Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 24, 2009

Complete DHS Daily Report for June 24, 2009

Daily Report

Top Stories

 According to the Toronto Star, journalism students from the University of British Columbia say they paid $40 in Ghana for a second-hand hard drive that contained information about multi-million-dollar defense contracts between the Pentagon, DHS, and private military contractor Northrop Grumman. (See item 12)

12. June 23, Toronto Star – (National) Secret U.S. data found on cast-off hard drive. Journalism students from the University of British Columbia say they paid $40 in Ghana for a second-hand hard drive that contained information about multi-million-dollar defense contracts between the Pentagon, U.S. Department of Homeland Security and one of the largest military contractors in the United States. The students were part of a team sent to three countries to investigate the problems caused by the global trade in electronic waste. Their documentary Ghana: Digital Dumping Ground airs June 23 on PBS’s Frontline/World season finale. One of the students said on June 22 the hard drive was purchased in an open-air market in the coastal town of Tema from a local dealer who bought second-hand hard drives by the cargo load. The students purchased five drives. Four were empty, but one contained information about hiring and personnel contracts and plans for U.S. defense agencies and the private military contractor Northrop Grumman, they say. Data on the hard drive included sensitive information about hiring practices, which could help people learn how to get into secured positions at places such as airports. The hard drive also contained information such as credit card numbers and family photos. Northrop Grumman has acknowledged it is looking into how its hardware and data ended up in Ghana. Source:

 Reuters reports that transit authorities in Washington, D.C. were warned to upgrade the safety standards of older subway cars before a crash on Monday that killed seven people, an NTSB spokeswoman said at a news conference at the scene of the accident. (See item 16)

16. June 23, Reuters – (District of Columbia) Washington subway warned before crash that killed 7. Transit authorities in Washington, D.C. were warned to upgrade the safety standards of older subway cars before a crash on June 22 that killed seven people, U.S. investigators said on June 22. Federal officials investigating the cause of the crash, the deadliest in the 33-year history of Washington’s Metro Area Transit Authority, said a 2006 warning to upgrade or retire older, less protected cars had gone unheeded. “We recommended to WMATA to either retrofit those cars or phase them out of the fleet. They have not been able to do that and our recommendation was not addressed,” a National Transportation Safety Board spokeswoman said at a news conference at the scene of the accident. Seventy-six people were taken to hospitals after one train slammed into another that was stopped on above-ground tracks during the afternoon rush hour, said the mayor of the District of Columbia. He said there were seven confirmed fatalities. Two people had been in critical condition but one patient was upgraded overnight, he said. The operator of the moving train was among those killed in the crash, the impact of which drove one train into the air and on top of the other. It remained there on Tuesday morning as workers attempted to clear the wreckage. Source:


Banking and Finance Sector

13. June 23, Oil and Gas Journal – (Indiana) SEC charges Berkshire Resources and its principals with fraud. The U.S. Securities and Exchange Commission charged Berkshire Resources LLC and its principals with securities fraud on June 7 in connection with their oil and gas offerings. The company’s head sales agents were also named in the complaint filed in federal district court for the Southern District of Indiana. In that complaint, the SEC said that it alleged that Berkshire raised $15.5 million from 265 U.S. and Canadian investors through a series of unregistered, fraudulent offerings of securities in the form of “units of participation.” The offerings’ purported purpose was to fund oil and gas operations which Berkshire was to oversee, the SEC said. It said that one of the company’s principles’ was the company’s public face and was portrayed as its lead manager with extensive oil and gas experience. In reality, he had no such experience and his father ran the company behind the scenes. The father has an extensive disciplinary history for securities fraud and is facing a criminal indictment in connection with another similar, but unrelated, oil and gas scam, the SEC said. It said that the complaint also alleges that Berkshire and its principals misled investors when they assured them that 100 percent of the investments would be used for oil and gas drilling projects. Instead, the SEC said, Berkshire spent $6.7 million on items having nothing to do with oil and gas drilling, including its own payroll, outside sales commissions, and marketing and promotional expenses. Of that amount, $1.7 million went to family members to pay for home mortgages, furnishings, and electronics, cars, and credit card charges, the federal securities regulator said. Source:

14. June 22, Bloomberg – (New York) Fund manager Stein pleads guilty to $30 million fraud. A New York hedge-fund manager pleaded guilty to running a $30 million fraud and the friends and acquaintances whom he preyed on urged a federal judge to immediately jail him. The guilty party admitted on June 22 to four counts of securities fraud and one charge of wire fraud. He was initially accused March 31 of cheating a client out of $6.5 million. He faces as much as 19 years and seven months in prison, prosecutors said in court on June 22. He was allowed to remain free on a $2 million bond and ordered to restrict his travel within southeastern New York. The SEC also filed a separate civil action that accused the guilty party, who controls Gemini Fund I hedge fund, DISP LLC and Prima Capital Management Corp., of moving millions of dollars from at least 83 investors through accounts he controlled, according to the complaint filed in federal court in Manhattan. Source:

15. June 22, Agence France-Presse – (New York) Madoff feeder fund charged with fraud. U.S. financial regulators charged a brokerage firm and several individuals with funneling billions of dollars to help finance a Wall Street swindler’s massive Ponzi scheme. The Securities and Exchange Commission (SEC) filed a complaint in a U.S. district court in New York against Cohmad Securities Corporation, its chairman, his daughter and chief operating officer, as well as a registered representative for securities fraud. Two of the defendants, the SEC said, “collectively raised billions of dollars from investors for the Ponzi scheme,” which is estimated at between 50 and 65 billion dollars. “They ignored and even participated in many suspicious practices that clearly indicated the director of the Ponzi scheme was engaged in fraud,” the SEC added in its filing. The defendants, it said, were paid over 100 million dollars by the director of the Ponzi scheme for raising billions of dollars and bringing in more than 800 investor accounts over two decades. Another defendant participated in the pyramid scheme “by soliciting investors and bringing more than 1 billion dollars” into Bernard L. Madoff Investment Securities LLC (BMIS), according to the SEC. Source:

Information Technology

32. June 23, TMJ 4 Milwaukee – (International) Call 4 action: Outlook phishing scam. A new phishing scam that appears to be from Microsoft about reconfiguring Outlook is making the rounds. The problem with this scam is that it appears to come from Microsoft, a source that it typically trusted. The e-mail also seems legitimate because a lot of people use Outlook and they might be tricked into believing that this is just a routine update that is needed to keep their account functioning. Clicking on a link that is included in the e-mail could potentially allow full access to an e-mail account, allowing the phishers to view e-mails containing personal information, and they could also use the account for sending out high volumes of spam. If a user is not sure about whether an update or re-configurations is needed, the user is advised to contact a system administrator or Microsoft direct. Source:

33. June 22, Computerworld – (International) Exploits of unpatched Windows bug will jump, says Symantec. An exploit of a still-unpatched vulnerability in Microsoft Windows XP and Server 2003 has been added to a multi-strike attack toolkit, Symantec said recently, a move that may mean attacks will increase soon. According to Symantec, an in-the-wild exploit of the DirectShow bug, which Microsoft acknowledged a month ago, has been added to at least one Web-based attack kit. “This will likely lead to wide-spread use in a short time,” said a researcher with Symantec’s security response group, in an entry posted to the company’s blog on June 19. Microsoft has not yet issued a fix for the DirectShow bug, which affects Windows 2000, XP and Server 2003, but not the newer Windows Vista or Server 2008. The flaw also does not affect the not-yet-released Windows 7. However, attacks leveraging the bug have been tracked since May, when Microsoft issued a security advisory and confirmed it had evidence of “limited, active attacks.” Unlike other recent exploits of Microsoft zero-days, vulnerabilities that have not been patched by the time attack code surfaces, the DirectShow attacks are not targeting specific individuals or organizations. “This is not a targeted attack, but is one of limited distribution,” a senior research manager with Symantec, said in a telephone interview. What caught researchers’ attention, added the manager, was that the DirectShow exploit piggybacked on a run-of-the-mill phishing attack. It is becoming more common that a phishing site, in this case a bogus log-in page for Microsoft’s Windows Live software, also hosts malware that tries to hijack PCs. Source:

34. June 22, ZDNet – (International) Mozilla tackles XSS vulnerabilities with new technology. Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers. The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks. Website administrators specify which domains the browser should treat as valid sources of script. The browser will only execute script in source files from the white-listed domains and will disregard everything else, including inline scripts and event-handling HTML attributes. Sites that never want to have JavaScript included in their pages can choose to globally disallow script. To combat clickjacking, which allows clicks on one Web page to actually apply to clicks on another page that is invisible to the end user, Mozilla said Content Security Policy allows a site to specify which sites may embed a resource. The open-source group said Content Security Policy will be fully backward compatible and will not affect sites or browsers which do not support it. Source:

35. June 22, CNET News – (International) New Facebook blog: We can hack into your profile. FBHive, a new blog devoted to the discussion of all things Facebook, has debuted with the revelation that its creators have discovered a hack that can expose some crucial profile data. It will not expose an individual’s personal photos or wall posts. But, FBHive says, it can bring up all the “basic information” that a user has entered into their profile, even if a user has elected to keep that information private. This is the section that includes location, gender, relationship status, relationships (significant other, parents, siblings), political views, religious views, birthday, and hometown. That is enough to be a problem in the identity theft department, as it could easily expose frequent password hints like dates of birth and mothers’ maiden names. FBHive has not shared the details of the newly discovered hack; more disconcertingly, it said Facebook has done nothing since it alerted the social network to the issue earlier this month. Source:

Communications Sector

36. June 22, Richmond Register – (Kentucky) Ham radio operators prepare for emergency. Madison County “hams” will join more than 30,000 of other amateur radio operators across the country the weekend of June 27 and 28 as they practice their emergency capabilities. The public is invited to visit the hobbyists who are prepared to use their skills and equipment to provide emergency communication when a natural disaster disrupts conventional telecommunications. Using only emergency power supplies, ham operators will set up emergency stations in parks, shopping malls, schools and backyards around the country. They will use the newest digital and satellite capabilities, voice communications and even historical Morse code. In Madison County, the Central Kentucky Amateur Radio Society will set up at Camp Catalpa across off Irvine Road across from Lake Reba Park. There, the public can learn about ham radio’s new capabilities and learn how to get their own FCC radio license before the next disaster strikes. This weekend’s annual “Field Day” is the climax of a week long “Amateur Radio Week” sponsored by the American Radio Relay League, the national association for amateur radio. Source:

37. June 22, – (International) The coming trans-Atlantic bandwidth crunch. During the dot-com boom, so many undersea cables delivering the Internet traversed the bottom of the ocean between the U.S. and Europe that bandwidth prices plummeted and providers of submarine cables filed for bankruptcy. But those cables may soon no longer be enough to satisfy the global demand for bandwidth between the two continents, according to research out on June 22 from TeleGeography. The research firm estimates that bandwidth requirements will grow 33 percent between 2008 and 2015, and trans-Atlantic capacity will be exhausted by 2014. The report also notes that the wave of bankruptcies caused by the oversupply of trans-Atlantic fiber during the boom artificially lowered the cost of providing bandwidth on those cables because many of the pipe providers were able to erase their cable construction debts. That is good for the current customers who now pay lower prices for transporting their bits, but it means current prices do not take into account the construction cost of the cables. So future customers will likely see some price increases on wholesale bandwidth as pipe operators add more capacity, and find themselves paying for expensive optical infrastructure. Source:

No comments: