Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, April 13, 2010

Complete DHS Daily Report for April 13, 2010

Daily Report

Top Stories

 According to the Associated Press, equipment that measures radiation emissions at the Oyster Creek nuclear plant in Lacey Township, New Jersey has recently been found to be inoperable. It is not clear how long the stack monitor has been out of service. (See item 9)

9. April 10, Associated Press – (New Jersey) Radiation monitor at Oyster Creek nuclear plant is inoperable, officials say. A monitor that measures radiation emissions at the nation’s oldest operating nuclear plant has been found to be inoperable. But officials say the problem at the Oyster Creek plant in Lacey Township does not pose a public health threat. Exelon Corp., which owns the plant, recently notified the state Department of Environmental Protection (DEP) about the problem. But it is not clear how long the equipment — known as a stack monitor — has been out of service. DEP officials say other monitors throughout the plant can be used to provide data about radiation levels. The agency also maintains a network of radiation monitors in the area around the plant. “(We’re) confident that there have been no releases from the stack,” the DEP commissioner said. “Our independent monitoring system has not shown any elevated levels in the environment.” Source:

 WLOX 13 Biloxi reports that more than 500 homes and businesses in North Escatawpa, Mississippi are under a boil water order again because in the past two weeks, someone has deliberately damaged their water lines four times.

31. April 9, WLOX 13 Pascagoula – (Mississippi) Water line vandalism impacts north Escatawpa residents. North Escatawpa, Mississippi, residents are under a boil water order again because in the past two weeks, someone has deliberately damaged their water lines four times at the Fourth Mile Creek Bridge near Highway 613. Authorities think it is the work of a teenage prankster. The problem lies in the Four Mile Creek. Moss Point’s Public Works director said someone continues to ram a boat into the water lines and pipes and it is affecting more than 500 homes and business in North Escatawpa. ”The pressure dropped so much that the creek’s water gets into the water line and that is reason for the discoloration and boil order. He’s received tips from the community that a neighborhood teenager is to blame. He has already filed a complaint with the Jackson County Sheriff’s Department. “It is also a Homeland Security issue, and the penalties for that are you have a year in federal prison and a $10,000 fine.” Public works crews are replacing the ruptured water lines. The director said the city is considering moving the lines to a more secure location in the future. The North Escatawpa area will remain under a boil water order until next week. Source:


Banking and Finance Sector

18. April 10, San Diego Union-Tribune – (California) Police, FBI seek tips to find Ho-Hum Bandit. The FBI and San Diego police are offering a $10,000 reward for tips that lead to the arrest of a bank robber whom authorities have dubbed the “Ho-Hum Bandit” because he is plain and unassuming. The man is suspected in at least five San Diego bank robberies, the latest of which occurred April 8 in La Jolla. Law enforcement officials were able to identify him because he wore the same cap in two robberies. Police said that he most recently presented a note demanding cash at a Citibank branch on Herschel Avenue in La Jolla. Since February, the man also robbed another Citibank, a Chase bank branch, and two San Diego National Bank branches, all in San Diego, police said. Source:

19. April 8, KXII 12 Sherman – (Texas) New scam targets American Bank of Texas customers. Employees at the American Bank of Texas in Sherman want to warn their customers about scammers trying to get their 16-digit debit card numbers. They say because they are a smaller, local bank, some of their customers may be fooled into trusting these con artists. Bank employees received an e-mail the week of April 5 warning them about a new scam that could be targeting their customers. “They’re wanting the customer and asking the customer to enter in their card number via the phone. Other messages have told the customers, if they press one, and enter their debit card number, they will receive rewards of fifty dollars or more,” said the vice president of operations with the bank. He said employees already have the information on file that the scammers are looking for, so there would be no need for them to call and ask for it. Source:

Information Technology

42. April 12, eWeek – (International) Facebook ‘Farm Town’ users hit by malicious ad linked to fake antivirus. Users of the popular Facebook game “Farm Town” were hit with a rogue antivirus scam tied to malicious advertising. SlashKey, the developer behind “Farm Town,” issued a warning about the malware scam, which drew hundreds of comments to its user forum. According to findings by a researcher, the ad in question was a banner advertisement for greeting cards. If it is displayed, the user is redirected to various sites and eventually lands on one pushing rogue antivirus. “If you suddenly get a warning that your computer is infected with viruses and you MUST run this scan now, DO NOT CLICK ON THE LINK, CLOSE THE WINDOW IMMEDIATELY,” SlashKey warned in a post to its user forum. “You should then run a full scan with your antivirus program to ensure that any stray parts of this malware are caught and quarantined.” Reports of users getting infected continued to come through early Monday morning; however, the researcher has since posted in the user forum that the ad network serving the malicious ad has identified and disabled it. Source:

43. April 10, IDG News Service – (International) Nifty Java bug could lead to attack. On April 9, a Google researcher published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer. The flaw affects “all versions since Java SE 6 update 10 for Microsoft Windows,” he said. Linux users may also be affected, Symantec said in a note on the issue. He said he had notified Oracle’s Sun team about the flaw earlier. “They informed me that they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle,” he wrote. The attack could give hackers a way to run unauthorized Java programs on a victim’s machine. They can do this because Java allows developers to tell the Java virtual machine to install alternate Java libraries. By creating a malicious library and then telling the JVM to install it, an attacker could run his malicious program. Oracle is making a mistake, not patching the bug immediately, said the chief security architect with FireEye. The bug is particularly nasty because it is due to a design flaw in Java, rather than the type of programming error that would lead to a more common buffer-overflow attack. However, Java-based attacks are still rare, and rather than developing a brand-new type of attack, criminals are more likely to spend their time using known vectors such as the browser or Adobe Reader, said a senior information security analyst with Verizon Business. Source:

44. April 9, Computerworld – (International) Researcher warns of impending PDF attack wave. A design flaw in Adobe’s popular PDF format will quickly be exploited by hackers to install financial malware on users’ computers, the CEO of security company Trusteer argued April 9. The bug, which is not strictly a security vulnerability but actually part of the PDF specification, was first disclosed by a Belgium researcher the week of March 29. He demonstrated how a multistage attack using the PDF specification’s “/Launch” function could successfully exploit a fully-patched copy of Adobe Reader. Adobe has acknowledged the bug, but has not yet committed to producing a patch to stymie attacks. However, the company has urged users to change Reader’s and Acrobat’s settings to disable the /Launch function. In a blog post April 6, the Adobe Reader group product manager recommended that consumers block attacks by unchecking a box marked “Allow opening of non-PDF file attachments with external applications” in the programs’ preferences panes. By default, Reader and Acrobat have the box checked, meaning that the behavior the researcher exploited is allowed. The product manager also showed how enterprise IT administrators can force users’ copies of Reader and Acrobat into the unchecked state by pushing a change to Windows’ registry. On April 8, another Adobe executive said Adobe is considering several options to plug the hole, among them an update to Reader and Acrobat that would change the default state of the setting to off. Source:

45. April 9, Computerworld – (International) Indian outsourcers emphasize cosmetic security measures, Forrester warns. Companies who send software development work to India need to ensure that their vendors take holistic measures to protect data and are not simply “checking the box” on security issues, Forrester Research warned the week of April 5. Many Indian companies have bolstered their security controls and business continuity measures in recent years, Forrester said in a report. But the lack of executive support for security efforts, an over-reliance on technology controls, and inadequate training and awareness undermine the effectiveness of such measures. The author of the report said that many of the security measures in place appear designed to appease concerns more than anything else. “What I am seeing is most vendors are checking the box” on technology controls to address security threats and business continuity issues. “They view it as marketing collateral” while pitching their services. The report praised India’s “intention to emerge as a safe and secure location,” but said the results are mixed. The president of SystemExperts Corp. in Sudbury, Massachusetts said that most major Indian firms are “fully capable of best-in-class security practices.” But U.S. clients need to “clearly articulate their security expectations.” Because customers have not known what to ask for, or have not been specific about their expectations, security tends to fall through the cracks. Source:

For another story, see item 46 below

Communications Sector

46. April 12, PC1News – (International) Windows Mobile trojan makes long distance calls. Some Windows Mobile phones owners are reporting online that their cellphones have been making expensive calls to a variety of destinations without their permission. Security researches from Sophos observe that a trojan named Troj/Terdial-A is the malicious program that is making unauthorized phone calls from users’ phones. All of the affected phone owners have downloaded and installed a 3D action game on their cellphones. It became clear that a Russian-speaking hacker has infected versions of a 3D anti-terrorist action game with malicious trojan program hidden inside. The trojanized version of the game is uploaded to several Windows Mobile freeware download sites. Windows Mobile phone users are warned to beware of downloading games to their devices from freeware and warez sites. Source:

47. April 12, Light Reading – (Virginia) Verizon kicks off disaster recovery drill. Hundreds of Verizon Communications Inc. employees are involved in this week’s disaster recovery exercise, which is the first that encompasses all of Verizon Telecom and Verizon Wireless operations. The week-long event begins April 12 with a simulated disaster involving a mid-air collision that sends a commercial airliner crashing into a major Verizon facility at its Ashburn, Virginia corporate campus, and also causes damage to a Leesburg, Virginia local phone company Central Office. It continues April 13 with simulated chlorine leak from a tanker truck that compromises a major data center at Ashburn as well, and requires Verizon’s hazardous materials team to respond. Later in the week, the FBI will be on hand to discuss terrorism and other network threats. The idea is to have each unit of Verizon put its disaster recovery plan into place and then evaluate how the plan actually works and where changes/improvements might be needed. On display in Virginia will be Verizon’s latest addition to its disaster recovery fleet, a 51-foot Mobile Command Center, as well as housing trailers, comfort trailers, satellite trailers, hazmat vehicles, and more, all designed to enable Verizon to independently operate following any kind of disaster. Source:

48. April 8, IDG News Service – (International) A Chinese ISP momentarily hijacks the Internet. For the second time in two weeks, bad networking information spreading from China has disrupted the Internet. On April 8, bad routing data from a small Chinese ISP called IDC China Telecommunication was re-transmitted by China’s state-owned China Telecommunications, and then spread around the Internet, affecting Internet service providers such as AT&T, Level3, Deutsche Telekom, Qwest Communications, and Telefonica. “There are a large number of ISPs who accepted these routes all over the world,” said the technical lead at Internet monitoring firm Renesys. The incident started just before 10 a.m. Eastern Time on April 8 and lasted about 20 minutes. During that time IDC China Telecommunication transmitted bad routing information for between 32,000 and 37,000 networks, redirecting them to IDC China Telecommunication instead of their rightful owners. These networks included about 8,000 U.S. networks including those operated by Dell, CNN, Starbucks, and Apple. More than 8,500 Chinese networks,1,100 in Australia and 230 owned by France Telecom were also affected. The bad routes may have simply caused all Internet traffic to these networks to not get through, or they could have been used to redirect traffic to malicious computers in China. While the incident appears to have been an accident, it underscores the weakness of the Border Gateway Protocol. Source:

49. April 7, Federal Computer Week – (International) Will influx of iPads cripple wireless networks? The release of Apple’s iPad will add another flood of wireless-ready devices to the demand for wireless connectivity, and at least one government official fears that the proliferation of gadgets could bog down wireless networks. The director of scenario planning for the government’s Omnibus Broadband Initiative is concerned. In a blog post published February 1, he wrote that even before the iPad’s official release, there have been reports of overburdened wireless networks faltering. “These problems are reminiscent of the congestion dialup users experienced following [America Online’s] 1996 decision to allow unlimited Internet use,” he wrote. In another blog post, published April 2, he outlined ways in which the federal broadband plan will help. “Many iPads will rely solely on Wi-Fi to connect to broadband, and the Plan recognizes how Wi-Fi broadband access on unlicensed spectrum can relieve the growing pressure on licensed cellular networks,” he wrote. “The Plan calls for the FCC to free up a new, contiguous nationwide band of spectrum for unlicensed use over the next ten years. These bands have the added benefit of providing economical broadband access in rural areas that aren’t well served now.” Other iPad users will have the option to connect to AT&T’s 3-G network, a different system than WiFi but equally prone to overload. Source: