Thursday, December 10, 2009

Complete DHS Daily Report for December 10, 2009

Daily Report

Top Stories

 According to a New York Times analysis of federal data, more than 20 percent of the nation’s water treatment systems have violated key provisions of the Safe Drinking Water Act over the last five years. The majority of violations have occurred at water systems serving fewer than 20,000 residents, where resources and managerial expertise are often in short supply. (See item 27)

27. December 7, New York Times – (National) Millions in U.S. drink dirty water, records show. More than 20 percent of the nation’s water treatment systems have violated key provisions of the Safe Drinking Water Act over the last five years, according to a New York Times analysis of federal data. That law requires communities to deliver safe tap water to local residents. But since 2004, the water provided to more than 49 million people has contained illegal concentrations of chemicals like arsenic or radioactive substances like uranium, as well as dangerous bacteria often found in sewage. Regulators were informed of each of those violations as they occurred. But regulatory records show that fewer than 6 percent of the water systems that broke the law were ever fined or punished by state or federal officials, including those at the Environmental Protection Agency (EPA). Studies indicate that drinking water contaminants are linked to millions of instances of illness within the United States each year. In some instances, drinking water violations were one-time events, and probably posed little risk. But for hundreds of other systems, illegal contamination persisted for years, records show. An analysis of EPA data shows that Safe Drinking Water Act violations have occurred in parts of every state. The problem, say current and former government officials, is that enforcing the Safe Drinking Water Act has not been a federal priority. The majority of drinking water violations since 2004 have occurred at water systems serving fewer than 20,000 residents, where resources and managerial expertise are often in short supply. It is unclear precisely how many American illnesses are linked to contaminated drinking water. Scientific research indicates that as many as 19 million Americans may become ill each year due to just the parasites, viruses and bacteria in drinking water. Source:

 According to the Associated Press, authorities said a 20-year-old student is in custody after pointing a rifle at a teacher and firing shots in a classroom Tuesday at Northern Virginia Community College in Woodbridge, Virginia. (See item 32)

32. December 9, Associated Press – (Virginia) Student fires shots in Va. college. Authorities said a 20-year-old student is in custody after pointing a rifle at a teacher and firing shots in a classroom at a community college in Virginia. No injuries are reported. The shooting happened Tuesday afternoon at Northern Virginia Community College’s campus in Woodbridge, about 25 miles south of Washington, D.C. The suspect, of Manassas, is charged with attempted murder and discharging a firearm in a school zone. He is being held without bail. Prince William County Police spokeswoman said the “upset student” was armed with a high-powered rifle. The teacher dropped to the floor when she saw the gun. Officials say the gunman fired two shots then stopped without explanation and left the classroom. He was arrested in the hallway. He did not have the gun when he was arrested, but told police where it was, a Prince William County Police spokeswoman said. The college enacted its emergency lockdown procedures and later issued a statement saying all Woodbridge classes were canceled Tuesday because of the shooting. Source:


Banking and Finance Sector

14. December 9, The Register – (International) Scammers scrape RAM for bank card data. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. So-called RAM scrapers scour the random access memory of POS, or point-of-sale, terminals, where PINs and other credit card data must be stored in the clear so it can be processed. When valuable information passes through, it is uploaded to servers controlled by credit card thieves. While RAM scrapers have been around for a few years, they are a “fairly new” threat, according to a report released Wednesday that outlines the 15 most common attacks encountered by security experts at Verizon Business. They come in the wake of Payment Card Industry rules that require credit card data to be encrypted as it passes from merchants to the processing houses. “They are definitely a response to some of the external trends that have been going on in the cybercrime environment,” says a research and intelligence principal for Verizon Business. “Within a year, we’ve seen quite a few of them in the wild.” Verizon employees recently found the malware on the POS server of an unnamed resort and casino that had an unusually high number of customers who had suffered credit card fraud. The malware was sophisticated enough to log only payment card data rather than dumping the entire contents of memory. That was crucial to ensuring the malware did not create server slowdowns that would tip off administrators. The RAM scraper dumped the data onto the server’s hard drive. The perpetrators visited at regular intervals through a backdoor on the machine to collect the data. Source:

15. December 9, Napa Valley Register – (California) Ponzi scheme flowed through Napa bank, lawsuit alleges. Nearly $200 million in a suspected Ponzi scheme flowed through Napa’s branches of Washington Mutual Inc., according to a class-action suit filed recently in San Francisco. The suit filed on behalf of 1,000 investors in the U.S. District Court for the Northern District of California alleges that WaMu facilitated fraud by depositing checks for Millennium Bank, a Caribbean bank that sold bogus high-yield certificate of deposits over the Internet to American and Canadian investors. JPMorgan Chase is named in the suit because it assumed WaMu’s liabilities when it bought he troubled bank in September 2008. A report the SEC Receiver filed last week in federal court estimates the fraud totaled $246 million between 1996 and 2009 — $178 million more than federal regulators had estimated when they filed their complaint in March. But forensic accountants continue to analyze the data, said a Dallas attorney who worked on the report. According to federal regulators, investors believed they were putting their money in a financial institution with ties to a Swiss bank. Instead, federal investigators suspect, investors sent checks or wire transfers to the bank in the Caribbean island of St. Vincent, where the funds were bundled and sent by FedEx to Napa. In Napa, two defendants are suspected of depositing the funds under various accounts at WaMu banks. Source:

16. December 9, Deutsche Presse-Agentur – (International) Report: French tax-fraud investigators have stolen Swiss bank data. An employee for the Swiss bank HSBC in Geneva stole data from thousands of secret bank accounts and handed the information to French tax-fraud investigators, the daily Le Parisien reported on December 9. This alleged data theft may have been the source for the list of 3,000 owners of secret Swiss bank accounts that the French Budget Minister said in August were being investigated for tax fraud. The former HSBC employee was a manager in the bank’s computer services department and currently lives in France under a false identity. The accounts cracked by the former HSBC employee reportedly include those of a well-known French comedian and several politicians, a source close to the investigation told Le Parisien. Some accounts were listed under codes that suggested they belonged to intelligence services. Other accounts belonged to Colombian nationals and ‘Chinese authorities,’ the source said. In a first reaction, HSBC confirmed that data had been stolen, but said it involved ‘not more than 10 clients’ and that the ‘data are old and not sensitive.’ Source:

Information Technology

39. December 9, ITProPortal – (International) Botnets set to become smarter in 2010. If findings of a recent research study are to be believed then instead of putting an effective check on spamming activities, people are increasingly falling victim to fraudulent activities on the online space. An annual security research report from Symantec’s MessageLabs division has presented a grotesque picture of the cyber security landscape, with the report claiming that the spamming traffic accounted for a massive 87.7 percent of the total email traffic in 2009. The spamming activity was highest in the month of February with 90.4 percent of overall email traffic, while it reached its lowest in May when it was 73.3 percent. A significant rise has been noted in the volume of junk mails from the past year when the spam rate is around 81.2 percent. The most striking part of the report is that the majority of this spamming activity (around 83.4 percent) was attributed to zombie machines, indicating the extent to which the rogue applications are controlling the PCs across the globe. The closure of a couple of botnet hosting ISPs, including McColo in 2008 and Real Host in August, has prompted cybercrooks to re-engineer their botnets to take the reins of the control and command system within hours, rather than weeks of relative calmness followed by the shutdown of McColo. Citing the same, a key analyst with the firm said in a statement: “The McColo outage had a huge impact on spam volumes as it took a few weeks for spammers to recover, but we’ve seen this year botnet technology has evolved so that there is no longer a single point of failure.” Source:

40. December 8, Computer Weekly – (International) Criminals outwit Captcha Web site security systems. According to research by Symantec and MessageLabs, criminals have developed software capable of decoding the hidden text in Captcha pictures, which are meant to distinguish genuine customers from automated software. The groups are using the technology to create thousands of accounts on legitimate webmail sites and social networking sites, which they can use to launch spam and phishing attacks against web users, says a senior analyst at Symantec. “If you have a large number of legitimate accounts on a site, you can benefit from the legitimate domains. It becomes very difficult for anti-spam technology to identify messages from those domains as spam. It is hard to block, because you risk blocking legitimate users,” he says. The practice is putting businesses at risk, which can be on the receiving end of credible looking e-mails containing links to malware. “Social networking and micro-blogging sites are coming under a lot of pressure from the bad guys. They are creating legitimate profiles and even phishing for accounts of real people,” he says. “There are inherent risks for organizations that do not have controls in place.” In some cases, cybercriminals are using image recognition software to decode the disguised words in Captcha pictures. Others groups have developed software that is capable of decoding the audio version of Captcha intended for people who have difficulty reading Web sites, by analyzing the waveforms to recognize the letters of each code word. Specialist companies have also sprung up, which hire people to create accounts on Web applications, paying them $2 or $3 per thousand. They sell the accounts on to criminal groups for between $30 and $40 a thousand, said the analyst. Source:

41. December 8, MSNBC – (International) Surprise! Merchants say Web fraud is down. Online merchants in the U.S. and Canada report a dramatic 18 percent drop in fraud, down from $4 billion in 2008 to $3.3 billion this year, according to a survey by the security firm CyberSource. Meanwhile, the fraud rate of 1.2 percent of all sales is the lowest in the 11-year history of the survey. Even among international orders, traditionally the bane of Web sites, fraud rates plummeted by 50 percent. The news comes just in time for Web shoppers who are pulling out their credit cards and wondering about the safety and security of online holiday gift shopping. “We were surprised,” said CyberSource’s director of market and customer intelligence. “Internally people were thinking that with the recession, fraud would go up, that there would be more people out there with technical skills who needed to put food on the table. But it looks like the merchants stepped up to the plate and got their act together.” The director said the recession may actually have helped Web site fraud departments in two ways: prompting online firms to implement tighter fraud controls to chase down every dollar during the tough economy and giving computer security professionals at these Web sites a chance to catch their breath. But new technologies undoubtedly contributed to the fight against fraud. This year, a relatively new technique called device fingerprinting, which can make life very difficult for would-be credit card thieves, took hold in the marketplace. Device fingerprinting goes far beyond cookies and IP addresses to identify users, employing software to examine a variety of unique identifiers on computers used to order products. These range from the version of Flash software stored on a computer to the time and date stamp of the installed Web browser and the version of BIOS used inside the machine. Combining these characteristics, the software can positively identify computers with accident rates as low as one in 1 million, the director said. Source:

42. December 8, Washington Post – (International) Critical updates for Adobe Flash, Microsoft Windows. Microsoft released six software updates on December 8 to fix at least a dozen security vulnerabilities in Windows, Internet Explorer, Windows Server and Microsoft Office. More than half of the flaws earned a “critical” rating, meaning criminals could exploit them to break into vulnerable systems without any help from users. Separately, Adobe Systems Inc. issued critical security updates to its Flash Player and AIR Web-browser plugins. The updates are available from the Windows Update Web site, or via the Automatic Update feature in Windows. Probably the most important update for most users is the one for Internet Explorer, which corrects five critical flaws in IE 6, 7 and 8. These are vulnerabilities that attackers could exploit to quietly install malicious software on a user’s machine if a user browses with IE to a hacked or booby-trapped site. Adobe also issued security updates to its ubiquitous Flash Player and its Adobe AIR software. Updates are available for Windows, Linux and Mac versions of these programs. The Flash update corrects several critical vulnerabilities in Flash versions and earlier. Users should upgrade to the latest version - Source:

43. December 8, Youngstown Computers Examiner – (National) Facebook iPhone app suffers a day of crashes. Facebook’s iPhone app began crashing for many users Tuesday, with no explanation from Facebook for the crashes. The application would launch and appear for a few seconds, but completely close as it attempted to load users’ news feeds. The crashes do not seem limited to any particular model of iPhone. Users running the app on the iPhone 3G and 3GS were all reporting the problem, and multiple discussion topics on Facebook for iPhone’s fan page were growing rapidly as more and more users report the error. Traditional attempts to cure app crashes have not offered any hope. Uninstalling and reinstalling the app has not helped many, if any, users. Rebooting the iPhone does not seem to help matters, either. Changing wireless networks does not seem to be a solution, either. The crashes are happening regardless of how the iPhone is connected - WiFi, 3G, or EDGE. Most users are speculating that the crashes are caused by a system malfunction in Facebook’s servers, but the social networking site has not issued any official notice of the glitch. Source:

44. December 8, The Register – (International) Koobface worm dons tinsel to snag seasonally-affected marks. Miscreants have begun using Xmas-themed lures to push the Koobface worm. The attack starts off with a post from fake Facebook profiles that point to supposed video clips. Following these links takes users to a fake YouTube site that claims users need to install a Flash Player update to watch these “movie clips”. In reality this supposed codec is the download component of the Koobface worm, an approach seen several times over recent months with previous versions of the worm. This time around the fake video poses as a message from SantA, a tactic cynically designed to appeal to children, instead of the usual run of smut or celebrity-themed flicks. The Koobface worm is not the first item of badware to cloak itself in a seasonal guise this year. Trend reports that it detected somewhat prematurely Xmas-themed spam running as far back as September. Source:

45. December 8, BitDefender – (International) BitDefender releases ‘Conficker — One Year After’ whitepaper. BitDefender announced on December 8 the release of ‘Conficker “ One Year After’, a whitepaper detailing the Conficker worm’s first appearance in November 2008, the damage it has done, and predictions on how it will spread in 2010. Conficker is a well-written piece of malware that has the potential to cause a lot of damage with the intelligent manner in which it updates itself. BitDefender’s ‘Conficker “ One Year After’ whitepaper also provides tips on how readers can keep their systems protected from the worm. Conficker (a.k.a. Downadup or Kido) is a network worm that takes advantage of vulnerabilities in Microsoft’ Windows’ in order to spread. Its main purpose is to compromise as many machines as possible by exploiting a vulnerability in Microsoft Windows RPC Server Service, described in the Microsoft Security Bulletin MS08-067. The vulnerability allows a cybercriminal to remotely execute code onto an unprotected machine. Since its inception, there have been numerous variants of the Conficker worm. Some variants use the exploitation of the Autorun function for removable drives and media (such as USB portable storage devices) to spread, while others take advantage of weak passwords to infiltrate networks. Another variant disables Microsoft Windows Update and blocks access to the majority of internet security vendor Web sites, which means users cannot access automatic or manual security updates. BitDefender researchers predict that Conficker will become an even bigger threat in 2010 by the corruption of defensive systems, distributed denial of service, pay-per-click system abuse and fraud, key logging, and spamming. Source:

46. December 8, Nextgov – (National) Cyberattacks against critical U.S. networks rising at a faster rate. The number of cybersecurity attacks against computer networks that operate the nation’s critical infrastructure such as transportation systems and water treatment and power plants, has increased dramatically, mostly because these industries rely on legacy technologies that do not protect systems from sophisticated attacks. In the third quarter, 11 cyber incidents were added to the Repository for Industrial Security Incidents, a database of cybersecurity attacks that have or could have affected systems that operate major industrial operations in the United States. These key networks are known as Supervisory Control and Data Acquisition systems. The owners and operators of industrial plants maintain the database. For all of 2009, industries have added 35 incidents to RISI, representing more than 20 percent of the 164 incidents recorded since 1982. The total number of incidents in the database could increase 37 percent this year if trends continue at the current rate, according to RISI’s third-quarter report, which was released on November 30. Malicious software such as viruses, worms and Trojans were the cause of most cyberattacks, according to the report. Incidents involving unauthorized access or sabotage by people working for the company such as disgruntled former employees or contractors also increased. Old technology presents a particularly difficult problem to solve. While most computer systems are upgraded every three to five years, control systems typically remain operational for up to 20 years, said the director of control systems security at the Homeland Security Department. These old systems were not developed to function in a networked environment or combat the onslaught of cyberattacks. Source:

For another story, see item 14 in the Banking and Finance Sector

Communications Sector

47. December 9, Fairbanks Daily News Miner – (National) $6.8 million gift allows UA to backup data center. For more than a decade, officials at the University of Alaska have been quietly hoping that nothing goes horribly wrong at the Butrovich Building. The data center for the UA system is stored in the West Ridge administrative building, and officials say a disaster — either natural or man-made — would cripple record-keeping for payroll, student loans, personnel records and more. “We’d be out of business,” said the UA executive director of infrastructure technology services. On December 8, UA announced a gift from Alaska Communications Systems that should alleviate the problem by the end of 2010. The telecommunications company has agreed to donate use of a data center in Oregon to back up UA’s record-keeping system. The gift, which will be spread throughout the next five years, is worth an estimated $6.8 million. “It fixes what is probably our single biggest vulnerability at the university,” said the UA President. Backup data tapes are made each day and stored off-site, but the use of the ACS facility will allow UA to continue online business operations that would otherwise be disrupted in the wake of a major disaster. Online functions will be able to resume within an hour once the new system is in place, said a UA spokeswoman. $1.5 million worth of hardware to make the new system work, but that the service itself, including maintenance, will come at no cost to UA. The gift agreement lasts until 2015. Source:

48. December 9, ComputerWorld – (National) AT&T moves closer to usage-based fees for data. AT&T is moving even closer to charging special usage fees to heavy data users, including those with iPhones and other smartphones. The CEO of AT&T Mobility and Consumer Markets on December 9 came the closest he has so far in warning about some kind of use-based pricing. He spoke to attendees at a UBS conference in New York. “The first thing we need to do is educate customers about what represents a megabyte of data and...we’re improving systems to give them real-time information about their data usage,” he said. “Longer term, there’s got to be some sort of pricing scheme that addresses the [heavy] users.” AT&T has found that only 3 percent of its smartphone users — primarily iPhone owners — are responsible for 40 percent of total data usage, largely for video and audio, the CEO said. Educating that group about how much they are using could change that, as AT&T has found by informing wired Internet customers of such patterns. Source:

49. December 8, KOAT 7 Albuquerque – (New Mexico) Communications glitch closes Rio Rancho schools. A communications glitch — not weather — gave Rio Rancho students a day off on December 8. “It was the fact that we had no communication with the buses that caused us to have initially a two-hour delay and because it was still down, we decided to close schools for the day,” said the Director of transportation for Rio Rancho Schools. Officials with the communications company said the driving snow and fierce wind ripped the antenna off the communications tower on top of Sandia Crest — and tossed the antenna about 200 feet on December 7. With such dangerous conditions outside, the district did not want to operate buses without communication. School district transportation officials bought cell phones on December 8 for bus drivers who did not have them. As for the antenna, officials said it is up and running for December 9. Source:

50. December 8, Associated Press – (National) FAA examines reliability of communications network. The Federal Aviation Administration said Tuesday it is forming a panel to examine the reliability of a telecommunications network that broke down last month, snarling air traffic across the country. The November 19 episode — which resulted in delays of 819 flights and forced air traffic controllers to manually enter flight information into computers — was unacceptable, a FAA Administrator said in a statement. He said the agency needs to understand what happened so that it can prevent further incidents. “This panel is going to take a hard look at every part of the (telecommunications) operation,” he said. “We have an extremely reliable system, but we need to have the confidence that problems can be solved quickly and efficiently so our air traffic controllers and aircraft operators have the tools they need and travelers aren’t inconvenienced.” FAA said at the time that the incident began with the failure of a single circuit board in a router. A backup circuit board also failed. As a result, misinformation was sent to FAA computer centers near Atlanta and Salt Lake City. It was four hours before the glitch was fixed. Source: