Thursday, December 2, 2010

Complete DHS Daily Report for December 2, 2010

Daily Report

Top Stories

• According to the International Business Times, a report by the U.S. Government Accountability Office (GAO) found gaps in security of wireless networks used by federal agencies and made many recommendations to enhance safety. (See item 30)

30. December 1, International Business Times – (National) GAO finds gaps in wireless security at federal agencies. The U.S. Government Accountability Office (GAO) found several gaps in the security of wireless networks used by federal agencies and made several recommendations to enhance safety, according to a report published November 30. U.S. federal networks, including the Pentagon, have increasingly become targets of cyber attacks and hacking. The Pentagon is currently stepping up its cyber security system after hackers hijacked the Internet for over 15 minutes earlier in November. Given such intrusions in cyber security, the GAO was asked to suggest several updates to its previous report on information security. “Existing government-wide guidelines and oversight efforts do not fully address agency implementation of leading wireless security practices,” the GAO said. The GAO conducted detailed testing at the Departments of Agriculture, Commerce, Transportation, Veterans Affairs, and the Social Security Administration. Source:

• The Des Moines Register reports computer hackers have broken into an Iowa state government Web site for the third time this year, exposing continued vulnerabilities in the state’s digital security programs. (See item 38)

38. December 1, Des Moines Register – (Iowa) Hack of alert system shows vulnerabilities. Computer hackers have broken into an Iowa state government Web site for the third time this year, exposing continued vulnerabilities in the state’s digital security programs. The latest incident occurred November 27 when a hacker breached a server used by the Iowa Department of Public Safety to issue Amber Alert bulletins involving child abduction cases. The hacker used the access at 8:18 a.m. to reissue an Amber Alert warning from February about a Council Bluffs teenager who was missing and later found safe. The bulletin was canceled at 8:23 a.m. and there is no indication that any search was launched to find the girl. The Iowa Division of Criminal Investigation’s cybercrime unit is investigating in cooperation with the Iowa Department of Administrative Services, a spokeswoman said. Source:


Banking and Finance Sector

11. November 30, SPAMfighter News – (International) Internet gaming and e-commerce phishing assaults explode. Internet Identity (IID) services and technology provider recently published its Phishing Trends Report that found global phishing attacks based on mimicking gaming and e-commerce Web sites rose considerably from one year to another during July-September 2010 i.e. Q3-2010. The report said cases in which cyber-criminals impersonated e-commerce Web sites, other than eBay, to capture sensitive information from unwitting users, rose 317 percent during Q3-2010 in contrast with Q3-2009. Similarly, phishing assaults mimicking online games rose 347 percent during Q3-2010 in contrast with Q3-2009. IID thinks this trend will continue in Q4-2010, given past history. For instance, over Q3-Q4 2009, phishing attacks on e-commerce Web sites, other than eBay, rose 86 percent. IID states that in spite of the growing number of gaming and e-commerce Webs ite phishing attacks, these sectors are subject to just 7 percent each of all spoofed assaults. The maximum number of phishing assaults (79 percent) happens within the money-transfer and banking sectors; 4 percent occur through social networks and e-mail; and 3 percent from operations within “other” sectors. The president and CTO of IID said conventional cyber-criminals exploited ongoing events, leading to a rise in phishing assaults spoofing e-commerce Web sites on the run up and at the time of the vacation period when shopping was the highest. He further said that as people globally became active participants during the excessive Internet shopping season, there could be rises in e-commerce assaults worldwide. Source:

12. November 30, Associated Press – (International) Ex-Deloitte partner charged with insider trading. Federal regulators charged a former partner at Deloitte & Touche LLP and his wife with insider trading November 30, accusing the couple of providing confidential information on company acquisitions to relatives overseas. The Securities and Exchange Commission (SEC) announced the civil charges against the suspect and his wife, who live in San Francisco, California. The SEC alleged in a lawsuit that the couple gave advance notice of at least seven acquisitions planned by the accounting firm’s clients to the wife’s sister and brother-in-law in London, England. The SEC said the brother-in-law’s trades off the confidential information reaped profits of $3 million. The wife was arrested November 30 by FBI agents on criminal charges of obstructing the SEC’s investigation of the case. The indictment, handed up by a federal grand jury in San Francisco November 23, was unsealed November 30. The wife appeared in federal court and was released on a $250,000 bond; she is scheduled to be in court again December 14. The couple, through their attorneys, disputed the SEC’s civil charges and said they would contest them in court. The agency is seeking unspecified fines and restitution. Source:

13. November 30, – (New Jersey) Bergen County woman accused of running $8M Ponzi scheme. A Bergen County, New Jersey woman who promised high returns to investors in a business that purportedly bought and sold designer clothing and electronic goods was charged November 30 with orchestrating a multimillion-dollar Ponzi scheme. The 39-year-old suspect, who resides in Fair Lawn, surrendered to the FBI in Newark to face wire fraud charges in a scheme that allegedly bilked investors out of at least $2 million from December 2008 to September 2010. She allegedly used investors’ funds to pay for a Royal Caribbean cruise and purchases at luxury retailers like Burberry, Gucci, and Coach. She also allegedly gave more than $26,000 to her mother, who authorities said had no role in the business. Source:

14. November 30, Grosse Pointe Today – (Michigan) Woman charged in October robbery of Chase Bank in Grosse Pointe City. A 24-year-old Detroit, Michigan woman has been arrested and charged in the robbery of the Chase Bank branch in the City of Grosse Pointe, Michigan, October 28, an FBI spokesman confirmed November 30. The suspect had her initial hearing in federal court November 22 and was released on bail. A Special Agent would not release any other information about the investigation, which continues. The robbery was thought to be part of a three-bank spree by a man-woman team, who also hit Chase Banks in St. Clair Shores and Detroit the same day, all within a 2-hour period. Both the man and woman were caught on bank video systems wearing Oakland A’s baseball caps. Source:

15. November 29, The Register – (International) Oz bank meltdown due to file corruption. The 5-day mainframe bank system meltdown at the National Bank of Australia (NAB) was due to a corrupted file on an IBM mainframe system that was being upgraded. Staff attempted the upgrade November 25, but it failed to complete. It was reversed and that was when, it appears, ongoing payment processing data in a file was corrupted. It caused payments to stop or to be recorded incorrectly, with some customer accounts having multiple incorrect debits applied. Money transfers to other banks as well as the NAB’s own customers were affected. Private and business customers were prevented from accessing their accounts at ATMs and electronic funds transfer payments stopped. Customers had to attend branches in person to get cash, and the bank hurriedly opened some branches November 28 to cope with the rush. A payment processing backlog built up. Some customers had interest applied to illusory debts in their accounts, and the bank’s support staff had the massive job of rolling everything back to a known good point, and then reapplying transactions in strict time to get everything back up to date. The bank has promised that disadvantaged customers will have their accounts put right. Source:

Information Technology

39. December 1, IDG News Service – (International) China to inspect government computers for pirated software. As part of a new push to weed out piracy in the country, China will inspect central and local government computers to ensure all the departments are using copyrighted software. The government made the announcement November 30, adding that the inspections will be completed before the end of October 2011. Coinciding with the announcement, Microsoft said it has filed a lawsuit against 10 Chinese companies for selling computers pre-installed with pirated software. The U.S. company has been a major victim of such copyright violations in the country and has been working with China’s government to stop them. Along with the inspections of government computers, China also plans on establishing budget controls for the long-term procurement of software, according to the November 30 statement from China’s general administration of press and publication. The government also wants to push businesses to use legitimate software. Source:

40. December 1, ITworld – (International) WikiLeaks moves to Amazon cloud to weather DDOS attacks. After 2 days of increasingly intense DDOS attacks, controversial secret-government information site WikiLeaks has moved or expanded from the Swedish PRQ hosting provider to Amazon’s EC2 cloud service. It may have previously switched at least part of its content to the French ISP Octopuce. Specifically, according to traces by Computerworld and other sites, WikiLeaks’ data is feeding from two sites owned by Amazon: one in Seattle and one in Ireland. A hacker or organization that calls itself The Jester has claimed credit for the attacks, which hovered around 4Mbit/second November 29 and reached as high as 10Gbit/sec November 30, according to anti-DOS service providers. The documents were spread out between the main WikiLeaks site and a secondary site. The sites were unavailable intermittently November 30 as a result of the attacks, which came from a small number of IP addresses, largely in Russia, eastern Europe, and Thailand. Ten gigabits per second is a big attack, but not in the most-aggressive league, according to the SVP of network intelligence and availability at Verisign. Source:,0

41. December 1, The Register – (International) Feds pursue Russian, 23, behind 1/3 of all world spam. FBI investigators have named a 23-year-old Russian as a prime suspect behind the operation of the infamous 500,000 Mega-D botnet, blamed for an estimated one in three spam e-mails prior to a take-down operation early last year. The 23-year-old Moscow resident was accused of violating U.S. anti-spam and fraud laws in a sworn testimony by an FBI agent investigating the case, the Smoking Gun reports. Webmail records from two Gmail accounts and financial transactions (via the ePassporte service) link the suspect to the operation of the botnet, according to court paper submitted in a grand jury investigation. He is the first suspect to be named in the Mega-D botnet investigation. Source:

42. December 1, The Register – (International) Russia beats off U.S., floods world with spam. Russia has eclipsed the United States as the main villain in global spam distribution, according to stats published by Russian security firm Kaspersky Lab December 1. While Russia was top of the rogues, the United States fell from its customary heights to a lowly 18th place for October, the month covered by the latest reports. Kaspersky credits the takedown of both the Pushdo/Cutwail and Bredolab botnets for the drop. Many of the infected machines that made up the components of these zombie networks were based in the United States. Few experts expect the drop to be sustained over the long term. Source:

43. December 1, The Register – (International) Free software repository brought down in hack attack. The main source-code repository for the Free Software Foundation has been taken down following an attack that compromised some of the Web site’s account passwords and may have gained unfettered administrative access. The SQL-injection attacks on GNU Savannah exploited holes in Savane, the open-source software hosting application that was spun off from SourceForge, a campaigns manager for the Free Software Foundation told The Register. The attackers were then able to obtain the entire database of usernames and hashed passwords, some of which were decrypted using brute-force techniques. Project managers took GNU Savannah offline November 27, more than 48 hours after the attack occurred. Restored data will come from a backup made on November 24, prior to the compromise. The campaigns manager said there is no reason to believe any of the source code hosted on the site was affected by the breach. Source:

44. November 30, DarkReading – (International) New tool patches offline VMs. Researchers with IBM and North Carolina State University have come up with a way to patch security holes in virtual machines (VMs) even when these systems are offline, closing a potential security hole. They built a tool called Nuwa. “We’ve designed a way to patch these virtual machines while they are offline so that they are kept up to date in terms of security protection,” said a lead researcher. “Current patching systems are designed for computers that are online, and they don’t work for dormant computers or virtual machines. The tool we developed automatically analyzes the ‘script’ that dictates how a security patch is installed, and then automatically rewrites the script to make it compatible with an offline system.” Nuwa is based on technology developed by IBM called Mirage that handles large numbers of offline VM images. According to the research, Nuwa sped up patching by more than four times that of an online method, and two to four times as fast when used with IBM’s Mirage. Source:

45. November 30, Help Net Security – (International) Canon image originality verification proven useless. ElcomSoft discovered a vulnerability in Canon’s Original Data Security System, a validation system to guarantee authenticity of digital images captured with supported Canon cameras. The vulnerability opens the possibility to produce images that will be positively validated by Canon’s own Original Data Security Kit (OSK-E3) regardless of whether or not the images are, in fact, genuine. After performing analysis of Canon hardware, ElcomSoft researchers were able to extract secret keys used to calculate authentication data from Canon EOS digital cameras, and use the keys for adding authenticity signatures to a set of manipulated digital images. The vulnerability exists in all Canon cameras manufactured to this day that have the security feature. ElcomSoft made Canon aware about the vulnerability by notifying the vendor as well as the CERT Coordination Center as a trusted third-party. Source:

46. November 29, DarkReading – (International) New HTTP POST DDoS attack tools released. Two free tools have been unleashed that exploit the recently demonstrated slow HTTP POST attack that takes advantage of a generic flaw in HTTP — the so-called “R U Dead Yet?” tool and the OWASP HTTP POST Tool. In October, researchers at the OWASP 2010 Application Security Conference in Washington, D.C., demonstrated how the HTTP protocol leaves the door open for attackers to wage a new form of distributed denial-of-service (DDoS) attack that floods Web servers with very slow HTTP “POST” traffic. The researcher who first discovered the attack in 2009 with a team of researchers in Singapore, and a researcher with Proactive Risk, also demonstrated how an online game could be used as a means of recruiting bots for an “agentless” botnet that executes this HTTP POST DDoS attack. The researcher who first discovered the attack said HTTP is broken and all Web-based servers or systems with a Web interface are vulnerable. An independent researcher unleashed “R U Dead Yet?” the week of November 22, and then the security researchers pushed out their tool November 25. Source:

For more stories, see items 47 and 50 below in the Communications Sector

Communications Sector

47. December 1, The Register – (International) 97% of Internet now full up, warn IPv4 shepherd boys. Less than 3 percent of IPv4 address space is still to be allocated, after two huge chunks were given to American and European ISPs. ARIN and RIPE, which administer IP addresses on either side of the Atlantic, each received two /8 address blocks in November. A fifth block went to their African equivalent. The moves leave only seven /8 blocks — 2.7 percent of the total of 256 — unallocated by the Internet Assigned Numbers Authority (IANA). For years, warnings were issued that the Internet in its current incarnation is running out of space for new devices. Now that reality is imminent. In mid-November, a key figure in the development of ARPANET, the forerunner to the Internet, said: “There’s no question we’re going to be out of address space by springtime of 2011.” Even that estimate could be optimistic. The CTO of ISP Timico said: “I will need to revise my exhaustion date but February is either looking good or too late.” It remains to be seen what effect the exhaustion of IPv4 will have. ISPs vary wildly in readiness for the successor protocol, IPv6, which provides many orders of magnitude more address space. For Internet users, any effects won’t likely be felt until IPv6-only services start appearing. If ISPs have not upgraded networks by then, those parts of the Internet will be inaccessible to their customers. Source:

48. December 1, Pittsburgh Tribune-Review – (Pennsylvania) Verizon offering reward in Fayette County copper theft. Almost 25 incidents involving the theft of telephone cable remain under investigation in Fayette County, Pennsylvania with Verizon offering a reward of up to $50,000 for information leading to the arrest and prosecution of whoever is responsible. A Verizon spokesman said someone has been cutting sections of its phone line from poles at various locations throughout the county since April 2010. The most recent theft occurred November 23 in the Point Marion area and resulted in the loss of more than 600 feet of copper wire. The spokesman said the thefts have taken place in secluded rural areas, making it difficult to catch the culprits. “It’s put the safety of our customers at risk,” he said, noting that affected customers cannot call 911 from their land lines until service is restored. “It’s caused unnecessary outages.” In addition, the thefts have cost Verizon about $200,000 in damages, he said. Source:

49. November 30, Network World – (Georgia) AT&T goes after copper wire thieves. Copper thieves targeting Atlanta, Georgia are now being targeted themselves by AT&T, which is offering $3,000 for information leading to arrests. The Atlanta Journal-Constitution (AJC) reported that in one recent 3-day stretch, nearly 7,000 customers and two schools lost land line phone service. A cell phone tower also was temporarily knocked out. AT&T saw 11 thefts in 1 week in one location, including 8 in one morning. Damage to telephone lines exceeded $500 in each case. Georgia law makes that a felony, punishable by jail time and fines, the AJC report stated. Source:

50. November 30, Android Community – (International) T-Mobile G2 hardware security hacked completely! Even though T-Mobile took a lot of precautionary measures to make sure that the G2 phone would not be able to be rooted, the hardware is now fully unlocked. This is more than just simply rooting and putting ROMS on, the hardware is now completely open for development. Unlocking the phone is a very complicated process done by some pro developers who know exactly what they are doing, but they are certain to post a step by step guide on how normal android users can do it. Source: