Department of Homeland Security Daily Open Source Infrastructure Report

Monday, October 19, 2009

Complete DHS Daily Report for October 19, 2009

Daily Report

Top Stories

 The Associated Press reports that on October 14 the governor of New York proposed penalties to come down on truckers, many of them carrying hazardous material, who rely on satellite devices to direct them onto faster but prohibited routes and end up crashing into overpasses that are too low for their rigs. (See item 15)

15. October 15, Associated Press – (New York) GPS causing truckers to crash into bridges. New York State wants to crack down on truckers who rely on satellite devices to direct them onto faster but prohibited routes and end up crashing into overpasses that are too low for their rigs. New York’s governor on Wednesday proposed penalties including jail time and confiscation of trucks to come down on drivers who use global positioning system (GPS) to take more hazardous routes and end up striking bridges. “To our knowledge, no other state has similar legislation,” said a spokesman for the American Trucking Associations, an industry trade group based in Washington. “Most trucking companies rely on GPS services that are specifically for trucks and route them away from restricted roads,” he said. “Most of our members also use dispatching and fleet management systems that direct and track the vehicles by truck GPS services.” In New York, a truckers’ group called the proposal unfair and unwarranted. “We understand that bridge strikes have become an increasing problem for Westchester County and the New York metropolitan area,” said a spokeswoman from the New York State Motor Truck Association. Requiring all trucks in the state that are using GPS to buy an enhanced device goes too far, she said. A safety group said trucks taking restricted routes is a scary fact of life on the nation’s highways and parkways and something other states will need to consider as more drivers turn to GPS. GPS can direct truckers, many of them carrying hazardous material, to restricted roads with overpass clearances too low for the rigs. Hauling on restricted or residential routes also pounds the life out of roads because the trucks are over weight limits and clog traffic. New York State alone has seen more than 1,400 bridge strikes in the past 15 years, including 46 so far this year in suburban Westchester County, testing many old bridges already in need of repair. One bridge in his county was hit nine times this year. “This sort of culture of just following the GPS and almost ignoring the road signs has created this public hazard,” New York’s governor told reporters. Source:,2933,566748,00.html?test=latestnews

 According to Reuters, Turkish security forces detained 32 suspected members of the militant group al Qaeda believed to have been planning attacks on NATO, U.S., and Israeli targets, the Turkish state-run news agency Anatolian reported on October 15. (See item 30)

30. October 15, Reuters – (International) Turkey detains 32 al Qaeda suspects in raids-agency. Turkish security forces detained 32 suspected members of the militant group al Qaeda believed to have been planning attacks on NATO, U.S. and Israeli targets, state-run news agency Anatolian reported on Thursday. The suspects were detained in simultaneous raids across eight provinces, it said, quoting security officials as saying some were believed to have been trained in al Qaeda camps in Afghanistan. Security officials found documents linking the suspects to the outlawed group during the raids. “Teams from the Istanbul Anti-Terror Squad have launched an operation against al Qaeda members found to be planning operations against U.S. and Israeli representative offices and NATO installations,” Anatolian reported. Source:


Banking and Finance Sector

12. October 16, Washington Examiner – (International) N.Va. woman accused of $50M mortgage scam caught in Turkey. A Loudoun County woman accused of running a $50 million mortgage fraud scheme was caught in Turkey, having fled the United States in July after she was indicted by a grand jury, authorities said on October 15. The suspect is accused of inflating clients’ credit scores by falsifying their incomes and other financial records, causing her clients to go into foreclosure, the Loudoun County Sheriff’s Office said. She’s charged with making false statements to obtain credit and money laundering. Officials said they notified Interpol when the suspect left the U.S. in July, and the international police agency tracked her down in Turkey. She is being held in a Turkish prison awaiting extradition to the U.S. According to the indictment, the suspect made more than $1 million in profit from the scheme that left banks holding more than $50 million in foreclosed properties. The suspect owned and operated ACR Consulting Co. and Atari Management Co., both based in Loudoun, authorities said. Through those companies she offered rent-to-own services. Her customers wanted to purchase homes, but their credit was not good enough, or their income too low, to qualify for a mortgage. The suspect allegedly signed agreements with customers saying her consulting company would help fix their credit for a fee. She then added her clients to credit cards held by associates with good credit, which helped increase their credit scores. When a client balked at high monthly mortgage payments, authorities say the suspect would offer to subsidize the payments until the client could refinance for a lower mortgage rate and afford the payments. The suspect made a commission when the property was sold and received additional payments for brokerage services, court documents said. Source:

13. October 16, The Register – (International) Survey: Call center data standards ‘routinely ignored’. More than 95 percent of call centers were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company. Veritape said that when it talked to 133 call center managers, only 39 percent of them knew about industry rules against the storing of the information and just 3 percent of them wiped credit card numbers from recordings of phone calls. Veritape provides call recording services to the call center industry. “The routine practice of storing unedited audio recordings of calls is creating a vast reservoir of sensitive data on the servers of call centers across the UK, in direct breach of global industry standards drawn up by the Payment Card Industry Data Security Council,” said a Veritape statement. The industry guidelines are contained in the Payment Card Industry Data Security Standard (PCI DSS), which governs how companies should treat data, whether they be physical shops, websites or call centre sales operations. Veritape pointed out that one clause of the Standard forbids the storing of the three digit verification number on the back of cards in transactions conducted remotely. “Sensitive authentication data must not be stored after authorization (even if encrypted),” says a footnote to the Standard highlighted by Veritape. Veritape said that its survey of 133 call center managers found that of the 97 percent who did not comply with this rule in relation to audio recordings, 61 percent did not know of the rule, 18 percent said it would be too difficult or expensive to comply, 11 percent were ignoring the issue and 6 percent were working to become compliant. Veritape said that its software records phone calls and can process data contained within calls, acting, it said, “as a powerful telephone search engine.” Source:

14. October 15, New York Times – (New York) 41 charged with widespread mortgage fraud. Federal prosecutors announced charges on October 15 against 41 lenders, lawyers and others in the real estate industry who they said used fraud to obtain more than $64 million in loans connected to more than 100 residential properties in New York State. An investigation involving the FBI, the Secret Service, the New York State Banking Department and other agencies led to the wire fraud, bank fraud and conspiracy charges against the lawyers, mortgage brokers and loan officers, who engaged in complex plots that operated over a period of years, said the United States attorney for the Southern District of New York. “The fraud schemes alleged in the cases unsealed today reflect a veritable smorgasbord of scams,” the U.S. attorney said during a news conference in Lower Manhattan. The U.S. attorney said that the investigation, which he called Operation Bad Deeds, uncovered eight separate cases in which people were accused of obtaining loans through fraudulent means by falsifying mortgage applications, flipping properties and stripping equity from properties. On October 15, 32 people surrendered or were arrested in New York, Pennsylvania, Ohio and North Carolina, prosecutors said. Four others had been charged previously, and five more were still at large. Source:

Information Technology

35. October 16, SC Magazine – (International) Aggressive tactics used in new distribution and installation of fake anti-virus software. PandaLabs has identified a new and aggressive trend for selling fake anti-virus software. It claimed that in comparison to previous campaigns, where users would typically see a series of warnings prompting them to buy a version of the program, the new technologies are being combined with ransomware, hijacking the computer and rendering it useless until victims complete the purchase. The fake program, called Total Security 2009, is offered for £74.50. Victims are also offered ‘premium’ tech support services for an additional £18.60. Users who the ransom will receive a serial number, which, when entered in the application, will release all files and executables, allowing them to work normally and recover their information. The fake anti-virus however, will remain on the system. The technical director of PandaLabs said: “The way this rogueware operates presents a dual risk: firstly, users are tricked into paying money simply in order to use their computers; and secondly, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected.” PandaLabs has published the serial numbers required to unblock the computer if it has been hijacked on its blog. “Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake anti-virus,” said the technical director. Source:

36. October 15, Network World – (International) Phishing attacks with Zeus Trojan targeting Outlook Webmail shops. Targeted phishing attacks aimed at getting Outlook Web Access users within enterprise organizations to download a Trojan designed to steal financial and account information is spreading fast. “It started yesterday, with more than 50 customers of ours receiving this e-mail and we’ve been targeted ourselves,” says the CEO of security firm Trusteer. The e-mail-based attack is customized to fool employees in each enterprise it is sent to, with the “from” address appearing to come from within the enterprise, asking the recipient on behalf of the systems administrator to modify their e-mail settings for Outlook Webmail as a result of an upgrade. Though the link appears to be to the enterprise Outlook Web Access site, it is actually a Web site in Chile, Columbia, Romania or Russia that is craftily trying to get the victim to download a file that is the dangerous Zeus/Zbot Trojan, says the CEO. Source:

37. October 14, Web Host Industry Review – (International) Latest surge of malware spam comes from the Cutwail botnet. Business security services provider MessageLabs Intelligence has seen a dramatic rise in the volume of the Bredolab Trojan being sent by the Cutwail (also known as Pandex) botnet, which gives senders complete control of the target computer. According to MessageLabs, the percentage of spam relating to the Bredolab Trojan has steadily increased in recent months, reaching its highest level in October. It currently accounts for 3.5 percent of all spam and 5.6 percent of all malware intercepted each day. So far in October, approximately 3.6 Billion Bredolab malware emails are likely to be in circulation each day, worldwide. Bredolab is a Trojan that arrives in the form of a zip file attachment to an email with a subject referring to postal tracking numbers. The email prompts the recipient to open and run the attachment which automatically installs the Trojan. Once installed, it attempts to disable the host-based security and then facilitates downloading other malicious content. “By nature, once this Trojan is on a system, it is unlikely to be detected and will allow the controller to do whatever they wish with the infected machine, such as installing other malware and spyware,” the Symantec MessageLabs Intelligence senior analyst said in a statement. Source:

For another story, see item 39 below

Communications Sector

38. October 15, Associated Press – (Arkansas) AT&T: Internet access on cell network drops. AT&T Inc. says Internet access to its iPhone and other cellular device failed for a time on October 15 in Arkansas. A AT&T spokesman says an equipment issue caused the company’s 3G service to drop out in northwest and central Arkansas. Customers also complained about not even being able to access the company’s EDGE network, a slower connection for mobile devices to the Internet. The spokesman said on October 15 that engineers were still examining the problem. Source:

39. October 15, ComputerWorld – (International) Fugitive hacker headed back to U.S. for arraignment. A Miami man who for three years had evaded prosecution in connection with the theft and reselling of VoIP services is being extradited to Newark from Mexico on October 15 and is set to be arraigned in a New Jersey federal courthouse on October 16. The 26-year-old had been arrested in June 2006, on multiple computer and wire fraud charges, and then allegedly fled the country about two months later. He had been free on $100,000 bail. The suspect was apprehended in Mexico in February and federal prosecutors have been working to get him extradited back to the U.S. since then, according to a assistant U.S. attorney. “He’s been a fugitive for over three years,” said the assistant U.S. attorney, who is prosecuting the case. “We’re looking forward to proceeding with the prosecution.” The suspect faces 20 charges that include conspiracy to commit computer intrusion and conspiracy to commit wire fraud charge. The U.S. alleges that from November 2004 to May 2006 the suspect and a cohort hacked into the computer networks of VoIP service providers and routed calls made by customers of the suspects VoIP service through them. According to a criminal complaint filed in U.S. District Court in New Jersey, the suspect and a co-conspirator sold more than 10 million minutes of VoIP service that had been stolen from 15 telecommunications providers. Prosecutors have contended that the lost minutes were valed at $1.4 million to the providers victimized in the alleged scam. Federal investigators contend that the suspect was the mastermind behind the scheme and his co-conspirator hacked the systems. Source: