Thursday, September 9, 2010

Complete DHS Daily Report for September 9, 2010

Daily Report

Top Stories

•The FBI was trying to determine whether a passenger staged a bomb hoax that prompted a search of a Thai Airways jetliner after it landed at Los Angeles International Airport September 7, according to the Associated Press.(See item 16)

16. September 8, Associated Press – (California) FBI investigating bomb hoax on LA-bound plane. The FBI September 8 was trying to determine whether a passenger staged a bomb hoax that prompted a search of a Thai Airways jetliner at Los Angeles International Airport. “The working theory at this point” is that a passenger aboard Flight 794 scrawled the bomb threat on a restroom mirror, but no arrest was made and the investigation continues, an FBI spokeswoman said. There was no indication that a crew member was involved, she added. The plane, carrying 171 passengers and 18 crew members, was heading from Bangkok to Los Angeles when the threat was discovered. The Thai Airways president told the Associated Press that the message — written in English with bad grammar — warned that a bomb was on the plane. The Airbus A340-500 landed safely just before 9 p.m. September 7 and was taken to a remote area of the airport, where FBI investigators interviewed the passengers, searched the plane, and determined the threat was a hoax. Source:

•Japanese experts fear an enzyme that turns bacteria into superbugs resistant to antibiotics may be able to affect poisonous bacteria such as salmonella, United Press International reports. One person in Belgium died after contracting NMD-1, while other people in the United States, Britain, and Japan have been sickened.(See item 32)

32. September 7, United Press International – (International) New ‘superbug’ may endanger global health. Japanese experts say they fear an enzyme that turns bacteria into superbugs resistant to antibiotics may be able to similarly affect poisonous bacteria. A case of NMD-1, resistant to virtually all antibiotics, was found in its first Japanese victim Monday, Tokyo’s Yomiuri Shimbun reported. The feverish patient, a man in his 50s, was found to have E. coli affected by the NDM-1 enzyme. He was discharged after being treated, Yomiuri Shimbun reported. Medical experts fear poisonous bacteria such as salmonella and dysentery bacillus may become superbugs resistant to antibiotics, the newspaper said. Since the superbug was discovered in India, it has spread to Britain and the United States through patients who had surgeries in India. The first death directly attributed to NDM-1 was reported last month in Belgium, the newspaper said. Source:


Banking and Finance Sector

13. September 8, Reuters – (National) Flash crash report — plunge still a mystery: sources. Regulators probing the stock market “flash crash” last May still have not uncovered a single cause but will point to “stub quotes” and other previously identified issues as having exacerbated the market’s dramatic drop, according to two sources familiar with the probe. A third source said the U.S. Securities and Exchange Commission is still asking about a “smoking gun” that might explain the May 6 crash, when the Dow Jones industrial average plunged some 700 points before sharply recovering, all in about 20 minutes. “Quote stuffing,” in which large numbers of rapid-fire stock orders are placed and canceled almost immediately, will not be fingered as one of the causes of the crash, sources have said. But the SEC is increasingly probing market data from other trading days, looking for possible problems with what are sometimes excessive numbers of buy and sell orders, said the third source. Regulators are soon due to issue a follow-up report on the crash. So far, the report by market regulators does not contain a lot of new information and is expected to repeat earlier findings that a number of events caused the crash, two sources said. Source:

14. September 7, Los Angeles Times – (California) FBI increases reward for information about ‘Geezer Bandit’. Absence has increased the FBI’s desire to arrest the bank robber known as the “Geezer Bandit” who is accused of 11 holdups in San Diego and Riverside counties. The Geezer Bandit has not hit a bank since June 24 — the longest hiatus since he began his spree a year ago. In response, the FBI has increased the reward for information to $20,000, up from $16,000. His nickname comes from his appearance: Tellers judged him to be between 60 and 70 years old. In some cases he’s had a small oxygen tank over his shoulder, attached to a plastic nose-inhaler. Source:

15. September 4, Columbus Dispatch – (Ohio) Couple accused of $25M stock swindle. A Gahanna, Ohio man with a criminal past and his wife were in court September 3, accused of stealing at least $25million from 50 people in a stock-investment scheme. FBI agents arrested the pair at their home at 1018 Grey-thorne Place. A federal grand jury indicted them September 2 on fraud and money-laundering charges. The main suspect is charged with 47 counts; his wife, 43. The U.S. Securities and Exchange Commission sued the couple in 2008 in federal court in Columbus in connection with the same alleged scheme, which court records say began in 2003. That case is ongoing. A number of clients also are suing the couple. Through their companies, the suspects offered loans to clients who put up publicly traded stock they owned as collateral. The pair promised to hold the stock for the life of the loan and return it when the loan was paid off. Instead, according to the indictment, they sold the shares and used the money. The companies’ clients came from Hong Kong, Sweden and across the United States. Source:

Information Technology

40. September 8, The Register – (International) Safari and Firefox updates plug critical holes. September 7 marked a busy day for alternative browser security updates with patches from both Apple and Mozilla. An update to Apple’s Safari browser resolves three vulnerabilities for Windows and two for OS X. One of the flaws is particular to Windows while the other two involve Safari’s WebKit engine and affect both Mac and Windows versions of the browser. All three of the vulnerabilities potentiality allow malicious code injection onto unpatched systems and therefore should be treated as high-priority, critical patches. Users are advised to update to Safari 5.0.2 and Safari 4.1.2 to guard against drive-by download attacks made possible by the flaws, as explained in an advisory from Apple. Mozilla also released an updated version of Firefox on on September 7. Firefox version 3.6.9 resolves 14 vulnerabilities, 10 of which are critical. Firefox shares a common codebase with Mozilla’s Thunderbird email client and the SeaMonkey application suite, so both these packages also need updating to Thunderbird 3.1.3 and SeaMonkey 2.0.7, respectively. Source:

41. September 8, TrendLabs Malware Blog – (International) Uncovered Spyeye C and C server targets Polish users. SpyEye is a malware family comprising information/data stealers like ZeuS/ZBOT. This malware is sometimes known as a “ZeuS killer,” as it stops ZeuS malware from running on affected systems, assuming that the latter is already present. This topic was discussed before in the blog post, “Keeping an Eye on the EYEBOT and a Possible Bot War.” TrendLabs was able to further investigate a command-and-control (C&C) server of a SpyEye botnet, most of whose zombies were located in Poland. This is somewhat unusual, as bot herders prefer to target Western countries like the United States, the United Kingdom, Germany, Italy, Spain, and France. This particular SpyEye C&C server is located in the Ukraine. TrendLabs was able to access different Control Panel tabs on this SpyEye server. TrendLabs found that several credentials have been stolen. These credentials come from banks, social networking sites, and career/job-hunting sites. The server was not particularly secure. In fact, the bot herder who used this particular server left several open folders as well as readable configuration files. TrendLabs also gathered 400MB of stolen data from this particular C&C server. After having infected users with SpyEye malware, the bot master is now pushing a new TDSS variant detected as TROJ_TDSS.VAD. This links SpyEye to one of the major families known to be part of the pay-per-install business. Source:

42. September 8, IDG News Service – (International) Symantec: Most hacking victims blame themselves. Just under two-thirds of all Internet users have been hit by some sort of cybercrime, and while most of them are angry about it, a surprisingly large percentage feel guilt too, according to a survey commissioned by Symantec. In a cybercrime survey of just over 7,000 Internet users in 14 countries, researchers found that 65 percent of Internet users worldwide have already been victims. In the U.S., it’s 73 percent, but things are worse in China (83 percent), Brazil (76 percent) and India (also 76 percent). Those results stood out to a Norton Internet Safety Advocate who tracks this type of data for a living. “What we were really surprised by was, first of all, how common it was that people are being victimized by cybercrime,” she said. Another surprise: how victims react to being hacked. “People do feel angry, but we also found that people feel pretty guilty,” she said. “54 percent said they should have been more careful, when they responded to online scams.” A slightly higher percentage — 58 percent — said they felt angry. When it came to identity theft victims, 12 percent said that the incident was entirely their fault, Symantec found. Source:

43. September 7, DarkReading – (International) September month of bugs under way. The Month of Bugs disclosure model is back, this time mostly detailing some already-known vulnerabilities, and with some zero-day bugs sprinkled into the mix. Research firm Abysssec is featuring a different bug each day in September, including bugs in Microsoft, Adobe, Mozilla, Novell, and HP software. The CTO says the researchers will post in-depth analyses of software bugs. The goal is to provide researchers with more information about the vulnerabilities, he says. And the researchers will include “critical” zero-day flaw disclosures on some Web and enterprise applications, he says. “And as a note for those advisories which can ‘put customers at risk,’ we will [notify] vendors, but we won’t wait six months for vendor response, for sure,” he says. The zero-days will include proofs-of-concept and exploits for Microsoft Excel, Internet Explorer, Microsoft codecs, Cpanel, and other software, according to Abysssec’s blog. The September 7 vulnerability is a Novell NetWare parsing buffer-overflow flaw. Source:

44. September 7, Computerworld – (International) Spammers exploit second Facebook bug in a week. On September 7, Facebook said it has fixed the bug that allowed a spamming worm to automatically post messages to users’ walls earlier this week. The flaw was the second in the past week that let spammers flood the service with messages promoting scams. Recently, Facebook quashed a different bug in its photo upload service that let a spammer post thousands of unwanted wall messages. The newest worm was noticed Monday by researchers at a pair of antivirus vendors, Finland-based F-Secure and U.K.-based Sophos. “A clever spammer has discovered a Facebook vulnerability that allows for auto-replicating links,” said an F-secure security researcher. “Until now, typical Facebook spam has required the use of some social engineering to spread.” Clicking on the link to the bogus application automatically added the app to users’ profiles, then automatically reposted a status message with a new link to friends’ walls, said a prominent researcher at Sophos. Source:

45. September 6, TrendLabs Malware Blog – (International) Cybercriminals hone in on critical systems. In the 2010 threat forecast, “The Future of Threats and Threat Technologies,” Trend Micro researchers mentioned that new attack vectors will arise for virtual/cloud environments. To add to this, critical infrastructures such as a SCADA network will become another serious potential target for cybercriminals. When Trend Micro thinks about SCADA networks or large virtual systems, it is easy to think that these will only be targeted by attackers with espionage in mind whether to take over a factory’s software for hacktivism or to infiltrate a rival’s cloud infrastructure. Unfortunately, a far simpler and more lucrative reason for attacking these targets is to simply blackmail the target organizations and businesses. As bandwidth has increased and the use of content delivery services such as Akamai has become more widespread, network-saturating DDoS attacks have become more difficult, although far from impossible, to carry out. Trend Micro believes that attackers are becoming increasingly innovative in their attacks and that every organization is a potential target. The risks malware pose are now growing from “simple” financial theft to more sophisticated, targeted attacks. Source:

Communications Sector

46. September 8, Satellite Today – (International) ESA’s GOCE recovers from computer glitch. The European Space Agency’s (ESA) Gravity field and steady-state Ocean Circulation Explorer (GOCE) satellite has recovered from a late July computer glitch and has resumed collecting data, the agency announced September 7. The $444 million GOCE satellite resumed normal operations after engineers raised the spacecraft’s temperature by about 7 degrees Celsius, ESA officials said. The anomaly, which ESA attributed to a communications link between processor and telemetry modules in a backup unit, put GOCE out of commission for almost two months while engineers worked on software patches to restore the satellite’s capacity. In February, a primary computer chip on the spacecraft failed, forcing GOCE’s engineers to switch the satellite over to its backup computer. ESA said the two incidents are not related. GOCE, manufactured by Astrium and launched in March 2009, aims to monitor variations in Earth’s gravity caused by ocean trenches, mountains and differences in density to predict how these changes could affect global warming. Source:

47. September 8, – (Tennessee; Virginia) Verizon Wireless service coming back in East Tenn. Cell phone service in some areas of Tennessee is starting to gradually come back. A Verizon Wireless representative says their tracking system does not report a full recovery of service, but crews are working to fix the network outage. Verizon customers across Northeast Tennessee have no cell phone service. Verizon’s Customer Services said, yes, they have a major network outage in Northeast and parts of Middle Tennessee. Dispatchers in Washington County, Tennessee, Sullivan County, Greene County, Unicoi County, Carter County, Hamblen County, and even Washington County, Virginia say they have no Verizon cell service. Greene County has alerted their Emergency Management director. Dispatchers say they have not received many emergency calls, and they now believe the service outage could be to blame. Verizon customers can still call 911, because phones should go into emergency roaming mode. Source:

48. September 8, Homeland Security NewsWire – (International) New method predicts communication-disrupting solar activity. Major solar eruptions (coronal mass ejections) normally take several days to reach the Earth, but the largest recorded in 1859 took just 18 hours. Solar flares — which can also cause significant disruption to communications systems — take just a few minutes. So advance warning is of vital importance to enable steps to be taken to avoid the worst effects of solar activity. Up to now, solar weather prediction has been done manually, with experts looking at 2D satellite images of the sun and assessing the likelihood of future activity. The team from Bradford University’s Center for Visual Computing, though, has created the first online automated prediction system, using 3D images generated from the joint NASA/ESA Solar and Heliospheric Observatory satellite (SOHO). Already in use by both NASA and the European Space Agency (ESA), the Bradford Automated Solar Activity Prediction system (ASAP) identifies and classifies sun spots and then feeds this information through a model that can predict the likelihood of solar flares. The system is able accurately to predict a solar flare six hours in advance and the team is working to achieve a similar accuracy for the prediction of major solar eruptions in the near future. The ASAP model is based on historical data, which was analyzed to identify patterns in the sun’s activity. Qahwaji is now applying for more funding to further improve the system and ensure it can be adapted to work with the latest sun-monitoring satellites. Source:

49. September 7, Omaha World-Herald – (National) FCC to finalize rules. The U.S. Federal Communications Commission says it plans to finalize rules for the use of wireless Internet devices on unused TV airwaves, an initiative that has been touted by Google Inc., Microsoft Corp. and other technology companies. The FCC said that usage of so-called white-spaces spectrum is on its agenda for the commission’s next open meeting September 23. While the use of white-spaces spectrum was approved by the FCC in 2008, the initiative has since bogged down as proponents and critics argued over the best way to use vacated airwaves without interfering with other signals. Use of the vacated white spaces became possible thanks to the transition to digital TV transmissions. Google has made a concerted effort to lobby for the use of the white spaces, which could provide stronger wireless-Internet access than what is currently available through Wi-Fi connections. Microsoft, which also lobbied the FCC aggressively for use of the white spaces, has established an experimental, white-spaces network at its Redmond, Washington, campus, which was visited by FCC officials in April. According to a study commissioned by Microsoft last year, white-spaces spectrum could generate between $3.9 billion and $7.3 billion in value annually over 15 years — thanks to the increased use of consumer electronics and other factors. Source:

50. September 7, – (Tennessee) Repairs continue at WKSR. WKSR-AM and WKSR-FM of Pulaski, Tennessee, continue to recover from lightning damage to the studios and transmitters in August. A staff engineer has been working daily to replace parts that were damaged or destroyed in a severe thunderstorm that passed through Giles County in Mid-August. Replacement parts continue to arrive daily to replace the estimated $70,000 in damage the storm did. Within the next month, the station should sound better than it has in quite some time. New audio switchers will be installed. A new upgrade to the WKSR transmitter will clear up problems that have affected the WKSR listening area for the past few years. And a new Operating System and Phone System with state of the art technology will also be added. Source:

51. September 7, Shelbyville Times-Gazette – (Tennessee) Hunters’ shots caused extensive Charter outage. Errant shots by dove hunters near Wartrace knocked out Charter Communications services September 6 in Bedford County, Tennessee, cable officials and a Bedford County Sheriff’s Department report say. The company says most of the damage was repaired by midnight September 6, and promises that crews will work into September 8 on “a more permanent repair,” but the Times-Gazette has heard from a number of customers who were still without service on September 7. Charter service technicians checking lines near Wartrace September 7 told a deputy they saw four to five men carrying shotguns in a field off Knob Creek Road. One of the technicians said after initially not seeing a problem, he realized the line may have been shot. He told Rhodes he returned and discovered the fiber optic cable had been shot in at least two places. Bird feathers were on the cable near the gunshot area, the deputy was told. Approximately 500 feet or more of fiber optic cable will have to be replaced and, combined with number of man hours worked, will cost Charter over $10,000, the representative said. Source:

52. September 7, Arizona Republic – (Arizona) Phone outages plague various state agencies. The phones at various Arizona agencies have been out of commission for a good portion of September 7. Calls to numbers within the Department of Economic Security, Secretary of State’s Office, Department of Education and others are resulting in busy signals, clicking noises or no sound at all. A spokesman for the state Department of Administration said that an initial analysis suggests that the outage is due to problems with Qwest circuits. He said Quest technicians have been dispatched, but as of 4:45 p.m. the cause of the outage was still unknown and there was no estimated repair time. Source: