Monday, November 29, 2010

Complete DHS Daily Report for November 29, 2010

Daily Report

Top Stories

· A package containing ―GE 68,‖ a radioactive material, has disappeared in transit, according to WGN-TV 9 Chicago. The package was shipped by FedEx from Fargo, North Dakota, to Knoxville, Tennessee. When the package was opened, the GE 68 was missing. The Nuclear Regulatory Commission has notified public safety agencies. (See item 13)

13. November 26, WGN-TV 9 Chicago – (National) Fedex package with radioactive material missing. A package containing radioactive material has disappeared in transit. The package, containing material known as ―GE 68‖ was shipped, by FedEx, from Fargo, North Dakota to Knoxville, Tennessee. But when it was opened the GE 68 was missing. A spokesperson from Federal Express told WGN that there should not be any threat to public safety, as long as the package is not tampered with. The Nuclear Regulatory Commission (NRC) has notified public safety agencies. Among those agencies notified of the incident by the NRC include the CDC, the FBI, the EPA, and the Department of Homeland Security. Source:,0,3949749.story

· According to a report by the Associated Press, the Saginaw Water Treatment Plant in Michigan discharged 10 million gallons of untreated or partially treated sewage into the Saginaw River between November 22 and 23. The release happened after a 1.75-inch rainfall that caused 4 retention basins to overflow. (See item 18)

18. November 26, Associated Press – (Michigan) 10M gallons of sewage released into Saginaw River. Facility officials say the Saginaw Water Treatment Plant has discharged 10 million gallons of untreated or partially treated sewage into the Saginaw River. Officials tell the Saginaw News the release happened between the night of November 22 and the morning of November 23 following a 1.75-inch rainfall that caused four retention basins to overflow. Water treatment officials at the mid-Michigan plant say they pretreated the sewage with hypochloride. They also allowed solids to settle before discharging overflow. Officials tested for E. coli at two points along the river. Results are pending. Source:,0,6154850.story


Banking and Finance Sector

8. November 26, Associated Press – (Massachusetts) Boston man sentenced in mortgage fraud scheme. A Boston man has received a jail sentence and been ordered to pay $100,000 restitution for his role in a mortgage fraud scheme. Prosecutors say the 39-year-old mortgage broker was sentenced this week to a year in jail, with all but one month suspended for a probationary period of three years. He pleaded guilty to charges including multiple larceny counts. The attorney general’s office says the man was one of six people involved in the scheme, in which investors interested in buying multifamily homes in the Boston area were lured in with inflated appraisals of 26 distressed properties. The buyers were then left with properties not worth the loans obtained to purchase them. The convicted man’s lawyer did not immediately respond to a call for comment on November 26. Source:

9. November 25, Department of Justice – (Ohio) Ohio woman charged in identity theft and fraudulent credit card scheme. A grand jury returned a two-count indictment charging a 35-year-old woman, who hails from Macedonia, Ohio, with aggravated identity theft and fraud in relation to use of access devices, the United States Attorney for the Northern District of Ohio, announced November 25. The indictment alleges that the suspect used the personal identifiers of 14 real people, including their Social Security numbers and dates of birth, to open 14 credit card accounts with Capital One. The indictment also alleges that suspect then used those fraudulent credit cards to obtain things of value totaling more than $1,000. Source:

10. November 24, Bank Info Security – (National) ATM outage stirs debate. Several financial institutions saw their ATM and online banking channels taken offline over the weekend of the daylight saving time change. The institutions allegedly affected by the outage, including Bank of America, Chase, U.S. Bank, Wells Fargo, Compass, USAA, Suntrust, Chase, Fairwinds Credit Union, American Express, BB&T on the East Coast, and PNC, reportedly blamed the downtime on a computer glitch related to the time-zone change. But a senior analyst at Aite Group LLC who covers banking and payments fraud, says more is likely going on behind the scenes. In fact, she says the outage could have been related to anything from a widespread malware attack to outdated technical infrastructures. ―Infrastructure is certainly a problem with banks,‖ the analyst says. ―They acknowledge it.‖ And given the proprietary nature of most banking institutions’ code, she says it is unlikely that a bug related to the time-zone would simultaneously hit all of these institutions, or at least within the same relative timeframe. ―That just doesn’t seem like a plausible reason for me,‖ she says. ―I think malware if probably the most likely culprit, or some sort of coordinated attack.‖ Source:

Information Technology

30. November 26, The Register – (International) Secunia recovers from DNS redirection hack. Security notification firm Secunia has confirmed that a DNS redirection hack was to blame for the redirection of surfers to a hacker site on November 25. Secunia’s authoritative DNS hosting was redirected for 70 minutes. But because of the way DNS caching works, many surfers were still redirected to a defacement site hours after the Danish firm’s definitive records were straightened out. The attack resulted in a temporary redirection of traffic from all customers of registrar DirectNIC, not just Secunia. The hack was carried out by serial defacer TurkGuvenligi, who has used site-redirection techniques in previous attacks and seems to be motivated by bragging rights or pure mischief rather than anything more malign. In a statement, Secunia was keen to stress that the redirection had no impact on any customer data it held from users of its patch management tools. Source:

31. November 25, The Register – (International) ZeuS variant only infects super-fast PCs. Miscreants behind one variant of the ZeuS Trojan have outfoxed themselves in their attempts to outwit anti-virus analysts by releasing a variant of the malware that only infects high-performance PCs. Security firms use automation and virtualization technologies to cope with the growing volume of malware spewed out by cybercrooks every day. VXers are well aware of this and use virtual machine detection and anti-debugging code in their creations. The tactic is designed to frustrate security researchers and in so doing increase the time it takes to detect, develop, and distribute anti-virus updates. Users of the ZeuS crimeware toolkit are very much involved in this cat and mouse game between security researchers and cybercriminals. But one particular group using the crimeware toolkit released a variant whose anti-debugging efforts are so aggressive it effectively assumes any machine whose CPU is running at lower than 2GHz must be running a debugger. As a result the malware only runs its malicious routines on high-performance machines, remaining inert on lower horsepower boxes. A security analyst at F-secure explains: ―With a CPU below 2GHz the sample acts as if it is being debugged, aborts execution and does not infect the system. I tested the sample on an IBM T42 (1.86 GHz) notebook and the system was slow enough to avoid being infected.‖ Source:

32. November 24, Softpedia – (International) Recent Cutwail spam employs complex text obfuscation techniques. Security researchers from Symantec warn that a new rogue pharmacy spam run uses HTML and CSS techniques to obfuscate text advertisements and avoid detection. Pharma spam has been steadily making a comeback since Spamit, the world’s largest rogue pharmacy affiliate program, closed up shop at the beginning of October. A lot of campaigns seen recently advertise a rogue pharmacy called ―Canadian Health&Care Mall‖ and are being sent by the Cutwail botnet. The latest spam involves emails formatted in HTML, which use CSS floating and color declaractions to deobfuscate what looks like random text and show only the relevant parts to recipients. The resulting message reads: ―Everyone has heard about lower-cost drugs from abroad drugstore. The difficulty is to find the reliable one. «CanadianPharmacy» is an experienced, trusted and fully-licensed Canadian online drugstore.‖ In addition to using text obfuscation in order to evade anti-spam filters, the spammers also try to trick URL blocking systems by linking to a Google cached version of the spam site. The resulting link points to a location to a domain called, which is possibly whitelisted, instead of a rogue one. Source:

33. November 24, Help Net Security – (International) 34% of all malware ever created appeared in 2010. According to PandaLabs, in the first ten months of the year the number of threats created and distributed account for one third of all viruses that exist. These means that 34 percent of all malware ever created has appeared in the last 10 months. The company’s database, which automatically detects, analyzes and classifies 99.4 percent of the threats received, now has 134 million separate files, 60 million of which are malware (viruses, worms, Trojans and other threats). In the year up to October, some 20 million new strains of malware have been created (including new threats and variants of existing families), the same amount as in the whole of 2009. The average number of new threats created every day has risen from 55,000 to 63,000. This would all suggest that the cyber-crime market is currently in rude health, although this is also possibly conditioned by the increasing number of cyber-crooks with limited technical knowledge who are turning their hand to these activities. This also means that although more malicious software is created, its lifespan is shorter: 54 percent of malware samples are active for just 24 hours, as opposed to the lifespan of several months enjoyed by the threats of previous years. They now infect just a few systems and then disappear. Source:

Communications Sector

34. November 25, Charleston Daily Mail – (West Virginia) Metro 911 wants say in outage probe. Kanawha County, West Virginia’s Metro Emergency Operations Center has petitioned to intervene in the state Public Service Commission’s investigation into the way telecommunications providers notify public safety agencies of service outages. The commission opened an investigation following FiberNet’s October 10 statewide service outage. The Kanawha Commission president requested the probe. He has said that no one from FiberNet contacted Metro 911 about either the October 10 statewide outage or a widespread FiberNet outage that occurred on October 25. Metro 911 said it is the largest so-called ―Public Safety Answering Point‖ in the state. In its petition, filed November 23, the agency said it will be a helpful party to the investigation because it is uniquely situated to discuss the needs of a ―Public Safety Answering Point‖ in knowing when the community is experiencing a telephone service outage. Source:

35. November 25, Prescott Daily Courier – (Arizona) Suspect arrested on charges of wire theft. Prescott police recently arrested a man on charges including burglary after he sold copper wire to Yavapai Metal Recycling that he allegedly stole from Qwest. Officers booked the man into the Yavapai County Jail in Camp Verde on charges of burglary and trafficking in stolen property. On October 28, Qwest told police that he misrepresented himself by telling the company that he was subcontracting a work project with Qwest. He allegedly stole about 400 pounds of copper wire from Qwest’s yard at 1445 Masonry Way, Prescott, said a spokesman for the Prescott Police Department. Shortly after the suspect left with the wire, Yavapai Metal Recycling called Qwest to tell them that he sold them copper wire that appeared new and still had Qwest tags. A Qwest representative verified the copper wire as from the Prescott yard and said it was not targeted for recycling. When detectives found the suspect, he allegedly told them he had worked in the telecommunications repair field for 10 years and knew the lingo so he was able to convince Qwest he was authorized to take the copper wire. He also told detectives he stole copper wire from the Qwest yard when no employees were around. Source: