Tuesday, November 16, 2010

Complete DHS Daily Report for November 16, 2010

Daily Report

Top Stories

• Reuters reports that commercial aircraft manufacturers and airlines must take new steps to protect thousands of jets from serious structural fatigue and cracking as they age, according to a rule finalized November 12 by the Federal Aviation Administration. (See item 17)

17. November 12, Reuters – (International) U.S. orders new safety steps on aging aircraft. Commercial aircraft manufacturers and airlines must take new steps to protect thousands of jets from serious structural fatigue as they age, according to a rule finalized November 12 by U.S. aviation regulators. The Federal Aviation Administration (FAA) is requiring manufacturers, such as industry leaders Boeing Co. and Airbus, a unit of Europe’s EADS, and airlines to intensify and streamline inspections of the metallic skeleton and skin of aircraft. The FAA estimated compliance costs for the industry at $3.6 million. The regulation has been in the works for years and pulls together related rules and directives issued by the agency on fatigue cracking, which is mainly caused by repeated changes in pressurization during flight. More than 4,100 planes registered to fly in the United States are affected by the new rule. Structural fatigue and questions about FAA oversight have arisen in a handful of incidents in recent years. The FAA said it is working with European safety officials to harmonize regulations. European Aviation Safety Agency (EASA) is currently working on its own fatigue directive. At issue are tiny cracks, some of them visible, that often form on a plane as it ages. Individually, the cracks are of little concern. But they can weaken an aircraft’s structure if permitted to spread and link with other cracks. Fatigue is understood up to a point, the FAA said in raising concern about operating jets beyond a certain age. Many planes are in service for two decades or more, and current inspection methods do not reliably catch all cracks. Manufacturers have between 18 and 60 months to comply with the new FAA rule, depending on the plane involved. Airlines then have another 30 to 72 months to incorporate the changes into their inspection routines. Source: http://www.reuters.com/article/idUSTRE6AB3V020101112

• A Florida man was jailed on charges of tampering with a public drinking water system after he got inside a treatment plant, put on a hazardous material suit, and turned off some power switches and a backup generator, according to the Associated Press. (See item 37)

37. November 14, Associated Press – (Florida) Man accused of water tampering after strange acts. A Florida man was jailed on charges of tampering with a public drinking water system. The FBI said the man climbed a fence on November 1 at the city of Hollywood water treatment plant. He allegedly took off all his clothes and then turned off some power switches in a control room. Then, the FBI said he put on a hazardous materials suit and turned off more switches and a backup generator. That is when plant personnel stopped him, halting a potentially hazardous situation. Police said the man gave a false name when he was arrested. Court records do not indicate why the man may have done this. At a court hearing November 12, he was given until November 15 to get an attorney and a bail hearing was set for November 17. Source: http://www.google.com/hostednews/ap/article/ALeqM5gqLo9VoP77SS-Gq0OLctFYGuO9uA?docId=783ed98d04c04318a1173cf98629c8dd

Details

Banking and Finance Sector

19. November 15, BankInfoSecurity.com – (National) ATM outage: More hype than hack. The ATM and online banking outage that allegedly struck several of the nation’s top financial institutions, including Bank of America (BofA), Chase, U.S. Bank, Wells Fargo, Compass, USAA, SunTrust, Chase, Fairwinds Credit Union, American Express, BB&T on the East Coast, and PNC, over the weekend of November 6, may have been more hype than reality. A spokeswoman for BofA, the country’s largest bank, with $2.36 trillion in assets, said none of the bank’s systems were affected by malware, as was suggested as a possible reason for the outage, and that only “very minor systems issues” adversely affected deposits and withdrawals for a few customers. The chief information officer of Fairwinds Credit Union, a $1.5 billion institution serving central Florida, calls reports of the massive ATM and online outage “ridiculous.” “Nothing happened here,” he said. “This is complete fiction, and I’m trying to figure out where it started.” Source: http://www.bankinfosecurity.com/articles.php?art_id=3096

20. November 15, BankInfoSecurity.com – (Florida) AML whistleblower sues bank. In a case alleging money laundering violations and discrimination, a Miami, Florida bank officer has filed suit against Ocean Bank, a $3.9 billion institution, claiming she was fired after reporting suspicious banking activity. Two law firms representing her filed a complaint against Ocean Bank and issued a statement detailing the client’s claims. The former bank employee had been employed as a private banking officer at the bank for more than 25 years, but said after a new bank president arrived from Venezuela, he began showing favoritism toward employees of Venezuelan descent and fired her in 2009 after she reported suspicious bank transactions involving a wealthy Venezuelan customer who was a close friend of the president. The complaint is pending now before the 11th Judicial Circuit Court in Miami. Source: http://www.bankinfosecurity.com/articles.php?art_id=3099

21. November 13, BankInfoSecurity.com – (National) 3 banks closed on November 12. Federal and state banking regulators closed three banks November 12. These failures raise the total number of failed institutions to 168 so far in 2010. These are the latest closures: Tifton Banking Company, Tifton, Geogia, Darby Bank & Trust Co., Vidalia, Georgia, were closed by the Georgia Department of Banking and Finance. The Federal Deposit Insurance Corporation (FDIC) was appointed receiver. Ameris Bank, Moultrie, Georgia will acquire the banking operations including all the deposits of the two failed banks, which were not affiliated with each other. The branches of the two closed institutions will reopen as branches of Ameris Bank. Tifton Banking Company had assets of $143.7 million, and Darby Bank & Trust Co. had total assets of $654.7 million. The estimated cost to the Deposit Insurance Fund (DIF) will be $24.6 million for Tifton Banking Company, and $136.2 million for Darby Bank & Trust Co. Copper Star Bank, Scottsdale, Arizona, was closed by the superintendent of the Arizona Department of Financial Institutions. The FDIC was appointed receiver. The FDIC arranged for Stearns Bank National Association, St. Cloud, Minnesota, to assume all of the deposits of Copper Star Bank. The three branches of Copper Star Bank will reopen as branches of Stearns Bank N.A. Copper Star Bank had $204 million in assets. The estimated cost to the DIF will be $43.6 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=3098

Information Technology

51. November 15, Infosecurity – (International) Latest rogue Facebook app dissected by IT security expert. There are many reports of darkware Facebook apps, but it is rare to find a really thorough analysis of a rogue app. But Sophos’ principal virus researcher has analyzed one of the latest apps in some detail. According to the researcher, the latest rogue app on the social networking site specifically targets Croatian users. Compared to some other Eastern European countries, he said, Croatia is not very well known for being a land of malware writers, which makes this particular app all the more surprising. The rogue Facebook app, he explained, invites users to install a new “Love” Facebook button, and uses a malicious Java applet to install a password stealing Trojan. “The Trojan is designed to steal Facebook credentials and other passwords from various sources on the system, including Internet Explorer, Firefox, and Google Chrome,” he said, adding that the attack reminded him of a recent “Dislike” button attack but it is clearly the work of a different attacker. The Facebook application, he said, is actually a simple Web page hosted on one of the free Web-hosting providers. The handcrafted page, he goes on to say, contains a tag to load a Java applet to allegedly install the Love Facebook button, rather than the usual obfuscated Javascript code with a drive-by exploit. Source: http://www.infosecurity-magazine.com/view/13961/latest-rogue-facebook-app-dissected-by-it-security-expert/

52. November 13, Computerworld – (International) Researchers take down Koobface servers. Security researchers, working with law enforcement and Internet service providers, have disrupted the brains of the Koobface botnet. On November 12, the computer identified as the command-and-control server used to send instructions to infected Koobface machines was offline. According to the chief research officer with SecDev Group, the server was one of three Koobface systems taken offline November 12 by Coreix, a U.K. Internet service provider. Coreix took down the servers after researchers contacted U.K. law enforcement. The takedown will disrupt Koobface for a time, but for any real effect, much more will have to happen. Machines that are infected by Koobface connect to intermediary servers — typically Web servers that have had their FTP credentials compromised — that then redirect them to the now-downed command and control servers. The November 12 takedown is part of a larger operation that first started 2 weeks ago. SecDev Group notified the ISPs about the compromised FTP accounts, and has also tipped off Facebook and Google to hundreds of thousands of Koobface-operated accounts. The Facebook accounts are used to lure victims to Google Blogspot pages, which in turn redirect them to Web servers that contain the malicious Koobface code. Source: http://www.computerworld.com/s/article/9196398/Researchers_take_down_Koobface_servers

53. November 12, SC Magazine – (International) Latest Mac OS X update locks out some PGP users. A massive security update from Apple fixed more than 130 security flaws in its Mac OS X operating system, but it left users of PGP’s Whole Disk Encryption (WDE) product unable to reboot their computers. PGP users first started noting problems about the update, Mac OS X 10.6.5, shortly after it was released November 10. Symantec, which now owns PGP, first issued an alert about the issue November 10, warning PGP WDE users to not apply the update. Symantec said the problem was the result of “compatibility issues.” If the update to OS X 10.6.5 has already been made and the machine fails to boot, the data on the machine is not lost, however, Symantec said. The company issued a fix for affected users that involves booting into OS X from the PGP recovery CD. WDE users who have not yet applied the OS X update can safely do so by decrypting the system first, then applying the update, then re-encrypting the system. The update from Apple fixed approximately 80 vulnerabilities in Mac OS X “Snow Leopard” and dozens of other flaws affecting the Flash Player plug-in. Many of the vulnerabilities could be exploited by an attacker to run malicious code on a user’s system. Source: http://www.scmagazineus.com/latest-mac-os-x-update-locks-out-some-pgp-users/article/190717/

54. November 12, IDG News Service – (National) Sarah Palin hacker Kernell gets one-year sentence. The former college student who guessed his way into the former Republican Vice-Presidential nominee’s Yahoo e-mail account during the 2008 U.S. presidential election was sentenced to a1year and 1 day in prison November 12. The hacker’s lawyers had been hoping for probation only; federal prosecutors had asked for an 18-month sentence. The judge in the case recommended that the hacker serve his time at a halfway house rather than federal prison, but that decision is up to the U.S. Bureau of Prisons, the U.S. Department of Justice said. Following his 1-year sentence, the convict must serve 3 years’ probation. The hacker, a 20-year-old college student at the time of the incident, got into the account by guessing answers to the security questions used by Yahoo to reset the account’s password. In chat logs, the hacker said he was hoping to find information that would “derail” her 2008 vice presidential election campaign. Source: http://www.computerworld.com/s/article/9196334/Update_Sarah_Palin_hacker_Kernell_gets_one_year_sentence

55. November 12, DarkReading – (International) Drive-By Downloads: Malware’s most popular distribution method. Why try to fool users into opening e-mail attachments when one can simply drop a Trojan on them from their favorite Web sites? That is the question many malware authors and distributors are asking — and the obvious answer is spurring most of them to try out the emerging “drive-by download” method. “What we’re seeing is a fundamental change in the method of malware distribution,” said the CTO of Dasient, which offers a service that detects and eradicates Web-borne malware. “In the old days, we saw executable code in a static file, which was originally delivered via floppy disks and then via e-mail attachments. Now we’re seeing active content delivered via drive-by downloads at legitimate sites.” A drive-by download typically begins by injecting a Web page with malicious code, often through JavaScript. The code generally invokes a client-side vulnerability to deliver shell code, such as the JavaScript-based Heap Spray attack, to take control of the user’s machine. From there, the attacker can send a “downloader,” which is often custom, zero-day code that is not recognized by traditional antivirus systems. Once the downloader is in place, the attacker can deliver his malware of choice. Drive-by downloads are particularly effective for delivering code that can steal end user credentials (such as Zeus), launch a fake antivirus scam (such as Koobface), steal server-side administrative credentials (such as Gumblar), steal corporate secrets (such as Project Aurora), or collect fraudulent click revenue (such as clickbot.A). Source: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=228200810

56. November 12, InformationWeek – (International) Spam down in October: Symantec. Spam levels are down, at least for the moment. So said a new study released recently by Symantec, which found that spam comprised 86.6 percent of all messages in October 2010, compared with 89.4 percent in September. Symantec said the decline continues a “sharp decrease in global spam volume,” with spam volume down a whopping 47 percent from August to October. That’s the lowest volume of spam seen since September 2009. What’s behind this decrease in spam? Chalk it up to the bust-up of multiple Zeus-using gangs in recent months, the spamit.com shutdown, as well as Dutch authorities essentially unplugging the Bredolab botnet, Symantec said. The prevalence of phishing spam attacks, however, increased slightly — by 0.3 percent — from September to October, due to criminals’ more widespread use of automated crimeware toolkits. While most phishing attacks still arrive via e-mail, in October, 4 percent arrived via social networks. Many of these social network phishing attacks targeted not only financial information, but also people’s social networking details. Source: http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=228200813

Communications Sector

57. November 15, myMotherLode.com – (California) Internet and phone services restored in Tuolomne, Calaveras Counties, California. Internet and phone services were back on for most residents across the Mother Lode area of California November 15. An AT&T service representative reported that there was a vehicle accident November 14 that damaged fiber lines. The accident was in the Stockton, California area, according to AT&T. It may have been related to a vehicle accident November 14 on Highway 12 that knocked utility lines down. AT&T has not confirmed whether that location is the source of the outage. The outage affected most all DSL customers across Tuolumne and Calaveras Counties, including Internet customers who have service through other companies like Mother Lode Internet, Gold Rush, and Hub 3. AT&T phone service was restored for most residents November 14, and a majority got back online with Internet November 15. Source: http://www.mymotherlode.com/news/local/1175129/Internet-And-Phone-Services-Restored.html

58. November 13, Milwaukee Journal Sentinel – (Wisconsin) Sprint cellular service was out November 12. Telecommunications carrier Sprint’s mobile-phone service in Milwaukee and other parts of southern Wisconsin as far as Madison were knocked out of service for much of November 12, Sprint spokespersons said November 13. An outage for Sprint mobile voice, data, and text service lasted from 2:30 pm to 9:30 pm November 12, a spokesman said. An equipment breakdown at a major switching station in New Berlin knocked out service in most of Milwaukee and a broad swath of southern Wisconsin. Sprint was unable to say how many users were affected but parent company Sprint Nextel Corp. ranks as the third largest wireless carrier in the United States with 50 million customers. Source: http://www.jsonline.com/news/wisconsin/107761143.html

59. November 13, Chico Enterprise-Record – (California) Severed communications cable isolates Oroville, California. A severed fiber optic cable effectively shut off Oroville, California from the rest of the world November 12, halting calls in and out of the area, and in many cases blocking Internet and e-mail service and cell phone communication. The outage was first noticed around 9:45 a.m. when people in Oroville could call local prefixes, but could not call out of the area. The director of media relations for AT&T said the cable was accidentally cut when some work was being done. Reports of the phones being restored began about 1:30 p.m. Calls also could not be made to or from some cell phones. The loss of communication did impact the Oroville Police Department, but calls were quickly rerouted. Source: http://www.chicoer.com/news/ci_16601459