Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 15, 2010

Complete DHS Daily Report for June 15, 2010

Daily Report

Top Stories

• As the government begins deploying whole-body imaging machines to replace metal detectors at airports nationwide, some security experts worry that the new technology could make it easier, not harder, to sneak weapons and explosives onto airplanes, according to the Los Angeles Times. (See item 31)

31. June 12, Los Angeles Times – (National) Expert: I can overcome body scanners with enough explosives to bring down Boeing 747. As the government begins deploying whole-body imaging machines to replace metal detectors at airports nationwide, some security experts worry that the new technology could make it easier, not harder, to sneak weapons and explosives onto airplanes. The Transportation Security Administration (TSA) has not been able to ease concerns among some aviation security specialists about the body imagers. “I can overcome the body scanners with enough explosives to bring down a Boeing 747,” said a former chief security officer at the Israel Airport Authority, who is now a security consultant. The TSA won’t talk about specific capabilities but said the body imagers will better enable screeners to find nonmetallic weapons, including concealed powdered and liquid explosives that do not set off metal detectors. “No technology is going to be the silver bullet, but this is a significant enhancement,” said the assistant administrator for the TSA’s Office of Security Technology. The Goverment Accountability Office also noted that unlike metal detectors, body imagers rely on TSA employees to accurately read the image, as they must do with X-ray images of carry-on bags. Classified tests show that X-ray screeners routinely miss threats, said a former Department of Homeland Security inspector general. The rate of detection for baggage X-rays is “disastrously low, and it’s no better than it was on 9/11 — that’s the scary thing,” he said. The technology, although effective against certain threats, is too easily beatable, said several aviation security experts, some with ties to competing products. A chief executive of Transecure, a Leesburg, Virginia, airport security consulting firm, said the machines will not detect material concealed in the groin and in body cavities. “You can get metallic items by that screening technology that you can’t get by metal detectors,” said the former head of security for Northwest Airlines. Source:

• Heavy rain and storm runoff that swelled creeks and rivers briefly threatened a small hospital and forced the evacuation of a small town in central Nebraska Saturday, The Associated Press reports. North Loup, a town of about 340 in central Nebraska’s Valley County, was evacuated because of street flooding that followed failure of a small dam, state officials said. (See item 65)

65. June 12, Associated Press – (Nebraska) Dam failure forces evacuation of Nebraska town. Heavy rain and storm runoff that swelled creeks and rivers briefly threatened a small hospital and forced the evacuation of a small town in central Nebraska Saturday, officials said. North Loup, a town of about 340 in central Nebraska’s Valley County, was evacuated because of street flooding that followed failure of a small dam, state officials said. A sheriff’s dispatcher said no injuries had been reported. Radio station KNLV in Ord said a shelter for North Loup residents was being arranged in nearby Scotia. The sheriff said residents would be allowed to return to town Saturday night once electricity and gas lines were checked and repaired. He said the floodwater was deepest — up to 4 feet — on the north side of town. A few basements had fallen in, he said, and floodwaters caused sewer problems. He said an earthen dam holding back a private pond gave way and sent water down Mira Creek, which flows along the north side of town. Source:


Banking and Finance Sector

18. June 14, Washington Post – (National) Small banks are big problem in government bailout program. The Treasury Department’s financial bailout has a growing problem on its hands, and this time, it has nothing to do with Wall Street. A new report from the agency shows that community banks continue to plague the program. A total of 101 bailed-out banks — nearly all are small — have missed paying the government a dividend, which was a condition of taking the aid. That number is up 25 percent since February, and has nearly doubled since November. The rising number of “deadbeat” banks, as they are known, could force Treasury to become more deeply entangled in the affairs of small financial firms that are troubled. The bailout legislation gives Treasury the right to appoint members to the boards of banks that miss six dividend payments. So far only one firm, Saigon National Bank in Southern California, has missed that many payments. Eight others have missed five payments and 16 have missed four. Most banks that received federal aid agreed to pay the government a 5 percent dividend every three months upon taking funds from the Troubled Assets Relief Program. Treasury officials declined to answer questions about whether they were preparing to make board appointments. Source:

19. June 14, SC Magazine – (International) Development of call protection could lead to the end of the theft of customer payment data exchanged over the telephone. Ten major audio data thefts that have occurred in the last year have led to the development of a device that detects and blocks the “DTMF” (dual-tone multi-frequency signaling) tones and obscures card details. Set to be released in less than two months by British company Veritape, “CallGuard” solves a technical problem for call centers that has appeared to be near insurmountable until now. The company claimed that the theft of customer payment data exchanged over the telephone could be eliminated, particularly as a recent study by Veritape identified 93 percent non-compliance to payment data regulations amongst UK call centers due to the complexity and cost of compliance. The managing director of Veritape said that industry rules make protection and non-storage of credit card details a mandatory requirement for call centers, but despite this, most call centers are in breach of the guidelines. According to Veritape, CallGuard is fully compatible with any call-recording system and ensures that recorded telephone conversations are fully compliant with the PCI DSS regulations. It works by detecting and blocking “DTMF” tones, the sounds produced when keying in a number. By doing this it prevents any storage of the numbers communicated by the customer. At the same time it automatically enters card details into password style fields, which themselves are obscured with asterisks. The technology is built into a box the size of a large shoebox with an additional small USB device per workstation. It can also work internationally, protecting calls made to offshore call centers. Source:

20. June 14, Active Filings – (Minnesota) Telephone credit card scam targets business owners. The Better Business Bureau said a new telephone-based scam abusing disability services is targeting many small businesses, including restaurants and other business types. In the scam, a business owner receives a call through the Telecommunications Relay Service (TRS) asking for an extremely large delivery order. After placing the order, the scammer asks if they can overpay, and have the difference sent to them. Afterwards, the credit card number is found to be stolen, leaving the company short whatever money they sent. The TRS system was designed to assist people who have hearing or speech problems. The system allows users to type what they would like to say, and a communications assistant will relay that along, and type back the response to the user. By using TRS to make the fraudulent calls, business owners never see or hear the scammer in person. Two Minnesota restaurants have already reported the scam to the BBB, which says any type of business could be vulnerable to it. Source:

21. June 13, Los Angeles Times – (International) At least 24 killed as gunmen storm Iraq’s Central Bank. Armed men wearing police-commando uniforms briefly overran Iraq’s Central Bank on Sunday, killing at least 24 people in a brazen daylight assault in the heart of Baghdad’s busiest commercial district. The corpses of seven more men wearing uniforms and suspected of being among the assailants were found inside the bank after police finally entered, four hours after the assault began. At least 46 people were injured. Some of the casualties were civilians caught in explosions or gunfire outside the bank, and others were employees trapped inside, police said. It was the latest in a string of heists targeting banks and jewelers in Iraq, but at least one of the assailants killed himself using an explosives vest, suggesting the motive may have been sabotage rather than robbery. The assault exposed the vulnerabilities of the Central Bank, one of Iraq’s most vital institutions. Once storming two separate entrances, the gunmen apparently roamed through the building, though what exactly happened inside was still murky late in the evening. Security forces fearing a hostage scenario ringed the bank, and when they finally entered shortly after 7 p.m., they found only dead and injured bank employees and the seven bodies of suspected assailants. According to a Major General who is the spokesman for security forces in Baghdad, no apparent attempt was made to steal money, but several floors of the building were set ablaze after the gunmen entered. “They didn’t steal anything,” he told the state broadcaster Al Iraqiya. “Their purpose was to sabotage, and though we can’t accuse anyone now, the fingerprints of Al Qaeda are very obvious.” Source:,0,6370835.story

22. June 13, Battle Creek Inquirer – (Michigan) Police warn of new credit card scam in area. The Michigan State Police Department is warning retailers of a new credit card scheme happening in Battle Creek. The culprits scramble a store’s satellite system, used to send credit card information with aluminum foil, police said, knocking out the card verification systems and allowing the thiefs to use stolen credit cards unnoticed. Police warn stores against accepting business from customers using a variety of credit cards for purchases, and said businesses with satellite dishes attached to low roofs are especially vulnerable. Businesses are asked to call 911 if they suspect they have been scammed. Source:

23. June 12, Bank Info Security – (Texas; Washington) Bank, credit union closed on June 11. Federal and state banking regulators closed a bank and a credit union Friday, June 11, raising the number of failed institutions to 91 so far in 2010. The National Credit Union Administration (NCUA) was appointed liquidating agent of Orange County Employees Credit Union (Orange County Employees) of Orange, Texas, by the Texas Credit Union Department. NCUA has signed an agreement with Sabine Federal Credit Union (Sabine) of Orange, Texas, to assume the assets and liabilities of Orange County Employees. Orange County Employees had $1.7 million in assets. Washington First International Bank, Seattle, was closed by the Washington Department of Financial Institutions, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. To protect the depositors, the FDIC entered into a purchase and assumption agreement with East West Bank, Pasadena, California, to assume all of the deposits of Washington First International Bank. The FDIC estimates that the cost to the Deposit Insurance Fund will be $158.4 million. Source:

24. June 12, WWSB 7 Sarasota – (Florida) Bomb threat at Palmetto bank ends safely. A scary situation at a Palmetto, Florida bank June 11 ended safely after a bomb squad deactivated a bomb on a woman’s body. At approximately 5:40 p.m., the Palmetto Police Department received a call from the Bank of America, located at 700 8th Ave. W. The call was in reference to a 47-year-old female, who was in the bank with what she said was a bomb strapped to her back. Numerous police officers responded to the scene. Due to the nature of the incident, the police department requested the sheriff’s office, including the bomb squad, to respond to the bank. After the scene was secured and it was determined that the device was not a bomb, the woman was questioned about the incident. She told detectives that she was kidnapped, forced to put on the device, and told to rob the bank. At this time, the woman isn’t being charged, however the investigation continues. Source:

Information Technology

51. June 14, The New New Internet – (International) Taliban hacked, DoD starts cyber offensive. The Webmaster of a Taliban-endorsed Webs ite has claimed that the site was hacked. An administrator for a jihadi forum endorsed by the Taliban wrote in a post that the “group’s main site and the site of its online journal Al-Sumud, have been the subject of an ‘infiltration operation,’ “ according to The post goes on to warn online jihadists “to not enter any of the links that concern these websites, and not even to surf [the content] until you receive the confirmed news by your brothers, Allah-willing.” Outages of jihadist Web sites are relatively common, though this may be the first example on a site being hacked, a spokesman of Flashpoint Partners told Wired. While no one has claimed credit for the hack, the Department of Defense has previously announced its intentions to take-down terrorist affiliated Web sites. Source:

52. June 14, Help Net Security – (International) Keyloggers posting on webpages. Numerous keystroke logger entries have piled up on giving rise to suspicions of massive keylogger infestations. As if the number of keystroke logger entries that recently made it to Pastebin wasn’t suspicious enough, their content raises eyebrows as well: instead of the expected open-source code, there are Facebook or IM passwords, along with detailed information on unwary users’ surfing history. The amount of personal data publicly exposed is large enough to eliminate the supposition that an attacker might have manually posted it. A deeper look into the issue reveals that this is the result of a massive keylogger infestation. Conventional keyloggers use classic log transfer approaches and send the data packets via e-mail or FTP; this dramatically increases the possibility for the law enforcers to find out who the remote attacker is and to ultimately get him. Furthermore, the e-mail approach is extremely “noisy”: it is easy for a system administrator to spot the traffic, not to mention that anti-malware utilities usually let users know when an e-mail leaves the system. Other times, the e-mail ports (usually set to 25, 465 or 578) may be either secured or blocked, which would make the keylogger “cargo” fail on dry shore. That is why this particular keylogger uses “customized” tactics as in depositing the output into a common world-wide-web location. Shortly put, Pastebin equals no firewall to block the traffic, no tracking path, no originating IP address, no identity exposed on the attacker’s side. Source:

53. June 13, PC World – (International) Linux trojan raises malware concerns. There is good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be hacked already. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting. Despite the perception that Linux is inherently secure, it is not impervious and IT admins. need to remain vigilant.An announcement on the Unreal IRCd Forums states: “This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn’t allow any users in).” The post goes on to say “It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.” Unreal IRC is an Internet relay chat platform. Source:

54. June 11, The Register – (National) FCC: iPad breach and Google Wi-Fi debacle ‘worrisome’. AT&T’s failure to safeguard information for more than 100,000 iPad users and Google’s collection of user data over Wi-Fi networks are “each worrisome in its own way,” a Federal Communications Commission official said June 11 in the agency’s first comment on the privacy breaches. “Our Public Safety and Homeland Security Bureau is now addressing cyber security as a high priority,” the FCC’s chief of consumer and governmental affairs said in a blog post entitled “Consumer View: Staying Safe from Cyber Snoops.” “The FCC’s mission is to ensure that broadband networks are safe and secure, and we’re committed to working with all stakeholders to prevent problems like this in the future.” His comments come a day after the FBI said it would investigate a hack of AT&T servers that exposed the e-mail addresses and cellular ID numbers of more than 114,000 early adopters of Apple’s iPad. The gray-hat hacker group known as Goatse Security has taken credit for the stunt, which exploited a Web application on AT&T’s Web site. As a result, information belonging to celebrities and high-ranking government officials was exposed. “The iPad incident appears to be a classic security breach – the kind that could happen, and has happened, to many companies – and is exactly the kind of incident that has led the FCC to focus on cyber security,” the chief wrote. Source:

55. June 11, SCMagazine – (International) New wave of website hacks seek to spread malware. Those behind the SQL injection attack that compromised pages belonging to the Wall Street Journal and a number of other sites are at it again, according to researches at malware detection solutions provider Sucuri Security. The latest wave of attacks began June 11 and, at that time, 1,000 pages, including the Web sites for Chicago Public Radio and IndustryWeek, were infected, the lead security researcher at Sucuri Security, told June 11. The sites were injected with JavaScript code that attempted to load malware from a new malicious Web server onto visitors’ PCs, researchers said. As of June 11, the server was still active. “They [attackers] just started using a different site to host the malware, which is still live, so these sites are currently actively serving malware to their users,” the lead security researcher said. Some of the same sites that were infected earlier this week were reinfected in the latest attack, he added. Since the second round of the attack just began, it is difficult to determine the extent, so the actual number of infected sites might be greater than 1,000. Ironically, one of the infected sites was, a provider of SQL Server and SharePoint administration tools. Just like the last wave of attacks, all affected sites are hosted on Microsoft Internet Information Services (IIS) web servers, and using Active Server Pages software from Source:

56. June 10, Bank Info Security – (National) Senators unveil long-awaited cybersecurity bill. The long-awaited cybersecurity and Federal Information Security Management Act (FISMA) reform bill introduced June 10 by the leaders of the Senate Homeland Security and Governmental Affairs Committee would create two cybersecurity directors - one in the White House and the other in the Department of Homeland Security - to lead the federal government’s information security efforts. The Protecting Cyberspace as a National Asset Act of 2010 also would provide a framework for the president to authorize emergency measures to protect the mostly privately owned critical IT infrastructure - such as financial networks and utility grids - if a cyber attack is imminent. Owners of these critical IT systems could face civil penalties if they do not follow regulations to secure them properly. The bill provides for the government and industry to collaborate on defining regulations and situations when a cyber emergency could be declared. The bill also would reform FISMA, the 8-year-old law that governs how federal agencies secure their IT systems by jettisoning the paper-based compliance process with one that emphasizes continuous monitoring of computer systems and red-team assaults by “friendly hackers” to test vulnerabilities. Source:

Communications Sector

57. June 11, IDG News Service – (National) VCs: Net neutrality rules needed to push Web investment. The U.S. Federal Communications Commission should move ahead with plans to create formal network neutrality rules in order to encourage investment and innovation in Web applications and content, three venture capitalists said Friday. Without new net neutrality rules, innovative new Web companies could get buried by broadband providers that don’t see their value, said a partner with Union Square Ventures, a New York City venture capital (VC) firm that has invested in, Foursquare and Meetup. Without net neutrality rules that would prevent broadband providers from selectively discriminating against Web content and services, a service like Twitter “would never have seen the light of day,” he said during a Washington, D.C., forum hosted by the Open Internet Coalition, a group that supports net neutrality rules. Allowing broadband providers to have control over Web content and applications is “fundamentally a bad idea,” added the managing director of Foundry Group, a Boulder, Colorado, venture capital firm that focuses on technology investments. Also speaking in favor of net neutrality rules was the founder and general partner of Spark Capital, a Boston VC firm. Source:

58. June 11, UPI – (National) Solar flare activity might threaten GPS. A Cornell University expert on global positioning and satellite systems is warning they will be challenged as solar flare activity rises. A professor of electrical and computer engineering said an increasingly complex and brittle U.S. technical infrastructure has been created since 2004 — a period of minimum solar flare activity. And during future periods of solar activity, those systems will be tested for the first time. “We have been observing the sun during the space age for only 50 years and we do not fully understand its behavior, especially the extremes of its behavior,” the professor said. “In 2006, there was an eruption of solar radiation 100 times more intense than expected that temporarily silenced many GPS receivers over the sun-lit Earth. What is the ultimate limit of such eruptions of solar energy? Is it 1,000 times more intense, 10,000 times more intense? We just don’t know.” Although the sun has been rather predictable during the past 50 or 60 years, it recently has become less predictable, the professor said, noting such activity calls into question man’s understanding of how the sun operates and the ability to predict its impact on technology. “However, we do know that our increasingly more efficient infrastructure is also less robust and more vulnerable,” he said. “Space weather — such as the upcoming period of increased solar activity — will test the vulnerabilities of our communications and navigation infrastructure.” Source: