Department of Homeland Security Daily Open Source Infrastructure Report

Friday, March 5, 2010

Complete DHS Daily Report for March 5, 2010

Daily Report

Top Stories

 According to the Associated Press, Singapore’s Navy issued a warning Wednesday that a terrorist group is planning attacks on oil tankers in the Malacca Straits, one of the world’s busiest shipping lanes. (See item 1)

1. March 4, Associated Press – (International) Singapore warns of terror threat in Malacca Strait. Singapore’s Navy warned that a terrorist group is planning attacks on oil tankers in the Malacca Straits, one of the world’s busiest shipping lanes. Terrorists may also be targeting other vessels in the shipping lane off Malaysia’s east coast, according to an advisory issued on March 3 by the Navy’s Information Fusion Center seen by the Associated Press. “The terrorists’ intent is probably to achieve widespread publicity and showcase that it remains a viable group,” the Navy advisory said. “However, this information does not preclude possible attacks on other large vessels with dangerous cargo.” The Navy did not say which terrorist group is planning the attacks. Spokesmen at the Defense Ministry and the Information Fusion Center were not immediately available for comment. The Malacca Strait is the favorite route of oil shippers between the Persian Gulf and Asian Pacific markets. The strait, just 1.7 miles at its narrowest point, was the second-busiest shipping lane of crude in 2006, with 15 million barrels a day passing through, according to the U.S. Energy Information Agency. Singapore lies at the southern tip of the Malay peninsula and is home to the world’s busiest port. The Navy said in previous successful terrorist attacks on tankers, small fishing boats or speedboats were used, and these kinds of boats could be used to attack ships in the Malacca Strait. The Navy, which said it is coordinating with regional partners regarding the threat, recommended ships add lookouts and lighting, avoid fishing areas, and maintain a good speed. Source:

 The U.S. Department of Justice announced that a suspect, who emigrated from Russia and set up numerous shell corporations in Oregon on behalf of Russian clients, was arrested Wednesday on charges of operating an unlicensed money transmitting business. The shell corporations allegedly were used to move more than $172 million into the United States and out to more than 50 countries. (See item 14 below in the Banking and Finance Sector)


Banking and Finance Sector

13. March 4, Washington Post – (National) Fed proposes limits on credit card penalty fees. The Federal Reserve proposed restrictions Wednesday on penalty fees that credit card issuers can charge consumers, including limiting the amount of late fees. One of the most significant changes would prohibit card companies from issuing penalty charges larger than the amount of the violation, a common consumer complaint. For example, a person who is late on a $20 minimum payment could not be hit with a $39 late fee. In addition, if a card’s spending limit is exceeded by buying a $2 cup of coffee, the penalty fee cannot exceed $2. The proposed regulations represent the Fed’s latest efforts to comply with the sweeping credit card reform legislation passed by Congress last spring. The final phase of the legislation, slated to take effect in August, requires that any penalty fees be “reasonable and proportional” — and lawmakers left it to the Fed to determine exactly what that meant. The proposal also bans inactivity fees that some card companies have charged if consumers do not make new purchases and prohibits multiple penalty fees for a single transgression. Card issuers must notify consumers of the reason for any interest rate increases and are required to take a second look at any accounts that have had rate increases since January 1. Source:

14. March 3, U.S. Department of Justice – (National) Oregon man charged with operating illegal money transmitting business that moved more than $172 million through shell corporations in the United States. A suspect, who emigrated from Russia and set up numerous shell corporations in Oregon on behalf of Russian clients, was arrested on March 3 on charges of operating an unlicensed money transmitting business, announced the assistant attorney generalof the Criminal Division and the U.S. attorney for the District of Oregon. The shell corporations allegedly were used to move more than $172 million into the United States and out to more than 50 countries. The suspect, a naturalized U.S. citizen living in Tigard, Oregon, was indicted by a federal grand jury on one count of operating an unlicensed money transmitting business after more than 4,200 wire transactions had been made. The indictment alleges that the suspect emigrated from Russia to the United States in 1998. In order to move money in and out of the United States, the suspect allegedly created various shell corporations under Oregon law, and then opened bank accounts, including accounts at Wells Fargo, Key Bank, Bank of America and Bank of the West, which he used to deposit money he received from his Russian clients. The suspect allegedly would then wire the money out of the accounts based on wire instructions he received from his clients. Source:

15. March 3, Miami Herald – (Florida) SEC accuses Miami couple of running $135M Ponzi scheme. On March 3, the Securities and Exchange Commission alleged in a civil complaint that a couple had defrauded hundreds of people, mostly elderly Cuban-Americans, as part of a long-running Ponzi scheme. In all, the SEC alleges, the couple duped investors to the tune of $135 million between 2002 and 2009. The federal agency also alleged that the couple used $20 million from investors to pay themselves exorbitant salaries, to invest in other projects and to divert some $1 million to their children and grandchildren in the form of alleged “consulting fees.” SEC officials said the couple were not registered with the federal government to make securities offerings to investors. According to a statement, the SEC says that the Miami couple, who founded Royal West Properties Inc. in 1982, sold promissory notes to investors after acquiring various properties and later financing their sale. It further alleges that Royal West continued to offer credit schemes and real estate investments, particularly to Cuban and Latin American investors, even after showing operating losses as early as 2002. Source:

16. March 3, eSecurity Planet – (International) Database security lacking at financial services firms. Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers’ and employees’ privacy at risk, according to a new study from the Ponemon Institute. The study, commissioned by enterprise software and consulting firm Compuware, identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust. “One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study,” the head of the Ponemon Institute, said in a statement. “While there is a great deal of progress being made, there is still a long way to go.” For instance, the survey of top security officials at 80 large financial firms found that 83 percent use real data, such as credit card or account numbers, when developing and testing applications. Ponemon concluded that a majority of the firms surveyed don’t take sufficient steps to safeguard that information. The latest warning about information security comes amid a growing wave of data breaches that have targeted universities, insurance firms and others. Source:

For another story, see item 49 below in the Information Technology Sector

Information Technology

46. March 4, – (International) RSA 2010: Hackers using legitimate cloud services for dark ends. Hacking groups are using legitimate cloud offerings such as Amazon Web Services to facilitate malware creation and password cracking, delegates at RSA 2010 were told. The Russian Business Network (RBN), one of the most powerful and extensive malware and hacking organisations, has been buying time on Amazon’s EC2 platform to build malware and attack passwords, according to the founder of security consultancy InGuardians. The RBN, based in northern Russia, is one of the biggest and most professional hacking groups in the world. The organization started in the pornography business, but quickly moved to crime and now offers malware-as-a-service and hosting services, and provides credit card data and false identities. It is thought that one of the founders of the RBN is the son of a Russian politician, and that the group may have been behind the cyber attacks on Estonia and Georgia. Other security professionals have confirmed the use of mainstream cloud services by the hacking and malware community. Source:

47. March 4, IDG News Service – (International) Source code management a weak spot in Aurora attacks. Companies should take extra steps to secure their source code from the type of targeted attacks that hit Google, Adobe, Intel and others over the past few months. That’s according to security vendor McAfee, which released a report detailing the way software source code was accessed in some of these attacks. “We saw targeted attacks against software configuration management products,” said McAfee’s chief technology officer (CTO.) In many of the attacks company engineers and technical staff were targeted with malicious software. And in some cases, source code management systems were accessed and code was downloaded outside of company firewalls, the CTO said. “These systems are designed so you can have multiple people around the world working on them,” he said. That often gives the bad guys several ways to get into the code. To make matters worse, source code management systems “are underprotected and not very well monitored,” he said. That means that they could make easy targets in future attacks. Source:

48. March 4, The Register – (International) Hacking human gullibility with social penetration. Two security penetration testers rely plenty on attacks that exploit weaknesses in websites and servers, but their approach is better summed up by the famous phrase “There’s a sucker born every minute”. That’s because so-called social penetration techniques are more reliable and easier to use in identifying chinks in client fortresses, the principals of Mad Security said on March 3. That’s true even for organizations that place a high premium on security and train their employees to resist the most common attempts to trick them into letting down their guard. One of the testers said he regularly sends client employees emails informing them the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 percent. The vulnerability stems from humans’ inherent tendency to trust one another. Source:

49. March 4, Help Net Security – (International) RSA authentication weakness discovered. The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered. RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers’ information online. The scientists found they could foil the security system by varying the voltage supply to the holder of the “private key,” which would be the consumer’s device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them. A doctoral student in the Department of Electrical Engineering and Computer Science will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10. Source:

50. March 3, Network World – (International) Wi-Fi could lead thieves right to your laptop. Stuffing a company laptop into the car trunk or even a locker, without turning off its Wi-Fi radio, can be an open invitation to thieves, according to Credant Technologies. Thieves with increasingly sophisticated, directional Wi-Fi detectors can home in on the laptop’s radio, tracking it down even when the PC is hidden away. A statement by the mobile security software vendor highlighted a recent warning from a security specialist at University of Technology, in Jamaica. He said that it appeared crooks running a lottery scam on the island were using stolen laptops to do so. They tracked down the often out-of-sight computers using Wi-Fi radio detectors. The detectors, sometimes called “Wi-Fi finders,” are readily and inexpensively available. But many of them simply register the presence and strength of Wi-Fi signals, such as those from public hotspots. Depending on the features, the detector may not be very helpful in finding a precise location, for example, an active laptop radio in an automobile parked with a lot of others. But Hawking Technologies’ Hi-Gain WiFi Locator Professional Edition includes a high-gain antenna that can more precisely locate a Wi-Fi radio. Source:

51. March 2, PC World – (International) Digital thieves dominate data breaches. For the first time, hackers have become the biggest cause behind publicly reported data breaches, according to a recent report. The Identity Theft Resource Center began tracking the cause of reported breaches three years ago. For the past two years, the top cause was what the ITRC calls “data on the move”—typically a lost laptop with unencrypted data, or even a lost briefcase. That changed in 2009, when about one out of every five data breaches had a hacker behind it. A thief who walks away with a laptop is likely more interested in wiping its hard drive and selling it than in selling its data. But a hacker who invades a company’s network and swipes a trove of credit card numbers is sure to use them, or sell them to someone else who will. The ITRC notes that its study is based only on reported breaches. Because state laws and policies vary, not all breaches or their causes are reported. The number of data breaches dropped from 657 in 2008 to 498 in 2009 (in 2007, there were 446). But the while the total number of breaches dropped, the number of hacker-launched thefts rose. Source:

Communications Sector

52. March 4, WBAY 2 Green Bay – (Wisconsin) WBAY transmission line repair to be in mid-spring. WBAY-TV’s chief engineer says WBAY’s transmission line will be replaced in late April or early May. The entire, multi-ton transmission line which has many components needs to be replaced. Delivery of the parts for the repair is now expected in late April, and coordinating the extensive repair job will take several days after the delivery. In January, WBAY-TV experienced a power drain in its over-the-air signal. The engineer says when crews examined the transmission line at WBAY-TV’s broadcast tower, they discovered damage from a “flashover” inside the line. WBAY-TV is transmitting with as much power as possible without risking further damage. Arrangements were made to provide WBAY’s signal by ground cables to cable companies, AT&T U-Verse, and Dish Network, and WBAY’s signal is still reaching 96 percent of WBAY’s viewing audience compared to before experiencing transmission problems. Source:

53. March 3, Asheville Citizen-Times – (North Carolina) WNCW knocked off the air today, but remains online. Public radio station WNCW-FM/88.7 has been temporarily knocked off airwaves, but continues to operate today via the Internet. The station is experiencing “major technical issues” at its transmitter site on Clingman’s Peak, and a repair crew is on the way to fix the problem, according to an announcement posted on the station’s web site. The station’s programs continue to stream online at Source:

54. March 3, Federal Computer Week – (National) DOD’s reliance on commercial satellites hits new zenith. The U.S. military is increasingly turning to the private sector for many of the services it relies on. After the supply of energy and terrestrial fiber communications, satellite communications is the top capability that the U.S. military relies on the private sector to deliver. Industry experts estimate that 80 percent of all satellite bandwidth that the Defense Department uses is purchased by the Defense Information Systems Agency from companies such as Inmarsat, Intelsat and Iridium. That percentage is expected to climb north of 90 percent in the near future as unmanned aerial vehicles and other intelligence, surveillance and reconnaissance (ISR) systems begin transmitting in high definition, which will require even more bandwidth. New satellite constellations, such as the Mobile User Objective System (MUOS), are expected to take up some of the slack. However, the need for supplemental bandwidth is expected to continue growing during the time that the five MUOS satellites are put into orbit between 2010 and 2015. DOD leaders might have legitimate concerns about the department’s dependence on the private sector for such a vital tactical capability. Source: