Department of Homeland Security Daily Open Source Infrastructure Report

Friday, October 23, 2009

Complete DHS Daily Report for October 23, 2009

Daily Report

Top Stories

 The New York Times reports that on October 20 federal agents have seized six computers, two cameras, two cellphones, and hundreds of files from a Los Alamos, New Mexico, physicist who is suspected of international espionage with Venezuela. (See item 10)

10. October 20, New York Times – (International) Property of nuclear critic is seized by federal agents. Federal agents have seized six computers, two cameras, two cellphones, and hundreds of files from a Los Alamos, New Mexico, physicist who for two decades has criticized the government’s nuclear agenda as misguided. A Federal Bureau of Investigation spokesman in Albuquerque said that the action on Monday was part of “an ongoing federal investigation” and that he could provide no details. The physicist said he was told that the seizures were part of a criminal investigation into possible nuclear espionage. He also declared his innocence. “If I were a real spy,” he said Tuesday, “I would have left the country a long time ago.” The physicist was laid off from the Los Alamos National Laboratory in 1988 and has ever since championed an innovative type of laser fusion, which seeks to harness the energy that powers the sun, the stars and hydrogen bombs. Source:

 According to KIRO 7 Seattle, if the Green River floods during the upcoming rainy season, 800,000 King County residents could be without sewage service for months. (See item 20)

20. October 22, KIRO 7 Seattle – (Washington) Green River flooding could leave 800K without sewage for months. Officials said if the Green River floods during the upcoming rainy season, 800,000 King County residents could be without sewage service for months. On Thursday, workers will start installing flood walls designed to safeguard the south sewage treatment plant in Renton. Protecting it from possible winter floods will cost $7.5 million. The county is also installing backup generators and making plans to bring in workers and supplies by boat if needed. In the event of a flood the plant’s ability to treat millions of gallons of wastewater a day could be impacted. “Toilets, showers, garbage disposals, laundry, anything that goes down an interior drain in a house, (could be affected),” said the assistant King County executive. Source:


Banking and Finance Sector

11. October 22, IDG News Service – (International) Fraudsters trying to capture bank cards at machines. European financial institutions are seeing a sharp rise in card “trapping,” where criminals use various tricks in order to capture and retrieve a person’s ATM card for fraudulent use. For the first half of this year, financial institutions reported 1,045 trapping incidents, according to a new report from the European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement. The figure, which covers 20 countries within the Single Euro Payments Area (SEPA), represents a 640 percent increase over the first half of 2008. “For the first time, we’ve seen a significant spike in the number of card-trapping incidents,” said EAST’s coordinator. “It’s a new trend.” Criminals may be turning to trapping as an alternative way to get around the main security feature for payment cards issued in Europe: the microchip. European banks now use chip-and-PIN (personal identification number) cards, also known as EMV cards. During face-to-face transactions, customers must enter a PIN into point-of-sale devices, which authenticates the transactions. ATMs verify the presence of a chip to prevent the use of cloned cards without a microchip. Source:

12. October 21, Newscow – (National) Local bank warning of debit-card phone scam. On October 19 Union State Bank notified authorities of a debit-card telephone scam after a number of the banks customers reported receiving a pre-recorded phone call. No specific bank, or other financial institution, is identified in the automated call but the recording indicates that the customer’s Visa debit car has been deactivated due to suspicious activity. The customer is asked to enter a card number, expiration date and security code into the phone. “This is definitely a scam,” stated the USB President. “We would never solicit such information from our customers.” He said the bank is concerned that since no financial institution is named in the call, anyone could be targeted, not just Union State Bank customers. Source: 13. October 21, Associated Press – (New York) NY businessman gets 20 years for Ponzi scheme. A New York businessman has been sentenced to 20 years in prison for running a Ponzi scheme that took in more than $31 million. The 83 year-old man was sentenced on October 21 in U.S. District Court in Buffalo to 20 years for mail fraud and five years for tax evasion, with the terms to be served concurrently. Source:

Information Technology

31. October 22, CNET – (International) Windows 7 default user account control worries experts. Corporate IT departments should be pleased with new security measures in Windows 7, but consumers are still at risk of getting hit by malware despite changes in the User Account Control (UAC) feature designed to help people be smarter when using applications, security experts say. Probably the most talked about security change in Windows 7, scheduled for public release on Thursday, are modifications to the UAC, which was introduced in Vista. The UAC was designed to prevent unauthorized execution of code by displaying a pop-up warning every time a change was being made to the system, whether by the operating system or a third-party application. Vista users complained that they were bombarded with the warnings and security experts speculated that as a result, many people were just ignoring them or turning them off. With Windows 7, users can choose how often they want to be notified and the default is set to notify only when a third-party application is making a change, as well as when a change is being made to the UAC itself. However, an attacker could use code injection and exploit several components in Windows 7 that auto-elevate to bypass UAC and get full access to the machine, experts have warned. A Sophos white paper from September says: “Another issue with these default (UAC) settings is that malware could bypass the system by injecting itself into a trusted application and running from there. Indeed, some malware has been observed spoofing UAC-style prompts to obtain user permission to operate unimpeded.” Source:

32. October 22, The Register – (International) FBI and SOCA plot cybercrime smackdown. The FBI and the UK’s Serious and Organised Crime Agency have drawn up a program for dismantling and disrupting cybercrime operations. The effort relies on a better understanding of the business models of carders, malware authors and hacker groups which have increasingly come to resemble those of legitimate businesses. The three prong strategy aims to target botnet and malware creators, so-called bullet-proof hosting providers that offer hosting services to cybercrooks, and digital currency exchanges. Digital currency exchanges such as WebMoney and Liberty Reserve are central to the operation of the black economy, according to the head of intelligence at SOCA’s e-crime department. During a keynote presentation at the RSA Europe Conference, the head of intelligence and a FBI special agent used the Russian Business Network (RBN) cybercrime network as an example of the type of criminal enterprise they were targeting. The now disbanded group used an IP network allocated by RIPE, a European body that allocates IP resources, to host scam sites, malware and child porn. The well attended presentation also included a comprehensive taxonomy of botnet types. Network of compromised PCs can be used for multiple purposes include proxies that supply anonymity (based on machines infected by malware strains such as Xsox), credential stealing (the notorious banking Trojan ZeuS and Torpig being the chief irritants in this category), web hosting (ASProx), spam distribution (Srizbi, Storm worm) and malware dropping botnets. Another vital component of the cybercrime economy is carder forums, described by Mularski as e-crime “supermarkets” for exploits, tools and stolen data that have adopted a mafia-style organisational structure. These forums have splintered after law enforcement efforts that led to the demise of forums such as Shadowcrew and Carderplanet in 2004. Source:

33. October 22, The Register – (International) Raytheon unveils Linux ‘Insider Threat’ rooter-out routers. US armstech mammoth Raytheon has announced that its “government insider threat management solution” for information security will be powered by Linux. Penguin-inside crypto modules to be used in Raytheon’s mole-buster tech have now passed tough federal security validation, apparently. The insider-threat detector gear in question is Raytheon’s SureViewâ„¢, designed to root out the whole spectrum of security no-nos from “accidental data leaks” through “well-intentioned but inappropriate policy violations” to “deliberate theft of data”. SureViewâ„¢ monitors every network sparrow that falls, looking automatically for “Leading Indicator” actions, “such as a screen capture that has been encrypted and saved to a USB drive”, for instance. Having detected such a misdeed, the tech flags it up for human security operators to replay and examine, in order to decide “was it accidental, reckless behavior or truly malicious behavior?” As part of all this, the SureViewâ„¢ network-watching net needs to be secure itself. Most of it has already passed Federal Information Processing Standard (FIPS) 140-2 level 1, says Raytheon. Now, with the final Linux crypto module also FIPS compliant, SureViewâ„¢ is ready to start sniffing out traitors, whistleblowers, leakers and/or incompetent users across the federal government. Source:

34. October 21, SCMagazine – (International) Oracle fixes 38 flaws, four earn highest severity rating. Oracle on October 20 delivered patches to correct 38 vulnerabilities across its line of products, including four that received the highest severity rating possible. On its popular Database Server product, Oracle’s quarterly security update corrected 16 flaws, six of which could be remotely exploited without authentication. Three of the database bugs received a rare 10 out of 10 rating under the Common Vulnerability Scoring System (CVSS), used to determine the flaw’s severity. In the case of those three vulnerabilities, a successful exploit could result “in a full compromise of the targeted system, down to the [Windows] operating system,” said the manager of security in Oracle’s global technology business unit, on a company blog. On other platforms, however, the flaws garnered less serious ratings because an attack would not lead to a compromise at the operating system layer. The October 20 update also included patches for Application Server, E-Business Suite, PeopleSoft Enterprise, JD Edwards Tools, WebLogic/JRockit and Communications Order and Service Management. Half of the 38 total fixes could be remotely exploited without authentication. Source:

35. October 21, CNET – (International) Microsoft fixing Bing bug that aided spammers. Microsoft on October 21 said it is fixing a bug in Bing that allowed spammers to bypass spam filters and distribute malicious links. Researchers at Webroot Software discovered a spam campaign earlier this week that used the search engine’s own redirection mechanism and a link-shrinking technique to send people to spam Web pages, according to a post on the Webroot threat blog. The problem is with how Bing formats links in RSS feeds. The redirect from Bing to the spam site is not obfuscated, allowing scammers to append anything to the end of the Bing redirect URL and thus trick spam filters, said a threat researcher at Webroot. In the specific case, Webroot examined an RSS feed in Bing with a link that bounced through MySpace’s link shrinker and landed on the spam Web page that looked like a news site customized to the user’s geolocation and which offered vague work-from-home jobs. Source:

Communications Sector

36. October 21, Charleston Daily Mail – (West Virginia) Crews working to repair telephone outages in eastern Kanawha County. Eastern Kanawha County residents may be experiencing phone and Internet service outages. Verizon confirmed a fiberoptic line under the Chesapeake Bridge was snagged and tore down earlier this morning. A Verizon spokesman said those Verizon customers in the 595 exchange are being affected. He could not say exactly how many customers are affected. Initial reports came in shortly before 9 a.m., the spokesman said. The spokesman said those customers in the 595 exchange are able to call other 595 numbers, but cannot call or be called from outside of the exchange. Source: