Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, February 18, 2010

Complete DHS Daily Report for February 18, 2010

Daily Report

Top Stories

 According to CNN, a medium sized-bomb exploded Tuesday at a building housing offices of U.S. financial services firm J.P. Morgan in Athens, Greece. A warning was phoned before the explosion, and police evacuated the building. (See item 16 below in the Banking and Finance Sector)

 WTSP 10 St. Petersburg reports that police are searching for those responsible for planting a series of potentially dangerous acid bombs that detonated Monday afternoon inside two separate restaurants along Clearwater Beach, Florida. Customers were in the area, but no one was injured. (See item 36)

36. February 16, WTSP 10 St. Petersburg – (Florida) Acid bombs go off along Clearwater Beach. Police are searching for those responsible for planting a series of potentially dangerous acid bombs that detonated inside two separate restaurants along Clearwater Beach. Investigators say the small homemade devices went off at both the Palm Pavilion and Frenchy’s Rockaway Grill between 4:30 and 5:30 Monday afternoon. One of the bombs was placed inside a garbage can just inside the front entrance at Frenchy’s. Surveillance cameras at the restaurant captured at least one person wandering around the garbage can shortly before the explosion. The other device was placed below the wooden deck in the outdoor eating area at the Palm Pavilion located across the parking lot from Frenchy’s. Clearwater Police say customers were in the area, but no one was injured. Investigators are reviewing the video tape and were out Tuesday searching the area for any additional evidence. Source:


Banking and Finance Sector

15. February 17, IDG News Services – (International) US jury convicts Nigerian on wire fraud charges. A 31-year-old Nigerian man could face up to 20 years in prison after being convicted on February 16 of charges related to running advance free fraud scams for five years, according to the U.S. Department of Justice. The defendant lived in Nigeria, Ghana and the U.S. between August 2004 and August 2009, running scams that involved sending e-mails and making phones calls in order to perpetrate advance free fraud (AFF). The scams try to entice victims into sending money with the false promise they’ll receive a greater sum of money in the future. He posed as a government or bank official, sending fake documents to victims in order to persuade them to send money via money transfer services such as Western Union. Prosecutors alleged “numerous” victims sent money to the defendant, both directly and indirectly. The defendant is scheduled for sentencing in U.S. District Court for the District of Connecticut on May 7. Source:

16. February 16, CNN – (International) Bomb blast hits J.P. Morgan building in Greece. A medium sized-bomb exploded on February 16 at a building housing offices of financial services firm J.P. Morgan in Athens, Greek police said. A warning was phoned to a Greek newspaper 30 minutes before the explosion, and police evacuated the building, a police spokesman told CNN. No one was hurt. The callers did not identify themselves, he said. The warning call “means they don’t want to have victims,” he said. “They never say who it is when they call. They claim it after.” The call came about 7:15 p.m. (12:15 p.m. ET), he said. The latest attack comes as Greece’s national budget deficit causes major headaches for the European Union currency, the euro, and financial markets. The European Union earlier on February 16 ordered Greece to cut its deficit to meet EU regulations. Source:

17. February 16, New Jersey Local News Service – (New Jersey) Authorities investigate suspicious powder sent to Cedar Grove bank. An envelope containing white powder that arrived at a Cedar Grove bank Tuesday was a false alarm, township police said. Nutley’s hazardous materials response team determined the powder was nontoxic, said a Cedar Grove police captain. Employees at Citibank called police about the envelope after it came in the mail. Police responded about 8:45 a.m. The Essex County Prosecutor’s Office, the New Jersey State Police, and the Federal Bureau of Investigation are investigating the incident, the captain said. The captain would not say what was written on the envelope or whether it contained anything else. Source:

18. February 16, Bloomberg – (National) Hoenig says Fed’s objectives threatened by U.S. debt. The Federal Reserve Bank of Kansas City president said the U.S. must take “difficult” steps to reduce spending and increase revenue so the central bank isn’t pressured to fund the “unsustainable” federal debt. “It is a fact that the current outlook for fiscal policy poses a threat to the Federal Reserve’s ability to achieve its dual objectives of price stability and maximum sustainable long- term growth, and therefore is a threat to its independence as well,” he said on February 16 in a speech in Washington. The U.S. President’s administration estimates budget deficits will total $4.3 trillion during the next five years and hit a record $1.6 trillion in the year ending September 30. The U.S. must be “willing to disappoint a host of special interests” and tackle the debt, or it risks “its own next crisis,” the Federal Reserve Bank of Kansas City president said. He said the plan should include “controlling budget earmarks, trimming subsidies to numerous economic sectors and resolving our banking problems and the perception that Wall Street is favored over Main Street, all of which would otherwise foster mistrust and cynicism among the public.” Responding to audience questions, he said the Fed’s “primary goal” now is executing its “exit strategy” from a record credit expansion in a way that “doesn’t cause harm.” Source:

19. February 16, KSL 5 Salt Lake City – (Utah) Criminals ‘skimming’ account information at gas pumps. Police in Sandy say criminals have been using an electronic device attached to gas pumps that allows them access to credit and debit accounts. Two of these devices were recently discovered at gas stations in Sandy, but police say it’s been happening all over the valley. People were also being ripped off by a fraud technique they call at another 7-Eleven convenience store near 1300 East and 8600 South. Police say they were led to the store after an agency in California informed them about its connection between several fraud victims. When police checked the pumps, they found that one of the panel doors had been completely replaced, and the device was inside transmitting credit card and debit card information to another location via Bluetooth. “Somebody might sit in a parking lot with a laptop for a while, or a BlackBerry, something that would collect via Bluetooth — would download occasionally as people would come though and buy gasoline, collect their information,” said a Sandy police sergeant. Police say between the device at the 7-Eleven on 1300 East and the device found at the 7-Eleven on 9400 South, consumers lost more than $11,000 from criminals skimming their credit and debit cards. Source:

Information Technology

61. February 17, IDG News Services – (International) Wipro investigates alleged $4 million fraud by employee. Indian outsourcer Wipro said Wednesday it is investigating the embezzlement of $4 million from the company after an employee allegedly obtained a colleague’s online password. The fraud, which was detected in December, had been going on for about a year, although the company has been able to recover half of the money, a Wipro spokeswoman said. The company will decide whether to pursue criminal proceedings against the employee, who works in the controllership division of Wipro’s finance department, after an internal investigation is completed, a Wipro spokeswoman said. The employee has not been named. Wipro described the fraud as an “information security breach” on account of “human intervention.” The company will continue to tighten its processes to prevent the misuse of passwords, the spokeswoman said. After the fraud reported last year at Satyam Computer Services, another Indian outsourcer, Indian companies have focused on improved processes and systems to counter fraud. Source:

62. February 17, Computer World – (International) Adobe issues emergency PDF patches. As expected, Adobe on February 16 released an emergency update that patched a pair of critical vulnerabilities in its popular PDF viewing and editing software. Adobe ranked both bugs as critical. On February 11 Adobe said it would issue a rush patch for Adobe Reader and Adobe Acrobat on February 16; it made good on the promise by addressing two flaws. One was identical to the cross-domain request vulnerability fixed last week in Flash Player, Adobe’s ubiquitous media player, while the second was a vulnerability that attackers could exploit to install malware on a targeted machine. Between February 11, when Adobe updated Flash Player, and February 16, when it patched the same flaw in Reader and Acrobat, the latter programs were theoretically vulnerable to attack if an ambitious hacker had pulled apart the Flash patch and managed to figure out where the vulnerability was within Reader. Source:

63. February 17, The Register – (International) Windows Live suffers user details identity crisis. Microsoft’s online Windows Live estate was hit by a major server shutdown for about an hour on February 16, after some users of the service complained that they could see other people’s accounts. “As some of you may have noticed (we heard from you on Twitter!) we had an issue with the Windows Live ID service between 9 and 10AM PST this morning,” admitted a Microsoft spokesman on February 16. “Due to the failure of one server, Windows Live ID logins were failing for some customers, and this increased the load on our remaining servers. We took the problematic server offline and brought a new server into rotation. We identified the root cause and fixed it in less than an hour, but it took a while to resolve the logjam that had built up in the meantime, and to redistribute the load to normal levels.” Microsoft said it would “fully investigate the cause” and apologized for its latest cloud-based failure. In the past few months alone Microsoft has admitted to a series of online user data accidents. Source:

64. February 17, The Register – (International) Experts reboot list of 25 most dangerous coding errors. Computer experts from some 30 organizations worldwide have once again compiled a list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications. The list for 2010 bears a striking resemblance to last year’s list, which was the first time a broad cross section of the world’s computer scientists reached formal agreement on the most common programming pitfalls. The effort is designed to shift attention to the underlying mistakes that allow vulnerabilities to happen in the first place. The updated list was spearheaded by the not-for-profit MITRE Corporation, the Sans Institute, the National Security Agency, and the US Department of Homeland Security’s National Cyber Security Division. Topping the vulnerabilities list are XSS (cross-site scripting), SQL injection, and buffer-overflow bugs. The 25 flaws are the cause of almost every major cyber attack in recent history, including the ones that recently struck Google and 33 other large companies, as well as breaches suffered by military systems and millions of small business and home users. Its release on February 16 coincided with a renewed push for customers to hold software developers responsible for the security of their products. Security experts say business customers have the means to foster safer products by demanding that vendors follow common-sense safety measures such as verifying that all team members successfully clear a background investigation and be trained in secure programming techniques. Source:

65. February 16, IDG News Service – (International) Security bug opens Google Buzz to hackers. A common Web programming error could give hackers a way to take over Google Buzz accounts, a security expert said on February 16. The flaw is a “medium-sized problem” with the Buzz for Mobile Web site, said the CEO of SecTheory, who first reported the issue. This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites. The attacker “can force you to say things you don’t want to say, to follow people,” he said. “Whatever Google Buzz allows you to do, it allows him to do to you.” Because attackers can use the flaw to put their content on the domain, they could also create phishing attacks against Google users, the CEO said. Source:

66. February 16, DarkReading – (International) New report examines malware’s origins, motivations. In a report issued last week, a ScanSafe security researcher offers some thoughts on the genesis and spread of malware — this time from a business perspective, rather than a technical point of view. While the report — part of ScanSafe’s “Annual Global Threat Report” — is far from the first to offer insight on the business of malware, it does offer a snapshot of the current state of the malware business and a clear categorization of the players. While many outside of the security industry still perceive “hackers” as teenagers or isolated geeks who work alone, the researcher’s report encourages security professionals — and the general public — to see malware as a cooperative industry that supports specialists, economies, and supply chains. “Malware is every bit as layered as any other industry,” she says. “There are mom-and-pop shops. There are big giants. There are suppliers and developers and a global market.” Source:

67. February 16, ComputerWorld – (International) Hackers update rootkit causing Windows blue screens. Hackers behind the rootkit responsible for crippling Windows machines after users installed a Microsoft security patch have updated their malware so that it no longer crashes systems, researchers confirmed on February 16. The rootkit, known by a variety of names — including TDSS, Tidserv and TDL3 — was blamed by Microsoft on February 12 for causing Windows XP PCs to crash after users applied the MS10-015 security update, one of 13 Microsoft issued a week ago. Within hours of that update’s release, users flooded Microsoft’s support forum, reporting that their computers had been incapacitated with a Blue Screen of Death (BSOD). Security researchers on February 16 said that the makers of TDSS have updated the rootkit so that it no longer conflicts with MS10-015. “The update day before yesterday prevents PCs from getting stuck in the BSOD loop,” said a researcher with Moscow-based antivirus vendor Kaspersky. The rootkit’s authors have reason to hustle out an update, said two researchers, who explained that blue-screened PCs are as worthless to the hackers — who want access to the machines — as they are to their owners. Worse, the BSODs have revealed to many Windows users that their systems were infected. Source:

Communications Sector

68. February 17, WBIW 13 Topeka – (Kansas) WIBW may experience interruption Wednesday afternoon. Some WIBW TV viewers may lose the signal on February 17 between 10 a.m. and 5 p.m. A beacan on an antenna has burned out, and Federal Aviation Safety requirements mean a tower crew must climb the broadcast tower and replace the beacon. During that replacement process, power must be turned off to the tower, and the outage may last a half hour or more. Source:

69. February 17, Erie Times News – (New York) FCC cites Erie men for operating pirate radio stations. The Federal Communications Commission has cited two men for operating unlicensed radio stations in downtown Erie. The two men were sent notices February 2 demanding that they stop broadcasting immediately and show proof of FCC approval. The FCC’s records show no license has been issued for the frequencies on which they were broadcasting: 89.5 and 90.1 FM, respectively. Both men are subject to possible fines, imprisonment and having their broadcasting equipment confiscated. The stations have since gone off the air. They had been broadcasting rhythm and blues, soul and gospel music. Radio broadcasters must have an FCC license to operate unless they are a low-frequency operator. The strength of each signal exceeded the limit, a FCC spokesman said in the notice. Source:

70. February 16, IDG News Service – (National) FCC plans for speedy broadband service to 100M households. The U.S. Federal Communications Commission (FCC) chairman on February 16 laid out some details, including an ambitious “100 Squared” initiative, that will be part of the agency’s National Broadband Plan that it will send to Congress in March. The “100 Squared” plan aims to bring 100Mbit/sec Internet service to 100 million homes. The chairman generally said that the broadband plan outlines a vision to be reached by 2020, but he did not specify that the 100 Squared plan should be achieved by then. The chairman said that goal should just be the beginning. “And we should stretch beyond 100 megabits. The U.S. should lead the world in ultra-high-speed broadband testbeds as fast, or faster, than anywhere in the world,” he said in a speech delivered to the National Association of Regulatory Utility Commissioners Conference on February 16. The text of his remarks was released to the public. Currently, the U.S. lags behind many other developed nations that have greater broadband penetration rates and offer people higher data rates. Source: