Department of Homeland Security Daily Open Source Infrastructure Report

Monday, July 12, 2010

Complete DHS Daily Report for July 12, 2010

Daily Report

Top Stories

• According to the New York Times, the soldier accused of downloading a huge trove of secret data from military computers in Iraq appears to have exploited a loophole in Defense Department security to copy thousands of files onto compact discs over a six-month period. (See item 41)

41. July 8, New York Times – (National) Loophole may have aided theft of classified data. The soldier accused of downloading a huge trove of secret data from military computers in Iraq appears to have exploited a loophole in Defense Department security to copy thousands of files onto compact discs over a six-month period. In at least one instance, according to those familiar with the inquiry, the soldier smuggled highly classified data out of his intelligence unit on a disc disguised as a music CD by a popular female recording artist. The suspect is said to have smuggled data disguised as a music CD. A Defense Department directive from November 2008 prohibits the use of small thumb drives or larger external memory devices on any of the estimated seven million computers operated by the Pentagon and armed services. The order was issued to forestall the accidental infection of national security computer networks by viruses — and the intentional removal of classified information. But the Pentagon directive and the amendment did not ban the use of compact-disc devices, which are built into many computers and therefore not included in the prohibition against the use of external memory devices. Source:

• The Roanoke Times reports that a former Roanoke police officer charged in a bank robbery planned to massacre city and Franklin County, Virginia officers, said a federal search warrant filed July 6. (See item 44)

44. July 8, Roanoke Times – (Virginia) Warrant: Suspect planned massacre. A former Roanoke police officer charged in a bank robbery planned to massacre city and Franklin County, Virginia officers and told his ex-partner he was being investigated in a murder and a second bank holdup, a federal search warrant said. The suspect, 26 years old, of Callaway, was a martial arts cage fighter with a “light switch” temper and an arsenal of firearms, including some he purchased with small bills soon after a Rocky Mount bank was robbed last year, former colleagues and investigators said in an FBI search warrant filed July 6 in U.S. District Court in Roanoke. The suspect surrendered July 1 in Franklin County, where he was charged in the Nov. 12 holdup of Franklin Community Bank in Rocky Mount that the search warrant said netted $4,000. He was being held at the Western Virginia Regional Jail. The federal search warrant portrays the bank robbery and his remarks — including his plans to kill seven Franklin County sheriff’s deputies and “a list of Roanoke city police officers” — against a backdrop of financial and personal desperation. Source:

For another story, see item 52 below in the Communications Sector


Banking and Finance Sector

13. July 9, AM 850 – (Florida) Credit card skimmers. Alachua County Sheriff’s Deputies are warning North Central Florida residents about a recent identity theft trend. Two more skimmers have been uncovered in other nearby station pumps. Authorities also discovered that some of the skimmers contained Bluetooths, a wireless technology used to exchange data. A sherriff department spokesman says skimmers are easy to place and hard to detect. The skimmers were most likely put there during the Fourth of July weekend. Source:

14. July 9, Associated Press – (Texas) 5 indicted over San Antonio hotel-related ID theft. Five people have been indicted after credit card numbers from thousands of guests at the Emily Morgan Hotel in San Antonio, Texas were stolen. Federal indictments unsealed July 8 outlined the alleged multistate shopping spree. All five defendants are charged with conspiracy to commit identity theft fraud. Other counts, against various suspects, include possessing counterfeit cards, have equipment to make such cards, aggravated identity theft and money laundering. The hotel’s Westmont Hospitality Group in Houston had no immediate comment. Source:

15. July 8, The Register – (International) Visa yanks PCI approval from PIN entry kit. Visa has withdrawn PCI certification from two older PIN entry devices from Ingenico following concern they are vulnerable to manipulation by cybercrooks. The credit card giant has also been at pains to make sure that products that fail to reach PCI compliance do not make it into the public domain and are only circulated within the industry. The development represents an apparent change of strategy from Visa, which has previously maintained that retailers who achieve and maintain PCI-compliance are protected against security breaches. However, in a leaked memo, Visa says PCI certification has been withdrawn from two previously approved products from Ingenico - the i3070MP01 and the i3070EP01 - as a “precaution”, retail industry site reports. The devices were used in the US. The memo also raised warnings against a larger number of “untested” devices, including four VeriFone units (PINpad 101, 201 and 2000 and the Everest model P003-3xx), two Hypercom units (S7S and S8) and another Ingenico PIN pad (eN-Crypt 2400). A caution was also filed against a further pre-PCI approved unit from Ingenico, the eN-Crypt 2100. The warning, which included anti-skimming advice, stems from concerns that older PIN entry devices can be physically tampered with without triggering detection. Among the scenarios sketched out by Visa is the possibility for crooks posing as service personnel to swap out legitimate devices for doctored kit that harvest credit card information for use in later frauds or for selling on through underground carder forums. Visa is encouraging retailers to switch over to PIN entry devices that are PCI-compliant. Retailers will be expected to shoulder the cost of this move, which comes at a time when merchants in countries such as Canada are undertaking the migration to terminals based on Chip and PIN. These have been commonplace in Europe for some years. Source:

Information Technology

45. July 9, The Register – (International) Reverse engineer extracts Skype crypto secret recipe. A group of code breakers reckon they have successfully reverse engineered Skype’s implementation of the RC4 cipher, one of several encryption technologies used by the consumer-oriented VoIP service. The proprietary encryption technology is used by the VoIP service to protect communications exchanged between its its clients and severs. It also restricts what clients can access the service, a restriction Skype had plans to ease with the upcoming publication of an API. The success justified the publication of an open source emulation of the algorithm by arguing that Skype’s technology is already under exploitation by instant message spammers. Source:

46. July 9, Homeland Security NewsWire – (International) Secureworks World Cup of cyber security finds India the safest nation, U.S. the least safe. The United States is the least cyber-secure country in the world, according to SecureWorks, an information security service provider. With 265,700,000 active PCs, there were 441,003,516 attempted cyber attacks, or 1,660 attacks per 1,000 computers. India is the safest digital country in the world, with a mere 52 attacks per 1,000 PCs. Users in the United States were found to be most at risk: of 265,700,000 active PCs, there were 441,003,516 attempted cyber attacks, or 1,660 attacks per 1,000 computers. India fared best: with 48,100,000 active PCs, they only experienced 2,516,341 attempted cyber attacks, or a mere 52 per 1,000 PCs. “The reasons for the difference in number of attempted attacks per country could comprise many things. This ranges from the overall Internet speeds in a country and how proactive the ISPs are in protecting their clients to general user education on security. The ratio of Windows, Mac, and Linux users in a country will also make a big difference,” said the CTO for SecureWorks. Source:

47. July 8, IDG News Services – (National) NSA says ‘Perfect Citizen’ is a research program. The U.S. National Security Agency (NSA) confirmed the existence of a controversial program aimed at protecting the country’s critical infrastructure July 8, but disputed claims that the program would monitor network traffic on critical infrastructure networks. The program, called Perfect Citizen, was first disclosed July 8 in a Wall Street Journal article that said the NSA “would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity.” However, the NSA called the newspaper’s description “inaccurate,” saying that the program is “purely a vulnerabilities-assessment and capabilities-development contract.” Raytheon won the US$100 million contract for the first phase of Perfect Citizen, which is funded by the Comprehensive National Cybersecurity Initiative. Source:

48. July 7, Krebs on Security – (International) Pirate Bay hack exposes user booty. Security weaknesses in the hugely popular file-sharing Web site have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users. An Argentinian hacker said he and two of his associates discovered multiple SQL injection vulnerabilities that let them into the user database for the site. Armed with this access, the hackers had the ability to create, delete, modify or view all user information, including the number and name of file trackers or torrents uploaded by users. The hacker maintains that at no time did he or his associates alter or delete information in The Pirate Bay database. The Pirate Bay administrators appear to have removed the Web site component that facilitated access to user database. Source:

Communications Sector

49. July 9, Durham News & Observer – (North Carolina) Cary cable, Internet, phone line cut. About 10,000 cable customers in Cary and Morrisville, North Carolina lost cable, Internet and phone service for about six hours July 8 after a fiber optic line was severed by a road crew, according to a spokesman for Time Warner Cable. The line was cut accidentally about 10 a.m. by a crew that was working on a traffic signal at Davis and Cornerstone drives in Cary. The incident also interrupted service from three cell phone towers. Service was restored at 4:10 p.m. July 8. Source:

50. July 8, Mason City Globe Gazette – (Iowa) Service outage for some Mediacom customers Thursday. A service outage late July 8 caused problems for Mediacom TV viewers in Mason City, Iowa. A Mediacom telephone recording said some customers may have been experiencing intermittent service issues, and technicians were trying to resolve the issue. Phone capacity for the Mason City area was reached due to heavy call volume. A Mason City police dispatcher said a transformer apparently exploded in the north end of town, knocking out power. Alliant Energy was notified. Source:

51. July 8, – (International) Zombie satellite still careening through space. The so-called Galaxy 15 zombie satellite that lost contact with ground controllers on Earth in April is still adrift in space, with engineers keeping a close eye on the wayward satellite as it approaches two other spacecraft — Galaxy 13 and Galaxy 14 — this July. The satellite is drifting along a stable and predictable path, according to its communications satellite fleet operator Intelsat. The main focus now is preventing it from interfering with other satellites, though no collisions are expected. The 4,171-pound (1,892-kg) Galaxy 15 satellite went rogue on April 5, when it stopped responding to controllers on the ground. On July 8, Galaxy 15 is expected to begin approaching Galaxy 13, making its closest pass on July 13. Intelsat’s Galaxy 13 and Galaxy 14 satellites both provide video media services to U.S. customers, and the satellite operator has been in regular contact with users in preparation for the flybys. Source:

52. July 8, Congress Daily – (National) Public safety group disputes FCC’s claim on spectrum. A coalition of public safety officials from around the country struck back July 7 against the Federal Communications Commission’s claims that its proposal in the national broadband plan for building an interoperable public safety network will adequately serve the needs of emergency first responders. The Public Safety Alliance, which includes groups representing police chiefs, fire chiefs and others, issued its own white paper in response to one released in June by the FCC that argued the commission’s proposals are adequate to meet public safety’s needs. FCC has called for providing public safety officials with 10 megahertz of spectrum and auctioning off another chunk of spectrum known as the D-Block to commercial providers to help pay for building a public safety broadband network. It also calls for giving public safety officials priority access to roam on commercial networks during emergencies. The alliance and state and local officials say FCC’s plan will not meet the needs of public safety officials, who have called on the commission to give them the D-block spectrum in addition to the 10 megahertz called for in the broadband plan. The alliance argues FCC’s white paper “makes far too many assumptions and relies on conjecture to develop its misguided policy framework that will put public safety users at risk.” Source: