Department of Homeland Security Daily Open Source Infrastructure Report

Monday, August 2, 2010

Complete DHS Daily Report for August 2, 2010

Daily Report

Top Stories

• WGAL 8 Lancaster reports that a truck hauling about 20,000 pounds of ammonium nitrate overturned July 29 in southern York County, Pennsylvania. About 1,000 pounds spilled onto the roadway.

6. July 29, WGAL 8 Lancaster – (Pennsylvania) Truck carrying ammonium nitrate overturns in York County. A truck hauling ammonium nitrate, a potentially explosive fertilizer, overturned July 29 in southern York County, Pennsylvania. The crash happened at the intersection of Route 74 and Route 372 in Lower Chanceford Township around 7 a.m. Both roads were shut down for hours. The enclosed dump truck was carrying about 20,000 pounds of ammonium nitrate. About 1,000 pounds of that spilled onto the roadway. Fire officials said the spill did not pose a danger and nothing in the area was contaminated. No one was hurt in the crash and hazmat crews eventually cleared the scene. State police are investigating what caused the truck to overturn. Source:

• The Associated Press reports that researchers have uncovered new ways that criminals can spy on Internet users even if they are using secure connections to banks, online retailers, or other sensitive Web sites. The problem lies in the way Web browsers handle Secure Sockets Layer, or SSL, encryption technology.

See item 15 below in the Banking and Finance Sector.


Banking and Finance Sector

14. July 30, New York Times – (National) Citigroup pays $75 million to settle subprime claims. Citigroup agreed July 27 to pay $75 million to settle federal claims that it failed to disclose vast holdings of subprime mortgage investments that were deteriorating during the financial crisis and ultimately crippled the bank. The settlement centers on events in the fall of 2007, when Citigroup’s reported losses started to cascade, eventually prompting the federal government to rescue the bank a year later. The case is the first to focus on whether banks adequately disclosed to their shareholders the increasingly precarious state of their finances during the crisis. It is also the first time the Securities and Exchange Commission has brought charges against high-ranking bank executives over their involvement with subprime mortgage bonds. The commission singled out two Citigroup executives for omitting material information in disclosures to shareholders, according to the complaint. Source:

15. July 30, Associated Press – (International) Cheat an ATM? Spy on secure web traffic? Hackers show how. Researchers have uncovered new ways that criminals can spy on Internet users even if they are using secure connections to banks, online retailers or other sensitive Web sites, as determined hackers can sniff around the edges of encrypted Internet traffic to pick up clues about what their targets are up to. The problem lies in the way Web browsers handle Secure Sockets Layer, or SSL, encryption technology, according to the researchers. Encryption forms a kind of tunnel between a browser and a website’s servers, scrambling data so it is indecipherable to prying eyes. SSL is widely used on sites trafficking in sensitive information, such as credit card numbers, and its presence is shown as a padlock in the browser’s address bar. The approach by the researches was not to break it. They wanted to see instead what they could learn from what are essentially the breadcrumbs from people’s secure Internet surfing that browsers leave behind and that skilled hackers can follow. Their attacks would yield all sorts of information. It could be relatively minor, such as browser settings or the number of Web pages visited. It could be quite substantial, including whether someone is vulnerable to having the “cookies” that store usernames and passwords misappropriated by hackers to log into secure sites. Source:

16. July 29, Reuters – (National) SEC charges brothers with $550 million fraud. The Securities and Exchange Commission charged a billionaire and his brother with fraud for reaping more than $550 million of illicit gains by trading stock in four companies while they were serving as directors. They were accused of concocting a sham web of trusts and subsidiaries in the Isle of Man and the Cayman Islands to conceal over a 13-year period more than $750 million of stock sales in Michaels Stores Inc, Sterling Commerce Inc, Sterling Software Inc and Scottish Annuity & Life Holdings Ltd. The SEC said they also reaped a $31.7 million insider trading gain by making a “massive and bullish” bet in Sterling Software in October 1999 after they, as chairman and vice chairman, decided to sell the company. They would sell Sterling to Computer Associates International Inc in early 2000. Source:

17. July 29, WPRI 12 Providence – (Rhode Island) Credit card phone scam warning. The Central Falls, Rhode Island, Police Department is warning residents about two credit card phone scams where a con artist posing as an agent of a vacation club, promising a free trip, convincing victems that all they have to do is furnish their credit card number and three digit security code. Usually, within hours, $300-$500 will be withdrawn from the victim’s account. People are also being swindled from con-artist posing as agents from the victim’s financial institution. The caller will claim that someone fraudulently used the victim’s credit or debit card and will conveniently offer to correct the problem for them, once again requesting the victim’s credit card number, security code and often times, their expiration date. Because they feel that they have already been victimized, many people are happy to oblige making them easy prey for the swindler. The criminals are described as very convincing. Source:

18. July 28, Reuters – (National) Mortgage brokers to be fingerprinted and registered. Mortgage loan originators will have to be fingerprinted and sign up to a central registry to do business in future, according to final rules issued July 28 by the Federal Reserve and other regulators. The rules are part of the Secure and Fair Enforcement for Mortgage Licensing Act of 2008, also called the S.A.F.E. Act. The S.A.F.E. Act specifies that mortgage brokers who are employees of agency-regulated institutions must register with the Nationwide Mortgage Licensing System and Registry. The final rules take effect on October 1 and it is anticipated that the registry could start accepting registrations as early as January 28, 2011. Industry sources say that thousands of brokers have gone through mandatory education, credit checks and state and federal testing in order to retain the right to handle mortgage origination. Source:

Information Technology

42. July 29, Softpedia – (Nevada) Bugs allowed access to Black Hat streams for free. A Web application security researcher has uncovered several security issues in the Black Hat Uplink portal. The bugs allowed users to view the real-time video streams from the security conference without paying the access fee. Black Hat and its sister conference DEF CON, are widely viewed as the top security events and hacker gatherings in the world. At this Black Hat USA edition, the organizers are providing a portal, where non-participants can view the presentations and keynotes in real time over the Internet. Dubbed the Black Hat Uplink, the system gives paying users access to two separate video streams, as well as post-conference material. Source:

43. July 29, Network World – (International) ‘Unhackable’ Android phone can be hacked. Suspect software cloaked in a wallpaper application has gathered personal information from infected Android phones and sent it to a Web site in China, and researchers from Lookout Mobile Security have found a way to take the Android over completely – including top-of-the-line models hawked by major wireless carriers. In one presentation at Black Hat 2010, Lookout’s CEO said the Jackeey Wallpaper app, which has been downloaded millions of times, can gather a device’s phone number, subscriber identifier, and currently programmed voicemail number. In a separate presentation, researchers said top-of-the-line Android phones used by Sprint and Verizon can be taken over completely by attacking known flaws in the Linux operating system that underpins Android, researchers reported at Black Hat 2010. “It gives you root control, and you can do anything you want to do” with the phone, says a researcher for Lookout Mobile Security. The best way to distribute malware that could exploit the flaw – known as CVE-2009 1185 – is via Android applications that customers might acquire free or buy from the Android Market. Installing the booby-trapped application would give root control of the device. CVE-2009 1185 has been known for more than a year and can be patched, but so far the carriers have not issued patches. The root-control exploit has been successfully carried out in Lookout labs on EVO 4G (Sprint), Droid X (Verizon), and Droid Incredible (Verizon) as well as older models G1 and Hero. But root control is unnecessary in order to carry out the type of attack executed by Jackeey Wallpaper, according to another Lookout researcher. Applications require permissions in order to access features of the phone, and these permissions can be exploited. So, for instance, an application that tells the customer the nearest Chinese restaurant would need access to the phones GPS capabilities. Source:

44. July 28, DarkReading – (International) Panda Security, Defence Intelligence help bring down butterfly botnet author. Spain’s Panda Security and Canada’s Defense Intelligence provided key information to the FBI and international authorities that led to catching 23 year-old, “Iserdo,” the confirmed author of the Butterfly botnet kit. With their partners in the Mariposa Working Group, the two security firms identified Iserdo by analyzing the software behind the Mariposa botnet that compromised millions of systems worldwide. Iserdo was arrested last week in Maribor, Slovenia, and is currently free on bail. Source:

45. July 28, DarkReading – (International) Microsoft, Adobe collaborate to protect against online threats. On July 28, Microsoft announced that it will extend its Microsoft Active Protections Program (MAPP) to include vulnerability information sharing from Adobe Systems Inc. Microsoft also discussed the new policy of coordinated vulnerability disclosure and introduced new tools and guidance that will improve online security for its customers. Shift to Coordinated Vulnerability Disclosure Microsoft announced it would move to a new practice and philosophy of coordinated vulnerability disclosure. Source:

46. July 28, Network World – (National) FBI details worst social networking cyber crime problems. The FBI has in the past two years seen a major uptick in the use social networking accounts such as Facebook and MySpace for cyber crime, and July 28 it detailed that problem to the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. “Regardless of the social networking site, users continue to be fooled online by persons claiming to be somebody else,” an assistant director of the FBI’s Cyber Division told the subcommittee. “The surge in the use of social networking sites over the past two years, has given cyber thieves and child predators new, highly effective avenues to take advantage of unsuspecting users.” Just this month the FBI issued a warning about scammers trying to steal money by posing as a good friend left stranded somewhere in need of quick cash. The Internet Crime Complaint Center (IC3) said it is getting reports of individuals’ e-mail or social networking accounts such as Facebook being compromised and used in a social engineering scam to swindle consumers out of thousands of dollars. Portraying to be the victim, the hacker uses the victim’s account to send a notice to their contacts. Online scams in general continue to be the scourge of the Internet and there seems to be no end to the “imagination” of these criminals, the FBI stated in its annual look at Internet crime, earlier this year. Annual crime complaints reported to the IC3 have increased 667.8% between 2001 and 2009. Source:

For another story, see item 15 above in the Banking and Finance Sector

Communications Sector

47. July 30, Times-Tribune – (Pennsylvania) WVIA transmitter back up Aug. 3. Five months after a fire destroyed WVIA’s transmission facilities in Luzerne County, Pennsylvania, WVIA FM 89.9 returns to full power on July 27, station officials said. The fire began when electricians were working on the building on Penobscot Mountain. Damage was estimated at $2 million. Since then, the station’s signal has been spotty, station officials said. In a press release July 29, officials at WVIA said a new, state of the art, full-power transmitter will be turned on next week, restoring a high-definition radio signal and second channel of NPR programming. Source:

48. July 29, Charleston Daily Mail – (West Virginia) Accident leaves Greenbrier without Internet. A single-vehicle crash in Greenbrier County, West Virginia has caused power and Internet service outages to those in Lewisburg and the media outlets stationed at The Greenbrier resort for The Greenbrier Classic golf tournament, a first-time stop on this year’s PGA Tour. Greenbrier County 911 dispatchers said a vehicle traveling along U.S. 60 crashed into a utility pole about 5:30 p.m. July 29, causing the pole to snap and the lines to fall. No one was injured in the crash, but emergency crews were having a hard time removing the vehicle from the pole and cleaning up the scene. The lines on the pole provide electrical service and Internet and cable services. A spokesman for Suddenlink said July 29 that repair crews could not access the pole to complete repairs until the scene was cleared by emergency officials. He could not say when service would be restored. Source:

49. July 29, Lafayette Journal and Courier – (Illinois; Indiana) WIBN back on the air after April accident. WIBN 98.1FM, or 98 Gold, which was knocked off the air in mid-April when a farmer crashed some equipment into the station’s antenna during corn planting, came back on the air at 8 p.m. July 27. The antenna then collapsed onto the FM transmitter house south of Fowler, Indiana and silenced the signal. The program director said the Oxford-based station had been streaming the programming through its web site. The station, which plays mostly ‘60s, ‘70s and ‘80s music operates at 25,000 watts, reaching just south of Chicago to just north of Indianapolis, and into Illinois. The total cost of the station damage was not available today. In 2003 vandals shot the station’s transmitter and damaged the antenna line cause the station to operate at 50 percent of its normal capacity. Source:

50. July 29, CNET News – (International) Can your mobile calls be intercepted? This tool can tell. A researcher July 29 released software at the Black Hat conference designed to let people test whether their calls on mobile phones can be eavesdropped on. The public availability of the software, dubbed Airprobe, means that anyone with the right hardware can snoop on other peoples’ calls unless the target telecom provider has deployed a patch that was standardized about two years ago by the GSMA, the trade association representing Global System for Mobile Communications (GSM) providers, including AT&T and T-Mobile in the U.S. Most telecom providers have not patched their systems, a cryptography expert said. To test phones for interception capability you need: the Airprobe software and a computer; a programmable radio for the computer, which costs about $1,000; access to cryptographic rainbow tables that provide the codes for cracking GSM crypto; and the Kraken tool for cracking the A5/1 crypto used in GSM. More information about the tool and the privacy issues is on the Security Research Labs Web site. Source:

51. July 27, InformationWeek – (National) FCC, FDA Partner To Advance Telehealth. The Federal Communications Commission (FCC) and the U.S. Food and Drug Administration (FDA) have joined forces to help advance innovation and investment in wireless-enabled telehealth devices, which can improve the quality of a patient’s health and reduce healthcare costs. The FDA and FCC chairman signed a joint statement of principles and memorandum of understanding at the start of a two-day conference, which began July 26, to showcase a broad range of cutting-edge wireless medical devices as well as discuss issues affecting the telehealth industry. The joint statement declared that healthcare providers, patients, and other stakeholders “should have clear regulatory pathways, processes, and standards to bring broadband and wireless-enabled medical devices to market. This includes clarity regarding each agency’s scope of authority with respect to these devices, predictability regarding regulatory pathways, and streamlining the application process, as appropriate, to facilitate innovation while protecting patients.” Source: