Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 10, 2009

Complete DHS Daily Report for June 10, 2009

Daily Report

Top Stories

 The Associated Press reports that two people are missing and 20 have been hospitalized after an explosion Tuesday at a ConAgra meat products plant in Garner, North Carolina. Officials said at a news conference that firefighters were trying to contain a small fire and an ammonia leak. (See item 18)


18. June 9, Associated Press – (North Carolina) 2 missing, 20 injured in NC Slim Jim plant collapse. Officials say two people are missing and 20 have been hospitalized after an explosion at a meat products plant in North Carolina. The district chief with Wake County Emergency Medical Services said five injured people were tagged as priority patients with serious conditions. He said officials were searching for two people missing from the site in Garner, a Raleigh suburb, but it was not clear whether they were inside during the explosion. The mayor of Garner said injuries ranged from burns to smoke inhalation. Emergency crews were keeping people away because of concerns about the smell of ammonia. “There is a toxic cloud on and about the plant,” the mayor said. Officials said at a news conference that firefighters were still trying to contain a small fire and an ammonia leak. The site produces Slim Jim products. The mayor said several people reported hearing an explosion before the building partially collapsed. “We’re still working evacuating anybody else that was still in the building and treating people that were injured,” said a spokesman for the Garner Police Department. About 900 people work at the 50,000-square foot plant, which is considered one of ConAgra’s largest, said a spokesman for the Omaha-based company. He said he did not yet know how many people were in the plant at the time of the collapse and the company was not sure about the cause yet. ConAgra is sending a team of experts to the facility and is helping local authorities. Source: http://www.usatoday.com/news/nation/2009-06-09-NC_plant_collapse_N.htm?csp=34


 According to The Register, U.K.-based Internet service provider Vaserv.com said data for as many as 100,000 Web sites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application. (See item 34)


34. June 8, The Register – (International) Webhost hack wipes out data for 100,000 sites. A large Internet service provider said data for as many as 100,000 Web sites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application. Technicians at U.K.-based Vaserv.com were still scrambling to recover data on June 8 evening U.K. time, more than 24 hours after unknown hackers were able to gain root access to the company’s system, the company’s director told the Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs. “We were hit by a zero-day exploit” in version 2.0.7992 of the application, he said. “I have heard from other people they have been hit by the same thing.” According to the director, data for about half of the websites hosted on Vaserv was destroyed all at once sometime on June 7, shortly after administrators noticed “strangeness” on the system. The attackers had the ability to execute sensitive Unix commands on the system, including “rm -rf,” which forces a recursive delete of all files. Source: http://www.theregister.co.uk/2009/06/08/webhost_attack/


Details

Banking and Finance Sector

13. June 9, Reuters – (National) U.S. commercial property bank loan defaults soar. The default rate of U.S. commercial real estate bank loans reached its highest level in 15 years and is not expected to peak until 2011, according to a report by Real Estate Econometrics. During the first quarter 2009, the national default rate for commercial real estate mortgages held by regulated depository institutions rose to 2.25 percent from 1.62 in the fourth quarter of 2008, according to the real estate research firm’s report released on June 9. The 0.63 percentage-point jump is the largest quarterly increase since at least 1992, and pushed the default rate to its highest level since 1994, the New York-based firm said. The default rate does not include loans on apartments, which increased by 0.68 percentage points between the fourth quarter and first quarter 2009 to 2.45 percent. The analysis of the data from the Federal Deposit Insurance Corporation (FDIC) includes non-farm, non-residential property where the primary source of repayment during the term of the mortgage is derived from the property’s rental income. The multifamily results include buildings with five or more units. Source: http://www.reuters.com/article/mergersNews/idUSN0833072220090609


14. June 8, Lincolnwood Review – (Illinois) Bank of Lincolnwood shut by FDIC, bought by Republic Bank. The Bank of Lincolnwood, a financial institution for 55 years, was shut down at the close of business hours on June 5 by state and federal regulators, but will open on June 6 as part of the Oak Brook-based Republic Bank of Chicago. The two-branch bank became the third Chicago-area bank failure of 2009, the sixth in Illinois, and was, FDIC officials said, the 37th FDIC-insured institution nationally to fail this year. The Illinois Department of Financial and Professional Regulation’s banking division closed the bank and appointed the Federal Deposit Insurance Corporation as receiver. FDIC officials announced in a subsequent press release that Republic Bank of Chicago would assume the Lincolnwood bank’s deposits. FDIC records show the bank had total assets of about $214 million, and total deposits of $202 million. Republic was set to purchase $162 million in assets, with the FDIC shouldering the rest to sell later. Source: http://www.pioneerlocal.com/lincolnwood/news/1612317,lincolnwood-bankfails-061109-s1.article


Information Technology

32. June 9, ZDNet UK – (International) Virtual-machine exploit lets attackers take over host. Penetration-testing company Immunity has exploited a flaw in VMware software that allows malicious code running in a virtual machine to take over the host operating system. Immunity included the attack code in an update to its commercial penetration-testing tool, Canvas 6.47, released on June 2. The attack code is in a module of the tool called Cloudburst. Cloudburst uses a vulnerability in the virtual-machine display functions of VMware Workstation that can be exploited by a specially crafted video file. The malicious file, when executed within a virtual machine, could allow an intruder to take over the host operating system, according to security researchers. The bug itself affects VMware Workstation 6.5.1 and earlier, or the associated Player versions. The software can be running on any host system, including Linux, according to VMware. However, the Cloudburst exploit currently has certain limitations: it will only succeed on Workstation 6.5.0 or 6.5.1 or the associated Player versions. In addition, the guest and host must be Windows-based, among other requirements, Immunity said in its release notes. Source: http://news.zdnet.co.uk/security/0,1000000189,39661637,00.htm

For another story, see item 34 below

Communications Sector

33. June 9, IDG News Service – (International) T-Mobile confirms stolen data is genuine. T-Mobile confirmed on June 9 that internal information posted on the Internet by hackers was stolen from its systems, but said it does not appear customer data is in jeopardy. Hackers posted a message on June 6 on the Full Disclosure vulnerability message board claiming they had pilfered confidential documents as well as financial and database information from T-Mobile’s servers. After trying to sell the data to T-Mobile’s competitors, they wrote they were offering the information to the highest bidder. However, T-Mobile disputes the value of the data. “Regarding the recent claim on a Web site, we have identified the document from which information was copied and believe possession of this alone is not enough to cause harm to our customers,” the company said. T-Mobile said further information could not be released due to the ongoing investigation. The company will contact customers if it becomes evident personal information was compromised, it said. Source: http://www.pcworld.com/businesscenter/article/166348/tmobile_confirms_stolen_data_is_genuine.html


34. June 8, The Register – (International) Webhost hack wipes out data for 100,000 sites. A large Internet service provider said data for as many as 100,000 Web sites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application. Technicians at U.K.-based Vaserv.com were still scrambling to recover data on June 8 evening U.K. time, more than 24 hours after unknown hackers were able to gain root access to the company’s system, the company’s director told the Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs. “We were hit by a zero-day exploit” in version 2.0.7992 of the application, he said. “I have heard from other people they have been hit by the same thing.” According to the director, data for about half of the websites hosted on Vaserv was destroyed all at once sometime on June 7, shortly after administrators noticed “strangeness” on the system. The attackers had the ability to execute sensitive Unix commands on the system, including “rm -rf,” which forces a recursive delete of all files. Source: http://www.theregister.co.uk/2009/06/08/webhost_attack/


35. June 8, Homeland Security Newswire – (National) Motorola: Cellphones could offer a unified disaster alerts broadcast. A recent patent application by Motorola offers an interesting idea in which first responders would be interested: Cellphones could sound the alarm in the event of a disaster and pass on the alert from phone to phone — even if most of a cellphone network is down. In an emergency, such as a hurricane or terrorist attack, the U.S. government can operate the Emergency Alert System (EAS), which harnesses all TV and radio frequencies, to broadcast warning messages to people in their homes. “Unfortunately, a large portion of the intended recipients will not have their TV and radio systems turned on when a disaster occurs,” said a Motorola engineer of Milwaukee, Wisconsin, in the U.S. patent application filed on 21 May. His answer is a new generation of cellphones that can rapidly form a peer-to-peer network when an emergency alert is broadcast. A phone on the edge of a disaster area, where a cellphone service still operates, receives the alert. It contacts the nearest phone using Wi-Fi, establishes a P2P network with it, and sends it the alert. That cellphone then does likewise until as many mobiles as possible have received the alert. This way, the warning message gets out with “minimal use of infrastructure,” the engineer said. Source: http://homelandsecuritynewswire.com/single.php?id=8102