Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 30, 2009

Complete DHS Daily Report for January 30, 2009

Daily Report

Headlines

 According to the Associated Press, the U.S. Army secretary has ordered the recall of more than 16,000 sets of body armor following an audit that concluded the bullet-blocking plates in the vests failed testing and may not provide soldiers with adequate protection. (See item 7)


7. January 29, Associated Press – (National) Army orders recall of body armor. The U.S. Army secretary has ordered the recall of more than 16,000 sets of body armor following an audit that concluded the bullet-blocking plates in the vests failed testing and may not provide soldiers with adequate protection. The audit by the office of the Defense Department inspector general, not yet made public but obtained by the Associated Press, faults the Army for flawed testing procedures before awarding a contract for the armor. In a letter dated January 27 to the acting inspector general, the Army secretary said he did not agree that the plates failed the testing or that soldiers were issued deficient gear. He said his opinion was backed by the Pentagon’s top testing director. Despite his insistence that the armor was not deficient, he said he was recalling the sets as a precaution. He also said he has asked for a senior Pentagon official to resolve the disagreement between the Army and the inspector general’s office. The contract examined by the inspector general’s office is listed in the audit only as W91CRB-04-D-0040. An August 20, 2004 announcement on the Defense Department’s Web site states a contract under that designation was awarded to Armor Works of Chandler, Arizona. The Army bought 51,334 sets of the protective inserts under the contract for just over $57 million, according to the inspector general. Source: http://www.google.com/hostednews/ap/article/ALeqM5ie3E8xI1zhgguCFKHUyUZLzewvSAD960JHTO3


 USA Today reports that the first federal evaluation of mass-transit security shows that more than 75 percent of the nation’s major rail and bus systems are not meeting Homeland Security guidelines, according to a new report by the Department. (See item 14)


14. January 28, USA Today – (National) Rail lines, bus systems show security shortfalls. The first federal evaluation of mass-transit security shows that more than 75 percent of the nation’s major rail and bus systems are not meeting Homeland Security guidelines. By contrast, 96 percent of airlines are complying with security requirements, according to a new report by the Department. The report does not identify which rail and bus systems fell short. The assessment comes as the new Homeland Security Secretary says she plans to focus more on mass transit, possibly through “redeployment” of resources from other areas. The Department’s evaluation, published on its Web site January 15, found that 37 of the nation’s 48 largest transit systems are not complying with voluntary guidelines set in 2007. There is no sanction for non-compliance. Guidelines include training transit workers in security, running security drills regularly, and sharing intelligence with other agencies. Some Homeland Security recommendations involve planning and could be done at little or no cost, said the director of the National Transportation Security Center of Excellence at San Jose State University. Source: http://www.usatoday.com/news/washington/2009-01-28-transit_N.htm


Details


Banking and Finance Sector


10. January 29, USA Today – (International) Data scams have kicked into high gear as markets tumble. Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say. The schemes, often involving online promotions touting fake computer virus protection, get-rich scams and funny or lurid videos already were rising last fall when financial markets took a dive. With consumers around the world panicking, the number of scams on the Web soared. The number of malicious programs circulating on the Internet tripled to more than 31,000 a day in mid-September, coinciding with the sudden collapse of the U.S. financial sector, according to Panda Security, an Internet security firm. It was not a coincidence, said the chief corporate evangelist at Panda. “The criminal economy is closely interrelated with our own economy,” he says. “Criminal organizations closely watch market performance and adapt as needed to ensure maximum profit.” Source: http://www.usatoday.com/money/industries/technology/2009-01-28-hackers-data-scams_N.htm


11. January 28, Associated Press – (Tennessee) SEC charges adviser with fraud linked to bailout. Federal regulators on January 28 charged an investment adviser with securities fraud, saying he bilked clients of at least $6.5 million in the first scheme using the government’s $700 billion financial bailout program as a front to lure investments. The Securities and Exchange Commission won a court order freezing the assets of a Nashville man and his firm, ProTrust Management Inc. The suspect and ProTrust consented to a temporary restraining order, the asset freeze and an accounting of all funds raised, the SEC said. The agency is seeking unspecified restitution and fines against them; a hearing has been scheduled for February 6. The SEC alleged that the suspect defrauded clients by falsely telling them their money was being invested in the Treasury Department’s financial rescue plan, called the Troubled Asset Relief Program, and other securities that actually do not exist. The suspect represents himself as a financial planner and investment adviser, but neither he nor his firm is registered with the SEC or a state regulator, the agency said in its civil lawsuit filed in federal court in Nashville. The SEC said that the suspect, who obtained control over funds of at least 27 clients, falsely claimed to have invested their money in securities described as “private placements,” creating phony account statements. Source: http://www.google.com/hostednews/ap/article/ALeqM5joS93MXNJGBDYkFH70Wjj2SGCcywD960DT400


12. January 28, CNNMoney – (National) BofA vows to track and report loan activity. The Bank of America chief executive officer said on January 28 that the troubled banking giant will soon start to publish reports tracking how much it is lending. Charlotte-based Bank of America said after the market closed that it will provide data on its lending and investing activity in 10 key areas. The company said the move will help it document its efforts to counter the steep downturn in the economy. “As America’s largest bank, Bank of America must play a leading role in providing the capital and liquidity that will help revitalize the U.S. economy,” the chief executive officer said in a press release. Source: http://money.cnn.com/2009/01/28/news/newsmakers/bofa.lewis.lending.fortune/index.htm


Information Technology


27. January 29, CNET News – (International) Chrome, Firefox face clickjacking. Security researchers have discovered a flaw affecting Google’s Chrome browser that exposes it to “clickjacking” — in which an attacker hijacks a browser’s functions by substituting a legitimate link with one of the attacker’s choice. Google has acknowledged the flaw and is working toward a patch for Chrome versions 1.0.154.43 and earlier when running within Windows XP SP2 systems, according to a SecNiche security researcher. The researcher disclosed the flaw on January 27 and has since posted a proof of concept on the Bugtraq vulnerability disclosure forum. “Attackers can trick users into performing actions which the users never intended to do and there is no way of tracing such actions later, as the user was genuinely authenticated on the other page,” the researcher said within the disclosure. While Google is working on a fix, a representative for the Australian arm of the company pointed out that clickjacking can affect all browsers, not just Chrome. “The (clickjacking) issue is tied to the way the Web and Web pages were designed to work, and there is no simple fix for any particular browser. We are working with other stakeholders to come up with a standardized long-term mitigation approach,” they said. Source: http://news.cnet.com/8301-1009_3-10152438-83.html?part=rss&tag=feed&subj=News-Security


28. January 29, Heise Online – (International) Vulnerability found in FFmpeg library. A vulnerability has been found in FFmpeg that may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library. FFmpeg is a free tool and library collection which is used to record, convert and stream audio and video. It is used by several popular open source software projects including VLC media player, MPlayer, Perian, and others. The cause of the problem, according to an expert, is an error during the processing of files in proprietary 4X movie format (4XM). For a successful attack, the victim must open a manipulated file. FFmpeg versions before version 16846 are affected. Version 16846 has now been released and closes the hole in the libavformat/4xm.c file. Users can upgrade from the FFMpeg repository or wait for the distributions to update. Source: http://www.heise-online.co.uk/news/Vulnerability-found-in-FFmpeg-library--/112517


29. January 28, The Register – (International) DDoS attack boots Kyrgyzstan from net. The Central Asian republic of Kyrgyzstan was effectively knocked offline recently by a Russian cybermilitia that continues to flood the country’s Internet providers with crippling data attacks, a security expert said. The attacks, which began on January 18, bear the signature of pro-Russian nationalists believed to have launched similar cyber assaults on the republic of Georgia in August, said a researcher with Atlanta-based security provider SecureWorks. The attacks on Kyrgyzstan were so potent that most net traffic in and out of the country was completely blocked during the first seven days. Over the past 48 hours, ISP have managed to mitigate some of the damage by relocating the servers of their biggest customers to different IP address ranges and employing a technique known as source filtering, which is designed to block harmful traffic while still allowing friendly packets through. Some media organizations and government opposition groups in the country of 5.3 million have not been so fortunate. Source: http://www.theregister.co.uk/2009/01/28/kyrgyzstan_knocked_offline/


30. January 27, DarkReading – (International) SecureMac.com releases free iServices Trojan removal tool 1.1. Since SecureMac released its iWorkServices Trojan Removal Tool recently, a new related Trojan has been detected in the wild. As a result, SecureMac has updated the tool, and renamed it iServices Trojan Removal Tool. The tool is still free to download and use, and now detects and removes the new variant distributed with pirated versions of Adobe (ADBE) Photoshop CS 4 for Apple (AAPL) Mac OS X. Pirated copies of Photoshop CS 4 are reported by Intego to contain malware. On January 16, a copy of Photoshop CS 4 containing the Trojan variant was seeded to a number of peer-2-peer networks. This Trojan has been labeled OSX.Trojan.iServices.B and is the second variant discovered in the wild; variant A was found recently in pirated copies of iWork 09. Like its predecessor, variant B obtains root privileges, and notifies the remote host of the infected computer’s location on the Internet. It is recommended users avoid downloading pirated copies of these programs. Furthermore, it is anticipated that new variants will be discovered in the coming months in other software packages distributed by third parties over the Internet. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212903151


Communications Sector

31. January 27, Louisville Courier-Journal – (Indiana; Kentucky; Tennessee) For some, phone, cable-TV service on hold. Electricity was not the only service interrupted by the ice storm. Downed lines left many residents without home phone service or cable TV, and cell-phone service was disrupted for some. An AT&T spokeswoman said she did not know how many Louisville, Kentucky-area customers have lost residential service. Technicians “are working around the clock to restore service to our customers as quickly as possible,” she said. AT&T will offer “the appropriate credits” to customers who lose service due to storm damage, the spokeswoman said. Downed phone lines forced many people to rely on cell phones, but wireless service was also compromised for some. A Sprint spokeswoman said the storm caused some voice and data outages in the Louisville area. She said 80 of the company’s cell sites were down in a region stretching between Louisville, Evansville, and Nashville because of storm damage. She did not know how many sites Sprint has in that region, but she said the company has 879 cell sites in Kentucky. Source: http://www.courier-journal.com/article/20090129/NEWS01/901290436/1008/NEWS01

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, January 29, 2009

Complete DHS Daily Report for January 29, 2009

Daily Report

Headlines

 The San Francisco Chronicle reports that an oil tanker leaving the Port of San Francisco lost power on Tuesday just west of the Golden Gate Bridge and was escorted back into the bay for repairs, a U.S. Coast Guard spokesman said. (See item 2)


2. January 27, San Francisco Chronicle – (California) Tanker loses power, escorted into bay for repairs. An oil tanker leaving the Port of San Francisco for Ecuador lost power January 27 just west of the Golden Gate Bridge and was escorted back into the bay for repairs, a U.S. Coast Guard spokesman said. The 741-foot Overseas Cleliamar had unloaded all of its oil at the Port of San Francisco and was carrying no cargo when it lost power at shortly after 5 p.m. The ship did not hit anything, and no pollution was believed to have been released, said a Coast Guard petty officer. The ship lost propulsion just after passing under the Golden Gate Bridge. The San Francisco ship pilot directed the ship to drop anchor near Point Diablo on the Marin side of the Golden Gate. The 32-member crew was able to restore power after about ten minutes. The Coast Guard received the call of distress at 5:22 p.m. A Coast Guard cutter and tugboats escorted the ship back into the bay for repair, although the ship was moving under its own power. He said Coast Guard helicopters flew over the scene and saw no signs of spilled oil or other pollution. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/01/28/BABI15IFVI.DTL


 According to the Federal Aviation Administration Safety Team, on February 1, the International Cospas-Sarsat Organization (United States included) will terminate processing of distress signals emitted by 121.5 MHz Emergency Locator Transmitters. Currently, only 12-15 percent of the registered aircraft in the United States are flying with 406 MHz ELTs. (See item 13)


13. January 26, Federal Aviation Administration Safety Team – (National) 406-MHz ELT requirement starts next month. On February 1, 2009, the International Cospas-Sarsat Organization (United States included) will terminate processing of distress signals emitted by 121.5 MHz Emergency Locator Transmitters (ELTs). Pilots flying aircraft equipped with 121.5 MHz ELTs after that date will have to depend on pilots of over flying aircraft and or ground stations monitoring 121.5 to hear and report distress alert signals, transmitted from a possible crash site. Currently only 12-15 percent of the registered aircraft in the United States are flying with 406 MHz ELTs. This means that there is at least an 85 percent chance that an aircraft in an accident will only transmit a 121.5 MHz signal, thus remaining silent to the satellites. It will be up to other pilots monitoring the 121.5 MHz frequency in the cockpit to alert Search and Rescue authorities to accidents involving 121.5. If a 121.5 MHz ELT is heard on guard, pilots must report to the nearest air traffic control tower or Flight Service Station, the time and location of when you first detect the ELT, when it is the loudest, and when it drops off your radio. Cospas-Sarsat System has been and will continue processing emergency signals transmitted by 406 MHz ELTs. These 5 Watt digital beacons transmit a much stronger signal, are more accurate, verifiable and traceable to the registered beacon owner. Source: http://www.amtonline.com/article/article.jsp?siteSection=1&id=7260


Details

Banking and Finance Sector

7. January 27, CNN – (Florida) Investment fund manager facing fraud charges surrenders. A missing Florida fund manager, whose $300 million in investment funds are actually worth less than $1 million, according to a federal lawsuit, has turned himself in to face fraud charges, the Federal Bureau of Investigation said on January 27. The 76-year-old suspect, “recently transferred at least $1.25 million from two of the funds to secret bank accounts that he controlled,” according to a filing last week in federal court by the Securities and Exchange Commission. The suit, filed January 21 in U.S. District Court in Tampa, charged the suspect with fraud “in connection with six hedge funds” in which he was principal investment adviser. Accompanied by two defense lawyers, the suspect turned himself in to the Tampa FBI field office and was taken into custody around 9:45 a.m. on January 27, a FBI spokesman said. Source: http://www.cnn.com/2009/CRIME/01/27/fund.manager.surrender/index.html


8. January 28, Seacoastonline.com – (New Hampshire) Service Credit Union advises members to avoid phone scam. Service Credit Union is warning that telephone scammers are attempting to obtain personal information from ATM/Visa Check cardholders. Area residents, members and nonmembers, are receiving computer-generated calls claiming to be from Service Credit Union. The call claims account information was breached and directs the cardholder to press 1 to give his or her debit card information to reactivate any cards. Personal information requested includes account number, card expiration date and personal identification number. Service Credit Union does not solicit personal information over the phone, and if residents receive questionable calls, they should not provide any personal information, said the chief executive of Service Credit Union. If residents receive a suspicious call, they should notify Service Credit Union by e-mail and call the local authorities. Source: http://www.seacoastonline.com/articles/20090128-NEWS-901280394


9. January 28, Bloomberg – (National) FDIC may run ‘bad bank’ in plan to purge toxic assets. The Federal Deposit Insurance Corp. (FDIC) may manage the so-called bad bank that the Presidential Administration is likely to set up as it tries to break the back of the credit crisis, two people familiar with the matter said. The FDIC chairman is pushing to run the operation, which would buy the toxic assets clogging banks’ balance sheets, one of the two people said. The chairman is arguing that her agency has expertise and could help finance the effort by issuing bonds guaranteed by the FDIC, a second person said. The President’s team may announce the outlines of its financial-rescue plan as early as next week, an administration official said. The bad-bank initiative may allow the government to rewrite some of the mortgages that underpin banks’ bad debt, in the hopes of stemming a crisis that has stripped more than 1.3 million Americans of their homes. Some lenders may be taken over by regulators and some management teams could be ousted as the government seeks to provide a shield to taxpayers. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=avQ3LP7o44oU&refer=home


Information Technology


25. January 27, PC World – (International) Security firm sees alarming rise in ‘transient’ threats. Anti-virus firm AVG Technologies says an alarming rise in the number of virus-laden sites that are here today and gone tomorrow is causing security experts to re-think traditional virus protection strategies. AVG reports the number of Web sites set up to steal one’s data has nearly doubled from about 150,000 per day to 300,000 since October 2008. More alarming to AVG is the fact those sites are short lived and vanish sometimes within 24 hours. These “transient threats” make maintaining lists of dangerous Web sites extremely hard to manage, said the chief research officer for AVG. “Security firms can no longer rely on just blacklisting sites,” the chief research officer said. AVG, like many other anti-virus companies, keeps track of rogue sites and updates its desktop anti-virus software with that list. But as the churn of new threats increases at an alarming rate blacklist databases become increasingly less effective. Source: http://www.pcworld.com/article/158401/security_firm_sees_alarming_rise_in_transient_threats.html


26. January 27, TechCrunch.com – (International) Report: click fraud at record high. 17.1 percent of all clickthroughs on Web advertising are the result of clickfraud, the act of clicking on a Web ad to artificially increase its click-through rate, according to the latest report from Click Forensics, a company that specializes in monitoring and preventing Internet crime. The level of clickfraud is the highest the company has seen since it started monitoring for it in 2006, dashing hopes that it might hold steady in 2008. The company recorded a rate of 16.3 percent in the first fiscal quarter of 2008 (Q1). Also alarming is the fact that over 30 percent of click fraud is now coming from automated bots — a 14 percent increase from last quarter and the highest rate Click Forensics has seen since it started collecting data. Click fraud for ads on content networks like Google AdSense and Yahoo Publisher Network was up to 28.2 percent from 27.1 percent last quarter, though that figure has decreased since Q4 2007, when it was at 28.3 percent. Outside of the United States, Click Forensics reports that the most click fraud came from Canada (which contributed 7.4 percent), Germany (3 percent), and China (2.3 percent). Click Forensics also notes that it has seen a reemergence with some old-hat tricks, like link farms. The company speculates that the increase may be tied to the poor economy, which has spurred a rise in activity like phishing and other cybercrime. Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/01/28/AR2009012800046.html

Communications Sector

27. January 28, Heise Media – (International) Windows mobile Bluetooth vulnerability allows access to any files. A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using “../” or “..\\” as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware. The issue does require that the targeted hand held device is paired with the attacking device, which is usually only possible with the owner’s consent. There are, though, situations where a user may wish to restrict access to their files for paired devices, and the problem means that these restrictions are only partially effective. The discoverer of the bug has published a detailed guide to the problem. Source: http://www.heise-online.co.uk/security/Windows-Mobile-Bluetooth-vulnerability-allows-access-to-any-files--/news/112510


28. January 28, Associated Press – (Arkansas; Kansas) Cox to test new way to handle Internet congestion. Cox Communications, the third-largest U.S. cable company, stepped on to the battleground of the “Net Neutrality” issue on January 27, saying it will be trying out a new way to keep its subscribers’ Internet traffic from jamming up. Starting on February 9 in parts of Kansas and Arkansas, Cox will give priority to Internet traffic it judges to be time-sensitive, like Web pages, streaming video, and online games. File downloads, software updates, and other non-time sensitive data may be slowed if there is congestion on the local network, Cox said. The news is sure to revive the debate about Net Neutrality, or the question of how much Internet service providers like Cox can interfere with subscriber traffic. Source: http://tech.yahoo.com/news/ap/20090128/ap_on_hi_te/tec_cox_internet


29. January 26, CNET News – (National) Congressman wants to ban silent camera phones. Earlier in January, a U.S. Representative from New York introduced a bill in the U.S. House of Representatives that would ban camera phones from having a silent mode when taking a picture. The Camera Phone Predator Alert Act (H.R. 414) would “require any mobile phone containing a digital camera to sound a tone whenever a photograph is taken.” What is more, the bill would prohibit such handsets from being equipped with a means of disabling or silencing the tone. Enforcement would be through the Consumer Product Safety Commission. The text of the bill is short, and the Representative’s office has not released any public statements. At the time of this writing, the bill has been referred to the House Energy and Commerce. The Camera Phone Predator Alert Act has no co-sponsors. Source: http://news.cnet.com/8301-17938_105-10150671-1.html?part=rss&tag=feed&subj=News-Wireless