Grand Junction and some other cities. A hardware malfunction at an Alamosa switching station caused the outages. The center serves areas of the state away from Denver, Colorado Springs and Fort Collins. In April, the same switching center was the site of another malfunction — in that instance, a software problem — that led to an 11-hour outage. Source:

65. June 8, IDG News – (International) Africa to get broadband boost with new cable. A consortium of 20 members have joined forces to build a submarine cable that will link Cape Town in South Africa to Penmarch in France. The 17,000 kilometer long fiber optic cable — which has been named the Africa Coast to Europe (ACE) submarine cable — will be operational in the first half of 2012 and connect 23 countries, either directly in the case of coastal countries or indirectly for inland countries. The cost for building the ACE cable will be about $700 million. When the cable becomes operational, it will be the first time several of these countries, including Mauritania, Gambia, Guinea, Sierra Leone and Liberia, will get Internet access via an optical cable. Today, they have to rely on satellite access, according to a spokesman at Alcatel-Lucent, which has been awarded the task of building ACE. The cable will be based on DWDM (Dense Wavelength-Division Multiplexing) technology, which sends multiple channels of data over one fiber using different different wavelengths of light. ACE will be able to carry up to 5.12T bps (bits per second) over two fiber pairs using current technology, according to Alcatel-Lucent. Since plans to build the cable was first announced in December 2008, the ACE project has grown and as a consequence been delayed. The original length was 12,000 kilometers and the cable was supposed to be done by 2011. In July, a study of of the sea floor will commence and the manufacturing of the cable will start. Source:

66. June 8, The Starkville Dispatch – (National) WCBI signal down outside Lowndes. Columbus, Mississippi-based WCBI-TV is off the air while the station resolves a technical problem with the station’s transmitter. A transmitter line has been damaged, and the station’s engineering staff is working to repair it. Meanwhile, WCBI does have a signal going out, and viewers in Lowndes County are able to watch the station through cable TV. Engineers are working to expand the signal to reach the Tupelo and Starkville market areas until the transmitter line is rebuilt. There was no timeline offered by WCBI for correcting the problem. Source: