Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, May 19, 2010

Complete DHS Daily Report for May 19, 2010

Daily Report

Top Stories

 A source close to the Times Square-bomber investigation said that the suspect had bigger, more destructive plans — other targets in New York and Connecticut. The source said that the suspect has told interrogators that if the Times Square bombing was successful, that he had four other locations to possibly attack: defense contractor Sikorsky in Connecticut and Rockefeller Center, Grand Central Terminal, and the World Financial Center across from Ground Zero in New York. (See item 16)

16. May 18, WNYW 5 New York – (Connecticut; New York) Source: Faisal Shahzad had bigger targets. A source close to the Times Square-bomber investigation said that the suspect had bigger, more destructive plans — other targets in New York and Connecticut. The source said that the suspect has told interrogators that if the Times Square bombing was successful, that he had four other locations to possibly attack. If the bomb inside the Nissan Pathfinder in Times Square went off as planned, a source said that the bomber said he was taking aim at four other high-profile targets: Connecticut-based defense contractor Sikorsky, Rockefeller Center, Grand Central Terminal, and the World Financial Center across from Ground Zero. Sikorsky manufacturers helicopters for the U.S. military, including the Blackhawk. Headquartered in Stratford, Sikorsky also has facilities in Shelton and Bridgeport — the same two cities where the bomber has lived. Source: http://www.myfoxny.com/dpp/news/international/source-faisal-shahzad-had-bigger-targets-20100517

 Students at Chamberlain High School in Tampa, Florida were greeted by extra security Tuesday morning, one day after a homemade acid bomb went off in a hallway and injured a student, putting the school on lockdown for several hours. Tampa police are providing additional security patrols Tuesday, saying they, along with school officials, are not taking the situation lightly. (See item 39)

39. May 18, WTVT 13 Tampa – (Florida) Security stepped up at Chamberlain High. Students at Chamberlain High School in Tampa, Florida were greeted by extra security Tuesday morning, one day after a homemade acid bomb went off in a hallway and injured a student, putting the school on lockdown for several hours. Tampa police are providing additional security patrols Tuesday, saying they, along with school officials, are not taking the situation lightly. Authorities said they still have not determined who rolled the chemical-filled, plastic water bottle out of a classroom and into a hallway around 8:30 a.m. Monday. The device exploded, slightly burning an 18-year-old girl. A second acid bomb that did not detonate was found in a nearby bathroom while police were searching the school. Some students told FOX 13 Tuesday morning that they were somewhat hesitant coming to school. Monday, some students speculated that the incident may have been some sort of prank, but school officials said that doesn’t matter and that they still plan to prosecute whoever is responsible. Source: http://www.myfoxtampabay.com/dpp/news/local/hillsborough/security-stepped-up-at-chamberlain-high-051810

Details

Banking and Finance Sector

18. May 17, Krebs on Security – (International) Teach a man to phish... Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam. Phishers often set up their fraudulent sites using ready-made “phish kits” — collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a “backdoor” that allows them to get back into the site at any time. About a year and a half ago, investigators at Charleston, South Carolina based PhishLabs found that one particular backdoor that showed up time and again in phishing attacks referenced an image at a domain name that was about to expire. When that domain finally came up for grabs, PhishLabs registered it, hoping that they could use it to keep tabs on new phishing sites being set up with the same kit. The trick worked: PhishLabs collected data on visits to the site for roughly 15 months, and tracked some 1,767 Web sites that were hacked and seeded with the phishing kit that tried to pull content from the domain that PhishLabs had scooped up. When PhishLabs plotted the guy’s daily online activity, the resulting graph displayed like a bell curve showing the sort of hourly workload a person would typically see in a regular 9-5 job, a researcher said. “In the middle of the day he’s super busy, and in the mornings and evenings he’s not. So this is very much his day job.” Source: http://krebsonsecurity.com/2010/05/teach-a-man-to-phish/


Information Technology


45. May 18, Help Net Security – (International) Web browsers leave ‘fingerprints’ as you surf. An overwhelming majority of Web browsers have unique signatures — creating identifiable “fingerprints” that could be used to track someone as they surf the Internet, according to research by the Electronic Frontier Foundation (EFF). The findings were the result of an experiment EFF conducted with volunteers who visited a Web site that anonymously logged the configuration and version information from each participant’s operating system, browser, and browser plug-ins — information that Web sites routinely access each time one visits — and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84 percent of the configuration combinations were unique and identifiable, creating unique and identifiable browser “fingerprints.” Browsers with Adobe Flash or Java plug-ins installed were 94 percent unique and trackable. EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information a browser shares with the Web sites one visits. But overall, it is very difficult to reconfigure a browser to make it less identifiable. The best solution for Web users may be to insist that new privacy protections be built into the browsers themselves. Source: http://www.net-security.org/secworld.php?id=9303


46. May 18, The Register – (International) Koobface gang counter-poohpooh nemesis sec-pro Danchev. The gang behind the infamous Koobface worm has responded to a post by a security researcher on their activities and motives with an answer buried in the latest version of their malware. A noted security researcher posted a list of “10 things you didn’t know about the Koobface gang” in a blog post back in February. Koobface (an anagram of Facebook) is a worm that spreads on social networking sites. The worm, reckoned to be one of the most complex strains of malware yet seen, steals information from compromised hosts and promotes scareware sites, according to the researcher and anti-virus firms. Or not, according to the VXers behind the code. Late last week “Ali Baba” of the Koobface gang posted a point by point response as a message on Koobface-infected hosts, which served scareware disguised as bogus video codecs. Essentially the gang members attempt to paint themselves as elite coders in it for the lolz and not the loot. “What makes an impression is their attempts to distance themselves from major campaigns affecting high-profile U.S. based Web properties, fraudulent activities such as click fraud, and their attempt to legitimize their malicious activities by emphasizing the fact that they are not involved in crimeware campaigns, and have never stolen any credit card details,” the researcher explained. Source: http://www.theregister.co.uk/2010/05/18/koobface_top_10_facts/


47. May 18, ComputerWorld – (International) Huge ‘sexiest video ever’ attack hits Facebook. A huge attack by a rogue Facebook application last weekend infected users’ PCs with popup-spewing adware, a security researcher said May 17. On May 15, AVG Technologies received more than 300,000 reports of the malicious Facebook app, said AVG’s chief research officer. AVG came up with its tally by counting the number of reports from its LinkScanner software, a free browser add-on that detects potentially poisoned pages. “It was stunning, really, the number,” said the research officer in an interview via instant message late May 17. “And stunning that it was not viral or wormy [but that] Facebook did it all by itself.” The volume of reports on the May 15 rogue Facebook software was highest during the nine-hour period between midnight and 9 a.m. Eastern Standard Time, with spikes of approximately 40,000 per hour coming at 7 a.m. and noon. For the day, AVG received more than 300,000 reports, triple that of AVG’s second-most-reported piece of spyware. According to the researcher, Facebook eradicated the rogue application about 15 hours after the attack started. Facebook’s only acknowledgment of the attack came on its security page, where a “Tip of the Week” early May 17 read: “Don’t click on suspicious-looking links, even if they’ve been sent or posted by friends.” But other security firms also noted the attack. Both U.K.-based Sophos and U.S. security company Websense dubbed the attack “Sexiest video ever,” based on the message that appeared on Facebook users’ walls, seemingly from their Facebook friends. Source: http://www.computerworld.com/s/article/9176905/Huge_sexiest_video_ever_attack_hits_Facebook


48. May 18, PC Advisor UK – (International) USB worm named biggest PC threat. A worm that is spreading via USB flash drives has been named the biggest security threat to PC users by McAfee. According to the security vendor’s Threats Report: First Quarter 2010, an AutoRun-related infection was also the world’s third biggest PC threat during the first three months of the year, while the rest of the top five biggest PC threats were made up of password-stealing Trojans. The report revealed that spam rates have remained steady. However, there has been an increase in diploma spam, or spam that offers forged qualifications, in China, South Korea and Vietnam. McAfee also said malware and spam in Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile, and Brazil had surged. The security vendor said this was due to the significant growth of Web use in these countries coupled with a lack of security awareness. “Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates,” said a senior vice president and chief technology officer of Global Threat Intelligence for McAfee. “Previously emerging trends, such as AutoRun malware, are now at the forefront.” Source: http://www.networkworld.com/news/2010/051810-usb-worm-named-biggest-pc.html?hpg1=bn


Communications Sector

49. May 18, GPS Daily – (National) Delta IV GPS IIF-01 launch set May 20. The U.S. Air Force will launch the first Global Positioning System Block IIF satellite aboard a United Launch Alliance Delta IV Evolved Expendable Launch Vehicle from Space Launch Complex 37 in Cape Canaveral, Florida May 20. The GPS IIF system brings next-generation performance to the constellation. The GPS IIF vehicle is critical to U.S. national security and sustaining GPS constellation availability for global civil, commercial and defense applications. Besides sustaining the GPS constellation, IIF features increased capability and improved mission performance and longevity. Not only is it the first IIF to be launched, this will be the first GPS satellite to ride on the Delta IV launch vehicle. Source: http://www.gpsdaily.com/reports/Delta_IV_GPS_IIF_01_Launch_Set_May_20_999.html


50. May 17, DarkReading – (International) Five ways to (physically) hack a data center. A company can spend millions of dollars on network security, but it is all for naught if the data center has physical weaknesses that leave it open to intruders. Red team experts hired to social engineer their way into an organization said they regularly find physical hacking far too easy. A senior security consultant with Trustwave’s SpiderLabs, said data centers he has investigated for security weaknesses commonly have the same cracks in the physical infrastructure that can be exploited for infiltrating these sensitive areas. The five simplest ways to hack into a data center are by crawling through void spaces in the data-center walls, lock-picking the door, “tailgating” into the building, posing as contractors or service repairman, and jimmying open improperly installed doors or windows. Source: http://www.darkreading.com/database_security/security/management/showArticle.jhtml?articleID=224900081


51. May 17, IDG News Service – (National) FTC asked to investigate Google Wi-Fi ‘snooping’. A consumer group has called on the U.S. Federal Trade Commission (FTC) to investigate Google after the search company revealed that it had been collecting people’s Internet communications from open wireless networks. On May 14, Google said it would stop its Street View cars from sniffing wireless networks after discovering that they had been collecting unencrypted content — the contents of Web pages, for example — unbeknownst to Google. Consumer Watchdog said the FTC should find out exactly what Google logged, how long it collected the information and what it ended up doing with it. “Google has demonstrated a history of pushing the envelope and then apologizing when its overreach is discovered,” the group said Monday in a press release. “Given its recent record of privacy abuses, there is absolutely no reason to trust anything the Internet giant claims about its data collection policies.” Google was collecting the Wi-Fi data — SSID (Service Set Identifier) information and MAC (Media Access Control) addresses — in order to get better location information for its Google Maps service. Source: http://www.computerworld.com/s/article/9176902/FTC_asked_to_investigate_Google_Wi_Fi_snooping_