Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, June 11, 2009

Complete DHS Daily Report for June 11, 2009

Daily Report

Top Stories

 The New York Times reports that suicide bombers rushed a small truck packed with explosives through the gates of the five-star Pearl Continental hotel in the northwestern city of Peshawar, Pakistan on Tuesday. The death toll was reported to have risen to 16 on Wednesday. (See item 39)

39. June 10, New York Times – (International) Death toll in Pakistan bomb now 16. A day after suicide bombers rushed a small truck packed with explosives through the gates of the five-star Pearl Continental hotel in the northwestern city of Peshawar, Pakistan, the death toll was reported to have risen to 16 on June 10 as more bodies were pulled from the wreckage, news reports and officials said. As Pakistani authorities cleared away the debris and began investigating the attack, closed-circuit television footage showed two vehicles — a car and a pickup truck — speeding through the security post at the hotel late on June 9, taking security guards by surprise. One attacker sprayed bullets at the guards from the truck before it blew up, the footage showed. It was not clear whether the bullets hit the guards. The blast, powerful enough to leave a crater 6 feet deep and 15 feet wide, collapsed the western wing of the hotel, one of the few in the city that cater to Western visitors. The hotel’s registry at the time of the attack included officials working for United Nations agencies, two of whom died in the blast, and other aid groups tending to the large refugee population that has been displaced by the recent fighting between the Pakistani Army and Taliban insurgents. The hotel owner said the government should have provided better security and pledged to reopen the hotel in two months, local news reports said. He also owns the Marriot Hotel in Islamabad which was the target of a bombing last September. According to a report by McClatchy Newspapers, the Pearl Continental hotel was apparently at the center of an American plan to establish a long-term presence in Peshawar, the capital of Pakistan’s North-West Frontier Province. The report also states that a senior State Department official confirmed that the U.S. plan for the consulate in Peshawar involves the purchase of the luxury Pearl Continental hotel. Source:

See also:

 According to CNN, a lone gunman wounded a security guard at the U.S. Holocaust Memorial Museum in Washington, D.C. on Wednesday before being injured by return fire. (See item 42)

42. June 10, CNN – (District of Columbia) Shooting at Holocaust Museum injures guard, suspect. A lone gunman wounded a security guard at the U.S. Holocaust Memorial Museum in Washington, D.C., on June 10 before being injured by return fire, according to police and a museum statement. The suspect was identified as an 88-year-old white supremacist from Maryland, two law enforcement officials told CNN. A private security guard and the shooting suspect were wounded, according to officials of the Washington police. A spokesman for U.S. Park Police told reporters a man armed with a “long gun” entered the museum at 12:50 p.m. and fired at a security officer, and both were wounded in the exchange of gunfire. He also said, “My understanding is that two other security officers at the museum returned gunfire at the man that had entered the museum.” The spokesman said he did not know exactly what kind of firearm the man had and whether the shooting was before or after he passed through a metal detector. Source:


Banking and Finance Sector

11. June 9, Wall Street Journal – (International) Two California men accused of $80 million Forex scam. Two federal agencies accused two California men and two companies they controlled of allegedly running an $80 million Ponzi scheme that targeted Korean-American investors. The Securities and Exchange Commission said the two suspects attracted about 500 investors in the U.S., South Korea and Taiwan but rather than trading their money in the Forex market, used new investments to pay cash “returns” to earlier investors. They also were accused of using investors’ money for their personal use, including mortgage payments on one of the suspect’s multimillion-dollar home. The two promised annual returns of up to 36 percent from foreign-currency trading. The SEC is seeking an emergency court order to freeze the men’s assets as well as requiring them to repay ill-gotten gains and pay financial penalties. The agency said that in the last year of operation, the defendants took in about $22 million in new funds before they shut down. Source:

12. June 9, Tampa Bay Business Journal – (Florida) SEC charges defunct firm, Howard Scala, others with fraud. The Securities and Exchange Commission filed a complaint charging Wall Street Communications Inc., a Tarpon Springs company that was dissolved in March, and the president of Wall Street Communications, with securities fraud. Two other individuals also were charged in the case, a filing in the Tampa division of the U.S. District Court for the Middle District of Florida said. In the complaint, the SEC alleged that from at least January through December 2004 Wall Street Communications, described as a financial public relations firm, and the president acquired large blocks of stock in thinly traded microcap companies. Wall Street Communications acquired the stock for little or no consideration, based on agreement to find buyers for the shares in exchange for part of the sale proceeds, the complaint said. The SEC charged that Wall Street Communications and the president created a market for the shares through spam e-mails touting the stock, as well as by coordinating manipulative trading with brokerage accounts controlled by a resident of Peoria, Arizona, also charged in the case. The complaint said that after creating an artificially inflated market for the stock, Wall Street Communications and the president dumped the shares, reaping tens of thousands of dollars in profit. Source:

Information Technology

33. June 10, – (International) Mcafee pushes unified network security package. McAfee is making a major play for the network security market with a unified security suite offering an improved firewall technology that it hopes will make it an even competitor with Symantec and Cisco. The company’s Network Security Business Unit (NSBU) is looking to double its revenues to $1B per year by offering a complete network security software package with new management tools that it feels will cut operating security costs by better management. “Our plan is to consolidate a full selection of network security products,” said the executive vice president of NSBU, and former chief executive of Secure Computing. “It is unique to the industry.” The consolidation of the security industry over the last ten years has seen single service providers swallowed up into more unified security offerings, he said. By offering a single point solution, McAfee was both mirroring current trends in the industry and taking them forward for network managers. Key to the strategy is simplifying management by IT administrators. This approach is shown in McAfee’s new firewall product and management suite, which uses a new graphical user interface to simplify the setting of firewall rules and policies using Firewall Enterprise Profiler. Source:

34. June 9, Softpedia – (International) New Chinese worm bypasses system rollback software. Security researchers from Bach Khoa Internetwork Security (Bkis) warn of a new worm that is able to bypass the protections enforced on the file system by software such as Deep Freeze. The malware was discovered in early March and has already made thousands of victims in Asia. Deep Freeze is an application developed by Faronics to help administrators restore computers to a secure state after being used by untrusted parties. Such software is very popular in environments with many casual users such as cybercafes, libraries, or computer labs in schools. “The software can monitor any change in sectors (data storage area) in hard disk partitions and save the changes in another area (buffer). When normal programs retrieve these sectors, they will reach the data in the buffer rather than in the original sectors,” a senior malware researcher at Vietnam-based Bkis, explains. This allows administrators to easily restore the computer to the previous state by simply rebooting the machine. The researcher believes that, because of this, the computer administrator can get a false sense of security, which is particularly reflected by this latest threat. Source:

35. June 9, The Register – (International) Apple security is ‘struggling,’ researcher says. A well-known security consultant says Apple is struggling to effectively protect its users against malware and other online threats and suggests executives improve by adopting a secure development lifecycle to design its growing roster of products. “Based on a variety of sources, we know that Apple does not have a formal security program, and as such fails to catch vulnerabilities that would otherwise be prevented before product releases,” writes the founder of security firm Securosis and a self-described owner of seven Macs. “To address this lack, Apple should integrate secure software development into all internal development efforts.” Microsoft was among the first companies to integrate an SDL into its internal development routine. Under the program, products are built from the ground up with security in mind, so that poorly written sections of older code are replaced with code that can better withstand attack. It also subjects programs to a variety of simulated attacks. Adobe Systems recently beefed up the SDL program for Reader and Acrobat following criticism about the security of those two programs. Source:

36. June 9, IDG News Service – (International) Microsoft update removes rogue antivirus program. Microsoft has taken aim at a rogue antivirus program called Internet Antivirus Pro. The company’s latest update to its Windows Malicious Software Removal Tool, (MSRT) released on June 9, adds detection for this dubious program, which masquerades as security software. Like all of these rogue antivirus products, Internet Antivirus Pro tries to trick victims into installing the software. It pops up a fake warning message and then pretends to scan the victim’s computer. But instead of scanning for malicious software, Internet Antivirus downloads password-stealing software that looks for FTP user names and passwords, presumably so that its creators can install their software on Web servers. Internet Antivirus installs a browser component that displays fake messages, and it also pops up a fake Windows Security Center, Microsoft said in a blog posting on June 9. The software has also used the names General Antivirus and Personal Antivirus. Rogue antivirus software has been on the rise over the past year and was among the most-detected unwanted software on Windows PCs during the second half of last year, Microsoft said in its recent Security Intelligence Report. Source:

Communications Sector

37. June 8, The Register – (International) DOS attacks threaten mobile network security. New types of denial of service attacks threatened the security of mobile data networks, a senior telecoms security researcher warned recently. The vice president of networking research at Bell Labs said inherent weaknesses in the mobile IP protocol allow the launch of attacks that are relatively straightforward to mount but hard to detect and thwart. The attacks would take the form of repeatedly setting up and releasing connections, for example, a form of attack analogous with the SYN Flood assaults that have long been a problem on the fixed-line (wired) internet. Other attacks might rely on preventing mobile devices from going into a dormant mode, thereby draining battery life. “We need to especially monitor the mobile networks, with limited bandwidth and terminal battery, for DOS attacks,” the vice president said during a session at the Cyber Infrastructure Protection Conference at City College of New York on June 4, Network World reports. Worse still the resources needed to launch an attack might be out of all proportion to the damage that could be inflicted, the vice president suggested. “One cable modem user with 500Kbps upload capacity can attack over one million mobile users simultaneously,” he said. Source:

38. June 8, Islands Business – (International) Marshall Islands fiber optic cable plan moves forward. Construction of the starting point for a 2,000-mile submarine fiber optic cable that is expected to revolutionize communications in the north Pacific kicked off recently in Majuro, reports Marianas Variety. An agreement that involves the U.S. Army and telecommunications companies of the Marshall Islands and Federated States of Micronesia (FSM) was signed earlier this year after six years of on-and-off negotiations. The cable contracts are worth more than US$130 million. Tyco Telecommunications (US) Inc. will begin laying the cable in November, working from the Marshall Islands to Guam. The U.S. Army Lieutenant General who commands the Army’s Space and Missile Defense Command described the fiber optic cable as the “critical enabler” to transform the Reagan Test Site at Kwajalein Atoll to meet the United States’ changing space and missile defense needs. The new cable is supposed to be operational by April 2010. Source: