Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 18, 2010

Complete DHS Daily Report for June 18, 2010

Daily Report

Top Stories

• According to The Washington Post, the U.S. government accused the former chairman of one of the nation’s largest mortgage firms of a multibillion-dollar scam Wednesday, unveiling what is to date the biggest criminal case related to the crisis that nearly brought down the financial system. (See item 16 below in the Banking and Finance Sector)

• The Associated Press reports that the federal agency in charge of securing the government’s computer systems is unable to monitor the networks or analyze threats in real time, and it lacks the authority and staff necessary to do its job, according to an internal report. (See item 40)

40. June 16, Associated Press – (National) Report: US lacks staff, power to protect networks. The federal agency in charge of securing the government’s computer systems is unable to monitor the networks or analyze threats in real time, and it lacks the authority and staff it needs to do its job, according to an internal report. The U.S. Computer Emergency Readiness Team must share information about threats and trends more quickly and in greater detail with other federal departments so they can better protect themselves, the audit said. Issued Wednesday by the Homeland Security Department’s inspector general, the report lays out criticism that long has been aired by U.S. officials and outside experts who say the government’s computer systems are vulnerable to attacks, are persistently probed, and lack the needed management and security standards. In a detailed response to the report, a DHS undersecretary noted that the inspector general did not make a recommendation on how the agency could gain more enforcement authority. But, he said the agency agrees that giving DHS more formal authority would be helpful. Source:


Banking and Finance Sector

16. June 17, The Washington Post – (National) U.S. government accuses former mortgage executive of multibillion-dollar scam. The U.S. government accused the former chairman of one of the nation’s largest mortgage firms of a multibillion-dollar scam Wednesday, unveiling what is to date the biggest criminal case related to the crisis that nearly brought down the financial system. The Justice Department accused the former chairman of Taylor, Bean & Whitaker of committing a $1.9-billion fraud against investors and the federal government that led to the demise of his firm, and one of the nation’s largest regional banks, Colonial Bank in Alabama. But beyond the indictment, federal officials described an even wider scheme, and they said the collateral damage to federal agencies has only begun to be tallied. The suspect allegedly hid how sick it had become, enabling the firm to fraudulently meet government conditions and become one of the largest business partners of the Federal Housing Administration and Ginnie Mae, federal agencies that cover losses suffered by mortgage lenders and their financiers. Federal officials said the scheme caused the two agencies’ largest losses ever, totaling at least $3 billion. The officials warned that the final figure could be higher. The suspect’s activities could also prove costly to Freddie Mac, which helps finance mortgage lending. Freddie Mac officials have said they could face losses on more than $1 billion in assets that are at risk because of the Taylor Bean and Colonial failures, but they have yet to clarify the ultimate cost. Meanwhile, the Federal Deposit Insurance Corp. paid out $4 billion from its insurance fund to cover the collapse of Colonial. Source:

17. June 17, Virginian Pilot – (Virginia) Va. Beach man charged with smuggling holograms. A Virginia Beach man faces an 18-count federal indictment charging him with trying to smuggle hundreds of credit card holograms into the country from the Middle East. The 26-year-old suspect was arraigned June 17 in U.S. district court. He pleaded not guilty to the charges and a magistrate judge set an August 17 trial date. Agents with U.S. Immigration and Customs Enforcement arrested the suspect April 19 when he tried to retrieve a package containing the holograms, which had arrived from the United Arab Emirates city of Dubai, according to a court affidavit filed by the arresting agent. He apparently realized the move would be risky: “I knew I should have waited a week to pick it up,” he told an ICE agent according to the affidavit. Holograms can be used as a security device placed on credit and debit cards to prevent duplication. Source:

18. June 17, Help Net Security – (International) Financial services firms hesitant to adopt cloud computing. Today’s financial services firms are avoiding popular IT infrastructure investments such as cloud computing, in large part due to data security and transparency concerns, according to a survey of 82 of the world’s largest banks, investment houses and insurance companies by LogLogic. The survey, which sought to uncover the top information technology and security priorities for today’s financial services companies, found that essential IT functions, such as security and compliance, continue to be the top concern for IT departments industry-wide. While the financial services market has traditionally been a leader in adopting cutting-edge information technology, few financial services companies said that they have plans to invest in new technologies, like cloud computing, this year. In particular, the survey found that: 34 percent of respondents believe that cloud computing is not strategic to their company, while 26 percent of respondents believe their company is risk-averse to cloud computing; 58 percent of respondents only plan to invest in essential IT functions, such as security and compliance; and finally, more than 75 percent of respondents are concerned about increasing government regulation. Source:

19. June 17, NBC 4 New York – (New York) FBI: Massive NY mortgage fraud round-up underway. The FBI is fanning out across New York City to arrest dozens of people linked to mortgage-fraud scams. Numerous mortgage brokers, real estate agents and lawyers are believed to be among those being taken into custody. The investigation — dubbed “Operation Stolen Dreams” - coincides with a recent nationwide crackdown on mortgage-fraud suspects with results expected to be announced by a U.S. attorney in Washington June 17. A U.S. attorney, and other New York law enforcement officials are also expected to announce dozens of arrests at a news conference. And the U.S. attorney in Connecticut is expected to announce criminal charges resulting from three, separate mortgage-fraud investigations there. These arrests come one day after FBI agents in New Jersey arrested dozens of people there on similar mortgage-fraud related charges. In New York, many of the arrests and FBI searches are taking place in numerous Queens neighborhoods that were hit hard by the mortgage meltdown. Source:

20. June 17, Detroit News – (Michigan) Mortgage fraud ring hit $100M, FBI says. Federal prosecutors in Detroit said a local crime ring ran a mortgage-fraud scheme that cost lenders more than $100 million, and was used to fund a lifestyle that included hot rod cars, international travel, palatial homes — even a helicopter. A Fenton, Michigan man and six others were accused June 16 of playing a role in a scheme that in four years involved 500 fraudulent loans, and roughly 180 homes in the region. “This is the largest mortgage fraud we have seen in terms of the number of properties that were involved and the money that was stolen,” a U.S. attorney said in a statement. A 43-year-old suspect was identified as the leader of the group accused of arranging approximately 500 fraudulent sales and loans, with more than 300 involving properties that never changed hands. In other cases, the group hired “straw buyers” to purchase homes and secure the loans, according to a criminal complaint filed Wednesday by the U.S. attorney’s office in Detroit. The case is one of dozens that local prosecutors have handled — and is likely one of many to come, said a California-based expert on mortgage fraud. The expert said the fraud, rooted in the relaxation of lending standards, can be blamed on the mortgage industry and Wall Street, which packaged the loans for investors. Source:$100M--FBI-says

21. June 17, The New New Internet – (International) Paraguyan government website hosts phishing data. Phishing gangs are growing increasingly bold, evinced by researchers finding phishing data on a Web site owned by the Paraguayan government. Sunbelt researchers discovered that a Web site belonging to the Paraguayan government is hosting data on banks and insurance companies in the United Kingdom gathered through phishing attacks. The researchers have notified the Web site owners regarding the data cache. Typically, researchers will sit on the data and try to learn more information about the cyber criminals. Hosting stolen data on another server is considerably safer for cyber criminals, and operates similar to a “slick” used by spies. The data remains accessible but if anyone stumbles upon the data, the police are unable to arrest the criminals. Source:

22. June 16, The Register – (International) Eastern European banks under attack by next-gen crime app. Banks in Russia and Ukraine are under continued siege by criminal gangs wielding a sophisticated, next-generation exploitation kit that hacks the financial institutions’ authentication system and then hits it with a denial-of-service attack. The attacks are being carried out with the help of a top-to-bottom revision of BlackEnergy, a popular hack-by-numbers toolkit that until recently was used primarily to launch DDoS, or distributed denial-of-service, attacks. Eastern European criminal gangs are using the expanded capabilities of BlackEnergy 2 to siphon funds out of electronic bank accounts and then assault the financial institutions with more data than they can handle, said a researcher with security firm SecureWorks’ Counter Threat Unit. The attacks, which also use a BlackEnergy 2 module to bypass a Java-based application the banks use to authenticate customers online, began near the end of 2009. They show no signs of letting up, said the researcher who observed the same modus operandi recently. Source:

Information Technology

46. June 17, Sophos – (International) Romance and Skype deliveries plundered by spammers. The spam campaign that a SophosLabs researcher has blogged about for the last few days has morphed again, adopting a range of new disguises. The most prevalent messages SophosLabs is intercepting claim to come from Skype with the subject line “We’ve delivered your purchase” and have an attached file called (rather unimaginatively) file.html. Opening the attached file, which Sophos detects as JS/Redir-BO, redirects the browser to a Canadian pharmacy Web site selling online drugs such as Viagra and Cialis. As in the previous examples of the attack, there is no text in the message body. It’s not just the Skype disguise, however that is problematic. SophosLabs is also seeing many other subject lines with the filename photo.html. Again, Sophos detects the file as JS/Redir-BO. The spam campaign is now using a file attachment called open.html, which Sophos still detects as JS/Redir-BO. Source:

47. June 17, SC Magazine – (International) Pornographic sites now account for more than a third of websites, as incidents of cyber squatting persist. Adult-oriented Web sites now account for over a third of sites on the Internet. A report by Optenet found that Web sites related to online role-playing games have grown by 212 percent, while Web sites that contain violence, terrorism content and illegal drugs purchase have also increased. From the perspective of Web sites being hijacked and hosting such content, the chief marketing officer of MarkMonitor claimed that the company had seen a surge of events where credentials have been compromised and a domain name had been hijacked. He said: “We have seen it from pornography to malware, and most notably in Puerto Rico and in New Zealand where Web sites had issues with the registry being defaced. It is a security issue, but it is odd as all types of security measures are in place. It costs hundreds of dollars to deploy security, so it is strange that registrants are not working with registrars to stop this.” Asked how long a typical “cyber squatting” action could last for, the chief marketing officer said that MarkMonitor does have a measure of actions, and had found 250,000 instances that lasted for months. Source:

For another story, see item 50 below in the Communications Sector

Communications Sector

48. June 17, WNEM 5 Saginaw – (Michigan) Area phone line problem disables 911 services. A phone line problem in Lapeer County, Michigan caused outages with 911 services June 17. According to Central Dispatch, anyone living in the Dryden, Almont and Metamora areas were not able place a 911 call from a land line. The outage affected residents with exchange numbers 678, 798 and 796. Dispatchers said the problem is though Verizon. The phone company has crews working to repair the problem. Source:

49. June 17, IDG News Service – (National) High-speed Internet rules might prove costly. Proposed regulation of high-speed Internet service providers by the U.S. government could cost the economy at least $62 billion annually over the next five years and eliminate 502,000 jobs, according to a study released by New York Law School. The report estimates that broadband providers and related industries may cut their investments by 10 percent to 30 percent from 2010 to 2015 in response to additional regulation. At 30 percent, the economy might sustain an $80-billion hit, according to the director of the law school’s Advanced Communications Law & Policy Institute, which released the report June 16. “There will be follow-on effects in the whole ecosystem,” said the president of technology researcher Entropy Economics in Zionsville, Ind., who co-authored the study with the director. “A diminution of investment by the big infrastructure companies will reduce network capacity, new services, and investment by all the ecosystem companies,” such as application providers and device manufacturers, he said in an interview. Source:

50. June 17, Infoworld – (International) iPad hack not so harmless. The hack of iPad user info on the AT&T site may be much worse than an embarrassment, according to a security researcher who specializes in mobile devices. On his blog, the IOActive researcher said the Integrated Circuit Card IDs (ICCIDs) exposed in the iPad attacks are intended to be public. But he noted that hackers could exploit lax security in other areas of AT&T’s GSM network and, using the e-mail addresses exposed in the attacks, attack iPad accounts and gain access to sensitive information. According to the researcher, the problem is with the way AT&T (and other carriers, potentially) use the public ICCID values to generate non-public device IDs. In particular, he claims that the public ICCID is used to calculate an identifier known as the IMSI, a unique number used to authenticate a phone to a GSM network when that device first starts up. Rather than storing IMSI’s exclusively in a secure and centralized database, AT&T has decentralized IMSI generation — basically allowing retail outlets and others who are responsible for onboarding new mobile devices to calculate it on the fly, given the ICCID. That’s a decision, according to the researcher, that opens up AT&T customers and the 100,000 or so high-visibility iPad users to a number of potential — though at this point hypothetical — attacks. Source:

51. June 16, IDG News Service – (National) FCC eyes first step toward broadband regulation. The U.S. Federal Communications Commission (FCC) is scheduled to vote on the first step toward reclassifying broadband as a regulated, common-carrier service, despite objections from many U.S. lawmakers and broadband providers. The FCC was scheduled to vote June 17 on a notice of inquiry on new legal frameworks for enforcing network neutrality rules, redirecting telephone subsidies to broadband, and implementing other parts of the agency’s national broadband plan. In a notice of inquiry, or NOI, the FCC seeks public comment on a topic. NOIs often lead to FCC rulemaking proceedings. The NOI follows a U.S. appeals court decision in April stating the FCC did not have the authority to enforce informal net neutrality rules in a case involving Comcast’s throttling of some peer-to-peer traffic.The FCC Chairman has suggested that the appeals court ruling means the FCC has little authority to regulate broadband, and reclassifying broadband from a largely unregulated information service to a regulated common-carrier service would restore some of the agency’s authority. Under the chairman’s plan, the FCC would forbear from applying most of the common-carrier regulations under Title II of the Telecommunications Act to broadband. The main goals would be to create net neutrality rules prohibiting broadband providers from selectively blocking Web content, to reform the Universal Service Fund that now subsidizes telephone service in poor and rural areas, and to require broadband providers to give customers more information about the speeds and quality of service they receive, the chairman has said. Source:

52. June 16, eWeek – (International) Twitter warns of more outages amid World Cup excitement. The Twitter outages that have plagued the microblog service for hours at a time could last into July, as Twitter engineers have discovered more issues that could trigger inadvertent downtime, the company said June 15. The worst Web services outage was due to a failure in timeline caching. Twitter said it may perform maintenance on the site over the next two weeks, with advance notice, and not during World Cup games. Twitter has suffered roughly 5 hours of downtime in June thus far. People have not seen the famous Fail Whale so much since October 2009, when Twitter went kaput for 5 hours and 16 minutes, according to Pingdom. Source:

53. June 15, Associated Press – (National) AT&T ends test of data limits for DSL subscribers. AT&T Inc. recently imposed limits on the data consumption of its customers with smart phones, but it has ended a test of such limits for home Internet connections. The phone company confirmed Tuesday that it is no longer holding DSL subscribers in Reno, Nevada, and Beaumont, Texas, to data-consumption limits and charging them extra if they go over. With AT&T’s retreat, no major Internet service provider is championing the idea of charging subscribers for their data usage. Time Warner Cable Inc. was a major proponent of the idea and also conducted a trial in Beaumont, but backed away last summer after its plan to expand metered billing to other cities met fierce resistance from consumers and legislators. AT&T’s trial started in November 2008 in Reno, and was later extended to Beaumont. It ended April 1 this year, said an AT&T spokeswoman. The end of the trial was reported this week by the blog Stop The Cap. At the start of the test, Dallas-based AT&T limited traffic to 20 gigabytes per month for users of its slowest DSL service. The limit increased with the speed of the plan, up to 150 gigabytes per month. Those who exceeded the limit paid $1 per gigabyte. In practice, e-mail and Web use did not take subscribers close to the limits, but online video services, videoconferencing and game downloads could. AT&T and Time Warner Cable said the caps were a way to curb “bandwidth hogs” — subscribers who consume an inordinate amount of data, slowing down service for other subscribers. Time Warner Cable set much lower initial limits than AT&T in its trial, starting at 5 gigabytes per month. Source: