Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, June 17, 2010

Complete DHS Daily Report for June 17, 2010

Daily Report

Top Stories

• Tuesday was a hazardous mess for motorists in downtown Tulsa, Oklahoma when an 18-wheeler lost control and fell from one highway ramp onto another, according to KSLA 12. The accident caused the truck to spill more than 78,000 pounds of ammonium nitrate onto the roadway. (See item 11)

11. June 16, KSLA 12 Shreveport – (Oklahoma) Chemical spill in Tulsa. Tuesday was a hazardous mess for motorists in downtown Tulsa, Oklahoma when an 18-wheeler lost control and fell from one highway ramp onto another. The accident caused the truck to spill more than 78,000 pounds of ammonium nitrate onto the roadway. Firefighters and haz-mat crews carefully cleaned up the volatile chemical without any problems. The driver of the truck was in the hospital in fair condition. Source:

• The Associated Press reports that a former national guardsman pretending to be a U.S. Army soldier convinced an officer to give him a sophisticated laser sight for military rifles before he was caught hours later on Fort Gordon base in Georgia with a land mine, several grenades and night vision devices, prosecutors said Wednesday. (See item 41)

41. June 16, Associated Press – (Georgia) Man seized at Army post had land mine, laser scope. A former national guardsman pretending to be a U.S. Army soldier convinced an officer to give him a sophisticated laser sight for military rifles before he was caught hours later on Fort Gordon base in Georgia with a land mine, several grenades and night vision devices, prosecutors said Wednesday. Federal prosecutors said in a criminal complaint that the man falsely pretended to be an Army master sergeant on Tuesday, and sought to steal the infrared laser targeting sight. He was wearing a full combat uniform, including rank and insignia, when he was stopped at Fort Gordon by military police and questioned about his activities, according to the complaint. After he gave them consent to search his vehicle, authorities said they found several grenades and the land mine, among other equipment. According to the complaint, he told investigators he was able to obtain the laser sight by telling a captain in the base’s military police office that he was a master sergeant in the Army’s 82nd Airborne Division and that he needed it to train a soldier. A Fort Gordon spokesman did not know if Saxon used a military ID, either fake or real, to get onto the base. Source:


Banking and Finance Sector

25. June 16, Great Lakes Advocate – (Illinois) Skimming scam: State fraud squad on servo case. The details of hundreds of fuel customers are rumored to have been stolen by an Electronic Funds Transfer at Point of Sale (EFTPOS) card skimming device found at a Forster service station. The device has been deactivated and the Macintosh St business is closed and barricaded as State Fraud Squad and Manning Great Lakes Local Area Command detectives investigate. A Great Lakes detective inspector said there were more than 25 reports to police of money stolen from bank accounts. But there could be many more people unaware they’ve become a victim of the scheme. While police would not release a figure it’s been speculated that thousands were skimmed from customers’ accounts. The proprietor of the station is assisting with investigations under Strike Force Wigg along with several financial institutions. Police have urged people to check their bank statements for suspicious transactions and contact their financial institution should they find any anomalies. Source:

26. June 15, Visa Inc. – (National) Digital currency: “The future of goverment payments”. Digital currency has the potential to dramatically transform government payments in the next five years, saving U.S. taxpayers hundreds of millions of dollars, according to representatives from the government and private sector. The positive impact of digital currency on all aspects of government payments and purchasing was highlighted at a June 16 briefing in Washington, D.C. Speakers at the event, including Visa’s global head of corporate relations, pointed to plans by state, local and federal government agencies to launch or expand electronic-payment programs to improve efficiency, accountability and transparency. “Switching from inefficient paper processes to digital currency can have a sizable long-term impact,” he said. Among the expected future savings cited at the event: The U.S. Department of Treasury has announced plans to switch to electronic payments, eliminating about 136 million paper checks, saving almost $50 million in postage and $300 million over the first five years; The U.S. Social Security Administration and U.S. Department of Veterans Affairs have announced the completion of the switch to digital currency for benefits payments. Treasury reported that while it costs about $1 to print and mail a check, each digital-currency payment cost 10 cents. Currently, 39 states deliver benefits on Visa prepaid cards to recipients of 71 programs for child support, unemployment insurance and Temporary Assistance for Needy Families disbursements. Some states have realized savings that have reduced the cost of distributing benefits dramatically. Nebraska, for example, used to pay 59 cents to print and mail each check, but pays only about one penny to reload a prepaid card. Finally, the U.S. General Services Administration’s SmartPay program provides purchase, travel, fleet and integrated payment card programs to more than 350 federal agencies and departments, saving these agencies $1.7 billion — up to $70 per purchase, according to the GAO. Source:

27. June 15, Associated Press – (Virginia) 2 Va. men plead guilty in mortgage fraud scheme. Two Lynchburg, Virginia men have pleaded guilty to participating in a mortgage-fraud scheme that cost lenders at least $7 million. A U.S. attorney said a 38-year-old and 32-year-old suspect each pleaded guilty June 15 to federal charges of conspiracy to commit bank fraud, mail fraud, wire fraud, fraud by false statements on loan and credit applications, and conspiracy to commit laundering of monetary instruments. The U.S. attorney said the pair used straw buyers to fraudulently obtain mortgages on properties in the Moneta area near Smith Mountain Lake. The scheme cost financial institutions between $7 million and $20 million. Each defendant faces up to five years in prison. A sentencing hearing is set for September 10. Source:

Information Technology

46. June 16, The Register – (International) Feds block sale of crooks’ favorite messaging client. AOL’s sale of ICQ-messaging software to Russian firm Digital Sky Technologies might yet be blocked by U.S. authorities, which fear losing access to transcripts from the criminal fraternity’s favored messaging product. AOL sold ICQ for $187.5 million to DST back in April - a pittance compared to the $400 million it paid for the company in 1998. But ICQ is popular in Russia, the Czech Republic and Germany, especially among eastern European criminal gangs. One investigator said “Every bad guy known to man is on ICQ,” according to the Financial Times. The paper claims that current ICQ servers based in Israel are occasionally accessed by U.S. investigators seeking transcripts of conversations. The fear is this easy access will disappear once ICQ moves to Moscow. DST owns a stake in Facebook and runs Russia’s largest e-mail provider, and three of the country’s other social networking sites. Source:

47. June 16, PC Advisor UK – (International) 3.7 billion phishing emails were sent in the last 12 months. Cybercriminals sent 3.7 billion phishing emails over the last year, in a bid to steal money from unsuspecting web users, says CPP. Research by the life assistance company revealed that 55 percent of phishing scams are fake bank emails, which try and dupe web users into giving hackers their credit card number and online banking passwords. Hoax lottery and competition prize draws and ‘Nigerian 419’ scams that involve email requests for money from supposedly rich individuals in countries such as Nigeria, were also among the most popular phishing emails. Furthermore a quarter of Brits admitted to falling for the scams, losing on average 285 pounds. Online banking fraud has surged by 132 percent during the last year. The report also highlighted that 46 percent of web users worry their credit card details will be used to make illegal online purchases. CPP also revealed social networking scams are on the rise. Nearly one fifth of Brits have received phoney Facebook messages claiming to be from friends or family in the past year. One in 10 fear that fraudsters are using Twitter to follow them, while a third are concerned their social networking account could be hacked. Source:

48. June 16, – (International) Former @stake researcher Aitel insists on data classification. Too many firms are turning to cloud-computing resources before knowing the data that needs the most attention, increasing the attack surface and setting up the perfect environment for a breach, according to a prominent security expert. The chief technology officer of Miami-based assessment and penetration vendor Immunity Inc. said companies are making it easier for hackers to break into networks by not undertaking data classification. The officer, a well known expert with roots at NSA and the once prominent security research boutique @stake, railed against jumping head first into cloud computing and criticized traditional security technologies – intrusion prevention and unified threat management appliances – for being too easy for attackers to bypass. The chief technology officer spoke to hundreds of security professionals June 15, at the Forum of Incident Response and Security Teams Conference 2010. The SDL of all major software vendors is broken, he said. He criticized browser makers for producing shoddy code, called static analysis tools a waste of time, and said the hacking community is at least a decade ahead of security professionals tasked with defending company networks. Source:,289142,sid14_gci1515052,00.html

49. June 15, Computerworld – (International) Hackers exploit Windows XP zero-day, Microsoft confirms. Hackers are now exploiting the zero-day Windows vulnerability that a Google engineer took public recently, Microsoft confirmed June 15. Although Microsoft did not share details of the attack, other researchers filled in the blanks. A compromised Web site is serving an exploit of the bug in Windows’ Help and Support Center to hijack PCs running Windows XP, said a senior technology consultant at antivirus vendor Sophos. He declined to identify the site, saying only that it was dedicated to open-source software. “It’s a classic drive-by attack,” said the consultant referring to an attack that infects a PC when its user simply visits a malicious or compromised site. The tactic was one of two that Microsoft said last week were the likely attack avenues. The other: Convincing users to open malicious e-mail messages. According to Microsoft, the exploit has since been scrubbed from the hacked Web site, but it expects more to surface. “We do anticipate future exploitation given the public disclosure of full details of the issue,” said Microsoft’s group manager of response communications. Source:

50. June 15, DarkReading – (International) Trojans now 70% of all malware, report says. Trojans comprise almost three-quarters of all malware sent by e-mail. At the same time, the volume of malware has climbed considerably since the beginning of the year. These findings are reported in the E-Mail Security Report June 2010 presented today by the leading German e-mail security specialist eleven. The vast majority (87 percent) of all spam e-mail is pharmaceutical-related. Germany continues to be among the top spam senders worldwide. In May 2010, it was just behind the U.S., which took the top spot. A few of the most important trends: In May 2010, eleven discovered the first spam e-mail containing multiple topics, such as a single e-mail advertising pharmaceuticals and watches; Spam volumes remain at record levels. Spam e-mail accounted for 96.2 percent of the entire e-mail traffic in May 2010; Of all malware sent by e-mail in April and May 2010, Trojans accounted for 69 percent. For malware authors, the expansion of globally active botnets has become the most important activity; Since the beginning of the year, the monthly volume of malware spread via e-mail has increased more than fourfold. The share of malware e-mail increased from 0.01 to 0.1 percent of the total; While pharmaceutical- and casino-related spam had equal shares for a long time, pharmaceutical spam is now clearly dominant with 87 percent; the share of casino spam has fallen to 3 percent; finally, Germany remains among the top spam senders. The USA is once again in the lead, while Brazil has fallen to fourth place. Source:

51. June 15, Sophos – (International) 95 percent say Facebook needs to do more to fight clickjacking worms, poll reveals. Facebook is not doing enough to protect members from a recent spate of clickjacking attacks on the popular social networking site. That’s the verdict of 95 percent of the 600 people polled overnight after the latest attack that struck the social network, tricking users into ‘liking’ a Web page entitled ‘101 Hottest Women in the World’. The scams, dubbed ‘likejacking’ by Sophos, exploit the ‘Like’ button facility by automatically updating a user’s Facebook status to ‘like’ a third party Web page without the user realizing that they have clicked a button at all. The update is then automatically shared with a user’s Facebook friends via the Web site’s newsfeed, helping the attacks to spread rapidly across the social network. Although the attacks are yet to deliver malicious payloads, they demonstrate an exploitable weakness in the way that Facebook works, putting users at potential risk from future malware or phishing attacks. Source:

Communications Sector

52. June 16, The H Security – (International) Further problems at ATT. According to US media reports, the servers of telecommunications giant AT&T had considerable problems with handling iPhone 4 pre-orders. Problems included not only server connection failures and processing flaws, but also data leaks. After logging in, users were presented with other customers’ account details – including their address, invoicing overview and outgoing phone calls. However, it was reportedly not possible to manipulate the data. AT&T responded by taking the pages offline. They have since become available again – but pre-orders are no longer said to be possible. No official statement about what caused the problems has so far been issued. Technology blog Gizmodo, however, reported that the failures and leaks were caused by a server update that was installed last weekend. An anonymous informer who apparently works for an AT&T supplier said that the update went wrong and crippled numerous systems. This was said to have caused widespread problems on the internet and in AT&T stores. Source:

53. June 15, New York Times – (National) Public safety agencies aim to stop spectrum auction. Ever since the September 11 attacks exposed the communications difficulty that police, fire and other personnel had in a crisis, government and public safety officials have wrestled with how to rebuild the nation’s emergency networks. Nine years later, that effort has reached a showdown between the Federal Communications Commission, which is seeking to auction off a block of wireless broadband spectrum to the private sector, and public safety officials, who say that the additional space on the public airwaves should be used instead for a dedicated emergency broadband network. With commercial wireless companies preparing to build the next generation of wireless communication networks, the resolution of the debate will determine whether public safety officials will be able to use the latest technology in emergencies. The two sides will face off on June 17 at a hearing before the House Subcommittee on Communications, Technology and the Internet, which is considering legislation to pay for a public safety network. Source:

54. June 15, Urgent Communications – (National) FCC grants extension in 700 MHz proceeding. Commenters will have an additional month to provide input to the FCC on key questions associated with the proposed nationwide, 700 MHz public-safety wireless broadband network, according to a public notice released on June 15. In the proceeding, the FCC is seeking comments on an interoperability public notice for the proposed network that included questions on out-of-band emissions and equipment certification. Under the original petition, comments would have been due on June 17. Under the new public notice, comments will be due on July 19. “We had a request from the District of Columbia (D.C.) to extend the comment period, and we did,” a senior legal counsel for the FCC’s public safety and homeland security bureau said during the June 15 meeting of the National Public Safety Telecommunications Council (NPSTC). In a recent filing with the FCC, the District of Columbia chief technology officer, noted that the District of Columbia and 20 other 700 MHz broadband waiver jurisdictions are trying to meet a July 1 deadline for submitting applications for Broadband Technology Opportunities Program (BTOP) funding that would be used to build 700 MHz broadband networks. With resources focused on the BTOP applications, the District of Columbia asked for an additional month to file comments in the interoperability proceeding. Source:

55. June 15, The Register – (International) Researchers probe net’s most blighted darknet. Researchers probing a previously unused swath of internet addresses say they’ve stumbled onto the net’s most blighted neighborhoods, with at least four times as much pollution as any they’ve ever seen. The huge chuck of more than 16.7 million addresses had never before been allocated and yet the so-called darknet was the dumping ground sustained barrages of misdirected data as high as 150 Mbps, with a peak as high as 870 Mbps, said the director of research and development at the non-profit group Merit Network. That was about four times higher than most darknets and 20 times higher than a previously unallocated address block of addresses set up as a control group. The block is referred to as a 1/8 (pronounced one slash eight) or because it comprises through, a designation of 224 individual IP addresses. Almost as soon as it was allocated by IANA, or the Internet Assigned Numbers Authority, in late January, the researchers noticed it was absorbing huge amounts of garbage traffic, making many of the addresses largely unusable. Source: