Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, November 12, 2009

Complete DHS Daily Report for November 12, 2009

Daily Report

Top Stories

 According to Reuters, over 1,000 Toyota and Lexus owners have reported sudden, spontaneous acceleration of their vehicles since 2001, including crashes blamed for 19 deaths, far more than earlier disclosed. The National Highway Traffic Safety Administration (NHTSA) previously has said it had received reports of 100 such incidents, including 17 crashes and five fatalities as of November 8. (See item 9)

9. November 8, Reuters – (National) Probe finds jump in runaway Toyota complaints: report. Over 1,000 Toyota and Lexus owners have reported sudden, spontaneous acceleration of their vehicles since 2001, including crashes blamed for 19 deaths, far more than earlier disclosed, the Los Angeles Times reported on Sunday. The National Highway Traffic Safety Administration (NHTSA) previously has said it had received reports of 100 such incidents, including 17 crashes and five fatalities. Toyota Motor Corp announced in September that it would recall some 3.8 million vehicles in the United States because of the risk of improper-fitting floormats jamming accelerator pedals in several models. The recall includes the hot-selling Prius hybrid and would be the largest ever for Toyota, which has built a reputation for safety and quality that had helped it surpass General Motors Co as the world’s leading automaker last year. But the Times said it had uncovered a problem much bigger in scope from its own examination of thousands of federal defect investigation records, NHTSA complaints filed by car owners, lawsuits against Toyota and reports by independent safety experts and local police agencies. Owner complaints of runaway Toyota and Lexus vehicles helped trigger at least eight investigations of the problem by NHTSA in the last seven years, but the agency closed six of those cases without finding a defect, the Times reported. According to the newspaper, federal officials eliminated broad categories of sudden-acceleration complaints, including cases in which drivers said they were unable to stop runaway cars using their brakes; incidents of unintended acceleration lasting more than a few seconds; and reports in which owners did not identify the possible causes of the problem. By its own count, the newspaper said it found more than 1,000 reports from motorists that their Toyota or Lexus vehicles had suddenly sped up on their own, and records of 19 fatalities in which unintended acceleration may have been a factor in vehicles going back to the 2002 model year. Source:

 The Charlotte Observer reported on November 10 that across North Carolina, mental patients are routinely languishing for days in emergency rooms ill-equipped to care for them, waiting for a bed to open at one of four state-run psychiatric hospitals, often, passing the time handcuffed or sedated. (See item 25)

25. November 10, Charlotte Observer – (North Carolina) Mental patients stuck in emergency rooms for days. Across North Carolina, mental patients are routinely languishing for days in emergency rooms ill-equipped to care for them, waiting for a bed to open at one of four state-run psychiatric hospitals. Often, they pass the time handcuffed or sedated. Law-enforcement officers assigned to guard patients at community medical centers such as Grace Hospital in Morganton have occasionally resorted to using Tasers to shock them into submission. The state’s secretary of health and human services plans to ease the strain by paying private hospitals with taxpayer money to admit and treat more mental patients, especially those who do not qualify for Medicaid. But a survey the department conducted of nine community hospitals raises questions about whether many medical facilities, especially those in rural areas, are capable of taking on that responsibility. The report also provides recommendations for what the state can do to help, such as assigning a single staff member to work on admitting patients who have been waiting in an emergency room for more than three days. Those recommendations, as well as a one-page summary of the problems found by the survey, will eventually be presented to senior DHHS administrators. Source:


Banking and Finance Sector

12. November 10, DarkReading – (National) MassMutual warns Of data breach. A leak at a third-party service provider may have caused a compromise of employee and customer data at insurance giant MassMutual, the company says. According to news reports, former employees are being notified of a breach that may affect the personal information of family members, as well. “MassMutual can confirm that, despite comprehensive procedures and diligent practices to protect confidential and private data concerning employees at MassMutual and several of its subsidiaries, a limited amount of personal employee information maintained in a database by an outside vendor (engaged by the company) may have been subject to unauthorized access,” said a spokesman, in a statement from MassMutual. “However, the vendor engaged a highly respected forensics team to investigate, and at this time we believe that no misuse of the information or fraudulent activity involving the data has occurred. This database does not include any client or field representative information of any type; it also did not contain personal Social Security or bank account information. The company did not say which databases were affected by the breach or how they were compromised. Source:

13. November 10, Bloomberg – (National) Dodd proposes stripping Fed, FDIC of bank regulation roles. A U.S. senator proposed legislation to create a single U.S. regulator that would strip the Federal Reserve and Federal Deposit Insurance Corp. of bank- supervision authority. The senator who is also chairman of the Senate Banking Committee, would eliminate the Office of the Comptroller of the Currency (OCC) and the Office of Thrift Supervision (OTS) and fold the Treasury Department units into the new bank regulator, according to a draft of the measure obtained by Bloomberg News. The senator is scheduled to release the plan on November 10 in Washington. The senator has faulted the U.S. bank regulation system, saying it encourages charter shopping and a “race to the bottom” by agencies to win oversight roles. His proposal goes further than proposals by the U.S. President and the House financial services committee chairman to merge the OTS and OCC. Source:

Information Technology

35. November 10, The Register – (International) Security firm chokes sprawling spam botnet. A botnet that was once responsible for an estimated third of the world’s spam has been knocked out of commission thanks to researchers from security firm FireEye. After carefully analyzing the massive botnet, alternately known as Mega-D and Ozdok, FireEye employees last week launched a coordinated blitz on dozens of its command and control channels. The channels were used to send new spamming instructions to the legions of zombie machines that make up the network. Almost immediately, the spam stopped, according to M86 Security blog. Last year, the email security firm estimated the botnet was the leading source of spam until some of its servers were disabled. The body blow is good news to ISPs that are forced to choke on the torrent of spam sent out by the pesky botnet. But because many email servers already deployed blacklists that filtered emails sent from IP addresses known to be used by Ozdok, end users may not notice much of a change, said an abuse operations manager at antispam firm Cloudmark. The takedown effort is significant because it shows that a relatively small company can defeat a for-profit network that took extraordinary measures to ensure it remained operational. Not only did Ozdok reserve a long list of domain names as command and control channels, it also used hard-coded DNS servers. When all else failed, its software was able to dynamically generate new domain names on the fly. Source:

36. November 10, The Register – (International) Next generation spammers rise up in Asia, India and Brazil. A new generation of spammers is rising up in regions such as Asia Pacific, Japan, and South America, and beginning to outstrip their North American counterparts in junk mail output. Asia Pacific and South America accounted for 23 percent and 22 percent, respectively, of global spam during October. That’s according to a new study on spam by Symantec, published on November 9, which concludes that 87 per cent of email messages are now made up of junk mail. Europe, the Middle East, and Africa still accounts for 28 per cent of spam and North America for 20 per cent of this junk mail deluge. The figures contrast with Symantec’s stats from February 2008 when Europe was blamed for 44 per cent of all spam, with a reported 35.1 per cent originating in North America. Symantec said the availability of high-speed broadband connections in countries such as Japan, South Korea and Brazil partly explains the change in global spamming. Brazil (14 per cent), Vietnam (five per cent) and India (5 per cent) now come second, third and fourth place, respectively, in the league of most spamming country. The U.S. (18 per cent October - down from 25 per cent in September) remains the single biggest source of junk mail, though Brazil will easily overtake it in November if current trends continue. Source:

37. November 9, DarkReading – (International) Microsoft forensics tool for law enforcement leaked online. A forensics tool built by Microsoft exclusively for law enforcement officials worldwide was posted to a file-sharing site, leaving the USB-based tool at risk of falling into the wrong hands. COFEE is a free, USB-based set of tools, which Microsoft offers only to law enforcement, that plugs into a computer to gather evidence during an investigation. It lets an officer with little or no computer know-how use digital forensics tools to gather volatile evidence. COFEE was posted, and then later removed, from at least one file-sharing site, but security experts say the cat is now out of the bag. While many forensics tools with similar functionality as Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) are available, security experts still worry the bad guys will use their access to the tool to figure out ways to circumvent it. The CTO at Veracode, says the danger is that a detection tool will be written for COFEE so that the bad guys can cover their tracks. “Someone will build a detector so that machines will wipe themselves or give rootkit-like fake answers if this USB is inserted into a computer,” he said. One researcher who got a copy of COFEE online says bad guys could abuse the tool by taking one of its Dynamic Link Libraries (DLL) and loading it into a compromised machine’s memory, where it then dumps stored clear-text passwords to a file. Source:

38. November 9, ComputerWorld – (International) Apple delivers mammoth update, patches 58 bugs. Apple patched 58 vulnerabilities in its Mac operating systems on November 10, the most since May 2009, including several in the QuickTime media player that it had fixed separately in early September. Apple apparently also retired Mac OS X 10.4, aka Tiger, from security support; none of the patches affect that operating system, which debuted in April 2005. Apple traditionally stops providing security updates for its oldest still-supported OS several months after the release of a new edition. The November 10 security update was the sixth from Apple this year, and the second that included patches for Snow Leopard, launched in late August. “Seems a little large, but really, it’s par for the course for Apple,” said the director of security operations at nCircle Network Security, referring to the number of individual bugs quashed in today’s 2009-006 update. In May, Apple patched a record 67 vulnerabilities; it addressed 55 in February, 33 in September, and 19 in two separate August updates. More than half of the vulnerabilities patched on November 10, 32 out of the 58, were accompanied by the phrase “may lead to arbitrary code execution,” which is Apple’s way of saying that a flaw was critical and could be used by attackers to hijack a Mac. Apple does not assign ratings or severity scores to the bugs it patches, unlike other major software makers, such as Microsoft and Oracle. Apple plugged holes in 37 different components of Mac OS X, ranging from AFP Client and the open-source Apache Web server software to CoreGraphics, the Help Viewer and the Spotlight desktop search engine. Source:

Communications Sector

Nothing to report