Department of Homeland Security Daily Open Source Infrastructure ReportDepartment of Homeland Security Daily Open Source Infrastructure Report

Friday, July 17, 2009

Complete DHS Daily Report for July 17, 2009

Daily Report

Top Stories

 According to the Associated Press, a federal judge found a former Boeing Co. engineer guilty of six counts of economic espionage and other charges on Thursday for taking 300,000 pages of sensitive documents that included information about the U.S. space shuttle and a booster rocket. (See item 12)

12. July 16, Associated Press – (National) Chinese-born man convicted of espionage. A Chinese-born engineer was convicted on July 16 of stealing trade secrets critical to the U.S. space program in the nation’s first economic espionage trial. A federal judge found a former Boeing Co. engineer guilty of six counts of economic espionage and other charges for taking 300,000 pages of sensitive documents that included information about the U.S. space shuttle and a booster rocket. Federal prosecutors accused the 73-year-old stress analyst of using his 30-year career at Boeing and Rockwell International to steal the documents. They said investigators found papers stacked throughout his house that included sensitive information about a fueling system for a booster rocket — documents that Boeing employees were ordered to lock away at the close of work each day. They said Boeing invested $50 million in the technology over a five-year period. The judge convicted the engineer of six counts of economic espionage, one count of acting as a foreign agent, one count of conspiracy, and one count of lying to a federal agent. He was acquitted of obstruction of justice. The Economic Espionage Act was passed in 1996 to help the government crack down on the theft of information from private companies that contract with the government to develop U.S. space and military technologies. Source:

 The Detroit News and the Associated Press report that a 2-mile stretch of Interstate 75 just north of Detroit remains closed after a tanker containing 13,000 gallons of fuel burst into flames on Wednesday, igniting the Nine Mile overpass, which quickly collapsed. (See item 16)

16. July 16, Detroit News and Associated Press – (Michigan) Tanker fire shuts down I-75, collapses Nine Mile bridge. A two-mile stretch of Interstate 75 just north of Detroit remains closed as authorities investigate a fuel tanker explosion and overpass collapse. Police say I-75 in both directions is indefinitely closed between Interstate 696 and 8 Mile Road. The tanker crashed and exploded on July 15, injuring three people and collapsing part of the Nine Mile overpass, leaving officials wondering how long repairs could take on a major north-south artery. About 8 p.m., the tanker containing 13,000 gallons of fuel traveling north on I-75, under the Nine Mile overpass, burst into flames, igniting the bridge, which quickly collapsed, Michigan State Police said. “We don’t know what caused it. We don’t know if something collided with the tanker or not.” The structure fell into a twisted mass of concrete and reinforced steel, melting the east half and sending plumes of smoke almost 200 feet into the air. The bridge on the northbound lanes dropped down onto a tractor-trailer and tanker, flattening both and leaving burned-out hulks of steel. “It’s a disaster,” said a witness to the scene, “Basically, the Nine Mile/75 interchange no longer exists.” The fire burned directly beneath the overpass, making it difficult for firefighters to determine when all the fuel had burned away, he said. Officials with the U.S. Environmental Protection Agency were monitoring air quality and checking whether fuel spilled into surrounding sewer ditches, the police officer said. But there were no evacuations or warnings for nearby residents. State police were consulting with the Michigan Department of Transportation to reroute traffic around the site. Source:

See also:


Banking and Finance Sector

13. July 16, Philadelphia Inquirer – (Florida) Chase forgives debts of scam victims. JPMorgan Chase, the nation’s largest credit-card issuer, has agreed to forgive the debts of 13,000 cardholders who it says were defrauded by a group of Florida debt-settlement companies that promised to rescue them from their credit-card debts. Chase’s Wilmington subsidiary, Chase Bank USA, agreed to the forgiveness as part of a settlement reached on July 13 with a receiver appointed to run Hess Kennedy Chartered L.L.C. and affiliated companies. The receiver was named in July 2008 as a result of a separate lawsuit filed by Florida’s attorney general, who called the companies “scam artists who prey on the vulnerable.” Chase’s agreement follows similar deals announced in November 2008, in which Capital One and HSBC forgave the debts of 24,000 cardholders. All told, the card issuers have written off more than $150 million in debt, according to the receiver. The receiver, a former prosecutor in New York and Florida, said the owner of Hess Kennedy Chartered L.L.C. was at the center of a web of companies that lured clients with assurances that they could settle credit-card debt “for 30 to 50 cents on the dollar.” What the companies did not say in their ads was that they would instruct clients to stop paying their creditors and instead start making monthly payments to Hess Kennedy. But rather than disburse that money to creditors, as legitimate debt-management services sometimes do, Hess Kennedy kept it toward an up-front payment of fees. Source:

14. July 16, Wall Street Journal – (International) Auction-rate fugitive is nabbed in Spain. A former Credit Suisse Group broker, who in June was declared a fugitive by federal prosecutors pursuing alleged fraud involving auction-rate securities, has been apprehended in Marbella, Spain. Prosecutors from the U.S. attorney’s office for the Eastern District of New York in Brooklyn said the former broker had been apprehended, but did not provide any details. The former broker was caught by Spanish authorities with the assistance of the Federal Bureau of Investigation, said people familiar with the matter. The former broker, 36 years old, was charged in an indictment unsealed last week for failure to appear and visa fraud. The former broker and an accomplice, both formerly of Credit Suisse Securities (USA) LLC, have been accused of engaging in an alleged fraudulent scheme to obtain higher commissions by selling clients higher-risk auction-rate securities backed by mortgages, when those clients wanted to buy lower-risk securities backed by student loans. Source:

15. July 15, SPAMfighter News – (National) Information stealing phishing e-mail targets Chase customers. The Consumer Protection Board (CPB) of New York State has issued a warning to Chase Bank customers that they could be attacked by a phishing scam involving e-mails that seek personal information in the pretext of upholding new security measures. CPB and Chase have been receiving complaints from anxious customers who have got an e-mail that asks them to urgently fill in a form with details including personal identifiable credentials. Citing fresh security measures apparently launched at Chase, the fake e-mail explains that it is important that recipients complete the form. Meanwhile, the e-mail appears legitimate just as one in a typical phishing scam. Additionally, it displays a web-link and asks the recipients to click on the link. However, the link leads to a fake website where personal information is stolen from the consumers i.e. after the e-mail gets a customer to follow the web-link and access the bogus site, solicitations are made for the customer to enter his confidential information like employment details, credit card number and other personal information. Nevertheless, security researchers stated customers who have replied with their information to these fraudulent messages might become victims since the form solicits their name, phone number, address along with passwords, bank account details, Social Security number, credit card details as well as other sensitive data. Source:

Information Technology

38. July 15, Washington Post – (International) Spammers, virus writers abusing URL shortening services. Purveyors of spam and malicious software are taking full advantage of URL-shortening services like and TinyURL in a bid to trick unwary users into clicking on links to dodgy and dangerous Web sites. Fortunately, with the help of a couple of tools and some common sense, most Internet users can avoid these scams altogether. According to alerts from anti-virus vendors McAfee, Symantec and Trend Micro, the latest to abuse these services is the Koobface worm, which targets users of social networking sites like Facebook (Koobface is an anagram of Facebook) and Myspace. It is now also spreading via microblogging service Twitter. Koobface arrives as a message that urges users to click on a link to a video, which invariably leads to a site that prompts the visitor to install a missing video plug-in. The fake plug-in turns the user’s system into a bot that can be used for a variety of criminal purposes, from spamming to attacking other computers and spreading the worm. At the same time, URL shortening services appear to be fueling a massive ongoing commercial spam campaign. Source:

39. July 15, Enterprise Security Today – (International) Researchers rate all six Microsoft patches as critical. Microsoft on July 14 released six bulletins as part of its monthly patch cycle. Three of the bulletins cover critical flaws, including two unpatched zero-day vulnerabilities. Three other bulletins address important risks that security researchers said can quickly escalate to critical. The CTO of Qualys said Microsoft’s advisories should be addressed immediately because they allow an attacker to take complete control of a victim’s computer. Microsoft proxy server ISA 2006 has a vulnerability rated as important that allows remote unauthenticated users to access the server. However, paired with a knowledge of the administrator’s username, attackers can take full control of the server. Because administrator usernames are often easy to guess, the CTO said, this vulnerability deserves special attention if IT organizations are using ISA with the Radius configuration. Likewise, MS09-030 is an advisory for the Publisher component in the MS Office 2007 suite rated as important, but can be used to take full control of a system if the victim is logged in as administrator. If an organization uses Publisher or has it installed as part of Office 2007, this should be treated as critical as well, the CTO said. Source:

40. July 14, InformationWeek – (International) Firefox 3.5 vulnerability rated ‘highly critical.’ US-CERT on July 14 warned about vulnerability in the new Firefox 3.5 browser that could allow a remote attacker to execute malicious code. Proof-of-concept exploit code was posted on July 13 on, an exploit code aggregation site, so it is likely that the vulnerability is being actively exploited. The vulnerability is related to the way Firefox 3.5 processes JavaScript code. Mozilla has acknowledged the vulnerability and has a fix that is being tested. “The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,” the company said on its security blog. “The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. Source:

41. July 14, Network World – (International) Latest malware trick: outsourcing quality assurance. Creators of Waledac malware enlisted the Conficker botnet as a tool to spread malware of their own, marking the first time Conficker was made available for hire, according to Cisco’s mid-year security report. This was symptomatic of a wider trend Cisco noted of malware purveyors using established business practices to expand their illegal enterprises. Cisco likened the arrangement between Waledac and Conficker to a partner ecosystem, a term Cisco uses to describe its collaboration with other vendors. Waledac used the Conficker distribution channel to send spam and to expand its own botnet, Cisco says. Malware distributors are also outsourcing their quality assurance programs to services provided by the likes of, Cisco says. For a fee the site tests malicious files against the latest versions of 26 virus-scanning software products to determine whether the anti-virus software can detect the malware. Cisco says running the malware through this screening results in malware that is 10 to 20 times more effective than it would be otherwise, and frees up the attackers to work on other products rather than test how detectable their current exploits are. Source:

Communications Sector

42. July 15, Ars Technica – (National) FBI charges satellite descramblers under DMCA. The FBI has set its sights on satellite descramblers, charging three individuals behind the Viewsat satellite receiver with conspiracy to violate the Digital Millennium Copyright Act (DMCA). The indictment was unsealed this week after the owner of Viewtech was arrested in San Diego, where he is currently being held without bail. Several associates were also arrested. The group faces up to five years in prison and a $250,000 fine each. Viewsat is a free-to-air (FTA) satellite receiver box that claims to provide users with access to free satellite programming, such as religious and cultural content. However, as most Viewsat customers also know, the device is engineered in such a way that makes it simple for users to grab what is otherwise designated as for-pay satellite programming. All that is required is for the FTA boxes to spoof DISH’s smartcards so that the DISH Network can see that the boxes are authorized. The satellite companies know that this practice is not particularly rare, so they occasionally re-encrypt their signals and send out new smartcards to legitimate customers. In this case, DISH Network started rolling out new encryption known as either “Nagra 3” or “rom 240,” this update “dramatically” reducing the sales of Viewsat receivers, according to the indictment document. By March of 2008, the defendant began working with the other two defendants to circumvent this new encryption. The defendant allegedly agreed to reimburse their expenses and finance research on how to crack Nagra 3, while the other two worked together and recruited more hackers for the project. Source:

43. July 15, Houston Chronicle – (Texas) Texas seeks OK to jam cell phones. Texas officials urged Congress on July 15 to permit states to electronically jam cell phone calls made by prisoners. A Texas state representative and the inspector general of the Texas Department of Criminal Justice told lawmakers about a death row inmate who used a cell phone he bought for $2,100 from a prison guard to make threats against the state representative last October. The state representative said electronic jamming was one of the most valuable tools in preventing cell phone attacks by inmates. A Texas Senator is sponsoring legislation to allow correctional facilities to individually petition the Federal Communications Commission for permission to use wireless jamming devices. While 28 states want the ability to jam cell phone signals, representatives of the communications industry testified that jamming would not be the best solution to prevent cell phone use by criminals. The president-elect of the Association of Public-Safety Communications Officials expressed concern that jamming could block phone service to public safety officers, like those making 911 calls at or near a prison using jamming. The state representative said Texas has tried every alternative. Source:

44. July 14, IDG News Service – (National) Shiny new Space Fence to monitor orbiting junk, satellites. The new Space Fence system will provide better accuracy and faster detection while allowing for an increase the number of satellites and other space objects that can be detected and tracked, thus avoiding collision and damage to other satellites. Some work has begun on tracking and detecting the overabundance of space junk which has become a growing priority as all manner of satellites, rockets and possible commercial space shots are promised in the coming few years. On July 15, Northrop Grumman said it grabbed $30 million from the U.S. Air Force to start developing the first phase of a global space surveillance ground radar system. The new S-Band Space Fence is part of the Department of Defense’s effort to track and detect what are known as resident space objects (RSO), consisting of thousands of pieces of space debris as well as commercial and military satellites. The new Space Fence will replace the current VHF Air Force Space Surveillance System built in 1961. According to, the current Space Fence includes nine sites located on a path across the southern United States from Georgia to California along the 33rd parallel and consists of three (3) transmitter and six (6) receiver sites. The main transmitting station located at Lake Kickapoo, Texas, has an average power output of 766,800 watts feeding a two-mile long antenna array. It provides the primary source of illumination. Two other transmitting stations are located at Jordan Lake, Alabama, and Gila River, Arizona. These stations, with average power output of approximately 40,000 watts each, improve low altitude illumination at the sides of the main beam. Source: