Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 30, 2008

Complete DHS Daily Report for December 30, 2008

Daily Report


 According to Softpedia, RBS WorldPay announced last week that an unknown and unauthorized party illegally obtained access to its computer systems in November. The personal information of 1.5 million customers may have been compromised, the payment processing service said. (See item 8)

See Item 8 in the Banking and Finance Sector below

 The Los Angeles Times reported Saturday that California officials, in analyzing the results of last month’s Los Angeles-area earthquake preparedness drill, found significant gaps in their earlier plans, prompting a major re-evaluation of how Southern California would fare in a magnitude 7.8 earthquake. (See item 23)

23. December 27, United Press International – (California) Calif. quake drill finds big plan gaps. California needs more emergency workers, better sources of water, and new ways of restoring electricity to cope with a major earthquake, officials say. In analyzing the results of the biggest-ever Los Angeles-area preparedness drill held last month, state and city officials found significant gaps in their earlier plans, prompting a major re-evaluation of how southern California would fare in a magnitude 7.8 earthquake, the Los Angeles Times reported Saturday. Experts predict 1,600 fires would be ignited, damaging an estimated 200 million square feet of property and killing 900 people, half of the expected 1,800 total earthquake deaths. More local emergency workers would be needed than previously thought because firefighters from other communities would be busy with their own emergencies, while personnel from Northern California would be blocked by damaged roads, the Times said. Water supply issues would be crucial, officials project, with many fires growing out of control as water stopped coming out of firefighters’ hoses. Planners say they need to identify alternative water sources, such as backyard swimming pools or storm drains collecting runoff from broken pipes, the newspaper reported. Source:


Banking and Finance Sector

7. December 28, CBS News – (National) Online lending clubs challenge bank. Despite the Federal Reserve having slashed the benchmark interest rate to zero percent, the frozen credit market is not showing many signs of thawing yet. So more consumers are turning to each other, reports a CBS News correspondent. Online person to person loans could total almost $6 billion dollars by 2010. “Lending Club is a social lending network, which is an alternative to the banks,” says the CEO. “It is a way for people who have the money to loan to people who need the money.” As major financial institutions stumble or fail completely, online lending sites like Lending Club are on the rise. Since 2005, the amount of their outstanding person-to-person loans has virtually doubled every year, the CEO reports, swelling from $118 million in 2005 to $1.5 billion in 2008. Source:

8. December 28, Softpedia (National) RBS WorldPay data leak affects 1.5 million cardholders. RBS WorldPay, a popular payment processing service, has announced that an unknown and unauthorized party has illegally obtained access to its computer systems. The personal information of 1.5 million customers, as well as the Social Security numbers of 1.1 million, may have been compromised, according to the company. RBS WorldPay is a business operated by the Royal Bank of Scotland Group, and is based in Atlanta, Georgia. It offers payment processing solutions that cover credit, debit, Electronic Bank Transfers, gift cards, customer loyalty cards, checks, ATM, and tailored solutions for retail, restaurant, petroleum, convenience stores, grocery, hospitality, transport, and cardholders not present in these sectors. According to WorldPay, the security breach incident occurred on November 10, and the company immediately alerted the authorities, who started an investigation. In addition, security experts and firms were commissioned to determine how the systems were penetrated and to implement stronger protection. The incident affected its pre-paid card issuing business in particular, the company notes in a press release dating December 23. As a result, approximately 100 re-loadable payroll cards have been deactivated under the suspicion of already being fraudulently accessed, while all the PIN-enabled cards have had their PIN reset in order to prevent any future misuse. Source:

9. December 28, Reuters (National) Group of investors close to buying IndyMac. A consortium of private equity and hedge fund firms, including J.C. Flowers & Co, is close to a deal to buy the assets of failed mortgage lender IndyMac, a source familiar with the matter said on Sunday. The prospective buyers also include Dune Capital Management, a private investment firm run by former Goldman Sachs executives, and hedge fund Paulson & Co, the source said. The consortium would buy the bank and its 33 branches, IndyMac’s reverse-mortgage unit, and a $176 billion loan-servicing portfolio, the source said. The presence of private equity and hedge fund firms comes after the FDIC said last month it was expanding the pool of qualified bidders to include those institutions that do not currently have a bank charter, although they must have conditional approval for a charter from the responsible agency. Source:

Information Technology

25. December 27, Best Syndication News – (International) Scammers use Microsoft and IRS Web sites to install viruses on computers. Microsoft has been playing a cat and mouse game with computer viruses and malware. Recently, criminals have been installing phony security applications that claim a user has viruses and then takes the user to their Web site demanding money to get rid of them. One report states that these companies are able to make $5 million a year by charging $40 or $50 to get rid of nonexistent viruses. Microsoft has been fighting back. A recent update of their Malicious Software Removal Tool was able to remove “Antivirus 2009” from almost 400,000 PCs. The Antivirus 2009 installs itself on a computer when the user visits a Web site. The bogus security application then begins to annoy users with pop ups and warnings. There is a new technique for luring unsuspecting users into installing viruses on their systems. Criminals will use a combination of Search Engine Optimization techniques and common redirects that can be found on and the Web sites. Source:

Communications Sector

26. December 29, WSBT 22 South Bend – (Michigan; Midwest) Michigan outages cause Internet, cell failures across Midwest. A Michigan power outage in Bloomfield, Michigan, led to spotty phone and Internet access across the Midwest. One AT&T user, who claimed to have spoken to AT&T customer service, reported that they were told the outage was across seven states, including Indiana and Illinois, as well as Wisconsin and the Dakotas. All told, there were 413,000 customers without power across Michigan, the Associated Press said. Some of those customers are expected to be without power until Thursday as crews from neighboring Indiana and Ohio join utility workers from three other states to help Michigan restore power. Source:

27. December 28, Ars Technica – (National) FCC okays DTV “Analog Nightlight” rules. On December 24, the Federal Communications Commission (FCC) proposed rules that would let some full-power TV stations continue streaming a bare-bones analog signal for 30 days after the DTV transition. The “Analog Nightlight” program will allow those stations to keep their analog broadcast going “for the limited purpose of providing public safety and digital transition information,” the FCC says. Meanwhile, a key member of the U.S. House of Representatives is warning Congress that it may need to rush more money to the government’s analog converter set top box program. Source: