Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 6, 2010

Complete DHS Daily Report for August 6, 2010

Daily Report

Top Stories

•DHS is quietly creating specialized teams of experts to test industrial control systems at U.S power plants for cybersecurity weaknesses, according to Computerworld. (See item 4)

4. August 4, Computerworld – (National) DHS quietly dispatching teams to test power plant cybersecurity. DHS is quietly creating specialized teams of experts to test industrial control systems at U.S power plants for cybersecurity weaknesses. An August 4 Associate Press report indicated DHS has so far created four teams to conduct such assessments, according to the director of control system security. The official told the news service that 10 teams are expected to be in the field next year as the program’s annual budget grows from $10 million to $15 million. A DHS spokeswoman confirmed the DHS plan. She said the special teams are part of an Industrial Control Systems Computer Emergency Response Team (ICS CERT) that DHS has been building over the past year in response to worldwide cybersecurity threats against industry control systems (ICS). The teams are being set up to help companies in critical infrastructure industries respond to and mitigate cyber incidents affecting ICS, she said. Each DHS team is said to be equipped with forensic tools, cables, converters and data-storage equipment to be used to probe for and fix security vulnerabilities in control systems. According to the report, the specialized DHS teams conducted 50 security assessments at power plants in the past year. In addition, teams were dispatched 13 times to investigate cyber incidents — nine were found to be cyber intrusions and four were caused by operator error. Source:

•The Associated Press reports that a 26-year-old Chicago man who allegedly planned to travel to Somalia and engage in jihadist fighting with a terrorist group and told people he wanted to blow up American soldiers, was arrested August 3 just hours before he was scheduled to leave Chicago.(See item 52)

52. August 4, Associated Press – (International) Chicagoan Shaker Masri charged in alleged terrorism plot. A 26-year-old Chicago man who allegedly planned to travel to Somalia and engage in jihadist fighting with a terrorist group was arrested August 3 just hours before he was scheduled to leave Chicago. He was arrested in Countryside by members of the Chicago FBI’s Joint Terrorism Task Force following an 18-month investigation, according to a release from the FBI and the U.S. Attorney’s office said. He was charged in a criminal complaint filed August 3 in U.S. District Court in Chicago with one count each of attempting to provide material support to a designated terrorist organization, and attempting to provide material support through the use of a weapon of mass destruction. The suspect told a source that he had hoped to become a martyr by wearing a suicide vest. On August 1, he was walking with the source when they saw a group of four soldiers in military dress uniform, according to the complaint. He told the source he wished he could walk up to the four and blow himself up. When the source asked the suspect why he wanted to blow himself up to kill only four targets, the suspect agreed, saying it would be better, for example, if there were a bus full of soldiers he could blow up, the complaint states. Source:


Banking and Finance Sector

20. August 5, Associated Press – (International) Gunmen storm Baghdad money exchange, kill 3. Gunmen stormed a Baghdad, Iraq money exchange and killed three people August 5, the latest in recent brash daylight attacks on banks, financial, and trade centers in the Iraqi capital, many of which have been blamed on insurgents. Police officials did not immediately know how much money was stolen in the 2 p.m. heist in the southeastern New Baghdad neighborhood. Fleeing the scene, the gunmen also threw flash bombs into a crowd of people responding to the shooting. Hospital officials confirmed three people were killed, including the owner of the money exchange. Five passers-by were wounded. Insurgents, suspected of trying to steal funding for their operations, have increasingly been blamed for heists of banks and financial centers. Source:

21. August 4, Associated Press – (National) 2 charged in first-of-its-kind credit fraud case. Federal prosecutors have charged a California woman and Florida man with helping at least three people build false credit histories that allowed them to obtain millions of dollars in mortgage loans. A U.S. attorney said August 5 it is the first time the Department of Justice has charged people with supplying customers with false credit histories. The two were charged with conspiracy to defraud the U.S. government and interstate transportation of funds obtained through fraud. According to the indictment, the two sold false Social Security numbers to a man of Anaheim, California in late 2004 or early 2005. The man then bought numbers for himself and helped at least two Kansas City-area men to obtain others. Prosecutors said the Tampa Bay man increased the credit scores attached to the Social Security numbers by using his companies, South Florida Management Group and Consumer Financial Group, to report false account and payment information to credit bureaus. The men from Anaheim then used the false numbers and credit information to purchase six new homes worth more than $2.7 million. All three were sentenced earlier this year for their roles in a $12.6 million mortgage scheme in the Kansas City suburb of Lee’s Summit. They were among 18 people who have pleaded guilty to participating in the scheme, which involved 25 upscale homes. Investigators said children are prime targets because most will not use their Social Security numbers to get credit for several years, which means fraudsters can use their numbers for long periods of time undetected. Source:

22. August 4, WPBF 25 West Palm Beach – (Florida) Employees return to credit union after hoax bomb threat. Palm Beach County, Florida, Sheriff’s Office deputies said a bomb threat that was called in about 3 p.m. at the Credit Union of Palm Beach Count was a hoax. Deputies said the building was briefly evacuated and a portion of Summit Boulevard was closed, but the bomb squad determined there was no bomb. Summit Boulevard was reopened and employees were allowed to return to work. Source:

Information Technology

59. August 5, The H Security – (International) Cisco security products vulnerable to DoS. Cisco is warning of multiple vulnerabilities in its Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The company said that after processing crafted SunRPC or certain TCP packets, the vulnerabilities could cause the FWSM to restart. If an attacker repeatedly exploits the issue, it could result in a sustained Denial-of-Service (DoS) condition. Version 3.1, 3.2, 4.0 and 4.1 of the FWSM are reportedly affected. Updates have been released and workarounds are also available. Additionally, the company is alerting its customers to other vulnerabilities in its ASA 5500 Series Adaptive Security Appliances, which are also vulnerable to several DoS exploits. The vulnerabilities are not reportedly interdependent, meaning that a release affected by one issue is not necessarily affected by the others. Cisco said that versions 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected, and updates have already been released. Workarounds are also provided. Source:

60. August 5, Help Net Security – (International) Top 5 undiscovered vulnerabilities found on enterprise networks. A report by Lumeta highlights the five most prevalent undiscovered or unknown vulnerabilities commonly found on enterprise networks. 1.) Incorrect or incomplete deployments of IPS/IDS. 2.) Failure to discover and probe all segments of a network with vulnerability management tools. 3.) Overlooking non-traditional IP-enabled devices. 4.) Using default credentials on network devices. 5.) Unauthorized wireless access points. Source:

61. August 4, InfoWorld – (International) Microsoft’s patch for Windows shortcut flaw has limitations. Microsoft released its out-of-band patch for the zero-day LNK (and PIF) file security hole that afflicts only Windows XP SP3 systems or later. Although most systems patched without a hitch, the patch is completely incompatible with earlier versions of ESET NOD32 Antivirus and ESET Smart Security. There are reports of systems that refused to install the patch, other reports of hangs in the middle of installation, systems that suffer sporadic and ill-defined problems after the patch goes in, and systems that freeze on reboot or jump into Blue Screen bliss. ESET acknowledges the problems on its Customer Care site, and recommends downloading the signature file version 5338 or later, but does not offer a step-by-step solution. Source:

62. August 4, CNET News – (International) Apple readies fix for iPhone browser security hole. Apple said that it has a fix for the browser security flaw discovered earlier this week on its iOS-powered devices. After the iPhone Dev Team released the latest jailbreak software hack for the iPhone over the weekend, it became apparent that the phone has a security vulnerability when it comes to the way it loads PDF files from the Web. On August 4, an Apple spokeswoman said in a statement, “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.” Apple declined to say when the update would be pushed out. The security flaw is so serious that the German government issued an official warning to citizens about it the same day and said it was investigating. Apple declined to comment on Germany’s Federal Office for Information Security’s statement. Source:

63. August 3, DarkReading – (International) Ghost in the machine: Database weaknesses expose SAP deployments. Researchers have found glaring vulnerabilities in the way SAP interacts with the database layer that would allow remote attackers to own a company’s SAP systems, including controls that manage sensitive functions, such as vendor and invoice creation, simply by compromising the database that lays at the heart of a SAP deployment. Speaking at a recent conference, a security researcher for Argentinean firm Onapsis highlighted how a malicious attacker can create a nearly undetectable ghost user account in SAP once he gains unauthorized access. Access can be gained by attacking vulnerabilities in any one of the layers that make up an integrated SAP deployment: the operating system layer, database layer, application layer, or SAP business layer. One of the biggest misconceptions that enterprises have about SAP systems is that their security is simply a function of implementing proper segregation of duties. Onapsis is releasing a free, new tool that helps detect the creation of ghost users within SAP systems. While the tool can be useful in fighting fraud within compromised systems, it is important to remember one critical fact, the researcher said. “In order to install a back door, the attacker needs to compromise the system first.” Source:

For another story, see item 67 below in the Communications Sector

Communications Sector

64. August 5, Sierra Vista Herald – (Arizona) Telephone outage affects 911 callers. Dropped 911 calls were at the top of the Cochise County Sheriff’s Office’s biggest concerns August 4 after a fiber cut near the Desert Road Motel near Interstate 10 and Highway 90 in Sierra Vista, Arizona caused cell phone, Internet and landline outages. The sheriff’s office received five calls from various cell phones that were dropped within the first few seconds of the calls, a sheriff’s office spokeswoman said. Additional problems included trying to reach personnel through the office’s Verizon Wireless cell phones, she said, adding that the sheriff’s office resorted to using radios to communicate with those outside the office. Services were returned by approximately 2:30 p.m. after Qwest technicians were sent out to repair the fiber, said a Qwest spokesman. As soon as reports of the cut came in, Qwest sent technicians to repair the fiber. According to reports, AT&T service went completely down, and Sprint customers had intermittent service. Source:

65. August 5, – (Pennsylvania; Ohio) Wheeling, WV’s 50,000 watt WWVA (1170) is silent after storms. On August 4, all three sticks of “Big One” WWVA radio station located in St. Clairsville, Ohio were wrecked by the the high winds of a storm. Talker WWVA is off the air and Clear Channel said its lineup, starting with the 6-9 a.m. Bloomdaddy, will temporarily be heard on sister WBBD (1400). It normally features adult standards. Source:

66. August 5, IDG News Service – (National) Report: Google, Verizon in talks over net neutrality deal. Google and Verizon are reportedly in talks over how to manage network traffic, an agreement that could influence how U.S. regulators view network neutrality, according to a report in the Wall Street Journal August 5. Verizon confirmed talks with Google and the U.S. Federal Communications Commission (FCC) have been ongoing for 10 months. The agreement would apparently lay out principles around network neutrality, or the belief that service providers should not slow down certain kinds of traffic on their networks. The agreement, however, would reportedly allow service providers to prioritize traffic if customers paid for that kind of service, the paper said. Network providers have maintained that they need to restrict some kinds of Internet traffic in order to keep a consistent quality of service across their customers bases. That has happened, for example, for file-sharing protocols such as BitTorrent. But it is feared that network providers may unfairly restrict other kinds of applications and protocols for competitive purposes. Wireless networks would not be subject to the agreement, according to the report. The FCC has been talking to large service providers about how to regulate net neutrality. That has drawn criticism from groups such as Public Knowledge, whose communications director wrote that any agreement between Google and Verizon could be short-lived as it would not have the force of law. Source:

67. August 4, Network World – (International) New code uncouples iPhone 4 from home wireless carrier. Hackers August 4 released code that lets iPhone 4 owners — if they have modified their Apple smartphones to load unauthorized apps — to now use the devices on new wireless carriers. The hack, dubbed “ultrasn0w,” works with the new Apple iPhone 4 and its cellular baseband version 01.59, as well as the basebands on the 3G and 3GS models. For U.S. iPhone users, that means uncoupling from AT&T and making use of T-Mobile. With such an unlocked phone, a user traveling overseas could use a local SIM card to link with a local GSM provider and avoid costly fees for roaming. But the first step in the cellular “liberation” is modifying the iOS firmware through a process called jailbreaking, so it can run apps that do not have to be downloaded through Apple’s App Store. AppleInsider reported that the coder behind the free cellular unlock uses the name planetbeing in his work with a group called iPhone Dev Team. Earlier the week of August 2, a Web-based jailbreak, from, was announced. Just by using the Safari Web browser and this Web site, users can jailbreak their phones, apparently more simply than in the past. Security experts note the jailbreak makes use of two flaws, one in the Adobe PDF reader used by Safari, and one in the iOS kernel. But these same flaws can be used to download almost any kind of malware from a visited Web site. Source:

No comments: