Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 30, 2009

Complete DHS Daily Report for January 30, 2009

Daily Report


 According to the Associated Press, the U.S. Army secretary has ordered the recall of more than 16,000 sets of body armor following an audit that concluded the bullet-blocking plates in the vests failed testing and may not provide soldiers with adequate protection. (See item 7)

7. January 29, Associated Press – (National) Army orders recall of body armor. The U.S. Army secretary has ordered the recall of more than 16,000 sets of body armor following an audit that concluded the bullet-blocking plates in the vests failed testing and may not provide soldiers with adequate protection. The audit by the office of the Defense Department inspector general, not yet made public but obtained by the Associated Press, faults the Army for flawed testing procedures before awarding a contract for the armor. In a letter dated January 27 to the acting inspector general, the Army secretary said he did not agree that the plates failed the testing or that soldiers were issued deficient gear. He said his opinion was backed by the Pentagon’s top testing director. Despite his insistence that the armor was not deficient, he said he was recalling the sets as a precaution. He also said he has asked for a senior Pentagon official to resolve the disagreement between the Army and the inspector general’s office. The contract examined by the inspector general’s office is listed in the audit only as W91CRB-04-D-0040. An August 20, 2004 announcement on the Defense Department’s Web site states a contract under that designation was awarded to Armor Works of Chandler, Arizona. The Army bought 51,334 sets of the protective inserts under the contract for just over $57 million, according to the inspector general. Source:

 USA Today reports that the first federal evaluation of mass-transit security shows that more than 75 percent of the nation’s major rail and bus systems are not meeting Homeland Security guidelines, according to a new report by the Department. (See item 14)

14. January 28, USA Today – (National) Rail lines, bus systems show security shortfalls. The first federal evaluation of mass-transit security shows that more than 75 percent of the nation’s major rail and bus systems are not meeting Homeland Security guidelines. By contrast, 96 percent of airlines are complying with security requirements, according to a new report by the Department. The report does not identify which rail and bus systems fell short. The assessment comes as the new Homeland Security Secretary says she plans to focus more on mass transit, possibly through “redeployment” of resources from other areas. The Department’s evaluation, published on its Web site January 15, found that 37 of the nation’s 48 largest transit systems are not complying with voluntary guidelines set in 2007. There is no sanction for non-compliance. Guidelines include training transit workers in security, running security drills regularly, and sharing intelligence with other agencies. Some Homeland Security recommendations involve planning and could be done at little or no cost, said the director of the National Transportation Security Center of Excellence at San Jose State University. Source:


Banking and Finance Sector

10. January 29, USA Today – (International) Data scams have kicked into high gear as markets tumble. Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say. The schemes, often involving online promotions touting fake computer virus protection, get-rich scams and funny or lurid videos already were rising last fall when financial markets took a dive. With consumers around the world panicking, the number of scams on the Web soared. The number of malicious programs circulating on the Internet tripled to more than 31,000 a day in mid-September, coinciding with the sudden collapse of the U.S. financial sector, according to Panda Security, an Internet security firm. It was not a coincidence, said the chief corporate evangelist at Panda. “The criminal economy is closely interrelated with our own economy,” he says. “Criminal organizations closely watch market performance and adapt as needed to ensure maximum profit.” Source:

11. January 28, Associated Press – (Tennessee) SEC charges adviser with fraud linked to bailout. Federal regulators on January 28 charged an investment adviser with securities fraud, saying he bilked clients of at least $6.5 million in the first scheme using the government’s $700 billion financial bailout program as a front to lure investments. The Securities and Exchange Commission won a court order freezing the assets of a Nashville man and his firm, ProTrust Management Inc. The suspect and ProTrust consented to a temporary restraining order, the asset freeze and an accounting of all funds raised, the SEC said. The agency is seeking unspecified restitution and fines against them; a hearing has been scheduled for February 6. The SEC alleged that the suspect defrauded clients by falsely telling them their money was being invested in the Treasury Department’s financial rescue plan, called the Troubled Asset Relief Program, and other securities that actually do not exist. The suspect represents himself as a financial planner and investment adviser, but neither he nor his firm is registered with the SEC or a state regulator, the agency said in its civil lawsuit filed in federal court in Nashville. The SEC said that the suspect, who obtained control over funds of at least 27 clients, falsely claimed to have invested their money in securities described as “private placements,” creating phony account statements. Source:

12. January 28, CNNMoney – (National) BofA vows to track and report loan activity. The Bank of America chief executive officer said on January 28 that the troubled banking giant will soon start to publish reports tracking how much it is lending. Charlotte-based Bank of America said after the market closed that it will provide data on its lending and investing activity in 10 key areas. The company said the move will help it document its efforts to counter the steep downturn in the economy. “As America’s largest bank, Bank of America must play a leading role in providing the capital and liquidity that will help revitalize the U.S. economy,” the chief executive officer said in a press release. Source:

Information Technology

27. January 29, CNET News – (International) Chrome, Firefox face clickjacking. Security researchers have discovered a flaw affecting Google’s Chrome browser that exposes it to “clickjacking” — in which an attacker hijacks a browser’s functions by substituting a legitimate link with one of the attacker’s choice. Google has acknowledged the flaw and is working toward a patch for Chrome versions and earlier when running within Windows XP SP2 systems, according to a SecNiche security researcher. The researcher disclosed the flaw on January 27 and has since posted a proof of concept on the Bugtraq vulnerability disclosure forum. “Attackers can trick users into performing actions which the users never intended to do and there is no way of tracing such actions later, as the user was genuinely authenticated on the other page,” the researcher said within the disclosure. While Google is working on a fix, a representative for the Australian arm of the company pointed out that clickjacking can affect all browsers, not just Chrome. “The (clickjacking) issue is tied to the way the Web and Web pages were designed to work, and there is no simple fix for any particular browser. We are working with other stakeholders to come up with a standardized long-term mitigation approach,” they said. Source:

28. January 29, Heise Online – (International) Vulnerability found in FFmpeg library. A vulnerability has been found in FFmpeg that may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library. FFmpeg is a free tool and library collection which is used to record, convert and stream audio and video. It is used by several popular open source software projects including VLC media player, MPlayer, Perian, and others. The cause of the problem, according to an expert, is an error during the processing of files in proprietary 4X movie format (4XM). For a successful attack, the victim must open a manipulated file. FFmpeg versions before version 16846 are affected. Version 16846 has now been released and closes the hole in the libavformat/4xm.c file. Users can upgrade from the FFMpeg repository or wait for the distributions to update. Source:

29. January 28, The Register – (International) DDoS attack boots Kyrgyzstan from net. The Central Asian republic of Kyrgyzstan was effectively knocked offline recently by a Russian cybermilitia that continues to flood the country’s Internet providers with crippling data attacks, a security expert said. The attacks, which began on January 18, bear the signature of pro-Russian nationalists believed to have launched similar cyber assaults on the republic of Georgia in August, said a researcher with Atlanta-based security provider SecureWorks. The attacks on Kyrgyzstan were so potent that most net traffic in and out of the country was completely blocked during the first seven days. Over the past 48 hours, ISP have managed to mitigate some of the damage by relocating the servers of their biggest customers to different IP address ranges and employing a technique known as source filtering, which is designed to block harmful traffic while still allowing friendly packets through. Some media organizations and government opposition groups in the country of 5.3 million have not been so fortunate. Source:

30. January 27, DarkReading – (International) releases free iServices Trojan removal tool 1.1. Since SecureMac released its iWorkServices Trojan Removal Tool recently, a new related Trojan has been detected in the wild. As a result, SecureMac has updated the tool, and renamed it iServices Trojan Removal Tool. The tool is still free to download and use, and now detects and removes the new variant distributed with pirated versions of Adobe (ADBE) Photoshop CS 4 for Apple (AAPL) Mac OS X. Pirated copies of Photoshop CS 4 are reported by Intego to contain malware. On January 16, a copy of Photoshop CS 4 containing the Trojan variant was seeded to a number of peer-2-peer networks. This Trojan has been labeled OSX.Trojan.iServices.B and is the second variant discovered in the wild; variant A was found recently in pirated copies of iWork 09. Like its predecessor, variant B obtains root privileges, and notifies the remote host of the infected computer’s location on the Internet. It is recommended users avoid downloading pirated copies of these programs. Furthermore, it is anticipated that new variants will be discovered in the coming months in other software packages distributed by third parties over the Internet. Source:

Communications Sector

31. January 27, Louisville Courier-Journal – (Indiana; Kentucky; Tennessee) For some, phone, cable-TV service on hold. Electricity was not the only service interrupted by the ice storm. Downed lines left many residents without home phone service or cable TV, and cell-phone service was disrupted for some. An AT&T spokeswoman said she did not know how many Louisville, Kentucky-area customers have lost residential service. Technicians “are working around the clock to restore service to our customers as quickly as possible,” she said. AT&T will offer “the appropriate credits” to customers who lose service due to storm damage, the spokeswoman said. Downed phone lines forced many people to rely on cell phones, but wireless service was also compromised for some. A Sprint spokeswoman said the storm caused some voice and data outages in the Louisville area. She said 80 of the company’s cell sites were down in a region stretching between Louisville, Evansville, and Nashville because of storm damage. She did not know how many sites Sprint has in that region, but she said the company has 879 cell sites in Kentucky. Source:

No comments: