Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 30, 2009

Complete DHS Daily Report for December 30, 2009

Daily Report

Top Stories

 Bloomberg reports that Somali pirates hijacked a U.K.- flagged chemical tanker and its 26 crew in the Gulf of Aden on Monday. Pirates also hijacked the Panama-flagged bulk carrier Navios Apollon as it was sailing in the Indian Ocean; it was carrying a cargo of fertilizer. (See item 5)

5. December 29, Bloomberg – (International) Pirates grab U.K. ship off Somali coast. Somali pirates hijacked a U.K.- flagged chemical tanker and its 26 crew in the Gulf of Aden, the first successful attack on a merchant ship in the heavily patrolled sea channel in almost six months. The St. James Park had registered its position with the European Union anti-piracy force though it had not joined a group transit, a spokesman for the force said in a telephone interview. It was seized Monday due north of the Somali port of Boosaaso, he said. The St. James Park was sailing to Thailand from Spain, and is now believed to be heading for the eastern coast of Somalia, the head of East Africa Seafarers’ Assistance Program said by phone from the Kenyan port city of Mombasa. Its 26-man crew includes Russians, Filipinos, Bulgarians, Indians, Turks, Ukrainians, a Georgian and a Pole, the EU said. The ship is owned by Philbox Ltd. Pirates Monday hijacked the bulk carrier Navios Apollon as it was sailing in the Indian Ocean, 240 nautical miles east- northeast of the Seychelles, the Greek government said. The Panama-flagged Navios Apollon, carrying a cargo of fertilizer, has a Greek captain and 18 Filipino crew members; it was sailing from Florida to India, a spokeswoman for the Citizen Protection Ministry in Athens said in a telephone interview. The 2000-built vessel, with a carrying capacity of 52,073 deadweight tons, belongs to the Angeliki Frangou-led Navios Maritime Partners. Pirates have also released two ships this week, the Chinese bulk carrier De Xin Hai and the Singapore-flagged container ship Kota Wajar. Source:

 According to IDG News Service, computer security researchers say that the GSM phones used by the majority of the world’s mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. The flaw lies in the 20-year-old encryption algorithm used by most carriers, a 64-bit cipher called A5/1. (See item 39 below in the Communications Sector)


Banking and Finance Sector

11. December 29, Associated Press – (Iowa) Iowa phone scam poses as credit union call. Nevada residents who have not yet gotten a phone call from a scammer posing as a credit union can expect one soon. Police say a scam to get people to give out banking or credit card information is making its way through every phone number in Nevada, Iowa. The recorded call purports to come from a Nevada credit union, but police say the credit union is unaware of the phone calls and is unaffiliated with the scam. Police say the calls are using “caller ID spoofing,” which allows their number to appear as a legitimate business. Because the scam likely crosses international borders, police say it will be difficult to prosecute, and any money lost to the scam will be nearly impossible to recover. Source:

12. December 28, WRAL 5 Raleigh – (North Carolina) SECU members fall victim to skimmers. In Raleigh, an investigation is under way after about 300 people had money skimmed from their State Employees Credit Union account. A SECU member said she got a call from the credit union on Christmas Day telling her she was a victim of skimming. Her account was skimmed by using her SECU debit card at a gas station. “This type of thing happens all the time, unfortunately,” the senior vice president of SECU’s card and record services department said. She advises SECU members to pay careful attention to their bank activity and credit card statements and report any irregularities or suspicions to police. “Any time you’re using a device anywhere, using your card, look for something unusual,” she said. Skimming devices are often color coordinated, making them difficult to spot on ATMs. Finding the skimming device on a gas pump is virtually impossible as it is often hidden on the inside. “Some of the more common ways to hide them is put an envelope holder close to the ATM, or what looks like an envelope holder with a small pin hole in it, and a small camera mounted inside. Sometimes they’re mounted overhead,” said a spokesman for the Raleigh Police Department. SECU officials said the recent thefts likely happened at gas stations and not by using their ATM machines. It is not yet clear if other banks or customers are affected. Source:

13. December 28, KPTV 12 Portland – (Oregon) Suspicious packages found outside Tigard Bank. Two suspicious packages prompted the evacuation of a bank in Tigard on Monday, police said. The packages — two stacked cardboard boxes — were discovered near an ATM outside the Bank of America at Southwest Greenburg Road and 99W at about 2:30 p.m. The Portland bomb squad X-rayed the boxes, which were determined to be full of garbage. The boxes were considered suspicious because of an attached note, Tigard police said. The note was not threatening, police said, but officers would not go into detail. The evacuation order for the bank was also lifted. Source:

14. December 28, Gainesville Sun – (Florida) Hawthorne bank robber linked to bomb hoax in Starke. A bank robber, who used a fake bomb to hold up a Starke bank last week, apparently struck again at a Hawthorne bank Monday. The man used the same tactic to rob the M&S Bank, 6875 S.E. 221st St., at about 11:30 a.m., the Alachua County Sheriff’s Office reported. The suspect entered the business, got cash, and left behind a suspicious package, said the Sheriff’s Office spokesman. No one was injured during the robbery. But bank employees and customers left the building after the robber left behind a suspicious container. People in nearby buildings also were evacuated while the Sheriff’s Office bomb squad was called out to determine whether the package inside the bank was a bomb. The package, described as leather-type case that resembled a shaving kit, was not a bomb, the Sheriff’s Office spokesman said. He did not elaborate further on what the container looked like but said, “It had something that led them to believe that it could be possibly an explosive device.” Monday’s robbery mirrored reports from a Starke bank robbed last week. In that case, a man left a device with protruding wires at the Capital City Bank, 350 N. Temple Ave., on December 22. He walked up to the teller and demanded $50 and $100 bills and left on foot with the stolen cash. The Jacksonville Sheriff’s Office Bomb Squad was called in and later determined the device was not a bomb. Police in Starke still are searching for the robber in that case, said a police spokesman. After officers from the different agencies reviewed the two cases, the Alachua County Sherriff’s Office spokesman said they “definitely” believe they are dealing with the same suspect. Source:

Information Technology

34. December 29, IDG News Service – (International) Adobe will be top target for hackers in 2010, report says. Adobe Systems’ Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week. “Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot,” security vendor McAfee said in its “2010 Threat Predictions” report. Adobe’s CTO acknowledged recently that his company’s software is being attacked more frequently, and said the company has stepped up its efforts to respond. Mozilla’s Firefox browser and Apple’s QuickTime software have also faced new attacks. Among its other predictions, McAfee expects more sophisticated attacks next year against social networking sites such as Twitter and Facebook. It also sees the emergence of a new vehicle for attacks in the form of HTML 5, an update to the Web markup language that will support delivery of online video and allow Web applications to run offline. “HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users,” McAfee said. There was some good news, however. The security firm sees law enforcement having more successes next year in its pursuit of cybercriminals, thanks to closer cooperation and improved skills at international crime-fighting agencies. Source:

35. December 28, SCMagazine – (International) New IIS flaw deemed low risk in proper configurations. Administrators following secure configuration best practices should not be at risk to a new, zero-day vulnerability in Microsoft’s Internet Information Services (IIS), according to the software giant. A senior security program manager at Microsoft said Sunday night in a blog post that the company is investigating reports of a flaw in the IIS web server but is unaware of any active attacks. He said that for an attack to occur, IIS must be in a “nondefault, unsafe configuration,” and an intruder would have to be authenticated with privileges to execute commands that do not comply with Microsoft guidance. “Customers using out-of-the-box configurations and who follow security best practices are at reduced risk of being impacted by issues like this,” he said. A handler posting on the SANS Internet Storm Center site said Sunday that administrators still must be careful because they could unknowingly be running a vulnerable web server due to a webmaster’s mistake. Source:

Communications Sector

36. December 29, Charleston Daily Mail – (West Virginia) Verizon customers losing their patience. At least 5,000 Verizon customers still were without phone service Monday, 10 days after a winter storm downed power and phone lines across West Virginia. The company does not know when phone service will be restored to all its customers. A Verizon spokesman said there were 5,000 open repair requests, a number that likely gives a low ballpark figure of the total outage. On Monday, there were roughly twice as many people in the state without phone service as without power. By afternoon, about 2,700 customers were still without power, down from the 100,000 customers who were powerless at the beginning of last week, according to the state division of emergency management. Some of those outages Monday were because of Sunday night’s winds. Verizon’s spokesman said the number of people without phone service did not approach the number of people without power. Part of the reason for the lag between people getting their power back and still having their phone off comes from the practice the phone company has of working after power crews for both safety and technical reasons. Verizon also has fewer workers on hand than American Electric Power. In the Charleston area alone, more than 160 power company crews and nearly 800 people from more than 20 companies in more than a half dozen states worked during the holidays to restore power, an AEP spokesman said. Verizon, by contrast, has about 300 technicians working to restore phone service in West Virginia, company officials said. Not many of them are from out of state and, instead, the company is shifting technicians from the northern part of West Virginia into the southern part, where the damage has been the most extensive. Source:

37. December 29, CBS – (Illinois) Phone service being restored in Robbins. AT&T has restored phone and Internet service to many customers in the south Chicago suburb of Robbins who lost their service over the weekend. Some residents of Robbins were without AT&T phone and Internet service since Saturday. An AT&T spokeswoman said the winter storms caused a utility hole in the area to flood, causing some cables to get wet. She said Tuesday that phone service had been restored for “many customers,” and more households would get their service back “as restoration efforts move forward throughout the day.” While service was out, AT&T gave prepaid wireless phones for residents who wanted to stay connected during emergency situations. She said parts of Chicago’s Pilsen neighborhood also suffered outages over the weekend. Source:

38. December 28, BusinessWeek – (New York) An AT&T mystery: abrupt New York iPhone shutdown. A brief halt in online sales of the Apple iPhone in the New York area kept alive concerns that AT&T’s network is not up to the task of handling smartphone traffic in some of the largest U.S. cities. Customers who shopped for an iPhone on AT&T’s Web site and gave ZIP codes for areas in and around New York City were told that the device was unavailable during a period starting on December 27 and lasting until the afternoon of the following day. Sales of the iPhone through AT&T and Apple retail stores in the New York area, as well as via Apple’s Web site, were unaffected. AT&T offered little explanation for the halt in sales, and Apple kept mum on the subject. “We periodically modify our promotions and distribution channels,” an AT&T spokesman said. Some analysts speculated that the change, however short-lived, was further confirmation that AT&T’s equipment is too flimsy to handle the heavy data use typically associated with the iPhone. “Clearly AT&T is struggling with quality-of-service concerns,” says the head of the Envisioneering Group, a research firm. “It’s the first time I’m aware of this happening with any wireless product.” Source:

39. December 28, IDG News Service – (International) Hackers show it’s easy to snoop on a GSM call. Computer security researchers say that the GSM phones used by the majority of the world’s mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. In a presentation given Sunday at the Chaos Communication Conference in Berlin, a researcher said that he had compiled 2 terabytes worth of data — cracking tables that can be used as a kind of reverse phone-book to determine the encryption key used to secure a GSM (Global System for Mobile communications) telephone conversation or text message. While he stopped short of releasing a GSM-cracking device – that would be illegal in many countries, including the United States — he said he divulged information that has been common knowledge in academic circles and made it “practically useable.” The flaw lies in the 20-year-old encryption algorithm used by most carriers. It is a 64-bit cipher called A5/1 and it is simply too weak, according to the researcher. Using his tables, antennas, specialized software, and $30,000 worth of computing hardware to break the cipher, someone can crack the GSM encryption in real time and listen in on calls, he said. If the attacker was willing to wait a few minutes to record and crack the call, the total cost would be just a few thousand dollars, he said. There are about 3.5 billion GSM phones worldwide, making up about 80 percent of the mobile market, according to data from the GSM Alliance, a communications industry association representing operators and phone-makers. A spokeswoman with the GSM Association said that her group would be looking into the researchers’ claims in the coming days and stressed that any type of mobile-phone eavesdropping would be illegal in many countries. Source:

40. December 28, KQDS 21 Duluth – (Minnesota) WEBC radio forced off air by water leak. Water problems have temporarily silenced the Northland’s oldest radio station. WEBC radio, also known as ESPN 560, has been off the air since at least Christmas Eve. Station officials say water got into the station’s transmitter building, which is located near U.S. Highway 2/53 in the Town of Parkland near Superior. On Monday, a crew was out putting a new roof on the building while engineers worked to dry out the equipment. There is no word when the station might return to the air. During the outage, listeners may hear a Chicago station on 560 at night. Source: