Department of Homeland Security Daily Open Source Infrasturcture Report

Thursday, November 19, 2009

Complete DHS Daily Report for November 19, 2009

Daily Report

Top Stories

 The BBC reports that two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. The program, known as the ZeuS or Zbot trojan, is believed to have infected thousands of computers around the world. (See item 13 in the Banking and Finance Sector)

 According to the Associated Press, rogue employees at a major mobile phone company illegally sold millions of customer records to rival firms, Britain’s information watchdog reported on November 17. (See item 39 in the Information Technology Sector)


Banking and Finance Sector

12. November 18, WPBF 25 West Palm Beach – (Florida) Police arrest suspect in bank robbery bomb scare. A bank robber who said he had a bomb prompted authorities to shut down a section of Forest Hill Boulevard on November 17, and police later arrested a suspect. Detectives with the Palm Springs and Greenacres police departments spent the afternoon at the Island Shores Apartments off Jog Road and Forest Hill Boulevard. They had been in the area searching for a bank robber. Palm Springs police and the Palm Beach County Sheriff’s Office bomb squad were called to a bank robbery at a Wachovia branch at 4300 Forest Hill Blvd. shortly after 11:15 a.m. Police said a man entered the bank and handed the teller a note that read: “I have a bomb, don’t panic, just empty the drawer, I used to work here, so no dye packs, thank you, cooperate and no one gets hurt.” Police said the man then left a bag on the teller counter before he left. Traffic on Forest Hill Boulevard was shut down between Kirk Road and Military Trail while authorities investigated, and the bank and surrounding businesses were evacuated. It was the third bomb scare in Palm Beach County in the span of a few hours. Students at Greenacres Elementary School and Palm Beach Community College’s Lake Worth campus were also kept out of their classrooms earlier November 17 while authorities investigated bomb threats at those schools. Authorities later cleared both scenes. Source:

13. November 18, BBC – (International) Two held in global PC fraud probe. Two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. The trojan program is believed to have infected thousands of computers around the world, said the Metropolitan Police, which is leading the inquiry. A man and woman, both aged 20, have been questioned and bailed until March 2010 pending further inquiries. Police revealed the arrests were the first in Europe as part of the inquiry. The investigation focused on the ZeuS or Zbot trojan - “a sophisticated malicious computer program,” said police. The malicious software records online bank account details, passwords and credit card numbers to steal cash with the information accessed. It also copies passwords for social networking sites before causing each computer to forward the data to servers under the control of the hackers. It has emerged in several guises, including a false Facebook page that encouraged users to download a software update. The pair being questioned were arrested on 3 November under the 1990 Computer Misuse Act and the 2006 Fraud Act. Source:

14. November 17, The Register – (Connecticut) Romanian cops to $150k ATM skimming spree. A Romanian national has admitted he defrauded Bank of America of about $150,000 in a scheme that secretly recorded customer information as it was entered into automatic teller machines. A 23-year-old pleaded guilty in U.S. District Court in Connecticut to one count each of bank fraud and aggravated identity theft. The man’s involvement in the three-month scheme cost the bank about $150,000, according to federal prosecutors. According to prosecutors, the individual attached skimming devices to Bank of America ATMs that automatically captured the data stored on the magnetic strips of customers’ bank cards. He also installed pinhole-sized video cameras that recorded the passwords entered during transactions. The guilty individual and unnamed accomplices then used the captured information to create cloned debit cards that allowed them to make withdrawals against the victims’ accounts. The skimming scheme was carried out against multiple Bank of America branches in Connecticut’s Fairfield county. Source:

15. November 17, Seattle Post Intelligencer – (Washington) Suspicious object’ in Coupeville bank sparks bomb scare. What was likely an absent-minded mistake turned into a full-scale bomb investigation in Coupeville on November 16. A customer left a black PVC container inside the bank. Authorities treated the potential threat as real until the object was deemed safe by the Navy. A Whidbey Island Bank employee called 911 after discovering a one-foot-long, black PVC container inside the bank. The Navy’s explosive ordnance disposal unit, DET-NW, used a radio jammer to scramble radio frequencies in the area, which would prevent anyone from remotely detonating the device if it were an explosive. The unit also employed the help of a small robot to test the device, and an individual in protective clothing to X-ray the object before it was entirely cleared as a hazard. The ordeal resulted in a nearly two-hour closure of Main Street between Third and Sixth streets in Coupeville. Source:

Information Technology

35. November 18, Wall Street Journal – (International) FBI suspects terrorists are exploring cyber attacks. The Federal Bureau of Investigation is looking at people with suspected links to al Qaeda who have shown an interest in mounting an attack on computer systems that control critical U.S. infrastructure, a senior official told Congress on November 17. While there is no evidence that terrorist groups have developed sophisticated cyber-attack capabilities, a lack of security protections in U.S. computer software increases the likelihood that terrorists could execute attacks in the future, the official warned. If terrorists were to amass such capabilities, they would be wielded with “destructive and deadly intent,” the deputy assistant director of the FBI’s Cyber Division, told the Senate Judiciary Committee on November 17. “The FBI is aware of and investigating individuals who are affiliated with or sympathetic to al Qaeda who have recognized and discussed the vulnerabilities of the U.S. infrastructure to cyber-attack,” he told the committee, without providing details. Such infrastructure could include power grids and transportation systems. The control systems of U.S. infrastructure as well as money transfers are now connected directly or indirectly to the Internet. Hackers have been able to penetrate computer systems running components of the U.S. electric grid as well as divert bank transfers. In an interview Tuesday, a former Homeland Security secretary said al Qaeda already has some cyber-attack capability. “I don’t think they’re the most capable in the world, but they have some capability,” he said. The former Homeland Security secretary said he expects al Qaeda to develop more cyber-attack skills that would allow them to attack infrastructure that is less well protected, perhaps in the transportation and energy sectors. “It’s only a matter of time,” he said. “They’re getting the capability to do some damage.” Source:

36. November 17, ComputerWorld – (International) Firefox 3.6 locks out rogue add-ons. Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. The new feature, which Mozilla dubbed “component directory lockdown,” will bar access to Firefox’s “components” directory, where most of the browser’s own code is stored. The company has billed the move as a way to boost the stability of its browser. “We’re doing this for stability and user control [reasons],” said the manager of the Firefox front-end development team, in an e-mail on November 17. “Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren’t compatible with, the result can be a real pain for our shared users.” “Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems,” the manager added. His mention of “regular add-ons” referred to the new policy that will be enforced by Firefox 3.6, a minor upgrade to last summer’s 3.5 that is to ship before the end of the year. Because third-party developers will no longer be able to drop their code into the components directory, they must instead recreate their add-ons as XPI-based files, the standard Firefox extension format. Mozilla has posted information on its developer site to aid programmers who need to migrate add-ons to the XPI format. Source:

37. November 17, IDG News Services – (National) Obama administration unsure about new cybersecurity laws. Current laws addressing cyber crime are not adequate to address growing attacks on the government and businesses, a representative of the U.S. President’s administration said November 17. But when a U.S. senator questioned what additional laws the U.S. President’s administration needed, the associate deputy attorney general at the U.S. Department of Justice, said he was not sure yet. “Are all of you, or any of you, satisfied with the existing legal structure under which you are operating?” a Rhode Island Democratic senator asked a panel of four government officials working on cybersecurity. “Senator, that’s a complicated question,” the associate deputy attorney general answered during a hearing before a subcommittee of the Senate Judiciary Committee. “I think the answer to it is no.” Senators heard conflicting views on what kind of new laws are needed. The U.S. Congress should not pass laws, as some lawmakers have suggested, mandating cybersecurity efforts at private businesses, said the president of the Internet Security Alliance, a cybersecurity advocacy group. Market-based incentives should be able to improve cybersecurity, while government mandates could harm the Internet, he said. But the vice chairman of the government advisory group the U.S.-China Economic and Security Review Commission, said some mandates may be necessary for private companies associated with national security. Source:

38. November 17, DarkReading – (International) Only half of CEOs strongly support data security efforts. More than half of IT and security professionals worldwide believe their company’s laptops and other mobile devices pose security risks to their organizations, and only half of them have CEOs who are strong advocates and supporters of data security efforts, according to new report issued today. The new Ponemon Institute report, “State of the Endpoint: IT Security & IT Operations Practitioners in the United States, United Kingdom, Australia, New Zealand & Germany,” which was commissioned by Lumension Security, also found that IT security is more worried about endpoint security (60 percent) than IT operations (53 percent), as well as other signs of inadequate communication and collaboration between the two groups. And security and IT pros in the U.S. tend to be more pessimistic about security than their counterparts in other parts of the world. Only 40 percent of U.S. IT and security pros said their CEOs were strong supporters of data security efforts, and while 77 percent of German firms and 57 percent of U.K. firms said their networks are more secure now than a year ago, only 44 percent of U.S. firms thought so. Only 42 percent of Australian firms said their networks were more secure this year than last. Around 53 percent of all firms expect their security spending to remain flat, according to the report. U.S. firms were also less inclined to consider compliance helpful to security of their endpoints — 44 percent of U.S. companies said regulations improved their endpoint security, versus 54 percent in Germany, and 50 percent in the U.K. Source:

Communications Sector

39. November 17, Associated Press – (International) Millions of mobile phone customers’ records stolen, sold to rivals. Rogue employees at a major mobile phone company illegally sold millions of customer records to rival firms, Britain’s information watchdog said Tuesday. The information commissioner said the case was a serious breach of data privacy, and he called for harsher punishments for offenders. “The existing paltry fines ... are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent,” he said. The mobile phone company – which he said could not be identified because an investigation was ongoing – alerted the commissioner’s office after it found out about the suspected trade. Personal data, including customers’ contract expiry dates, were sold to several rivals, which then used the material to cold-call customers to offer them an alternative deal, the office said. “The number of records involved runs into the millions, and it appears that substantial amounts of money changed hands,” the government body said in a document submitted to the Ministry of Justice. He said his office was considering the evidence and preparing to prosecute those responsible. The Data Protection Act prohibits the selling on of data without prior permission from the customer. Offenders could be fined thousands of pounds (dollars). Source: