Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 28, 2008

Complete DHS Daily Report for November 28, 2008

Daily Report


 The Associated Press reports that a part-time assistant harbor master on Cape Cod has been charged by federal authorities with pretending to be an armed federal agent so he could bypass security at Logan International Airport in Massachusetts. (See item 11)

11. November 26, Associated Press – (Massachusetts; National) Cape Cod harbor master charged with being fake fed. A part-time assistant harbor master on Cape Cod has been charged by federal authorities with pretending to be an armed federal agent so he could bypass airport security. The man from Rockland was freed on $50,000 unsecured bond following his initial appearance Tuesday in U.S. District Court in Boston. He was flying from Boston to San Diego on January 1, 2007, when he approached an American Airlines ticket counter at Logan International Airport and flashed a badge he carries as a part-time assistant harbor master in Chatham, according to federal prosecutors. The man, a medical supplies salesman, also filled out a “flying while armed” form and wrote that he worked for the U.S. Department of Homeland Security, prosecutors said. He did not bring a gun on the plane. He allegedly did the same on his return trip to Boston three days later. But this time, according to court documents, he was invited into the cockpit, was told the identity of the two air marshals on the flight, and was informed who else on the plane was armed. The man told WHDH-TV that he volunteered for a Coast Guard subcommittee, which is a division of Homeland Security. He is charged with impersonating a federal agent and making false statements. The case took almost two years to come to light so federal authorities could tighten airport security and prevent similar incidents, said a spokeswoman for the U.S. attorney’s office. “The flying public can be assured that this has led to a change of procedures to ensure that credentials are properly vetted,” said a spokeswoman for the Transportation Security Administration. Source:

 According to eWeek, Google says’s claims about a Gmail vulnerability are incorrect. The issue is just an example of a successful phishing attack targeting Web domain owners, Google says. (See item 29)

See Information Technology section below for details


Banking and Finance Sector

7. November 26, Wall Street Journal – (National) Mortgage rates fall as U.S. expands rescue. U.S. officials pledged to pump another $800 billion into ailing credit markets, much of it directly from the Federal Reserve. The Fed, whose traditional lending role has been to make emergency loans to banks, plans to purchase in coming months up to $600 billion of debt issued or backed by Fannie Mae, Freddie Mac, Ginnie Mae, and Federal Home Loan Banks, all mortgage-finance businesses with close ties to the government. The Treasury Secretary announced plans to try and help banks loan money out to people faster. But critics say that “throwing money at the problem” is what spurred the crisis to begin with. In addition, with support from the U.S. Treasury, the Fed will provide up to $200 billion in financing to investors buying securities tied to student loans, car loans, credit-card debt, and small-business loans. The intervention, the latest in a series of unprecedented government actions, immediately pushed down rates on 30-year mortgages by as much as one-half percentage point. Source:

8. November 25, New Jersey Star Ledger – (New Jersey) ID theft ring targeted NJ home equity lines of credit. Four men were arrested Monday in connection with an international identity theft scheme that siphoned at least $2.5 million from home equity lines of credit at dozens of banks, including at least eleven in New Jersey, authorities said. The suspects targeted homeowners with big credit lines at large and small financial institutions, including Citibank, JPMorgan Chase, and credit unions in Basking Ridge, Bridgewater, and Toms River, authorities said. They used stolen personal data and technological tricks to fool bank employees into transferring funds to accounts in at least seven countries, authorities said. “Home equity lines of credit are an expanding front in the battle against mortgage fraud,” a U.S. attorney said. Monday’s arrests follow an FBI investigation that began in November 2007. Source:

9. November 25, Washington Post – (National) FDIC chair: more problem banks. The FDIC chairwoman said Wednesday that the number of “problem” banks and thrifts in the third quarter rose from 117 at the end of the second quarter of this year to 171 at the end of the third quarter, the highest level since 1995. “Community banks — those with total assets of under $1 billion — are beginning to exhibit stresses similar to those facing the industry as a whole,” the FDIC said. “However, capital levels and reliance on retail deposits remain higher at these banks than the industry average.” More people are putting their money in banks, the FDIC reported. Estimated insured deposits were up by 1.8 percent in the third quarter and 7.1 percent over the past four quarters, the agency said. Source:

Information Technology

27. November 26, Softpedia – (International) Widespread malware attacks target Windows 7, Vista SP1, and XP SP3 vulnerability. Microsoft confirmed not only that malware attacks designed to take advantage of a Server Service vulnerability, affecting both Windows client and server versions of the platform, were no longer isolated and targeted cases, but also that infections with malicious code had been detected. On November 25, a Microsoft Security Response Center communications manager, and senior program manager and response coordinator, revealed that the company was aware of a new wave of attacks, targeting a vulnerability rated as critical, for which Microsoft Security Bulletin MS08-067 had been released in October as an out-of-band patch. The security update was designed to integrate with a variety of Windows operating systems, including Windows Vista SP1, Windows XP SP3, and even Windows 7. Microsoft pointed out that there were two pieces of malware associated with attacks exploiting the Server Service vulnerability: Win32/Conficker.A (also TA08-297A, CVE-2008-4250, VU827267 W32.Downadup (Symantec)) and Win32/IRCbot.BH (Win32/IRCBot.worm.Gen (AhnLab); Win32/IRCBot!generic (CA); WIN.IRC.WORM.Virus (Dr.Web); Exploit-DcomRpc.gen (McAfee); Mal/IRCBot-B (Sophos); Purple Exploit). According to Microsoft, Win32/Conficker.A even patches the very API vulnerability, which it uses to infect machines, in order to prevent any further exploits to take advantage of the security hole. The senior program manager and response coordinator explained that the majority of infection reports were generated in the United States, but that the worm was also detected in Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina, and Chile. At the same time, Win32/Conficker.A completely avoids to exploit and infect Ukrainian computers. Source:

28. November 25, eWeek – (International) Spam levels creep back up 2 weeks after McColo shutdown. Spam levels are heading back up after dropping dramatically following the shutdown of Web hosting company McColo. According to Symantec security research, some notorious botnets are back in action. Spam levels appear to be rising again after a steep decline. According to researchers at MessageLabs, now part of Symantec, spam volumes have doubled since last week. Spam levels dropped off dramatically with the shutdown of Web hosting company McColo on November 11. Though the firm briefly gained new life the weekend of November 15, it was quickly shut down again, and spam at first remained at relatively low levels. In a blog post, Symantec Security Response noted that in addition to overall spam volumes being up, the percentage of spam messages containing the text/HTML content type mime part have jumped to 55 percent of all spam. Since the McColo takedown, that percentage has been around 34 percent. This change indicates that a return to normal spam activity could be in the works, according to the blog. Source:

29. November 25, eWeek – (International) Google says reports of Gmail flaw unfounded. Google says’s claims about a specific Gmail vulnerability are incorrect. The issue is just an example of a successful phishing attack targeting Web domain owners, Google says. Google officials have challenged the assertion that a Google Gmail security flaw was at the center of an issue described on the blog. A posting on November 23 warned of a flaw allowing attackers to force Gmail users to create a malicious message filter without their knowledge. As a result, the post said, attackers could hijack messages sent to a victim’s Gmail account by redirecting messages into the trash and forwarding copies to the attacker. Google, however, explained that the source of the problem was not a flaw in Gmail, but a phishing scheme in which attackers sought to lure Web domain owners to rogue sites so their information could be stolen. Source:

Communications Sector

30. November 26, Associated Press – (Texas) Texas to test wireless call blocking in prison. Texas officials plan to test cell phone jamming technology after a prison system lockdown and search turned up hundreds of smuggled mobile devices. The test has been proposed for December 18 at the Travis County state jail in Austin. The House Corrections Committee Chairman said he requested the test. Officials at the Texas Department of Criminal Justice were working to set up the demonstration, said an agency spokeswoman. Florida-based CellAntenna Corp., which recently conducted a similar test in South Carolina, has agreed to do the Texas demonstration. Prison officials from several states gathered at a South Carolina prison on Friday to see how the equipment blocks wireless calls. The technology prevents cell tower transmissions from reaching the phone. Regulators can grant permission to federal agencies to use the technology, but federal law prevents State and local agencies from jamming cell phone signals. Still, prison officials hope they will be granted permission to use the blocking technology. Critics say it is impossible to contain the jamming technology to one or two buildings, and that using it runs the risk of affecting people using phones nearby. Source:

No comments: