Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 9, 2008

Complete DHS Daily Report for December 9, 2008

Daily Report


 The Southeast Missourian reports that a man faces arraignment Tuesday after a series of burglaries and thefts Thanksgiving weekend that included a break-in at the Cape Girardeau Regional Airport in Missouri. (See item 12)

12. December 6, Southeast Missourian – (Missouri) Police: Man broke into Cape hangar, pretended to be pilot, night watchman. A Dexter, Missouri, man faces arraignment Tuesday in Scott County after a series of burglaries and thefts Thanksgiving weekend that included time spent pretending to fly a plane at the Cape Girardeau Regional Airport. According to a Cape Girardeau police report, the man spent most of the night of November 28 in and around two hangars at the airport before stealing a sport utility vehicle from NAB Automation Inc. He later told police that he had gone to the airport after a fight with his girlfriend the day before. The report said the man hoped to fly to St. Louis to see his mother. According to the police report, he had entered several planes and in at least one, he had turned on the lights and pretended to be a pilot. He told police he had not “flown a plane before but had flown in a flight simulator.” At another point, he walked the airport grounds with a flashlight and carried a stolen 12-gauge shotgun, “pretending that he was a night watchman.” The chairman of the Cape Girardeau Regional Airport Advisory board said since the break-in, which he said is the first in his 25-year association with the airport, security measures have been increased and more are planned. He said the man was never able to gain access to crucial airport buildings, such as the control tower. He said the airport board has recently talked about improving security and will now consider tighter measures. Source:

 According to McClatchy Newspapers, some visitors to the nation’s parks and wildlife refuges will be allowed to carry loaded weapons beginning in January under a plan given final approval Friday by the U.S. Presidential Administration. (See item 34)

34. December 5, McClatchy Newspapers – (National) Feds OK rule allowing loaded weapons in national parks. Some visitors to the nation’s parks and wildlife refuges will be allowed to carry loaded weapons beginning in January under a plan given final approval Friday by the U.S. Presidential Administration. The Interior Department decided to scrap its longtime ban on loaded weapons. Individuals will be allowed to carry loaded, concealed weapons in parks or wildlife refuges if they have state permits to carry concealed weapons in the state in which the national park or refuge is located. Under current regulations, firearms in the national parks must be unloaded and inoperable. That means they must have trigger locks or be stored in a car trunk or in a special case. The Interior Department suggested changing the regulation after 51 Senators signed a letter requesting it. Source:


Banking and Finance Sector

7. December 8, New York Times – (National) Investors win $141 million in suit against Bank of America. A federal jury in Manhattan has found Bank of America liable in a securities fraud trial that centered on the sales of asset-backed securities and involved some of the biggest names on Wall Street. In a verdict delivered late Thursday after nearly six weeks of trial, the jury ordered Bank of America to pay more than $141 million to a dozen institutional plaintiffs, including the American International Group, Allstate, Societe Generale, Travelers, Bank Leumi, Bayerische Landesbank, and the International Finance Corporation. The money includes interest that Bank of America, the nation’s largest bank, is obligated by law to pay on the $101 million award, which did not include punitive damages, according to court papers. The civil trial was closely watched because it was unusual for disputes between financial institutions over the sale of securities to be brought to court as opposed to being settled behind closed doors. Source:

8. December 6, PCWorld – (International) Holiday flyers warned of e-mail spam. Hackers are using hoax e-mails that appear to come from airlines as a way to spread malicious Trojans, according to Sophos. The security firm said e-mails disguised as messages from well-known carriers such as Virgin Atlantic and Delta have been received by Web users worldwide. The e-mail claims the recipient has registered an account with the airline and that their credit card has been charged. Also attached to the e-mail is a Zip file called ‘purchase invoice and your airline ticket.’ Sophos is warning web users not to open this attachment as it contains a Trojan horse designed to steal information or allow hackers to secretly access the victim’s computer. Source:

9. December 6, Washington Post – (National) Digging deeper into the CheckFree attack. The hijacking of the nation’s largest e-bill payment system last week offers a glimpse of an attack that experts say is likely to become more common in 2009. Atlanta based CheckFree acknowledged Wednesday that hackers had, for several hours, redirected visitors to its customer login page to a Web site in Ukraine that tried to install password-stealing software. While the attack garnered few headlines, there are clues that suggest it may have affected a large number of people. CheckFree claims that more than 24 million people use its services. A fraud analyst with Gartner Inc. said CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. A spokeswoman for Network Solutions, the Herndon, Virginia, domain registrar that CheckFree used to register its Web site name, told Security Fix Wednesday that someone had used the correct credentials needed to access and make changes to CheckFree’s Web site records. Network Solutions stressed that the credentials were not stolen as a result of a breach of their system, suggesting that the user name and password needed to make changes to CheckFree’s Web site could have been stolen either after a CheckFree employee’s computer was infected with password-stealing malware, or an employee may have been tricked into giving those credentials away through a phishing scam. Interestingly, was not the only site that the attackers hijacked and redirected back to the Ukrainian server. Tacoma, Washington-based anti-phishing company Internet Identity found at least 71 other domains pointing to the same Ukranian address during that same time period. Of those, 69 were registered at either eNom or Network Solutions, and all appeared to be legitimate domains that had been hijacked. Source:

10. December 6, WHIO 7 Dayton – (Ohio) Darke Co. sheriff’s office warns of alleged scam. The Darke County sheriff’s office issued a warning on Saturday about a scam that targets account holders at Greenville Federal Bank. Authorities at the sheriff’s office said they have received numerous complaints about suspicious activity involving accounts at the bank. They said victims received information that their accounts had been compromised and they needed to enter personal information via a telephone. Authorities said there have been at least two victims in Darke County. Source:

11. December 5, WIRED – (International) Three charged with international bank Trojan scheme. Two U.S. men and a Russian face conspiracy and bank fraud charges for allegedly running a successful scheme to compromise and rob online banking and brokerage accounts. In a 15-month-long caper that ended in December of last year, prosecutors say a defendant from Volgograd worked with others in Russia to infect U.S. consumers with Trojan horses that let the gang swipe the victims’ login credentials. This defendant then initiated wire transfers from the hacked bank accounts — and liquidated stocks from compromised brokerage accounts — and channeled the money to “drop” accounts in the U.S., according to federal indictments filed two weeks ago in Manhattan. Opening the drop accounts and pulling out the cash was allegedly the job of a defendant from Manhattan, and another from Hampton, New Hampshire, who got to keep a portion of the loot for their efforts, according to the government. The three are charged with conspiracy, and the defendant from Volgograd faces two additional count of access device fraud for allegedly giving the informant 150 stolen credit card numbers last year to get them programmed onto counterfeit cards. Source:

Information Technology

31. December 8, Marshal8e6 – (International) Mega-D Botnet returns after McColo shutdown. One of three major botnets shut down as a result of the closure of major spam hosting provider, McColo, has been re-established and is back spamming in large volumes, say experts from the Marshal8e6 TRACElabs. The Mega-D botnet, famous for sending billions of spam emails promoting sexual performance remedies, along with the Srizbi and Rustock botnets was effectively turned off due to the closure of McColo. The botnet’s thousands of infected zombie computers could no longer communicate with the Mega-D command and control servers and ceased spamming. However, Mega-D’s creators have worked constantly over the past three weeks to set up new command and control servers and re-establish connections with their network of compromised bots. According to the TRACElabs spam statistics, the spammers have managed to restore those connections and Mega-D is now back spamming again. Marshal8e6 maintains a Spam Volume Index on its website, tracking the total volume of spam it receives. This index is used to measure fluctuations in global spam volume over time. According to Marshal8e6, the volume of spam has doubled since the low point immediately following the McColo shutdown. Source:

32. December 6, IDG News Service – (International) FBI: Criminals auto-dialing with hacked VoIP systems. Criminals are taking advantage of a bug in the Asterisk Internet telephony system that lets them pump out thousands of scam phone calls in an hour, the U.S. Federal Bureau of Investigation (FBI) warned December 5. The FBI did not say which versions of Asterisk were vulnerable to the bug, but it advised users to upgrade to the latest version of the software. Asterisk is an open-source product that lets users turn a Linux computer into a VoIP telephone exchange. In so-called vishing attacks, scammers usually use a VoIP system to set up a phony call center and then use phishing e-mails to trick victims into calling the center. Once there, they are prompted to give private information. But in the scam described by the FBI, they apparently are taking over legitimate Asterisk systems in order to directly dial victims. “Early versions of the Asterisk software are known to have vulnerability,” the FBI said in an advisory posted Friday to the Internet Crime Complaint Center. “The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.” Source:

Communications Sector

Nothing to report