Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 16, 2009

Complete DHS Daily Report for December 16, 2009

Daily Report

Top Stories

 reports that Bridgewater-Raritan High School in Bridgewater, New Jersey was closed Friday after officials received a tip from a student that a high-school junior was planning a “Columbine” style attack. (See item 25)

25. December 14, – (New Jersey) Arrests won’t prompt security changes at Bridgewater-Raritan High School, officials say. The school superintendent said no changes in security methods at Bridgewater-Raritan High School are being planned in the aftermath of an alleged threat of an armed attack at the school. “There was no breach of security,” the superintendent said on Monday. However, he said a district plan adopted last year calls for continuing reviews of campus security. The high school was closed Friday after officials received a tip from a student that a high-school junior was planning a “Columbine” style attack, authorities said. No weapons or explosives were found during a search of the building conducted on Thursday, authorities said. The school on Monday resumed its normal schedule. School officials and authorities said the tip led to last Thursday’s arrest of a 16-year-old from the township who the county prosecutor’s office said allegedly was planning an attack for Monday at the high school. A second township juvenile, a 17-year-old senior at Immaculata High School in Somerville, was arrested on Friday, December 11, in connection with the alleged planned attack, according to the county prosecutor’s office. “For years, we’ve promoted the hope that students who have knowledge of any possible threat to the well being of the school, report that information to a school official,” the Bridgewater-Raritan High School principal said in a news release. “Information provided by a student allowed the school to move forward with a swift investigation,” he said in the release. Source:

 According to the Press-Enterprise, U.S. Forest Service investigators say the 7,128-acre Sheep Fire that threatened Lytle Creek and Wrightwood in the San Gabriel Mountains, California was human-caused and likely arson. The October blaze that took seven days to put out destroyed one home and four buildings in an eight-mile swath through the San Bernardino National Forest. (See item 40)

40. December 14, Press-Enterprise – (California) Humans caused the Sheep Fire, investigators say. U.S. Forest Service Investigators say the 7,128-acre Sheep Fire that threatened Lytle Creek and Wrightwood in the San Gabriel Mountains, California was human-caused and likely arson. The October blaze that took seven days to put out destroyed one home and four buildings in an eight-mile swath through the San Bernardino National Forest. The remote starting point of the fire, a flat area several hundred feet from Lytle Creek and Sheep Canyon roads, lead fire investigators to lean toward an arson versus an accidental cause, a Forest Service spokesman said. Now fire officials are asking for residents to come forward who may have seen any suspicious activity in the area on October 3. Fire investigators have spent the last two months analyzing evidence that ruled out the possibility of natural causes of power lines and lightning strikes. Investigators have not officially declared it arson or ruled out the chance of an accidental cause, the spokesman said. Authorities are still awaiting that key piece of evidence that could rule it either way. Source:


Banking and Finance Sector

11. December 15, Washington Post – (National) Citigroup, Wells Fargo to repay bailouts. The federal government continued to wind down its bailout of the nation’s biggest banks on December 14, reaching an agreement to eliminate its stakes in Citigroup and Wells Fargo. The willingness of banking regulators to strike a deal with the two firms — both of which continue to face serious problems — underscored the eagerness of both sides to end an extraordinary period of federal support for the financial industry. Banks have chafed at some of the conditions placed on the federal rescue money, such as limits on executive pay, while the administration has been criticized for using taxpayer funds to bail out Wall Street. All nine of the major banks that took bailout funds in October 2008 have repaid their federal loans. Citigroup’s departure will come in two phases. First, the company will raise money from investors to repay $20 billion in government loans as soon as possible. Then the Treasury Department plans to sell the shares it holds in Citigroup, which it bought for $25 billion, in chunks over the next year. The government required Citigroup to replace its federal aid dollar for dollar with money from private investors, a much tougher condition than was imposed on other banks, to ensure that the company has enough money in reserve to weather its problems, a government official said. Just hours after that announcement, Wells Fargo stated it would repay its $25 billion in federal aid partly by raising $10.4 billion in a stock offering. Executives stressed that the company has delivered $1.4 billion worth of dividends to the government. Source:

For another story, see item 34 below in the Information Technology Sector

Information Technology

32. December 15, Homeland Security News Wire – (International) US, Russia begin talks on cyberspace security. The United States has begun talks with Russia and a UN arms control committee about strengthening Internet security and limiting military use of cyberspace. AFP reports that the New York Times, citing officials familiar with the talks, said U.S. and Russian officials have different interpretations of the talks, but the mere fact that the Washington is participating represents a significant policy shift after years of rejecting Russia’s overtures. Officials argue the administration of the U.S. President realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race, the report said. The deputy director of the Institute of Information Security in Moscow said the Russian view was that the U.S. position on Internet security had shifted perceptibly in recent months. He characterized this new round of discussions as the opening of negotiations between Russia and the United States on a possible disarmament treaty for cyberspace, something Russia has long sought but the United States has resisted, the report said. “The talks took place in a good atmosphere,” The Times quoted him as saying. “And they agreed to continue this process. There are positive movements.” A State Department official, who requested anonymity, disputed the Russian characterization of the U.S. position, the Times noted. While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Source:

33. December 15, Infosecurity – (International) Google Chrome in anonymity blunder. The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users’ identities, according to bug reports. Google Chrome is ignoring the need for anonymous browsing services such as Tor to route DNS queries through a proxy server. Instead, it is routing queries from the local network, giving away the identity and location of computers that the users think are anonymous. Tor, developed by an MIT academic, is an anonymous browsing service that passes packets — including DNS queries — through a series of participating anonymous browsing servers in a bid to hide their identity from network snoopers. A computer making a request via the service sends a DNS request — which resolves a domain name to an IP address — through this system. This hides the originating address of the DNS query. However, if the DNS query is made directly from the network, the identity is visible. There are suggestions on the Google developer site that the issue may be caused by the Google Chrome DNS pre-fetching service, which is designed to speed up web requests. Some commentators are reporting that the DNS exposure happens only when this service is turned on, while others suggests that it happens regardless when using Google Chrome. Source:

34. December 15, CNN – (International) Cyber crime poses threat to e-commerce. The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce. “At current trends, in three or four years people will start to think twice about transacting on the Web, individuals and businesses,” said the director of the communications law center at the University of Technology Sydney. “The way it’s trending now, the Web could be so full of rubbish that people won’t trust it,” he said. “That could destroy the potential of the whole knowledge economy, which so many developed economies are counting on for the competitive advantage.” According to antivirus maker Symantec, 87 percent of e-mail traffic in the past year was spam, compared to just under 70 percent in 2008. More than 40 trillion spam messages were sent according to Symantec, which monitors about a third of the world’s e-mail traffic. That is about 5,000 spam messages for every person on the planet. Malware comes in a variety of forms that can search computers for bank information and personal details for identity theft, or hijack computers to become foot soldiers in a spamming army of zombie “botnets” — often unbeknownst to the owner. The past year saw an explosion of individuals on social networking sites such as Facebook having their accounts compromised and spam being sent to friends within their network. In this way, cyber criminals have made the attacks more personal because they are sending out messages appropriating victims’ names, says an Internet safety advisor for Norton, the antivirus brand produced by Symantec. “In the past, people felt annoyed by spam, they didn’t really feel a sense of being attacked,” she said. “But if your Facebook account is hacked, it’s embarrassing.” Source:

35. December 14, Computerworld – (International) Adobe probes new in-the-wild PDF bug. Adobe confirmed late on December 14 that hackers are exploiting a vulnerability in the most up-to-date version of its PDF viewing and editing applications. “This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,” said the company’s security program manager, on the Adobe’s product security incident response team (PSIRT) blog. “We are currently investigating this issue and assessing the risk to our customers.” Computerworld searched security mailing lists and sites, including Bugtraq, Full Disclosure and but turned up no reports of exploits in the wild. An Adobe representative described why, saying, “The reports came to PSIRT directly from partners in the security community. As of this moment, I have not seen any public reports aside from the Adobe PSIRT blog post that just went live.” Both individuals promised that Adobe would publish more information of the bug in Reader 9.2 and Acrobat 9.2 when they have details from its investigation. Source:

36. December 14, The Register – (International) Google’s reCAPTCHA busted by new attack. A security researcher has devised a successful attack on a Google-owned system for blocking malicious scripts on web-based email services and other types of sites. The attack, described in a paper released on December 12, uses a combination of OCR, or optical character recognition, techniques and other methods to break reCAPTCHA, a widely used security measure acquired by Google in September. Short for Completely Automated Public Turing test to tell Computers and Humans Apart, the CAPTCHA is designed to block automated scripts from carrying out certain tasks by first requiring users to solve an optical puzzles that aren’t easily cracked by computers. A researcher of iSEC Partners said the method had a total success rate of 17.5 percent against reCAPTCHA. The rate is significant because of the wide use of botnets by spammers and other miscreants. Even a modest-sized network of 10,000 infected machines with a success rate of 0.01 percent would yield 10 successes every second. That could translate into 864,000 new accounts every day, he said. “Given this, the attacker doesn’t have to rebuild a complete set of solutions, just enough to get this minimal success rate,” the researcher wrote. A Google spokesman said the data collected in the report was collected in early 2008 and did not reflect enhancements made to reCAPTCHA since then. Source:

For another story, see item 37 in the Communications Sector below

Communications Sector

37. December 14, Network World – (International) Akamai service to stop data center attacks. Akamai Technologies is introducing a cloud-based managed service called Web Application Firewall it claims will head off the bulk of Web applications attacks before they get inside corporate data centers. Application firewalls within Akamai’s network of more than 55,000 servers worldwide weed out the most common application exploits including SQL injection, cross-site scripting among others listed by the Open Web Application Security Project as the most prevalent. Akamai says the service is compliant with the Web application firewall (WAF) program specified in Payment Card Industry standards for Web application firewalls. The service is based on the core rule set of the open source ModSecurty Web application firewall, which is administered by Breach Security. “It stops the big, bad, well-understood stuff,” says the senior vice president of Breach. “Anything more elegant, not findable by a signature, you need something more sophisticated. You can only do so much at the edge.” He describes the Akamau service as complementary to corporate-based WAFs, but valuable because it reduces the amount of traffic the private gear has to filter, and it can cut the bandwidth chewed up by malicious traffic. Akamai says it has blocked attacks headed at customer networks at 100Gbps, which would be enough to swamp the privately owned filtering resources of many businesses. Source: