Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 28, 2010

Complete DHS Daily Report for July 28, 2010

Daily Report

Top Stories

• According to the Associated Press, officials say 840,000 gallons of oil has leaked from a pipeline into a creek that flows into the Kalamazoo River in southwest Michigan, threatening wildlife and introducing a pungent odor to the area. The general manager for Enbridge Liquids Pipelines says a malfunction caused the leak July 26. (See item 1)

1. July 27, Associated Press – (Michigan) Wildlife soaked in oil, odor spreads after pipeline leaks 840K gallons into Kalamazoo River. Officials say 840,000 gallons of oil has leaked from a pipeline into a creek that flows into the Kalamazoo River in southwest Michigan, threatening wildlife and introducing a pungent odor to the area. The general manager for Enbridge Liquids Pipelines says a malfunction caused the leak in the 30-inch pipeline July 26. Houston-based Enbridge and the Calhoun County Sheriff’s Office of Emergency Management say the pipeline pumps were shut down as soon as the leak was discovered. The pipeline carries about 8 million gallons of oil a day from Griffith, Indiana to Sarnia, Ontario. The oil spilled into Talmadge Creek, which flows northwest into the Kalamazoo River. Source: http://www.latimes.com/business/nationworld/wire/sns-ap-us-michigan-river-oil-spill,0,1712391.story


• The Associated Press reports that twenty-five vessels were backed up on the Mississippi River July 27 at midday, 13 hours after a barge collision and chemical spill closed a stretch north of Memphis. Three tugboat workers were hospitalized as a precaution. (See item 5)

5. July 27, Associated Press – (Tennessee) Barge collision closes Mississippi, 3 hospitalized. Twenty-five vessels were backed up on the Mississippi River July 27 at midday, 13 hours after a chemical spill closed a stretch north of Memphis. A barge collision at about 9 p.m. July 26 spilled the chemical acrylonitrile. Three tugboat workers were hospitalized as a precaution, and the river was closed at 10:22 p.m. A U.S. Coast Guard petty officer said a lightering vessel that could offload the remaining acrylonitrile from the damaged barge was on the way but would not arrive until July 28. According to the Agency for Toxic Substances and Disease Registry Web site, acrylonitrile is a man-made, colorless, liquid chemical with a sharp onion- or garlic-like odor. It can be dissolved in water and evaporates quickly. The accident happened near the line between Tipton and Lauderdale counties on the Tennessee side and about 8 miles south of Osceola on the Arkansas side. Source: http://www.volunteertv.com/home/headlines/99331939.html

Details

Banking and Finance Sector

17. July 27, eWeek – (International) Citi, Apple disclose iPhone app security flaw. Banking giant Citigroup and iPhone maker Apple are encouraging users who downloaded Citi’s banking application for the smartphone to upgrade to a new version after a security flaw was discovered in the application. The flaw accidentally saves personal information, including access codes, bill payment information and even bank account numbers, onto the iPhone or any computer it has been synchronized with. The Wall Street Journal reported approximately 117,600 customers has been affected by the flaw since the app was launched in Apple’s App Store in March 2009, although the paper’s unnamed source said no personal data was exposed. The paper also interviewed the CEO of mobile security specialist Lookout who warned that hackers could exploit flaws in banking applications in order to retrieve, and then exploit, personal information downloaded by the app. Many consumers, who may download multiple apps casually, may not be aware to what level of risk they are exposed, he said. Source: http://www.eweek.com/c/a/Midmarket/Citi-Apple-Disclose-iPhone-App-Security-Flaw-440879/


18. July 27, SpamfighterNews – (National) Star USA Federal Credit Union cautions members about phishing e-mail scam. The Star USA Federal Credit Union (FCU) has asked its members to be careful of a phishing scam presently circulating on Web. The scam claims to have come from the Credit Union. One of the fake e-mails cited on the official site of Star USA FCU is addressed to the card holder of Star USA FCU. The e-mail informs the recipient that he has got one new confidential message. Further, the mail asks the recipient to follow the attached web link to resolve the trouble or respond to the mail. To appear reliable, the mail tells the recipient that it apologizes for any problem this may cause and values recipient’s help in assisting them to maintain the honor of the entire Credit Union. The e-mail thanks the recipient for his kind attention to the matter. Besides the above phishing e-mail, the Credit Union authorities state that other bogus e-mails might make some important plea by highlighting that, for example, the account would be blocked without private information confirmation. The FCU consists of Buffalo, Charleston, St. Albans, Huntington, Beckley and Teays valley as its branches located in the USA. Source: http://www.spamfighter.com/News-14812-Star-USA-Federal-Credit-Union-Cautions-Members-About-Phishing-E-mail-Scam.htm


19. July 26, Long Island Press – (New York) Man armed with fake bomb robs West Babylon bank. A man wearing what appeared to be an explosive device strapped to his body walked into a Chase Bank branch in West Babylon, New York early July 26 and demanded cash. The robber was given cash and fled through the back door. He was last seen on foot headed east toward Hubbards Path. The suspect was described as a white man between 50 and 60 years old, 5 feet 10 inches to 6 feet tall with a thin to medium build. He was clean-shaven with short, graying hair. He was wearing a pinstriped suit jacket, which was recovered at the scene. The robber discarded the device behind the shopping center where the bank is located. Emergency Service Section officers responded and determined the device was not a real bomb. Source: http://www.longislandpress.com/2010/07/26/man-armed-with-fake-bomb-robs-west-babylon-bank/


20. July 26, KTLA 5 Los Angeles – (California) ‘Ho Hum Bandit’ hits 9th SoCal bank. The “Ho Hum Bandit” latest robbery was reported at 9:22 a.m. July 24 at 310 Genneyre Street, according to the Laguna Beach Police department. This is the ninth robbery attributed to the suspect. The “Ho Hum Bandit”, named for his unassuming manner, is described as caucasian in his 30s, 5 feet 9 inches tall with a medium build. He was wearing blue jeans and a light colored shirt. He walked up to a teller and handed her a note demanding money, according to police. The “Ho Hum Bandit” is believed to be responsible for five robberies in San Diego and four in Orange County. He robbed the same Orange County Citibank on East Coast Highway in Newport Beach July 22 and earlier on June 11th, according to FBI officials. In all of the robberies, the suspect hands the teller a note and demands money. He has already escaped with thousands of dollars in cash, although no specific amount has been released by the FBI. Source: http://www.latimes.com/ktla-ho-hum-bandit-strikes-again,0,6275559.story


21. July 26, United Press International – (International) Australian hacker pleads guilty. A young Australian computer hacker admitted in court July 26 that he infected more than 3,000 computers worldwide in a scheme to grab personal financial information. He pleaded guilty to seven counts in District Court in Adelaide, the Australian Broadcasting Corp. reported. Police alleged his software virus had the potential to infect up to 74,000 computers and was designed to capture banking details and credit card information. Source: http://www.upi.com/Top_News/International/2010/07/26/Australian-hacker-pleads-guilty/UPI-89971280127020/

Information Technology


44. July 27, IDG News Service – (International) G Data releases tool to block Windows shortcut attacks. The German security company G Data released a tool July 27 that blocks attacks using Microsoft’s shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft. The tool, called the G Data LNK Checker, is a small piece of software that is independent of other security software. It monitors the creation of shortcuts and then will block the execution of code when a shortcut icon is displayed, according to G Data. G Data said its software will display a red warning signal if a shortcut tries to execute something that appears to be malicious. The tool is free and can be downloaded from G Data. Microsoft has not indicated when it will patch the shortcut flaw, which can cause malware to be executed merely by looking inside a folder containing a malicious shortcut. The company released a hotfix last week, but shortcuts lose their icons. Source: http://www.infoworld.com/d/security-central/g-data-releases-tool-block-windows-shortcut-attacks-841


45. July 27, The Register – (International) Zeus bot latches onto Windows shortcut security hole. Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems. Zeus-contaminated emails pose as security messages from Microsoft, containing contaminated ZIP file attachments laced with a malicious payload that utilises the lnk flaw to infect targeted systems. Several additional malware families have also latched onto the same Windows shortcut trick including Sality, a popular polymorphic virus. Trend Micros confirms the appearance of the exploit vector in variants on Zeus and Sality while McAfee adds that the VXers behind the Downloader-CJX Trojan have also begun feasting off the shortcut security bug. Fortunately virus writers are, thus far at least, using the same basic exploit method, a factor that makes it easier for security firms to block attacks. Microsoft is advising users to apply temporary workarounds while its security researchers investigate the shortcut flaw, a process likely to eventually result in a patch. Source: http://www.theregister.co.uk/2010/07/27/zeus_exploit_shortcut_hole/


46. July 26, Government Computer News – (International) Attacks on Windows XP continue to grow, security experts say. Exploits using Windows XP as an attack vector will grow this year, according to security experts commenting on Microsoft’s “Security Intelligence Report Volume 8.” The report covers July 2009 through December 2009. Once again, the United States is the top destination for malware, with China and Brazil running second and third. The infamous Conficker worm continues to be among the top five in terms of malware growth. Other familiar mainstays in the top five are the Taterf worm (tops the list for total infections) and Alureon in the Trojan virus category. In Windows XP, Microsoft vulnerabilities account for 55.3 percent of all attacks in the studied sample. Windows XP SP3 will continue to get security updates until April 2014. However, Microsoft stopped supporting the XP Service Pack 2 July 13. That operating system, along with Windows 2000, no longer gets security updates from Microsoft. With the adoption of Windows 7, however, overall threat detections are down compared with the first half of 2009, even with Windows 7 launching late in the study period (October 2009). Although, many consumers, enterprises and small-to-medium businesses are still running Windows XP, a nine-year-old operating system. Source: http://gcn.com/articles/2010/07/26/windows-xp-widely-used-widely-attacked.aspx


47. July 26, Reuters – (International) Foxconn suspends operation at a facility in India. Foxconn International, one of Hon Hai Precision’s subsidiaries and maker of Apple’s iPhone among other products, suspended operations at a mobile phone parts manufacturing facility in India after about 250 workers at its facility in the Kancheepuram District of the Tamil Nadu near Chennai “experienced sensations of giddiness and nausea” July 23. The company said the employees were treated at a nearby hospital, most of them being released after treatment, and that the incident would not affect its business. Foxconn said it suspended operations at the facility as a precautionary measure to allow the facility to be checked and cleared by local authorities. The company expects production at the facility to resume in about one week. “The company believes that the incident may have been caused by the routine spraying of pesticide at the production facility, but all possible causes are being investigated by the relevant local authorities in India,” the company said in a filing to the Hong Kong bourse July 26. Source: http://www.reuters.com/article/idUSTOE66Q00G20100727


48. July 26, DarkReading – (International) Third-party content could threaten websites, study says. A report by Dasient, a security start-up company, found that third-party content can be compromised to gain access to a corporate website, but most companies do not do much to secure it. Many websites today are running outdated, vulnerable third-party applications. Across all verticals, Dasient found up to 91 percent of businesses had outdated software applications, such as a content management, blogging, or shopping cart systems. Attackers are using ad networks and widgets to help give scale to their malware attacks, Dasient CTO says. In some cases, a single infection on an ad network could carry malware to thousands of sites. To help mitigate the threat, Dasient recommends organizations vet their third-party content providers to ensure they are following security best practices. Companies should also look into ways to monitor third-party content for potential vulnerabilities. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=226200300


49. July 25, Network World – (International) WPA2 vulnerability found. Wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named “Hole 196” by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight. The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key. Source: http://www.pcworld.com/article/201822/wpa2_vulnerability_found.html


Communications Sector

50. July 27, WFAA 8 Dallas-Fort Worth – (Texas) Satellite service interrupted overnight for DISH viewers. DISH Network apparently experienced a major disruption of its satellite service July 27. Channels being relayed on the DISH satellite located in the sky at 119 degrees West were unavailable starting at 2:10 a.m. CDT. The list included basic favorites like CNN, AMC and Disney. DISH Network channels carried on its other geostationary satellites — including WFAA — were not affected by the outage. The problem appeared to have been rectified shortly before 4 a.m. CDT. No statement from the company was available. Source: http://www.wfaa.com/news/entertainment/Satellite-service-interrupted-overnight-for-DISH-viewers-99300309.html


51. July 27, Hawaii 24/7 – (Hawaii) Oceanic Time-Warner Cable services out statewide in Hawaii early Tuesday morning. Oceanic Time-Warner Cable services experienced an outage statewide in Hawaii just before midnight July 26. The outage affects both their high speed internet services and home telephone services. For an update on the system status in Hawaii call (808) 625-8282 Source: http://www.hawaii247.com/2010/07/27/oceanic-time-warner-cable-services-out-statewide-in-hawaii/


52. July 27, eWeek – (New York) Verizon hardware caused New York City phone outage. Verizon communications equipment caused the outage July 26 that knocked out landline calls in a portion of midtown Manhattan, New York. AT&T’s wireless network in the area was also affected. “A piece of communications equipment (a digital cross connect, to be specific) in one of our Manhattan central offices did not operate normally Monday. Verizon technical teams and our vendor troubleshot the issue,” a Verizon spokesperson said. The spokesperson added that any calls routed through that hardware, located on East 30th Street, experienced a fast busy signal. At eWEEK’s offices, located on East 28th Street, phones were dead; Verizon representatives told an eWEEK IT administrator that an outage had affected data lines for the office telephones and faxes. Other outages were reported across a swath of midtown, from East to West. AT&T’s wireless network in the area was also affected, according to reports. Source: http://www.eweek.com/c/a/IT-Infrastructure/Verizon-Hardware-Caused-New-York-City-Phone-Outage-122573/


53. July 26, Reuters – (National) AT&T to fix glitch affecting iPhone speeds. AT&T Inc plans in the next two to three weeks to gradually fix a software defect that cut speeds for customers sending data from the Apple Inc iPhone 4 and from laptop modems. AT&T had said July 7 it was working with network equipment maker Alcatel Lucent SA to fix the glitch, which it said affected less than 2 percent of its mobile user base. AT&T, the exclusive U.S. provider for iPhone, said the iPhone 4, the latest Apple device, was the only smartphone that runs on its network that uses a technology known as HSUPA. The No. 2 U.S. mobile operator said July 26 it has begun rolling out an Alcatel-Lucent software patch that would restore uplink speeds for its high-speed data services that depend on HSUPA. Source: http://www.reuters.com/article/idUSTRE66P48M20100726