Department of Homeland Security Daily Open Source Infrastructure Report
Weekly Summary of the "DHS Daily Open Source Infrastructure Report"


The DHS Daily Open Source Infrastructure Report covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.

Weekly Summary


Week Ending: Friday, May 29, 2009


Daily Open Source Infrastructure Report for 26 May 2009



Could it happen here? How will you deal with it?


35. May 21, IDG News Service – (International) DNS attack downs Internet in parts of China. An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on May 20. Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The incident revealed holes in China’s DNS that are “very strange” for such a big country, said the head of Kaspersky’s Virus Lab in China. Internet access returned to normal in the late night several hours later, according to the government statement. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9133376&taxonomyId=17&intsrc=kc_top

Daily Open Source Infrastructure Report for 27 May 2009



Does your business depend upon mobile devices? If so, you best keep pace with the following!

38. May 26, National Science Foundation – (National) Viral epidemics poised to go mobile. While computer viruses are common, there have been no major outbreaks of mobile phone viral infection, despite the fact that over 80 percent of Americans now use these devices. A team headed by the director of the Center for Complex Network Research at Northeastern University set out to explain why this is true. The researchers used calling and mobility data from over six million anonymous mobile phone users to create a comprehensive picture of the threat mobile phone viruses pose to users. The results of this study, published in the May 22 issue of Science, indicate that a highly fragmented market share has effectively hindered outbreaks thus far. Further, their work predicts that viruses will pose a serious threat once a single mobile operating system’s market share grows sufficiently large. This event may not be far off, given the 150 percent annual growth rate of smart phones. This study builds upon earlier research by the same group, which used mobile phone data to create a predictive model of human mobility patterns. The current work used this model to simulate Bluetooth virus infection scenarios, finding that Bluetooth viruses will eventually infect all susceptible handsets, but the rate is slow, being limited by human behavioral patterns. This characteristic suggests there should be sufficient time to deploy countermeasures such as antiviral software to prevent major Bluetooth outbreaks. In contrast, spread of MMS viruses is not restricted by human behavioral patterns, however spread of these types of viruses are constrained because the number of susceptible devices is currently much smaller. Source: http://www.usnews.com/articles/science/2009/05/26/viral-epidemics-poised-to-go-mobile.html

Daily Open Source Infrastructure Report for 28 May 2009




Are you prepared for another worm attack?


28. May 25, SiliconRepublic.com – (International) ‘Gumblar’ virus could be bigger than Conficker worm. A new malware virus is on the loose and within days has become accountable for half the malware on the web. It is particularly vicious because it targets Google users in particular. The worm, also known as JSRedir-R, attacks computers through vulnerabilities in Adobe PDF reader and Flash player. By last week, more than half of all malware found on websites was identified as Gumblar, with a new webpage infected every 4.5 seconds. The worm redirects the user’s Google search results to sites that download more malware onto the machine or allow criminals to conduct phishing attacks to steal login details. It has begun to spread on sites where passwords or software have been previously compromised and visitors are infected without realizing it. It is believed the malicious worm draws its code from a webpage based in China. Once cybercriminals are in possession of a victim’s FTP credentials, any sites that the victim manages can also be targeted for compromise — a common malware propagation tactic, said IT security firm ScanSafe. Source: http://www.siliconrepublic.com/news/article/13025/cio/new-worm-to-rival-conficker

Daily Open Source Infrastructure Report for 29 May 2009



And you thought Twitter usage is harmless!

35. May 26, ZDNet – (International) Twitter API ripe for abuse by Web worms. A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as a researcher points out, it is much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter. The researcher, well-known for his research work on browser and Web application vulnerabilities, draws attention to the fact that a single vulnerability on any of the third-party services (Twitpic, etc.) that use the API can trigger the next Twitter worm. Source: http://blogs.zdnet.com/security/?p=3451

Department of Homeland Security Daily Open Source Infrastructure Report

Friday, May 29, 2009

Complete DHS Daily Report for May 29, 2009

Daily Report

Top Stories

 According to the Washington Post, a statewide SWAT team exercise at a firing range on the secured grounds of a nuclear power plant in Southern Maryland was halted this month after stray bullets shattered glass and struck a command center near the plant’s reactors, officials said on Wednesday. (See item 6)


6. May 28, Washington Post – (Maryland) Shots from range hit near Md. nuclear plant. A statewide SWAT team exercise at a firing range on the secured grounds of a nuclear power plant in Southern Maryland was halted this month after stray bullets shattered glass and struck a command center near the plant’s reactors, officials said on May 27. Reactor safety at the Calvert Cliffs plant in Lusby was never compromised, according to the U.S. Nuclear Regulatory Commission (NRC) and Constellation Energy Group, which operates the facility. But Constellation closed the range, a popular training site for local law enforcement agencies, pending investigations by plant security and the Calvert County Sheriff’s Office, which hosted the exercise. At least five bullets escaped the firing range and traveled more than a half-mile before striking buildings and a vehicle near the reactors, according to the NRC, Constellation and the sheriff’s office. One struck the plant’s “outage control center,” which is used as a command area to orchestrate refueling efforts. Another hit an employee’s sport-utility vehicle in the parking lot. Three others struck an office facility: Two of them hit the roof, and one shattered the outer pane of a first-floor window. Employees were working in both buildings at the time, said a Constellation spokeswoman. The bullets did not penetrate either structure, she said. Investigators are conducting ballistics tests to determine which officer fired the stray shots. Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/05/27/AR2009052703405.html?hpid=moreheadlines


 The Poughkeepsie Journal reports that a standoff Wednesday at the Dutchess County, New York Sheriff’s headquarters shut down streets in Poughkeepsie for hours, with area police agencies responding to the crisis. Visitors to the Dutchess County jail, which is connected to the Sheriff’s Office, were evacuated from the jail. (See item 32)


32. May 28, Poughkeepsie Journal – (New York) Standoff in upstate NY ends with suspect’s suicide. A suspect in a rape case wrested a gun from a Dutchess County, New York sheriff’s detective during questioning and fatally shot himself three hours after he wounded a detective and then barricaded himself in an office at sheriff’s headquarters, the county sheriff said. The undersheriff said a bullet grazed the detective on the side of his head. He was treated at St. Francis Hospital and released. This standoff was apparently unprecedented, as local law enforcement officers with decades of experience could not recall a similar incident in Dutchess or Ulster counties. The incident shut down streets in the city for hours, with area police agencies responding to the crisis. Visitors to the Dutchess County jail, which is connected to the Sheriff’s Office, were evacuated from the jail. City of Poughkeepsie Police Department Mobile Command Unit, emergency services from the city and town of Poughkeepsie, as well as the sheriff’s emergency service unit were on the scene. Members of the FBI were seen, too. The undersheriff said the Sheriff’s Office was continuing its investigation of the incident. He said deputies had been trained to respond to such emergencies. “We have a protocol, and it was followed,” the undersheriff said. Source: http://lohud.com/article/20090528/NEWS05/905280401/-1/newsfront


Details

Banking and Finance Sector

12. May 27, BBC News – (National) Number of problem U.S. banks soars. The number of problem U.S. banks jumped 40 percent to a 15-year high in the first three months of the year, a government watchdog has warned. A total of 305 banks had financial woes in January-March, up from 252 in October-December, said the Federal Deposit Insurance Corporation (FDIC). The increase came as banks continued to grapple with bad mortgage and credit card debt amid the recession. At the same time, industry-wide banking profits also rose in January-March. The FDIC said profits across the industry hit $7.6 billion in the first quarter of 2009, led by higher revenues at the biggest banks as their trading performance recovered. This profit compares with a record loss of $36.9 billion for October-December, but is still down 61 percent on the $19.3 billion profit record for January-March last year. Source: http://news.bbc.co.uk/2/hi/business/8070557.stm


13. May 26, Ashville Citizen-Times – (North Carolina) Area ASB customers targeted in phone scam. Asheville Savings Bank has been made aware of a phone scam targeting area residents to gain personal information. The phone scam has several variations and uses both a live person and automation. Customers have been told their account has been compromised and additional information such as debit card numbers and other personal information is needed. ASB advises consumers to avoid providing these callers with any information. Supplying this information can lead to identity theft. The amount of information they currently have is not enough to do any harm. If you have received one of these phone calls and gave out your information please contact your bank. Criminals using phone scams are looking for unsuspecting individuals who will give them important information such as Social Security Numbers, dates of birth, credit card numbers or bank account numbers. Once they have your information, they use it to make fraudulent purchases, obtain credit or access bank accounts. Source: http://www.citizen-times.com/apps/pbcs.dll/article?AID=/20090526/NEWS01/90526033/1009


14. May 26, WMGT 41 Macon – (Connecticut) Phone scam targets all 22,000 residents of Connecticut town. An entire Connecticut town has found itself the target of phone scammers. The calls started coming on May 24. Police in Guilford, Connecticut believe by the time they were done every land line telephone in the town of 22,000 residents received a call. The automated call is a female voice claiming to be from Guilford Savings Bank. It prompted those on the other end of the line to enter bank card and PIN numbers, along with their card’s expiration date. So far, police and bank officials aren’t aware of anyone who entered their personal information. Guilford police said this appears to be a complex scam that involves hacking into various business telephone lines from across the country. The calls appear to be generated from companies, but the businesses are not involved in the fraud, police said. The bank is encouraging anyone who offered personal information over the phone to contact them immediately. Source: http://wmgt.com/index.php?option=com_content&task=view&id=1316&Itemid=2


Information Technology


34. May 28, SearchSecurity.com – (International) RIM patches serious BlackBerry Attachment Service flaws. Research In Motion issued an update to the BlackBerry Enterprise Server correcting serious PDF handling flaws. The flaws could be found in BlackBerry Enterprise Server software version 4.1.3 through 5.0. and BlackBerry Professional Software 4.1.4. The vulnerabilities are potentially very serious. They carry a Common Vulnerability Scoring System (CVSS) score of 9.3, RIM said. Security update 4 has been released. For BlackBerry Enterprise Server version 4.1x and 5.0 users. A separate security update has been released for affected BlackBerry Professional Software versions. RIM has had ongoing security issues with its PDF distiller. The smartphone maker issued an update correcting flaws in the BlackBerry Attachment Service in April. Separate updates were released in January and in July 2008 to correct flaws. Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1357385,00.html#


35. May 26, ZDNet – (International) Twitter API ripe for abuse by Web worms. A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as a researcher points out, it is much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter. The researcher, well-known for his research work on browser and Web application vulnerabilities, draws attention to the fact that a single vulnerability on any of the third-party services (Twitpic, etc.) that use the API can trigger the next Twitter worm. Source: http://blogs.zdnet.com/security/?p=3451

Communications Sector

36. May 27, Dow Jones Newswires – (National) AT&T: Smartphones choke networks. AT&T’s Chief Executive said on May 27 that U.S. wireless networks are not prepared for the surge in Smartphone use that has already shown signs of choking their networks. He defended his company’s wireless network’s performance, though, which has come under fire for not being prepared for the popularity of Apple Inc.’s (AAPL) iPhone, which the company sells on an exclusive basis in the U.S. Wireless capacity is an increasingly tough issue that carriers must wrestle with, particularly as their subscribers clog the network by surfing the Web, downloading video and texting on their Smartphones. On May 27, AT&T laid out plans to upgrade the speed and capacity of its wireless network, which includes adding cellular sites, bolstering the underlying ground infrastructure, and tapping into more powerful wireless spectrum. Last year, it spent more than $9 billion to further stockpile spectrum. AT&T plans to begin the improvements later this year and finish in 2011. The Dallas carrier also said it would hold trials for fourth-generation, or 4G, wireless technology in 2010, with deployments slated for the following year. Source: http://www.smartmoney.com/breaking-news/on/?story=ON-20090527-000800-1428