Department of Homeland Security Daily Open Source Infrastructure Report

Friday, July 25, 2008

Complete DHS Daily Report for July 25, 2008

Daily Report

• The U.S. Coast Guard closed 98 miles of the Mississippi River from New Orleans, Louisiana, southward after a fuel barge and a tanker collided early Wednesday, spilling 419,000 gallons of fuel oil. (See item 12)

• IDS specialists are calling for a fundamental rethinking of HIV policy after a new report showed that infection with the virus was rising dramatically in the South even as it dropped everywhere else in the country. (See item 25)

Banking and Finance Sector

7. July 24, Los Angeles Times – (California) L.A. sues financial firms, alleging fraud in bond issues. Bid-rigging and other alleged fraud by investment banks and insurance companies allegedly cost Los Angeles taxpayers tens of millions of dollars, according to a pair of lawsuits filed Wednesday by a Los Angeles City attorney. One of the suits alleges that such Wall Street heavyweights as Merrill Lynch & Co., Morgan Stanley and Bank of America Corp. conspired with more than three dozen other financial firms to defraud the city and other public entities in a long-running scheme that is also the focus of federal criminal investigations. Both complaints deal with the city’s issuance of municipal bonds. Such securities are sold by cities, counties and states to finance public projects such as the construction of roads, mass transit systems, schools and power plants. The money raised from selling the bonds is often placed in investments known as municipal derivatives until it is spent on the projects. Investment firms seeking to sell those instruments to municipalities are supposed to place competitive bids so that public entities receive the best possible rate of return. But according to the city’s lawsuit against the Wall Street firms, they and other defendants conspired to rig the process by deciding among themselves which firm would win each contract. The alleged conspiracy resulted in artificially low returns on the investments, costing the city “tens of millions of dollars it should have earned,” the attorney said. A federal grand jury in New York is hearing evidence in the case, according to the lawsuit, which says subpoenas have been issued to more than 30 commercial and investment banks, insurance companies and brokers. The Internal Revenue Service and the Securities and Exchange Commission also are investigating, according to the lawsuit. The city of Oakland and other municipalities have filed similar lawsuits. Source:,0,2312012.story

8. July 24, Post-Crescent – (Wisconsin) Telephone scam targets credit union members in Fox Valley. Police are telling residents to ignore automated telephone messages that urge credit union customers to reveal their account information. Several Fox Cities, Wisconsin, police departments said they had numerous reports Wednesday from people who say they received the automated calls purporting to be from financial institutions. The automated calls tell recipients their accounts are suspended and give a phone number for account-holders to call to re-establish service. The calls were made to both home phone and cellular customers, said the chief of the Combined Locks Police Department. The callers said they represented Fox Communities Credit Union. The credit union later placed a fraud alert about the calls on its Web site. The president of the credit union said calls started Tuesday night, and by Wednesday morning, the calls switched to using the name of another financial institution. He said the phone number has been shut down. The number belonged to a legitimate business, and was somehow hijacked by the scammers. Source:

9. July 24, Sino Cast – (International) China Anti-phishing Websites Alliance founded.

The China Anti-phishing Websites Alliance was officially founded in Beijing on July 23 with an eye to cracking down on anti-phishing websites and protecting Internet users from phishing. Members of the alliance include a raft of banks, third-party payment companies, e-commerce websites, and domain name registration companies such as the Industrial and Commercial Bank of China, Agricultural Bank of China, Bank of China, Construction Bank of China, Huaxia Bank, China Everbright Bank, Minsheng Banking Corporation, Galaxy Securities, Tencent, Taobao, Alipay, Alibaba, HiChina, eName, and so on. These members will make concerted efforts to stop DNS service of phishing websites in time to put an end to their operation. First the alliance will look over and secure the IT system of securities, financial institutions, e-commerce companies, and online payment companies, which have been much more vulnerable to phishing. Source:

10. July 23, IDG News Service – (National) Romanian admits to phishing, could face five years. A Romanian man pleaded guilty Tuesday to a federal fraud charge for his role in setting up fake Web sites in order to steal credit and debit card details. The suspect is one of 38 people of several nationalities charged in May with running a cybercrime ring centered around spam and phishing. In just one incident, the crew sent 1.3 million spam messages luring people to visit Web sites they had built to collect financial details. Using instant messaging programs, the hackers sent those details to “cashiers” in the U.S. Those cashiers would make fraudulent bank cards, encoding the bank information onto the magnetic stripe of dummy cards. The cards would then be used to withdraw money at cash machines with the highest withdrawal limits, the Department of Justice said. The hackers, some of who were located in Romania and elsewhere, would be sent a cut of the proceeds. Financial institutions affected included Citibank, Capital One, JP Morgan Chase and Wells Fargo. Also targeted was auction site eBay and its electronic payment branch, PayPal. Source:

Information Technology

33. July 24, VNUNet – (International) Networks riddled with vulnerabilities. Security experts have warned of at least one vulnerability in the network layer of every corporate network. The research also found that almost all networks have at least one vulnerability in the application layer. Security firm Orthus this week published an analysis of 100 in-depth security tests conducted over the past five years, The firm claims that this provides an insight into how security weaknesses and attack vectors have evolved and how organizations’ defenses have changed in response. The analysis looked at the results from 100 baseline security testing engagements delivered since the beginning of 2004 across a range of industry sectors including banking, insurance, finance, retail, manufacturing, transport, utilities, health, and education. The study found that 100 percent of tests found at least one security vulnerability at the network level, and 97 per cent of tests found at least one vulnerability at the application level. Orthus said that network layer weaknesses have come down from an average of 14 per test in 2004 to an average of six in tests delivered during 2008, a reduction of 57 percent. But application layer weaknesses have increased from eight per test in 2004 to 12 per test in 2008, a 50 percent rise. SQL injection and other SQL weaknesses increased 25 per cent, cross-site scripting increased 23 percent, and input validation issues increased 15 percent. Source:

34. July 23, PCPro – (International) Google Blogger “hosts 2% of world’s malware”. Google’s Blogger service is responsible for two percent of the world’s malware hosted on the web, according to a new report from the security firm Sophos. The security firm claims hackers are setting up pages on the free blogging service to host malicious code, or simply posting links to infected websites in other bloggers’ comments. “Blogger accounts for around 2% of malware,” according to Sophos’s senior technology consultant. “It’s head and shoulders above the rest [of the blogging services].” He says Blogger is worse than other blogging services because of its close ties with the search behemoth. “The attraction for the bad guys in targeting Blogger is that things pretty much get “spidered” instantly into Google, because it [Blogger] is part of Google,” he says. Sophos says it doesn’t blame Google for the situation and that the company is proactive in weeding out malicious sites from its search results. Source:

Communications Sector

35. July 24, Great Falls Tribune – (Montana) Cut fiber-optic line hangs up Hi-Line phone service. Telephone service was restored across Montana’s Hi-line early Wednesday evening after a cut fiber optic phone line between Fort Benton and Carter was repaired, a Qwest spokeswoman said. An after-hours dispatcher at Triangle Communications in Havre said the co-op’s line was cut around 3 p.m., causing the service interruption. He did not know how many customers were affected or how the line was cut. Source:

36. July 23, Computerworld – (National) Researcher warns of unpatched iPhone bugs. Security vulnerabilities in the iPhone’s e-mail application and Safari Web browser can be used by phishers to dupe users into visiting malicious sites or by spammers to flood the phone’s in-box with junk mail, a researcher warned today. The browser vulnerability researcher said he reported three separate bugs to Apple Inc. about two weeks ago: two in the iPhone Mail program and one in its Safari browser. Apple has acknowledged that the two vulnerabilities in Mail are security issues, he said, but the company is currently undecided on whether the Safari flaw meets its security bug criteria. At times, Apple has balked at labeling problems as security vulnerabilities, notably in May, when it initially said the so-called “carpet bomb” bug was not security-related. A month later, Apple did patch Safari to stymie the kind of attacks that Raff and other researchers had outlined. Source: