Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, May 7, 2009

Complete DHS Daily Report for May 7, 2009

Daily Report

Top Stories

 According to SC Magazine, Wikileaks reported that the secure site for the Virginia Prescription Monitoring Program which keeps over eight million patient records has been replaced with a ransom demand for $10 million. (See item 26)

26. May 5, SC Magazine – (Virginia) Eight million patient records held to $10 million ransom. Over eight million patient records have been held to ransom in Virginia. Wikileaks has reported that the secure site for the Virginia Prescription Monitoring Program was replaced with a ransom demand for $10 million. The note, which was placed on the 30th April, left the site entirely disabled and it remains unavailable at the time of writing. The program, which is used by pharmacists and others to discover prescription drug abuse, declined to comment according to Wikileaks, although when contacted, appeared to be aware of the issue and instantly refers inquiries to the director of the DHP, who is presently unavailable. Source:

 USA Today reports that an early-season wildfire extended into the Santa Ynez Mountains and Los Padres National Forest in California. In southeastern Arizona, a human-caused fire charred 1,500 acres and spread to Coronado National Forest land. (See item 36)

36. May 6, USA Today – (Arizona; California) Wildfires threaten homes in Southern Calif., Ariz. An early-season wildfire whipped by high winds Tuesday forced the evacuation of 1,200 homes around the luxury seaside community of Santa Barbara. As of Wednesday morning, some 2,000 homes were threatened by the 400-acre blaze, which started shortly before 2 p.m. Tuesday. The cause of the blaze was not immediately known. There was zero containment of the fire when night fell Tuesday, and fire officials would not be able to make a new assessment until after dawn Wednesday, according to a Santa Barbara County fire Captain. A Red Cross shelter was set up for evacuated residents at the First Presbyterian Church. The evacuation area was north of State Route 192, also known as Foothill Road. Those homes extend into the Santa Ynez Mountains and Los Padres National Forest. In southeastern Arizona, a wildfire fueled by dry grass and brush has destroyed three homes and injured one person near Sierra Vista. The U.S. Forest Service says the human-caused fire charred 1,500 acres since breaking out on private land about 1 p.m. Tuesday west of Fort Huachuca and then spreading to Coronado National Forest land. The Canelo fire was estimated to be 25 percent contained as of early Wednesday. One person was airlifted Tuesday to a hospital for treatment of burns, although no other information about the victim was immediately available. Source:


Banking and Finance Sector

8. May 6, Bloomberg – (National) Bank of America may need about $34 billion of capital. Regulators have determined that Bank of America Corp. requires about $34 billion in new capital, the largest need among the 19 biggest U.S. banks subjected to stress tests, said a person with knowledge of the matter. Bank of America rose 9 percent in early New York trading. Citigroup Inc.’s shortfall is more limited because the company already plans to convert government preferred shares to common stock, people familiar with the results said. JPMorgan Chase & Co. does not need a deeper reserve against losses, according to people familiar with that company’s result. The banks may outline their strategies to add capital, or in other cases buy out government stakes, after the Federal Reserve publishes the stress tests results on May 7. Companies requiring more capital could raise all the funds through conversions of preferred shares if they choose, the people said. “To the extent that there are banks that need capital, our hope is that many of them will be able to raise that capital through either private equity offers, or through conversions and exchanges of existing liabilities,” the Federal Chairman told lawmakers at a hearing in Washington on May 5. “The data we have are accurate reflections of the financial conditions of those banks.” Banks that want to return money injected by the Treasury since October must show they can borrow from private investors without a Federal Deposit Insurance Corp. guarantee, according to people familiar with the matter. Source:

9. May 5, Associated Press – (Pennsylvania) Pa. suspect in $80M Ponzi scheme formally charged. An investment manager charged in a massive Ponzi scheme told clients his funds held $154 million when they actually held just $150,000, federal prosecutors charged in court documents on May 5. The filing against the defendant from Broomall followed a criminal complaint in January and related action by the Securities and Exchange Commission. The defendant raised more than $80 million by promising investors returns ranging from 18 to 38 percent and pledging that his funds never lost money, prosecutors said. He prepared reports boasting of high returns and repaid some early investors, but he pocketed more than $20 million for himself from 1996 to 2008, they said. The defendant is charged with wire fraud, mail fraud, bank fraud and money laundering. Source:

10. May 5, CBC News – (International) Calgary fraud charges dropped to extradite hacker to U.S. A hacker who once cracked the Pentagon’s computer system is going to be extradited from Calgary to face charges in New York of masterminding a global fraud network. The defendant was accused of stealing more than $1.8 million from Direct Cash Management, a Calgary company that sells prepaid debit and credit cards, along with three other accomplices. The Israeli citizen allegedly increased the limits on the cards, via a computer in his Montreal apartment, and then withdrew money from ATMs. However, the Crown withdrew six charges of unauthorized use of credit card data and one count of fraud over $5,000 against the defendant on May 5. “He was charged in both Canada and the United States and I think all parties appreciated that it would be unfair to have him go through a prosecution in both countries for what is in many ways the same kind of thing,” the defendant’s lawyer told CBC News. Source:

Information Technology

32. May 5, DarkReading – (International) Mcafee report: Bot infections jump 50 percent over last year. The number of bot-infected machines has jumped nearly 50 percent over last year, with the U.S. now home to the most zombies in the world, according to a new McAfee report released on May 5. And the Conficker worm, which grabbed mainstream media attention recently, is not a major factor in the bot infection counts nor overall infections, with Conficker infections accounting for only about 1 percent of all virus detections in the first quarter of this year, according to the director of security research for McAfee. McAfee Avert Labs found 12 million new IP addresses performing bot operations in the first quarter, according to the report, but spam activity still has not caught up to its level prior to the McColo takedown last November. “The activity level of new zombies indicates that the spammers are working hard to regain the infrastructure lost and that volumes will return to previous levels sometime soon,” the report says. The U.S. has 18 percent of all bot-infected machines, up from 15.4 percent in the fourth quarter of 2008, surpassing China, which now has 13.4 percent, down from 15.8 percent in Q4 ‘08. A new hotspot for zombies is Australia, which now has 6 percent of all bots, up from 4 percent in the fourth quarter, and below 2 percent in the third quarter of 2008. “The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware,” says the senior vice president of McAfee Avert Labs. “Essentially, this is cybercrime-enablement.” Source:

33. May 5, CNET News – (International) McAfee blasted for having holes in its Web sites. Security vulnerabilities on McAfee sites, including one designed to scan customers’ sites for flaws, exposed certain customer accounts and could have been used for phishing attacks in which malware disguised as McAfee software could be distributed, security experts say. McAfee said on April 5 that most of the vulnerabilities were fixed, except for one part of the Web site that was taken offline to be fixed. The McAfee sites were found to be vulnerable to cross-site scripting (XSS) attacks and cross-site request forgery attacks that could lead to phishing attacks on customers who think they are visiting the security vendor’s site, according to an article on ReadWriteWeb. Ironically, one of the vulnerable sites was McAfee Secure, which scans customer sites to determine if they are vulnerable to such attacks. The problem would signal that either McAfee does not run McAfee Secure across all of its own sites or the product does not work well, the report said. To fall victim to a cross-site request forgery attack on that site, targets would have to be logged into their McAfee accounts and browse to a malicious Web site that exploits the vulnerability, according to the site. Such attacks on sites of antivirus vendors are particularly dangerous because they enable attackers to create fake versions of security products that install Trojans or other malware and customers will trust it, the co-founder of Secure Science Corporation told ReadWriteWeb. Source:

Communications Sector

34. May 4, IDG News Service – (International) RIM to bind BlackBerry to Cisco phones. Research In Motion Ltd. and Cisco Systems Inc. are teaming up to let enterprises integrate their BlackBerries with Cisco IP phones, providing single-number capability and other features. The integration, announced on May 4, comes in the form of RIM’s BlackBerry Mobile Voice System (MVS) Server for Cisco Unified Communications Manager. It brings together the top enterprise mobile platform with the dominant networking vendor’s IP (Internet Protocol) voice and messaging system. Unified communications, a concept Cisco has aggressively pushed, is aimed in part at making individuals reachable anywhere, so mobile devices are a key element of the picture. RIM introduced the MVS Server last year after developing it from technology it acquired through the purchase of Ascendent Systems in 2007. It developed BlackBerry MVS Server for Cisco Unified Communications Manager through Cisco’s Technology Developer Program. By bringing together their BlackBerry and Cisco infrastructures, enterprises can make users reachable with one number, one caller ID and one voicemail box for both their mobile and desk phones. When calls come in, they may ring simultaneously on as many as four devices, including BlackBerries and Cisco IP desk phones, or ring one device after another in a sequence. Alternatively, employees can make calls from the BlackBerry using either the smartphone’s own number or an enterprise line. Source: