Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 27, 2010

Complete DHS Daily Report for July 27, 2010

Daily Report

Top Stories

• Several European NATO members have expressed concern that the fallout from a massive online leak of confidential U.S. documents on the Afghan war could extend well beyond the Internet — and could even affect the war itself. According to combined report from CTV news, Associated Press and Canadian Press, the U.S. records cover six years of the war in Afghanistan, including previously unknown accounts of civilian deaths and targeted attacks on Taliban members. (See item 34)

34. July 26, CTV news; Associated Press; Canadian Press – (International) NATO allies fear fallout of leaked Afghan war docs. Several European NATO members have expressed concern that the fallout from a massive online leak of confidential U.S. documents on the Afghan war could extend well beyond the Internet — and could even affect the war itself. The U.S. records cover six years of the war in Afghanistan, including previously unknown accounts of civilian deaths and targeted attacks on Taliban members. “A lot of it is mundane, but a lot of it is also very serious, on-the-ground, battlefield reports about the situation in the war, and right now it doesn’t seem like it is matching the narrative that is coming out of the Pentagon,” a freelance journalist told CTV’s Canada AM during an interview in Toronto July 26. Some reports, for example, reveal that the Taliban “apparently have surface-to-air missiles, which contradicts everything we’ve heard from the Pentagon about the kind of weaponry that’s being seen in the field,” said the journalist, who has reported in Afghanistan in the past. So far, NATO has declined comment on the release of the U.S. documents. But representatives from NATO member countries said they hope the leaks do not pose problems for the current war effort. The German foreign minister warned that “backlashes” could result from the 91,000 records posted online by the WikiLeaks organization July 25. The British foreign secretary said that with recent progress being made in Afghanistan, he hoped “any such leaks will not poison that atmosphere.” Source: http://www.ctv.ca/CTVNews/World/20100726/wikileaks-nato-concerns-100726/

• The Associated Press reports that flooding from the Maquoketa River after the Lake Delhi dam failed has damaged dozens of homes and businesses, causing millions of dollars in damage in Monticello, Iowa officials said July 25. The dam in eastern Iowa failed July 24 as rising flood water from the Maquoketa River ate a 30-foot-wide hole in it. (See item 60)

60. July 26, Associated Press – (Iowa) Iowa flooding causes millions in damage. Flooding from the Maquoketa River after the Lake Delhi dam failed has damaged dozens of homes and businesses, causing millions of dollars in damage in Monticello, Iowa officials said July 25. The dam in eastern Iowa failed July 24 as rising flood water from the Maquoketa River ate a 30-foot-wide hole in it. Areas below the dam, including Hopkinton and Monticello, were evacuated. Officials estimated that 8,000 people were affected by the floods, but no injuries were reported. “It is simply unbelievable. This is unprecedented. We’ve had floods before and we’ve always been able to contain the situation and minimize the damage, “said the president of the board of directors at the Lake Delhi Recreation Association. “There was simply too much water.” The river crested upstream of the dam at Manchester early Saturday afternoon at 24.53 feet — more than 10 feet above flood stage and well above its 2004 record of 21.66 feet — before it began to slowly recede. About 50 homes and 20 businesses had major flood damage and the city’s sewer plant was flooded and shut down about 7 p.m. July 24. Most of the city’s 3,700 residents could flush their toilets, but waste was pouring into the river. Still, environmental damage shouldn’t be great because the waste was being diluted by the floodwater. Damage to private property will probably be in the millions of dollars, the public works director said. The cost of repairing the sewer plant will not be known until workers can get inside to assess the damage. Pumps from the Army Corps of Engineers and the city were being put into the city’s main sewer lines to try to keep water out of residents’ basements. The hydroelectric dam on the Maquoketa River that created Lake Delhi in the 1920s is no longer used for power but maintains the lake for recreational purposes. Source: http://www.boston.com/news/nation/articles/2010/07/26/iowa_flooding_causes_millions_in_damage/

Details

Banking and Finance Sector

13. July 26, Associated Press – (California) FBI: San Diego skateboard bandit strikes again. The FBI says a skateboard-clutching bank robber has struck again in San Diego, California. Authorities said the man dubbed the “Skateboard Bandit” held up a Wells Fargo branch in the Torrey Pines neighborhood July 23. The FBI believes he is the same man who robbed a Comerica Bank July 12. In both cases, authorities said the robber flashed a gun at a bank teller, stuffed money in his backpack, and fled. The thief was wearing a black, hooded sweatshirt and a green paisley bandanna. The FBI released a photograph showing the thief holding his skateboard. Source: http://news.bostonherald.com/news/national/west/view/20100725fbi_san_diego_skateboard_bandit_strikes_again/srvc=home&position=recent


14. July 26, American Banking News – (National) Bank of America corp suffers from online banking outage. Bank of America’s online banking and mobile banking site suffered an outage July 22, a widespread issue which appeared to have started at about 2 p.m. Pacific Standard Time, but was resolved over the weekend. A number of Twitter users posted complaints that they could not access their online banking services, which led Bank of America’s “BofA_Help” twitter account to swing into disaster recovery mode. ZDNet was able to confirm the problem getting into Bank of America’s Web site, and some of the firm’s mobile applications. Other parts of Bank of America’s Web site, such as home loans and IRAs, did not appear to be effected by the outage. Source: http://www.americanbankingnews.com/2010/07/26/bank-of-america-corp-nyse-bac-suffers-from-online-banking-outage/


15. July 24, Gainesville Sun – (Florida) Credit card skimming devices were found Friday at a Gainesville gas station near Interstate 75. More credit-card skimming devices were found July 23 in two gas pumps at a Gainesville, Florida gas station on Williston Road near Interstate 75, leading authorities to warn residents against paying at the pump at any area stations. Earlier in July, three skimming devices were found at two gas stations near the I-75/Newberry Road interchange. Authorities subsequently checked all gas station pumps at major interchanges along I-75 in Alachua County, finding no additional skimmers. Authorities have said the skimming devices installed at pumps are equipped with Bluetooth, allowing stolen credit-card information to be retrieved using a cell phone or laptop. Source: http://www.gainesville.com/article/20100724/ARTICLES/7241001/1002?p=1&tc=pg


16. July 24, Bank Info Security – (National) Seven banks closed on July 23. Federal and state banking regulators closed seven banks July 23, raising the number of failed institutions to 113 so far in 2010. The latest closings follow. SouthwestUSA Bank, Las Vegas was closed by the Nevada Financial Institutions Division, and the Federal Deposit Insurance Corporation (FDIC) was appointed receiver. The FDIC arranged for Plaza Bank, Irvine, California to buy the deposits of the failed bank. The estimated cost to the FDIC’s Deposit Insurance Fund (DIF) will be $74.1 million. Sterling Bank, Lantana, Florida was closed by the Florida Office of Financial Regulation, which appointed the FDIC as receiver. The FDIC arranged for IBERIABANK, Lafayette, Louisiana to buy the deposits of the failed bank. The estimated cost to the DIF will be $45.5 million. Crescent Bank and Trust Company, Jasper, Georgia was closed by the Georgia Department of Banking & Finance, which appointed the FDIC as receiver. The FDIC arranged for Renasant Bank, Tupelo, Mississippi to buy the deposits of the failed bank. The estimated cost to the DIF will be $242.4 million. Home Valley Bank, Cave Junction, Oregon was closed by the Oregon Department of Consumer and Business Services, which appointed the FDIC as receiver. The FDIC arranged for South Valley Bank & Trust, Klamath Falls, Oregon, to buy the failed bank. The estimated cost to the DIF is $37.1 million. Thunder Bank, Sylvan Grove, Kansas was closed by the Kansas Office of the State Bank Commissioner, which appointed the FDIC as receiver. The FDIC arranged for The Bennington State Bank, Salinas Kansas to buy the failed bank. The estimated cost to the DIF will be $4.5 million. Williamsburg First National Bank, Kingstree, South Carolina was closed by the Office of the Comptroller of the Currency, which appointed the FDIC as receiver. The FDIC arranged fro First Citizens Bank and Trust Company, Inc. Columbia, South Carolina to buy the failed bank. The estimated cost to the DIF is $8.8 million. Community Security Bank, New Prague, Minnesota was closed by the Minnesota Department of Commerce, which appointed the FDIC as receiver. The FDIC arranged for Roundbank, Waseca, Minnesota to buy the failed bank. The estimated cost to the DIF will be $18.6 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2780


17. July 23, Wall Sreet Journal – (New York) Four executives arrested in bank fraud scheme. Four executives of a privately held Long Island City, New York company were arrested July 23 in an alleged scheme to defraud Amalgamated Bank out of $21 million in loans, said federal prosecutors in Brooklyn. According to a criminal complaint, the men allegedly booked fictitious sales, prematurely recognized sales, and made older accounts receivable appear to have been incurred more recently in order to obtain $21 million in loans for three subsidiaries of GDC Acquisitions LLC. GDC also allegedly purchased Image Lighting Inc. covertly in 2008, contrary to the terms of the loan agreement, according to the complaint. The conspiracy allegedly occurred between January 2007 and June 2010. The suspects have been charged with bank fraud conspiracy. GDC is a holding company that owns a lighting distributor, a lighting maintenance firm, a furniture distributor, and other companies. Source: http://online.wsj.com/article/SB10001424052748703294904575385121894575374.html?mod=googlenews_wsj


18. July 23, Bank Info Security – (National) FDIC: Top 5 fraud threats. The chief of the Federal Deposit Insurance Corporation’s Cyber Fraud and Financial Crimes Section recently released his top five list of fraud threats of concern to the FDIC: 1. Malware and Botnets; 2. Phishing; 3. Data Breaches; 4. Counterfeit Checks; 5. Mortgage Fraud. Malware and Botnets are software agents or robots that take over a user’s computer are often the root causes of commercial payments fraud, i.e. corporate account takeover. Phishing has evolved from badly-written, bogus e-mails to well-crafted assaults via e-mail, telephone and text message. While most data breaches have occurred on the merchant and payments processor sides of the business, financial institutions are still deeply impacted by these losses. Although circulation of fake checks continues to drop, counterfeit check fraud remains prevalent. Mortgage fraud crimes committed against financial institutions, as well as mortgage rescue scams that affect consumers and mortgage holders, continue to plague the financial market. Source: http://www.bankinfosecurity.com/articles.php?art_id=2774


Information Technology


42. July 26, Homeland Security NewsWire – (International) New report: Apple software has the most vulnerabilities. A new report from security software provider Secunia finds that the latest data shows Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities — not to how risky they are or how fast they get patched. The report offers support to the notion that a high market share correlates with a high number of vulnerabilities. Since Mac OS accounts for only a small share of the market, hackers have largely stayed away from it, probably figuring that the potential for obtaining lucrative private information would be less rewarding than the information that could be had by attacking Windows-based system. Source: http://homelandsecuritynewswire.com/new-report-apple-software-has-most-vulnerabilities


43. July 25, Computerworld – (International) Mozilla re-patches Firefox 3.6 to fix plug-in problem. For the second time in two months, Mozilla rushed out a fix for Firefox to patch a problem with a browser update issued just days before. Mozilla shipped Firefox 3.6.8 July 23 to patch a single security problem and deal with what the director of Firefox called “a stability problem that affected some pages with embedded plug-ins.” The company had released Firefox 3.6.7 two days earlier. Mozilla patched one critical security bug in the newest update, according to an advisory also published July 23. “In certain circumstances, properties in the plug-in instance’s parameter array could be freed prematurely, leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory,” the warning read. The bug surfaced in one of the 16 patches that Mozilla applied to Firefox earlier in the week. Details of that vulnerability, and the stability problem that the Firefox director mentioned, were not available to the public as of July 24. Several Firefox users, however, had filed numerous reports to the browser’s support forum of problems with Adobe’s Flash Player plug-in after updating to Firefox 3.6.7. Source: http://www.computerworld.com/s/article/9179638/Mozilla_re_patches_Firefox_3.6_to_fix_plug_in_problem


44. July 23, IDG News Service – (International) Iran was prime target of SCADA worm. Computers in Iran have been hardest hit by a dangerous computer worm that tries to steal information from industrial control systems. According to data compiled by Symantec, nearly 60 percent of all systems infected by the worm are located in Iran. Indonesia and India have also been hard-hit by the malicious software, known as Stuxnet. Looking at the dates on digital signatures generated by the worm, the malicious software may have been in circulation since as long ago as January, said a senior technical director with Symantec Security Response. Stuxnet was discovered last month by VirusBlokAda, a Belarus-based antivirus company that said it found the software on a system belonging to an Iranian customer. The worm seeks out Siemens SCADA (supervisory control and data acquisition) management systems. Siemens would not say how many customers it has in Iran, but the company now says that two German companies have been infected by the virus. A free virus scanner posted by Siemens the week of July 19 has been downloaded 1,500 times, a company spokesman said. Source: http://www.computerworld.com/s/article/9179618/Iran_was_prime_target_of_SCADA_worm?taxonomyId=85


45. July 23, IDG News Service – (International) Researcher finds Safari reveals personal information. A feature in Apple’s Safari browser designed to make it easier to fill out forms could be abused by hackers to harvest personal information, according to a security researcher. Safari’s AutoFill feature is enabled by default and will fill in information such as first and last name, work place, city, state, and e-mail address when it recognizes a form, wrote the CTO for WhiteHat Security on his blog. The information comes from Safari’s local operating system address book. The feature dumps the data into the form even if a person has entered no data on a particular Web site, which opens up an opportunity for a hacker. For some reason, data beginning with numbers will not populate text fields and can not be obtained. “Still, such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it’s not exploit code designed to deliver rootkit payload,” he wrote. “In fact, there is no guarantee this has not already taken place.” He reported the problem to Apple June 17, but he has yet to receive a personalized reply. To avoid this issue, users can simply disable AutoFill Web forms, he wrote. Source: http://www.computerworld.com/s/article/9179580/Researcher_finds_Safari_reveals_personal_information


Communications Sector

46. July 24, WIAT 42 Birmingham – (Alabama) Two men dead in tower collapse. Police and the Federal Occupational Safety and Health Administration are investigating a fatal accident at Fort McClellan in Anniston, Alabama. Two men were killed when the radio communications tower they were working on collapsed. The tower was located on property leased to the Alabama National Guard at Alps Dr. on McClellan. Anniston police said the tower collapsed when a vehicle snapped one of the cables keeping the tower stabilized. Police did not release what kind of vehicle struck the tower, or who was driving it. The tower involved in the incident is part of a system that provides communication to personnel at Pelham Range through the Chemical Stockpile Emergency Preparedness Program (CSEPP). According to a press release from the Alabama National Guard, CSEPP provides funding to Alabama and the counties near Anniston Army Depot, location of a chemical weapons stockpile, to improve emergency response capabilities. A public affairs officer for the Alabama National Guard said the incident in no way will impair emergency response, and several other backup methods of communication are already in place. Source: http://www.cbs42.com/content/localnews/story/Two-men-dead-in-tower-collapse/aLJKBo5UPEyt_rC92CVGUA.cspx


47. July 24, Xinhua News – (International) Seacom says repairs successfully completed. Seacom Inc. announced July 24 that it has successfully restored and tested their submarine cable which has been down since July 5. In a statement, Seacom said with the entire network now fully operational, its technical teams will continue to work closely with customers to reinstate their Seacom traffic to pre-outage configurations while an extensive investigation will take place to determine the exact cause of the outage. The fault had mostly affected home users, as many businesses in the region have no back-up plans for such faults. It was the second major outage the cable has experienced since it went live last year. The outage had not affected traffic within Africa, with most local Web sites still accessible. The cable, finished in 2009, connects South Africa, Tanzania, Kenya, Uganda and Mozambique to Europe and Asia. Source: http://www.tmcnet.com/usubmit/2010/07/24/4918314.htm


48. July 24, The Forum of Fargo-Moorhead – (North Dakota) Thousands hit by CableOne phone, Internet outage. CableOne of Fargo, North Dakota said phone and Internet service in the area was disrupted after a botched equipment update the week of July 19, causing two days of outages affecting thousands of users. New equipment is being sent, and crews had hoped to repair service by July 24 in most instances, the general manager said. The installation of a new computer that is essentially a giant router connecting homes to the wider Internet created the connection failures. The upgrade gone awry was meant to increase the speed of Internet access. Phone service was also affected because it is Internet based. Source: http://www.inforum.com/event/article/id/285837/


49. July 23, Radio & Television Business Report – (Wisconsin) Wisconsin flooding knocks WDJT-TV off air. Flood waters in Wisconsin July 22 and 23 knocked Milwaukee’s CBS affiliate off the air, although a competitor came to the rescue. Weigel Broadcasting’s WDJT-TV (CBS) was one casualty of the flooding in the Milwaukee area. Broadcasting quickly resumed, however, with the station transmitting on a digital multicast channel of Journal Broadcast Group’s WTMJ-TV (NBC).By July 24 Weigel had resumed its own transmission of WDJT, although it had moved temporarily to a digital multicast of its Independent sister station, WBME-TV, licensed to Racine, Wisconsin. In all, Weigel had four Milwaukee stations broadcasting from that transmitter, with “MeTV” on channel 49.1, WMLW (Ind.) on 49.2, “CBS-58” on 49.3 and Telemundo Wisconsin on 49.4. WDJT was back on the air on its own transmitter as Channel 58.1 July 25. Source: http://www.rbr.com/tv-cable/26140.html