Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 3, 2008

Complete DHS Daily Report for December 3, 2008

Daily Report


 The Associated Press reports that pirates chased and shot at a U.S. cruise liner with more than 1,000 people on board but failed to hijack the vessel as it sailed through the Gulf of Aden on Sunday. (See item 10)

10. December 2, Associated Press – (International) Pirates fire on U.S. cruise ship in hijack attempt. Pirates chased and shot at a U.S. cruise liner with more than 1,000 people on board but failed to hijack the vessel as it sailed along a corridor patrolled by international warships, a maritime official said Tuesday. The liner, carrying 656 international passengers and 399 crew members, was sailing through the Gulf of Aden on Sunday when it encountered six bandits in two speedboats, said the head of the International Maritime Bureau’s piracy reporting center in Malaysia. The pirates fired at the passenger liner but the larger boat was faster than the pirates’ vessels. The U.S. Navy’s 5th Fleet, based in Bahrain, said it was aware of the failed hijacking but had no further details. Ship owner Oceania Cruises Inc. identified the vessel as the M/S Nautica. In a statement on its Web site, the company said pirates fired eight rifle shots at the liner, but that the ship’s captain increased speed and managed to outrun the skiffs. All passengers and crew are safe, and there was no damage to the vessel, it said. International warships patrol the area and have created a security corridor in the region under a U.S.-led initiative, but the attacks have not abated. Source:

 According to Stars and Stripes, U.S. Army medical officials in southeast Germany waited nearly two months before notifying more than 6,000 beneficiaries of a possible security breach regarding their personal information stored on a lost laptop computer. (See item 20)

20. December 2, Stars and Stripes – (National) Army waited to tell of possible security breach. U.S. Army medical officials in southeast Germany waited nearly two months before notifying more than 6,000 beneficiaries of a possible security breach regarding their personal information stored on a lost laptop computer. Authorities know the names, Social Security numbers, and health information of at least 26 individuals were stored on the laptop, according to a news release sent Monday from the U.S. Army Medical Department Activity, Bavaria. However, officials said similar information on approximately 6,000 other patients also may have been on the missing computer, though they do not know for sure. According to the release, the laptop went missing on October 4. Notices that were sent to the beneficiaries on November 24 were characterized as a precaution. The letters were addressed to not only beneficiaries in the affected region, but to potentially affected people from other regional commands in the U.S. and elsewhere. The release did not explain why Army medical officials waited to notify the public. Source:


Banking and Finance Sector

9. December 1, South Florida Sun-Sentinel – (National) Theft of children’s identities often goes unnoticed for years. The Federal Trade Commission estimates about 500,000 identity theft incidents annually involve children under age 19, with the majority of the thefts occurring between birth and age 5. That is about 5 percent of all suspected ID theft cases. Federal officials said they have seen the numbers rise slightly during the past several years. Often, but not always, a parent or guardian is involved. The nonprofit Identity Theft Resource Center in San Diego estimates more than half of the child ID theft reports it has examined involve parents or family members. But strangers also can pick up a Social Security number, which has no age identifier, from pediatric or school records, from stolen ID cards, or through data breaches, said the center founder. Some law enforcement agencies also think child ID theft is becoming more attractive to thieves as personal information becomes harder to steal from adults, who are becoming more vigilant about monitoring their credit. A spokesman for the Federal Bureau of Investigation in Washington, D.C., said a “world of financial hurt” can happen between the time a theft occurs and when it is discovered. Often, that gap is a decade or more — when the victim applies for a school loan, a credit card, or a job.


Information Technology

25. December 2, Heise Security – (International) Email Trojans threaten to block email accounts. A new wave of trojans is rolling through the net. This time, the emails bearing the Trojan warn that the recipient’s email account will be blocked within a few hours, they read: “Subject: The email address is being blocked. Ladies and Gentlemen, due to misuse, your email address “” will be blocked within the next 24 hours. We have received 98 complaints of spam being sent from it. Details and possible ways to unblock your account can be found in the attachment.” The subject and text contain the recipient’s address, though the wording and the number of alleged complaints varies. The attached zip file contains the executable file blocking.exe along with the malicious program. These emails should be deleted unread, because most virus scanners are powerless to deal with them. Only a few such programs can currently recognize the culprit. Sophos calls it Mal/EncPk-GH, Microsoft knows it as Win32/Emold.C or Win32/Obfuscator.CT, depending on the mutation, while FProt says it is W32/Trojan3.MX. An analysis by Heise Security has shown that the malware installs itself as the default debugger for the Explorer.exe process, so that it is activated after a reboot. This unusual self-starting mechanism has already been used by the “account-rendered” Trojan, which appeared in users’ inboxes exactly a week ago, claiming to be an invoice, a collection order, or a warning of non-payment. Source:

26. December 2, IDG News Service – (International) Apple quietly recommends using antivirus software. Apple, which has long perpetuated the belief that its operating system is immune to security problems, is recommending that users install security software to make it harder for hackers to target its platform. “Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult,” according to a support note posted last month. Data by computer security researchers has shown that while Apple has not been affected by malicious software nearly to the extent as Windows, it is merely because hackers go after the most widely used platform. Apple is gaining market share, however, which means hackers could increasingly look to exploit the platform, particularly if it becomes perceived as an easier target. Apple systems are also not immune from problems in third-party software, such as plug-ins, which are used to view animated Flash graphics and PDF (Portable Document Format) files. Security problems in plug-ins have frequently been manipulated to cause browsers to redirect to malicious Web sites, which are rigged to try and take advantage of browser flaws. Compared to Windows, there are not nearly as many antivirus products for Apple computers. Source:

27. December 1, Computerworld – (International) New Windows worm builds massive botnet. The worm exploiting a critical Windows bug that Microsoft Corp. patched with an emergency fix in late October is being used to build a new botnet, a security researcher said December 1. A senior research engineer with Trend Micro Inc., said that the worm, which his company has dubbed “Downad.a” — it is called “Conficker.a” by Microsoft and “Downadup” by Symantec Corp. — is a key component in a new botnet that criminals are creating. Last week, Microsoft warned that the worm was behind a spike in exploits of a bug in the Windows Server service, which is used by the operating system to connect to network file and print servers. Microsoft patched the service with an emergency fix it issued October 23, shortly after it discovered a small number of infected PCs in Southeast Asia. However, the new worm is a global threat, said the senior researcher. “This has real potential to do damage,” he said. Trend Micro has spotted infected IP addresses on the networks of Internet service providers (ISPs) in the United States, China, India, the Middle East, Europe, and Latin America. The worm first appeared about a week and a half ago, and began spreading in earnest just before Thanksgiving, he added. He also said that it appears the botnet is being built by a new group of cyber-criminals, not one of the gangs that lost control of compromised computers when McColo Corp., a California hosting company, was yanked off the Internet. Source:

28. December 1, CSO Online – (International) The myth of cloud computing. Virtualization can save money — and open up new security issues. The idea of reducing racks of servers into smaller and cheaper machine farms is simply irresistible in just about every enterprise. Security vendors have seized on this with an array of products promising “security in the cloud.” But the adopters often lack a basic understanding of what virtualization is about, and that is a problem, industry experts say. Depending on who you are and where you are, the definition of what is coming in the virtualization world means a lot of different things to a lot of different people, which makes it near impossible to build a security strategy around it. Though many companies do not understand the precise workings of the technology, many at least acknowledge that there is a security challenge to address. The CMO for security vendor Sourcefire, maker of the popular Snort open-source IDS tool, says customers are expressing concern that they have no way to proactively track or identify new virtual systems within their environments. Of course, security experts warn, all the vendor activity in the world would not help a company that dives headlong into the cloud without thinking through the risks first. As long as companies fail to grasp the nuts and bolts of virtualization, dangers remain. Source:

Communications Sector

29. December 1, Associated Press – (National) Regulators hang up on cell tower backup rules. Federal regulators have rejected proposed changes by the Federal Communications Commission that would require all U.S. cell phone towers to have at least eight hours of backup power. The White House Office of Management and Budget said late Friday that the FCC failed to get public comment before passing the regulations last year and did not show that the information required from wireless companies would actually be useful. It also said the FCC had not demonstrated that it had enough staff to analyze the hundreds of thousands of pages of documents that the wireless industry said its members would likely have to produce as part of the regulations. A federal appeals court put the rules on hold this summer pending a review by the OMB, which is tasked with overseeing federal regulations. Source: