Department of Homeland Security Daily Open Source Infrastructure Report

Friday, March 26, 2010

Complete DHS Daily Report for March 26, 2010

Daily Report

Top Stories


 According to USA Today, U.S. border officials are warning that the violent prison gang suspected of killing three people linked to the U.S. consulate in Ciudad Juarez, Mexico may retaliate against U.S. officers. A bulletin issued through the El Paso Intelligence Center is urging law enforcement officials along the border, particularly in El Paso, to wear their protective vests and alert their own family members to the threat. (See item 49)

49. March 24, USA Today – (National) Mexican prison gang may target U.S. agents. U.S. border officials are warning that the violent prison gang suspected of killing three people linked to the U.S. consulate in Ciudad Juarez, Mexico, may retaliate against U.S. officers. A bulletin issued through the El Paso Intelligence Center is urging law enforcement officials along the border, particularly in El Paso, to wear their protective vests and alert their own family members to the threat, says the intelligence division chief for the Bureau of Alcohol, Tobacco, Firearms and Explosives. Last week, more than 200 officers from 20 separate law enforcement agencies targeted the prison gang Barrio Azteca in a series of raids. Investigators were looking for information about the slayings that stunned U.S. officials in Juarez, neighboring El Paso, and in Washington, where the U.S. President condemned the killings. An El Paso FBI spokeswoman says the actual source of the threat and whether it had come directly from the gang is not known. The Barrio Azteca group is one of the most violent prison gangs in the United States, according to the federal government’s 2009 National Gang Threat Assessment. A spokesman for the El Paso County Sheriff’s Department says officers were made aware of the threat against law enforcement earlier this week. Source:

 The Associated Press reports that federal officials say damage to levees in Missouri has put much of northeast Arkansas in a federally defined high-risk flood zone. The St. Francis Levee District CEO estimates that 125,000 households in the region will now have to buy flood insurance. (See item 64)

64. March 25, Associated Press – (Arkansas; Missouri) Damage to levees in Mo. puts much of NE Arkansas in federally defined high-risk flood zone. Federal officials say damage to levees in Missouri has put much of northeast Arkansas in a federally defined high-risk flood zone. The St. Francis Levee District CEO estimates that 125,000 households in the region will now have to buy flood insurance. People living along the Mississippi River and as far inland and Jonesboro could be affected. The designation comes from a nationwide effort by the Federal Emergency Management Agency (FEMA) to determine which areas are at high risk of flooding. Congress required the evaluation following Hurricane Katrina along the Gulf Coast in 2005. FEMA has since re-evaluated areas that fall under a 100-year flood risk — meaning there is a 1 percent chance each year of a catastrophic flood. Source:,0,4710482.story

Banking and Finance Sector

14. March 25, Courthouse News Service – (New Mexico) Real estate mogul caught in $80 million Ponzi scheme. A prominent New Mexico real estate mogul was accused by the Securities and Exchange Commission of running an $80 million Ponzi scheme. The Vaughan Company began selling promissory notes with fixed returns between 10 and 25 percent in 1993. The SEC says the mogul promised investors their money was secured by his personal wealth and land assets, and that the aggregate value on the notes would never exceed $2.5 million. He also told investors that his company would use the funds to make big profits on new real estate opportunities, the SEC says in its indictment. The mogul claimed to prefer raising money from investors instead of banks because he had vowed “never to go back to banks” after one mistreated him in 1992, the SEC said. He sold his notes and placated his investors with false earnings reports, claiming to be purchasing properties in Phoenix and Las Vegas and making “hard money” loans to builders and contractors, the SEC said. In fact, he paid all of his interest obligations with cash from new investors, according to the indictment. Source:

15. March 24, Associated Press – (Utah) Police: 2 held in Utah gas pump ‘skimming’ case. Police in a Utah town arrested two men and are trying to determine if eight credit card “skimming” devices found at service station gasoline pumps are part of a multistate theft operation. Richfield’s Police Chief says devices were found March 17 at gas pumps at Flying J and Walkers gas stations in his city off Interstate 70, east of Interstate 15 south of Salt Lake City. Security video helped police identify a damaged white Hummer that a store clerk spotted on March 19 near gas pumps at a Walkers station. Officers arrested two men, ages 27 and 55, suspected of being in the country illegally but carrying California identification cards. Richfield police have been contacted by authorities in Nevada and California tracing similarities in other skimming cases. Source:

16. March 24, WSMV 4 Nashville – (Tennessee) Police warn about debit card phone scam. Shelbyville police say not to be fooled if people get a phone call from an automated service saying their debit card has been compromised because it’s a scam. Police said a lot of residents are getting calls from a 703 area code. The recording asks people to enter their card and PIN so it can be fixed. The best advice, police said, is to hang up right away. People who have a problem with their card will receive a letter in the mail from their bank. Source:

17. March 24, WPTA 21 Fort Wayne – (Indiana) Three Rivers Credit Union phone scam alert. A warning from the Better Business Bureau for consumers who could receive automated calls about their Three River’s Credit Union accounts. The Robo-Calls are telling consumers their debit card has been deactivated and to press one to reactivate. If an individual press’s one, a person will ask you for your card number and hack into their account. BBB officials say everyone should just hang up if they get this message. The number that appears on the caller id is spoofed, meaning the scammers are using another innocent company’s number to call. Source:

18. March 24, IDG News Service – (International) E.C. launches new drive for bank data-sharing agreement. The European Commission on March 24 began work on a new set of negotiations with the U.S. on the transfer of E.U. citizens’ bank data for counterterrorism purposes, after a previous agreement was vetoed by the European Parliament. The agreement is needed because while European data protection laws prohibit the passing of personal data to the U.S., American authorities say the data has been a valuable tool with which to track the funding of terrorist acts. The Parliament torpedoed the agreement last month partly because it felt that European civil liberties were being compromised, but also because it was excluded from the decision-making process. As a result, SWIFT, the Belgian bank networking firm that transmits billions of financial transactions every day and lies at the center of the debate, is in legal limbo, with the U.S. demanding the data, while E.U. laws forbid it from continuing such cooperation. In addition to respecting E.U. citizens’ rights to privacy, the E.U. commissioner for civil rights said the future agreement would explicitly provide U.S. reciprocity. The agreement shot down by the E.U. Parliament made no demands on the U.S. to share bank transfer data belonging to U.S. citizens in order to assist European antiterrorism efforts. Source:

19. March 22, Federal Bureau of Investigation – (National) FBI releases 2009 bank crime statistics. On March 22 the FBI released bank crime statistics for calendar year 2009. Between January 1, 2009 and December 31, 2009, there were 5,943 robberies, 100 burglaries, 19 larcenies, and three extortions of financial institutions reported to law enforcement. The total 6,065 reported violations represents a decrease from 2008, during which 6,8572 violations of the Federal Bank Robbery and Incidental Crimes Statute were reported. Some of the highlights of the report include: Of the 6,062 total reported bank robberies, burglaries, and larcenies, loot was taken in 5,514 incidents (91 percent). No loot was taken during the three reported bank extortions; The total amount taken was valued at more than $45.9 million. More than $8 million was recovered and returned to financial institutions; and during the reported bank robberies, burglaries, and larcenies, the following modus operandi were the most common: oral demand (3,368 incidents), demand note (3,269 incidents), firearm used (1,619 incidents), use of a weapon threatened (2,553 incidents). Of the three reported extortions, perpetrators used or threatened the use of explosive devices during one incident and made threats by telephone during two incidents, among others. These statistics were recorded as of February 22, 2010. Source:

Information Technology

52. March 25, The Register – (International) iPhone, IE, Firefox, Safari get stomped at hacker contest. It was another grim day for internet security at the annual Pwn2Own hacker contest on March 24, with Microsoft’s Internet Explorer, Mozilla’s Firefox and Apple’s Safari and iPhone succumbing to exploits that allowed them to be remotely commandeered. Like dominoes falling in rapid succession, the platforms were felled in the fourth year of the contest, which has come to underscore the alarming insecurity of most internet-facing software. To qualify for the big-money prizes, the exploits had to attack previously undocumented vulnerabilities to expose sensitive system data or allow the remote execution of malicious code. The exploits were all the more impressive because they bypassed state-of-the-art security mitigations the software makers have spent years implementing in an attempt to harden their wares. That included DEP, or data execution prevention, and ASLR, or address space layout randomization and in the case of the iPhone, code signing to prevent unauthorized applications from running on the device. Source:

53. March 25, IDG News Service – (International) Malware attack uses China World Expo guise. A malware attack dressed up as an e-mail from organizers of the upcoming Shanghai World Expo targeted at least three foreign journalists in China, in the latest sign of increasingly sophisticated cyberattacks from the country. The e-mail appeared to be sent from the inbox of the Expo news office, but it was not sent by the Expo and may be targeting journalists who signed up to cover the event, a reporters’ advocacy group in China told members in an e-mail on March 25. There was also no evidence to suggest that the e-mail sent to foreign journalists had any tie to the government. But at least one version of the e-mail, which was sent by an attacker to IDG News Service, clearly targeted people who had filled out a spreadsheet to register for the Expo. The e-mail had a .pdf attachment that exploited a recently patched vulnerability in Adobe Reader, according to scan results on the Wepawet malware analysis Web site. Source:

54. March 25, Help Net Security – (International) Millions continue to click on spam. Even though over 80 percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to a Messaging Anti-Abuse Working Group (MAAWG) survey. In the survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection. Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36 percent of consumers believe they might get a virus and 46 percent of those who opened spam did so intentionally. This is a problem because spam is one of the most common vehicles for spreading bots and viruses. Source:

55. March 24, Computerworld – (International) Gmail now warns users of suspicious account activity. Google on March 24 added an alert to Gmail that warns users of the Web mail service when their account may have been hijacked. Using several criteria — including plotting the Internet protocol (IP) address of each successful log-on — Google determines whether to sound the alarm, which pops up at the top of a user’s account and reads “Warning: We believe your account was last accessed from...” along with the location associated with the log-on. If an account is accessed from one country, then again a few hours later from a different country, Google would likely sound the alarm. The assumption: The multiple and geographically divergent log-ons would be a clue that the account had been hacked, and was now being used to send spam, spread scams or distribute malware. Source:

56. March 24, SC Magazine – (International) Security conference gets underway, with the revealing of 20 zero-day flaws in Apple’s OS X expected to be the highlight. March 24 saw the CanSecWest conference get underway in Vancouver, British Columbia and among the highlights is predicted to be the unveiling of 20 zero-day exploits in the Mac OS X platform. A security researcher, whose previous presentations included a demonstration of a vulnerability in the Apple iPhone, will speak on analysis of fuzzing at the conference. Speaking to, the researcher explained that he took the most naive approach to fuzzing and performed it against Preview/Safari, Adobe Reader, MS PowerPoint and Open Office. In an interview with Forbes, the researcher gave more insight into his discoveries, claiming that he had found 30 previously unknown critical security vulnerabilities in common software, 20 of which are in Apple’s Preview application. Source:

57. March 24, SC Magazine – (International) Insider threat and data loss can be brought under control with effective end-user behavior. The ability to monitor end-user behavior can make a difference when it comes to data loss and insider threats. The managing director of Comsec Consulting said the process can allow a company to monitor what an employee is doing and it allows all behaviors to be looked at. When asked if the ability to monitor internet usage has always been present, with IT and line managers given reports of employee’s activity, the managing director said that this technology exists with software companies such as Websense, but if a user is accessing internal systems and is doing it with legitimate access, it is difficult to monitor. So should employees be told that they are being monitored? The managing director said that they should absolutely be told, as people want to be protected. Source:

Communications Sector

58. March 24, – (International) Mobile data traffic now bigger than voice. The consumption of mobile data surpassed that of voice for the first time last year, according to new research into global mobile networks by telecoms service provider Ericsson. The firm said at the CTIA Wireless 2010 conference in Las Vegas that the amount of data traffic had grown by 280 per cent over the past two years to reach 140,000 terabytes a month by December 2009. Ericsson explained that this shift means that mobile data traffic being sent over 3G networks is now higher than on 2G networks, and that the amount of data traffic is expected to double every year for the next five years. The figures represent a significant milestone in the rise of mobile data, which will continue to accelerate, according to Ericsson’s chief executive. The growing number of smartphones on the market, and the rise of social networking sites like Facebook, are the primary causes for the rapid mobile data growth, he said. Source:

59. March 24, Fredricksburg Standard – (Texas) Fiber-Optic cut causes communication outage. Hill Country, Texas, residents and businesses had to endure a seven-hour interruption in communication service yesterday when a major fiber-optic line was severed in neighboring Kendall County. Cell phones, land lines and some Internet communications across a major portion of Central Texas were left without service starting at about 1 p.m. when a large AT&T line was inadvertently cut by a third-party contractor doing drainage work along a rural road near Waring, said an AT&T spokesman. In addition to affecting most major retailers who use phone-line based credit card machines, the outage also impacted the city’s financial institutions. Source:

60. March 24, Kenosha News – (Wisconsin) Time Warner Cable points finger at software after three service outages. An internal software problem that disrupted Time Warner Cable service in Kenosha County, Wisconsin, over the last two days has been remedied. The first disruptions of video services came at about noon on Tuesday as an undetermined number of customers lost all television channels in Kenosha and Racine counties. The director of community and media relations for Time Warner Cable in Milwaukee said those channels were only out for a brief period of time. Source: