Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, August 18, 2009

Complete DHS Daily Report for August 18, 2009

Daily Report

Top Stories

 According to the Wall Street Journal, a series of minor earthquakes in North Texas may have been caused by a wastewater disposal well connected to natural-gas production in the area, Chesapeake Energy Corp. told State regulators on August 13. (See item 4)


4. August 13, Wall Street Journal – (Texas) Wastewater disposal well may have caused Texas earthquakes. A series of minor earthquakes in North Texas may have been caused by a wastewater disposal well connected to natural-gas production in the area, Chesapeake Energy Corp. told state regulators Thursday. Chesapeake said it had shut down two disposal wells “as a precautionary measure.” The Dallas-Fort Worth area has experienced more than a dozen small quakes since last October, though there have been no reports of significant damage or injury. The area lies at the heart of the Barnett Shale, a huge natural-gas field where thousands of wells have been drilled in recent years. Many locals suspect a connection, especially because gas production in the area involves injecting water into the ground at high pressure to crack open the gas-bearing rock, a process known as “hydraulic fracturing.” Researchers from Southern Methodist University in Dallas have deployed seismic sensors in the area to study the phenomenon. On Thursday, the researchers said preliminary results suggest the quakes do not appear to be connected to drilling or fracturing itself. But they said their research does show a “possible correlation” between the quakes and a salt water disposal well operated by Chesapeake on the southern end of Dallas-Fort Worth International Airport. Source: http://online.wsj.com/article/SB125020088034530363.html


 Bloomberg reports that a Miami man and two computer hackers living “in or near Russia” were charged on August 17 in New Jersey with stealing 130 million credit and debit card numbers from Heartland Payment Systems Inc., 7-Eleven Inc., Delhaize Group’s Hannaford Brothers Co., and two identified national retailers. (See item 16)


16. August 17, Bloomberg – (National) U.S. indicts three in theft of 130 million accounts. A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history. The Miami man and two hackers living “in or near Russia” were indicted on August 17 by a federal grand jury in Newark, New Jersey, for the theft of data from Heartland Payment Systems Inc., 7-Eleven Inc., Delhaize Group’s Hannaford Brothers Co., and two identified national retailers. The hackers stole 130 million card numbers from Heartland, a bank-card payment processor, starting in December 2007, by using malicious computer software, according to the 14-page indictment. An undetermined number of card numbers were stolen from 7-Eleven and 4.2 million from Hannaford, a regional supermarket chain, according to the indictment. “This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,” an acting U.S. attorney said in a statement. The case is U.S. v. Gonzalez, U.S. District Court, District of New Jersey. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aZgn6q0t1XQI


Details

Banking and Finance Sector

14. August 17, Bloomberg – (National) BB and T says Colonial loan losses may reach $5 billion. BB&T Corp., the North Carolina lender that took over Colonial BancGroup Inc. recently, expects $5 billion in credit losses from the transaction with the Federal Deposit Insurance Corp. assuming most of the charges, the company said in an investor presentation today. A loss-sharing agreement covering about $15 billion of assets calls for the FDIC to reimburse BB&T for 80 percent of losses of up to $5 billion, and for 95 percent over that amount, BB&T said on August 17. The bank plans to sell $750 million of stock to bolster capital. BB&T will have “no negative earnings impact until losses exceed $5 billion,” the Winston-Salem, North Carolina-based bank said in the report posted on its Web site. “If the entire covered portfolio were charged off, BB&T’s maximum exposure would be less than $500 million (pretax),” the lender said. Colonial, the Alabama lender facing a criminal probe, had its banking operations closed by regulators and taken over by BB&T August 14 in the largest U.S. failure since Washington Mutual Inc. collapsed in September. Branches and deposits of Colonial Bank were turned over to BB&T. Source: http://www.bloomberg.com/apps/news?pid=20601103&sid=a.Wzr900p6Ak


15. August 17, Pacific Coast Business Times – (California) FDIC deadline looms for Affinity Bank. August 20 could be a big day for Ventura-based commercial real estate lender Affinity Bank. That is the day the bank will have to show state and federal regulators that it has either raised a lot of money, shed a lot of troubled loans or come up with some other way to boost its ratio of freed-up money to total loans. It is the first deadline set out in a cease and desist order the bank received in April from the Federal Deposit Insurance Corp. and the California Department of Financial Institutions demanding that Affinity Bank increase its capital ratios. The bank – which has nearly 70 percent of its loans tied up in commercial real estate and has not seen a profit since 2007 – needs to raise about $45 million, cut its loan portfolio by more than $500 million or find some combination to get to the ratio federal state regulators are looking for. Source: http://pacbiztimes.com/index.php?option=com_content&task=view&id=1037&Itemid=1


16. August 17, Bloomberg – (National) U.S. indicts three in theft of 130 million accounts. A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history. The Miami man and two hackers living “in or near Russia” were indicted on August 17 by a federal grand jury in Newark, New Jersey, for the theft of data from Heartland Payment Systems Inc., 7-Eleven Inc., Delhaize Group’s Hannaford Brothers Co., and two identified national retailers. The hackers stole 130 million card numbers from Heartland, a bank-card payment processor, starting in December 2007, by using malicious computer software, according to the 14-page indictment. An undetermined number of card numbers were stolen from 7-Eleven and 4.2 million from Hannaford, a regional supermarket chain, according to the indictment. “This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,” an acting U.S. attorney said in a statement. The case is U.S. v. Gonzalez, U.S. District Court, District of New Jersey. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aZgn6q0t1XQI


17. August 15, Agence France-Presse – (National) Five more U.S. bank closures brings total to 77. US regulators have shut down five more regional banks, bringing the total number of US bank failures to 77 this year, the US government announced. The Federal Deposit Insurance Corporation (FDIC) said Colonial Bank of Montgomery became the largest US bank to fail this year after it was declared bankrupt and had the bulk of its assets taken over by rival BB&T. All of Alabama-based Colonial’s 346 branches will reopen on August 15 “and operate as branches of BB&T,” the FDIC said. The list of closed banks also included the Community Bank of Nevada in Las Vegas that was closed by order of the Nevada Financial Institutions Division, which appointed the FDIC as receiver. As of the end of June, the bank had total assets of 1.52 billion dollars and total deposits of about 1.38 billion. Also shut down was the Community Bank of Arizona in Phoenix, which will be taken over by MidFirst Bank from Oklahoma City. The bank had total assets of 158.5 million dollars, most of which will be purchased by MidFirst Bank, the FDIC said. The Oklahoman bank will also assume all of the deposits of Union Bank of Gilbert, another Arizona institution shut down by regulators. The closed financial institutions also include the Dwelling House Savings and Loan Association of Pittsburgh, Pennsylvania. Source: http://www.google.com/hostednews/afp/article/ALeqM5gfBxbjghNylq15QkGCOPoJdq5Z8A


18. August 14, KDVR 31 Denver – (Colorado) FBI launches $80 million credit card fraud investigation. A major FBI investigation is underway in Colorado, involving bank and credit card fraud. This investigation could involve as much as $80 million in fraudulent transactions. Four people were arrested on August 14 and many more arrests are expected as this investigation continues. Two of those people arrested two women with Russian backgrounds appeared in federal court here this afternoon. And while the Feds are being tight-lipped about their investigation it is apparently a very large scale organized operation. Federal agents with police raided an Aurora car dealership and at least a dozen other locations across the metro area looking for evidence connected to a much larger bank fraud investigation. The owner of Maaliki Motors says agents told him he is “not” one of the targets of criminal investigation, that they wanted his sales records for evidence. “A bunch of people bought some cars on credit cards,” said the owner, “And that’s really their credit card fraud I think, we had all the documentation in the deal jackets so they can make copies and basically let us know what’s gonna come of it.” Federal indictments against the two women who appear in court Friday afternoon say each was part of an organized effort to defraud banking institutions out of large sums of money, assets and property using a variety of schemes. Source: http://www.kdvr.com/news/kdvr-credit-fraud-invest-081409,0,3844775.story


Information Technology


40. August 17, Wall Street Journal – (International) Hackers stole IDs for attacks. Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites during the war between Russia and Georgia in 2008, according to new research to be released on August 17 by a nonprofit U.S. group. In addition to refashioning common Microsoft Corp. software into a cyber-weapon, hackers collaborated on popular U.S.-based social-networking sites, including Twitter and Facebook Inc., to coordinate attacks on Georgian sites, the U.S. Cyber Consequences Unit found. While the cyberattacks on Georgia were examined shortly after the events in 2008, these U.S. connections were not previously known. The research shows how cyber-warfare has outpaced military and international agreements, which don’t take into account the possibility of American resources and civilian technology being turned into weapons. Identity theft, social networking, and modifying commercial software are all common means of attack, but combining them elevates the attack method to a new level, said a former cybersecurity chief at the Department of Homeland Security. “Each one of these things by itself is not all that new, but this combines them in ways we just haven’t seen before,” said the former cybersecurity chief, now CEO of computer-security company NetWitness Corp. The cyberattacks in August 2008 significantly disrupted Georgia’s communications capabilities, disabling 20 Web sites for more than a week. Among the sites taken down were those of the Georgian president and defense minister, as well as the National Bank of Georgia and major news outlets. Taking out communications systems at the onset of an attack is standard military practice, said the chief technical officer at the USCCU and a former cyber-sleuth at the National Security Agency and the Central Intelligence Agency. Source: http://online.wsj.com/article/SB125046431841935299.html


41. August 14, Dark Reading – (National) New virus appears as response to Craigslist ad. Email security experts at Red Condor are warning email users about a new virus currently undetected by most virus scanners. The virus is embedded in an email that appears to be a response to a craigslist advertisement. The email containing the virus, which was detected August 12, 2009 by Red Condor’s Zero Minute Defense Network, includes the subject line, “Re: Car For Sale on craigslist.” The email content suggests that the user requested pictures for a car being sold on craigslist and invites the recipient to view the images in a Picasa album. Clicking on the link to the album installs a virus. “Only 13 out of 41 virus scanners detected the file as a virus when Red Condor first identified it,” stated the chief executive officer of Red Condor. “This means that if the message was delivered and a user clicked on the link, they’d likely be infected even if they had an anti-virus program running on their desktop computer. With increasingly more ways to get malicious content onto computers and corporate networks, it is important that companies’ security solutions are capable of responding quickly and appropriately to eliminate potential threats. Traditional signature-based virus engines are simply not enough protection against today’s spammers and cybercriminals. After all, it only takes one click.” Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=219400086&subSection=Vulnerabilities+and+threats


42. August 14, SCMagazine – (International) Microsoft leads browsers in malware, phishing defense. It appears that the comprehensive security features built into Internet Explorer 8 (IE 8) are paying off for Microsoft. The browser, released in March with a number of enhanced phishing and anti-malware components, blocked an average of 81 percent of socially engineered malware and stopped 83 percent of suspected phishing sites — topping four other major browsers, according to new tests conducted by NSS Labs. NSS based its findings on two weeks of analyzing 593 phishing sites and 608 unique URLS that contained malicious software, the company’s president told SCMagazineUS.com on August 13. “Everyone thinks Microsoft stinks at security,” he said. “They need to get some credit for some of the good stuff they’ve done. Microsoft has been a big target for attacks for a long time, and that’s actually a benefit to them. They’ve learned how they can turn that around and protect themselves better.” In catching and stopping socially engineered malware, a significant drop-off occurred after the Microsoft browser. Firefox 3 was next in line, blocking 27 percent. Apple’s Safari 4 thwarted 21 percent, followed by Google Chrome (seven percent) and Opera 10 (one percent). The browsers, as a group, performed relatively better in offering phishing protection. Firefox deterred 80 percent of suspected fraud sites, Opera caught 54 percent, followed by Chrome (26 percent) and Safari (two percent). Source: http://www.scmagazineus.com/Microsoft-leads-browsers-in-malware-phishing-defense/article/146505/


43. August 14, The Register – (International) Hacktivist vuln still plagues UN.org. The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages. According to the Errata Security CEO, the same SQL injection flaw that plagued the site in August of 2007 remains unfixed now. It is invoked by doing nothing more than adding a stray character to the ASP parameter of a un.org link, such as http://www.un.org/apps/news/infocus/sgspeeches/statments_full.asp?statID=10’5 “Despite the fact a high-school intern can fix the bug in 5 minutes, the bureaucracy means that the organization must spend tens of thousands of dollars to fix the bug,” the CEO wrote. “The other lesson is that the cost of NOT fixing the bug is low. The UN can simply live with the problem, and clean up after every hack.” As The Register reported in 2007, hacktivists used the bug on the UN’s Apache-powered website to replace speeches by the Secretary-General with pacifist messages. While that attack appeared to be the work of activist critics of the global organization, it is not a stretch to imagine criminals hacking the site to surreptitiously send visitors to sites that push malicious drive-by exploits. Source: http://www.theregister.co.uk/2009/08/14/united_nations_website_vulnerable/

Communications Sector

44. August 15, Helena Independent Record – (National) Computer problems behind Bresnan outage. Internet and telephone customers of Bresnan Communications found themselves without service for up to several hours on August 13 and 14. A company spokesman said computer problems in Colorado were to blame. “The outage was caused by corruption of routing tables on a particular type of server,” the spokesman said, who also noted that the company’s television service was never interrupted. “That corruption spread throughout the network, and as one router was fixed, the corruption spread to another router.” The spokesman said engineers worked throughout the night to incrementally restore service to the company’s customers in Montana, Wyoming, Colorado and Utah. By midday August 14, he said, service was nearly completely restored. “We’re a communications company and we really understand the impact this has had on our customers,” he said. “And we apologize to the customers who were affected.” Source: http://www.helenair.com/articles/2009/08/15/local/80lo_090815_bresnan.txt