Department of Homeland Security Daily Open Source Infrastructure Report

Monday, July 28, 2008

Complete DHS Daily Report for July 28, 2008

Daily Report

• Software, called Intellipur, monitors the quality of food and drinks as they move from harvesting or production to grocery store shelves. It also regulates food quality in storageor transit with the use of ozone. (See item 23)

• The Committee on the Role of Public Transportation in Emergency Evacuation National Academy of Sciences this week released a study, which provides the most comprehensivreview to date of the readiness, or lack thereof, of major public transit systems. (See item42)

Banking and Finance Sector


13. July 25, Itweb.co.za – (National) Hackers attack businesses, Sophos security report reveals. IT security and control firm Sophos has published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals have honed their attacks to take advantage of weaknesses in the corporate workplace. At the same time, 2008 has seen unprecedented numbers of attacks against company Web sites, designed to infect visiting customers. The firm’s report reveals that corporate executives have been put at risk during the first six months of 2008 with targeted attacks, known as spear-phishing, designed to steal information from individuals at specific corporations rather than the internet community at large. In April, there was a specifically targeted malware campaign emailed to CEOs of various companies, all pretending to be subpoenas from U.S. federal courts, trying to frighten the hand-picked recipients into opening the dangerous attachment. Source: http://www.crime-research.org/news/25.07.2008/3475/


14. July 25, Greenville Sun – (National) Phone scam hit us, other U.S. areas as well. Greene County, Tennessee, was not the only area of the country hit by an international telephone scam designed to drain the bank accounts of the unwary. A resident agent in charge of the Knoxville office of the U.S. Secret Service said some 8 to 10 areas of the country were targeted recently by an international organized crime group. The organized crime group, the official said, routed recorded messages to U.S. phone numbers through an Iowa telephone company where the group had leased a block of telephone numbers. Thousands of Greene County residents received telephone calls on Wednesday night and Thursday morning that claimed to be from Andrew Johnson Bank and which warned the recipients that their bank cards had been canceled. The recorded messages directed persons to call a Des Moines, Iowa, telephone number, supposedly to get their bank cards reinstated. When that number was called, residents heard another recorded message that directed them to key in their bank account and PIN numbers. He also noted that Andrew Johnson Bank’s own records were not compromised by the scam. He said the criminals did not obtain telephone numbers of local residents from the bank. Instead, he said, the criminals apparently used computer software to sequentially generate calls to many telephone numbers in the 423 area code on Wednesday and Thursday. That, he said, is why many people who had no banking relationship with Andrew Johnson Bank received the automated telephone calls. One of the other areas affected by a similar scam was in central Missouri, according to an article posted on the Web site of KRCG in Jefferson City, Missouri. The July 18 article said Central Bank there had been targeted in similar fashion to Andrew Johnson Bank. Source: http://www.greenevillesun.com/story/296659


Information Technology


46. July 25, ITNews – (International) Fake ‘Yahoo sold to Microsoft’ spam boosts Rustock botnet. Security vendor Marshal is warning that a growing large-scale botnet – called Rustock - is forwarding spam containing exploitive headlines in an attempt to infect users and grow its network. Numerous small businesses and private web sites, so far predominantly in U.S. and China, have been targeted in the campaign, claimed Marshal. The security vendor warned a variety of headlines are being used to lure victims into clicking on a malicious link. They include: “Yahoo sold to Microsoft, record price;” “Bush Down to 8 Friends on Myspace;” “Al Qaeda Reports Declining Revenues in Fiscal ‘08.” “Some of the headlines are hard to take seriously and some of them are believably enticing,” said the lead threat analyst for Marshal’s TRACE Team. He said the spammers appear to be experimenting to see which types of headlines solicit the most hits from recipients. Marshal’s records revealed that Rustock is estimated to comprise over 150,000 infected PCs and distributes close to 30 billion spam messages daily which in terms of volume makes it one of the biggest malicious spam campaigns ever seen. Source: http://www.itnews.com.au/News/81143,fake-yahoo-sold-to-microsoft-spam-boosts-rustock-botnet.aspx


47. July 24, Breitbart – (International) Hackers get hold of critical Internet flaw. Internet security researchers on Thursday warned that hackers have caught on to a “critical” flaw that lets them control traffic on the Internet. An elite squad of computer industry engineers that labored in secret to solve the problem released a software “patch” two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks. DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites. The vulnerability allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay Internet traffic to destinations. Source: http://www.breitbart.com/article.php?id=080724230931.2rdnlz0a&show_article=1


48. July 24, Computerworld – (International) Mozilla fixes nine flaws in Thunderbird. Mozilla Messaging patched nine security vulnerabilities in Thunderbird yesterday, the first time it has plugged holes in the e-mail software since early May. Thunderbird 2.0.0.16, which was added to Mozilla’s download servers late Wednesday, quashes nine bugs, including one that was patched last week in Firefox, the company’s open-source browser. The remainder fixes flaws that were first addressed in early July when Mozilla updated Firefox to Version 2.0.0.15. Seven of the nine bugs were rated “moderate” by Mozilla, the second-lowest of the four rankings in its threat system. The other two were pegged as “low.” The bug patched in Thunderbird yesterday that was fixed in Firefox last week was in the browser rendering engine’s CSSValue array data structure. According to Mozilla, the vulnerability could be used by hackers to force a crash, and from there run malicious code. Several other just-patched Thunderbird vulnerabilities could also be used by attackers to execute code remotely. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110643&taxonomyId=17&intsrc=kc_top


Communications Sector


49. July 25, Upstate Today – (South Carolina) Internet, phones down across Seneca. Many residents in the greater Seneca area found themselves without Internet and phone service Thursday when an outage occurred about 4:30 p.m. A Technology Solutions official confirmed a “widespread” outage of service due to a construction mishap. A main AT&T fiber optic cable was severed when a construction crew at the former Tiger Tails property dug up the line with a bulldozer in haste to make progress on a construction project. AT&T has been notified of the situation, but that does not mean a solution could be expected anytime soon, the official said. A fiber optics fusion and splice team has been sent to the site to repair the cable. The last time such an event occurred that required the fiber optics team to be sent, it took 17 hours for service to be restored. Source: http://www.upstatetoday.com/news/2008/jul/25/internet-phones-down-across-seneca/