Department of Homeland Security Daily Open Source Infrastructure Report

Monday, July 21, 2008

Complete DHS Daily Report for July 21, 2008

Daily Report

• The infrastructure that provides electricity to homes and businesses throughout the country is nearing the breaking point because of increased energy demands, and it remains vulnerable to cyber and terrorist attacks. (See item 2)

• European terrorists are trying to enter the U.S. with European Union passports. In addition, terrorists could use small boats or private aircraft sneak radiological material into the country. (See item 14)

Banking and Finance Sector

12. July 18, New York Times – (National) New offshore bank limits for U.S. clients, UBS says. Faced with a federal investigation into its private banking practices, the Swiss banking giant UBS said on Thursday that it would stop offering offshore banking services to clients in the U.S. The chief financial officer of the UBS global wealth management group told a Senate subcommittee that the company would provide banking or securities services to U.S. residents only through companies licensed in this country and that it would help the federal government identify American citizens engaging in tax fraud. On Wednesday, a Senate permanent subcommittee on investigations released a report saying that UBS’s offshore practices helped American citizens hide an estimated $18 billion in 19,000 accounts from the Internal Revenue Service. Source:

13. July 17, KMSB 11 Tucson – (Arizona) Better Business Bureau warns of credit fix scams. The Better Business Bureau (BBB) of Southern Arizona is warning consumers to be wary of miracle credit cures, as fraudulent companies try to take advantage of the credit crunch. The number of consumers in southern Arizona inquiring about credit counseling services has nearly doubled in 2008 compared to last year. A BBB spokesperson says consumers should not confuse credit repair with legitimate credit counseling services. “Virtually everything a credit repair company claims they can do for you, you can do for yourself at little or no cost,” she says. Before contacting a credit repair or credit counseling service, consumers can check out the company’s reliability report with the BBB. Source:

Information Technology

36. July 17, IDG News Service (International) New worm transcodes MP3s to try to infect PCs. A new kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks. The new malware inserts links to dangerous Web pages within Advanced Systems Format (ASF) media files. “The possibility of this has been known for a little while but this is the first time we’ve seen it done,” said a senior technology consultant for security vendor Kaspersky Lab. ASF is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware. The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, the consultant said. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft’s Windows Media Audio format, wraps them in an ASF container, and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing. Source:

37. July 17, KXRM 21 Colorado Springs (National) Viruses sent through fake news e-mails. Cyber-criminals have started using fake news headlines to spread computer worms and viruses. According to the internet security site MessageLabs, some e-mails use fake headlines from real news events, such as the recent earthquake in China. Others are celebrity-centered. Two new “spam clusters” related to a presidential candidate surfaced just last month. While viruses sent by email are nothing new, viruses in the form of fake news are. Source:

38. July 17, Forbes (National) Hackable broadband left unpatched. On July 8, tech heavyweights including Microsoft, Cisco Systems, and Sun Microsystems teamed up to fix a fundamental flaw in the Internet, one that could allow any Web user to be invisibly redirected to fraudulent sites designed to steal banking passwords or install malicious software on users’ PCs. But as of Thursday, Internet providers including AT&T, Time Warner Cable, Cablevision, and EarthLink had yet to install the software patch that would protect their customers from a cybercriminal exploit known as Domain Name System (DNS) Cache Poisoning, according to the findings of a Web-based analysis tool created by the security researcher who originally found the bug. The security flaw, found in the DNS servers used by large companies and Internet service providers, could allow cybercriminals to perform a new, undetectable form of “phishing,” security analysts warn. Typical phishing tactics include sending fraudulent e-mails to lure users to look-a-like banking or government Web sites that convince them to give up their bank codes or other sensitive information. This exploit, however, could directly hijack a user’s browsing. A user in a network with corrupted DNS servers who types “” or “” into an address bar, for instance, might be invisibly redirected to exact replicas of those sites that siphon data to identity thieves. The trick could also be used to direct users to sites that install malicious software on their computers and could even intercept e-mail correspondence. Source:

Communications Sector

39. July 18, Search Security – (National) Nasty zero-day hits BlackBerry server. A critical zero-day flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive data, according to an advisory issued by the French Security Incident Response Team (FrSIRT). The flaw is a PDF attachment handling error in the BlackBerry Attachment Service, FrSIRT said. An attacker could exploit the flaw by tricking a user to open a malicious PDF file attachment. The problem can be found in BlackBerry Enterprise Server software version 4.1.3 through version 4.1.5 and BlackBerry Unite software versions prior to 1.0.1. Users of BlackBerry Unite can upgrade to the latest version. The vulnerability has a Common Vulnerability Scoring System score of 9.0. FrSIRT has rated it “critical.” BlackBerry maker Research in Motion has confirmed the flaw and issued a warning to customers. A patch has not been released for Enteprise Server. As a workaround, companies can prevent the server from processing PDF Files. Source:

40. July 18, Florida Today – (Florida) CF physicist strikes GOLD. An orbiting camera designed by a University of Central Florida (UCF) researcher could be predicting space weather by 2013. Those predictions could help Global Positioning System users, satellite television companies, communications businesses, and the military understand and compensate for electromagnetic interruptions to their signals. A UCF physicist has spent almost two years designing the Global-Scale Observations of the Limb and Disk, or GOLD, project. As the university’s first principal investigator on a satellite project, he leads a team that will oversee construction and launch of an imaging spectrograph that will go into orbit attached to a commercial communications satellite. The GOLD camera, riding a spacecraft in a 22,000-mile geostationary orbit, will photograph the ionosphere below at an altitude of about 62 miles, measuring its temperature and composition. The camera also will detect differences in ionized molecules by measuring the ultraviolet light they release. Practical applications for the project include helping GPS units become more accurate and predicting when communications problems will occur because of signal interruptions. Source:

41. July 17, TMC Net – (Colorado) NexHorizon Triple Play, VoIP Co., undergoing infrastructure upgrade. NexHorizon Communications Inc. announced today that it has completed phase two of its infrastructure upgrade in its southeast Colorado systems. The company also announced that it has consolidated the Holly distribution site with Granada to help eliminate redundant operating costs. “The upgrades will enable NexHorizon to begin offering High-speed Internet and its re-branded digital phone service (VoIP) in Granada and Holly immediately. The infrastructure upgrades will enable the Company to offer various speeds at competitive prices in all of our markets for Internet service,” said chief executive officer for NexHorizon. Source: