Department of Homeland Security Daily Open Source Infrastructure Report

Friday, September 19, 2008

Complete DHS Daily Report for September 19, 2008

Daily Report

Headlines

 According to FOX News, a New York City dialysis center was shut down by the state health department after one patient tested positive for hepatitis C. Nearly 700 patients of the center in Manhattan are being urged to get tested for both hepatitis B and C strains, as well as HIV. (See item 27)

27. September 17, FOX News – (New York) New York City dialysis center exposes nearly 700 patients to Hepatitis C. A New York City dialysis center was shut down by the state health department after one patient tested positive for hepatitis C. Now, nearly 700 patients of the Life Care Dialysis Center in Manhattan are being urged to get tested for both hepatitis B and C strains, as well as HIV. In a press release, the Health Department said they uncovered poor conditions, including “blood on the treatment chairs and dialysis machines, lack of proper hand hygiene, and inadequate disinfection of equipment.” Source: http://www.foxnews.com/story/0,2933,423882,00.html

 The Washington Post reports that over a five-year period, the Bureau of Alcohol, Tobacco, Firearms, and Explosives lost dozens of weapons and hundreds of laptops that contained sensitive information, according to a report issued Wednesday by the U.S. Justice Department. (See item 29)

29. September 18, Washington Post – (National) ATF lost guns, computers. Over a five-year period, the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) lost dozens of weapons and hundreds of laptops that contained sensitive information, according to a scathing report issued Wednesday by the U.S. Justice Department. An inspector general identified “serious deficiencies” in ATF’s response to lost or stolen items and called the agency’s control of classified data “inadequate.” From 2002 to 2007, ATF lost 418 laptop computers and 76 weapons, according to the report. A regular audit of weapons and other sensitive items has been conducted since a study in 2001 revealed that the Federal Bureau of Investigation and other agencies had misplaced hundreds of firearms. Many of the missing laptops contained sensitive or classified material, according to the report. ATF began installing encryption software only in May 2007. ATF did not know what information was on 398 of the 418 lost or stolen laptops. The report called the lack of such knowledge a “significant deficiency.” ATF employees did not report the loss of 365 of the 418 laptops. The report was less critical of ATF’s control of explosives, but when the inspector general reviewed inventory records, he found that amounts “on hand did not correspond with the amounts recorded” in records at eight of 16 locations. Source: http://www.washingtonpost.com/wp-dyn/content/article/2008/09/17/AR2008091703662.html?nav=rss_politics/fedpage

Details

Banking and Finance Sector


11. September 17, Bloomberg – (National) SEC stiffens short-selling rules amid market turmoil. The U.S. Securities and Exchange Commission (SEC) stiffened rules against manipulative short-selling after a market rout pushed American International Group Inc. to the brink of collapse and triggered Lehman Brothers Holdings Inc.’s bankruptcy. The SEC adopted two regulations Wednesday forcing traders and brokers to close out short sales on all stocks, amid concern investors are driving down prices by flooding markets with sell orders. A third rule makes it a securities fraud when sellers deceive brokers about delivering borrowed shares to buyers. In traditional short sales, traders borrow shares that they then sell. If the price drops, they profit by buying back the stock, repaying the loan and pocketing the difference. The SEC rules target so-called naked short- selling, in which traders never borrow shares from their brokers. The agency is concerned that such a strategy can free investors to manipulate prices by placing unlimited sell orders. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=atc9nbq59jIw&refer=home


12. September 17, Associated Press – (National) Former Mercury Interactive directors settle. Three former board members of Mercury Interactive, a business software company acquired by Hewlett-Packard Co. for $4.9 billion in 2006, have each agreed to pay $100,000 fines in a settlement with federal regulators over stock options tampering. The Securities and Exchange Commission said Wednesday that it filed civil fraud charges against the former directors alleging they knew the company’s compensation records were faulty but “recklessly” signed off on them anyway. Mercury eventually had to wipe out more than $530 million in profits to correct the accounting problems. The company also shelled out $28 million to settle civil fraud charges with the SEC and $117.5 million to settle a group of shareholder lawsuits. Source: http://ap.google.com/article/ALeqM5hS8yU_owgZmYFjaIv3XelSLbLMXAD938PV080


13. September 17, Associated Press – (National) Judge OKs Lehman-Barclays deal. A bankruptcy judge on Wednesday gave Lehman Brothers initial approval to sell key North American businesses to Barclays for $1.7 billion in cash. The approval came just two days after Lehman Brothers Holdings Inc. filed the biggest bankruptcy in U.S. history. The judge’s approval sets in motion the asset sales but leaves open the possibility of a competing bid. Lehman plans to seek final court approval Friday. British bank Barclays said Tuesday that it would buy Lehman’s investment banking and capital markets businesses for $250 million in cash, as well as Lehman’s New York headquarters and two data centers in New Jersey for an additional $1.5 billion. Lawyers for creditors and bondholders objected to the speed of the process, saying two days was not enough time to evaluate the deal much less put together a competing bid. Source: http://money.cnn.com/2008/09/17/news/companies/lehman_bankruptcy.ap/index.htm


Information Technology


39. September 17, Computerworld – (International) Hacker posts QuickTime zero-day attack code. A hacker has released attack code that exploits an unpatched vulnerability in Apple Inc.’s QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday. The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the ““ parameter in QuickTime, which is not prepared to handle excessively-long strings, said a researcher with Symantec Corp.’s DeepSight threat notification network. In its present form, the exploit triggers a QuickTime crash, but it may be more serious. “The exploit suggests that code execution may be possible,” the researcher added, “[and] if this flaw were to allow arbitrary code to run, it may pose a significant risk, because attackers may be able to exploit the issue by embedding a malicious file into a site.” The researcher had little advice for users beyond urging them to be wary while browsing and to consider disabling the QuickTime plug-in, which is commonly found on Windows machines and installed by default on all Macs. Source:http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114999&intsrc=hm_list


Communications Sector


40. September 17, Associated Press – (National) Hurricane Ike causes record Internet outage. The power blackouts that followed Hurricane Ike have caused the widest outage for U.S. Internet service since 2003, according to a firm that tracks Internet connectivity. Internet connections in Texas, Ohio, and Pennsylvania were the hardest hit, according to Renesys Corp. But the storm also caused outages in Arkansas, Louisiana, Missouri, Kentucky, Illinois, and Indiana. Surrounding states had scattered outages as well. It was the largest area to lose its connections to the Internet since the Northeast blackout of 2003, said a data engineer at Renesys. The company does not track Internet connectivity by the number of people using it, but by “autonomous networks,” which roughly equates to the “neighborhoods” of the global network. At the peak Monday, Ike had taken out more than 400 such networks for at least an hour each. Some of the outages persisted Wednesday, with Time Warner Cable Inc.’s network in Ohio and NASA’s Johnson Space Center in Houston, Texas, being affected, according to Renesys. By comparison, the Northeast blackout took out 2,500 networks. Source: http://www.cnn.com/2008/TECH/09/17/ike.internet.outage.ap/index.html?eref=rss_tech

41. September 17, Reuters – (National) Qwest expects more phone customers to cut the cord. U.S. phone company Qwest Communications International Inc’s CEO expects more consumers to disconnect their landlines in favor of mobile phones over the next several years, but he said the company could survive. He said cost cuts were buffering the impact of falling landline sales and Qwest’s partnership with Verizon Wireless would help it grow. On Wednesday, media research company Nielsen Co. forecast 20 percent of U.S. households would rely only on mobile phones by the end of this year. Analysts have forecast that could rise to as high as 30 percent by around 2012. Source: http://www.reuters.com/article/rbssTechMediaTelecomNews/idUSN1731461620080917

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, September 18, 2008

Complete DHS Daily Report for September 18, 2008

Daily Report

Headlines

 According to Business First of Buffalo, the Federal Reserve Board late Tuesday confirmed it would authorize the Federal Reserve Bank of New York to lend as much as $85 billion to American International Group Inc., which has unraveled in the face of mounting losses. (See item 15)

See details in the Banking and Finance sector

 CNN reports that suspected Al Qaeda militants disguised as security forces launched an explosive assault on the U.S. Embassy in Yemen’s capital, Sanaa, Wednesday killing 10 Yemeni police and civilians. (See item 30)

30. September 17, CNN – (International) Al Qaeda blamed for U.S. Embassy attack. Suspected Al Qaeda militants disguised as security forces launched an explosive assault on the U.S. Embassy in Yemen’s capital, Sanaa, Wednesday killing 10 Yemeni police and civilians, officials said. The attack involved two car bombs, a spokesman for Yemen’s embassy in Washington said. Six attackers, including a suicide bomber wearing an explosive vest, were also killed in the attack. There were at least four explosions – including at least one car bomb – and sniper fire, a senior State Department official said. The heavily fortified compound in the capital of Yemen has previously been targeted in attacks. A U.S. official told CNN the attackers initially opened fire outside the embassy’s security gate, then there was the main explosion followed by a secondary explosion. At some point, snipers positioned across the street from the embassy opened fire on Yemeni first responders as they arrived on the scene, the official said. Those killed include six Yemeni policemen and four civilians, he said, noting that the number of wounded is unclear. No U.S. Embassy employees were killed, the official added. Source: http://www.cnn.com/2008/WORLD/meast/09/17/yemen.blast/?iref=mpstoryview

Details

Banking and Finance Sector


15. September 17, Business First of Buffalo – (National) Fed bails out AIG in $85B deal. The Federal Reserve Board late Tuesday confirmed it would authorize the Federal Reserve Bank of New York to lend as much as $85 billion to American International Group Inc., which has unraveled in the face of mounting losses related to insurance on complex financial instruments and credit downgrades that forced the company to raise billions in capital. The New York insurance company is the largest in the world. Bailing out a private company not under its direct purview is an extraordinary and historic move for the Federal Reserve, whose primary roles include setting United States monetary policy and banking supervision and regulation. In a statement, the Federal Reserve said, “The Board determined that, in current circumstances, a disorderly failure of AIG could add to already significant levels of financial market fragility and lead to substantially higher borrowing costs, reduced household wealth and materially weaker economic performance.” Source: http://www.bizjournals.com/buffalo/stories/2008/09/15/daily22.html


16. September 17, Toronto Star – (National) FBI’s mortgage fraud caseload grows to 24. The FBI is investigating 24 cases of potential corporate fraud related to mortgage lending, up from 21 cases disclosed by the Bureau in July, the Bureau director told Congress Tuesday. He did not identify specific targets as lawmakers expressed new concern about the impact of fraud cases in the wake of fresh turmoil in global financial markets tied to the collapse of the U.S. mortgage lending industry. The director said the FBI was looking at all levels of the mortgage systems. Source: http://www.thestar.com/Business/article/500435


17. September 16, New York Times – (International) Billionaire sues UBS, claiming fraud. A billionaire property developer filed a complaint against UBS and nearly a dozen current and former executives of the bank in federal court in Santa Ana, California. The lawsuit accuses UBS, a small Swiss firm, and two private firms based in Liechtenstein and their employees of luring the plaintiff into becoming a client and a participant in a deceptive investment scheme intended to cheat the Internal Revenue Service of millions of dollars in taxes. The civil case is thought to be the first to be filed by a wealthy American client of UBS, which is under investigation by the Justice Department over whether it allowed its customers to evade United States taxes by hiding money offshore. Source: http://www.nytimes.com/2008/09/17/business/worldbusiness/17ubs.html?ref=worldbusiness


18. September 16, Associated Press – (District of Columbia) Central figure in DC tax scam pleads guilty. A former manager in the District of Columbia tax office admits she cut more than 200 fraudulent property tax refund checks in a scheme that drained more than 48 million dollars from the city’s treasury over almost two decades. The woman has pleaded guilty to wire fraud, conspiracy to commit money laundering and tax evasion. The agreement calls for her to serve from 15 to 18 years in prison and to pay restitution. A federal judge has accepted the plea provisionally, but has not set a sentencing date. Nine other people have pleaded guilty in the tax scam. Source: http://www.kgan.com/template/inews_wire/wires.national/3b56768e-www.kgan.com.shtml


Information Technology


37. September 16, Register – (National) Adobe yanks speech exposing critical ‘clickjacking’ vulnerabilities. Two prominent security researchers have pulled a scheduled talk that was to demonstrate critical holes affecting anyone who uses a browser to surf the web. They say they planned to demonstrate serious “clickjacking” vulnerabilities involving every major browser during a presentation scheduled for September 24 at OWASP’s AppSec 2008 Conference in New York. They canceled their talk at the request of Adobe, one of the developers whose software is vulnerable to the weakness, they say. The pair planned to disclose flaws in the architecture of all of today’s web browsers that allow malicious websites to control the links visitors click on. Once lured to a fraudulent address, a user may think he’s clicking on a link that leads to Google – when in fact it takes him to a money transfer page, a banner add that is part of a click-fraud scheme, or any other destination the attacker chooses. The technique can also forge the address that appears on a status bar at the bottom of a web browser, so even those who are careful to check referring address before clicking can be tricked, one researcher says. Source: http://www.theregister.co.uk/2008/09/16/critical_vulnerability_demo_pulled/



38. September 16, Computerworld – (New York) Forever 21 says nearly 99,000 cards compromised in data thefts. Nearly 99,000 payment cards used by customers at several Forever 21 Inc. retail stores may have been compromised in a series of data thefts dating back to August 2004. In a statement released last week and posted on its Web site, the Los Angeles-based discount retailer said it discovered the thefts only after being notified of them by the U.S. Department of Justice in Boston on August 5. There was no explanation for why the company waited more than a month after it discovered the compromise to notify affected customers. The DOJ last month filed indictments against three people who allegedly hacked into computer systems belonging to 12 retailers to steal payment card data. The incidents covered in the indictments included a much-publicized breach at TJX Companies Inc. Forever 21 said it was notified by the DOJ that it was one of the victims of those attacks and was given a disk containing “potentially compromised file data.” Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9114839&taxonomyId=17&intsrc=kc_top


Communications Sector


39. September 17, Globe and Mail – (National) U.S. iPhone traffic seen clogging up RIM’s Bold plans. Research In Motion Ltd.’s BlackBerry Bold has yet to launch with its exclusive U.S. carrier and it appears that Apple Inc.’s latest iPhone may be the reason why. Even though the Bold is available in more than a dozen countries, AT&T Inc. has yet to offer the device in the U.S. because iPhone data traffic is clogging the telecom giant’s networks, according to analysts. Both devices use the same next generation (3G) network technology, but it now appears AT&T was not prepared for the bandwidth requirements of the Apple device and does not have the resources to launch the Bold until it cures its iPhone issues. Source: http://www.theglobeandmail.com/servlet/story/LAC.20080917.RTICKERBOLD17/TPStory/Business


40. September 15, Aviation Week – (International) U.K. report finds emerging threats in space. Disruptive technologies such as directed energy weapons and the use of electro-magnetic pulse are being identified as “emerging issues” for space security in a key U.K. industry report. British space industry lobby group U.K. Space will formally launch its “Space Secures Prosperity” report September 16. The study is intended to highlight the extent to which the U.K. is dependent on space systems to support its military and security capabilities. Many of these systems, the report stresses, are foreign. U.K. industry wants to see the government step up its investment in military space. In examining potential emerging threats to space infrastructure the report notes: “It is feasible that illegal organizations will seek to disrupt states ability to exploit the use of space by threatening not only the ground stations themselves, but also the communications links between them and their satellites.” Source: http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=space&id=news/DIS09158.xml&headline=U.K.%20Report%20Finds%20Emerging%20Threats%20In%20Space