Apparently some individuals are trying to retrieve copies of DHS reports that are more than 10 days old. DHS only retains the last 10 days…no more. Please read the header above to learn how to obtain older reports.

Wednesday, October 6, 2010

Complete DHS Daily Report for October 6, 2010

Daily Report

Top Stories

•The Alton Telegraph reports that residents of Venice, Illinois, were shaken by a series of explosions and a fire at the Magnesium Elektron plant October 4. (See item 11)

11. October 5, Alton Telegraph – (Illinois) Magnesium plant explosion rocks Venice. Residents of Venice, Illinois, were shaken by a series of explosions and a fire at a magnesium plant October 4. The blasts took place at the Magnesium Elektron plant around 10:30 p.m. Workers were working with a dozen coils in a furnace when something triggered the initial blast, which was followed by a couple of smaller booms, locals said. The high-temperature fire was allowed to largely burn itself out because water cannot be used on magnesium. Sand was eventually used to douse flames. The situation was deemed under control around 1 a.m. October 5. Source: http://www.thetelegraph.com/news/new-45630-plant-rocks.html

•According to KVUE 33, a 19-mile stretch of the Houston Ship Channel in Texas that handles more than $320 million in cargo and crude oil daily was closed to marine traffic October 3 — and could stay that way for up to 3 days — after a barge slammed into a tower supporting a high-voltage electric transmission line.(See item 21)

21. October 4, KVUE 33 Austin – (Texas) Part of Houston Ship Channel closed after barge collides with power line tower. A 19-mile stretch of the Houston Ship Channel in Texas was closed to marine traffic October 3 after a barge slammed into a tower supporting a high-voltage electric transmission line, threatening to topple it into the channel. Coast Guard officials said a towing vessel named Safety Quest was pushing three barges loaded with scrap metal about 6 a.m. when it smashed into a Baytown power line, which remained upright only with the support of one of the barges. No injuries were reported, but the boat crew moved to another vessel and to safety. Officials closed the channel from mile marker 105 to 124 and said it could stay that way for up to 3 days. Centerpoint Energy officials said the power had been shut off to the line because crews had previously been working on a nearby tower. They said no customers had lost electricity following the crash. Coast Guard officials said the ship channel handles more than $320 million in cargo and crude oil daily, meaning the Port of Houston could lose nearly $1 billion if the waterway is closed for 3 days. Source: http://www.kvue.com/news/state/Part-of-Houston-Ship-Channel-closed-after-barge-collides-with-power-line-tower-104276529.html

Details

Banking and Finance Sector

14. October 5, Help Net Security – (International) Massive iTunes phishing attack. Apple’s popular iTunes platform has become a major target for hackers looking to steal credit card data from the service’s millions of users. Victims receive a cleverly-crafted e-mail informing them they have made an expensive purchase on iTunes. The user, having never made the purchase to begin with, is concerned by the e-mail and naturally tries to resolve the problem –- in this case by clicking on the proffered (fake) link. After clicking the link, the victim is asked to download a fake PDF reader. Once installation is complete, the user is redirected to an infected Web page containing the ZeuS Trojan, which is specifically designed to steal personal data. This phishing attack was uncovered shortly after a similar phishing attack targeting LinkedIn users appeared last week, which appears to have originated in Russia. This technique has been reported to the Anti-Phishing Working Group, which has started to block some of the Web addresses linked to in the fake e-mail. PandaLabs advised all users to be wary of any e-mails related to iTunes, regardless of how genuine they seem. Users who think they may have been affected are urged to scan their computers thoroughly to locate and remove any possible threats. Source: http://www.net-security.org/secworld.php?id=9945

15. October 5, IDG News Service – (International) Russia detains suspect in carding, online fraud scheme. Russian authorities have detained a Ukrainian national who oversaw a group that manufactured fraudulent payment cards and identity documents, according to the country’s Interior Ministry October 5. The group — whose members also included Russian and Armenian nationals — stole money from the accounts of 17 Russian credit organizations as well as foreign banks, causing more than $660,225 in damages. Authorities seized 100 fraudulent cards, computer equipment and an “encoder,” which can replicate the magnetic stripe information of a legitimate card onto a fraudulent one. The frauds occurred between January and June, the ministry said. The Interior Ministry did not say if the action was related to a wide-ranging sting operation in the United States., U.K and Ukraine last week related to the use of Zeus banking malware. An interior ministry official was unable to provide further information. Source: http://www.computerworld.com/s/article/9189460/Russia_detains_suspect_in_carding_online_fraud_scheme

16. October 4, DarkReading – (International) New Verizon report: Non-PCI compliant organizations suffer more breaches. Data from PCI DSS assessments conducted by Verizon Business’ PCI auditors shows organizations hit by breaches are 50 percent less likely to be PCI-compliant than other clients. The first-ever Verizon Payment Card Industry Compliance Report, released October 4, analyzed findings from actual PCI DSS assessments Verizon conducted between 2008 and 2009. The report also shows only 22 percent of organizations score as compliant with the PCI DSS at their first audit. Protecting stored data, tracking and monitoring access to network resources and cardholder data, and regularly testing security systems and processes, were the top three reasons for breaches in Verizon’s 2010 Data Breach Investigations Report. And it is those three security areas where companies are having difficulty deploying or complying with in PCI, according to Verizon. The firm’s director of global PCI consulting services said these are PCI compliance areas where organizations are most lagging behind. The report analyzed findings in 200 PCI DSS assessments conducted by Verizon’s PCI Qualified Security Assessors, and correlates it with the company’s breach report. The top attack techniques used to breach payment card data were malware and hacking (25 percent); SQL injection attacks (24 percent); exploiting default or guessable credentials (21 percent); abuse of system access privileges (17 percent); use of stolen log-in credentials (14 percent); RAM scraper malware (13 percent); exploiting insufficient authorization (13 percent); packet sniffer (13 percent); and keylogger/spyware (13 percent). Source: http://www.darkreading.com/security_monitoring/security/app-security/showArticle.jhtml?articleID=227600072&subSection=Application+Security

17. October 4, KCRA 3 Sacramento – (California) Arrest made in Davis credit card fraud scheme. Police arrested a man in a credit card fraud scheme, in Davis, California that has wracked up more than $100,000 in losses and dozens of victims. Police arrested the 28-year-old suspect in Antioch. Police said they found him in possession of stolen credit card information inside one of four homes they searched in connection with the case. Police said the suspect’s arrest is only the first. They expect to make additional arrests.The thieves got Davis residents’ credit card information by hacking into the system used to process credit cards at local eateries. “We are thinking it may be through some food vendor sources or restaurants,” said a spokesman with the Davis Police Department. From there, police said, the suspect used the stolen credit cards to buy gift cards, often at Target. They said he used the gift cards or sold them. Source: http://www.kcra.com/r/25281163/detail.html

18. October 4, Examiner.com – (Texas) Three business executives face federal charges for Houston credit card scheme. Federal arrest warrants have been issued for three business executives from around the country, charging them with pocketing $860,000 in an elaborate credit card racket. All 3 are charged with setting up phony purchases of tractor-trailers using American Express cards, and when the checks arrived for the fake transactions, they would shuffle the money into various bank accounts so they could all make withdrawals. Federal agents have finished tallying dozens of wire transfers between banks, aimed at hiding where the money was really coming from. Eight-counts of federal conspiracy, bank fraud, and conspiracy to launder money have been lodged against the president of consulting firm Entalagent, Inc. and his business partner. The president is accused of funneling some of the money through his mother, having her make some of the bank transactions to further hide the source of all the money. She has not been charged. A Houston, Texas federal grand jury has also indicted the owner of Davis Auto Brokers in North Carolina with 7 counts of Bank Fraud and Conspiracy. Between June of 2008 and through March of this year, federal agents said all 3 executives worked together to pocket money in the phony truck buying transactions by applying for American Express credit cards in unsuspecting consumers’ names. Source: http://www.examiner.com/page-one-in-houston/three-business-executives-face-federal-charges-for-houston-credit-card-scheme

For more stories, see item 39 below in the Information Technology Sector

Information Technology

38. October 5, ComputerWorld – (International) Fake browser warnings dupe users into downloading ‘scareware’. Scammers are spoofing the anti-malware warnings of popular browsers to dupe Windows users into downloading fake security software, Symantec said October 4. Several malicious Web sites are displaying phony versions of the alerts that Google’s Chrome and Mozilla’s Firefox present when users encounter pages suspected of hosting attack code, said a Symantec researcher in a post to the firm’s blog. Rather than simply warn users that the page they are about to visit may be dangerous — as do the legitimate alerts — the sham versions also include a prominent message that suggests downloading a browser security update. In reality, no browser offers its users security updates from its anti-malware warning screen. Anyone who accepts the update actually downloads bogus software, often called “scareware” because it bombards users with endless fictitious infection warnings until people pay $40 to $50 to buy the useless program. Even the cautious can be nailed by these sites. Users who refuse the mock updates are assaulted by a multi-exploit toolkit that includes attack code for 10 different vulnerabilities in Windows, Adobe Reader, Internet Explorer and Java. Windows PCs that have been kept up-to-date with bug patches will be immune from the exploit kit, however. Source: http://www.computerworld.com/s/article/9189399/Fake_browser_warnings_dupe_users_into_downloading_scareware_

39. October 5, Softpedia – (International) HTML attachment spam exploded in recent months. Spam campaigns, which generate e-mails with malicious HTML attachments, have been particularly aggressive during the past 5 months and they accounted for between 2 and 8 percent of all spam. According to data from security vendor Sophos, the most affected months were June and September, when the volume of spam with HTML attachment reached 8 percent of the total junk-mail traffic. In comparison, the months of July, August and October have seen average distribution levels of 2 percent to 3 percent, which is still significant. The majority of rogue HTML files served in this manner consist of phishing pages or contain JavaScript code that redirects users to malware pushing Web sites. As far as phishing is concerned, attacks employing this technique have targeted the customers of organizations like PayPal or Banchi de Credito Cooperativo. “Instead of setting up a bogus financial website, scammers insert the phishing contents directly into the HTML attachment,” the Sophos researchers explain. The JavaScript redirect method is much more common, and the second half of September has seen waves of e-mails with random subjects, content, and attachment names. Source: http://news.softpedia.com/news/HTML-Attachment-Spam-Exploded-in-Recent-Months-159367.shtml

40. October 4, V3.co.uk – (International) National critical IT infrastructure is under-invested, says ISF. The critical infrastructure of countries and organizations is threatened by cyber attack, according to a new report, Threat Horizon 2012, from independent information security authority, The Information Security Forum (ISF). Threats are driven by under-investment in both organizational and national critical infrastructure, which the ISF states has weakened underlying IT platforms. The report lists the 10 most likely threat scenarios organizations face in the future. They include the rapid adoption of cloud computing, increasing use of mobile devices, growth of cybercrime and online espionage, and the merging of home and work life. Source: http://www.v3.co.uk/computing/news/2270867/national-critical

41. October 4, Krebs on Security – (International) Spam volumes dip after Spamit.com closure. Spam trackers are seeing a fairly dramatic drop in junk e-mail sent over the past few days, specifically spam relayed by the one of the world’s largest spam botnets –- although security experts disagree on exactly which botnet may be throttling back or experiencing problems. According to M86 Security Labs, the volume of spam has dipped quite a bit, approximately 40 percent since the beginning of the month by the looks of the graphic the company publishes on its site. M86 said the decrease in spam is due to a rapid drop in activity from the Rustock botnet, a collection of spam-spewing zombie PCs that experts say is responsible for relaying about 40 percent of all junk e-mail on any given day. The decline in spam volume comes at about the same time that the world’s largest spam affiliate program — spamit.com — said it would stop paying affiliates to promote its online pharmacy Web sites — October 1. The vice president of technical strategy for M86 said the most likely explanation is that the person(s) operating Rustock rented the botnet to a number of spamit.com affiliates, and many of those affiliates have not yet switched over to another pharmacy affiliate program. Source: http://krebsonsecurity.com/2010/10/spam-volume-dip-after-spamit-com-closure/

Communications Sector

42. October 5, Middletown Times Herald-Record – (New York) Verizon outages persist in Sullivan. As of the morning of October 5, Verizon service had been out in parts of Sullivan County, New York, for 5 days, and Verizon officials could not say exactly when it would be restored. The culprit of the outage is a cable that runs under Route 42 through Monticello. Over the past 2 weeks, three portions of the cable that have been spliced together have gotten wet, a Verizon spokesman said. A replacement cable section was expected to arrive October 5. Verizon has received about 180 reports of outages, which have affected phone, Internet and possibly some ATM service, but there could be more, the spokesman said. Times Herald-Record readers have called in to report outages in Forestburgh, Fallsburg, and Thompson. Among those whose phones were apparently out was the Forestburgh Fire Department. But the outage will not impact emergency response because 911 talks to the firehouse by radio, said Sullivan County’s commissioner of public safety. Source: http://www.recordonline.com/apps/pbcs.dll/article?AID=/20101005/BIZ/10050316/-1/SITEMAP

43. October 5, Wheaton Patch – (Illinois) Wheaton police warn residents of phone scam. Police in Wheaton, Illinois, issued a press release October 4 about area codes that may be related to a phone scam. In the past, consumers have been deceived into making expensive international calls by scam artists who leave messages on consumers’ answering machines or their e-mail accounts. The messages urge consumers to call a number with an “809,” “284,” “876” or some other area code to collect a prize, find out information about a sick relative, or, even engage in sex talk. Wireless consumers are now receiving similar calls from phone numbers with three-digit area codes that appear to be domestic, but are actually associated with international pay-per-call phone numbers. While wireless companies are working to block suspicious numbers on their networks, some consumers may become victims of this scam. Source: http://wheaton.patch.com/articles/wheaton-police-warn-residents-of-phone-scam

44. October 5, Pittsburgh Tribune-Review – (Pennsylvania) WDUQ-FM temporarily loses signal. WDUQ-FM of Pittsburgh, Pennsylvania, lost its signal October 5 because of technical difficulties. A station employee said the signal for 90.5 FM was lost around 8 a.m. A message on the radio station’s Web site stated that it has experienced difficulties and outages since recently moving its offices across Duquesne University’s Uptown campus. Source: http://www.pittsburghlive.com/x/pittsburghtrib/news/pittsburgh/s_702799.html

45. October 4, Glen Falls Post-Star – (New York) Channel 8 Look TV remains off air since last week’s storm. Look TV of Glen Falls, New York, has been off the air since September 30, when a rainstorm caused an electrical problem at the station’s tower on West Mountain. Rain and wind caused power outages in the region as the remnants of tropical storm Nicole passed through. The problem has been identified, according to the station owner, and replacement parts are on the way, he said the morning of October 4. But there is no exact timeline to restore the signal. The broadcast has never before been down for this length of time. The delay in restoring the signal, he said, is due in part to complicated repairs with the newer and more complex digital broadcasting equipment. A message on Channel 8 states the signal is down temporarily. Source: http://poststar.com/news/local/article_0d736198-cfca-11df-ab99-001cc4c002e0.html