Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, August 14, 2008

Complete DHS Daily Report for August 14, 2008

Daily Report

• According to USA Today, five years after the worst blackout in U.S. history, the nation’s electrical system is far better equipped to prevent another big outage, but significant shortcomings remain, federal officials, grid operators, and consultants agree. (See item 5)

• KSN 3 Wichita reports that four people have been arrested on felony explosives charges after a bomb squad found four acid bombs that had detonated on the grounds of a high school in Wichita, Kansas. (See item 30)

Banking and Finance Sector

12. August 13, Associated Press – (National) U.S. Federal Reserve auctions $25B in loans. The U.S. Federal Reserve has auctioned another $25 billion in loans to U.S. banks and given them more time to pay the money back in an effort to combat a serious credit squeeze. The central bank has loaned billions since the credit squeeze hit a year ago. The Fed announced Tuesday that the money would be loaned at a rate of 2.754 percent. In the latest auction, the Fed offered the loans for an extended period of 84 days, rather than the 28-day period for the previous loans. The latest Fed auction was held on Monday with the results announced Tuesday. It saw 64 bidders seeking a total of $54.8 billion in funds. The Fed had announced that it would auction off $25 billion for 84 days. In two weeks the Fed will auction $75 billion in loans for 28 days. Source:

13. August 13, Xinhua – (International) China central bank to blacklist foreign bankcards involved in fraud. The People’s Bank of China will blacklist foreign bankcards found involved in fraud cases, as one of the country’s efforts to curb bankcard crimes and create an Olympics-friendly payment environment. The list would help the card issuer banks, merchants and other agencies to stop service for suspects, the director general of the Payment and Settlement Department of the People’s Bank of China, told a press conference on Wednesday. A joint action between the central bank and police started in April. The authorities have registered 1,600 cases and arrested 342 suspects, implicating more than 40 million yuan. Source:

14. August 13, Associated Press – (National) 2 North Texas men accused of securities fraud. Two North Texas men face securities fraud charges in connection with an alleged “pump and dump” stock-fraud scheme that resulted in more than $32 million in losses for duped investors. The two are charged with fraud, according to court documents filed July 15 in the U.S. Northern District Court in Dallas by the Securities and Exchange Commission. One of the suspects was president of Sniffex Inc., which the SEC alleges was a shell company that produced a hand-held bomb detector called the Sniffex. Its 50-year-old Bulgarian inventor allegedly designed it to emit an electromagnetic field to

detect gunpowder and other explosives as far away as 300 feet and the device was promoted as an anti-terror breakthrough. But the device did not live up to its claim. The SEC says the suspects created a fake promotional campaign designed to inflate the share price and trading volume of the company’s stock, between May 17, 2005 and April 6, 2006. The SEC is investigating Sniffex’s partners in Bulgaria and Denmark. Sniffex Inc. is now Homeland Safety International. Source:

15. August 13, Reuters – (National) Countrywide sued by West Virginia over mortgages. Countrywide Financial, now owned by Bank of America Corp, has been sued by West Virginia, which accused the lender of making risky and costly loans to consumers who could not afford them. West Virginia is at least the fifth U.S. state to sue Countrywide over its business practices, joining California, Connecticut, Florida and Illinois. Another state, Washington, has threatened to revoke Countrywide’s lending license. Countrywide had been the largest U.S. mortgage lender before Bank of America bought it on July 1 for $2.5 billion. A copy of the lawsuit was not immediately available. Source:

Information Technology

32. August 13, VNUNet – (National) Bug shuts down VMware servers. A software bug is leaving VMware customers unable to log in to virtualized servers. The issue began early on Tuesday when users attempted to power up virtual systems running the company’s ESX 3.5 software. The user is greeted with an error message indicating that the machine’s “power on” function failed due to an expired license. The company said that the issue is due to a timeout mechanism that had been left on and set to expire on August 12. This, said the company, caused the system to lock out users and believe that the license had expired. The issue only affects systems that run ESX 3.5 Update 2 and ESXi 3.5 Update 2. The timeout feature is often used by developers to when distributing test builds to users in order to prevent them from running and distributing test versions of the software indefinitely. In a blog posting, VMware assured users that the issue was not a security risk, and that the cause of the problem had been found. Source:

33. August 12, Science News – (National) Microsoft issues massive security update for Windows, Office. On Tuesday Microsoft Corp. released its largest security in 18 months to patch 26 vulnerabilities in Windows, Office, Internet Explorer (IE), Windows Messenger and other software. “Today is a perfect storm of client-side issues,” said the manger of Qualys Inc.’s vulnerabilities research lab. “Most or all of Microsoft’s client-side applications are affected or patched.” At least two of the vulnerabilities have already been exploited in the wild, Microsoft acknowledged. Those two, plus another pair, said one security researcher, should be considered “zero-day” bugs because technical details about the flaws had been circulating prior to today. Even though today’s updates – 11 total bulletins, six of which were tagged as “critical,” Microsoft’s highest threat rating – set a 2008 record, Microsoft left one expected fix off the table. Last week, it said it would patch one or more critical flaws in Windows Media Player 11, the version bundled with Windows Vista. Source:

34. August 12, New York Times – (International) Before the gunfire, cyberattacks. Weeks before bombs started falling on Georgia, a security researcher at Arbor Networks in suburban Massachusetts was watching an attack against the country in cyberspace. Other Internet experts in the United States said the attacks against Georgia’s Internet infrastructure began as early as July 20, with coordinated barrages of millions of requests — known as distributed denial of service (D.D.O.S.) attacks — that overloaded and effectively shut down Georgian servers. Researchers at Shadowserver, a volunteer group that tracks malicious network activity, reported that the Web site of the Georgian president had been rendered inoperable for 24 hours by multiple D.D.O.S. attacks. They said the command and control server that directed the attack was based in the United States and had come online several weeks before it began the assault. As it turns out, the July attack may have been a dress rehearsal for an all-out cyberwar once the shooting started between Georgia and Russia. According to Internet technical experts, it was the first time a known cyberattack had coincided with a shooting war. The Georgian government blamed Russia for the attacks, but the Russian government said it was not involved.


35. August 12, Computerworld – (International) Russian hacker ‘militia’ mobilizes to attack Georgia. Security researchers Tuesday disputed claims that a well-known Russian hacker-hosting network is responsible for cyberattacks against sites belonging to Georgia, the former Soviet republic that has been battling Russian military forces since Friday. Rather than blame the notorious Russian Business Network researchers said that it appears that the attacks originated from a “hacker militia” of Russian botnet herders and volunteers. A Bulgarian security researcher said he and others have found evidence that points to a self-starting militia composed of volunteer hackers and cybercriminals who control large-scale bots, or collections of previously-compromised computers, as being behind the escalating attacks that have knocked Georgian sites offline. “A lot of it started with posting on blogs,” said a senior threat analyst at VeriSign Inc.’s iDefense Labs. “A bunch of youth groups posted something that was almost a manifesto that called on supporters to ‘wage an information war’ against Georgia.” That call to arms was only one of many, said the researchers, both whom noted similarities to the attacks against several hundred Lithuanian Web sites early last month. But while the forces assembled only appear to be uncoordinated to the untrained eye, they are in fact very coordinated, both researchers argued. In a lengthy blog post on ZDNet, one spelled out the coordinated steps that someone – or some group – took to rally the hacker troops and turn them against specific targets. That coordination was sophisticated enough to launch DDoS attacks against one of the most popular hacker forums in Georgia as a preemptive strike. Source:

Communications Sector

36. August 13, VNUNet – (National) U.S. broadband growth and speeds disappointing. Two pieces of research have painted a grim picture of the U.S. broadband industry. Leichtman Research Group has produced a report showing that broadband take-up halved in the second quarter of 2008 compared to the same period last year, the lowest level of growth in seven years. A second piece of research, from a study sponsored by the Communications Workers of America (CWA) found that the U.S. is slipping behind other industrialized nations in terms of broadband speeds. The group set up and online speed test and took data from nearly 230,000 internet users. It found poor speeds across the whole country and found a median speed of just 2.3 Mbps for American internet users. “This isn’t about how fast someone can download a full-length movie. Speed matters to our economy and our ability to remain competitive in a global marketplace,” said the president of the Communications Workers of America. Source:

37. August 12, Washington Post – (National) Some broadcasters agree to extend signals after digital transition. The National Association of Broadcasters (NAB) said that its member companies have agreed, on a voluntary basis, to continue to make local broadcast signals available to distribution partners – cable, satellite, and telecom TV operators – for an extra couple of weeks after the official switch to all-digital TV takes place on February 17. NAB’s Television Board of Directors said it is also working to reach the same agreement with all television members, the networks and the network affiliate stations. The initiative is intended to provide a buffer period for consumers during the transition period, so they will not have to worry about losing any programming as stations move from analog to digital signals. Broadcasters negotiate with cable and satellite operators in order to be included in the channel packages offered to consumers.


38. August 12, Washington Post – (International) Hacker claims Java bug affects millions of Nokia phones. A Polish hacker and self-professed security expert claims to have discovered vulnerabilities in the mobile Java technology implemented by Nokia in its mid-range S40 devices, potentially putting millions of handsets at risk. The hacker claims the bugs affect around 140 different models of Nokia phone. But given the proliferation of the latest version of Sun’s Java ME, the number of vulnerable devices could run to 1.5 billion including other makes of handset. He also claims the mobile Java vulnerabilities allow hackers to completely bypass security restrictions and install malicious applications on a victim’s device, without their knowledge. Source:

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, August 13, 2008

Complete DHS Daily Report for August 13, 2008

Daily Report

The Associated Press reports that federal officials are investigating whether oxygen masks and an emergency chute deployed properly during last week’s emergency landing of an American Airlines jet at Los Angeles International Airport. (See item 18)

• According to eFluxMedia, possible contamination with E. coli prompted Nebraska Beef LTD to issue a recall of 1.2 million pounds of beef. The U.S. Department of Agriculture’s Food Safety and Inspection Service confirmed the belief that beef products from the company are contaminated with E. coli. (See item 27)

Banking and Finance Sector

10. August 12, Midlands News Service – (National) Advance-fee loan scams often target businesses. The number of fraudulent loan scams targeting small-business owners has increased as more people seek alternative financing sources. The Federal Deposit Insurance Corporation (FDIC) and the national Better Business Bureau (BBB) recently issued warnings about advance-fee loan scams. Business owners have received unsolicited emails and phone calls from people promising to help secure financing in exchange for an up-front fee, said the president of the regional Better Business Bureau in Omaha. Some small-business owners have sought financing outside traditional banks and lending institutions because it is more difficult to get conventional loans, according to a BBB press release. Fewer small businesses are meeting the criteria to get commercial loans, but it is not because banks are changing their lending standards, said the chairman-elect of the Nebraska Bankers Association. Financial institutions are “able and willing” to make most types of commercial loans, with the exception of certain real estate loans, he said. The issue is not a lack of access to viable commercial loans. Current economic factors have negatively affected the creditworthiness of small businesses, which makes it more difficult for them to get a loan, the official said. The Internet has been a popular tool for some predators, according to the FDIC release. Scam artists have set up fake Web sites to lure potential borrowers, some using the logos of legitimate financial institutions and government agencies, according to the release. Source:

11. August 12, Chicago Tribune – (National) 2 charged in multimillion fraud. The owners of the Chicago-based real estate investment firm, WexTrust Capital LLC, were arrested Monday on federal fraud charges, and U.S. regulators accused them of conducting a quarter-billion-dollar Ponzi scheme going back as far as 2005. Simultaneously, the Securities and Exchange Commission (SEC) alleged in a lawsuit that the two men had raised $255 million from about 1,200 people, many of them Orthodox Jews, and misappropriated the money. In affinity fraud, scammers target individuals with a common interest or belief, which may include a religious affiliation, to exploit their trust to obtain money. The SEC also won an order Monday freezing the company’s assets. WexTrust owns at least 120 entities formed to acquire real-estate interests, and it has conducted at least 60 private placements since 2005, according to the SEC. Prosecutors with the Southern District of New York, where many of the victims reside, allege the suspects raised money in private placements for real estate investments. In one deal they solicited investors to buy seven commercial buildings leased to the U.S. General Services Administration. WexTrust also was involved with diamond mines in South Africa and Namibia, according to SEC documents. Source:,0,15298.story

12. August 11, Computerworld – (National) Wells Fargo code used to illegally access consumer data. Wells Fargo Bank is in the process of notifying some 7,000 individuals that a thief may have accessed their Social Security numbers and other personal information by illegally using the financial services firm’s access codes. The bank learned of the compromise on July 1 when MicroBilt Corp., a reseller of consumer data, notified it of suspicious transactions made using the Wells Fargo access codes, a spokeswoman for the San Francisco-based bank said Monday. The codes are used by Wells Fargo employees to gain access to consumer credit data. She said the records belonged to “random individuals,” only a small number of whom were Wells Fargo customers. Investigators have not yet determined how the Wells Fargo access credentials were illegally obtained or by whom, she said. Source:

13. August 11, Associated Press – (National) CFTC establishes task force on currency fraud. Federal regulators have formed a task force to investigate and prosecute fraud in the retail market for trading foreign currencies outside of commodity exchanges, a field they say is riddled with unscrupulous operators. The Commodity Futures Trading Commission (CFTC), which regulates U.S. futures markets, said it was establishing the task force within its enforcement division to focus on fraud in the off-exchange retail foreign currency market, as well as to work with other federal and state regulators and criminal authorities. Creation of the Forex Enforcement Task Force follows the June enactment of legislation that strengthened the CFTC’s jurisdiction over that market, the agency said in a news release. The CFTC and state securities regulators have warned the public to be cautious before trading foreign currencies — especially outside of major exchanges such as the Chicago Mercantile Exchange — saying it is at best very risky and at worst, fraudulent. Investors hope to profit from ups and downs in currency markets. But sharp swings in prices also can cause large losses, especially when an investor borrows money to make an investment and can wind up owing more than their initial investment was worth. Regulators say fraudulent schemes often come in the form of unsolicited phone calls and efforts to convince an investor to quickly transfer cash. The CFTC says it has brought nearly 100 enforcement actions since 2000 against companies and individuals accused of selling illegal foreign-exchange futures and options contracts. Source:

14. August 11, Consumer Affairs – (Kentucky) New twist on phishing scam surfaces in Kentucky. A number of consumers in Kentucky have reported receiving telephone calls from someone claiming to be from Commonwealth Credit Union with a warning their credit cards are being suspended. Members and non-members of Commonwealth Credit Union have reported receiving calls on their cell, work and home phones. “This is a scam,” said Kentucky’s Attorney General. “Our investigators have received several complaints and confirmed with representatives from Commonwealth Credit Union that this is a hoax and may be an attempt to compromise members’ accounts.” The message asks people to call a phone number. When callers dial the toll-free number, they are then instructed to enter their credit-card numbers to reactivate the accounts. “Commonwealth Credit Union has informed our investigators that it will never make calls to members asking for personal information.” Source:

Information Technology

40. August 11, SC Magazine – (National) Majority of malware attacks go undetected. Most malicious internet attacks go undetected by anti-virus software, according to a report released Monday by Cyveillance, a digital intelligence company. Data collected from several top anti-virus vendors during a 30-day period showed that more than half of the malware attacks went undetected. In addition, the Cyveillance 1H Online Fraud Report stated that malware attacks delivered via the web have more than doubled in frequency compared to the same period during the previous year. Essentially, new malware threats are developed quicker than the anti-virus companies can develop fixes, the director of product management at Cyveillance told on Monday. The most important change going on is the division of labor in the attacker underground, which is causing fast-changing malware, he said. “Today the threat environment has transformed to a more complex supply chain where players are highly specialized and consequently more productive,” he said. “Vulnerabilities are sold to ‘software developers’ who create packaged malware generation software that can then be used by multiple types of attackers and are capable of generating multiple unique targeted attacks and are continuously updated with new exploits.” Source:

Communications Sector

41. August 11, Detroit Free Press – (Michigan: National) Cell phone towers still vulnerable to power outages. Five years after the largest blackout in North American history on August 14, 2003, many wireless telephone companies, whose cell phone towers would go silent after several hours of no commercial power, are having trouble meeting reliability standards. When six million Michigan residents lost their power in 2003, and as seen in several natural disasters like Hurricane Katrina in 2005, cell phone towers soon started running out of power from backup batteries, making it very difficult for people to communicate. For more than a year, the Federal Communications Commission has been trying to institute rules that would require the telcos to equip their cell phone tower sites with backup service that would keep them running for at least eight hours. But the wireless industry has resisted this, saying it is too expensive. Many of the nation’s 210,000 cell phone towers have some sort of battery backup power in place that allow the sites to handle relatively short power disruptions that last no longer than a few hours. But in massive blackouts, as seen in 2003, once those batteries are drained, the towers cease to function. Source:

42. August 11, NBC 6 Northland – (Wisconsin) Thieves steal fiber optic cable & create $10,000 in damages. Superior police officers were investigating a theft at Conner’s Point on Monday morning after someone stole 200 feet of fiber optic cable that caused $10,000 in damages. Some Century Tel customers will be without phone, internet, and television services for some time. A Century Tel employee witnessed three people fleeing from the area; two of whom stopped to role a boulder onto the road so they could not be followed. Source: