Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 20, 2010

Complete DHS Daily Report for August 20, 2010

Daily Report

Top Stories

• The U.S. government proposed major changes August 19 to the way it works with companies to fight new disease threats such as flu, including reform at the Food and Drug Administration (FDA) and setting up centers to make vaccines quickly, according to Reuters. (See item 41)

41. August 19, Reuters – (National) U.S. tries to fix slow response to outbreaks. The U.S. government proposed major changes August 19 to the way it works with companies to fight new disease threats such as flu, including reform at the Food and Drug Administration (FDA) and setting up centers to make vaccines quickly. The report from the Health and Human Services Department (HHS) said the U.S. ability to respond to new outbreaks is far too slow, and it lays out a plan for helping academic researchers and biotechnology companies develop promising new drugs and vaccines. “At a moment when the greatest danger we face may be a virus we have never seen before ... we don’t have the flexibility to adapt,” the HHS Secretary said at a news briefing. The report suggested providing clearer guidance to industry on what kinds of tests are needed for regulatory approval of new drugs and vaccines — something industry has asked for — and said new teams should be set up at FDA. HHS and the Department of Defense should set up Centers for Innovation in Advanced Development and Manufacturing, it said. Source:

• Associated Press reports that he man who killed himself during a shootout with a suburban Texas police department once worked as a jailer and security guard and even praised the very officers he attacked, according to associates and records.(See item 51)

51. August 18, Associated Press – (Texas) Texas gunman worked security, often praised police. The man who killed himself during a shootout with a suburban Texas police department once worked as a jailer and security guard and even praised the very officers he attacked, according to associates and records. The man died of a self-inflicted gunshot wound to the head, the Collin County Medical Examiner’s office said August 18. The announcement came a day after he towed a trailer loaded with explosives into the parking lot of the McKinney police station and set his pickup truck on fire, presumably to lure officers out of the building and shoot at them. He retreated to a field across a road and fired more than 100 rounds at police headquarters, the McKinney police chief said. The trailer did not ignite. Investigators found an assault rifle, a shotgun, and a handgun on him and later found more weapons in his home. Nobody else was injured in the attack in the suburb, about 30 miles north of Dallas. Police said they do not have a motive. According to the Texas Commission on Law Enforcement Officer Standards and Education, the suspect worked three months in 2001 at a federal prison operated by The GEO Group Inc. in San Antonio, but did not seek a permanent license when his temporary certification expired after a year. Source:


Banking and Finance Sector

13. August 18, Reuters – (New Jersey) SEC charges New Jersey with securities fraud. U.S. regulators said August 18 they charged the state of New Jersey with securities fraud for not disclosing to municipal bond investors it was underfunding its pensions. New Jersey, the first state ever hit with securities fraud charges by the Securities and Exchange Commission (SEC), agreed to settle the case without admitting or denying the findings. The state was not required to pay any civil fines or penalties, but ordered to cease and desist from future violations. New Jersey offered and sold more than $26 billion of municipal bonds in 79 deals between August, 2001 and April, 2007, according to the SEC. The offering documents “created the false impression that the Teachers’ Pension and Annuity Fund (TPAF) and the Public Employees’ Retirement System (PERS) were being adequately funded, masking the fact New Jersey was unable to make contributions to TPAF and PERS without raising taxes, cutting other services or otherwise affecting its budget,” the SEC said. “The state of New Jersey didn’t give its municipal investors a fair shake, withholding and misrepresenting pertinent information about its financial situation,” the director of the SEC’s Division of Enforcement said in a statement. Source:

14. August 18, DarkReading – (International) ITRC Study: Loss of credit card information and merchant data breach cited as priority concerns to consumers. The Identity Theft Resource Center(ITRC) announced August 18 that 87 percent of consumers who have made a purchase or bank transaction online in the past month are concerned about the safety of the personal identifying and financial information they transmit. The findings are part of the ITRC’s 2010 national survey to monitor trends in “Consumer Concerns about Internet Transactions.” The survey queried 500 respondents who had used the Internet for banking or purchasing during the previous 30 days. The ITRC survey found that consumers are increasingly concerned about the security of their personal and financial information when conducting transactions online. Eighty seven percent of respondents expressed significant concern about having their credit card information stolen or having merchants lose personal and financial information in a data breach. Respondents demonstrated a similar high-level of concern over specific security events, including: 81 percent of respondents cited phishing emails as a significant concern; 80 percent of respondents expressed significant concern over having their passwords stolen; 78 percent of respondents indicated they were significantly concerned over having usernames stolen; 77 percent of respondents were concerned about receiving SPAM emails. Source:

15. August 18, Newark Star-Ledger – (New Jersey) ‘Black Stocking Robber’ allegedly held up 8 banks while out on bail. The “Black Stocking Robber,” a serial robber authorities believe held up eight banks In Morris County, New Jersey over the past month, embarked on the stealing spree while he was out on bail. In April, the 28-year-old suspect, of Newark, had been arrested after a 10-day manhunt and charged with robbing a Bank of America in North Arlington. His bail was set at $350,000. But starting June 25, authorities said, the suspect went on to stick up eight more banks in five counties, snatching thousands of dollars in a matter of weeks. He was arrested August 17, hours after robbing a bank in Whippany, authorities said. A 20-year-old accomplice, of Newark, was also caught. After he was caught August 17, the 28-year-old suspect admitted he was the robber suspected in the robberies, which hit banks in a number of towns, including Bloomfield, Paramus, Boonton, Woodbridge, and Whitehouse Station. He used a simple technique, authorities said. Wearing a trademark black stocking over his head, he allegedly brandished a handgun and a plastic bag in each bank and demanded cash. He then left with the money, police said. Source:

16. August 18, Beverly Hills Courier – (California) Beverly Hills beauty salon owner arrested for allegedly running up $300,000 on celebrity credit cards. A Beverly Hills, California beauty salon owner was arrested today on federal fraud charges for allegedly taking credit card information from several celebrity clients and running up nearly $300,000 in fraudulent charges. The 51-year-old suspect, of Beverly Hills, was arrested without incident at her business, Chez Gabriela Studio, by special agents with the U.S. Secret Service, according to the U.S. Attorney’s Office. She faces two counts of access device fraud — a charge that carries a maximum statutory penalty of 25 years in federal prison, prosecutors said. The affidavit in support of the criminal complaint alleges that the suspect ran up about $68,000 in unauthorized charges on a credit card belonging to a famous jewelry designer. Most of the charges were made from Chez Gabriela Studio when the numbers from the credit card were both “skimmed’ electronically and entered manually, according to the affidavit prepared by a Secret Service agent. Source:

17. August 18, WPTY 24 Memphis – (National) ‘Bayou Bandit’ wanted by FBI for bank robberies in Mississippi, Arkansas. The FBI has added a bank robber only known as the “Bayou Bandit” to its wanted list for crimes in several states, including Arkansas and Mississippi. According to FBI officials, the unidentified man is wanted in more than 10 bank robberies in Louisiana, Oklahoma, Arkansas, New Mexico, Arkansas, Mississippi, and some other states. The crimes have been happening since March of 2010. FBI investigators said the “Bayou Bandit” is known to enter banks carrying a bag and a note demanding money. Then, before leaving the bank, the suspect takes back the note and fills his bag with the money. The suspect is described as a white male, 40 to 50 years of age. He is between 5 feet, 10 inches to 6 feet tall. Source:

18. August 18, Macon Sun – (Georgia) Reports of credit card fraud among Robins employees continue to rise. More middle Georgia residents have filed reports of credit card compromises affecting employees of Robins Air Force Base in Warner Robins, Georgia. A total of 40 residents have filed complaints since August 13, said a spokeswoman for the Warner Robins Police Department. At least 11 residents have filed reports of credit card compromises with the Houston County Sheriff’s office since August 13, according to sheriff’s incident logs. The actual scope of the issue is unknown because base officials will not say how many people at Robins have had their credit or debit cards compromised. The known complaints include customers of Bank of America, as well as Robins Federal Credit Union on base, and BB&T Bank and MidSouth Federal Credit Union in Warner Robins. Robins employees have had their checking accounts used to make purchases across the country and even in Australia in the past week. Source:

19. August 18, The New New Internet – (International) Zeus Trojan spreading through zip files. The Zeus Trojan is back again, looking to spread through zip files. Zeus, which is one of the most commonly found pieces of malware, is believed to be one of the most prevalent on the Internet, infected millions of users. Researchers with F-Secure have found a new spam set working to disseminate the Zeus malware through infected zip files. “Just now we’ve been watching a spam run with malicious ZIP files attached to them,” a researcher writes. “Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies.” The malware appears to also download other components from two sites hosting malware in Russia. Source:

Information Technology

52. August 19, Computerworld – (International) 40 Windows apps contain critical bug, says researcher. About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, a security researcher said August 18. The bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs, said the chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit. He did not reveal the names of the vulnerable applications or their makers. Each affected program will have to be patched separately. The security officer first hinted at the widespread bug in a message on Twitter August 18. “The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,” he tweeted, then linked to an advisory published by Acros, a Slovenian security firm. That advisory detailed a vulnerability in iTunes for Windows that hackers could exploit by persuading users to download and open a malformed media file, or by duping them into visiting a malicious Web site, where they would fall prey to a drive-by attack. Apple patched the iTunes for Windows bug last March when it updated the music player to Version 9.1. According to Apple, the bug does not affect Mac machines. Source:

53. August 18, The New New Internet – (International) Facebook recommends spam profiles to users. A feature on Facebook designed to suggest new friends to users is also pushing spam profiles, according to security researchers. Researchers with F-Secure said the “People You May Know” section of Facebook appears to utilize search history in providing options for possible new connections. “I frequently search for spam related keywords, and today, two spam accounts were recommended to me,” a researcher writes. By searching deeper, the researcher was able to find a series of spam accounts created on the same date. Source:

54. August 18, DarkReading – (International) Researcher cracks ReCAPTCHA. A researcher earlier this month demonstrated how he solved Google’s reCAPTCHA program even after recent improvements made to the anti-bot and anti-spam tool by the search engine giant. An independent researcher also released the algorithms he wrote to crack reCAPTCHA. He had published a white paper on the hack prior to presenting his research at Defcon in Las Vegas, and said that Google made several fixes to reCAPTCHA that defeated several of his algorithms before he was scheduled to give his presentation. He then quickly came up with a few additional approaches with his algorithms, and said he was able to beat the updated reCAPTCHA 30 percent of the time. Google, however, thus far has not seen any signs of this being actively used in the wild. A Google spokesperson said the company had strengthened the verification words in the program both before and after the researcher’s paper was published. “We’ve found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we’ve received very positive feedback from customers,” the spokesperson said. “Even so, it’s good to bear in mind that while CAPTCHAs remain a powerful and effective tool for fighting abuse, they are best used in combination with other security technologies.” Source:

55. August 18, The Register – (International) Facebook login page still leaks sensitive info. Facebook’s log-in system continues to spill information that can be helpful to phishers, social engineers and other miscreants attempting to scam the more than 500 million active users of the social networking site. When a legitimate e-mail address is entered along with an incorrect password, the authentication system returns an error that reads: “Please re-enter your password. The password you entered is incorrect. Please try again (make sure your caps lock is off).” When an e-mail address that doesn’t belong to a Facebook user is entered, the response is: “Incorrect Email. The email you entered does not belong to any account.” The difference in the wording makes it possible for anyone to discern whether a given e-mail address is registered on Facebook, even when the corresponding password is unknown. The flaw was flagged by a Register reader who is a security analyst for EMC Corporation’s Critical Incident Response Center who calls it “one of the oldest security malpractices in the book.” The configuration makes it possible to verify the validity of huge numbers of e-mail addresses. It has been in place since last week, when Facebook developers fixed a much more serious bug that allowed attackers to match unknown e-mail addresses with users’ pictures and full names. It worked even for accounts that were configured to be private. It came to light after a researcher published a simple script that could quickly scrape large numbers of names and pictures that corresponded to e-mail addresses. Source:

56. August 18, Help Net Security – (International) Twitter app demonstrates spammers have nothing to worry about. A fun, seemingly innocuous Twitter application created by a Scottish teenager became a good example of how easy is to trick even technologically savvy users into participating in a spam operation. The application — named Twifficiency — ostensibly calculates a user’s Twitter efficiency score using an algorithm that takes into account the number of people who follow the user, of people who the user follows, tweet frequency, and other variables. According to Softpedia, the resulting score doesn’t actually tell you anything significant about your Twitter habit, but seemed to be enough of an incentive to make people curious and willing to try it. But then, their Twitter account started sending out messages: “My Twifficiency score is #%. What’s yours?,” and they were not amused anymore. It turns out that to use the application, one must agree to let it tweet the score from one’s own account. And this condition was not hidden — it is stated clearly on the application page: “Twifficiency will tweet your score on your behalf. Do not use this app if you do not consent to this.” Source:

57. August 17, Softpedia – (International) New ICQ worm infects thousands of users. According to hundreds of reports posted in the past 48 hours on Russian forums and blogs, there’s a new computer worm currently spreading and infecting users on ICQ. It seems that the outbreak started sometime yesterday and manifests itself as a message received from a friend followed by a file transfer request for an 916.5 KB executable called snatch.exe. The rogue messages seem to vary, with “Look ))”, “No, look )))”, “well, a mini game-type )” or “ hello!” being just a few examples. The threat seems to be of Russian origin, which is not unusual since ICQ is the most popular instant messaging (IM) application in the country. According to a report on the VirusInfo forum (in Russian), the new worm is detected as by Russian antivirus vendor Kaspersky Lab. Once executed, the malware takes control over the IM application and sends copies of itself to everyone in the account’s contact list. Source:

Communications Sector

58. August 19, TMCnet – (Texas) Dallas-Fort Worth AT&T, Time Warner customers lose data service due to manhole theft. According to CBS reports, the cause of an outage August 18 for AT&T U-verse and Time Warner customers in the Dallas-Fort Worth, Texas area, was a data line cut due to a fire when welders were working on a manhole cover on a pedestrian walkway. The Texas Department of Transportation claims its crew was replacing a stolen manhole cover when the welding activities ignited an old wood structure located under the utility lines. Reportedly, the flames caught hold, burning or melting a number of fiber optic cables going through the conduit, interrupting data service. Time Warner and AT&T responded by re-routing some of the lines, getting customers back in businesses as quickly as possible. An NBC DFW report highlighted that while most AT&T U-verse customers were back up and running August 18, some in downtown Dallas may experience issues with their phone or broadband services. Source:

59. August 18, Associated Press – (Washington) Single server overwhelmed with Wa. election data. A software glitch confounded election watchers during the “top two” primary, causing the Washington secretary of state’s Web site to crash when results began pouring in. State elections officials said a programming error accidentally sent most of the Web traffic to just one of the state’s six servers at the digital archives in Cheney. While the other five sat essentially idle, the overload slowed and then overwhelmed that single server. The spokesman for the secretary of state said state officials are working with experts from Microsoft to fix the problem before November’s general election. Source:

60. August 18, DarkReading – (International) Ferreting out rogue access points and wireless vulnerabilities. For almost 18 months starting in 2005, attackers used wireless networks at TJX and other retail chains to steal credit card data. The vulnerabilities were not an isolated instance: Subsequent research found that about half of all retail outlets in one shopping center had insecure wireless networks. Today, WiFi security has improved somewhat, but insecurities in installations still remain far too common. Vulnerability assessments of more than two dozen companies found a quarter have rogue wireless access points that were installed by employees, and a third of their wireless networks had misconfigurations that undermined their security, according to wireless security firm AirTight Networks, which conducted the tests. “A rogue AP is a very serious problem if you have it — an unmanaged, unknown device that is circumventing your defenses,” said AirTight’s CEO. “All the layers of defense that you worked so hard to put in can be circumvented by a single device that is communicating in the clear.” Following the breaches at TJX and other retailers, the Payment Card Industry started requiring quarterly scans of wireless networks. It will likely increase the requirement to monthly scans. Firms that use wired-only scans are missing half of the picture, he said. Vulnerability scanning on the wired network could spot wireless routers, but it will not find insecurities in the network. Source:

61. August 18, IDG News Service – (National) Satellite, public safety projects win broadband awards. Four satellite-based broadband providers and emergency responders were among the winners in a new list of broadband grants and loans announced August 18 by two U.S. agencies. The awards, part of the American Recovery and Reinvestment Act (ARRA) of 2009, include more than $307 million in grants to nine projects involving public safety networks, and $100 million to four satellite broadband providers to cover remote areas. The U.S. Department of Agriculture’s Rural Utilities Service (RUS) and the U.S. Department of Commerce’s National Telecommunications and Information Administration announced awards totaling $1.8 billion to 94 projects August 18. The projects cover parts of 37 states. August 18 marked the first time that satellite providers received awards from the ARRA broadband programs. The satellite providers can help reach U.S. residents who live in areas that may be too expensive to serve in other ways, an administrator at the RUS said. Source: