Tuesday, March 31, 2009

Complete DHS Daily Report for March 31, 2009

Daily Report

Headlines

 KTVT 11 Fort Worth reports that residents in the Ellis County, Texas town of Avalon evacuated their homes late Sunday after a fire inside a storage warehouse at the nearby PSC chemical plant. (See item 4)


4. March 29, KTVT 11 Fort Worth – (Texas) Fire at Ellis County chemical plant. Residents living in the Ellis County town of Avalon evacuated their homes late on March 29 after a fire at a nearby chemical plant. Hazardous material crews spent March 29 cleaning up after the fire. Authorities asked people living in a 1 mile radius around the plant to stay away from their homes until cleanup was complete. The fire was located inside a storage warehouse at the PSC chemical plant in Avalon. Fire officials in Avalon say even though the fire was out, there was concern over fumes from the smoldering fire. The fire is believed to have been caused by an electrical malfunction. It is unknown what chemical burned in the fire. Source: http://cbs11tv.com/local/ellis.county.avalon.2.971034.html


 According to IDG News Service, a security researcher at Symantec said that the March 26 disclosure of the GhostNet cyberespionage ring that targeted 1,295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks are changing the security landscape. (See item 27)


27. March 30, IDG News Service – (International) GhostNet highlights evolving threat environment. The high-profile disclosure recently of the GhostNet cyberespionage ring that targeted 1295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks, often run by criminals, are changing the security landscape, according to a security researcher at Symantec. “How much is the landscape changing? It is changing drastically,” said the vice president of research at Symantec Research Labs. GhostNet, documented in a report released on March 26 by the SecDev Group’s Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto, used malware and social engineering to give attackers full access to compromised computers. It also let attackers control the video cameras and microphones of these computers, letting them remotely monitor activity in the room where the computer was located. “It is another example of the sophistication of the types of attacks that are being put together,” the vice president said. The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly. “By the time we get a sample, it can be too late. They have already gone and morphed into another variant,” the vice president said. “There is no end in sight.” While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks. Source: http://www.pcworld.com/businesscenter/article/162178/ghostnet_highlights_evolving_threat_environment.html


Details

Banking and Finance Sector

10. March 29, KCRG 9 Cedar Rapids – (Iowa) Dubuque police warn of phone scam. The Dubuque Police Department is warning of a telephone scam that took place on March 29. The Dubuque County Emergency 911 Dispatch Center has been inundated with calls/inquiries from citizens concerning telephone calls they have received about their credit card information being compromised. When the call is answered, a recording is played purporting to be DuTrac Community Credit Union. The recording states the person’s credit card information has been compromised and they are instructed to “press 1” for the “security department,” then they are instructed to enter their credit card information and personal identification number (PIN). Dubuque police contacted DuTrac concerning the inquiries and have learned the calls are not affiliated with DuTrac Community Credit Union in any way. The calls are a fraudulent attempt to acquire the call recipient’s credit card information. People are instructed to hang up as soon as they identify this type of phone call and are reminded to never provide personal financial information over the phone. Source: http://www.kcrg.com/news/local/42089042.html


11. March 28, Los Angles Times (California) FDIC orders changes at six California banks. Revealing the recession’s rising toll on financial firms, the Federal Deposit Insurance Corp. (FDIC) disclosed on March 27 that it had ordered six more California banks to clean up their acts in February after the agency examined their books and operations. The banks — two in Los Angeles County, two in Riverside County, and one each in Stockton and La Jolla — received “cease and desist” orders that spell out publicly what the banks must do, such as boost capital levels, beef up management, and rein in risky loans. The number of such regulatory actions has been increasing rapidly. The FDIC, a primary regulator of many state-chartered banks as well as the guardian of federally insured deposits, has announced 10 public enforcement actions against California banks and bankers in the first two months of this year, compared with 24 in all of 2008 and no more than seven in each of the preceding three years. By the end of 2009, two-thirds of the state’s banks will be operating under cease-and-desist orders or other regulatory actions, an Anaheim-based banking consultant predicts. Most banks targeted in such actions eventually tighten up operations and continue in business or merge with stronger institutions, but regulators are preparing for a major wave of failures. Source: http://www.latimes.com/business/la-fi-banks28-2009mar28,0,2513212.story


12. March 27, Tampa Bay Business Journal (Florida) Omni National Bank taken over by FDIC. The FDIC has taken over as receiver for Atlanta-based Omni National Bank, which was battered by rising losses stemming from souring real estate loans. Omni has one location in Tampa. As of June 30, the bank had $32.4 million in deposits locally, according to the most recent information from the FDIC. The Office of the Comptroller of the Currency on March 27 made the announcement, saying the $980 million-asset bank had “experienced substantial dissipation of assets and earnings” because of “unsafe and unsound” practices. OCC also said the bank “incurred losses that have depleted most of its capital, and there is no reasonable prospect that the bank will become adequately capitalized without federal assistance.” The bank’s holding company Omni Financial Services Inc. was put under a regulatory oversight plan by the Federal Reserve Bank of Atlanta on March 17. Source: http://www.bizjournals.com/tampabay/stories/2009/03/23/daily62.html


Information Technology


27. March 30, IDG News Service – (International) GhostNet highlights evolving threat environment. The high-profile disclosure recently of the GhostNet cyberespionage ring that targeted 1295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks, often run by criminals, are changing the security landscape, according to a security researcher at Symantec. “How much is the landscape changing? It is changing drastically,” said the vice president of research at Symantec Research Labs. GhostNet, documented in a report released on March 26 by the SecDev Group’s Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto, used malware and social engineering to give attackers full access to compromised computers. It also let attackers control the video cameras and microphones of these computers, letting them remotely monitor activity in the room where the computer was located. “It is another example of the sophistication of the types of attacks that are being put together,” the vice president said. The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly. “By the time we get a sample, it can be too late. They have already gone and morphed into another variant,” the vice president said. “There is no end in sight.” While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks. Source: http://www.pcworld.com/businesscenter/article/162178/ghostnet_highlights_evolving_threat_environment.html


28. March 30, The Register – (International) Busted! Conficker’s tell-tale heart uncovered. Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines which is easy to detect using a variety of off-the-shelf network scanners. The finding means that, for the first time, administrators around the world have easy-to-use tools to positively identify machines on their networks that are contaminated by the worm. As of March 30, signatures will be available for at least half a dozen network scanning programs, including the open-source Nmap, McAfee’s Foundstone Enterprise, and Nessus, made by Tenable Network Security. Up to now, there were only two ways to detect Conficker, and neither was easy. One was to monitor outbound connections for each computer on a network, an effort that had already proved difficult for organizations with machines that count into the hundreds of thousands or millions. With the advent of the Conficker C variant, traffic monitoring became a fruitless endeavor because the malware has been programmed to remain dormant until April 1. The only other method for identifying Conficker-infected computers was to individually scan each one, another measure that placed onerous requirements on admins. The discovery of Conficker’s tell-tale heart two days before activation may prove to be an ace up the sleeve of the white hat security world. Source: http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/


29. March 30, PC World – (International) Adobe Reader, IE 7 holes under attack. A zero-day flaw, a security hole with no fix available before attacks could be launched, exists in Adobe Reader and Acrobat, and can be exploited by a poisoned PDF file in an attempt to take over a vulnerable computer. As Symantec reported in February, crooks have hit the flaw with small-scale attacks that e-mail PDF attachments to specific targets. Adobe says a patch should be ready shortly for version 9 of both programs, with fixes for earlier versions to follow. Individuals went after a bug in Internet Explorer 7 a week after Microsoft distributed a fix. Those attacks employed a malicious Word document, but the Internet Storm Center has warned that crooks could also add hidden code to a hijacked Web site to create a drive-by download attack. A user can install the patch for this browser flaw via Automatic Updates, or the user can download it. The same patch batch from Microsoft addresses a security vulnerability in the company’s Visio diagramming software; an attack through this hole can be triggered if a user opens a hacked Visio file. Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/03/27/AR2009032703426.html


30. March 28, PC World – (International) Search for ‘Conficker’ could lure virus. Symantec is warning Web users that searching for information on computer viruses such as Conficker could put them at risk of unintentionally downloading the virus on to their PC. Conficker targets a flaw in Windows Server and despite Microsoft releasing an emergency patch and urging all Web users to download it, many machines remain unprotected. According to the security vendor, searching for ‘conficker’ in a number of the Web’s most popular search engines brings up a number of hoax Web sites that actually host the virus and infect any users that navigate to the site. Symantec warns Web users the best course of action is to use software that will block Web pages such as these from being visited. Source: http://www.pcworld.com/article/162149/search_for_conficker_could_lure_virus.html


31. March 27, Computerworld – (International) Hack contest sponsor confirms IE8 bug in final code. The final version of Microsoft Corp.’s Internet Explorer 8 (IE8) does contain the vulnerability used to hack a preview of the browser at the recent Pwn2Own, the contest’s sponsor confirmed on March 28. But the exploit used by the computer science student to break the release candidate of IE8 will not work on the final version of IE8 as long as it is running in Windows Vista Service Pack 1 or Windows 7, said the manager of security response at 3Com Corp.’s TippingPoint unit. Questions had arisen about the exploitability of IE8 almost immediately after the Pwn2Own hack because the German student hacked IE8 Release Candidate 1 (RC1), while Microsoft released the final code less than 24 hours later. On March 27, the manager confirmed that IE8’s RTW, or “release to Web” portions, were immune from the hack. “His exploit did, in fact, employ the technique found by Sotirov and Dowd,” said the manager, referring to work by two researchers who announced last summer that they were able to bypass two of Vista’s biggest security defenses, ASLR (address space layout randomization) and DEP (data execution prevention). Microsoft made changes to IE8 between RC1 and the final code that blocked the circumvention technique, thereby making the exploit moot, but only in some situations, said the manager. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130683&intsrc=news_ts_head

Communications Sector

32. March 30, Science Daily – (National) New material could lead to faster chips: Graphene may solve communications speed limit. New research findings at the Massachusetts Institute of Technology (MIT) could lead to microchips that operate at much higher speeds than is possible with today’s standard silicon chips, leading to cell phones and other communications systems that can transmit data much faster. The key to the superfast chips is the use of a material called graphene, a form of pure carbon that was first identified in 2004. Researchers at other institutions have already used the one-atom-thick layer of carbon atoms to make prototype transistors and other simple devices, but the latest MIT results could open up a range of new applications. The MIT researchers built an experimental graphene chip known as a frequency multiplier, meaning it is capable of taking an incoming electrical signal of a certain frequency — for example, the clock speed that determines how fast a computer chip can carry out its computations — and producing an output signal that is a multiple of that frequency. In this case, the MIT graphene chip can double the frequency of an electromagnetic signal. Frequency multipliers are widely used in radio communications and other applications. But existing systems require multiple components, produce “noisy” signals that require filtering, and consume large power, whereas the new graphene system has just a single transistor and produces, in a highly efficient manner, a clean output that needs no filtering. Source: http://www.sciencedaily.com/releases/2009/03/090324081443.htm