Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, October 28, 2009

Complete DHS Daily Report for October 28, 2009

Daily Report

Top Stories

 According to the Washington Post, two pilots of a Northwest Airlines jet that overshot a Minneapolis airport by 150 miles last week might have lost track of time partly because they were using laptops, a violation of company policy, U.S. air safety investigators said October 26. (See item 22)

22. October 27, Washington Post – (National) 2 pilots say they were distracted by laptops. The two pilots of a Northwest Airlines jet that overshot a Minneapolis airport by 150 miles last week might have lost track of time partly because they were using laptops, a violation of company policy, U.S. air safety investigators said Monday. The co-pilot told National Transportation Safety Board (NTSB) investigators that he was giving instructions about monthly crew scheduling procedures to the plane’s captain. The NTSB said each pilot used the computers during the discussion. Northwest’s merger with Delta Air Lines last year has led to numerous policy changes for pilots. Air traffic controllers lost radio contact with Northwest Flight 188, carrying 147 passengers, for more than an hour Wednesday. During five hours of NTSB interviews over the weekend, the pilots said they were flying at 37,000 feet when the discussion began. Federal rules allow pilots to converse at such altitudes; at lower altitudes, the rules limit cockpit talk that is not related to flying the plane. It is unclear which Federal Aviation Administration (FAA) rules, if any, the pilots might have violated. The FAA does have rules concerning pilot distractions, and the agency mandates that crew members stay in contact with air traffic controllers. Along with the NTSB probe, the FAA and Delta are investigating. The FAA has said its investigation could lead to an emergency suspension or revocation of the pilots’ licenses. In the NTSB interviews, both pilots said they had no ongoing medical problems, were not fatigued and had not been involved in accidents, the NTSB said. Before the flight, the pilots had a 19-hour layover before leaving San Diego. They said there was no heated argument, and they denied falling asleep during the period under investigation. Source:

 SCMagazine reports that a criminal phishing group called Avalanche was responsible for nearly a quarter of all phishing attacks identified during the first half of this year, according

to a recently released Anti-Phishing Working Group (APWG) report. (See item 18 below in the Banking and Finance Sector)


Banking and Finance Sector

15. October 26, American Banker – (National) 2009 bank failures in triple digits after 7 banks fall. Failures in 2009 shot past the 100-mark late Friday as regulators swooped into seven community banks in the Midwest and southeast. The evening began with the failure of $65 million-asset Partners Bank in Naples, Florida, bringing the year’s toll to 100 for the first time since the savings and loan crisis. When all was said and done, banks in five states totaling over $1 billion in assets were closed, leaving the government with $357 million more in losses. The collapse marked the first year of triple-digit failures year since 122 institutions collapsed in 1992. Since then, the most failures in a given year were 41 — in 1993. Partners, a thrift, was one of three Florida institutions to fail on October 23. Regulators also closed $83 million-asset Hillcrest Bank in Naples and $190 million-asset Flagship National Bank in Bradenton. The remaining four failed banks were: $108 million-asset Riverview Community Bank in Otsego, Minnesota; $327 million-asset Bank of Elmwood in Racine, Wisconsin; $111 million-asset American United Bank in Lawrenceville, Georgia; and $279 million-asset First Dupage Bank in Westmont, Illinois. Source:

16. October 26, Bloomberg – (Illinois) Equipment acquisition was Ponzi scheme, officer says. Equipment Acquisition Resources Inc., the seller of refurbished semiconductor-making machinery that filed for bankruptcy October 23, was a Ponzi scheme that wiped out as much as $175 million borrowed from lenders, the company’s chief restructuring officer said. The restructuring officer of the turnaround firm Development Specialists Inc., was selected by shareholders to reorganize the Palatine, Illinois-based company after Chief Executive Officer and her husband, whose role at the company wasn’t specified, resigned on October 8. “This is a giant fraud, a Ponzi scheme which we discovered two days after we were put into it,” he said on October 26 in an interview. He declined to say who he believed was responsible. Equipment Acquisition, founded in 1991, listed assets of as much as $50 million and secured debt of about $135 million in Chapter 11 papers in U.S. Bankruptcy Court in Chicago. Its unsecured debt wasn’t listed. Earlier lenders were repaid with proceeds from newer ones, he said. Source:

17. October 26, Manitowoc Herald Times Reporter – (California) Police warn against credit card ‘phishing’ scam. The police department is reminding residents not to give out personal information over the phone after receiving reports on October 26 of a “phishing” scam. According to the press release, residents have received calls from an automated phone recording that claims it is contacting the recipient on behalf of local financial institutions. It further claims that if the recipient of the call has a credit or debit card, that card may have been compromised. The recording then asks the recipient to press 2 to continue, followed by asking for the recipient’s 16-digit card number, according to the release. Police are asking that anyone who receives the call hang up immediately. Anyone who has received a call or has questions about their account should call their credit card company or bank directly. Source:

18. October 26, SCMagazine – (International) Avalanche the most prolific phishing group of 2009. A criminal phishing group called Avalanche was responsible for nearly a quarter of all phishing attacks identified during the first half of this year, according to a recently released Anti-Phishing Working Group (APWG) report. “Avalanche began attacks in December 2008 and ramped up significantly in early 2009, quickly becoming the most prolific and dangerous operation on the internet,” the report states. The Avalanche cybercrime group, which has spoofed more than 30 financial institutions, along with other online services and job search companies, was responsible for 24 percent of all phishing attacks during the first half of the year, according to the APWG’s Global Phishing Survey, released recently. “These attacks involve domain names registered by the phishers, set up on name servers controlled by the phishers, and hosted on a fast-flux network of apparently compromised consumer-level machines,” the report states. Fast-flux hosting often increases the longevity of an attack site because it makes it more difficult to get the domain taken down, the report states. The Avalanche gang registers domains at one to three registrars at a time, looking for potentially inattentive or vulnerable domain registrars that will not notice the crimes being committed, the report concluded. In one attack, for example, the gang chose a registrar in small country and used stolen credit card numbers from consumers in that country to evade detection. If a registrar does suspend the domains, the Avalanche gang simply begins registering domains elsewhere. Source:

Information Technology

37. October 27, Computer Weekly – (International) Hackers grab data from Swiss foreign ministry. Hackers have broken in to the Swiss foreign ministry’s computer system in an attempt to steal data, forcing parts of it to be shut down for several days. The “professional virus attack” allowed outsiders to access the computer system to obtain information, the ministry said, but it gave no details on the nature or extent of the breach. The “well hidden” software used to carry out the data breach was discovered by government and Microsoft technicians on October 22, according to reports. “In concrete terms, foreign ministry staff cannot use the internet for the time being but can use the internal network,” a spokesman said. The Swiss Finance Ministry and Interior Ministry also experienced computer problems last week, but no link has been established between the three incidents. Source:

38. October 27, DarkReading – (International) Report: Nearly 6 million infected web pages across 640K compromised sites. More Websites are compromised today than ever, and about one-fifth of the pages on each newly compromised Website were infected as of this year’s third quarter, according to new data gathered from real-time Web malware monitoring service provider Dasient. Dasient, a startup whose co-founders include two former Google engineers, found 5.8 million individual Web pages infected across 640,000 compromised Websites. That represents a major increase from Microsoft’s report in April of some 3 million infected pages, according to Dasient, which runs a behavioral-based service to diagnose infected Websites. One of Dasient’s co-founders and a former strategy consultant at McKinsey says his company also detected more than 52,000 unique types of Web malware in the quarter. “Hackers are starting to see success here with Web-based attacks, so they are investing more in them,” he says. “Websites are becoming more complex, and you have more Websites matching content, sourcing, and [banner] ads...creating opportunities to inject malicious content.” Among newly compromised Websites of 10 pages or more, nearly 20 percent of their pages were infected. The bad guys have been infecting more pages as a way to score more victims. “The more parts of a site that have been infected, the more difficult and challenging that it is to remediate and detect it,” the co-founder says. Source:

39. October 25, Xinhua – (International) China anti-virus authorities warn of new Hack_Kido computer virus. China’s anti-virus authorities on Sunday warned computer users to guard against mutation of Hack_Kido computer virus, which could prevent users from downloading operation system loophole patches. The virus would monitor the users’ on-line browsing and close any web-site related with Microsoft, preventing users from getting any help from the Microsoft web-sites, according to the Tianjin-based National Computer Virus Emergency Response Center. Experts suggested computer users update their anti-virus software and use the real-time computer virus monitoring function whenever they surf the Internet. Source:

For another story, see item 18 above in the Banking and Finance Sector

Communications Sector

40. October 27, Washington Post – (National) Internet networks unable to handle H1N1 telework traffic: GAO. As concerns rage over the spread of the H1N1 flu, a federal report showed that a pandemic that would keep millions of Americans at home could also overload Internet networks. Adults working from home, children accessing video files and playing games online and families logging on for information about the illness would overwhelm residential Internet networks that were never built to have a majority of users on the Web at the same time, according to an October report by the Government Accountability Office (GAO), the investigative arm of Congress. The federal government is in disarray when it comes to dealing with such a scenario, the GAO reported. The Department of Homeland Security (DHS) is in charge of communications networks during times of national emergency. But it says it doesn’t have a plan to deal with overloaded Internet networks - an essential resource to keep the economy humming and residents informed and connected during a pandemic. And the DHS has not coordinated with agencies like the Federal Communications Commission to create clear guidelines for how telecom, cable and satellite providers can minimize congestion. Such confusion “would increase the risk that the federal government will not be able to respond rapidly or effectively if a pandemic quickly emerges,” the GAO reported. Network operators like Comcast, AT&T, Cox and Verizon are limited in their options. They could add more bandwidth capacity and lay down private lines for essential workers, for example, but that is expensive and would take too long. Shutting down certain Web sites or prioritizing traffic could run into technical regulatory hurdles, the report said. Source:

For another story, see item 8 below

8. October 27, Associated Press – (National) NRC urges plants to use broadband. Many homes and businesses have long since upgraded to broadband Internet, and the Nuclear Regulatory Commission (NRC) wants nuclear plants in Missouri and elsewhere to do the same. A St. Louis radio station on Monday cited an NRC memo to AmerenUE and other nuclear plants urging the upgrade. The move would be voluntary, but regulators called dial-up “obsolete.” But a Ameren spokesman says the current system in place “works and works well.” He says Ameren is concerned that with broadband, hackers might find a way into the system. Regulators’ biggest fear is a busy signal in the event of a crisis. The commission memo says it would use a virtual private network that would create a secure data pathway between plants and NRC headquarters. Source: