Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, January 13, 2010

Complete DHS Daily Report for January 13, 2010

Daily Report

Top Stories

 Reuters reports that the Federal Aviation Administration has called for enhanced inspections of more than 130 older Boeing 737 planes to find possible cracks in the fuselage skin of the planes. (See item 15)

15. January 12, Reuters – (National) FAA calls for inspections of older Boeing 737s: report. The U.S. Federal Aviation Administration (FAA) has called for enhanced inspections of more than 130 older Boeing 737 planes, the Wall Street Journal said, citing a safety directive that is likely to be issued on Tuesday. The FAA has asked for enhanced structural inspections to find possible cracks in the fuselage skin of the planes, according to the paper. Undetected cracks “could result in sudden fracture and failure of the fuselage skin panels, and consequent rapid decompression,” the paper cited the FAA’s safety directive as saying. Boeing and the FAA could not be immediately reached for comment outside regular U.S. business hours. In July 2009, a 737 operated by Southwest Airlines developed a foot-wide hole and lost cabin pressure about 30 minutes after takeoff. Inspections in July revealed no problems with 737-300 jetliners flown by Southwest. Source:

 The Web Host Industry Review reports that a Romanian hacker has disclosed an SQL injection vulnerability on a U.S. Army Web site that could lead to a full database compromise. The Web site used to provide information about military housing facilities to soldiers, called Army Housing OneStop, was found to be storing passwords in plain text. (See item 32)

32. January 11, Web Host Industry Review – (National) Hacker finds SQL injection vulnerability in Army Web site. A Romanian hacker has disclosed an SQL injection vulnerability on a U.S. Army Web site that could lead to a full database compromise. According to a report from Softpedia, a Web site used to provide information about military housing facilities to soldiers, called Army Housing OneStop, was found to be storing passwords in plain text — a major security oversight. A compromised AHOS Web site could provide an intruder access to some 76 databases on the server, some containing confidential information on worldwide Army installations. The AHOS has since been taken offline. A security enthusiast going by the name of TinKode blogged about a proof-of-concept attack on, which seems to have been developed by a third-party government contractor, DynaTouch Corporation. The published screenshots reveal that the Web server runs on Microsoft Windows 2003 with Service Pack 2 and the database engine used to power the ASP Web site is Microsoft SQL Server 2000. Source:


Banking and Finance Sector

9. January 12, Wall Street Journal – (National) Banks brace for bailout fee. The U.S Presidential Administration is aiming to hit banks with a fee to recoup losses associated with the government’s bailout of financial firms and the auto industry, administration officials say. The White House hopes the fee will soothe the public’s anger at financial firms. Most big banks that received public funds have repaid the government, but the industry is seen by many as having survived thanks to taxpayer support, and is now enjoying a profit rebound as the economy struggles. This month, many large banks will resume paying big bonuses to employees. The Administration is likely to slap banks with a fee designed to recoup losses associated with TARP, in a move that could help lower the deficit and reduce risk-taking by big banks. Much remains uncertain about how such a fee would work. The Administration is wrestling with who should pay, when it should be implemented and what would happen if banks pay more than the government-bailout program ultimately loses. Auto makers are not currently targets of the fee idea. Even though the proposal is still under discussion, it is expected to be included in the White House’s budget, due next month, if only conceptually. It is expected to cost large banks billions of dollars and could also affect bank customers if firms pass along the cost. Source:

10. January 12, HedgeCo.Net – (Florida) Advisers charged with $160 million Nadel related hedge fund fraud. The SEC has charged two investment advisers with securities fraud for misleading investors about the financial condition of three hedge funds they managed, and misrepresenting that they controlled the funds’ investment and trading activities when in fact they were being handled by another individual. The SEC alleges that Sarasota, Florida-based suspects, a father and son, distributed offering materials, account statements, and newsletters to investors that misrepresented the hedge funds’ historical investment returns and overstated their asset values by as much as $160 million. According to the SEC’s complaint, hedge funds Valhalla Investment Partners L.P., Viking IRA Fund LLC, and Viking Fund were controlled by another individual with no meaningful supervision or oversight by the father and son. The SEC charged the other individual with fraud last year and obtained an emergency court order to freeze his assets. Source:

11. January 12, Insurance and Financial Advisor – (National) More insurance agents ‘cutting corners,’ engaging in fraud, group says. The number of insurance agents involved in suspected frauds has risen since the recession took hold, a new survey found. Meanwhile, funds devoted to investigating and prosecuting all insurance frauds appears to be decreasing among states and insurers, the Coalition Against Insurance Fraud (CAIF) survey found. “We are seeing [state] fraud bureaus and insurers cutting back,” the CAIF’s executive director told “That’s not a healthy combination. I think we are all going to be paying for it in the future.” The majority (69 percent) of state insurance department fraud directors participating in the survey said agent fraud was up “slightly” or “much higher” than in 2008. One quarter of the 37 state fraud bureaus said agent fraud levels were the same as in 2008, and one agency reported a decline. The executive director, who authored the report, said he found the agent fraud responses surprising, but blamed the economy. As companies and individuals look more closely at their premiums, policies and other insurance information, seeking ways to cut costs, the chances of identifying improper or illegal insurance activity increases, the executive director said. Source:

12. January 11, Bloomberg – (National) Federal Reserve seeks to protect U.S. bailout secrets. The Federal Reserve asked a U.S. appeals court to block a ruling that for the first time would force the central bank to reveal secret identities of financial firms that might have collapsed without the largest government bailout in U.S. history. The U.S. Court of Appeals in Manhattan will decide whether the Fed must release records of the unprecedented $2 trillion U.S. loan program launched after the 2008 collapse of Lehman Brothers Holdings Inc. In August, a federal judge ordered that the information be released, responding to a request by Bloomberg LP, the parent of Bloomberg News. “This case is about the identity of the borrower,” said a lawyer for the government, in oral arguments on January 11. “This is the equivalent of saying ‘I want all the loan applications that were submitted.’” Bloomberg argues that the public has the right to know basic information about the “unprecedented and highly controversial use” of public money. Banks and the Fed warn that bailed-out lenders may be hurt if the documents are made public, causing a run or a sell-off by investors. Disclosure may hamstring the Fed’s ability to deal with another crisis, they also argued. The lower court agreed with Bloomberg. Source:

13. January 11, Agence France-Presse – (International) Toronto man denies plot to bomb bourse and cash in. A Toronto man on January 11 pleaded not guilty to plotting to bomb Canada’s main stock exchange in 2006, as prosecutors said he aimed to profit from wreaking economic havoc to fund other terror attacks. The 34 year old defendant is accused of conspiring to bomb the Toronto Stock Exchange, Canada’s spy agency offices and a military base in order to try to provoke Canada’s withdrawal from Afghanistan. He was arrested with 17 alleged Islamic extremists in a 2006 police sting operation after the group sought to purchase three tons of bomb-making ingredient ammonium nitrate from undercover police officers. According to reports, he saw an opportunity to profit from blowing up the Toronto Stock Exchange by short-selling stocks before the bombings and reap a windfall that could be used to fund more terror attacks abroad. While his co-conspirators were impressionable young men with modest means, bent on destruction and mayhem for “religiously-inspired political purposes,” prosecutors say the defendant was motivated primarily by financial gain. The plan was “to affect the economy, to make it lose half a trillion dollars,” said court documents cited by the daily Globe and Mail. Source:

14. January 11, Marketwatch – (National) Special bankruptcy court for big banks is on the table. Key members of the Senate Banking Committee are in discussions to create a special bankruptcy court for “too-big-to-fail” banks, according to people familiar with discussions on the panel. The court would work in tandem with a process to dismantle a Lehman-like failing super-sized bank in a way that does not cause collateral damage to the markets. Lawmakers in the committee are working to see if they can create a broad bipartisan bank reform bill in response to the financial system’s near collapse in 2008. Two Senate Banking Committee members have been charged with reaching a bipartisan deal on systemic risk issues. The Financial Crisis Commission will require top bankers and regulators to testify about the causes of the financial crisis. Source:

Information Technology

36. January 12, IDG News Service – (International) Google blames ‘human error’ for leak of users’ business data. Google is apologizing after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service. The company’s Local Business Center allows businesses to create a listing for Google’s search engine and Maps application, as well as add videos, coupons or photos. Google then provides data on how customers found the listing, showing search terms people used before clicking the listing and other data such as the geographic location of someone who looked up driving directions to the business. Google will send reports to those who are signed up. Early last week, Google sent the reports to third parties by mistake. The mistake affected several thousands businesses registered with Local Business Center, of which there are more than a million. People who received the data then began to publicize the incident, realizing the privacy implications. A Chicago-based Internet consultant wrote on his blog that he received information regarding the listing for Boscos, a restaurant in Tennessee that brews its own beer. The data included the number of times Boscos’ listing appeared in Google’s local search results, the number of times it had been clicked on and the number of follow-through clicks on the actual business’ Web site. Source:

37. January 12, The Register – (International) Apple sits on critical Mac bug for 7 months (and counting). Researchers have disclosed a critical vulnerability in the latest version of Mac OS X that they say Apple has sat on for almost seven months without fixing. The buffer overflow flaw could be exploited by attackers to remotely execute malicious code, and virtually all Apple devices - including Mac computers and servers, iPhones, and even Apple TV - are susceptible, one of the researchers told The Register., the Poland-based security firm he works for, alerted Apple to the vulnerability in the middle of June and again last month, but the computer maker has yet to patch the bug. By contrast, developers for OpenBSD, NetBSD, FreeBSD, and a variety of Mozilla applications have fixed identical vulnerabilities, in some cases within hours of notification. The bug affects all applications and operating systems that implement gdtoa floating point numbers. The OS X bug resides in the libc/strtod(3) and libc/gdtoa function. The researcher said the vulnerability could be remotely exploited using booby-trapped PHP code on a website, among other methods. Source:

38. January 12, The Register – (International) Frustrated bug hunters to expose a flaw a day for a month. A Russian security firm has pledged to release details of previously undisclosed flaws in enterprise applications it has discovered every day for the remainder of January. Intevydis intends to publish advisories on zero-day vulnerabilities in products such as Zeus Web Server, MySQL, Lotus Domino and Informix and Novell eDirectory between January 11 and February 1, a security blogger reports. As an opener, Intevydis published a crash bug in Sun Directory Server 7.0, along with exploit code. The final line-up of zero-days is still being finalised, but the MySQL buffer overflows and IBM DB2 root vulnerability flaws on the provisional menu sound much tastier than Intevydis’s somewhat bland opener. Advisories are due to be published on the Intevydis blog here. Intevydis said it launched its campaign after becoming more and more disillusioned with foot-dragging by vendors when confronted by security flaws in their products. Only one software vendor, Zeus, reportedly worked with Intevydis in developing a patch to be released at the same time as an upcoming advisory from the Russian security firm. Intevydis’s stance is likely to reboot the long running debate about the responsible disclosure of security vulnerabilities. An entry on the Intevydis blog accuses software vendors of exploiting researchers as unpaid lackeys. Source:

39. January 11, IDG News Service – (Maryland) Maryland aims to be cybersecurity ‘epicenter’. Maryland officials want the state to be the U.S. “epicenter” for fighting cyber attacks, and on January 11 they launched an effort to bring more cybersecurity research and jobs to the state. Maryland has several resources that make it the perfect place to be a national — and world — leader in cybersecurity, said the Governor, speaking at a kick-off event at the U.S. National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. In addition to the NIST, Maryland is home to the U.S. National Security Agency, 12 major military installations, world-class schools such as Johns Hopkins University and dozens of top cybersecurity vendors, the governer and other officials said. Cybersecurity leadership and innovation is needed at a time when the U.S. is getting attacked from all sides, said a Maryland Democratic senator. “Cybersecurity is all-hands-on-deck and all-agencies-on-deck,” she said. The governor’s administration on January 11 released a 32-page report, called CyberMaryland, focused on ways to improve cybersecurity efforts in the state. The report calls for the state to work with the U.S. government to establish a national center of excellence in cybersecurity in the state, including a cybersecurity business incubator and an education and training center. Source:

40. January 11, DarkReading – (International) More researchers going on the offensive to kill botnets. Yet another botnet has been shut down as of January 11 as researchers joined forces with ISPs to cut communications to the prolific Lethic spamming botnet — a development that illustrates how botnet hunters increasingly are going on the offensive to stop cybercriminals, mainly by disrupting their valuable bot infrastructures. For the most part researchers monitor and study botnets with honeypots and other more passive methods. Then security vendors come up with malware signatures to help their customers scan for these threats. But some researchers are turning up the heat on the bad guys’ botnet infrastructures by taking the lead in killing some botnets: Aside from the recent takedown by Neustar of Lethic, which is responsible for about 10 percent of all spam, FireEye in November 2009 helped shut down the MegaD botnet. And researchers at the University of California at Santa Barbara in May revealed they had taken the offensive strategy one step further by infiltrating the Torpig botnet, a bold and controversial move that stirred debate about just how far researchers should go to disrupt a botnet. Source:

41. January 11, The Register – (International) False Facebook charge group used to spread malware. A false rumor suggesting that Facebook is to start charging is being used to bait malware traps. Thousands of disgruntled punters, angry at the $4.99 a month charge for using the social networking site that will supposedly kick in from June (or July, according to other false reports) have been induced to visit “protest group” sites in response to spam emails. However, in reality, there is no such plan and the protest pages often contain malware, as urban myth debunking site Snopes warns: The protest page was a trap for the unwary; clicking on certain elements of it initiated a script that hijacked users’ computers. Some of those who did venture a click had their computers taken over by a series of highly objectionable images while malware simultaneously attempted to install itself onto their computers. Source:

For another story, see item 43 below in the Communications Sector

Communications Sector

42. January 12, Kentucky Post – (Ohio) Verizon scrambles to fix fiber optic line. Landline phone service remains disrupted in parts of Adams and Brown counties on January 11. Verizon brought field workers from as far away as Dayton and Wilmington to try to locate a severed fiber optic line near Sardinia in Brown County. “It’s a huge problem, but we’ll work through the night to get service to our valued customers,” said a local manager for Verizon. Work was slowed, however, when a power line was discovered on top of one of Verizon’s access boxes. Earlier in the day it was thought that a Sardinia crew working to fix a water line may have disrupted the phone service. In the meantime, Verizon says that as of 8:30 p.m. (EST), a majority of service in the affected region had been re-routed and thus, restored. Field crews may have to wait until daylight Tuesday morning to identify and repair the damaged fiber optic line. Source:

43. January 11, IDG News Service – (International) Group behind Twitter hack takes down The group that took down in December 2009 has apparently claimed another victim: China’s largest search engine was offline on January 11, but at one point it displayed an image saying “This site has been hacked by Iranian Cyber Army,” according to a report in the official newspaper of the Chinese Communist Party and other Web sites. With more than half of China’s Internet search market, Baidu is by far China’s most-used search engine. The company could not immediately be reached for comment. Not much is known about the Iranian Cyber Army, which first gained notoriety with its December 18 Twitter attack. Hacking groups such as this are constantly defacing Web sites, but it is extremely rare for them to take down a site as widely used as Twitter or According to security experts, Baidu’s domain name records appear to have been tampered with. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the nameservers the company normally uses. “It looks like their domain account credentials may have been snagged,” said a researcher with the antivirus vendor Trend Micro. That is the same technique that was used to hijack Twitter, when Iranian Cyber Army hackers were apparently able to log in to the account used to manage Twitter’s DNS records and redirect visitors to another Web server that posted a message similar to the one spotted on That attack knocked Twitter offline for more than an hour. Source:

44. January 11, The Register – (Florida) Judge awards Dish Network $51m from satellite pirate. A federal judge has slapped a $51m judgment on a Florida man for distributing software that allowed people to receive television programming from Dish Network without paying for it. The ruling, issued on January 11 by a US District judge of Tampa, found that the defendant violated both the Digital Millennium Copyright Act and the Communications Act. Using the online monikers “Thedssguy” and “Veracity,” the defendant provided 255,741 piracy software files, making him liable for damages of $51.148m, or $200 per download. Under the DMCA, the defendant could have been forced to pay $2,500 for each download, an amount that would have brought damages to more than $639m. The defendant was also ordered to pay Dish Network’s attorney fees and to permanently stop making or distributing software that circumvents the satellite provider’s security. The software at issue allowed users to bypass access security technology provided by Dish co-venture NagraStar, so they could receive premium programming and regular channels on so-called free-to-air receivers. The receivers are designed to play only unencrypted satellite transmissions, such as ethnic, religious, and advertising content. After flashing the devices with the software, users could watch paid programming on the receivers. Source:

45. January 11, Government Technology – (Michigan) Michigan releases shared data center RFI. Michigan has formally launched an initiative to build a massive new data center that will provide cloud computing services to state agencies, cities, counties and schools across the state. The Michigan Department of Information Technology (MDIT) — in conjunction with the state’s Department of Treasury and Department of Management and Budget — issued a request for information (RFI) January 7 seeking industry feedback on forming a public-private partnership to build and operate the facility. “This marks another big step in our effort to establish high-tech investment in Michigan,” said state CIO in a statement released by the MDIT. “A data center built through public-private partnership will allow all levels of government in Michigan to benefit, by getting the most of our taxpayer dollars.” The RFI seeks input from companies or teams of companies that are interested in financing, building and operating the new facility, as well as providing shared IT services to state agencies and others. The state is particularly interested in tapping alternative energy sources for the data center, according to the RFI. Source:

For another story, see item 35