Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 22, 2008

Complete DHS Daily Report for August 22, 2008

Daily Report


• CNN reports that a police officer and two civilians on Tuesday subdued an armed man who drove to a California probation office with 11 crude bombs, 70 loaded magazines, and more than 4,000 rounds of ammunition. (See item 30)

30. August 20, CNN – (California) Police: Man with bombs ‘ready for war’ with city. A police officer and two civilians subdued an armed man who drove to a California probation office with 11 crude bombs, 70 loaded magazines, and more than 4,000 rounds of ammunition, police said. The man was out of jail on bail for a July 18 incident in which police said an explosive device was found in his vehicle at the probation office. The incident occurred Tuesday afternoon, when people saw the suspect acting suspiciously near the Siskiyou County Probation Department and called police, the Yreka police chief said. The suspect aimed a gun at an officer, police said. Two civilians then jumped into the fray and, with the officer, subdued the suspect and wrestled the gun away, police said. The suspect was handcuffed and searched. Police found a pipe bomb in his shoe, the police chief said. A neighborhood near the probation office was evacuated after the suspect told police that he had ten bombs in his car parked nearby, authorities said. Source:

• According to the Associated Press, a hacker broke into a Federal Emergency Management Agency voicemail system in Emmitsburg, Maryland, over the weekend and racked up about $12,000 in calls to the Middle East and Asia. (See item 36)

36. August 20, Associated Press – (Maryland) FEMA phones hacked; calls made to Mideast, Asia. A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Maryland, on Saturday and Sunday, according to a FEMA spokesman. FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability. The voicemail system is new and recently was installed. It is a Private Branch Exchange, or PBX, a traditional corporate phone network that is used in thousands of companies and government offices. Many companies are moving to a higher tech version, known as Voice Over Internet Telephony. Afghanistan, Saudi Arabia, India, and Yemen are among the countries calls were made to. Most of the calls were about three minutes long, but some were as long as 10 minutes. Sprint caught the fraud over the weekend and halted all outgoing long-distance calls from FEMA’s National Emergency Training Center in Emmitsburg. Source:


Banking and Finance Sector

12. August 21, Washington Post – (National) FDIC restructuring some IndyMac loans. Federal regulators yesterday announced a plan to systematically modify the loans of at least 25,000 homeowners with mortgages held by failed lender IndyMac in an attempt to create an industry model for assisting troubled borrowers. The Federal Deposit Insurance Corp. will offer delinquent IndyMac borrowers new mortgages with interest rates as low as 3 percent. It is partly a challenge of speed: The FDIC wants to complete the modifications by mid-October, three months after it took control of the troubled California bank. It aims to sell off IndyMac’s assets by then. FDIC officials said they hoped the program would become a model for the industry and prompt other mortgage lenders to do more to work with troubled borrowers, but they did not indicate whether they would adopt this program in future bank failures. Freddie Mac has also launched a pilot program allowing for mass modifications of loans. Source:

13. August 20, Computerworld – (National) Changes to PCI standard not expected to up ante on protecting payment card data. The group that administers the Payment Card Industry Data Security Standard — or PCI, for short — this week released a summary of the changes that are being made to the requirements in a revision scheduled to be published in October. As expected, the modifications that the PCI Security Standards Council is implementing in the upcoming Version 1.2 of the standard are largely incremental in nature and appear unlikely to cause any major new compliance challenges for companies, analysts said. In fact, the update will ease some of the mandates set by the standard, such as how quickly software patches need to be applied to systems. The PCI standard was created by the major credit card companies, including Visa, MasterCard and American Express, to try to prevent the theft of credit and debit card data from retail systems. The standard, which went into effect in June 2005, outlines 12 broad security controls that retailers, online merchants, data processors and other businesses must implement to protect cardholder data. Companies that fail to meet the requirements are subject to fines and potentially can be barred from processing payment card transactions. Version 1.2 is due to be published on October 1 as the first update of the PCI standard. Source:

14. August 20, KCBD 11 Lubbock – (Texas) New scam targeting bank customers. There is a new bank scam that can target anyone, anywhere and several Texas community banks have already been hit. The scam works by calling, e-mailing, and texting people with messages saying their bank account has been compromised. When the customer calls the toll-free number provided in the messages, they are asked to enter their debit card number, expiration date, and personal identification (PIN) number. The scam is believed to be operating from ATM’s in Europe. Source:

Information Technology

38. August 20, Dark Reading – (International) Rival botnets share a common bond, researchers find. Two of the world’s largest and most prolific spamming botnets have been spotted sharing a common bot malware-delivery method. But whether that means that the operators of the rival Rustock and Srizbi botnets are actually working together is unclear, security researchers say. Rustock, which recently edged Srizbi for the top slot as the biggest spammer mostly due to a wave of fake Olympics and CNN news spam, and Srizbi, known for fake video and DVD spam, have been using the same Trojan, Trojan.Exchanger, to download their bot malware updates, researchers say. “This is the first time” we had seen this connection between the two botnets, says the chief security content officer for anti-botnet software firm FireEye. “That’s why when we saw it, it was surprising.” “They definitely have a relationship,” he says. “There’s not the rivalry we used to think about.” Other researchers say they have witnessed a recent overlap between Rustock and Srizbi, too. Some say it is spammers diversifying their spam campaigns with different botnets, and others, that it could be some sort of coordination among the bot herders or their spammer customers. Either way, they all agree that the two botnets remain separate networks of zombies with distinct command and control infrastructures. Source:

39. August 20, Computerworld – (National) Opera patches 7 bugs but keeps one secret. Opera Software ASA today patched seven vulnerabilities in its flagship Opera browser, but it declined to provide information about one of the bugs. The browser developer hinted that other programs, not yet unpatched, were also affected by the flaw. Today’s update to Opera 9.52 fixes multiple bugs – seven in the Windows version, five in the Mac edition, and six in the Linux browser – that range from “extremely severe” to “not severe” in the company’s five-step threat-ranking system. What was unusual, however, was that Opera omitted an explanation for one of the fixed flaws. Instead, the company simply stated in the change log: “Fixed an issue that could allow cross-site scripting, as reported by Chris Weber of Casaba Security; details will be disclosed at a later date.” Source:

Communications Sector

40. August 21, Albany Times Union – (New York) Verizon’s fiber-optic system rollout hits snag. Verizon Communications Inc. will go back and inspect every one of its FiOS installations in New York after regulators discovered that some of the fiber-optic systems could pose potential safety hazards. Routine inspections by the state Public Service Commission found that “a high proportion” of the systems failed to adhere to the National Electrical Code and were not properly grounded or bonded, according to the agency. FiOS is Verizon’s new fiber-optic system designed to offer phone, Internet and TV service to compete with cable companies like Time Warner Cable. In response to the PSC’s investigation, Verizon submitted a plan under which it plans to inspect all previous installations and correct any problems within 60 days. The company is also creating a special quality-assurance team to make certain that new installations are done correctly. Source: