Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, August 6, 2009

Complete DHS Daily Report for August 6, 2009

Daily Report

Top Stories

 KXO 107.5 Yuma reports that the Arizona Western College campus and a number of residential neighborhoods in the eastern section of Yuma, Arizona were ordered evacuated on Tuesday after a fire broke out at Desert Depot, a public storage facility which reportedly contained some chemicals. (See item 5)


5. August 4, KXO 107.5 Yuma – (Arizona) Yuma firefighters battle chemical fire. The City of Yuma Fire Department on the night of August 4 remained on the scene of a structure fire that broke out at about 3:00 p.m. The fire was at the Desert Depot, a public storage facility that reportedly contained some chemicals. The Arizona Western College campus was ordered evacuated as were a number of residential neighborhoods in the eastern section of Yuma. Interstate 8 was closed initially but was reopened a short time later. The Yuma Civic and Convention Center was designated as the evacuation center. The blaze was reported out shortly before 6:00 p.m. An investigation into the cause of the fire as well as what chemicals may have been involved was launched immediately. Yuma Fire was assisted by the Marine Corps Air Station Structural Fire Department and the Somerton Cocopah Fire Department. Source: http://kxoradio.com/content/view/5894/2/


 According to CNN, a gunman walked into an LA Fitness gym outside Pittsburgh, Pennsylvania, turned off the lights, and fired off 50 rounds, killing three women before killing himself on Tuesday evening. (See item 37)


37. August 5, CNN – (Pennsylvania) Four dead, including gunman, in gym shooting. A gunman walked into an LA Fitness gym outside Pittsburgh, Pennsylvania, turned off the lights, and fired off 50 rounds, killing three women before killing himself the evening of August 4, police said. The man did not speak during the assault but was carrying a gym bag with a note inside it. He was found dead in the gym lying on top of one of his guns near a victim, said the Allegheny County police superintendent. At least 10 other people were injured in the barrage of bullets that sent people in the gym ducking for cover, the superintendent said. A law enforcement source identified the gunman as a 48-year-old gym member. The assailant entered the fitness center around 8 p.m. and went straight to an aerobics classroom, where he opened fire with multiple handguns, according to the superintendent. Source: http://www.cnn.com/2009/CRIME/08/05/pennsylvania.gym.shooting/index.html


Details

Banking and Finance Sector

11. August 5, Wall Street Journal – (Florida) Taylor Bean suspended from making FHA loans. The Federal Housing Administration suspended Taylor, Bean&Whitaker Mortgage Corp. from making loans insured by the federal agency, and raised questions about the company’s business practices and financial disclosures. The move, coming a day after federal investigators raided Taylor Bean headquarters in Ocala, Florida, could hamper the company’s operations and deal a setback to hundreds of mortgage brokers and community banks that originate loans through Taylor Bean. The Department of Housing and Urban Development, which oversees the FHA, said it took action against Taylor Bean because the company failed to submit a required annual financial report and to disclose “certain irregular transactions that raised concerns of fraud.” Officials declined to provide details about the possible fraud. Taylor Bean has 30 days to appeal the suspension, which took effect immediately. HUD also proposed to bar two Taylor Bean executives -- the chief executive officer and the president -- from any dealings with the U.S. government for 18 months. The department said the chief executive officer submitted false or misleading information to Ginnie Mae concerning a delay in submitting financial reports. It said the president submitted two false certifications regarding information lenders are required to verify each year. Source: http://sbk.online.wsj.com/article/SB124940991556305327.html


Information Technology


30. August 5, Computerworld – (International) Mozilla shuts Firefox e-store after security breach. Mozilla shuttered its online store on August 4 after finding out that the firm it hired to run the backend operations of the company’s e-tailing business had suffered a security breach. It was unclear whether the vendor, St. Louis-based GatewayCDI, which bills itself as a “promotional products distributor and incentive company,” notified Mozilla or whether the browser maker found out about the breach some other way. “On August 4, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach,” Mozilla said in a warning on its Web site. “Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.” Mozilla also took the international edition of its e-store offline as a precaution, although that effort is maintained by a separate partner. On August 5, both stores displayed messages that they were “closed for maintenance;” neither message, however, spelled out the reason. Mozilla’s announcement did not detail the extent of the breach, what information hackers might have accessed or stolen, or how the breach happened. GatewayCDI was not available late Tuesday, and there was no notice on its site that it had sustained a breach. “Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised,” said Mozilla. “GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.” Source: http://www.computerworld.com/s/article/9136264/Mozilla_shuts_Firefox_e_store_after_security_breach?taxonomyId=88


31. August 4, The Register – (International) Scareware package mimics Windows Blue Screen of Death. Miscreants have developed a scareware package that mimics Windows’ infamous Blue Screen of Death. Prospective marks are presented with a seemingly crashed system, along with a text warning that they need to buy “security software” to clean up their systems. But the SystemSecurity rogue package on offer has no utility other than scamming people out of their money. Variants of SystemSecurity have been around since at least February 2009. However, the Blue Screen of Death trick is a new social engineering innovation, only spotted in variants of the attack last week by anti-spyware firm Sunbelt Software. SystemSecurity usually makes its way onto compromised Windows PCs via fake video codec installations. Users normally install the bogus code (actually a Trojan horse malware) after following links in spam emails ostensibly inviting them to view video clips. Source: http://www.theregister.co.uk/2009/08/04/bsod_scareware/


32. August 4, Security Watch – (International) 12 viruses, per computer, per hour. Network Box, a security firm, announced that email viruses have increased by about 300 percent in the last three months alone, with reports showing that in July of this year the number of virus threats on the Internet peaked at about 12 viruses per customer every hour, the highest it has been in 2009. The largest source of Internet threats is the United States which is responsible for 16.59 percent, closely followed by Brazil at 14.11percent and Korea at 6.2 percent. India has shown a large increase in virus threats at 5.2 percent. An Internet security analyst with Network Box says that due to the large amount of middle class citizens in India who now have computers without a clear regulation system, there are many illegal copies of operating systems without updates that occur automatically, thus once they become infected they start to spread malware continuously without concern. The United States still tops the list of security threats, but it should be noted that the percentage is down from 21 percent in June while also reducing the amount of spam spread from the country to 10.2 percent from 11.2 percent. The bright news on the horizon may also be that malware writers are not creating new malware in the last several months, according to Symantec MessageLabs’ latest intelligence report. However, even this is tainted with the news from Symantec that spammers are becoming much more active with the use of multi-lingual messages. Source: http://www.securitywatch.co.uk/2009/08/04/12-viruses-per-computer-per-hour/


33. August 4, CNET News – (International) Denial-of-service attack downed Gawker Media. Hackers launched a distributed denial-of-service (DDOS) attack that sporadically downed popular blog network Gawker Media over the weekend and on August 3, the company confirmed in a blog post on August 4. When CNET News spoke to Gawker Media representatives on August 3, they were not yet sure what was causing the outages but had not ruled out malicious behavior. The attacks appear to have been launched at Consumerist, a blog that Gawker sold to Consumer Reports last year but which is still hosted on the same servers. The motivation behind them is not yet clear. The New York-based Gawker Media has sold or merged a number of its blog titles over the past few years, but it remains the parent company of several extremely high-profile blogs -- often with an edgy gossip angle -- like Gizmodo, Jezebel, and the eponymous Gawker.com. DDOS attacks occur when hackers swamp a site with excess pings from multiple sources to bring it down; they can knock out entire hosting companies. Source: http://news.cnet.com/8301-13577_3-10302636-36.html


34. August 4, ZDNet – (International) Plugins compromised in SquirrelMail’s web server hack. According to a recently posted update by a member of SquirrelMail, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month. The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, something SquirrelMail did not acknowledge prior to announcing the web server compromise. During the initial announcement, it was mentioned that ZDNet did not believe that any of the plugins had been compromised. Further investigation has shown that the following plugins were indeed compromised. Parts of these code changes attempts to send mail to an offsite server containing passwords. SquirrelMail has a total of 222 plugins available in 14 categories. Its SourceForge repository was not affected. Source: http://blogs.zdnet.com/security/?p=3923

Communications Sector

35. August 4, WSFA 12 Montgomery – (Alabama) Fox 20 on reduced power. Montgomery’s Fox Television affiliate WCOV FOX 20 says it is broadcasting at reduced power due to a weekend storm that damaged its broadcast transmitter. The transmitter, located on WSFA 12 News’ tower in Grady in extreme southern Montgomery County, was damaged when severe weather moved into the area on August 1. The station was thrown off the air for a short time and has been broadcasting at reduced power since its return to the airwaves. While this should not affect cable and satellite viewers and most over the air viewers, some may experience problems with their signal. The problems may range from pixilation to interrupted signal in some

areas. “We would like to apologize for any inconvenience this event may have caused our viewers and ask for their patience as we are working diligently to replace the damaged equipment and return to broadcasting at full power,” said the station owner. Source: http://www.wsfa.com/Global/story.asp?S=10848312

36. August 5, Computerworld – (National) The incredible shrinking data center. Some companies are deciding to shrink their data centers size in order to become more cost efficient. A senior network administrator for Denver-based Credit Union of Colorado, says smaller is better when it comes to data center size -- now more than ever given the tight economy. “It’s time to do more with less,” he says. Other IT managers are repeating that mantra, helping their companies cope with hard times by shrinking their data center’s physical footprint to become smaller and more compact. IT managers have gotten to these more productive footprints by using virtualization, increasingly dense and multifunction hardware, alternative energy sources and modular design techniques. For their part, the savings accrue from lower energy bills, reduced property costs and less costly site and technology maintenance. At the Credit Union of Colorado, for example, server virtualization helped lower data center space requirements while making IT leaner and more efficient. “We used to have 40 boxes, now we’re down to just a couple and a lot of virtualization. We have 12 racks right now, and we’re going to consolidate that down to just four,” the administrator says. Shrinking the data center cut out about 33 power ports and two circuits, the administrator says. However, he adds, the organization does not have power measurement tools, so he cannot specify power savings in dollars. Source: http://www.computerworld.com/s/article/9136205/The_incredible_shrinking_data_center?taxonomyId=52