Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, December 18, 2008

Complete DHS Daily Report for December 18, 2008

Daily Report


 According to Global Security Newswire, the U.S. Nuclear Regulatory Commission announced Friday that staffers had recommended employing heightened security measures rather than replacement of cesium chloride, which is used in medical and industrial devices. (See item 6)

6. December 15, Global Security Newswire – (National) U.S. agency fails to address potential “dirty bomb” threat, lawmaker says. A U.S. Representative from Massachusetts said Friday that the U.S. Nuclear Regulatory Commission would be ignoring the potential use of cesium chloride as an ingredient in radiological “dirty bombs” by refusing to prohibit the use of the radioactive isotope. The commission announced Friday that staffers had recommended employing heightened security measures rather than replacement of the material, which is used in medical and industrial devices. A press release said the commission itself had not made its decision. A National Academy of Sciences report in February found that cesium chloride could be replaced in most or all uses by safer materials, the congressman said. He co-sponsored legislation that would require the material to be phased out of use wherever possible and to prohibit licensing of additional sources. Source:

 The Associated Press reports that New Hampshire’s Department of Health and Human Services mistakenly released personal information about Medicare Part D recipients to its service providers two weeks ago and is now notifying those affected. (See item 23)

23. December 17, Associated Press – (New Hampshire) NH agency mistakenly releases clients’ information. New Hampshire’s Department of Health and Human Services mistakenly released personal information about Medicare Part D recipients to its service providers two weeks ago and is now notifying those affected. In letters to clients and providers obtained Wednesday by the Associated Press, the department said it is taking steps to make sure no information is used illegally. But it urged the people affected to initiate credit fraud alerts or freezes on their accounts. The department’s associate commissioner said 9,300 clients are affected by the breach, the first at the department. Their information was mistakenly attached to a December 1 e-mail to 61 providers and health-related organizations, such as nursing homes and home health care agencies. The e-mail described changes to Medicare Part D plans, which help people buy prescription drugs. The attached document contained names, addresses, Medicare Part D plan information, Social Security numbers, and the amount of each person’s monthly premiums. The department said it discovered the breach on December 4 and began contacting those who got the e-mail to ask them to delete the information. Source:


Banking and Finance Sector

8. December 17, Washington Post – (National) hijack may have Affected 160,000 users. Online bill pay giant said the hijacking of its Web site this month affected an estimated 160,000 people, a disclosure that offers the most detailed account yet of the true size and scope of a brazen type of attack that experts say may become more common in 2009. In a filing with Wisconsin’s Office of Privacy Protection, CheckFree said at least 160,000 people may have visited the site during the nine-hour period it was hijacked, which had redirected visitors to a site in Ukraine. An analysis of that Ukranian site indicated that it was trying to exploit known security flaws in Adobe Acrobat and Adobe Reader, in an attempt to install a variant of the the Gozi Trojan, which is among the most sophisticated password-stealing programs in use today. CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. Among the 330 kinds of bills consumers can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage, and loan payments. CheckFree said it has sent warning notices to about five million consumers. Source:

9. December 17, New York Daily News – (National) SEC admits it blew many chances to uncover financial fraud of Bernie Madoff. The U.S. Securities and Exchange Commission (SEC) confessed Tuesday it blew chance after chance for at least a decade to uncover Madoff’s $50 billion Ponzi scheme. The chairman of the SEC ordered a probe by the SEC’s inspector general, saying the agency’s staff had “credible and specific allegations” but never brought them to commissioners. He ordered all SEC staffers who had contact with the defendant or his family removed from the investigation. The chairman called his agency’s lack of action “deeply troubling.” The SEC’s enforcement division investigated the defendants company only last year, without bringing a claim. Source:

10. December 17, Bloomberg – (National) Billionaire Ford shops for banks as government welcomes buyers. A billionaire from Texas now has $2 billion to buy banks and the regulatory authority to spend it. He is looking for banks on the cheap after regulators in November granted his investment group a charter previously restricted to federally insured depository firms. U.S. regulators are loosening 50-year-old banking rules amid a financial crisis that has wiped out 25 banks this year and threatens at least 171 more, raising concerns that traditional lenders may not be able to step in. The billionaire’s investment firms add to a growing list of non-banks, including securities firms, insurers, and credit-card issuers that have been cleared to buy retail deposits and branches. The billionaire was granted a “shelf charter” by the Office of the Comptroller of the Currency, expanding the “pool of potential buyers available to buy troubled institutions,” according to a statement from the regulator on November 21. He said he applied in October, after receiving encouragement from the OCC and the California Department of Financial Institutions. The Federal Reserve since 1956 has allowed investment firms to own no more than 9.9 percent of banks and have limited board representation unless they become bank holding companies. A shift began in September when it was announced that the founder of New York investment firm J.C. Flowers & Co. won regulatory approval to buy a Missouri bank. Another billionaire has also expressed a willingness to purchase banks. “It seems like they’re running out of choices,” said a senior consultant at Austin, Texas-based Mortgage Banking Solutions. “They need to bring outside investment into the process just to get the banking sector back on the right track.” Source:

11. December 17, Associated Press – (National) Citibank’s computers down, blocking account info. Customers of New York City-based Citibank have lost access to much of their account information because of a computer outage. Many of the troubled bank’s clients have not been able to retrieve account details online or by telephone since Tuesday afternoon. Others can access only parts of their account profiles. Citibank telephone representatives say they do not know what caused the outage but technicians are working to fix it. They have been telling customers to call back after Wednesday morning. Source:

Information Technology

30. December 16, The Register – (International) Nine in ten emails now spam. Nine in ten emails are now spam with an estimated 200bn junk mail messages a day clogging up the Internet, according to a new report by networking and security giant Cisco. Drive-by download attacks — planting redirection scripts on legitimate sites that lead onto hacker controlled websites full of exploits — have become a popular method for spreading all forms of malware, including botnet clients that turn PCs into spam-churning zombies. The United States is the single biggest source of spam, accounting for 17.2 percent of junk mail. Other big offenders include Turkey (9.2 percent), Russia (8 percent), Canada (4.7 percent), Brazil (4.1 percent), India (3.5 percent), South Korea (3.3 percent), Germany and the United Kingdom (2.9 percent each). The compromise of legitimate domains is all part of the bigger picture of increasingly sophisticated attacks which these days are usually tied to cybercrooks looking to turn a fast buck, rather than teenagers looking to make a name for themselves. Vulnerabilities are the fodder of these cyberattacks — Cisco reports that vulnerabilities increased 11.5 percent from 2007. One of the big growth areas in this overall figure was a rise in vulnerabilities involving virtualisation technology, which almost trebled from 35 last year to 103 in 2008. Source:

31. December 16, DarkReading – (International) Researcher: Poor SSL implementations leave many sites at risk. Major sites continue to operate with expired or misconfigured SSL certificates, according to a researcher at Canola & Jones. Flawed implementations of the Secure Sockets Layer encryption algorithm could be exposing Websites to attack and compromise, according to new research scheduled to be released later this month. A researcher at security consulting firm Canola & Jones is working on a paper about SSL vulnerabilities that will be presented at the Chaos Communication Camp (CCC) hacker conference in Berlin at the end of this month. The paper outlines the results of tests he conducted using simple search engines and his knowledge of cryptography and SSL certificates. While much of the blame for these faults lies with the companies who operate the Websites, the research also suggests there may be a strong need for better standards and practices among SSL certificate authorities, the researcher says. Source:

32. December 16, DarkReading – (International) Researcher releases free DoS hacking tool. ‘LetDown’ can take down a Website, find DoS weaknesses. A researcher has unleashed a free denial-of-service (DoS) hacking tool for flooding TCP sessions. Called LetDown, the penetration testing tool is part of a larger package of tools called Complemento that was created by an Italian researcher. “Complemento is a collection of tools that I originally grokked up for my personal toolchain for solving some problems or just for fun,” he wrote in his post announcing the availability of the tools. He also admits having concerns about releasing LetDown to the public. “Basically, LetDown is a TCP flooder that completes the three-way handshake and sends a request to the server without closing the connection,” he said. “LetDown is aimed specifically at pen testers and server owners that want to test the resiliency of their networks against DoS attacks in order to properly configure the rules on resource management on their systems.” The other Complemento tools include a domain scanner called Reverse Raider that brute-force scans target subdomains or performs reverse-resolution for IP address ranges, and Httsquash, an HTTP server scanner, banner grabber, and data retriever. Source:

33. December 16, ZDNet – (International) Apple plugs 21 Mac OS X security holes. Apple has released a peck of patches to cover at least 21 documented security vulnerabilities affecting Mac OS X users. With its eighth security update for 2008, the company shipped fixes for flaws that could lead to remote code execution and denial-of-service attacks. The patch batch also covers a range of serious vulnerabilities in the Adobe Flash Player plug-in. Source:

34. December 15, SC Magazine – (International) Security issues present in browser password management. Among Web browsers, Google Chrome and Apple’s Safari provide the least amount of protection for stored passwords, according to new research from Internet security consultancy Chapin Information Services. When logging into Gmail, for example, a user’s credentials will go to the Gmail server. But if the code were to be altered so as to redirect usernames and passwords to a malicious domain, it turns out that IE, Safari, and Chrome will send the information to the criminals. Source:

Communications Sector

35. December 17, Smoky Mountain News – (North Carolina) Verizon cell tower violates county ordinance. Verizon Wireless added 20 feet to the height of its tower off Mauney Cove without the necessary permits from Haywood County, North Carolina. When it eventually submitted one last month, it failed to mention the work had already been done. The construction not only needed a permit, but also an exemption from the county’s cell tower ordinance. The extra 20 feet built onto the tower means the tower’s fall zone is too close to the neighboring property line. A commissioner said the commissioners should go ahead with the public hearing on the merits of the application, unswayed by the fact the work has been done. If the county commissioners decide not to grant the variance, the company will have to take down what they have built. County commissioners decided the original application is flawed, however, since it makes no mention of the work already being done. So the commissioners decided the company should start over by submitting a new and accurate application, and a new public hearing date would be set. Source: