Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 2, 2008

Daily Report

• The Associated Press reports that Congress found that operators of nuclear power plants have yet to comply with some of the government’s fire safety rules three decades after they were issued. (See item 8)

• The U.S. Defense Department is resisting orders from the U.S. Environmental Protection Agency (EPA) to clean up Fort Meade and two other military bases where the EPA says dumped chemicals pose “imminent and substantial” dangers to public health and the environment. (See item 25)

Banking and Finance Sector

13. July 1, Tennessean – (National) Criminals snare savvy buyers with sophisticated Web scams. Online auction fraud is the most common, according to the Federal Bureau of Investigation (FBI). Last year, the agency received 206,884 complaints about crimes perpetrated over the Internet, amounting to a record of nearly $240 million in losses, a $40 million increase from the year before. The criminals themselves have become more sophisticated in recent years, according to law enforcement. Some are working in international gangs, many of which are in Eastern Europe, where access to affordable technology is combined with high unemployment and weak law enforcement, according to the supervisory special agent for the FBI’s cyber crime squad in Nashville and Memphis. In Tennessee, 9,920 consumers told the Federal Trade Commission they were victims of fraud last year, a 44 percent increase from the previous year. The better criminals are getting people to click on Web sites that secretly install software to track your movements. That software, totally undetected by the user, can find out your bank account and passwords when you pay your bills online or handle other financial transactions. Source:

14. July 1, Tallahassee Democrat – (National) Hackers hit Dave & Buster’s in credit-card fraud. The U.S. Department of Justice has confirmed arrests and the name of the national restaurant chain in a credit and debit card fraud case that hit Tallahassee last week when Envision Credit Union de-authorized 612 cards it had issued to members. Houston-based Dave & Buster’s restaurants were named in the case that began in 2006 when information on more than a million credit and debit cards was compromised in a computer hacking incident. 27-count indictment was issued by a New York State grand jury, according to a Justice statement. The three men are charged with wire fraud conspiracy, wire fraud, conspiracy to possess unauthorized access devices, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, computer fraud, and interception of electronic communications. Stolen was “Track 2” data, which includes card numbers and expiration dates. Losses in the case have been in excess of $600,000. The senior vice president at Envision Credit Union said no charges or debits were incurred against cards issued to members. However, the institution has begun the process of reissuing cards to 468 debit card holders and 144 credit card holders as a precaution. Source:

15. June 30, Seacoast Online – (New Hampshire) Hannaford data breach fallout continues. Approximately 7,000 individuals who have Ocean National Bank ATM/Debit Cards are having them replaced because there has been recent illegal activity on them reported. “At the time (of the breach) we gave Ocean customers the opportunity to have their debit cards re-issued,” said a senior vice president with Chittenden Bank, a sister institution of Ocean’s. With new illegal activity taking place, bank officials decided now is the time for a total re-issue, she said. A letter was sent to all Ocean customers dated June 25, advising them of that decision. The fraudulent activity involves only signature-based transactions, so current Ocean Debit Cards can still be activated using the customer’s personal identification number, the bank indicated. Customers were also cautioned to continue to check their monthly statements and utilize the bank’s online system to review transactions. The company says credit and debit card numbers were stolen during the card authorization transmission process but no personal information like names, addresses, or telephone numbers was divulged. Source:

Information Technology

33. July 1, Register – (National) Apple’s fourth Leopard spits out 25 patches. Apple has issued 25 security updates that come bundled with Monday’s release of Mac OS X 10.5.4. The firm said its latest Leopard release addresses operating system and application performance issues and fixes a heap of security flaws. The update affects operating system components that include CoreTypes, c++filt, Net-SNMP, Ruby, Tomcat, VPN, Alias Manager, and Webkit. Six of the vulnerabilities affect the Ruby programming language. Apple said: “Multiple memory corruption issues exist in Ruby’s handling of strings and arrays, the most serious of which may lead to arbitrary code execution.” Source:

34. July 1, IDG News Service – (National) Study: Astounding number of laptops lost in airports. According to a new survey, some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday. Laptops are most commonly lost at security checkpoints, according to the survey. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65 percent of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-sized airports, and 69 percent are not reclaimed. Travelers seem to lack confidence that they will recover lost laptops. About 77 percent of people surveyed said they had no hope of recovering a lost laptop at the airport, with 16 percent saying they would not do anything if they lost their laptop during business travel. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information. Airports, along with hotels and parked cars are places where laptops can be easily stolen, said the U.S. Federal Trade Commission (FTC) on its Web site. The confusion of going through security checkpoints can make it easy for travelers to lose track of their laptops, making it “fertile ground for theft,” the FTC said. The FTC recommends people treat laptops “like cash.” Like a wad of money, a laptop in public view – like the backseat of the car or at the airport – could attract unwanted attention. The FTC also recommends using tracking devices which can help track down a stolen laptop by reporting its location once it is connected to the Internet.


35. June 30, Dark Reading – (National) Social engineering expert reveals brick-and-mortar identity theft risks in banks, ISPs, and other firms. A researcher performing social engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100 percent success rate. The hacking director for PacketFocus Security Solutions and chief executive officer of RedFlag Security says organizations typically are focused on online identity theft from their data resources, and do not think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman. He once walked out of a client site carrying their U.S. mail tray with 500 customer statements inside it, he says. “This is the forgotten and overlooked” security risk for identity theft, he says. “That’s why the first time we show [our clients] what we can do, it blows them away.” But with the Federal Trade Commission’s (FTC) new identity theft regulations requiring banks, mortgage firms, credit unions, automobile dealerships, and other companies that provide credit to assess identity theft risks as well as add policies and procedures to pinpoint any “red flags” as of this November, the hacking director and his team are in hot demand to perform undercover social engineering exploits for banks and other firms to test their ID theft vulnerabilities. Source:

36. June 30, CNet – (National) PDT SecureWorks unmasks the Coreflood Trojan. On Monday, SecureWorks released its analysis of the Coreflood Trojan, providing an inside look at a stealthy online predator. According to a blog by the director of malware research for SecureWorks, Coreflood started out as an internet relay chat botnet back in 2002. Coreflood – or AFcore, as the author refers to it within the code – is apparently viewed by its author as corporate software that can be tweaked as business needs change. For example, over the last six years, Coreflood has evolved from initiating distributed denial-of-service attacks to collecting IDs and passwords for bank fraud. With the help of Spamhaus, an antispam organization, SecureWorks was able to gain cooperation from one of the command and control centers for Coreflood. What the research found was not only source code but 50 gigabytes of compressed data, searchable in a MySQL database. Within was 378,758 unique bot IDs over a 16-month period. Logged was the time-stamped lifecycle – from infection to removal – of each compromised computer. They found the average to be about 66 days. Source:

37. June 30, CNet – (National) Google Calendar now the target of phishers. A few months ago, spam came to Google Calendar. Now, phishing has arrived. An intrepid Google watcher wrote late last week about being the target of a phishing attempt via Google Calendar. He received an e-mail to his Gmail account with a reference to a legitimate event from his calendar. The sender was listed as “customer care” and it asked him to verify his account by supplying his user name and password. “We are having congestions (sic) due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted. We are sending you this email to so that you can verify and let us know if you still want to use this account,” the e-mail said, complete with grammatical and spelling mistakesthat can tip people off to phishing attempts. On May 28 a Google Talk Guide addressed the issue in a Google Groups thread. He urged users to click the “Report Phishing” link if they receive suspicious e-mails and not click on links or open attachments. Google representatives did not immediately respond to an e-mail seeking comment on Monday. Source:

Communications Sector

38. July 1, Associated Press – (National) CFI report: Cable, satellite call centers fail. The cable and satellite industry received another poor report card Tuesday for customer service as a report from CFI Group North America ranked it last among eight industries evaluated. Adding in all criteria, cable, and satellite posted a 66 rating (down from 68 in the prior year), last out of eight industries that averaged 72, up from 70 last year, indicating that business in general is improving. The CCSI scale goes 1-100. Source: