Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, January 28, 2010

Complete DHS Daily Report for January 28, 2010

Daily Report

Top Stories

 According to the Examiner, Toyota announced Tuesday that it is suspending sales of eight models that are involved in the recall for having accelerator pedals that stick. In addition to the sales freeze, production at certain Toyota facilities will pause beginning the week of February 1. (See item 10)


10. January 26, Examiner – (International) No sale: Toyota halts sales of eight models, production affected as well. Toyota announced Tuesday that it is suspending sales of eight models that are involved in the recall for having accelerator pedals that stick. Initially Toyota had maintained that improperly installed floor mats were to blame, but as time has continued on, the company has recently admitted that “Certain accelerator pedal mechanisms may, in rare instances, mechanically stick in a partially depressed position or return slowly to the idle position.” One driver of a Toyota Avalon was able to use information circulated by the media, moving the car’s shifter to and from neutral, to limp his malfunctioning car to a dealership while it was still experiencing the acceleration issue. The service manager was able to verify that the floor mat was not obstructing the accelerator. Toyota now hopes to show that it is taking ownership of the issue and is acting in the best interest of its customers. Models impacted by the sales freeze include the following: 2009-2010 RAV4, 2009-2010 Corolla, 2009-2010 Matrix, 2005-2010 Avalon, 2007-2010 Camry, 2010 Highlander, 2007-2010 Tundra, and 2008-2010 Sequoia. In addition to the sales freeze, production at certain Toyota facilities will pause beginning the week of February 1. Facilities in question include: Toyota Motor Manufacturing, Canada (Corolla, Matrix, and RAV4), Toyota Motor Manufacturing, Indiana (Sequoia and Highlander), Toyota Motor Manufacturing, Kentucky – Line 1 (Camry and Avalon), Subaru of Indiana Automotive, Inc. (Camry), Toyota Motor Manufacturing, Texas (Tundra). At this point, Toyota is not indicating how long the sales and production suspension will last. Source: http://www.examiner.com/x-10697-California-Autos-Examiner~y2010m1d26-No-sale--Toyota-halts-sales-of-eight-models-production-affected-as-well


 The Associated Press reports that Chattanooga, Tennessee officials fixed a Tuesday morning power failure at the Moccasin Bend wastewater plant that released 137 million gallons of sewage and stormwater into the Tennessee River. (See item 31)


31. January 27, Associated Press – (Tennessee) Chattanooga sewage leak into Tennessee River fixed after 137 million gallons released. Chattanooga officials fixed a wastewater plant power failure that released 137 million gallons of sewage and stormwater into the Tennessee River. A city spokesman said workers restored the Moccasin Bend treatment plant to full capacity about 4:30 a.m. Wednesday and stopped the overflows caused by the Tuesday morning power outage that shut down the plant’s pumping system. He said the 137 million gallons of untreated sewage and storm water waste released into the river represents less than 1 percent of the total flow released from TVA’s Chickamauga Dam. An estimated 80 billion gallons of water flowed through the dam Tuesday. He said an overflow area under the Market Street Bridge was sanitized Wednesday morning. Source: http://www.whnt.com/news/sns-ap-tn--river-sewage,0,6227072.story


Details

Banking and Finance Sector

13. January 27, IDG News Service – (International) 3D secure online payment system not secure, researchers say. A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers. The system is called 3-D Secure (3DS) but known better under the names Verified by Visa and MasterCard SecureCode. Implemented and paid for by e-commerce vendors, the systems require a person to enter a password or portions of a password to complete an on-line purchase. As a reward for investing in the systems, merchants are less liable for fraudulent transactions and are stuck with fewer chargebacks. But banks such as the Royal Bank of Scotland are now holding consumers to a higher level of liability if fraudulent transactions occur using either system, said a security researcher at the University of Cambridge. That is despite what the researcher and a security engineering professor contend are several flaws with 3DS. One of their main points is how 3DS is integrated into Web sites during a transaction. E-Commerce Web sites display 3DS in an iframe, which is a window that brings content from one Web site into another. The e-commerce Web site connects directly to a bank, which solicits a person’s password in the iframe. If the password is right, the transaction is complete. But the researchers argue that since there’s no URL displayed with the iframe, it’s difficult to tell whether it’s genuine or not. 3DS also allows people to set their password immediately as they enroll in the system, a process called “activation during shopping” (ADS). The ADS enrollment will ask for some other piece of information, such as a birth date, in order to confirm the setting of the password. That’s a security issue since birth dates are easily obtainable, the researchers argue. Source: http://www.pcworld.com/businesscenter/article/187849/3d_secure_online_payment_system_not_secure_researchers_say.html


14. January 27, Courthouse News Service – (National) FDIC seeks comments on risk in employee pay. The Federal Deposit Insurance Corporation (FDIC) is requesting comments regarding whether it should penalize insured institutions with higher Deposit Insurance Fund (DIF) assessments when it determines they have risky employee compensation plans. The FDIC maintains that it is not attempting to eliminate any particular compensation plan through increased rate assessment but it does recognize the “broad consensus that some compensation structures misalign incentives and induce imprudent risk” by rewarding “...employees based on short-term results without full consideration of the longer-term risks to the firm.” The Federal Deposit Insurance Act requires that a depository institution’s deposit insurance assessment must be based on the probability that the DIF will incur a loss, the amount of any loss, and the revenue needs of the DIF. In 2009 employee compensation plans were cited as a contributing factor in an institution’s failure in 35 percent of the agency’s investigations. The agency hopes that using assessment rates will provide incentives for insured institutions to adopt compensation programs that align employees’ interests with those of the institution’s other stakeholders. According to the agency, such compensation plans would limit stock awards to restricted, non-discounted companies that would be available at intervals over a period of years after an employee meets multi-year performance goals. The agency also believes that any cash bonuses or stock awards should be subject to so-called “clawback” provisions in case the performance a bonus is based on later proves to have been illusory or deceptive. Source: http://www.courthousenews.com/2010/01/27/Federal_Regulations.htm


15. January 27, Bank Info Security – (National) Phishing trends: numbers up, corporate accounts targeted. The latest report from the Anti Phishing Working Group (APWG) paints a distressing picture for anyone doing transactions online, says the chairman of the APWG. All phishing numbers are on the rise. The number of unique phishing reports submitted to APWG for the third quarter of 2009 reached a record 40,621 in August — 10 percent more than the previous record set in September 2007. “What we are all seeing is that the criminals are still continuing their attacks and it is getting worse,” the chairman says. “They’re getting way more sophisticated.” The number of unique phishing websites reached a record 56,362 in August, displacing the previous reported high of 55,643 in April 2007. The number of hijacked brands rose to a high of 341, up more than 10 percent from the previous record of 310 in March 2009. What really worries the chairman is the targeting of corporate bank accounts and high-wealth customers, as well as the circumvention of authentication technology. “These criminals are rapidly figuring out how the financial industry works, where there is big money and large transfers, so they can basically do large wires out of these accounts without setting off fraud alerts.” The chairman says bluntly, “I think we’re in for a challenging year.” He’s heard from banks telling him it is a hostile environment. “They’re scrambling for answers to this because they just can’t be everywhere the hackers are — even on the users’ computers.” Source: http://www.bankinfosecurity.com/articles.php?art_id=2119


16. January 27, Mississippi Press – (Mississippi) Debit card scam: Local banks want customers to beware of account draining phone call. Officials with two local banks warned on January 26 of a debit card scam that could drain a person’s banking account if they follow the recorded instructions. The senior vice president of security at Merchants & Marine Bank said several of the bank’s customers reported on January 25 and 26 of receiving a recorded call on their cell phone telling them their Visa debit bank card is restricted or inactive. The recording tells them that in order to reactivate the card they should put the card’s account number into the telephone key pad, the vice president said. The communications director at Hancock Bank said their customers have reported receiving the same recorded call. The chief of investigations with the Jackson County Sheriff’s Department said unfortunately as technology advances, bank account scams tend to evolve. A customer service representative at M&M Bank said her customers are saying that the calls are coming from two different phone numbers in Tennessee. The chief of investigations said the calls are most likely coming from a “drop box” that routes calls several places, making it nearly impossible to trace. Source: http://blog.gulflive.com/mississippi-press-news/2010/01/debit_card_scam_local_banks_want_customers_to_beware.html


17. January 27, St. George Spectrum – (California) Credit union issues warning after fraud trend in California. Southwest Community Federal Credit Union has issued a fraud alert to its customers after reports some Visa accounts have been targeted by thieves in California. “We’ve basically put a block on all transactions out of California. That includes legitimate transactions, which is the majority of the transactions,” the chief financial officer said on January 26. An alert posted on the company’s Web site said the credit union initiated the statewide block after spotting the trend, and credit union members who are traveling to California or doing online business with companies based in California will need to contact Southwest Federal for assistance in clearing the transaction. Once Southwest Federal is able to authenticate the credit union member’s identity, the transactions will be allowed. The chief financial officer said the California blockade will eventually be lifted once the credit union deems it safe to do so. Skilled thieves are selling and buying black market equipment that allows them to reproduce debit and credit cards with a great deal of accuracy, he said. The fraud trend in question is called a “card present transaction.” In other words, the transactions are not taking place on the Internet where a PIN number would be required to complete the transaction. Instead, the alleged thieves are presenting the phony cards along with false identification, and then signing for their purchases. Source: http://www.thespectrum.com/article/20100127/NEWS01/1270312/Credit+union+issues+warning+after+fraud+trend+in+California


18. January 26, Computerworld – (Texas) Bank sues victim of $800,000 cybertheft. A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that could test the extent to which customers should be held responsible for protecting their online accounts from compromises. The incident, which was first reported by a blogger this week, involves Lubbock-based PlainsCapital bank and its customer Hillary Machinery Inc. of Plano. In November 2009, unknown attackers based in Romania and Italy initiated a series of unauthorized wire transfers from Hillary’s bank accounts and depleted it by $801,495. About $600,000 of the amount was later recovered by PlainsCapital. Hillary demanded that the bank repay it the rest of the stolen money. In a letter to the bank in December, Hillary claimed that the theft happened only because PlainsCapital had failed to implement adequate security measures. PlainsCapital promptly filed a lawsuit in the U.S. District Court for the Eastern District of Texas asking the court to certify that its security procedures were “commercially reasonable.” In its complaint, the bank noted that it had made every effort to recover the stolen money. The bank sought to absolve itself from blame in the heist by stating that the unauthorized wire transfer orders had been placed by someone using valid Internet banking credentials belonging to Hillary Machinery. “PlainsCapital accepted the wire transfer orders in good faith” and had therefore not breached any of its agreements with Hillary, the bank said in its complaint. The complaint itself is somewhat unusual in that it does not seek anything specific from Hillary. Rather, all it asks is for the court to certify that its systems are reasonably secure. Source: http://www.computerworld.com/s/article/9149218/Bank_sues_victim_of_800_000_cybertheft


19. January 26, Oil Express – (Kansas) Thieves empty jobber’s ATM using factory default pin. A scam involving factory pre-set PIN numbers for ATMs has cost a Kansas marketer the contents of his cash dispenser in a matter of seconds, Oil Express reports. The marketer, who never changed the ATM’s original code, said the loss was preventable. “If we had just read the manual that came with the ATM, we would have known to change the code, but we didn’t,” he said. Oil Express reports the theft could signal a trend, as marketers buy and sell stores and inherit older ATMs. “We would advise anyone with a legacy ATM that’s more than five years old to check whether the PINs were ever changed and to make sure that they have the test software installed,” said a spokesman for ATM manufacturer Triton told the news source. ATM vendors offer free software that helps prevent ATM thefts. New ATMs contain a PIN that allows owners to access the machine’s menu. While it does not provide access to the cash vault, it does allow thieves to change the denomination of the bills that the ATM dispensed. In the Kansas case, while the manager loaded the ATM with $20 bills, the thieves, accessing the ATM menu, changed the denomination of the bills to $1. As a result, the thieves received 20 times the amount that the ATM actually calculated that it had dispensed. ATM vendors learned of the scam several years ago. As a result, machines manufactured today force operators to change the PIN before the machine can be used. However, the older systems are still vulnerable, the reason that Triton and other vendors produced a free software fix. Source: http://www.nacsonline.com/NACS/News/Daily/Pages/ND0126101.aspx


20. January 26, Associated Press – (Michigan) Burglars take more than $9,000 from Treasury safe. The State of Michigan is looking at a possible $2 billion deficit in the fiscal year starting October 1, and the theft of more than $9,000 from a branch office is not helping. Sterling Heights police tell the Detroit Free Press that employees reporting to work on January 25 discovered the theft. It is believed to have occurred between 4:30 p.m. on January 23 and 6:30 a.m. January 25. Police say the thieves broke a window and removed part of a wall to get into a room where a safe was forced open. A Treasury spokesman says the field office and collection staffers work at the suburban Detroit location, where back taxes, state agency debt and other payments can be made. He says the office will remain closed until repairs are completed, possibly by the end of the week. Source: http://www.chicagotribune.com/news/chi-ap-mi-treasuryoffice-th,0,168115.story


21. January 26, Queens Courier – (New York) Phony bomb bank robberies. Two recent bank robberies have taken advantage of terrorism fears in northeast Queens, and police want to defuse the situation. On January 22 a “black male, 5 feet 11 inches tall, weighing approximately 200 pounds,” according to the NYPD, entered the Queens County Savings Bank at 247-53 Jamaica Avenue in Bellerose shortly before 9 a.m. Police say the man, dressed in black shoes and a black jacket, told bank employees he wanted to open an account. Once he had the manager’s attention, cops say he said he had a bomb in his bag, and warned them “Don’t notify anyone.” He fled the bank with an undisclosed amount of cash, heading westbound on Jamaica Avenue. Police sources told The Queens Courier that on January 25, an unidentified black male, between 6 feet and 6 feet 2 inches tall, weighing “about 180 pounds,” entered the Queens County Savings Bank at 224-04 Union Turnpike in Hollis Hills shortly before noon on. The man, who was wearing blue pants, a blue trench coat and black sneakers, also produced what appeared to be a bomb — but also turned out to be four traffic flares taped together with a common electronic accessory, police sources said. The thief was last seen headed south on Springfield Boulevard, with approximately $8,300 in cash, according to police sources. Source: http://www.queenscourier.com/articles/2010/01/26/news/regional/northeast/doc4b5f7a16df89d736102907.txt


22. January 26, eCredit Daily – (International) Report: ‘Credit card twitter’ ripe for phishing attacks. Blippy, the ‘Twitter’ for credit card users that went live this month, could be targeted by cyber criminals that could use the personal information posted on the social media site to create effective phishing emails, according to a prominent cyber security firm. Blippy invites users to discuss what they are buying primarily by attaching a credit or debit card to the service. Postings reveal what they purchased, the amount and the retailer, whether online or in-store. ATM withdrawal amounts are also recorded. The site has privacy safeguards in place, but there is enough revealed in the postings to help cyber fraudsters construct phishing schemes aimed at Blippy users, according to Cyveillance, a provider of online security solutions to protect organizations from cyber attacks, including phishing and malware. The firm has done business with a majority of Fortune 500 companies. “From a cyber criminal’s point of view, Blippy currently offers great information to construct a highly-targeted spear phishing attack,” Cyveillance writes on its cyber intelligence blog. Source: http://ecreditdaily.com/2010/01/report-credit-card-twitter-ripe-phishing-attacks/


23. January 26, Bank Info Security – (Texas) ATM Fraud: Skimming scheme nets $200,000 in Texas. Word on the street is that ATM skimming is now the most profitable crime, say Houston, Texas police who arrested two men accused of putting a skimming device on a local bank’s ATM. A Houston police lieutenant says that the suspects were caught putting the device on an ATM in a bank on Montrose Boulevard, near the University of St. Thomas on January 19. This incident is another example of increased ATM-related crimes. Security experts have predicted that ATM fraud will increase in 2010. The lieutenant, who works in the police department’s financial crimes division, says the police watched as the suspects sat across the street in a black Cadillac Escalade, monitoring the ATM through binoculars. Once they saw customers pull up, the suspects moved in closer and turned on their wireless camera. The camera let them see the customers as they entered their banking PIN into the ATM’s keypad. One Houston area bank reports it lost more than $200,000 because of the skimming device, police say. “We have had suspects tell us that the word among criminals on the street is that skimming is a much more profitable crime to commit, not only because the amount of money they are able to steal very quickly, but also because it is less likely that they will be detected,” the lieutenant explained. Source: http://www.bankinfosecurity.com/articles.php?art_id=2115


Information Technology


47. January 27, V3.co.uk – (International) TechCrunch hacked twice in 24 hours. Security experts are warning webmasters to be on their guard, after popular technology blog TechCrunch was hacked for the second time in 24 hours. Users were greeted this time with a four-letter tirade against the site’s founder. The first hack happened at around 6am GMT on January 26, when visitors saw a blank page with a brief message and a link to a site containing links to “adult and pirated material”, according to a Sophos senior technology consultant. Later that morning the site posted a brief story about the hack. “At this point we are still gathering information on how the site was compromised, and will update this post with additional information,” it said. However, the consultant said in a blog post that the site was compromised again within 24 hours, and that the hackers left another message. “So [name of TechCrunch founder], how much did all the media coverage yesterday brought you in trough the welcome.html ad you forced people to? What a [expletive] retarded move was that you [expletive]. You should be thanking me and [expletive] on my [expletive] for not deleting everyone on the box and publishing the mysql, if that’s what you want O.K, I can do that,” the message read. According to the consultant, the message also included a link to a web site “hosting links to hardcore file-sharing torrents”. TechCrunch has yet to elaborate on how the hackers managed to deface its site. Source: http://www.v3.co.uk/v3/news/2256848/techcrunch-hacked-again


48. January 27, IDG News Service – (International) PlayStation 3 hack released online. Days after announcing he had managed to hack Sony’s PlayStation 3 console to run his own software, the hardware hacker has released the exploit online. The hacker, who is best known for cracking Apple’s iPhone, said in a blog posting that he had decided to release the exploit to see what others could do with it and because he wanted to move on to other work. With the release of the exploit online many programmers will likely start to examine the PlayStation 3 for ways to get deeper into the system. For some the prime goal will be to crack the encryption system that ensures illegally copied games cannot be played on the console while others will likely be motivated by the technical challenge of running their own software on the powerful PlayStation 3 platform. The exploit the hacker has found works with the PlayStation 3’s OtherOS feature that allows a second operating system to be installed on the machine. This feature was discontinued on newer model machines, the so-called “PS3 Slim” consoles. Sony is also examining the code. Its Tokyo-based gaming unit, Sony Computer Entertainment, said it is looking into the claims made by the hacker and declined to comment until it has finished its investigation. Source: http://www.computerworld.com/s/article/9149398/PlayStation_3_hack_released_online


49. January 27, SC Magazine – (International) The popularity of Apple devices is attracting malware, according to a report from Intego. Amid speculation that Apple is set to introduce its tablet device on January 28 at a press event in California, a discussion of the security implications will not likely be mentioned. While the device is already being touted as a game-changer in the publishing industry, reportedly introducing a new digital platform with a ten-inch screen for the delivery of newspaper and magazine content, what is likely to follow within months of the debut, if history is any precedent, is a new wave of malware targeting the device. Users tuning in for their daily news feed or perusing copies of their favourite magazines may become victims of new iterations of malware likely intended to steal their passwords and personal information to then be offered for sale in the nether regions of cyberspace. This scenario echoes Apple’s January 2009 introduction of new software at Macworld Expo, a forum the company traditionally uses to roll-out new products and to announce updates to existing ones. According to an annual report, The Year in Mac Security from Intego, following the release of an update to Apple’s iWork 2009 suite of software, malware writers immediately introduced the iServices Trojan Horse as a supplement hidden inside an installer available to users downloading bootlegged versions from BitTorrent and other grey and black market distributors of pirated software. The Intego report stated that following up on the successful implementation, the same cyber gang issued the next version of their malware planted in Adobe Photoshop CS4 for Mac, again distributed via BitTorrent. In April, Intego detected proof-of-concept malware, Tored.A, that was created in RealBasic code. This self-contained application tried to copy itself to root folders on Macs and then siphoned email addresses from the Mac utility address book and sent emails containing the malware. The virus was also capable of linking the user machine to a botnet and recording keystrokes. Source: http://www.scmagazineuk.com/the-popularity-of-apple-devices-is-attracting-malware-according-to-a-report-from-intego/article/162463/


50. January 27, The Register – (International) Google Toolbar caught tracking users when ‘disabled’. Google has updated its browser toolbar after the application was caught tracking urls even when specifically “disabled” by the user. In a January 25 blog post, a Harvard professor and noted Google critic provided video evidence of the Google toolbar transmitting data back to the Mountain View Chocolate Factory after he chose to disable the application in the browser window he was currently using. The Google toolbar offers two disable options: one is meant to disable the toolbar “permanently,” and the other is meant to disable the app “only for this window.” In a statement passed to The Register, Google has acknowledged the bug. According to the statement, the bug affects Google Toolbar versions 6.3.911.1819 through 6.4.1311.42 for Internet Explorer. An update that fixes the bug is now available here, and the company intends to automatically update users’ toolbars sometime today. The statement also says that the bug does not occur if you open a new tab after disabling the toolbar for a particular window. In the statement, Google goes on to say that the bug disappears if you restart your browser, but this does not quite make sense. If you are interested in disabling Google toolbar for a particular window, you are not going to close that window. Source: http://www.theregister.co.uk/2010/01/27/google_toolbar_caught_transmitting_data_when_disabled/


51. January 26, Help Net Security – (International) Cybercrime increasing faster than company defenses. Cybercrime threats posed to targeted organizations are increasing faster than many organizations can combat them. Moreover, a new survey suggests the threat of cybercrime is heightened by current security models that are only minimally effective against cyber criminals. More than 500 respondents, including business and government executives, professionals and consultants, participated in the survey. The survey is a cooperative effort of CSO, the U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte’s Center for Security & Privacy Solutions. The 2010 CyberSecurity Watch Survey uncovered a drop in victims of cybercrimes (60 percent vs. 66 percent in 2007), however, the affected organizations have experienced significantly more attacks than in previous years. Between August 2008 and July 2009 more than one third (37 percent) of respondents experienced an increase in cybercrimes compared to the previous year. Although the number of incidents rose, the ramifications have not been as severe. Since 2007, when the last cybercrime survey was conducted, the average monetary value of losses resulting from cybercrimes declined by 10 percent. This can likely be attributed to an increase in both IT security spending (42 percent) and corporate/physical security spending (86 percent) over the past two years. Source: http://www.net-security.org/secworld.php?id=8769


52. January 26, Help Net Security – (International) Devious ransom trojan takes data hostage. Taking data hostage is not a new invention in the world of cybercrime but a trojan currently infecting computers does it in a way that can leave the victim unaware that he has been scammed. The CRO at F-Secure, says, “When the W32/DatCrypt trojan infects a computer, it makes it seem as if some files, such as Microsoft Office documents, video, music and image files have been “corrupted”, when the files have in fact been encrypted by DatCrypt. Next the trojan creates what looks like an authentic message from Windows, advising the user to download and execute the “recommended file repair software” called Data Doctor 2010.” If this utility is downloaded and executed, the user receives a message that it can “only repair one file in unregistered version”. In order to repair — or more accurately, decrypt — more files, the user has to buy the product for $89.95. After the money is paid, the software does return access to the files. Source: http://www.net-security.org/malware_news.php?id=1208


53. January 26, DarkReading – (International) New attack uses Internet Explorer’s own features against it. A researcher at Black Hat DC, which runs from January 31 until February 3, will demonstrate how an attacker can steal files from a victim’s machine by abusing a combination of actual features in Internet Explorer. A security consultant with Core Security Technologies says popular features in IE, such as URL Security Zones and the browser’s file-sharing protocol, can together be abused to execute an attack that results in the attacker being able to read all files on the victim’s machine. The consultant plans to release proof-of-concept code for the attack next month after Black Hat DC, and after Microsoft issues a security update for the attack, which affects IE versions 6 and above, he says. The attack requires the user to click on a malicious link. The group manager of Microsoft’s Trust The attack basically abuses the way features in IE are designed, the consultant says, and it only works when a combination of features are abused in the attacks. A single feature cannot be abused to wage the attack, he says. It does not, however, allow the attacker to execute code remotely or to control the victim’s machine. Source: http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=222500167&subSection=End+user/client+security


54. January 26, DarkReading – (International) Report: More than 560,000 websites infected in Q4. A total of 5.5 million Web pages on more than 560,000 Websites were infected in the fourth quarter, according to new data, with evidence that attackers are waging less noticeable exploits in order to remain under the radar. Dasient, which compiled the data from its proprietary malware analysis tool that gathers information on malware attacks on Websites, says the fourth-quarter 2009 numbers are actually a slight decline from the third quarter, when it found more than 640,000 infected Websites and 5.8 million infected Web pages. The decline, in part, could have to do with smarter, more sophisticated attacks: Infections of newly compromised Websites of 10 or more pages on average hit about 24 percent of the pages on those sites, a jump of 19 percent from Q3. The infections basically spread to more pages on each site in the fourth quarter, according to Dasient’s report. Another indication that attackers are launching stealthier and more efficient attacks is in the number of programs used in the attacks. The average number of programs loaded onto a victim’s machine from an infected Website was 2.8, while two years ago attackers would typically send a dozen or more malicious programs onto these machines. Source: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=222500206&subSection=Attacks/breaches


55. January 26, V3.co.uk – (International) Hackers ran detailed reconnaissance on Google employees. The hackers who infiltrated the computer systems of Google earlier this month first carried out sophisticated reconnaissance and may even have posed as friends of Google employees, according to a McAfee chief technology officer. In a project dubbed Operation Aurora by the security giant, hackers are likely to have used sophisticated social engineering techniques and advanced reconnaissance work to target individuals at the companies who had access to sensitive data. “In this case we saw a lot more reconnaissance done upfront, which is a shift people may not have been aware of,” the technology officer told V3.co.uk. This could involve compromising the social networking accounts of employees’ friends, then sending them malicious links which they are more likely to click on because they appear to come from a friend. The technique is not new, but it would be the first time it has been detailed in such a high-profile attack. Source: http://www.v3.co.uk/v3/news/2256804/hackers-carried-detailed


For another story, see item 13 above in the Banking and Finance Sector


Communications Sector

56. January 26, FierceTelecom – (Texas) Copper theft shuts down AT&T service in Dallas. AT&T’s landline voice customers in Dallas, Texas were without phone service on January 25 when thieves made off with 200 feet of copper cabling. Since the cable theft was done in the very early morning, AT&T said only about 20 customers reported they were without service in the afternoon of January 25, meaning that the outage was not widespread. Stealing these particular copper cables, which AT&T estimates could fetch no more than $2000 on the scrap metal market, came at a major risk because they are high tension and are located right next to utility electric lines. There has been no shortage of copper thieves being electrocuted when they mistakenly cut into an adjacent utility electric wire. After a slight lull, a jump in copper prices has spurred on a new wave of copper theft. Source: http://www.fiercetelecom.com/story/copper-theft-shuts-down-t-service-dallas/2010-01-26


57. January 26, Lake County News-Chronicle – (Minnesota) Damaged line cuts phone, internet service in parts of Duluth, Lake and Cook counties. A steam pipe that broke in a manhole in Duluth is believed to be the cause of damage to a fiber-optic line that has cut phone and Internet service to thousands in Northeastern Minnesota. Qwest Communications has determined that the damage occurred in Duluth north of Qwest’s downtown location. “A steam pipe burst and the hot steam hit one of our fiber lines and melted it,” said a spokeswoman for Qwest. “We now have people there that are working trying to fix it as soon as we can.” Damage to the fiber-optic line took place just before 11 a.m. and is affecting phone coverage for Qwest customers in Two Harbors, Grand Marais, Silver Bay, and Finland, she said. As repairs were being made, service also was disrupted in Duluth’s Lakeside neighborhood and a few other parts of town. Frontier Communications, which runs some of its traffic through the Qwest fiber-optic line, reported that about 4,000 of its customers in the same coverage areas also have been affected. Cell phone service is affected along Highway 61 between Two Harbors and Grand Marais, as well. Customers should be able to dial locally but will have trouble making toll or emergency calls, the spokesman said. Source: http://www.twoharborsmn.com/event/article/id/158591/group/News/publisher_ID/36/


58. January 26, Defense Industry Daily – (National) U.S. Navy beefs up commercial satellite capacity for ships. In the early weeks of Operation Iraqi Freedom, the U.S. military satellite communications capacity was overwhelmed by the demand from U.S. troops for satellite bandwidth to transmit voice and data communication. In response, the U.S. military dramatically increased its use of commercial satellite capacity to meet the explosion of demand. A study by the Satellite Industry Association found that 80 percent of all U.S. military satellite communication during the Iraq invasion was carried on commercial satellites. The then-assistant secretary of defense for networks and information integration estimated that the U.S. military purchased between $200 million and $300 million worth of commercial satellite services during the first year of the war. Recognizing the military’s reliance on commercial satellites, the US Navy undertook an effort, called the Commercial Broadband Satellite Program (CBSP), to develop and deploy satellite communication terminals specifically designed to increase the Navy’s commercial satellite communications capability. The Navy expects to eventually deploy 200 of the high capacity terminals, which will be able to send data at a speedy 21.4 Mbps as opposed to the current Inmarsat and Commercial Wideband Satellite Program terminals, which can only send data at 4 Mbps. Source: http://www.defenseindustrydaily.com/US-Navy-Beefs-Up-Commercial-Satellite-Capacity-for-Ships-06128/