Thursday, September 23, 2010

Complete DHS Daily Report for September 23, 2010

Daily Report

Top Stories

 According to Trend News Agency, a powerful explosion occurred September 22 in a cemetery not far from the U.S. Embassy in Tbilisi, Georgia. (See item 32)

32. September 22, Trend News Agency – (International) Explosion near U.S. Embassy in Tbilisi. An explosion occurred September 22 in a cemetery not far from the U.S. Embassy in Tbilisi, Georgia. The police told Trend that the bomb exploded at 1:30 a.m. local time. No one was injured. A building in the cemetery was damaged. The police found another suspicious device at the cemetery, which they neutralized on the spot. The police said the bomb was a self-made device. An investigation is underway. Meanwhile, local residents said the explosion was powerful. Source:

 The Flint Journal reports that police said criminals made off with about $1 million in copper from a communication tower on Branch Road near Davison Road in Flint, Michigan. See item 49 below in the Communications Sector.


Banking and Finance Sector

12. September 22, Reuters – (National) Senators to probe SEC’s Stanford investigation. A federal watchdog’s report accusing the Securities and Exchange Commission (SEC) of bungling its investigation of an alleged $7 billion dollar Ponzi scheme will be the subject of a U.S. Senate hearing September 22. The report authored by the SEC Inspector General said the regulator had suspected as early as 1997 that the suspect was running a Ponzi scheme, but did nothing to stop it until late 2005. The SEC filed charges against the suspect in February 2009, accusing the Texas financier and three of his companies of selling billions of dollars of fraudulent certificates of deposit. But the report went largely unnoticed as it was released mid-April, on the same day the SEC filed civil fraud charges against Goldman Sachs. “This report has not received the attention that it deserves and it is unclear what changes have been made at the SEC as a result,” a Senator told the SEC Chairman in a recent letter. The Senate Banking Committee has scheduled testimony from SEC Enforcement; the director of inspections and examinations for the agency; and the regional director of its Fort Worth, Texas, office. Source:

13. September 21, Pasadena Star-News – (California) Woman attempts bank robbery, causes bomb scare. A woman attempting to rob a bank in Monterey Park, California caused a bomb scare that forced the evacuation of nearby businesses and streets September 21. The woman walked into Wells Fargo Bank, 2101 S. Atlantic Blvd., about 3 p.m. and demanded money from the teller, saying she had a bomb in a bag, authorities said. As the teller opened the tray to retrieve money, the woman became spooked and ran out of the bank, said the Monterey Park police captain. She tried to get on a northbound bus but police stopped her. “At some point prior to that she dropped the bag,” the captain said. No money was taken during the incident. The Los Angeles County sheriff’s bomb squad inspected the bag and the inside of the bank. They used a robot to determine there was no bomb. Source:

For more stories, see items 46 and 47 below in the Information Technology Sector

Information Technology

42. September 22, Computerworld – (International) Twitter ‘antibodies’ help kill worm, says researcher. Social-networking services like Facebook and Twitter have a natural defense against hardcore hackers, a security researcher said September 21. The remarkable speed with which several worms spread on Twitter Tuesday may have sent opportunistic spammers scurrying to exploit a quickly patched vulnerability, but cybercriminals looking for ways to hijack PCs essentially steered clear. Why? “Social networks have built-in antibodies ... their users,” said an analyst of the Finnish security company F-Secure. “Compare the Twitter attack to a malicious attack of yesteryear that took weeks or even months to develop. This peaked and ebbed in two and a half hours.” That pace was the worms’ undoing. Although they spread voraciously for several hours — the spike of worm-spreading traffic started around 5:30 a.m. Pacific time, according to data from — Twitter quashed the bug by 7 a.m. With users tweeting around the clock somewhere in the world, it’s not surprising that the original worm and the inevitable copycats came to the attention of Twitter’s security team. “They make a very dynamic feedback loop for Twitter,” he said. What’s not as intuitive is that the fast up-up-up and then the just-as-rapid down-down-down of the infection pulse is something hackers do not want. “Hard-core hackers won’t go after something like Twitter,” the analyst contended, “because it causes too much damage.” Too much, as in too much publicity, and more infections than can be handled. Source:

43. September 22, SC Magazine UK – (International) Symantec warns of a new virus threat, as remote workers most likely to breach rules. With Stuxnet and the “Here you have” worm both highlighting the threat of a virus, there’s been a further detection of what has been called the Sality.AE virus. According to Symantec’s September 2010 MessageLabs Intelligence Report, the Sality.AE virus was the most prevalent blocked piece of malware in the month. It said that Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet and in terms of endpoint threats, it was the most prevalent. Also, one third of employees are more likely to trigger a Web site block based on corporate policy infringement when on the road rather than in the office. The report found that Web-based malware accounted for one in 1,807 of the Web site traffic blocks triggered for remote workers, compared with one in 322 for office-based workers. Of the blocked sites, shopping, search engines and dating categories were frequently blocked for workers outside the office than those who are inside, while blocks on adult or sexually explicit content were more likely to be attempted from the workplace. Source:

44. September 22, The H Security – (International) Twitter and the XSS zombie. In August, a Twitter developer changed the code of a Twitter library with the comment “closed XSS after the [at symbol]”. On September 21, this vulnerability reappeared on the Twitter servers and there was an avalanche of tweets exploiting this security hole. The publicly viewable documentation of the August 24th code change in the open source code of twitter-text-rb even included a demo link that looks a lot like the one in circulation September 21. The problem was that a URL crafted as http://x.xx/[at symbol] could confuse the parser, allowing JavaScript to be injected, stored with the tweet, and embedded in the Twitter user’s browser on the site. An event, such as a mouseover, could then be used to activate the code. According to Twitter, the problem was actually remedied last month, but a recent update of the site “unknowingly resurfaced it.” When the first demo tweets went into circulation September 21, it appeared that script code could again be injected. Less than 1 hour after the first few harmless demos began displaying JavaScript messages, variations popped up that propagated themselves as “retweets” or downloaded additional JavaScript code from external sites; it is still not clear what operations some of the variants performed. Shortly after the avalanche, Twitter put the fix back in place to remedy the problem and there appears to be no risk at the moment. Source:

45. September 22, The Register – (Oregon) 4chan invades Tea Party website. A Web site run by the conservative Tea Party movement was overrun by the denizens of 4chan September 21. Web site vulnerabilities on the official Web site allowed pranksters to divert surfers landing on the photo section of the site to smut and shock sites. It’s unclear what Web site security shortcomings were exploited in that attack and whether these are now closed. Boing Boing has screenshots from the attack in a short article. The assault coincides with ongoing DDoS attacks by members of 4chan against entertainment industry Web sites in protest against legal actions against Torrent tracker Web site The Pirate Bay. The Oregon Tea Party made the mistake of using the “We Are Legion” slogan of Anonymous, the anti-Scientology movement that spawned in 4chan, in its official materials this summer. In response, Anonymous hacked the Tea Party’s Facebook page, posting flames and image macros, before the local branch of the dissident conservative movement promised to stop using the slogan. Source:

46. September 22, – (International) Software vulnerabilities reaching ‘unacceptable’ levels. Developers are failing to meet industry security standards when creating new software, according to testing firm Veracode. Data collected on 2,900 applications by the company’s security verification service suggests that more than half of tested applications contain “ unacceptable” levels of vulnerabilities. Financial sector applications had the lowest vulnerability levels, and mission-critical applications in general were found to be less vulnerable. Web-based applications were found to be particularly vulnerable, however. More than 80 percent of submitted Web applications contained errors listed in the Open Web Application Security Project’s Top 10 risk list. The vice president of product marketing at Veracode told that the high number of vulnerabilities in Web applications could be down to the skill of the developer and heightened interest in testing Web applications. She shot down the notion that data stored on site is more secure than cloud computing services, or that installed applications are inherently more secure. Instead, she suggests that companies are adopting stricter testing practices that should have been in use all along. Source:

47. September 21, Help Net Security – (International) Phishers still favor spam over social networking sites. SpamTitan Technologies announced the findings of its latest survey of small and medium businesses on the continued danger of phishing attacks, and it shows that despite media reports about the rise in phishing on social networking sites, its perceived threat to businesses is marginal when compared with traditional spam techniques. An overwhelming majority (75 percent) of IT managers surveyed regard traditional spam as the top security threat. Opinion is divided over whether business network security measures have caused phishing attacks to migrate from e-mail to social networking sites such as Twitter or Facebook with 37 percent saying it is a growing phenomenon while 31 percent disagree. Instead, they regard the move to on-line phishing as a natural response to the growth in the user communities of the main social networking sites. Clear policies and improvements in user education and awareness topped recommendations as the best ways to beat phishing. Source:

48. September 20, Government Technology – (International) Top 10 network security threats. With cyber-threats becoming a daily headache for IT security staff, it helps to have some advice, or at least know what to look out for. One researcher of Fortinet, a network security software provider, offered his observations on the top 10 threats that can harm networks from the inside and ways to combat them. And according to him, the number of threats just keeps growing. “The ways that the networks can be compromised 5 years ago internally, certainly still exist. It’s just that today, that list is really growing, and that’s why this is ongoing research,” said a project manager for cyber-security and threat research at Fortinet. The manager said that the company has more than 100 researchers worldwide who monitor network activity. According to the researchers, the top 10 internal network vulnerabilities are: 1) USB drives, 2) laptops and netbooks, 3) wireless access points, 4) miscellaneous USB devices (digital cameras, MP3 players, etc.,) 5) employees borrowing others’ machines or devices, 6) the Trojan human (attackers who visit sites disguised as employee personnel or contractors,) 7) optical media (CDs, DVDs, etc.,) 8) lack of employee alertness, 9) smartphones, and 10) e-mail. Source:

Communications Sector

49. September 21, Flint Journal – (Michigan) Copper taken from communication tower in Flint valued at $1M. Suspects made off with about $1 million in copper from a communication tower on Branch Road near Davison Road in Flint, Michigan, according to police reports. Police are investigating the incident, which a Sprint communications repairman reported to police. He said the incident occurred some time between 9 a.m. and noon September 18, according to police. The man told police someone climbed over the west barbed-wire gate of the communication barrier and removed an air conditioning cover, along with copper pipes from the unit. The suspect then broke into a control room and removed a 30-pound copper plate. Wiring was also taken from the control room. The total value lost is estimated at $1 million. Source:

50. September 21, IDG News Service – (National) Lawmakers call for smart grid access to wireless spectrum. Two U.S. lawmakers have asked the Federal Communications Commission (FCC) to allow Internet-connected, electricity-monitoring devices to access unused television spectrum. The FCC is scheduled to vote September 23 on final rules allowing mobile broadband devices to use the so-called white spaces, spectrum assigned for television use but not occupied by TV stations. But two U.S. Representatives, both California Democrats, called on the FCC to allow so-called smart grid devices — digital electricity meters for homes and businesses — to also use white-space spectrum. “As we continue to promote policies to expand broadband services, more and more consumers will expect to use their computer and wireless devices to monitor their energy usage in ‘real time’ whether they are at home, at work, or on vacation,” they wrote in a letter to the FCC September 21. The lawmakers want the FCC to allow smart grid devices, such as smart meters and home energy management systems, to use the white spaces, a spokeswoman for one of the representatives said. They are not advocating that electric utilities use the white spaces as broadband backhaul, she said. Source:

51. September 21, Petoskey News-Review – (Michigan) AT&T service disruption is because of system upgrade. AT&T customers around the Petoskey, Michigan, area experienced a disruption in their mobile service the week of September 20 because of complications with the system upgrade to a 3G network. “There is a tower down in the area because of the change over to the 3G network. Our local engineers have been having trouble with the upgrades so there are engineers here from down state to help fix the problem,” Petoskey’s AT&T manager said. “We are adding the high-speed 3G network, which will speed up mobile Internet service. The tower should be completed very soon and the service will improve.” Source:,0,5227970.story

52. September 21, Associated Press – (Michigan) 1M copper theft hits Flint communication tower. Authorities said about $1 million in copper has been stolen from a communication tower in Flint, Michigan. The Flint Journal reported September 21 that a repairman discovered the recent theft and reported it to police. An air conditioning cover was removed along with copper pipes from the unit, and a 30-pound copper plate was taken from a control room. Wiring also was taken. Source:

53. September 21, Government Computer News – (National) Next generation of GPS satellites threatened by lack of coordination, GAO says. For the past 15 years, the U.S. Global Positioning System (GPS) has provided essential positioning, navigation and timing services not only to the military, but to civil and commercial activities including agriculture, aviation, power distribution and emergency services. But maintenance and future development of GPS is threatened by ambitious schedules that have not been backed up by appropriate oversight and coordination, according to the Government Accountability Office (GAO). The deployment of the current generation of satellites and services, called GPS IIF, is more than 3 years behind schedule and has more than doubled its original cost estimate, GAO said. The next generation, GPS IIIA, appears to be on schedule but faces risks from a ground system that will not be completed until the launch of the first IIIA satellite, now scheduled for 2015. “The GPS constellation availability has improved, but in the longer term, a delay in the launch of the GPS IIIA satellites could still reduce the size of the constellation to fewer than 24 operational satellites — the number that the U.S. government commits to — which might not meet the needs of some GPS users,” GAO warned in a report on challenges to the system. Source: