Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, April 22, 2010

Complete DHS Daily Report for April 22, 2010

Daily Report

Top Stories

 Reuters reports that eleven workers were missing and 17 injured in an explosion Tuesday night at a Transocean oil drilling rig off Louisiana, and crews were fighting the fire 16 hours later, the U.S. Coast Guard said on Wednesday. (See item 1)

1. April 21, Reuters – (Louisiana) Blast, fire hits Transocean rig; 11 missing. Eleven workers were missing and 17 injured in an explosion at a Transocean oil drilling rig off Louisiana, and crews were fighting the fire 16 hours later, the U.S. Coast Guard said on Wednesday. An estimated 126 people were aboard the Deepwater Horizon at the time of the explosion, reported about 10 p.m. Tuesday. The rig was drilling for BP Plc 42 miles southeast of Venice, Louisiana, near the mouth of the Mississippi River, in Mississippi Canyon block 252, Transocean said. The rig — a “semisubmersible” towed to a site and partially sunk on pontoons for drilling stability — was reported at midday Wednesday to be leaning, and spilling fuel and either oil or drilling fluid from the wellbore, a Coast Guard spokeswoman said. Five firefighting vessels were trying to control the blaze. Eleven workers were still unaccounted for at midday Wednesday, the spokeswoman said. The Coast Guard deployed helicopters, planes, and vessels to look for the missing workers, sent environmental crews to the scene to assess and control any spill, and launched a joint investigation with public and private interests into the cause. A safety zone with a radius of five nautical miles around the crippled vessel was declared to keep traffic in the area at a minimum, but cleanup efforts had not yet been initiated. “There is a slick, but right now we’re focused on search and rescue,” she said. Transocean, based in Zug, Switzerland, is the world’s largest offshore drilling contractor. Source:

 According to Reuters, a report by the Institute of Electrical and Electronics Engineers and the EastWest Institute think tank says that investors should urgently diversify the web of undersea cables that serve as the world’s information and banking arteries to address soaring demand and piracy concerns and reduce the risk of catastrophic outages. (See item 43 below in the Communications Sector)


Banking and Finance Sector

12. April 21, Courthouse News Service – (New York) SEC ends $90-million Ponzi scheme. McGinn, Smith & Co. (MS&C), and the two men who ran it, squandered $90 million of investors’ money by making unsecured loans to prop up cash-poor affiliates, paying salaries, and using it for their own delight, including hiring strippers for a “sexually themed” cruise, the SEC reported. When jilted investors were left holding worthless notes, a MS&C coowner cited the “financial crisis” and “the lack of liquidity in the market” for the losses, the SEC said in its federal complaint. The commission filed an emergency order on behalf of more than 900 investors April 20. A 65-year-old Saratoga Springs man and 62-year-old Schenectady man ran MS&C out of Albany, the SEC said. “The offering fraud already has caused significant investor losses, and this emergency action is intended to stop the fraud and preserve the status quo for the benefit of the victims,” according to the complaint. The suspects raised more than $136 million in more than 20, unregistered debt offerings through dozens of affiliated entities, the SEC charged. The suspects then funneled investors’ money to entities they owned or controlled, then covered up the fraud with lies and omission, the complaint stated. MS&C owed investors in their four main funds at least $84 million as of September 2009, though the funds held a total of less than $500,000, the SEC noted. It said the defendants’ trusts were $18 million in the red. Source:

13. April 20, Des Moines Register – (Iowa) Security cameras show burglar at cash drawers in US Bank office. A burglar took an undetermined amount of money April 17 from the U.S. Bank office at Kaleidoscope at the Hub in Des Moines, Iowa. Des Moines police said security cameras show a burglar testing a security gate that did not have an alarm. The burglar picked up one end of the gate and held it open with a stack of newspapers and a wooden stool. After crawling underneath, he pried open teller drawers and took money. A motion alarm was activated and officers responded but found nothing. The stool had been pulled away from the security gate and the newspapers had been pushed inside by the time officers arrived, between 8:30 and 9 p.m. A representative of the bank filed a burglary report April 19. Source:

14. April 20, Jackson Citizen Patriot – (Michigan) Phone scam results in hundreds of calls to Flagstar Bank. A phone scam involving Flagstar Bank targeted many Jackson-area residents April 19. People reported receiving phone calls with a robotic voice claiming to be from Flagstar and asking for account information. Area police departments and the Jackson County Sheriff’s Office were notified of the calls and confirmed with Flagstar that it was a scam. A police sergeant said the sheriff’s office received calls all day long. To his knowledge, no one reported giving out sensitive account information. A police sergeant with the Parma-Standstone police department said he received two calls about the scam. When he called Flagstar at 7:30 a.m., the bank said it had already received several hundred calls. Source:

15. April 20, Associated Press – (National) Watchdog claims mortgage aid program is vulnerable to scams. Recent changes to the U.S. Presidential administration’s mortgage assistance program may make it more vulnerable to fraud, a government watchdog said Tuesday. Announced last month, the changes are intended to make it easier for struggling homeowners to avoid foreclosure. But the administration has not done enough to warn the public about fraud and has not included sufficient safeguards to prevent abuse, the special inspector general for the Troubled Asset Relief Program said in a quarterly report. “Criminals feed on borrower confusion, and frequent changes to the programs provide opportunities for experienced criminal elements to prey on desperate homeowners,” the inspector general wrote. Source:

16. April 19, – (National) Report: 10 percent of fraud victims fall victim to bogus ATM withdrawals. According to a new report released earlier this month by Javelin Strategy & Research on ATM and Personal Identification Number fraud, 10 percent of fraud victims in the U.S. experience fraudulent ATM cash withdrawals. As a result, 23 percent of the 4,874 consumers interviewed for the survey said they left their primary financial institution. Research analysts said that in addition to the use of skimming devices, thieves are now gaining access to customers PINs by manipulating ATM software and by sending out bogus text messages to consumers requesting their personal information. “Despite the efforts by financial institutions to protect consumers, the number of records breached rose 16 percent in 2009,” the managing partner and research director for Javelin said in a prepared statement. “Fraudsters have become more organized globally and more sophisticated technologically and may increase their attacks on ATMs in the U.S. as neighboring countries such as Canada and Mexico move to EMV chip-cards, which protect against skimming.” Analysts are advising financial firms to not only implement more layered security measures, but to also educate users on fraud risks and how to avoid them. Source:

17. April 19, Pasadena Star-News – (California) Man using bomb threat robs La Canada Flintridge bank. A man who claimed he had a bomb robbed a La Canada Flintridge, California bank of an undisclosed amount of money April 19. No one was hurt in the 11:10 a.m. robbery at the Bank of America, 537 W. Foothill Blvd., according to a sheriff’s lieutenant. He said the man walked up to a teller and presented a note demanding money. The note said: “Give me your money. Don’t call the police for 10 minutes. I have a bomb,” the lieutenant said. The robber then took the cash and walked out. The lieutenant said no bomb, gun, or getaway car were seen. Source:

Information Technology

36. April 21, The Register – (International) Cybercrooks befuddled by Icelandic volcano name. Scareware slingers have balked at using the name of the Icelandic volcano that this week grounded flights across much of Europe as a theme for search-engine manipulation campaigns because it is too complicated. Distributors of rogue security software can normally be relied upon to latch onto any item of news as a motif for attempts to make sure links to scareware portals appear prominently in the searches for likely terms via Google or other search engines. Links promising pictures of the spectacular storms around eruption volcanoes in Iceland would fit right into this strategy. But experts said the appearance of such links has been halted because no one can agree on how to spell the volcano’s name. Eyjafjallaj√ɶkull, despite being arguably the biggest news story of 2010 so far, is simply too difficult to spell for most surfers, let alone virus-writer types not known for their mastery of grammar and punctuation. That’s not to say black-hat SEO attacks riding on the coattails of the volcanic ash clouds spreading over Europe have failed to materialize. But instead of using the name of the volcano, hackers have taken the more prosaic approach of using search terms such as “Iceland Volcano Images” as themes for their attacks, as explained in a blog post by a Panda Security researcher. Source:

37. April 21, Help Net Security – (International) Study: Security vulnerabilities can be found in 38 percent of network devices. A new report presents real-world results — including common security vulnerabilities and violations — unearthed by Dimension Data during the 235 Technology Lifecycle Management (TLM) Assessments it performed for companies in 2009. The report contains results from assessments performed at small, medium and large organizations from around the world. There were several findings, some of the more significant ones were that more than 38 percent of network devices — such as routers, switches, gateways, etc. — exhibited security vulnerabilities, which may expose organizations to external and internal security attacks. Secondly, there was an average of 40.7 configuration violations per network device — increasing the likelihood of network downtime and exposure to risk. Finally, thirty-five percent of all network devices were found to be beyond end-of-sale (EoS), meaning they will be increasingly unsupportable and exposed to risk as they progress toward last-day-of-support (LDoS). In fact, of those devices, more than 50 percent were already beyond end-of-software-maintenance (EoSWM) or LDoS. Source:

38. April 20, Softpedia – (International) IE8 XSS filter update coming June 2010. Microsoft plans to release an update to the Internet Explorer 8 XSS Filter that will further bulletproof the browser against attacks. The Redmond, Washington company already took measures to address an issue impacting the XSS Filter. In this regard, the January security update to Internet Explorer (MS10-002) was designed to resolve a vulnerability detailed at Blackhat EU. According to a researcher at MSRC Engineering, the software giant is now gearing up to take additional steps to protect customers. A new “update to the IE XSS Filter is currently scheduled for release in June. This change will address a SCRIPT tag attack scenario described in the Blackhat EU presentation. This issue manifests when malicious script can ‘break out’ from within a construct that is already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile Web sites, thus far real-world examples of the SCRIPT tag neutering attack scenario have been hard to come by,” the researcher explained. Source:

39. April 20, The Register – (International) Amazon purges account-hijacking threat. administrators April 20 closed a security vulnerability that made it possible for attackers to steal user log-in credentials for the highly trafficked, e-commerce Website. The XSS, or cross-site scripting, bug on Amazon Wireless allowed attackers to steal the session IDs that are used to grant users access to their accounts after they enter their passwords. It exposed the credentials of customers who clicked on this link while logged in to the main page. It was discovered by a researcher from security-consulting company Avnet. The XSS bug was purged from Amazon about 12 hours after The Register brought it to the attention of the Web site’s security team. Source:

40. April 20, IDG News Service – (International) Drug-dealing spammers hit Gmail accounts. Google is investigating a growing number of reports that hackers are breaking into legitimate G-mail accounts and then using them to send spam messages peddling Canadian pharmaceutical websites that promised to send cheap drugs to U.S. customers. The problem started about a week ago but seems to have escalated recently. “The G-mail team takes security very seriously and is investigating the reports we’ve seen in our user forums over the past few days,” Google said April 20 in an e-mailed statement. “We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: G-mail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer. It is not clear what’s behind this wave of G-mail attacks. But in forum posts, G-mail users note that hackers appear to be sending spam via G-mail’s mobile interface — which gives mobile-phone users a way to check their G-mail accounts. The G-mail users wondered if there may be a bug in the mobile interface that is allowing criminals to send the spam. Source:

Communications Sector

41. April 21, – (International) Akamai report details Web attack patterns and techniques. The United States, Russia, and China are the worst global sources of malicious traffic, according to the latest State of the Internet report from global services provider Akamai. The results are pulled from a network of 60,000 servers and billions of Internet requests per day, and reveal interesting details of the latest attack techniques, as well as new figures on the number of global Internet connections. Akamai said that the amount of bad traffic coming from the U.S. had doubled in the past quarter to just under 13 percent. In terms of Internet connections, the UK is sixth in the list of unique IP addresses with 20,008,664. Overall, there are 465 million addresses, a 16-percent year-over-year increase, according to the report. Some 62 percent of the fastest connections are found in Asia, and 48 percent in Japan. Just a fifth of the fastest connections are in North America. Attack traffic is coming from 198 countries, Akamai said, a slight drop from 207 in the previous quarter. Russia is the worst offender, accounting for 13 percent of all malicious traffic, followed by China, the U.S. and Brazil. Source:

42. April 20, Glen Falls Post Star – (New York) Pesticide clears out Verizon office. The Verizon office on Glen Street in Glens Falls, New York was evacuated over the weekend after pesticide spraying near the building sickened workers. The office remained closed April 20 following the incident, which sent about nine Verizon employees to Glens Falls Hospital April 18, according to a company spokesman. The spokesman said fumes from pesticides sprayed on nearby trees drifted into the office through air vents and made some workers ill. The building — which houses about 100 Verizon engineers, operations staff, and operators — was shut down and employees were sent home. Of the nine people who went to the hospital, all but one were treated and released, the spokesman said. Windows were opened and air filters changed on April 18 to aerate the building. A firm took air samples on April 20, and results were expected by April 21. Source:

43. April 20, Reuters – (International) Undersea telcoms cables face growing risks-report. Investors should urgently diversify the web of undersea cables that serve as the world’s information and banking arteries to address soaring demand and piracy concerns and reduce the risk of catastrophic outages. So says a report by a multinational research project that calls for the building of global backup routes for the submarine network that carries almost all international communications, including financial transactions and Internet traffic. The report’s main author of the Institute of Electrical and Electronics Engineers (IEEE), an international professional body, told Reuters changes should be made “before we have to learn the hard way.” “This report is trying to have a September 10 mindset, where you actually do something about what you know on September 10 to avoid a September 11 situation,” the main author who was an adviser to the U.S. government on cybersecurity after the September 11 attacks said. An executive summary of the report made available to Reuters says that the current probability of a global or regional failure of the network is very low, but is “not zero”. “The impact of such a failure on international security and economic stability could be devastating...There is no sufficient alternative back-up in the case of catastrophic loss of regional or global connectivity.” Source:

44. April 19, Billing and OSS World – (International) Cut cable slows Mideast traffic. Demonstrating the vulnerability of the one of the world’s most strategic regions to interruptions in broadband Internet access, a severed, undersea cable in the Mediterranean has reduced Internet speeds across a broad swath of the Middle East to a crawl. Etisalat, the largest carrier in the United Arab Emirates, said that “the problem occurred when seawater penetrated the insulation and caused a short-circuit,” according to The National, a newspaper in Dubai. Repairs were expected to be completed by April 20. The Middle East is especially susceptible to interruptions in service because a single cable, known as Sea-ME-We-4, accounts for 89 percent of available capacity from Europe to the region. Two other undersea cables have limited capacity, meaning that the failure of the Sea-ME-We-4 cable has required the rerouting of traffic to far-flung routes that in some cases literally circle the globe. That logjam could ease this year as companies including Telecom Egypt, Orascom Telecom, and Reliance Communications are due to light up as many as five new cables, more than doubling the bandwidth available to the region. Five new cables are due to come online between Europe and Egypt this year. Adding cables to the Egyptian center will create more bandwidth for the regional network to access. Source: