Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 31, 2008

Complete DHS Daily Report for July 31, 2008

Daily Report

• Reuters reports that a moderate earthquake spared Los Angeles oil refineries, pipelines, nuclear plants, and the city’s electrical grid on Tuesday, but caused some minor local power outages. (See item 1)

• According to the Associated Press, in a report aimed at the next president, security specialists are proposing a vast overhaul of the U.S. security system, declaring it problem-plagued. (See item 35)

Banking and Finance Sector

14. July 30, Daily Local – (Pennsylvania) Phishing scam hits area banks. First National Bank of Chester County, Pennsylvania, said Tuesday it has been a victim of a phishing scam. On Monday afternoon and Tuesday, fraudulent e-mails, telephone calls, and cell phone calls were sent to customers and non-customers by phishing scammers, according to the bank. The bogus e-mailed messages and telephone calls describe an urgent reason why customers must “verify” or “re-submit” personal or confidential information by clicking on a link embedded in the e-mail message or by calling a telephone number. These fraudulent e-mails calls have been designed to look as if they come from First National and contain the First National logo, the bank said. The scammers are believed to be located in a foreign country and First National Bank is working with law enforcement authorities to discover the identity of those involved in the scam, said the executive vice president at the bank. The bank is also working with law enforcement agencies to have the unauthorized communications and fraudulent Web sites terminated. First National Bank immediately began notifying customers via e-mail of the scams and informing them not to respond to requests for information. Source:

15. July 30, CCH Wall Street – (National) SEC halts $20M scam. At the U.S. Securities and Exchange Commission’s request, a California federal court has frozen the assets of an investment advisor who allegedly stole $20 million from more than 200 clients. According to the regulator, starting in at least 2000 and continuing well into 2008, the suspect solicited money from hundreds of investors by purporting to be an investment expert capable of generating outrageously large returns with absolutely no risk. But instead, he spent their money on lavish personal expenses. And in classic Ponzi scheme-fashion, he often transferred money from new clients to favored clients in order to create the illusion of profitable trading. Source:

16. July 29, Better Business Bureau of Northern Indiana – (Indiana) BBB of Northern Indiana warns of scam. The Better Business Bureau of Northern Indiana and the Indiana Bankers Association (IBA) are reporting recent phishing scams in the northern Indiana area. Callers posing as representatives from the State of Indiana or the Department of Financial Institutions have been contacting individuals asking for personal information, including bank account numbers, allegedly to ensure that deposits are insured by the Federal Deposit Insurance Corporation. These calls are fraudulent. Automated calls claiming to represent banks call individuals and allege that their debit cards have been canceled. The recorded message tells recipients to call a phone number, where they are asked to provide card numbers, expiration dates, and PINs. These calls are fraudulent. These scams appear to be targeted to specific geographic areas. Source:

Information Technology

40. July 30, IDG News Service – (International) Hotels to spy on Olympics guests, says U.S. senator. A Kansas senator reiterated accusations Tuesday that China is forcing foreign-owned hotels to install electronic eavesdropping equipment ahead of next month’s Olympics. The network monitoring equipment, which the senator claims includes both hardware and software, will allow the country’s Public Security Bureau to monitor the Internet activities of guests and collate records of what they do online. He first made these accusations in early May, without citing the names of any of the hotel chains allegedly involved. He said that he now has copies of translations of the original order, which “alludes to harsh punishment for failure to comply with the order,” a statement said. “The hotels have asked us to preserve their anonymity; in order to protect their safety, and in return for their courage in coming forward, I cannot divulge their identities.... On the other hand, these hotel chains have invested millions of dollars in their Chinese properties, and while they wish to find a way to reverse this order, if they are specifically identified, they could face severe retaliation…” he said. The senator’s accusations book-end allegations made in June by two U.S. Congressmen that China-based hackers had attacked computers in their offices, including ones that may have contained information on Chinese dissidents. Source:

41. July 29, Computerworld – (International) DNS patches cause problems, developers admit. Patches released earlier this month to quash a critical bug in the Domain Name System (DNS) have slowed servers running Berkeley Internet Name Domain (BIND), the Internet’s most popular DNS software, and crippled some systems using Windows Server. The head of the Internet Systems Consortium (ISC), the group responsible for the BIND software, acknowledged that there were problems with the July 8 fix that was rolled out as part of a multivendor update meant to patch a cache poisoning flaw discovered months ago. “During the development cycle, we became aware of a potential performance issue on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second,” he said in a message posted Monday afternoon to a BIND mailing list. “Given the limited time frame and associated risks, we chose to finish the patches ASAP and accelerate our work on the next point releases that would address the high-volume server performance concerns.” “Our immediate goal was to make patches publicly available as soon as possible,” he explained. Versions of the second update, which will be designated P2 when they are unveiled, are currently available in beta form for BIND 9.4.3 and BIND 9.5.1. Source:

42. July 29, PCWorld – (International) New browsers fight the malware scourge. The latest browsers are fighting back against the never-ending assault from online crooks who want to sneak malware infections through customers’ browser and onto their PC. Firefox 3, Opera 9.5, and, soon, Internet Explorer 8 add new security features that block known malware sites. Hackers slip nearly invisible code onto a vulnerable but benign Web site, forcing it to become an unwitting foot soldier in the malware war. A successful hijacking in July of a site for Sony PlayStation games demonstrates that sites both large and small can fall victim to this tactic. “The bad guys are putting a lot of effort into mass hacking,” says the chief research officer of antivirus maker AVG Technologies. “They routinely hack 20,000 to 40,000 sites in a day” with automated tools, he says. The new features in the latest browsers work much as existing antiphishing filters do. In Firefox 2, Mozilla uses Google’s blacklist of known phishing sites. If people mistakenly click a link to a URL on that list, they will see a warning instead of the site. Firefox 3 also blocks the display of pages on Google’s list of known malware sites. Firefox 3 grabs the most recent blacklist about every 30 minutes, according to a spokesperson, and checks the sites people visit against that local list. Firefox 2 has an option to always check sites you visit against Google’s online list so as

to catch the very latest entries, but Firefox 3 provides no such option. Source:

43. July 29, Washington Post Blog – (International) Three quarters of malicious web sites are hacked. Three-quarters of all Web sites that try to foist malicious software on visitors are legitimate sites that have been hacked, according to a report released Tuesday by Websense, an online security company that scans more than 40 million Web sites hourly for signs that they may have been compromised by hackers. Most of these compromised sites are social networking communities and some of the Internet’s most popular destinations. The report found that 60 percent of the top 100 most popular sites this year have either hosted malware or forwarded visitors to malicious sites. The company also says that nine out of 10 of those compromised sites were social networking or Web search sites. Typically, the hacked sites are advertised through junk e-mail. According to Websense, nearly 30 percent of those links lead to sites that try to plant software which steals passwords and other sensitive data from victims. The remainders of the spam links attempt to install software that lets attackers control the systems from afar, and/or install additional software without the owner’s knowledge. The findings mirror other recent research. In May, Web site vulnerability scanning company ScanSafe found that 68 percent of Web-based malware was pushed out via compromised Web sites. Source:

Communications Sector

44. July 29, Long Beach Press Telegram – (California) Post-quake traffic clogs cell-phone lines. Many cell phone users were not able to make calls during and immediately after Tuesday’s earthquake in California as a result of high call volumes, several phone companies said. Three of the largest wireless companies, AT&T, T-Mobile, and Verizon, all reported high call volumes during and immediately after the earthquake. An AT&T spokesman said in a statement that the company saw network congestion on both land-line and wireless networks, which is common after an earthquake. According to the statement, network congestion occurs when too many people are trying to use the network at the same time. The public relations spokesman for Verizon Wireless said its call volume was 40 percent higher than projected for the earthquake, adding that with extremely high call volumes, it becomes necessary for phone companies to start blocking calls. Making up the volume are one-time callers and those who call multiple times trying to get through. Source:

45. July 29, Minneapolis Star-Tribune – (Minnesota) Telecom sues Monticello over city’s plan to build its own high-speed network. A failure to communicate between Monticello, Minnesota, and TDS Telecom, its chief phone and cable provider, is threatening to short-circuit plans to make the city one of the most wired communities in the nation. Both Monticello and TDS Telecom are constructing multi-million dollar fiber-optic networks that will directly connect to every home, office, and business in the city. When the networks come online in the next year or so, they would be among only about 45 in the country that provides such connectivity. But Monticello – a city of about 11,000 in northern Wright County – also may be the only locale where the public and private sectors are competing so directly for paying customers. The acrimony from such direct competition has led to the filing of what may become a precedent-setting lawsuit by TDS questioning whether municipalities can use revenue bonds to create fiber-optic networks. Monticello – which maintains that the fiber-optic network is a public convenience and thus eligible for revenue bond financing – countersued to have the case dismissed. The Wright County District Judge, who took the matter under advisement last month following a hearing, could rule in the case as early as next week. Source: