Department of Homeland Security Daily Open Source Infrastructure Report

Friday, May 22, 2009

Complete DHS Daily Report for May 22, 2009

Daily Report

Top Stories

 According to Computerworld, the U.S. National Archives and Recording Administration on Tuesday disclosed that an external hard drive believed to contain nearly 1TB of data from a former Presidential Administration had gone missing. On the drive were details about the security procedures used by the U.S. Secret Service at the White House. (See item 27)

27. May 21, Computerworld (National) Missing drive had no Clinton Administration records. No original records from the Presidential Administration that was in office from 1992 until 2000 were stored on an external hard drive missing at the U.S. National Archives and Recording Administration (NARA), the agency said Thursday afternoon. The NARA has offered a $50,000 reward for information leading to the recovery of the hard drive. The Archives has all of the original tapes and a backup hard drive containing the same information on the missing drive, meaning no data has been permanently lost. The agency on Tuesday disclosed that an external hard drive believed to contain nearly 1TB of data from the former Presidential Administration — some of it sensitive information — had gone missing. The data on the missing drive included more than 100,000, Social Security numbers and home addresses of numerous people who visited or worked at the White House. Included in the list is one of a former Vice President’s three daughters. Also on the drive were details about the security procedures used by the U.S. Secret Service at the White House, event logs, social gathering logs, and political records. Source:

 Reuters reports that the FBI and New York police arrested four men on Wednesday after authorities said they foiled a plot to blow up two synagogues in New York City’s Bronx borough and simultaneously shoot down military planes at an Air National Guard base at Stewart airport. (See item 39)

39. May 21, Reuters – (New York) Suspects in NY synagogue plot remanded in jail. Three of four Muslim men suspected of a plot to blow up two New York synagogues and shoot down military planes were ordered to remain in jail on Thursday in what police have called homegrown terrorism. The case has shaken a wealthy neighborhood of New York City’s Bronx borough where police said the men, who had been watched for nearly a year in a sting operation, planted what they thought were bombs in cars parked outside each synagogue. The suspects then intended to shoot down planes with guided surface-to-air missiles but the explosives and the missiles, which had been sold to the accused plotters by an FBI informant, were deactivated, police said. Police said the suspects had criminal records and may have converted to a radical version of Islam while in prison. They had no known links to al Qaeda, police said. The FBI and New York police arrested the men on Wednesday night after they planted 37 pounds of inert C-4 explosives in each of two cars parked outside each synagogue. From there they had planned to travel about 60 miles upstate to an Air National Guard base at Stewart airport in their hometown of Newburgh to shoot down planes with the deactivated stinger missile. Source:


Banking and Finance Sector

9. May 21, Bloomberg – (National) U.S. regulators target four savings and loans for stress tests. Four U.S. savings and loans are being subjected to financial stress tests, the head of the Office of Thrift Supervision said, expanding regulatory efforts to determine the financial health of the nation’s largest lenders. Four institutions are under review, the OTS acting director said in an interview on May 20. He declined to name them. The exams mirror those completed this month on 19 of the biggest lenders, which determined that losses could reach $599.2 billion should the economy worsen in two years and ordered 10 to raise $74.6 billion. The review is separate from the work of an OTS division created this year to monitor the largest 25 thrifts with more than $10 billion in assets. OTS created it after investigations into failed lenders by the Treasury Department’s inspector general faulted the agency’s supervision, the director said. The savings and loans are being examined using assumptions applied by the Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp., the director said. The assumptions include an “adverse scenario” of a 3.3 percent drop in gross domestic product this year, and average unemployment of 8.9 percent this year and 10.3 percent in 2010. The stress tests are “a pilot,” the director said in the interview. “Regulatory tools are always evolving.” Source:

10. May 20, WSMV 4 Nashville – (National) FTC launches new scam prevention site. The federal government has a new tool to stop people from being scammed during the recession. The Federal Trade Commission launched a new Web site called Money Matters that they hope will help the public avoid bogus companies. “For the most part, fraud preys on consumers not knowing what is going on and not understanding what is happening. So, if we can get the consumer educated, it is much harder for the bad guys to convince the consumer to fork over their money,” said a representative of the Federal Trade Commission. The site is filled with tips and warning signs for consumers about scams. The FTC especially wants people to be aware of businesses who promise to help homeowners from foreclosure. The Web site has information on scams, credit cards, managing money, dealing with debt and individuals jobs. Source:

11. May 20, Investment News – (National) Defrauded AIG investors to get $843M from SEC. The Securities and Exchange has announced that it will pay $843 million to investors in American International Group Inc. who were jilted in an accounting and securities fraud fiasco dating back to 2000. Checks to more than 257,000 investors will be distributed in the next few months, coming from a Fair Fund established by the SEC after AIG settled accusations that it had violated securities laws. The payments to investors are related to a 2006 complaint filed by the SEC alleging that the New York-based insurer had entered into two sham reinsurance transactions in 2000 and 2001 with Stamford, Connecticut-based General Re Corp. The transactions had allowed AIG to add $500 million in fake loss reserves to its balance sheets for the fourth quarter of 2000 and first quarter of 2001, according to the SEC. That action boosted the insurer’s stock price and made its finances appear healthy to analysts and investors. After federal and state regulators investigated AIG about the Gen Re transaction, the firm had to restate the accounting for 66 transactions. In 2006, the insurer, without admitting or denying the SEC’s claims, agreed to pay a $100 million civil penalty to the commission and disgorge $700 million in ill-gotten gains. Source:

12. May 20, Bloomberg – (National) U.S. may strip SEC of powers in regulatory overhaul. The U.S. Presidential Administration may call for stripping the Securities and Exchange Commission of some of its powers under a regulatory reorganization that could be unveiled very soon, people familiar with the matter said. The proposal, still being drafted, is likely to give the Federal Reserve more authority to supervise financial firms deemed too big to fail. The Fed may inherit some SEC functions, with others going to other agencies, the people said. On the table: giving oversight of mutual funds to a bank regulator or a new agency to police consumer-finance products, two people said. The 75-year-old SEC, chartered to oversee Wall Street and safeguard investors, has seen its reputation tarnished as some lawmakers blamed it for missing the incipient financial crisis and failing to detect a $65 billion Ponzi scheme. Any move to rein in the agency is likely to provoke a battle in Congress, which would need to approve the changes, and draw the ire of union pension funds and other advocates for shareholders. “It would be a terrible mistake,” said a former federal judge and SEC enforcement chief. “Whatever the SEC has done or did not do, it is still the premier investor protection agency around.” Source:

13. May 20, Associated Press – (National) Obama signs mortgage bill into law. The U.S. President said homeowners facing foreclosure would have a second chance under a measure he signed into law on May 20, but he added consumers still must live within their means. The law encourages banks to spare homeowners from foreclosure and cracks down on lenders who take advantage of them. The bill passed Congress recently and the U.S. President bypassed a promised five-day waiting period to make it law. The law, officially called the Helping Families Save Their Homes Act, expands an existing $300 billion program that encourages lenders to adjust a mortgage if the homeowner agrees to pay an insurance premium. The program, set to expire in 2011, would swap out a homeowner’s high-interest rate for a 30-year fixed loan backed by the Federal Housing Administration. Because of strict eligibility requirements, only about 50 homeowners are refinancing through the program compared to the 400,000 people it was estimated to help. “Too many administrative and technical hurdles made it very difficult to navigate, and most borrowers did not even bother to try,” the U.S. President said. “And this bill removes those hurdles, getting folks into sustainable and affordable mortgages and, more importantly, keeping them in their homes.” Source:

Information Technology

32. May 21, IT Pro – (International) Tvviter – Beware of fake Twitter phishing Web site. Security vendors have warned about a fake phishing website targeting users of Twitter, designed to convince users to type in their personal details and directing users to ‘Adult Dating Services’ by adding followers to the compromised accounts. According to a member of Trend Micro, anyone fooled into giving away their account credentials will find at least six new followers appearing on their account. Links to these profiles will be to redirect users to adult dating site, which would make the scammers money through a pay-per-click affiliate scheme. It is not the first security issue highlighted on Twitter this week, a talk show host managed to accidently post his email address to 260,000 followers. A security researcher said that his accidental tweet is never really deleted, and that he managed to find the email address in a matter of seconds. The researcher asked why Twitter does not ‘really’ delete messages when asked to, and said it was a serious security problem that searching could find messages a user thought were no longer accessible. Source:

33. May 20, IDG News Service – (International) Conficker still infecting 50,000 PCs per day. The Conficker worm is still infecting systems at a brisk rate and continues to snag computers in Fortune 1000 companies, according to security researchers. The worm is infecting about 50,000 new PCs each day, according to researchers at Symantec, who reported on May 20 that the U.S., Brazil and India have been hit the hardest. “Much of the media hype seems to have died down around Conficker/Downadup, but it is still out there spreading far and wide,” Symantec said in a blog post. Conficker began spreading late last year, taking advantage of a recently patched flaw in Microsoft’s Windows operating system to infect entire networks and also using removable storage devices to hop from PC to PC. Security experts say it has now infected millions of computers worldwide, which now comprise the world’s biggest botnet network. “We can see that companies that spend literally millions of dollars on equipment and gear to prevent infections…these Fortune companies have had this infection and it has stayed in their networks for a long period of time,” said the CEO of Support Intelligence and a member of the Conficker Working Group. “It is really hard and really expensive, and if the Fortune companies cannot stop it, how can you expect small businesses to do it?” The Working Group has set up so-called sinkhole servers that can communicate with infected machines. It has spotted infections within many Fortune 1000 companies, the CEO said. “Everybody got hit,” he said. “Even Microsoft still has infections.” Source:

34. May 20, IDG News Service – (International) Adobe snaps to attention over security vulnerabilities. Adobe Systems, whose applications have been hit hard by hackers, is combing through legacy code for bugs in its products and plans a regular quarterly patch release, according to a top security official. The move comes after Adobe noticed “significant changes in the threat landscape,” said the director for product security and privacy at the company, on May 20. Adobe plans to issue patches every three months on the second Tuesday of the month, the same day that Microsoft releases its patches, the director said. Releasing patches in tandem with Microsoft is easier for administrators, who can test the fixes from both companies at the same time before updating desktop PC images. Adobe’s Reader and Acrobat software are used for creating and reading PDFs (Portable Document Format) files, which is the widely used format for saving Web pages, creating forms and for other uses. The programs also use JavaScript, a programming language which if not implemented correctly can allow hackers to create PDFs that trigger, for example, a memory corruption problem that can allow for complete control of a computer and all of its data. Source:

35. May 20, IDG News Service – (International) Angered by Apple delay, hacker posts Mac Java attack code. In an effort to draw attention to a long-standing security problem in Apple’s Mac OS X operating system, a security researcher has posted attack code that exploits the flaw. The software, which could be used by hackers to run an unauthorized system on a Mac, was posted on May 19 by a security researcher in San Francisco. It exploits a bug in the Java software that ships with Mac OS X. This bug was fixed by Java’s creator, Sun Microsystems, on December 3, but Apple has still not included the fix in its software updates. “Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated,” the researcher wrote in a blog posting describing the issue. “Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept.” The researcher’s proof of concept code runs Mac’s Say software to make the computer say “I am executing an innocuous user process,” but it could be adapted by criminals to run malicious programs on the computer. Security vendor SecureMac advises Mac users to disable Java in their Web browser until Apple fixes the issue. “This vulnerability could be exploited to perform ‘drive-by-downloads’ commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user,” the company said in a note on its Web site. “All a user has to do is visit a web page hosting a malicious Java applet to be exploited.” Source:

36. May 20, Government Computer News – (International) A new strategy for applying Oracle patches. Every four months, Oracle releases a batch of patches that fix the most recent vulnerabilities in all of its products. And with each release, the company urges that each and every one of these patches be applied immediately. However, a security firm that specializes in Oracle products is taking exception to this prescription. “Oracle’s mentality is to apply them all right now. We do not think that is realistic in most organizations,” said a chief technology officer for the e-business security consulting firm Integrigy. The chief technology officer gave a presentation on the Oracle quarterly patches at the Independent Oracle Users Group Collaborate conference held earlier this month in Orlando, Florida. If an organization does not have the resources to apply all the patches post-haste, it should apply the Oracle database patches first, the chief technology officer advised. An unpatched public-facing database can be the largest vulnerability for an organization. After the database patches are applied, only then should an organization go through the application patches to see which ones are critical to their operations and apply those as time permits. Finally, the remainder of the application patches should be rolled into the next update to the technology stack. This eliminates the time-consuming process of regression and functional testing, which is usually done during stack upgrades anyway, the chief technology officer said. Source:

37. May 19, eWeek – (International) Hackers circle Microsoft server software flaw. Exploit code for a vulnerability in Microsoft’s Internet Information Services software is circulating around the Web, leaving organizations in search for ways to keep hackers at bay. According to US-CERT, attacks leveraging the vulnerability are already under way, though Microsoft said in an advisory it was unaware of any exploits. Still, US-CERT urged users waiting for a patch to consider disabling WebDAV. For administrators unable to do so, US-CERT recommends reconfiguring the software to block attacks. “Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing ‘Translate: f’ headers,” according to the US-CERT advisory. The problem lies in the way the WebDAV extension for IIS handles HTTP requests. Armed with a specially crafted HTTP request to a Website that requires authentication, a hacker can exploit the vulnerability to win unauthorized access to protected resources. “The vulnerability occurs because the WebDAV extension does not properly decode the requested URL,” according to Microsoft. “This causes WebDAV to apply an incorrect configuration when handling the request. If the applied configuration allows anonymous access, a malicious request can bypass authentication.” Source:

Communications Sector

38. May 20, Omaha World-Herald – (Iowa; Nebraska) Google turns on Bluffs data center. About 650 people gathered Tuesday at the construction site of Google’s new $600-million data center in Council Bluffs, Iowa to celebrate the center going online. The data center houses computers that will run some of Google’s services, such as the search engine, Gmail, and Google Maps. Google is one of several information-technology companies that have chosen to locate operations in the metro area. Yahoo plans to open a data center in La Vista, Nebraska and a customer care center in west Omaha. The Council Bluffs mayor said the city has invested in economic infrastructure, such as its fiber-optic network and power plant. Google’s California-based director of hardware operations said those investments were crucial to making Council Bluffs one of a handful of locations around the world with the capacity to support a data center of this caliber. The mayor said the availability of land — Google has purchased an additional 180 acres to the west and 1,000 acres to the south of the current site — could allow for further significant investments. The governor of Iowa said the opening of the center brought Iowa closer to his goal of making the state the “Silicon Valley of the Midwest.” He said that Microsoft plans to build a $500 million data center in West Des Moines, and IBM plans a new service center with up to 1,300 jobs in Dubuque. The governor said he wants Iowa to become a national leader in the IT industry. Source: