Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 29, 2009

Complete DHS Daily Report for July 29, 2009

Daily Report

Top Stories

 CNET News reports that Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company. Networks Solutions notified 4,343 of its nearly 10,000 e-commerce merchant customers on July 24 about the breach. (See item 13)

See item 13 in the Banking and Finance Sector below

 According to the Star-Ledger, eleven letters containing suspicious white powder have been mailed to government and private offices in Bergen and Passaic counties, New Jersey over the past 10 days, the FBI said on Monday. In each case, the powder was in an envelope that was inside another envelope. (See item 20)

20. July 28, Star-Ledger – (New Jersey) FBI investigates 11 letters with unknown white powder. Eleven letters containing suspicious white powder have been sent to government and private offices in North Jersey over the past 10 days, the FBI said Monday. No one has been injured and initial tests showed the powder did not appear to be dangerous, authorities said. However, the mailings prompted temporary shutdowns throughout Bergen and Passaic counties while hazmat units investigated. The FBI, the lead agency in the investigation, released few details. In each case, the powder was in an envelope that was inside another envelope. Since July 17, the agency said, letters were sent to locations in Totowa, Clifton, Wayne, Ringwood, Woodland Park and Fair Lawn. Final testing on the first three letters concluded there was no evidence of biological agents, an FBI spokesman said. The agency would not say where the letters were sent, but the Fair Lawn Police Department confirmed one was received by the Police Chief on Friday morning. That same morning, another letter was delivered to the law office of Vivino & Vivino in Wayne. The office was evacuated for about two hours before emergency crews declared the substance was not dangerous, police officials said. Partners at the firm were not available for comment Monday. The FBI is working with the U.S. Postal Inspection Service and local and county investigators on the case. Source:


Banking and Finance Sector

13. July 27, CNET News – (International) Network Solutions breach exposes nearly 600,000. Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company. Networks Solutions notified 4,343 of its nearly 10,000 e-commerce merchant customers on July 24 about the breach. It affects 573,928 cardholders whose name, address, and credit card number were exposed between March 12 and June 8, saia spokeswoman for Network Solutions. Mysterious code was discovered in early June on servers hosting e-commerce customer sites during routine maintenance, she said. Thecompany called in a third-party forensics team to help with the investigation, and the team was able to crack some of the code on July 13, determining that it could be related to credit card data, she added. Credit card transactions were intentionally diverted by an unknown source from certain Network Solutions servers to servers outside, Network Solutions wrote in an e-mail to merchant customers. “So we notified law enforcement and began the process of notifying our customers,” the spokeswoman said. “At this point, we don’t have a reason to believe that (the data) has been used, but we are working with the credit card companies,” nonetheless. Network Solutions also is payingto have credit-monitoring specialist TransUnion help the merchants notify their customers according to data breach notification laws in effect in certain states. Affected consumers will get 12 months of free credit-monitoring services. It is unknown how the malicious code got onto the system and where it came from, the spokeswoman said. Source:

14. July 27, MarketWatch – (National) SEC to let disclosure requirement on short sales expire. The Securities and Exchange Commission on July 27 said it would no longer require hedge funds and other institutional investors to provide short-sale position data to the agency regularly, and that the ban on “naked” shorting would be made permanent.“Naked” short selling happens when an investor sells shares short without first having borrowed them. The regulator also said it was taking other steps to increase the public availability of information related to short sales, including an effort that would make public short-sale volume and transaction data. “These actions should provide a wealth oinformation to the commission, other regulators, investors, analysts, academics and the media,” the SEC said in a statement. The regulator introduced a rule in 2008 to limit “naked” shorting by requiring broker-dealers to promptly purchase or borrow securities to deliver on a short sale. That was set to expire July 31 and the SEC said on July 27 it made the rule permanent. Short sales, or bets against securities, are a common tool used by hedge funds and the proprietary trading desks of investment banks. Source:

15. July 27, Bloomberg – (International) Montreal’s Earl Jones, accused in Ponzi scam, iarrested. A Montreal financial adviser accused by regulators of running a Ponzi schemethat defrauded clients of as much as C$50 million ($46 million) was arrested on July 27 by Quebec provincial police. The Autorite Des Marches Financiers, the Montreal-based securities regulator for Quebec, announced on July 10 it would freeze the adviser’s bankaccounts after receiving complaints from investors in Montreal and other parts of Canada and the United States. The adviser’s business has “all the hallmarks of a Ponzi scheme,” a spokesman for the regulator said in a July 14 interview. The defendant is “in police custody presently,” a lawyer at Montreal firm Stein & Stein, who filed a July 10 bankruptcy petition against the defendant’s company on behalf of at least one client, wrote in an e-mail. “In addition we have instituted a petition in bankruptcy on July 27 against the defendant personally and have had an interim receiver appointed to his personal assets.” Source:

Information Technology

36. July 27, CNN – (International) Whatever happened to the Conficker worm? The hugely talked-about computer worm, Conficker, seemed poised to wreak havoc on the world’s machines on April Fool’s Day. And then nothing much happened. But while the doom and gloom forecast for the massive botnet, a remotely controlled network that security experts say infected about 5 million computers, never came to pass, Conficker is still making some worm hunters nervous. A program director at SRI International, a nonprofit research group, said Conficker infects millions of machines around the world. And the malware’s author or authors could use that infected network to steal information or make money off of the compromised computer users. “Conficker does stand out as one of those bots that is very large and has been able to sustain itself on the Web,” which is rare, said the program director who also is a member of the international group tracking Conficker. Still, computer users, even those infected with Conficker, have not seen much in the way of terrifying results. After the botnet relaunched April 1, it gained further access to an army of computers that the program’s author or authors could control. The only thing the author or authors have done with that power, though, is to try to sell fake computer-security software to a relatively small segment of Conficker-stricken computers, the program director said. The lack of a major attack has led some people in the security community to assume that the worm is basically dead. The chief research officer with F-Secure, an Internet security company, says the people who created Conficker would have launched a major offensive by now if they were going to. The chief research officer, who is scheduled to speak about the Conficker botnet next week at Black Hat, a major computer security conference, said he thinks whoever made Conficker did not mean for the worm to get so large, as the size of the botnet drew widespread attention from the security community and the media. “This gang, they knew their stuff. They used cutting-edge technology that we had never before…I’ve been working in viruses for 20 years, and there were several things that I’d never seen at all,” he said. “That, to me, would tell that perhaps this is a new group or a new gang, someone who tried it for the first time.” He added, “The more experienced attackers don’t let their viruses or their worms spread this widely. They, on purpose, keep their viruses smaller in size in order to keep them from headlines.” Veteran botnet creators tend to hold the size of the malicious networks to about 2,000 to 10,000 computers to keep from being noticed, he said. Source:

37. July 27, DarkReading – (International) Nearly half of companies lack a formal patch management process. An open initiative for building a metrics model to measure the cost of patch management found that one-fourth of organizations do not test patches when they deploy them, and nearly 70 percent do not measure how well or efficiently they roll out patches, according to survey results released on July 27. Project Quant, a project for building a framework for evaluating the costs of patch management and optimizing the process, also rolled out Version 1 of its metrics model. Project Quant is an open, community-driven, vendor-neutral model that initially began with financial backing from Microsoft. “Based on the survey and the additional research we performed during the project, we realized that despite being one of the most fundamental functions of IT, patch management is still a relatively immature, inconsistent, and expensive practice. The results really reinforced the need for practical models like Quant,” said the founder of Securosis and one of the project leaders of the initiative. The survey of around 100 respondents was voluntary; participation was solicited mainly via metrics and patch management organizations, so the organizers say the respondents were most likely organizations that take patch management seriously: “The corollary to this interpretation is that we believe the broader industry is probably LESS mature in their patch management process than reflected here,” the report says. Even so, more than 40 percent of them have either no patch management process or an informal one in place. And 68 percent said they do not have a metric for measuring how well they deploy patches, such as the time it takes them to deploy a patch, etc. One-fourth said they do not do any testing before they roll out a patch, and 40 percent rely on user complaints to validate the success of a patch, according to the survey. And more than 50 percent do not measure adherence to policy, including compliance when it comes to patching. Source:

Communications Sector

38. July 28, CNET News – (National) Cisco looks to ride smart-grid data deluge. Cisco is betting that utilities are more likely to invest in new data centers than new power plants in the coming years. The tech giant is developing a suite of smart-grid products designed to add networking smarts to the existing grid, including routers for substations and home energy-monitoring systems. But a large chunk of the $20 billion per year in smart-grid spending that Cisco anticipates is in traditional data centers. Since smart-grid technologies rely on a steady flow of information, Cisco expects that utilities will need to invest in more sophisticated IT systems, said the director of Data Center Solutions and a member of a Cisco smart-grid team. Once utilities put in smart meters, their data processing and storage needs explode. Instead of sending a person to read meters once a month, information for billing or other applications can be sent back once a day, once an hour, or even every few minutes. If utilities are regulated to reduce peak-time usage, their IT needs shoot up even higher. Demand response, where a utility can turn down energy use at participating customer sites, requires utilities to poll information regularly from a potential large number of locations. “The requirements are for huge amounts of data to be involved when you have these more advanced pricing models where the goal is to mitigate power generation,” the director said. “The catcher’s mitt for that data is the data center.” By cutting peak-time usage, utilities can avoid turning on auxiliary ‘peaker plants’ to supply electricity on a given day or, potentially, avoid building new power plants to meet growing demand. Source:

39. July 27, Urgent Communications – (National) TerreStar successfully tests dual-mode smartphone over satellite network. Satellite communications provider TerreStar Corp. successfully has placed a VoIP-based call from one dual-mode smartphone handset to a second smartphone over its satellite network, the chief technology officer said. TerreStar’s plan is to build, own and operate North America’s first next-generation integrated mobile satellite and terrestrial communications network, which will provide universal access and tailored applications over conventional commercial wireless devices. Traditionally, satellite devices required large antennas to receive signals, which increased the weight and size of the handsets carried by first-responders working in remote locations. In June, the company launched its next-generation TerreStar 1 satellite so it could test whether a signal could be received by antennas in smaller form factors found in consumer handsets, such as smartphones. Source: