Department of Homeland Security Daily Open Source Infrastructure Report

Friday, April 9, 2010

Complete DHS Daily Report for April 9, 2010

Daily Report

Top Stories

 The Pittsburgh Post-Gazette reports that a worker was hurt and 10 others were sent to a hospital after a chemical spill Thursday at Electrical Materials manufacturing plant near Erie, Pennsylvania.

8. April 8, Pittsburgh Post-Gazette – (Pennsylvania) Spill at Erie plant sends 11 to hospital. A worker was hurt and 10 others were sent to a hospital after a chemical spill at an electrical products plant near Erie, Pennsylvania. The spill happened about 6:30 a.m. Thursday at Electrical Materials Co. in North East, a borough about 10 miles northeast of Erie. The local fire chief says the spill happened in the plant’s plating room and that one worker was splashed with the unidentified chemical. Ten others were taken to Hamot Medical Center in Erie for evaluation because they were exposed to a vapor cloud. Source:

 According to a report recently released by the Defense Security Service, foreign nations are increasingly exploiting the Internet, including social-network sites, to conduct industrial espionage against Defense Department contractors, especially to acquire UAV-related technologies or information. The study found that attacks came from nations considered unfriendly and friendly.

11. April 5, Nextgov – (National) Report: Defense contractors battle ‘relentless’ online assaults. Foreign nations are increasingly exploiting the Internet, including social-network sites, to conduct industrial espionage against Defense Department contractors, according to a new government report. “United States defense-related technologies and information are under attack each day, every hour and from multiple sources,” said the Defense Security Service (DSS). DSS oversees security at 13,000 contractor facilities. “The attack is pervasive, relentless and unfortunately, at times, successful.” Released March 30, the report reviews 2008 events. The study found that attacks came from nations considered unfriendly and friendly. E-mail messages requesting price quotes and system information were the preferred method to attempt to steal U.S.-technology data. Users also sent multiple e-mail requests for the same information to different individuals working for the same contractor. Hackers from East Asia and the Pacific region focused their attention on information systems, accounting for 29 percent of suspicious-contact reports turned in to the DSS. More than a third of the attacks (36 percent) coming from European countries — including Russia and NATO allies — tried to obtain information on aeronautical systems and 12 percent targeted information-technology data. Foreign attempts to obtain information on unmanned aerial vehicles have become so prevalent that a special section of the report is devoted to them. Source:


Banking and Finance Sector

12. April 8, Courthouse News Service – (California) Homebuyers say BofA took the money and ran. Bank of America (BofA) took $25 billion in bailouts, but refuses to follow federal rules and help homeowners having difficulty paying their mortgages, claims a new federal, class-action suit. Though the bank gets $1,000 for each mortgage it modifies under the Home Affordable Modification Program, BofA often decides it is “more profitable avoid modification and to continue to keep a mortgage in a state of default or distress and to push loans toward foreclosure,” the complaint states. As a recipient of Troubled Asset Relief Program money, BofA was required to enroll in the government’s Home Affordable Modification Program (HAMP). Under HAMP, loan servicers must respond to homeowners’ requests for loan modifications and are not allowed to foreclose on homes while their loans are being evaluated. But the lawsuit claims BofA has ducked its obligations, and has “regularly and repeatedly violated several of its prohibitions.” “Because Bank of America is not meeting its contractual obligations, at least hundreds of California homeowners are wrongfully being deprived of an opportunity to cure their delinquencies, pay their mortgage loans and save their homes,” the complaint states. Source:

13. April 8, HedgeCo.Net – (National) SEC proposes revised rules for asset-backed securities. In response to problems exposed by the financial crisis, the Securities and Exchange Commission on April 8 proposed comprehensive changes to the rules governing offers, sale and reporting with respect to asset-backed securities. The proposed revisions are intended to improve investor protection and increase transparency and efficiency in the public and private markets for asset-backed securities. Under current rules, asset-backed securities may be registered on a Form S-3 registration statement and later offered “off the shelf” if the securities are rated investment grade by a nationally recognized statistical-rating organization. In recognition that investors may have unduly relied on ratings, the proposed rules would eliminate the credit-rating requirement. The SEC is proposing to revise Regulation AB, which currently requires disclosure of material, aggregate information about the composition and characteristics of asset pools, to provide additional disclosure requirements for asset-backed security offerings. For each loan or asset in the asset pool, the SEC is proposing to require disclosure of specified data relating to the terms of the asset, obligor characteristics, and underwriting of the asset. Such data would be provided in a machine-readable, standardized format. Issuers would be required to provide the asset-level data or grouped account data at the time of securitization, when new assets are added to the pool underlying the securities, and on an ongoing basis. Source:

14. April 7, DarkReading – (National) Customers sue Countrywide Financial over theft and sale of personal data. Customers of Countrywide Financial have filed a class-action lawsuit over the 2008 data breach that enabled company insiders to steal and sell their personal information. According to a Courthouse News Service report, the class-action lawsuit on behalf of 16 plaintiffs seeks $20 million in damages, plus punitive damages. The data theft, originally attributed to a single employee working over a two-year-period, exposed data on tens of thousands of customer records. The lawsuit alleges that Countrywide Financial employees stole and sold “tens of thousands, or millions” of customers’ personal financial information, according to the news report. The suit claims the defendants do not dispute that customers’ private financial information was disseminated. It seeks to find out “whether the dissemination was intended as a plan or scheme, or was intentional; [and] whether any of the defendants was simply aiding and abetting, rather than an architect of the plan to disseminate the personal information.” Source:

15. April 7, KIMA 29 Yakima – (Washington) Yakima targeted in credit union scam. For the third time in three months, Yakima Valley (Wash.) Credit Union members have been targeted by a scam. The ruse involves automated messages, claiming to be from the credit union, saying that an individual either won money or had a credit card canceled. The goal is identity theft. Scammers used an automated system dialing thousands of 509 area code numbers to locate victims. Source:

16. April 6, Pioneer Press – (Minnesota) Stillwater / Restaurant warns of credit breach. More than a dozen people who visited Mad Capper Saloon & Eatery in downtown Stillwater, Minnesota, in the past few weeks may have had their credit card information stolen by a thief who apparently obtained the numbers via an unsecured router. “Somehow, the security of our network got breached. We have corrected the problem, and we sincerely apologize to anyone who has had a problem,” the restaurant’s owner said on April 6. He advised patrons to check their credit card statements, and if they find anything suspicious, to cancel the card and call the police. The restaurant owner said he learned last week of the thefts — which affected 12 to 15 customers — and immediately brought in a computer specialist to secure the router. He said he has heard from customers that their credit card information was used at Walmart stores in California. Source:

17. April 6, IT Pro – (International) Visa warns of key logger increase. Visa has warned its customers to be aware of the increased risk posed by key-logging trojans. The credit-card company claimed in recent weeks it had seen a rise in this technique, which obtains information from victims through software that captures and records their keystrokes. The particular malware affecting Visa payment systems sends payment card data to a fixed IP address or e-mail that the hacker can then access and use as he or she sees fit. “In these instances, the hacker is able to install key logger malware on the point of sale (POS) system due to insecure remote access and poor network configuration,” Visa stated. It admitted that key loggers can be difficult to detect, but it has developed a list of security measures for retailers using the system. These include removing unnecessary remote access, implementing a secure-network configuration, regularly observing which software is installed and ensuring anti-virus programs are kept up-to-date. Source:

Information Technology

47. April 7, ComputerWorld – (International) 1-in-10 Windows PCs still vulnerable to Conficker worm. More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows. And 25 of every 1,000 systems are currently infected with the worm. According to Qualys, a security risk and compliance management provider, about 10 percent of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft’s MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers. Source:

48. April 7, CNET News – (International) Survey: Cloud computing risks outweigh reward. Though cloud computing is often touted as a cost-saver for companies, IT pros still have lingering doubts about the safety and security of working in the cloud. Around 45 percent of IT professionals recently surveyed by the ISACA (formerly known as the Information Systems Audit and Control Association) said the risks involved in cloud computing outshine any benefits. A global organization focused on the auditing and security of information systems, the ISACA conducted its first annual IT Risk/Reward Barometer survey (PDF) in March. Questioning more than 1,800 IT professionals in the U.S. who are members of the group, the ISACA found that only 10 percent of them plan to use cloud computing for mission-critical IT services, 15 percent will use it only for low-risk services, and 26 percent don’t expect to tap into the cloud at all. “The cloud represents a major change in how computing resources are utilized, so it’s not surprising that IT professionals have concerns about risk vs. reward,” said the vice president of ISACA, in a statement. “If cloud computing is treated as a major initiative involving many stakeholders, it has the potential to yield benefits that can equal or outweigh the risks.” Source:

49. April 7, Computerworld – (International) Adobe preps PDF patches for Reader. Adobe Systems Inc. on April 7 will announce the patches it plans to deliver for its PDF software next week as part of its quarterly security update process. The impending updates will come on the heels of Adobe urging users yesterday to beef up defenses in its Reader and Acrobat applications. The company also said that it might issue a patch for a design flaw that lets attackers run executable code on a Windows PC from a malformed PDF without needing to exploit an actual vulnerability. It’s unlikely that that patch will appear the week of April 12, however. Adobe will issue patches for Reader and Acrobat on April 13, the same day Microsoft will release updates for its operating system and other software products. There are no publicly known unpatched security vulnerabilities in Adobe Reader and Acrobat, according to the Danish bug-tracking firm Secunia. Any updates next week, then, will address privately-reported vulnerabilities or bugs that Adobe’s own security engineers have uncovered. Source:

Communications Sector

50. April 7, Dow Jones Newswires – (International) Telecom: Having fresh problems with XT Network in Auckland area. Telecom Corp. of New Zealand Ltd. said on April 8 it has been experiencing fresh problems with its troubled third-generation mobile network, XT. A spokesman told Dow Jones the problems involved network degradation rather than the network falling over, but it was widespread in the country’s largest city Auckland and in the northern region. Telecom has had major issues with the network since it was established in midyear 2009 and has vowed to fix the problems, which were cited by analysts as being a major factor in the teleco’s share price falling to record lows last month. Source:

51. April 7, KRDO 13 Colorado Springs – (Colorado) Qwest service outage is fixed. Qwest phone service has been restored to three counties in Colorado. El Paso, Teller, and Fremont counties were affected from 8:30, Wednesday morning until 6:30, Wednesday night. A spokesperson for Qwest says while phone service can be interrupted from time to time, they usually do not see it have this broad of an impact. A Qwest spokesperson said, “we rarely see a fiber cut of this magnitude.” Twelve cities were affected as a result of a fiber cut in Stratmoor. About 9:30 a.m. Wednesday morning a worker monitoring the network noticed the fiber cut. The spokesperson said, “In this particular situation we saw customers experiencing more congestion than usual. Most would have local dial tone, but they would have trouble getting the calls put through.” There was also some impact to people’s ability to call 911. She said fiber cuts are usually related to construction in the area. However, the exact cause of the fiber cut is being investigated. Source: