Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, February 17, 2010

Complete DHS Daily Report for February 17, 2010

Daily Report

Top Stories

 According to the Associated Press, a survivor of a shooting rampage Friday at the University of Alabama-Huntsville said the professor charged in the fatal attack methodically shot her victims in the head until the gun apparently jammed and she was pushed out of the room. Three were killed and two wounded. (See item 38)

38. February 16, Associated Press – (Alabama) Survivor: Ala. prof in slayings shot methodically. A survivor of a university shooting rampage said the professor charged in the fatal attack methodically shot her victims in the head until the gun apparently jammed and she was pushed out of the room. The professor told the Associated Press on Tuesday he was one of 12 people at the biology department meeting Friday at the University of Alabama-Huntsville. He described the details in an e-mail to a colleague at the University of California-Irvine. He said the meeting had been going on for about half an hour when the shooter “got up suddenly, took out a gun and started shooting at each one of us. She started with the one closest to her and went down the row shooting her targets in the head.” The woman, a Harvard-educated neurobiologist, was arrested and charged with one count of capital murder and three counts of attempted murder. Three were killed and two wounded. Source:

 The Associated Press reports that two huge waves swept away spectators watching a surfing contest Saturday morning in Half Moon Bay, California, causing broken bones and other injuries to dozens of people standing on a seawall. (See item 55)

55. February 14, Associated Press – (California) Watchers hurt by rogue waves at CA surfing contest. Two huge waves swept away spectators watching a Northern California surfing contest Saturday morning, causing broken bones and other injuries to people standing on a seawall. Thirteen people were injured, with two immediately transported to area hospitals. Eleven others were being treated at the beach for injuries including “a couple broken legs and broken hands and so forth,” according to the California Department of Forestry and Fire Protection Battalion Chief. He estimated “a couple hundred” people were on the seawall when the waves struck. Witnesses said the wave knocked out a large scaffold holding speakers broadcasting the Mavericks Surf Contest, held in Half Moon Bay, a tiny harbor town 25 miles south of San Francisco along Highway 1. Authorities moved bystanders from the sea wall and about 100 yards back from the water, but spectators were still able to watch the surf contest, he said. “Nobody was swept away into the water. They were just swept onto the beach area pretty hard,” he said. “It’s pretty rocky. We’ve cleared the beach area so this does not happen again.” Source:


Banking and Finance Sector

17. February 15, SC Magazine – (International) Major flaw discovered in Chip and PIN technology that could allow a fraudster to make purchases with a dummy login. A report by security researchers at Cambridge University have demonstrated a flaw in Chip and PIN technology. It said that the flaw would allow a fraudster to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster would be able to perform a man-in-the-middle attack to trick the terminal into believing that the PIN verified correctly, while telling the issuing bank that no PIN was entered at all. This would not work at a cashpoint or ATM, but would allow for large purchases. With the use of a man-in-the-middle device, which can intercept and modify the communications between card and terminal, a fraudster can trick the terminal into believing that PIN verification succeeded by responding with 0x9000 to Verify, without actually sending the PIN to the card. Source:

18. February 14, Associated Press – (Minnesota) Alleged AIDS patient robs bank with syringe. FBI officials said a man claiming to have AIDS and “nothing to live for” used a hypodermic needle to hold up a Minneapolis bank. The FBI said the robber walked into TCF Bank about 3 p.m. on February 12. He allegedly threatened three tellers with a syringe that appeared to contain blood. According to the St. Paul Pioneer Press, authorities said he fled with cash and got into a taxi. Source:

19. February 12, IDG News Service – (National) Criminal hacker ‘Iceman’ gets 13 years. A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers. The guilty party, who used the hacker pseudonym Iceman, was sentenced on February 12 in U.S. District Court in Pittsburgh on charges of wire fraud and identity theft. In addition to his 13-year sentence, he will face five years of supervised release and must pay $27.5 million in restitution to his victims, according to the assistant U.S. attorney who prosecuted the case for the federal government. The defendant gained notoriety for hacking into carder forum Web sites, where stolen credit card numbers are bought and sold, and forcing members to conduct their business through his own site — Criminals used the stolen credit card numbers to create fake debit and credit cards that were then used to steal money or merchandise. Source:

Information Technology

50. February 15, The Register – (International) Rootkit blamed for Blue Screen patch update snafu. The presence of a hard-to-detect rootkit may have caused Windows XP machines to freeze up after applying a patch from Microsoft last week, according to preliminary analysis of the problem from Microsoft’s security team. Microsoft’s users forums filled up with reports of Windows XP users experiencing the dreaded Blue Screen of Death (BSOD) after applying the 13 patches released by Redmond last week. The problem was later linked to one specific update — MS10-015 — a patch for an “important” kernel flaw — and it was discovered that uninstalling this package unfroze affected machines. The Blue Screen problem affected a minority of machines but was far from isolated, with many reported cases. Subsequent security sleuthing by a system administrator revealed that Windows XP machines that failed after applying the update may have been infected with the TDSS rootkit. Microsoft’s security team has since confirmed that the malware may explain the Blue Screen issue in many cases, without ruling out other possibilities. Source:

51. February 12, IDG News Service – (International) Rogue antivirus program comes with tech support. In an effort to boost sales, sellers of a fake antivirus product known as Live PC Care are offering their victims live technical support. According to researchers at Symantec, once users have installed the program, they see a screen, falsely informing them that their PC is infected with several types of malware. That is typical of this type of program. What’s unusual, however, is the fact that the free trial version of Live PC Care includes a big yellow “online support” button. Clicking on the button connects the victim with an agent, who will answer questions about the product via instant message. Symantec says the agent is no automated script, but in fact a live person. This lends an “air of legitimacy” to the program, said a manager of development with Symantec Security Response. The tech support does not help much, though. According to Symantec, the support staff simply try to convince victims to shell out between US$30 and $100 for the product. Source:

Communications Sector

52. February 15, Scranton Times-Tribune – (Pennsylvania) WVIA-TV signal restored after blaze, radio signal follows. Public broadcast programming has been restored to most households in Northeast Pennsylvania following a devastating blaze that destroyed the transmission facility of WVIA-TV on February 12. Programing for WVIA is on cable systems and DirecTV, and by the end of the day on February 14, the broadcast signal was transmitting on Channel 49, which had been WNEP-TV’s high-definition channel. WNEP officials agreed to allow WVIA to use their channel for its programs. The WVIA president said on February 14 he was grateful to both WNEP and the Federal Communications Commission, which cleared the move in order to restore the signal. The fire occurred on February 12 as electrical contractors were working in the building on Penobscot Mountain in Hanover Twp. An electrical arc ignited ceiling tiles, the president said. Extinguishing the fire was made difficult by the remoteness, served by a one-lane dirt road. Four WVIA employees in the building were unharmed. Source: