Thursday, November 17, 2011

Complete DHS Daily Report for November 17, 2011

Daily Report

Top Stories

• The cybersecurity of the North American power grid is “in a state of near chaos" and its industrial control systems can be easily infiltrated with inexpensive smart phone software, according to a new Pike Research report. – Ottawa Citizen (See item 5)

5. November 15, Ottawa Citizen – (International) Cyber-security of power grid in ‘near chaos,’ report says. The cybersecurity of the North American power grid is “in a state of near chaos,” according to report by Pike Research, a consulting group monitoring the industry’s transition to wireless digital technologies, the Ottawa Citizen reported November 15. The group's white paper revealed a $60 smart phone application can bypass security measures and allow direct communications between the phone and some industrial control systems (ICS) that regulate breakers, relays, feeders, and the flow of electricity. As the industry evolves from largely isolated systems to a grid built around interoperable, digital technologies, security jitters are rising. Many ICS have lifespans of 30 years, and mitigation and compensation measures to help them mesh with the newer technologies are creating additional weak links and vulnerabilities. The installation of "smart meters" to improve electricity distribution efficiency is also a potential gateway for attacks. In a rush to install a patchwork of fixes to address potential cybersecurity gaps and with some utilities investing in compliance minimums rather than full security, ”the attackers clearly have the upper hand,” said the report. Source:

• Facebook users were bombarded with explicit and violent images in a malware campaign, the social networking site confirmed November 15. – Computerworld See item 37 below in the Information Technology Sector


Banking and Finance Sector

15. November 15, Everett Herald – (Washington) Suspect arrested in alleged ATM skimming at south Everett bank. Police in Everett, Washington, arrested a man suspected of stealing $185,000 in ATM skimming operations in three states, the Everett Herald reported November 15. The latest case involved stealing bank card information from more than 70 people in south Everett. Everett police are working on the case alongside the U.S. Secret Service Electronic Crimes Task Force, and Chase Bank investigators, a police sergeant said. Police believe the man attached a skimming device to an automated teller machine at the Silver Lake branch of Chase on 19th Avenue SE. The device captured account numbers and other information off of bank cards. The man was arrested November 13, when he came to the bank to collect the skimming device, the sergeant said. Investigators believe the man has skimmed more than 900 bank cards. He had been under surveillance for some time, the sergeant said. Chase officials were able to shut down many of the accounts affected before money could be taken from them. Source:

16. November 14, Bloomberg – (National) Deutsche Bank, Citi pay to settle Credit Union claims. Deutsche Bank AG and Citigroup Inc. agreed to pay $165.5 million to resolve U.S. regulatory claims over sales of mortgage-backed securities to credit unions that later failed, the National Credit Union Administration (NCUA) said November 14. The agreements are aimed at reducing losses stemming from the collapses of five federally insured credit unions. Deutsche Bank, Germany's biggest lender, will pay $145 million, and New York-based Citigroup reached a $20.5 million settlement. Neither bank admitted fault, the Alexandria, Virginia-based regulator said. The NCUA, which has filed four lawsuits alleging violations in the sale of mortgage-backed securities, said it is the first regulator to recover losses on behalf of failed firms. The payments from Deutsche Bank and Citigroup will be used to reduce assessments levied on credit unions to cover losses from the collapsed credit unions, the agency said. Source:

Information Technology

35. November 15, threatpost – (International) Android malware, up 472 percent, seeing fastest growth ever. As Android market share has shot up in recent months, so has the volume of malware designed for the mobile platform. There has been a 472 percent increase in Android malware samples in the last 3 months alone, according to research from Juniper Networks. While September saw a 28 percent jump in malware samples, the numbers for the months of October and November are trending upwards and might translate into the fastest growth of Android malware the platform has ever seen. October’s numbers saw a 110 percent increase over September, a 171 percent increase from what was collected up to July 2011, the company said on its Global Threat Center blog. Juniper’s research found the bulk of Android malware is behaving one of two ways: 55 percent was disguised as spyware while 44 percent hijacked phones and utilized a SMS trojan to send expensive messages without the user’s knowledge. Source:

36. November 15, threatpost – (International) Apple fixes man-in-the-middle bug in iTunes. Apple issued a fix for a flaw in iTunes that could enable an attacker to perform man-in-the-middle attacks against users. The vulnerability is fixed in iTunes 10.5.1. The bug in iTunes relates to the way the application communicates with the iTunes server when it is checking for updates to the software. The problem was such that an attacker who had a man-in-the-middle position on a user's network could potentially give the user a fraudulent or malicious app that looks like iTunes. Source:

37. November 15, Computerworld – (International) Facebook confirms nasty porn storm. Facebook users were bombarded with explicit and violent images in the latest malware campaign aimed at the social networking site, a security researcher said November 15. The company confirmed the attack and said it "dramatically limited the damage" and was on the trail of those responsible. "For the last 24 hours, many people have reported seeing highly-offensive images on their Facebook news feeds," said a senior technology consultant at antivirus vendor Sophos. He speculated the attack may have been based on "clickjacking", a type of attack where hackers plant invisible "buttons" on a Web site page that are activated when users click on the overlaying page component. The researcher said it was possible previous-planted malware conducted the Facebook spam campaign. Later November 15, Facebook filled in some blanks. "We experienced a coordinated spam attack that exploited a browser vulnerability," a Facebook spokeswoman said. "Our efforts have drastically limited the damage ... and we are ... investigating to identify those responsible." The Facebook spokeswoman said the attack was based on a "self-XSS vulnerability in the browser," but did not identify which browser(s) contained the bug. While XSS stands for "cross-site scripting," the Facebook description reads more like clickjacking, the term coined by researchers in 2008 to describe a variant of cross-site scripting. "Users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content," Facebook said. Earlier in the day, researchers pointed to a specific piece of malware that may have been responsible. According to security vendor BitDefender, the hacker collective Anonymous crafted a Facebook worm, codenamed "Fawkes Virus" last July, and pledged to use it to celebrate Guy Fawkes Day, November 5, a promise that was unfulfilled. Source:

For another story, see item 5 above in Top Stories

Communications Sector

See items 5 above in Top Stories and 35 and 37 in the Information Technology Sector

No comments: