Thursday, June 4, 2009

Complete DHS Daily Report for June 4, 2009

Daily Report

Top Stories

· According to the Columbus Dispatch, federal and local investigators say an arsonist set a fire that caused an estimated $5 million to $10 million in damage last week to a manufacturing plant in Hilliard, Ohio. The facility housed HighCom Security and Wolfden Products. (See item 10)

10. June 2, Columbus Dispatch – (Ohio) Investigators: Hilliard fire was arson. Federal and local investigators say an arsonist set a fire that caused an estimated $5 million to $10 million in damage last week to a manufacturing plant in Hilliard. A spokeswoman for HighCom Security, which provides body armor and other equipment for police and the military, said her company’s portion of the facility had only been running for about a year, as its first manufacturing plant. The building also housed Wolfden Products, which makes fiber composites for military, automotive and industrial uses. State fire marshal investigators had called in the national response team of the Bureau of Alcohol, Tobacco, Firearms and Explosives to help inspect the 75,000-square-foot building. Source:

· IDG News Service reports that as many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. (See item 35)

See item 35 in the Information Technology Sector


Banking and Finance Sector

12. June 2, Wall Street Journal – (National) FBI director anticipates new crime wave of financial fraud. The Federal Bureau of Investigation is braced for a potential crime wave involving fraud and corruption related to bank bailout money and the economic stimulus package, the FBI director warned on June 2. “These funds are inherently vulnerable to bribery, fraud, conflicts of interest and collusion. There is an old adage, that where there is money to be made, fraud is not far behind, like bees to honey,” the director told an afternoon gathering of business executives. Given the trillions and trillions of dollars involved in the government’s current moves to stem the economic crisis, “from the purchase of troubled assets to improvements in infrastructure, health care, energy and education, even a small percentage of fraud would result in substantial taxpayer losses,” said the director. Source:

13. June 2, Bozeman Daily Chronicle – (Montana) Scam claims to be First Interstate Bank. Several Bozeman-area residents have reported receiving automated telephone calls from a company fraudulently representing itself as First Interstate Bank and asking them to provide their credit or bank card information. In the message, the company tells the resident that the security of their card has been compromised. The resident is then asked to supply their card number and personal identification number so that a new card can be issued. “If you receive one of these calls, do not give any information and do not return any phone calls,” states a scam alert issued on June 2 by the Bozeman Police Department. Local law enforcement officials are asking people who receive the fraudulent calls to contact police and their bank to verify if it needs any information. First Interstate Bank is aware of the scam and advises that they would not solicit any personal information via the telephone, Internet or e-mail. Source:

14. June 2, Associated Press – (National) Indictment: Colo scam raked in $10M from 15 states. Two men are accused of running a $10 million Ponzi scheme based in Colorado that bilked investors from 15 states and the U.S. Virgin Islands. The defendants are accused of talking dozens of people into investing in a scheme to buy and resell electronics and appliances. An indictment handed up on May 29 and made public on June 2 charges the defendants with counts of theft and securities fraud. The indictment lists victims in Arizona, California, Colorado, Connecticut, Florida, Georgia, Massachusetts, Minnesota, New Mexico, New York, Ohio, South Carolina, Texas, Washington and Wisconsin and the U.S. Virgin Islands. The indictment alleges one of the defendants claimed to have a rare and valuable master purchase agreement with a major electronics manufacturer that would allow his company, Genius Inc., to buy in bulk for wholesale resale. No such agreement existed, and money from investors was used for personal expenses, gambling and payouts to other investors, according to the indictment. An investigation concluded only $100,000 was spent on electronics and appliance purchases from June 2005 to February 2008, during which millions were raised. Source:

15. June 2, U.S. Banker – (National) FDIC setting up Committee on Community Banking. The Federal Deposit Insurance Corp.’s board of directors voted last week to create the FDIC Advisory Committee on Community Banking. Calling community banks the “lifeblood of our nation’s financial system,” the FDIC chairman said the committee “will get direct and frequent input on many issues from a cross-section of community bankers nationwide.” The chairman of the Independent Community Bankers of America and president and chief executive officer of Easton Bank praised the creation of the committee. In a public statement on May 29 he said the group will offer advice on issues such as the “latest examination policies and procedures, deposit insurance assessments and regulatory compliance matters.” Insurance coverage and credit and lending practices will also be on the agenda. Another topic on the table may well be consolidation, as the FDIC and the industry continue to face the highest level of bank failures in decades, although that prospect was not addressed by either party. “Across the U.S. right now there are still a fair number of community and regional banks with significant problems,” says a partner in Bryan Cave’s Atlanta office and a member of the law firm’s financial institutions team. Source:

Information Technology

35. June 2, IDG News Service – (International) Thousands of Web sites stung by mass hacking attack. As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site’s usage, then to another bad site, said the threat research manager for Websense. Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked, the researcher said. Another possibility is that the FTP credentials for the sites have somehow been obtained by hackers, giving them access to the inner workings of the site. It appears the hackers are using automated tools to seek out vulnerable Web sites, the researcher said. The latest campaign underscores the success hackers have at hosting dangerous code on poorly secured Web sites. Once a user has been directed to the bogus Google analytics site, it redirects again to another malicious domain. That site tests to see if the PC has software vulnerabilities in either Microsoft Corp.’s Internet Explorer browser or Firefox that can be exploited in order to deliver malware, the researcher said. If it does not find a problem there, it will launch a fake warning saying the computer is infected with malware and then try to get the user to willingly download a program that purports to be security software but is actually a Trojan downloader, he said. The fake security programs are often called “scareware” and do not work as advertised. As of May 29, only four of 39 security software programs could detect that Trojan, although that is now likely changed as vendors such as Websense swap malware samples with other companies in order to improve overall Internet security. Source: See also:

36. June 2, eWeek – (International) Apple patches QuickTime, updates iTunes. Apple has issued a slew of critical patches for its QuickTime media player and updated the digital media application iTunes. Version 7.6.2 of QuickTime received the majority of patches, targeted at patching holes that allow maliciously crafted files to perform unexpected application terminations or arbitrary code executions. The iTunes upgraded software now supports iPhone and iPod touch with the iPhone’s 3.0 software update, and Version 8.2 also includes “many accessibility improvements and bug fixes,” according to Apple. In March, Apple announced that iPhone firmware Version 3.0 was due to be released in mid-2009. One QuickTime patch fixes a memory corruption issue that existed in the player’s handling of Sorenson 3 video files, while another addressed the issue of a heap buffer overflow existing in the handling of FLC compression files. Eight of the patches concern Apple and Microsoft operating systems, and two patches address vulnerabilities found only in Microsoft Vista and XP versions. The update is the second this year for QuickTime; the first, issued in January, fixes seven security vulnerabilities. Microsoft noted in a security report published in 2008 that, in the first half of 2008, a QuickTime flaw had been the third-most attacked vulnerability for Windows XP users and the fourth-most attacked for Vista customers. Source: See also:

Communications Sector

37. June 3, Daily Times – (Virginia) Broadband cables to be placed. The Eastern Shore of Virginia Broadband Authority announced this week that it has completed an easement purchase agreement with Canonie Atlantic Company and Cassatt Management LLC (Bay Coast Railroad) for placement of a fiber optic cable along the railroad immediately. Installation along the railway corridor is part of the network backbone, or the “super highway” of the high-speed network. The first phase of the broadband initiative, which places the fiber optic cable across the Chesapeake Bay Bridge-Tunnel, is nearing completion, officials said in a prepared release. The goal of the authority is to provide the most affordable, technologically up-to-date broadband Internet service possible for all residents, businesses and institutions on Virginia’s Eastern Shore; and to provide very high-speed access, said the interim executive director of the authority. Source:

38. June 2, Tampa Bay Business Journal – (Florida) AT&T activates Pasco, Hernando cell towers. AT&T has activated three new cell sites in Pasco and Hernando counties. The new sites are among nearly 100 AT&T plans to add in Florida this year. The Hernando County cell site, located on U.S. 19 north of the Forest Oaks Boulevard intersection, is providing additional wireless coverage in northern Spring Hill and along U.S. 19 just south of Weeki Wachee. In northwestern Pasco County, a new cell site on Antler Lane is just east of the Suncoast Parkway/Veterans Expressway and north of the Shady Hills Road exit. It is boosting coverage in Shady Hills and eastern Spring Hill, the company said. Another new cell site is near County Line Road and Meadow Pointe Boulevard in Wesley Chapel and that is expanding coverage in the Meadow Pointe subdivision, according to a release. The new Hernando and Pasco county cell sites are part of AT&T’s continued expansion of its high-speed, third-generation network. AT&T announced late May that it would be upgrading its network with the goal of increasing speed. Those upgrades are slated to begin later this year for completion expected in 2011. Source:

39. June 1, Techworld – (International) Servers crash after data center overheats. The spate of hot weather in the United Kingdom claimed a notable scalp after a London data center experienced a cooling failure, which caused several servers to overheat and crash. The Braham Street data center, located in the City of London, and owned by Level 3 Communications, experienced a chiller failure on May 31 when one of the five units designed to cool the data centre failed. “The faulty chiller is currently being repaired, and the other chillers continue to operate at the facility,” he added. “Customers are being informed of the issue.” Techworld understands that the data center itself continued to run as usual with no downtime, but that several servers within the data center itself overheated and crashed. Although the outside temperature on May 31 in that area peaked at a high of 23 degrees Celsius (73 degrees Fahrenheit), the internal temperatures within the data centre soared to an estimated 50 degrees Celsius (122 degrees Fahrenheit) by 7 p.m. in the evening. Typically, data centers aim to run at anywhere from 18 to 25 degrees Celsius (64 to 77 degrees Fahrenheit). These soaring temperatures claimed at least one victim, bringing down servers belonging to the music service, for five hours approximately. Source:

No comments: