Department of Homeland Security Daily Open Source Infrastrucutre Report

Thursday, April 30, 2009

Complete DHS Daily Report for April 30, 2009

Daily Report

Top Stories

 Amid growing concern over the vulnerability of the U.S. electric grid to cyberattacks, two lawmakers are preparing to introduce new legislation aimed at bolstering the industry’s responsiveness to such threats. (See item 3.)

3. April 28, Computerworld – (National) New cybersecurity bill for electric grid readied. Amid growing concern over the vulnerability of the U.S. electric grid to cyberattacks, two lawmakers are preparing to introduce new legislation aimed at bolstering the industry’s responsiveness to such threats. The Critical Electric Infrastructure Protection Act is scheduled to be introduced on April 30. A brief statement issued by the house committee today described the proposed legislation as one that would primarily empower the Federal Energy Regulatory Commission, an independent agency that regulates the interstate transmission of gas, oil and electricity, to issue “emergency rules or orders” if a cyberthreat is imminent. The rules or orders may be issued if the Secretary of Homeland Security determines that a national security threat exists, the statement said. It did not, however, clarify what kind of rules and orders the proposed bill is specifically referring to. In addition, the bill would require the commission to assess existing cybersecurity standards within the electric sector and establish new standards, as needed, for dealing with cyberthreats. It would also require the Department of Homeland Security to conduct an investigation to determine if the electric infrastructure has been compromised by outsiders. Source:

 Due to swine flu concerns, Russia, China and Ukraine began banning pork products that come from some U.S. states — a move that a U.S. trade representative said could “do extraordinary damage” to the U.S. economy and other countries. (See item 19.)

19. April 29, USA Today – (National) Agriculture chief to public: U.S. pork products are safe. Federal officials moved on April 28 to bolster the $15 billion U.S. pork industry and reassure consumers that eating pork is safe amid the swine-flu outbreak. The effort comes after countries such as Russia, China and Ukraine began banning pork products that come from some U.S. states. The bans led to lower prices of pork, as well as for soybeans and corn, used as hog feed. “The livelihoods of a lot of people are at stake here,” U.S. Agriculture Secretary said, referring to the country’s 67,000 pork producers as well as soybean and corn farmers. “It is perfectly safe to consume pork and pork products from America.” He also said people should stop using the term “swine flu” and should call the disease H1N1 virus, which refers to the subtype of influenza virus causing the outbreak. “This really is not swine flu,” he said. A U.S. Trade Representative said he will talk to officials in countries that are restricting U.S. pork products. “That could do extraordinary damage” to the U.S. economy and other countries, he said. Source:


Banking and Finance Sector

8. April 28, MarketWatch – (National) Senate OKs $490 million to fight mortgage scams. The Senate voted on April 28 to give federal investigators more tools to combat mortgage fraud and other scams. The bipartisan legislation would authorize $490 million over two years to hire fraud prosecutors, increase enforcement actions and add funds to the Secret Service and Housing and Urban Development Inspector General. It also allocates funds to the Postal Inspection Service. It also sets up a commission of outside experts with subpoena power to examine the financial crisis and make recommendations. Of those funds, $165 million is being allocated to hire fraud prosecutors and investigators at the Justice Department and $140 million goes to increase the number of Federal Bureau of Investigation officials for the agency’s mortgage-fraud task forces. It also provides $50 million a year to expand the staff of the U.S. Attorney’s office and $40 million to expand the Justice Department’s criminal, civil, and tax divisions. The legislation, known as the Fraud Enforcement and Recovery Act, extends federal fraud laws to include mortgage loan companies that are not regulated or insured by the government. This expanded fraud statute would only have an impact on future crimes. Source:

9. April 28, WTOC 11 Savannah – (Georgia) New text message scam involves bank fraud. Beware if you get a text message claiming to be from your bank. The latest texting scam involves con artists texting your cell phone claiming to be from a variety of banks. One WTOC viewer warned about a text message pretending to be Suntrust Bank. The phone number is not associated with Suntrust and the bank does not send out text message alerts. Experts warn to take down the number and immediately report the text to the bank’s fraud department. Do not respond and do not give any information. Source:

10. April 28, Associated Press – (Maryland) 5 charged in ‘nightmare’ $70M mortgage scheme. More than 1,000 people were defrauded out of about $70 million by a group advertising the dream of homeownership in what turned out to be a nightmare Ponzi scheme, federal and Maryland officials said on April 27. Five officers for Laurel, Md.-based Metro Dream Homes company are accused of tricking homeowners into pouring money into the business with the promise that the revenue would be used to pay off their mortgages. The scheme ran from 2005 until October 2007, authorities said. The newly confirmed Assistant U.S. Attorney General said the charges should send a message to those engaging in mortgage fraud. “Our resolve as a group is great,” he said at a news conference in Washington. “We will find you. We will prosecute you, and we are going to put you in prison.” “Some people hope to get rich quickly just by dreaming, without the hard work,” said the U.S. attorney for Maryland. “Usually, people can achieve that only by breaking the rules.” Prosecutors say the company marketed the mortgage program in seminars at luxury hotels in Maryland, Washington and Beverly Hills, California. An investor had to put up a minimum of $50,000 for each home. The company was then supposed to pay off their mortgages within five to seven years. Source:

11. April 27, Los Angeles Business Journal – (California) FDIC pays out deposits from First Bank of Beverly Hills. First Bank of Beverly Hills was shut down by the California Department of Financial Institutions on April 24, and the Federal Deposit Insurance Corp. will pay out the deposits of the bank. As of December 31, 2008, First Bank of Beverly Hills, which was actually based in Calabasas, had total assets of $1.5 billion and total deposits of $1 billion, of which an estimated $179,000 was uninsured, according to a statement from the FDIC. According to a statement from the DFI, the bank was ordered it to increase its capital reserves, but efforts by the bank to do so were unsuccessful. The FDIC will begin mailing customers checks for their insured money starting on April 27. First Bank of Beverly Hills is the 28th FDIC-insured institution to fail this year and the fourth in California. Source:

Information Technology

35. April 27, Cnet News – (International) Puerto Rico sites redirected in DNS attack. An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on April 26 to sites that were defaced, according to security firm Imperva. Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, the chief technology officer at Imperva, said on April 27. A group calling itself the “Peace Crew” claimed that they used a SQL injection attack to break into the Puerto Rico registrar’s management system, he said. “We are seeing more and more of these DNS-related attacks and seeing them scale up,” he added. While the sites that visitors were redirected to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information. People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited. Source:

36. April 27, IDG News Service – (International) Bitlocker, TPM won’t defend all PCs against VBootkit 2.0. Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled recently but these technologies will not be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows. VBootkit 2.0 is proof-of-concept code that was unveiled by security researchers of NVLabs, at the Hack In The Box (HITB) security conference held in Dubai recently. The code, which is just 3KB in size, allows an attacker to take control of a Windows 7 computer by patching files as they are loaded into the system’s main memory. Because no software is modified on the computer’s hard disk, the attack is nearly undetectable. VBootkit 2.0 is an updated version of an earlier tool, called VBootkit 1.0, that can take control of a Windows Vista computer by a similar method. With VBootkit 2.0, once an attacker has taken control of the Windows 7 computer during the boot process they are able to get system-level access to the computer, the highest level possible. They can also remove user passwords to gain access to protected files and strip DRM (digital rights management) protection from multimedia files. The passwords can then be restored, hiding any evidence that it was compromised. “There is no fix for this. It cannot be fixed. It is a design problem,” one of the program designers said during his presentation last week, referring to Windows 7’s assumption that the boot process is safe from attack. In response, a Microsoft representative said Windows 7’s support for Trusted Platform Module (TPM) and BitLocker Drive Encryption (BDE) means the attack is “void,” downplaying the threat to users. Source:

Communications Sector

Nothing to report.