Department of Homeland Security Daily Open Source Infrastructure Report

Friday, September 3, 2010

Complete DHS Daily Report for September 3, 2010

Daily Report

Top Stories

•According to CNN, a well connected to an oil and gas production platform caught fire in the Gulf of Mexico September 2, engulfing it in flames about 100 miles off the coast of Louisiana and forcing 13 people overboard, although none were injured. (See item 2)

2. September 2, CNN – (National) Oil platform fire reported in Gulf of Mexico. A well connected to an oil and gas production platform caught on fire in the Gulf of Mexico September 2, engulfing the vessel in flames about 100 miles off the central coast of Louisiana and forcing 13 people overboard. All 13 people have been accounted for, said a Coast Guard petty officer. They were found floating on a raft, officials said. Mariner Energy, which owns the Vermilion Oil Rig 380, said none of the crew members was hurt in the incident, despite earlier reports of a single injured worker. Also, Mariner indicated that the fire — which was first reported to the Coast Guard by workers on a nearby rig around 9:20 a.m. — was not sparked by an explosion. It started at one of the platform’s seven active wells, the company said, though its cause is under investigation. The company said an initial flyover of the site indicated “no hydrocarbon spill.” However, a Coast Guard petty officer said there is a sheen on the water at the site of the platform, measuring about 100-feet wide and stretching for 1 mile. The fire at the platform is not out yet, but it has been contained, she said. Source:

•Criminals who bilk businesses’ online banking accounts have gotten bolder and greedier in their heists over the past year, which could ultimately result in some $1 billion in losses for U.S. companies in 2010, DarkReading reports.

See item 19 below in the Banking and Finance Sector.


Banking and Finance Sector

16. September 2, Hackensack Record – (New Jersey) Bank robbery spree probed. Federal authorities said that a man who robbed a Capital One Bank in Paramus, New Jersey September 1 may have robbed four other banks in the state. The man was described as a 5-foot-5-inch black male, 150 pounds, and in his 30s or 40s. He walked into the bank about 9:30 a.m. carrying a navy blue book bag. He wore black sunglasses, a green New York Yankees baseball cap, a yellow-and-green checkered shirt and black pants. The robber handed a note to the teller demanding money, the FBI said in a statement. The teller handed over an undisclosed amount of cash, which the man placed into a small, green zippered bag. The robber then pulled a black handgun out of the larger blue bag, pointed it at the teller, threatened her and demanded money from an adjacent drawer, an FBI spokesman said. The teller gave the robber additional money, which he added to the money in his green bag. The man matches the description of the robber from a July 3 holdup at a Capital One Bank in Hasbrouck Heights, as well as a Capital One Bank in Marlboro April 6 and again December 21, 2009, the FBI said. The bank robber is also suspected of holding up a TD Bank in Howell August 6. Source:

17. September 2, San Jose Mercury News – (California) Thief suspected in string of bank robberies strikes Bank of the West in San Jose. A San Jose, California, bank robbery is believed to be the latest heist by a buttoned-down thief identified in nine similar crimes in the last 3 months. The suspect remains at large. Police reported the latest robbery occurred shortly before 4 p.m. September 1 at the Bank of the West. Police said a man in his mid-40s who entered the bank and presented a demand note to the teller while video surveillance rolled. The still-unidentified suspect then fled with an undisclosed amount of cash. In photos from the surveillance camera, the alleged bank robber is wearing a black Nike baseball cap; a white, long-sleeve, buttoned-up shirt; jeans and black shoes. He appears in similar outfits, at times with a tie, in surveillance photos of other reported heists. Police said the man is a suspect in a series of bank robberies throughout the Bay Area and greater Sacramento area, beginning on June 2. Since that time, he is alleged to have hit banks in Mountain View, Redwood City, Los Gatos, Rocklin, Menlo Park, Daly City, Pacifica, Roseville, Auburn and, most recently, San Jose. Source:

18. September 2, Help Net Security – (National) Phishing campaign targets McDonald’s fans. A widespread spam campaign that is promising cash in return for completing a McDonald’s customer satisfaction survey has been uncovered. The e-mails, claiming to be sent by “McDonald’s Survey Department” and with the subject line “McDonald’s Customer Survey” direct recipients to the survey that poses questions on McDonald’s food. Once the survey has been completed, computer users are asked to provide a raft of personal information, including their credit card number and security code, so that they can receive a $90 payment for taking the time to complete the questions. Source:

19. September 1, DarkReading – (National) U.S. businesses could lose up to $1 billion in online banking fraud this year. Criminals who bilk businesses’ online banking accounts have gotten bolder and greedier in their heists over the past year, which could ultimately result in some $1 billion in losses for U.S. companies in 2010. So said the chairman of the Anti-Phishing Working Group and CEO of IronKey: “Trend-wise, we’ve been looking at reports of losses since the beginning of last year at $100,000 per incident, and as we got to the latter of last year, we saw losses in the $400,000 to $500,000 range, and now we’re seeing losses in the [millions range],” he said. “The majority of successful heists in cybercrime seem to be against smaller companies that tend to bank with small to midsized banks or credit unions. These banks don’t have the security expertise that top banks [do] — they have the IT guy, whose also responsible for security,” he said. “And many are outsourcing their banking systems to third parties, so they don’t have a front-line security posture.” A vice president and distinguished analyst at Gartner said $1 billion in losses from ebanking fraud for small to-midsize businesses (SMBs) is possible for this year, but that figure may be more applicable to losses over the past year and a half. It is difficult to put hard numbers on ebanking losses to SMBs and banks, she said. Source:

20. September 1, Krebs on Security – (Virginia) Cyber Thieves steal nearly $1,000,000 from University of Virginia college. Cyber crooks stole nearly $1 million from a satellite campus of The University of Virginia (UVA) last week. The attackers stole the money from The University of Virginia’s College at Wise, a 4-year public liberal arts college located in Wise, Virginia. According to sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal online banking credentials for university accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story. Sources said the FBI is investigating and has possession of the hard drive from the controller’s PC. A spokeswoman at FBI headquarters in Washington, D.C. said that as a matter of policy the FBI does not confirm or deny the existence of investigations. The attack on UVA Wise is the latest in a string of online bank heists targeting businesses, schools, towns and nonprofits. Last week, cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa. Source:

Information Technology

38. September 2, ZDNet – (International) Apple patches 13 iTunes security holes. Apple has shipped a new version of its iTunes media player to fix 13 security flaws that cold be exploited to launch attacks against Windows machines. The patches in the new iTunes 10 covers vulnerabilities in WebKit, the open-source Web browser engine. The WebKit vulnerabilities, already patched in Safari, expose Windows users to remote code execution attacks via maliciously crafted Web sites. The iTunes 10 update is available for Windows 7, Windows Vista and Windows XP SP2 or later. Source:

39. September 2, IDG News Service – (International) Botnet takedown may yield valuable data. Researchers are hoping to get a better insight on botnets after taking down part of Pushdo. An assistant professor of computer science at Ruhr-University in Bochum, Germany said his group is working on an academic paper focused on methods to figure out what type of malicious spamming software is on a computer that sent a particular spam e-mail. He said they found that Pushdo had a special characteristic in that more than half of its command-and-control servers were concentrated within one hosting company. About 15 of Pushdo’s 30 servers were with that one hosting provider, which has now taken those servers offline and shared the data contained within them with the researcher and his team. Their analysis is still ongoing, but they uncovered some 78 GB of plain text e-mail addresses, and found that up to 40 percent of the infected computers were in India. Of the eight hosting providers that had Pushdo’s command-and-control servers, six took action to shut Pushdo down. But two hosting providers based in China did not respond to e-mail requests to turn off Pushdo or even acknowledged that they had received a complaint, the researcher said. Source:

40. September 2, CNET News – (International) Toshiba recalls 41,000 laptops for overheating. The Consumer Product Safety Commission September 2 issued a recall of 41,000 Toshiba laptops after reports of some overheating and even melting. Toshiba posted its own recall of several models of its Satellite T130 laptops on its product support forums the week of August 23. The CPSC said 129 instances of “overheating and deforming the plastic casing area around the AC adapter plug” had been reported. Two of those reports resulted in “minor burn injuries that did not require medical attention” and two in minor property damage. Toshiba said on its Web site that the problem stems from a “faulty DC-In harness,” which can lead to the computer melting where the AC adapter plugs in. The solution is a BIOS update, which the company recommends users of the affected models implement right away. The update is available on Toshiba’s Web site. Source:

41. September 2, TechWorld – (International) Fake antivirus software using ransom threats. Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet’s latest threat report has found. The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own, it accounted for 37.3 percent of all malware threats detected by the company during the month. Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a Web browser to run, claiming they are “infected.” The user is invited to have the infection cleaned by buying the bogus TotalSecurity product. “This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection,” said Fortinet’s threat research head. Source:

42. September 1, ZDNet – (National) Malware hosted on Google Code project site. Malicious hackers are using the Google Code repository to host Trojans horses, backdoors and password stealing keyloggers, according to researchers at Zscaler. The researchers found a malicious project hosted on the free Google Code site with about 50+ malware executables stored in the download section of the project. According to Zscaler, most of the files are executable files along with zipped “.rar” files. The time stamps show the files have been uploaded over the course of the last month. This suggests an attacker is actively using this free service to spread malware. The first malicious file was uploaded June 24, and was still active at the end of August this year, proving that Google is slow to find and remove malicious projects. Source:

Communications Sector

43. September 1, RTTNews – (International) India now wants Google, Skype to set up local servers. India September 1 widened its crackdown on communications firms and said that Google, Skype and other service providers must also set up servers in India to allow security forces to monitor encrypted data. The move comes just 2 days after India gave BlackBerry smart phones maker Research In Motion Ltd. (RIM) a 60-day extension to fulfill the government’s demand to open encrypted Blackberry services for scrutiny. The chief bureaucrat in India’s Home Ministry said “all people who operate communication services in India will have to install servers in the country” to aid in monitoring encrypted data. The Indian government is expected to send notices to Google, Skype and corporate virtual privacy networks for “lawful access” by the security agencies to Internet data. India is seeking access to Google’s Gmail e-mail service, which uses powerful encryption technology, and Luxembourg-based Skype’s Internet telephony services. The government is also targeting Virtual Private Networks or VPNs used by corporate employees working remotely. Source:

44. September 1, Staten Island Advance – (New York) Some Time Warner Cable customers lose service following Dongan Hills accident. Some Time Warner Cable customers lost their signal September 1 after a New York Department of Transportation (DOT) truck reportedly knocked down some power lines in the Dongan Hills neighborhood of Staten Island, New York. The vice president of Time Warner Cable, New York City Region, said some customers lost their cable access after the DOT truck hit a pole at Hylan Boulevard and Jefferson Avenue. She said those power outages likely knocked out television/cable and Internet service since many of them run on the same poles. Several Islanders who reside in the South Beach-Grasmere-Arrochar communities called the Advance shortly after 10 p.m. to report trouble with their service. Time Warner Cable crews are investigating. However, the vice president noted she could not give a time when the cable would be restored since Con Edison crews would have to restore the power lines before repairs could be made. Source: