Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 18, 2008

Complete DHS Daily Report for November 18, 2008

Daily Report


 According to the Associated Press, a former executive of an Iowa kosher slaughterhouse was arrested Friday on a bank fraud charge related to the depositing of checks from customers and the alleged diversion of money. The slaughterhouse owes St. Louis-based First Bank at least $33 million. (See item 11)

See item 11 in Details below.

 KIMA 29 Yakima reports that an airport in Pasco, Washington, has been on Orange Alert all weekend. (See item 15)

15. November 16, KIMA 29 Yakima – (Washington) Pasco airport on “Orange Alert.” The airport has been on orange alert all weekend, one step below the highest warning, the red alert. According to the Transportation Security Administration (TSA) website, the national threat level was yellow Sunday. TSA officials would not comment on why they stepped up the level. Passengers told KIMA 29 News it took them longer to get through airport security over the weekend. The “vehicle inspections in progress” signs were posted at the airport, but KIMA 29 news staffers did not see anyone checking cars. TSA officials did not return calls. Source:


Banking and Finance Sector

11. November 15, Associated Press – (Iowa) Former CEO of Iowa kosher slaughterhouse arrested. A former executive of a kosher slaughterhouse that was the site of one of the nation’s largest immigration raids was arrested Friday on a bank fraud charge and ordered jailed until at least next week. The man was arrested at his home in Postville, Iowa, and driven to Cedar Rapids for his appearance in U.S. District Court. The arrest Friday was related to the depositing of checks from customers and the alleged diversion of money. Court records said that under a loan agreement with St. Louis-based First Bank, the man was supposed to deposit customer payments into an account at Decorah Bank & Trust as collateral on a loan. Records show that he instead diverted millions of dollars in customer payments into an Agriprocessors account at a different bank. The payments would then not be posted on the customers’ Agriprocessors accounts until later. That resulted in the inflation of the value of accounts receivable in Agriprocessors’ books, allowing the company to borrow additional funds from the bank without proper collateral. He also is accused of telling an Agriprocessors employee to erase evidence of the scheme from company computers. Two weeks ago, Agriprocessors filed for bankruptcy protection as it faced allegations of making inaccurate and misleading statements to First Bank. The slaughterhouse owes First Bank at least $33 million. Source:

Information Technology

32. November 15, PC World – (International) PDF malware hits Acrobat Reader flaw. PC Tools is reporting an increase in PDF-based malware, some of which can evade antivirus software. According to a PC Tools blog posting, the security vendor’s user community is seeing a slew of rigged PDF files attacking various buffer overflow vulnerabilities in the Adobe Acrobat Reader software. The PDF malware attacks target the newest publicly known Adobe Acrobat Reader vulnerability. Adobe issued a patch last week. On some occasions users are duped into downloading malicious files that appear to be Microsoft software updates. More often, users appear to be downloading silent malicious installers. Two of the downloaded, packed files behave in a way that evades antivirus file scanning. The PC Tools blog posting says: “A chunk of the standard download and execute shellcode that we are currently seeing pulls a file from hxxp://ascoprguide. net/lel / load.php?xpl=pdf, renames it as c:\\U.exe, and runs it on the victim’s system. This “U.exe” then runs and installs other adware and spyware related components.” Source:

33. November 14, PC World – (International) Wireless networking hacked! Should you worry? The latest 802.11 wireless hack was announced in a paper entitled “Practical Attacks Against WEP and WPA.” The current attack, which recovers what is known as the keystream and not the “secret key,” results in the attacker being able to send seven (some sources say 15, but the paper’s authors say seven) unauthorized, one-way network packets to the client every 12-15 minutes; it can also decrypt a single Address Resolution Protocol (ARP) packet. Because they only have one way communication, what an attacker could do is very limited. Essentially the malicious attacker would also have to have previous knowledge of unpatched, vulnerable software running on the victim, or access to a previously unknown zero-day exploit that would work on software running on the victim, either of which must be able to be accomplished using seven one-way Universal Datagram Protocol (UDP) packets. Most big, important attacks were the result of smaller, incremental discoveries made along the way. Even this attack builds upon the successful techniques of others. Microsoft’s senior security consultant based in the U.K said, “The thing is, just like with WEP, the first attacks took too long and required too much data. Now you can get a WEP key in under a minute. One has to ask how long it will be before subsequent attacks allow discovery of more keystream to reveal actual data for eavesdropping.” Source:

Communications Sector

Nothing to report