Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, June 19, 2008

Daily Report

• Agence France-Presse reports that China plans to station food safety and product quality personnel at its embassy and consulates in the United States. The decision was made ‘based on the principle of reciprocity’, after the U.S. proposed sending American inspectors to China in December. (See item 13)

• The Washington Post reports that according to a GAO study, the police agency in charge of protecting about 9,000 buildings in the Washington area and across the country is so short-staffed that it has cut outdoor patrols aimed at detecting suspicious individuals and car bombs. (See item 22)

Banking and Finance Sector

8. June 18, Information Week – (National) Finjan finds health and business data being auctioned online. More than 500 megabytes of premium health- and business-related data, along with stolen social security numbers, have been found being offered to the highest bidder on crimeware servers in Argentina and Malaysia. Security firm Finjan discovered the illicit data market and issued a report about its findings on Wednesday. “Not too long ago, credit card numbers and bank accounts with PINs were selling for $100 or more each, on Web sites offering this type of stolen information,” the report says. “Nowadays, prices have dropped to $10 or $20 per item.” Cyber criminals have responded by focusing on high-value data and protecting it with encryption to prevent others from stealing their stolen property. This allows them to limit availability, to auction access off to the highest bidder, and to maintain prices. Among the things Finjan found were Citrix login credentials for a well-known U.S. hospital and a U.S. air carrier, Outlook account information, and social security numbers. Source:

9. June 17, WSBT 2 South Bend – (Indiana) UPDATE: List of affected customers growing after reports of fraudulent withdrawals. Local police and FBI agents are investigating after hundreds across the area reported money missing from their bank accounts over the weekend. Area police agencies are reporting account breaches from at least 10 different banks, credit unions, and other financial institutions. Thousands of dollars have been reported stolen. The accounts of theft varied wildly, from withdrawals of a few hundred dollars to a few thousand dollars. The vast majority of them came from ATM’s or debit card transactions posted in Nigeria, Russia, Ukraine, or Spain. The list of financial institutions affected is still growing. Some have been verified by banks and credit unions or local police. They include: Notre Dame Federal Credit Union; KeyBank; Teacher’s Credit Union; Michiana’s Finest Bank; Elkhart County Farm Bureau Credit Union; E-Trade Financial and Chiphone Federal Credit Union. WSBT has also received unconfirmed reports from customers at the following institutions who have reported money missing as well: National City Bank; Bank of America; First Federal Savings; and Wachovia Securities Spending Account. Source:

10. June 17, – (National) Astonishing sentence for astonishing scam. The cooperation of a former chief financial officer who was an accused mastermind of a more than $680-million scheme, has led so far to the arrest of 15 U.S. defendants. The former finance chief of three metals companies, including Allied Deals, was charged with participating in a sprawling, international Ponzi scheme that had resulted in over $680 million in losses for about 20 banks worldwide. These banks include: JPMorgan Chase; Fleet National Bank; PNC Bank N.A.; KBC Bank N.V.; Hypo Vereins Bank N.A.; Dresdner Bank Lateinamerika AG; China Trust Bank; and General Bank. The suspect helped two brothers and other co-conspirators allegedly set up and control an elaborate network of hundreds of sham nominee companies around the world to serve as fake purchasers of metal from Allied Deals so that the defendants could get loans from the victim banks. They allegedly used loan proceeds from one victim bank to make the loan payments required by another victim bank, while concealing that the newly-issued loans were not being used to fund actual, arms-length metal transactions and that the money used to pay off the loans had not been provided by the buyers of metal in bank-financed sales. Source:

Information Technology

28. June 18, Agence France-Presse – (International) OECD ministers agree to make Internet safer, more widely used. Ministers and officials from leading industrial nations agreed Wednesday to make the Internet safer and more accessible, to strengthen its role as a driving force in the global economy. The Organization for Economic Cooperation and Development (OECD) ministerial meeting adopted a “Seoul declaration” after a two-day forum on the future of the Internet economy. The declaration cites the need to strengthen security, reduce malicious activity online and protect personal data as well as privacy. The worldwide web has increasingly become a key global platform for commerce and social interaction but faces an ever-growing challenge of trust and confidence, according to an OECD report to the meeting. The report describes the Internet as a major driving force in global economic growth, responsible for 17.9 percent of OECD member states’ gross domestic product growth over the past decade. The group said that “protecting the Internet is a public policy priority.” More than 2,500 IT experts and officials took part in the meeting Source:;_ylt=Aryg0kirui7IyldpacIwljMjtBAF

29. June 17, Computerworld – (Iowa) Iowa floods forcing firms to race to keep IT afloat. As floodwaters continue to hammer Cedar Falls, Iowa, local businesses are already assessing the environmental disaster’s impact on IT operations, and how their disaster recovery plans are faring. As of today, 100 blocks in the city’s downtown are underwater and 3,900 homes have been evacuated in Cedar Falls. The CEO of T8Design, said his company had prepared disaster recover plans to deal with tornados or electric outages caused by human negligence, but executives never dreamed they would have to contend with a swollen Cedar River surpassing 500-year flood levels. Once it became apparent that rising floodwaters could damage its IT operations, the maker of software development tools warned its customers of possible latency issues. However, no disruptions or degradation of service has occurred to date, he noted. Source:

30. June 17, CNet News – (National) New DNSChanger Trojan variant targets routers. Secure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site. The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, the director of data mining research at Secure Computing, said in an interview with CNET on Tuesday. “Your network is essentially reconfigured to do all the (domain) name resolutions over this malicious name server,” he said. The DNSChanger Trojan is able to access all the settings and functions on the router. It only knows about a few popular router Web interface URLs that it can use to change DNS settings at this time, but that is expected to change and more routers will be affected, according to a Secure Computing blog entry. The Trojan is believed to be created by the creators of the family of malware called “Zlob,” which masquerades as an ActiveX video codec. Source:

31. June 17, iTWire – (International) Recent reports of SCADA’s demise have been greatly exaggerated. In the past few days, a large number of reports have appeared in the press regarding a security vulnerability in a widely used Supervisory Control and Data Acquisition (SCADA) package. A vulnerability was discovered by Core Security Technologies and reported in detail to Citect on February 6, 2008. After analysis of the issue, Citect responded to Core that, in effect, they could not determine how the vulnerability might affect their customers as the software was specifically designed and implemented to be well-separated from the internet, and as far as Citect knew, that was how it was being implemented. Citect added that it would be addressed in the next release of the software. Specifically, the only way a user of the software could be vulnerable is to have active ODBC interfaces and to be directly connected to the internet without any security. Source:

Communications Sector

32. June 18, CNet News – (National) Verizon boosts Fios speeds. Verizon Communications is boosting speeds for its Fios fiber-to-the-home service, the company plans to announce Wednesday. The company’s COO is expected to announce the speed upgrades during his keynote speech at the NxtComm trade show in Las Vegas. The upgrades come as Verizon customers use more bandwidth intensive applications such as video downloading and photo sharing. Source: