Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, August 26, 2009

Complete DHS Daily Report for August 26, 2009

Daily Report

Top Stories

 According to the Associated Press, several explosions and a fire at Diversified Chemical Technologies Inc. in Detroit forced about 300 factory employees and surrounding businesses to evacuate on Monday. (See item 3)


3. August 24, Associated Press – (Michigan) Fire under control at Detroit chemical factory. Officials say a chemical fire in northwest Detroit is under control, though firefighters continue pouring water on the smoldering blaze. Cleanup efforts began Tuesday, a day after several explosions were heard from inside Diversified Chemical Technologies Inc. No injuries were immediately reported. Firefighters evacuated about 300 employees and some surrounding businesses. Diversified Chemical Technologies’ Web site says its complex encompasses 750,000 square feet of office, laboratory and manufacturing space. The company produces chemicals for clients ranging from the automotive to food and beverage industries. Source: http://www.toledoonthemove.com/news/news_story.aspx?id=341187


 The San Francisco Chronicle reports that teachers at Hillsdale High School in San Mateo, California tackled a former student, armed with 10 pipe bombs, a chainsaw, and a sword, after he detonated two bombs on the campus on Monday. Investigators believe the teenager’s plan was to kill people with bombs, then slaughter the survivors with the chain saw and sword. (See item 24)


24. August 25, San Francisco Chronicle – (California) Ex-student held in San Mateo school blast. A former student at Hillsdale High School in San Mateo, armed with 10 pipe bombs, a chainsaw and a sword, planned to forge a path of destruction through his old campus Monday, authorities said. Investigators believe his plan was to kill people with bombs, then slaughter the survivors with the chain saw and sword. Authorities said the 17-year-old was able to detonate only two of the bombs — injuring no one — before teachers at the school tackled him and police arrived. On Monday evening, he was at juvenile hall after being questioned by police and prosecutors. His name has not been released because he is a juvenile. Prosecutors said no decision had been made on whether to charge him as an adult. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/08/24/MNAT19CUPM.DTL


Details

Banking and Finance Sector

11. August 25, Washington Post – (National) European cyber-gangs target small U.S. firms, group says. Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation’s largest financial institutions. A task force representing the financial industry sent out an alert on August 21 outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud. “In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses,” the confidential alert says. The alert was sent to members of the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector. The group is operated and funded by such financial heavyweights as American Express, Bank of America, Citigroup, Fannie Mae and Morgan Stanley. Because the targets tend to be smaller, the attacks have attracted little of the notoriety that has followed larger-scale breaches at big retailers and government agencies. But the industry group said some companies have suffered hundreds of thousands of dollars or more in losses. In many cases, the advisory warned, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company’s controller or treasurer, a message that contains either a virus-laden attachment or a link that — when opened — surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks’ anti-money-laundering reporting requirements. Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?hpid=topnews


12. August 24, Associated Press – (National) Attorneys general form mortgage fraud task force. Ten state attorneys general and four federal agencies have announced the formation of a task force to combat mortgage fraud. According to a statement issued by the Washington state attorney general, targets of the enforcement effort include equity skimming, bogus foreclosure rescue, straw purchases and unethical lending practices. The group is headed by the Washington state attorney general and the Iowa attorney general. Other members include the attorneys general of Arizona, Colorado, Illinois, Nevada, North Carolina, Massachusetts, Missouri and Ohio, as well as representatives from the Department Justice, federal treasury, Department of Housing and Urban Development and Federal Trade Commission. The Washington state attorney general says the task force is the result of meetings on July 15 in Washington, DC, between federal regulators and a number of state attorneys general. Source: http://www.nytimes.com/aponline/2009/08/24/business/AP-WA-Mortgage-Fraud.html


Information Technology


30. August 24, Associated Press – (National) Officials warned about fake DHS intel e-mails. Some e-mails purporting to be from the Homeland Security Department’s intelligence division were fake and contained malicious software. The e-mails actually originated from Internet addresses in Latvia and Russia, according to a three-page alert from the Homeland Security Department’s counterintelligence unit. The document was obtained by The Associated Press. These fake e-mails were sent to officials in the Defense Department and to state and local officials since June. The spyware appears to be criminal, according to the alert. But counterintelligence officials “cannot discount that targeting of DHS partners and DoD personnel may be for other purposes.” The e-mails were made to look as if they had actual text from a department intelligence assessment. They included links embedded with spyware known for stealing banking data and protected passwords. A Homeland Security spokeswoman said anyone who receives an e-mail like this should not open the link and should report the e-mail to their technology departments. Source: http://www.usatoday.com/news/washington/2009-08-24-dhs-emails_N.htm


31. August 24, IDG News Service – (International) New virus spreads by attacking Borland compiler. An imaginative new virus that infects programs as they are being compiled has claimed its first scalps, infecting software sent out on a cover CD by a major German computer magazine and even other malware programs. The 18/2009 edition of Computer Bild reportedly distributed the Win32.Induc virus inside an obscure browser aids called TidyFavorites 4.1 to its four million readership. The software is also believed to have infected a second program, Any TV Free 2.41, and Sophos reports with some irony of having discovered it inside several unnamed bank-hacking Trojans. According to a range of security companies that have been warning of the virus in the last week, Win32.Induc targets the Pascal-based Borland Delphi development tool, inserting its executable into any software compiled by the program. Anyone running an application infected with the parasitic malware will become a new host for its further spread, assuming they too use the Delphi compiler, which makes it perhaps the first virus to successfully attack only one type of professional user. Fortunately, the virus does not do anything, but could still cause a certain amount of havoc if apparently legitimate programs are quarantined by unhappy anti-virus software, experts have said. Source: http://news.idg.no/cw/art.cfm?id=4D1991F3-1A64-6A71-CEC8E087D6B86025


32. August 24, Register – (International) Mass infection turns websites into exploit launch pads. Malicious hackers have managed to infect about 57,000 web pages with a potent exploit cocktail that targets a variety of vulnerable applications to surreptitiously install malware on visitor machines. The exploits install an assortment of nasty software, including Gologger, a keystroke logging trojan, and a backdoor that attempts to connect to a website hosted in China, according to a researcher at ScanSafe, a company that protects end users from malicious websites. The attackers were able to plant a malicious iframe in the pages by exploiting SQL injection vulnerabilities. Once in place, the script silently pulls down javascript from a0v.org that silently runs while people are visiting one of the infected websites. Affected sites included health care organizations such as the New York Methodist Hospital, charitable and nursing facilities such as howellcarecenter.com, sweetgrassvillagealf.com, foodsresourcebank.org, and morningsideassistedliving.com, and others, according to web searches. The vast majority of search results returned by Google and Yahoo failed to detect the threat despite the use of technology on both sites that’s supposed to prevent users from clicking on malicious links. Source: http://www.theregister.co.uk/2009/08/24/mass_web_infection/

Communications Sector

33. August 25, IDG News Service – (International) Pirate Bay ISP victim of sabotage after shutdown. Black Internet, the ISP that on August 24 turned off the access to file-sharing site The Pirate Bay, says it has become the victim of sabotage. The damage is substantial, according to the company’s CEO. Customers that get their Internet access - from Black Internet were experiencing outages on August 25. The reason was sabotage against its infrastructure, according to the ISP. On August 21, a verdict in the Stockholm district court prompted Black Internet to shut down access to The Pirate Bay. The verdict reached Black Internet on August 24, and it decided to immediately comply. Only a few hours later it became the victim of sabotage, it said. The sabotage was intentional, the CEO said. “Our network isn’t working as it should. We are working with the police and technicians to find out what has happened,” said the CEO. Source: http://www.computerworld.com/s/article/9137083/Pirate_Bay_ISP_victim_of_sabotage_after_shutdown?taxonomyId=144