Apparently some individuals are trying to retrieve copies of DHS reports that are more than 10 days old. DHS only retains the last 10 days…no more. Please read the header above to learn how to obtain older reports.

Thursday, October 7, 2010

Complete DHS Daily Report for October 7, 2010

Daily Report

Top Stories

According to Global Security Newswire, only 15 percent of emergency medical technicians in a recent survey said they were highly confident of their employer’s ability to deal with the aftermath of a (WMD) strike, EHS Today magazine reported. (Seeitem 38)

38. October 5, Global Security Newswire – (National) EMTs question readiness for WMD strike. Only 15 percent of emergency medical technicians in a recent survey said they were highly confident of their employer’s ability to deal with the aftermath of a weapons of mass destruction (WMD) strike, EHS Today magazine reported. The nationwide survey conducted by Meridian Medical Technologies Inc. found that one quarter of interviewed medical first responders said either their department offered no training in responding to a WMD attack or had reduced the quantity of time spent preparing for such an event. However, 37 percent said they had seen a boost in training time in the last 5 years. Just 42 percent of emergency medical technicians said their agency is given recurring instruction on handling an attack involving terrorists and chemical, biological, radiological, nuclear or explosive weapons. In excess of 25 percent of those surveyed said their medical vehicles were not outfitted with individualized protective gear and the medical countermeasures that would be required following a WMD attack with high casualties. For those ambulances that do have CBRNE medications, 86 percent of responders said there are too few to be used on the public. Source:

DarkReading reports that a Symantec study found that 53 percent of critical infrastructure firms around the globe said they have been hit with a state-sponsored attack aimed at a specific political goal in the past 5 years. See item 42 below in the Information Technology Sector.


Banking and Finance Sector

12. October 6, Washington Post – (National) Pelosi, lawmakers call for federal probe on mortgage lenders. The speaker of the U.S. House of Representatives called on the Justice Department to investigate the nation’s largest mortgage lenders October 5, and Maryland joined a growing list of states seeking to halt foreclosures while they probe claims of fraudulent filings. In a letter to the U.S. Attorney General, the Speaker and dozens of other Democrats accused the nation’s biggest banks of making it difficult for struggling borrowers to get foreclosure relief while the firms routinely evicted them with flawed court papers. The group said that recent reports of lenders initiating hundreds of thousands of questionable foreclosures “amplify our concerns that systemic problems exist.” The request from Democrats puts pressure on the U.S. President’s administration to get more involved on a matter that it so far has said little about publicly. The move is also likely to stoke cries for a broad moratorium on foreclosures across the country. On October 5, the AFL-CIO joined other consumer groups that have called for such an action. Foreclosures across the nation could grind to a halt anyway as more states freeze the process. Real estate analysts, however, warned that the moratoriums could overwhelm the court system and wreak havoc on the fragile housing market by scaring away potential buyers of foreclosed properties. Source:

13. October 6, Bloomberg – (International) Kerviel says he feels ‘crushed’ by $6.8 billion SocGen verdict. A French judge held a former trader solely responsible for trading losses amounting to $6.8 billion, saying he deceived Societe Generale SA in amassing 50 billion euros in futures positions. The judge found him guilty on all three counts: breach of trust, forging documents and computer hacking. The former trader will remain free pending appeal. Meanwhile, he said he’ll continue working as a computer consultant, a profession he got into after being fired from France’s second-largest bank in 2008. The trading loss, announced January 24, 2008, prompted Societe Generale’s then-chief executive officer to describe the former trader as a “terrorist.” The court rejected defense arguments that his superiors knew of his actions and that the bank’s decision to unwind the bets over 3 days of falling markets caused the loss. The ruling came days after a federal court in Manhattan, New York dismissed a U.S. investor lawsuit over the loss. The court said it lacked jurisdiction because the plaintiffs’ shares in the bank were bought abroad, in line with a June ruling by the U.S. Supreme Court. The plaintiffs’ claims the Paris-based bank knew more about the former trader than it disclosed also “do not give rise to the inference” of knowledge, the U.S. court ruled. Source:

14. October 5, DarkReading – (International) ‘Man In the mobile’ attacks highlight weaknesses in out-of-band authentication. Recent attacks that use the increasingly popular Zeus Trojan are demonstrating that widely used methods of out-of-band authentication might be flawed, experts said. New attack techniques dubbed “Man in the Mobile” (MitMo) are allowing black hats to leverage malware placed on mobile devices to get around password verification systems that send codes via SMS text messages to users’ phones for confirmation of identity. “In a transaction verification system, the customer receives a text message with the transaction details and a code to enter back into the Web site — only if the transaction details match the real transaction,” explained the CEO of Trusteer. “Transaction verification was considered a good solution to protect against [MitMo] attacks, where malware attempts to submit a transaction on behalf of the victim. The expansion of Zeus’ capabilities to carry out MitMo attacks is yet another step in the cat-and-mouse game that banking security professionals continue to play with hackers to ensure users are who they say they are. Banks need to find ways to educate users and help them secure their channels of authentication, the CEO said. Source:

15. October 5, Georgia Tech College of Computing – (International) Georgia Tech researchers design system to trace call paths across multiple networks. Phishing scams are making the leap from e-mail to the world’s voice systems, and a team of researchers at the Georgia Tech College of Computing in Atlanta has found a way to tag fraudulent calls with a digital “fingerprint” that will help separate legitimate calls from phone scams. Voice phishing (or “vishing”) has become much more prevalent with the advent of cellular and voice IP (VoIP) networks, which enable criminals to route calls through multiple networks to avoid detection, and to fake caller ID information. However, each network through which a call is routed leaves its own imprint on the call itself, and individual phones have their own unique signatures, as well. Funded in part by the National Science Foundation, the Georgia Tech team created a system called “PinDr0p” that can analyze and assemble those call artifacts to create a fingerprint — the first step in determining “call provenance,” a term the researchers coined. The work, described in the paper, “PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance,” was presented at the Association for Computing Machinery’s Conference on Computers and Communications Security, October 5 in Chicago, Illinois. Source:

For another story, see item 42 below in the Information Technology Sector.

Information Technology

41. October 6, Krebs on Security – (International) FCC may confront ISPs on Bot, Malware scourge. The Federal Communications Commissions (FCC) may soon kickstart a number of new initiatives to encourage Internet service providers (ISPs) to clean up bot-infected PCs and malicious Web sites on their networks, KrebsOnSecurity has learned. Earlier this year, the FCC requested public comment on its “Cybersecurity Roadmap,” an ambitious plan to identify dangerous vulnerabilities in the Internet infrastructure, as well as threats to consumers, businesses and governments slated for release in January 2011. The associate bureau chief of the FCC’s Public Safety & Homeland Security Bureau said there are several things the commission can do to create incentives for ISPs to act more vigorously to protect residential users from infections by bot programs. Source:

42. October 6, DarkReading – (International) More than half of critical infrastructure firms have been hit by state-sponsored attacks. Politically motivated, state-sponsored attacks are happening regularly: Fifty-three percent of critical infrastructure firms around the globe said they have been hit with an attack aimed at a specific political goal, a new report from Symantec found. A survey of 1,580 energy, banking and finance, healthcare, IT, emergency services, and communications firms worldwide found that these firms have each suffered about 10 such politically motivated, state-sponsored attacks in the past 5 years. Around 60 percent of these attacks worldwide were somewhat to extremely effective, the respondents said, and 74 to 77 percent of the firms in North America said the attacks on them were “effective.” Small businesses suffered the most bruising attacks, according to the report, with an average cost of $850,000 per attack. Worries about these targeted attacks are high of late, with the Stuxnet worm attack that went after factory floor plant systems. Stuxnet serves as a cautionary tale of the potential of these brands of attacks, according to Symantec. The Symantec 2010 Critical Infrastructure Protection Study, which was conducted by Applied Research, found that 48 percent of these firms expect more such attacks in the next year, and 80 percent said these attacks will either remain constant or will increase. Source:

43. October 6, Help Net Security – (International) The rise of crimeware. Nearly 2 billion people today use the Internet and in doing so, expose themselves to an extensive and growing number of malware threats. CA researchers identified more than 400 new families of threats, led by rogue security software, downloaders and backdoors. Trojans were found to be the most prevalent category of new threats, accounting for 73 percent of total threat infections reported around the world. Importantly, 96 percent of Trojans found were components of an emerging underground trend towards organized cybercrime, or “Crimeware-as-a-Service.” The most notable threats and trends of 2010 to-date include: Rogue or fake security software, also known as scareware or Fake AV, the first half of 2010 saw this category of malware continue its dominance. Google became the preferred target for distribution of rogue security software through Blackhat SEO, which manipulates search results to favor links to infected Web sites domains. Some 96 percent of Trojans detected in H1 2010 functions as a component of a larger underground market-based mechanism which CA has termed “Crimeware-as-a-Service.” Research revealed cybercriminals’ growing reliance on using cloud-based Web services and applications to distribute their software. Source:

44. October 6, SC Magazine UK – (International) New versions of Adobe Reader and Acrobat released. Adobe has released updated versions of its Reader and Acrobat products to close 23 vulnerabilities. The updates were due to be released October 12, but were moved forward 1 week due to active exploits targeting a zero-day vulnerability confirmed by Adobe in September. That unpatched flaw, which garnered vulnerability tracking firm Secunia’s most severe rating of “extremely critical,” could be targeted to crash a user’s machine or take complete control of it, according to a previous advisory from Adobe. But 5 days after that disclosure, Adobe revealed another unpatched bug affecting Reader and Acrobat. However, unlike the zero-day, Adobe said it was not aware of any in-the-wild attacks targeting the vulnerability. The next quarterly updates for Adobe Reader and Acrobat are due to be released February 8, 2011. Source:

45. October 6, Help Net Security – (International) Cryptome hacked, founder e-mail account ransacked., the well-known whisteblowing site, was hacked the weekend of October 2 and 3, and all of its content (approximately 7GB of data) was deleted by the hacker who then left a message on the defaced home page. The hacker, who goes by the handle “RuxPin,” has supposedly contacted and said that two other members of the hacking group Kryogeniks were actually responsible for the breach. They supposedly managed to steal the password for one of the e-mail accounts belonging to the site’s founder nearly 1 month ago, when the system that stored the passwords was breached. Having the password for the e-mail account that was listed as the contact address for the site, they simply used it to ask for a reset of the password for Cryptome’s hosting account. The site founder is not worried about rummaging or the deleting of the content, since it is open source and they have backup. What he is really worried about is the fact that, along with the content, the hackers managed to download a repository of e-mail correspondence between him and his sources (some reputed to be WikiLeaks insiders) - who, in theory, can be revealed by tracking the e-mail addresses. Source:

46. October 5, IDG News Service – (International) Mobile malware exploits on the way, experts say. Smartphone exploits are coming, as cybercriminals start to figure out how to make money by hacking mobile devices, two mobile security experts said October 5. While mobile malware is still in its infancy, security vendors have seen a huge uptick in mobile attacks since late last year, said a malware analyst at Kaspersky Lab, a Moscow-based cybersecurity vendor. Kaspersky Lab identified more than 1,550 mobile malware signatures in September. While many people have been predicting mobile malware for a while, “this might actually, finally, be the year,” the malware analyst said during a meeting of the Messaging Anti-Abuse Working Group in Arlington, Virginia. “It’s only a matter of time before we see some really huge malware infections.” Right now, Nokia’s Symbian operating system, popular outside the United States, is the major target for mobile exploits, but Apple’s iPhone and Android phones are likely to be growing targets, added a senior researcher with F-Secure, a Helsinki-based security vendor. In many cases, early attempts at smartphone exploits have lacked complexity. But both analysts predicted that smartphone exploits will become more sophisticated and more common. Source:

For more stories, see items 14 above in the Banking and Finance Sector and 47 below in the Communications Sector

Communications Sector

47. October 6, CNN – (National) Foursquare outage caused by rogue server. Mobile check-in app Foursquare’s October 4 outage happened after staff tried to fix one problem and somehow triggered another. Then another glitch hit October 5 just hours after they were up and running again. “It sucked for everyone [including our team — we all check in everyday, too],” the always irreverent Foursquare staff said in a blog post late October 5. The October 4 glitch was caused when one of the app’s servers was noticed storing too much data. When the support team went to fix it, all of the other servers went down. The blog said Foursquare is working with the company that makes the system that runs their servers. It also said changes are planned in the coming weeks, and that the New York-based start-up will communicate problems to users better in the future. Launched in 2008, Foursquare is a location-based app that lets users “check in” at clubs, restaurants, or most any other place they visit. Checking in alerts that person’s friends to his or her whereabouts. Source:

48. October 5, Kennebec Journal – (Maine) Man charged with sabotaging phone service. A Saco, Maine, man faces felony charges of aggravated criminal mischief after police accused him of intentionally unplugging telephone and Internet connection equipment at his former employer, GWI. The 40-year-old suspect used his employee access badge September 11 to enter GWI’s Jefferson Street facility in Biddeford where he unplugged circuitry, police said. The resulting disruption shut down telephone service to 700 residents and 50 businesses including the Biddeford Police Department. It also disrupted Internet service for about 1,000 customers. An employee of GWI for 8 years, the suspect resigned, then tried to rescind that resignation. The company refused to allow him to take it back and shortly afterward he broke into the facility. Source:

49. October 5, Hinsdale-Clarendon Hills Patch – (Illinois) Phone lines are out in Southeast Hinsdale. Residents in Southeast Hinsdale, Illinois, were without phone service October 5. A construction crew working in the area of County Line Road and 47th Street struck and damaged AT&T telephone utility equipment. As a result, phone service was disrupted for an undetermined number of customers. AT&T said they expect service to be restored by October 8. Source:

50. October 5, – (International) The growing security risk of fiber tapping. Corporate data centers, with their vast stores of business-sensitive information, present a tempting target for criminal groups. But today’s enterprise security systems are so sophisticated that hacking into an enterprise data center is nearly impossible. But what if there were another way to get at this valuable data that circumvented most traditional security software? Welcome to the shady world of fiber tapping, where instead of physically accessing a site or attempting to hack into it, the cyber criminal simply taps the optical fiber leading up to it. Cases of fiber tapping are relatively rare, but with the cost of fiber tapping devices falling and the number of enterprises storing sensitive data in remote datacenters growing in tandem with the rise of cloud computing, many more are likely in the future. Source:

For more stories, see item 41above in the Information Technology Sector