Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, January 13, 2009

Complete DHS Daily Report for January 13, 2009

Daily Report

Headlines

 KOVR 13 Sacramento reports that radical animal rights activists have threatened to send letter bombs to two University of California at Davis researchers. (See item 16)

16. January 11, KOVR 13 Sacramento – (California) Two UC Davis researchers receive bomb threats. Radical animal rights activists have threatened to send letter bombs to two University of California at Davis researchers, according to authorities. The group has reportedly carried out a bombing in the past. An online posting by a group calling itself the Revolutionary Cells Animal Liberation Brigade identified the two university researchers by name on Saturday night, saying that they had sent them a nasty surprise through the mail. The threat accuses the two researchers at the California National Primate Research Center of torturing primates. UC Davis security is on high alert. The group that made the threat is the same group that claimed responsibility for bombing an Emeryville building and a failed car bombing attempt on a UCLA professor. No suspicious packages have been found in either researcher’s mailbox, and one of the researchers said his mail is being screened at the post office. Other researchers at the Primate Center have been warned to be careful when opening their mail. Source: http://cbs13.com/local/letter.bomb.threats.2.905783.html

 According to the Wall Street Journal, an Ohio company recalled its creamy peanut butter after Minnesota health authorities identified the sandwich spread as the likely source of a wave of salmonella infections in the state. (See item 17)

17. January 11, Wall Street Journal – (Minnesota; Ohio) Peanut butter suspected in Salmonella outbreak. An Ohio company recalled its creamy peanut butter after Minnesota health authorities identified the sandwich spread as the likely source of a wave of salmonella infections in the state. Minnesota investigators found that every one of the 30 people with recent salmonella infections in that state had eaten peanut butter before falling ill, and confirmed in the “overwhelming majority” of those cases that the victims had eaten King Nut brand, according to a state Department of Health spokesman. The Minnesota salmonella strain matches the bacteria that have sickened at least 369 people in 41 other states since early September, although Minnesota authorities have not connected the peanut butter to the national outbreak. King Nut said it had purchased the peanut butter from Peanut Corp. of America of Lynchburg, Virginia, and sold it under the King Nut and Parnell’s Pride brands. King Nut distributed it to universities, restaurants, hospitals, and other institutional food services. The company said the contamination was in an open container “in a large, institutional kitchen,” raising the possibility of cross-contamination. Source: http://online.wsj.com/article/SB123172133257172179.html?mod=googlenews_wsj

Details

Banking and Finance Sector


7. January 12, Reuters – (National) FDIC faces $10 bln IndyMac loan exposure – paper. The Federal Deposit Insurance Corp. (FDIC) may be facing up to $10 billion in previously unknown liabilities tied to mortgages failed lender IndyMac sold to Fannie Mae, the New York Post said. Such a liability to the FDIC’s $34.6 billion insurance fund would leave the agency less able to deal with the number of bank failures expected this year, the paper said. The FDIC agreed on January 2 to sell IndyMac’s assets to a consortium of private equity and hedge fund firms, including Dune Capital Management and J.C. Flowers & Co. The FDIC, which has run IndyMac since its failure on July 11, undertook as part of the deal to share losses on a portfolio of IndyMac loans. Source: http://www.reuters.com/article/privateEquity/idUSBNG10892720090112


8. January 10, Champaign News Gazette – (Illinios) Police warn of text message scam. Police in Champaign, Illinois, are investigating an ongoing text message scam that attempts to get the receiver to provide their account number. Dozens were sent out about 7:30 p.m. January 9 to area residents. The message, which appears to be from a local bank, advises the recipient that their card has been deactivated. To reactivate their card, the recipient is told to call a phone number and provide their account number and pin number. The information is used to fraudulently remove funds from the recipient’s account. Source: http://www.news-gazette.com/news/local/2009/01/10/police_warn_of_text_message_scam


9. January 10, Oshkosh Northwestern – (Wisconsin) Police warn of text message scam. Police in Oshkosh, Wisconsin, are warning residents not to respond to text messages appearing January 10 on area cell phones purporting to be from Associated Bank. The message asks recipients to “Please verify your Associated Bank account (unusual activity),” and directs the recipient to call a toll-free number. The Winneconne police chief said his department has been deluged with calls from people concerned about the message. He said the message is a scam designed to collect account information. Source: http://www.thenorthwestern.com/article/20090110/OSH0101/901100330/1128/OSH01

10. January 9, MarketWatch – (National) Changes urged in doling out of $700 billion bailout. A key lawmaker called on January 9 for Congress to impose stricter requirements on how the government uses the second half of a $700 billion financial bailout fund as a separate oversight panel blasted the handling of the first half. The House Financial Services Committee chairman detailed legislation that would condition the release of the second half of the bailout funds on a number of changes, including a series of restrictions on executive compensation, requiring more monitoring and accountability on banks, and imposing more conditions on auto companies receiving funds. The chairman also said the bill would direct more help to small banks, and that he expects the measure would redirect much of the capital infusion by the government away from the larger financial institutions. Source: http://www.marketwatch.com/news/story/changes-urged-doling-out-financial/story.aspx?guid={E5CE2612-1B2E-40EB-A2BF-EE9C9FF4FA20}



Information Technology

28. January 12, ComputerWeekly – (International) Experts reveal 25 coding errors that let in hackers. International security organizations have unveiled a list of 25 common programming errors that cause security vulnerabilities and expose IT users to cyber attack. Nine of the errors involve insecure interaction between software components, nine relate to risky resource management, and seven deals with access control. The U.S.-funded collaboration project is managed by the Mitre and Sans Institute and brings together security experts from more than 30 global organizations. The project is aimed at helping software producers to code more securely by focusing on actual errors and providing information on how to avoid them. The project will also enable end user organizations to get suppliers to certify their code is free of these programming errors. The Sans Institute said it was shocking that most of these common security errors are not understood by programmers. Programmers are not widely taught to avoid these errors and commercial software producers seldom check for them. Source: http://www.computerweekly.com/Articles/2009/01/12/234179/experts-reveal-25-coding-errors-that-let-in-hackers.htm


29. January 9, ZDNet – (International) Firefox team stops collecting data to ensure user privacy. The Firefox team decided this week to stop collecting unique identifiers that link crash reports from the same user. During the somewhat heated debate during an extended session of its weekly meeting, opponents said the practice violates user privacy, while proponents say having the data visible could help them fix bugs and solve bottlenecks faster — even though they claim to have never used it before. Opponents won the debate by arguing that user privacy trumps any development issue. After the meeting, an engineering chief summed up the issue this way: “The discussion at the end of the meeting was around what data we should and shouldn’t be collecting with crash reports, whether or not that data becomes publicly visible on our Crash Reporter developer website,” the engineer wrote in response to questions submitted by ZDNet. “The questions in the discussion centered around the value in keeping unique identifiers that allow us to associate two crashes from the same user. While there is value in being able to do this easily, the potential cost to user privacy felt high, and so some were arguing that we shouldn’t have the crash reporter client on user’s machines send these unique identifiers,” he wrote. “That argument prevailed, and the change will be made such that unique identifiers will no longer be sent. We’ll also purge the database of the ones we’ve collected (but not actually even used) to date and instead find new ways of drawing the correlations required for data analysis which don’t have as high a risk to user privacy.” Source: http://blogs.zdnet.com/open-source/?p=3274

Communications Sector

Nothing to report.

Department of Homeland Security Daily Open Source Infrastructure Report

Monday, January 12, 2009

Complete DHS Daily Report for January 12, 2009

Daily Report

Headlines

 Water Technology Online reports that the mayor of Tacoma, Washington, has declared a civil emergency for the city of about 200,000 due to the threat the rising Puyallup River poses to the city’s wastewater treatment plant. (See item 16)

16. January 8, Water Technology Online – (Washington) WA floods impacting treatment plants. The mayor of Tacoma, Washington, has declared a civil emergency for the city of about 200,000 due to the threat the rising Puyallup River poses to the city’s wastewater treatment plant, according to local reports. Tacoma, as well as most of northwestern Washington, has been inundated with floodwaters as snowmelt and rain swell rivers and caused mudslides and avalanches. The city of Spokane’s wastewater treatment plant was processing about 70 million gallons a day, more than the average flow, the operator in charge told KXLY 4. The water, which is accompanied by higher-than-usual levels of sand, is now being treated with an abbreviated treatment process to get the water in and out faster. “When they are full we don’t have any more storage capacity, then we have to process it, disinfect it and send it to the river,” the operator is quoted as saying. In Orting, residents were helping to pack sandbags around the city’s water treatment plant, the Associated Press reported on January 8. Source: http://www.watertechonline.com/news.asp?N_ID=71215

 According to WebMD, Quest Diagnostics, a company that performs lab tests for patients nationwide, says some of the vitamin D tests it conducted in 2007 and part of 2008 yielded incorrect results. (See item 20)

20. January 8, WebMD (National) Flawed results on some vitamin D tests. Quest Diagnostics, a company that performs lab tests for patients nationwide, says some of the vitamin D tests it conducted in 2007 and part of 2008 yielded incorrect results. Quest Diagnostics has already sent letters to the doctors of the patients with suspicious results on their vitamin D test, according to the medical director of the endocrinology lab at Quest Diagnostics Nichols Institute in San Juan Capistrano, California. The incorrect vitamin D tests tended to overestimate patients’ blood levels of vitamin D. The errors stemmed from problems with the test’s reagents and calibrators, and there were also “issues with some sites not following proper operating procedure.” Source: http://www.webmd.com/news/20090108/flawed-results-on-some-vitamin-d-tests

Details

Banking and Finance Sector


4. January 8, Bloomberg – (New York) Ponzi scheme targeted Catholics, priests, U.S. says. U.S. prosecutors and market regulators accused a Buffalo, New York-area investment adviser of operating a Ponzi scheme that targeted Catholics, including priests. The man was charged with mail fraud at federal court in Buffalo, a U.S. attorney said Thursday in a statement. He placed advertisements in Catholic newspapers across the country while raising at least $17 million since 2004, according to the statement. The marketing materials claimed “seniors and clergy are absolutely pleased” with the firm’s returns and lack of fees, the Securities and Exchange Commission (SEC) said in a civil lawsuit naming him and his firm, Gen-See Capital Corp. “Investors’ funds are not, however, invested in anything,” the SEC said. The man told clients their money was invested in “high quality” residential mortgages purchased at a discount, according to the SEC. Instead, funds were misappropriated to pay periodic returns, the regulator said. Payments in November were sent to at least 200 clients, including Catholic priests, religious orders, and cemetery funds, it said. The SEC said it is also seeking an emergency court order freezing the defendants’ assets. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aELIfH1r.knc&refer=home


5. January 8, Wall Street Journal – (Pennsylvania) New Ponzi case pursued. The Commodity Futures Trading Commission (CFTC) and the Securities and Exchange Commission (SEC) brought civil charges against a Pennsylvania man accused of running a $50 million Ponzi scheme since at least February 1995. Authorities said in a complaint Thursday that the man of Broomall, Pennsylvania, turned himself in to authorities in December and signed a confession with the U.S. postal inspector after his alleged Ponzi scheme fell apart. No criminal charges have been filed at this point. According to the SEC, he obtained the $50 million from as many as 80 different investors through the sale of securities in the form of limited partnership interests in his firm, Joseph Forte LP. Authorities claim he told investors he would invest money in an account that trades in securities-futures contracts. The CFTC’s complaint, filed in a U.S. District Court in Philadelphia, accuses him of solicitation fraud, misappropriation of commodity-pool funds, sending customers false account statements, and failing to register as a commodity-pool operator. On Wednesday, a U.S. District judge issued an order freezing all of his assets. Source: http://online.wsj.com/article/SB123146543612166835.html?mod=googlenews_wsj


6. January 7, Guardium – (District of Columbia) Washington Metropolitan Area Transit Authority implements Guardium to safeguard customer data, automate PCI-DSS controls. Guardium, a database security company, announced on January 7 that the Washington Metropolitan Area Transit Authority (Metro) has implemented Guardium’s real-time database security and monitoring solution to help safeguard sensitive cardholder data in its heterogeneous, multi-tier database and application environment. With more than 9 million credit and debit card transactions yearly, Metro is classified as a top-tier Level 1 merchant by the Payment Card Industry Data Security Standard (PCI-DSS). The chief of Metro IT Security, Department of Information Technology, Washington Metropolitan Area Transit Authority said, “Guardium has helped us implement robust, hardened ‘security zones’ around our critical production databases, with a DBMS-independent architecture that doesn’t impact performance or require changes to our databases and applications.” Guardium is also helping Metro simplify enterprise security by automating and centralizing controls required for compliance. “We initially looked at native DBMS logging and auditing, but it’s impractical because of its high overhead, especially when you’re capturing every single SELECT (database read operation) in a high-volume environment like ours,” he said. “In addition, native auditing doesn’t enforce separation of duties or prevent unauthorized access by privileged insiders.” Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212701129&subSection=Attacks/breaches



Information Technology

25. January 9, Register – (International) HP hunts down ‘rare’ BladeSystem problem. A power supply failure in HP BladeSystem c7000 enclosures can cause the whole BladeSystem to fail, the firm has admitted. According to an HP advisory note: “HP has identified a potential, yet extremely rare issue with HP BladeSystem c7000 Enclosure 2250W Hot-Plug Power Supplies manufactured prior to March 20, 2008. “This issue is extremely rare; however, if it does occur, the power supply may fail and this may result in the unplanned shutdown of the enclosure, despite redundancy, and the enclosure may become inoperable.” So, the issue is extremely rare, says HP. But it applies to any HP BladeSystem c7000 Enclosure configured with an HP c7000 Power Supply, if the power supply was manufactured before March 20, 2008. Each enclosure can have up to a total of six supplies. Source: http://www.theregister.co.uk/2009/01/09/hp_bladesystem_problem/


26. January 9, DarkReading – (International) Slow and silent targeted attacks on the rise. The most determined cybercriminals do not necessarily work fast when they breach a network, and their infiltration is often silent and undetectable. But it is this brand of “low and slow” targeted attack that can also be the most deadly, security experts say. This is a methodical attack, where the attacker covers his tracks as he penetrates the network, sometimes ceasing the attack for days at a time to avoid raising suspicion. It is typically a nearly invisible hack that is not discovered until it is too late, after the bad guys have made off with valuable data and done serious damage. Security experts say IT and security managers need to be at the ready for these highly targeted attacks, which may be more common than once thought. No one knows for sure just how widespread these attacks are today, but some basic characteristics are present as to how they are executed. The attacker typically initially gains access through a Web application vulnerability, or via a successful spear-phishing attack on an employee. After he gets inside, he may wait a few days or so after this first stage of the attack. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=0NURT4VR50P3YQSNDLPSKHSCJUNN2JVN?articleID=212701434


27. January 8, CNET News – (International) Fake CNN site from phishing e-mail hides a Trojan. A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering “graphic” video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on January 8. When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs a “SSL stealer” Trojan that captures financial and other sensitive information, RSA said in a blog. The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said the vice president of product management and strategy at RSA. Source: http://news.cnet.com/8301-1009_3-10137863-83.html?tag=newsEditorsPicksArea.0


28. January 8, CNET News – (International) Latest problem import? Infected digital photo frames. Digital photo frames infected with computer viruses are the latest problem import from China. “Essentially, it’s a supply chain problem,” said the director of the Internet Storm Center at the SANS Institute. The culprit is believed to be poor quality-assurance testing procedures in which one of every 1,000 or so devices is plucked off an assembly line and tested on a computer that is infected with a virus, he said. Before Christmas, Samsung and Amazon issued alerts warning customers that some Photo Frame Driver CDs for Samsung’s SPF line of digital photo frames contained a virus in the frame manager software. Customer PCs running Windows XP are at risk of being infected by the virus, W32.Sality.AE, which drops a keylogger or backdoor onto the system. Element and Mercury brand frames sold at Circuit City and Wal-Mart, respectively, also were reported to be infected, according to the San Francisco Chronicle. “Anything that has flash storage or bootable storage is exposed to this kind of threat,” said the director of security research for McAfee Avert Labs. “It doesn’t mean you shouldn’t buy them. You should just realize before you plug it in that you might want to disable the Windows auto-boot functionality and run an antivirus scan on it, just to be safe.” Source: http://news.cnet.com/8301-1009_3-10137032-83.html?part=rss&tag=feed&subj=News-Security


Communications Sector

29. January 8, RCR Wireless News – (District of Columbia) DC cell phone jamming demo canceled. The District of Columbia cancelled Thursday’s scheduled cell phone jamming demonstration at a city jail. Cellular industry association CTIA Wednesday petitioned a federal appeals court to overturn the Federal Communication Commission’s (FCC) January 2 order permitting the District of Columbia Department of Corrections to host a demonstration using equipment supplied by CellAntenna Corp. The FCC told the court the cell phone jamming event had been cancelled by the District of Columbia Department of Corrections and was not rescheduled. Given the events, CTIA withdrew its appeals court petition. The District of Columbia Department of Corrections director requested permission for the jamming demonstration in a December 16 letter to the outgoing FCC chairman. He wrote that the proliferation of contraband cell phones has become a major security risk within corrections facilities around the country and that handsets are being used by prisoners to intimidate witnesses, coordinate escapes, and conduct criminal enterprises. Wireless providers appear worried that any policy changes could lead to a proliferation of cell phone jammers that citizens could use to halt annoying cell phone conversations at restaurants, movies, and other public venues. Federal law forbids citizens as well as state and local law enforcement from using cell phone jammers, while U.S. agencies are not bound by the prohibition. Source: http://www.rcrwireless.com/article/20090108/WIRELESS/901089987/1082/dc-cellphone-jamming-demo-canceled