Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 31, 2008

Complete DHS Daily Report for December 31, 2008

Daily Report


 The Transportation Security Administration announced Monday the completion of over one million fingerprint-based background checks on truck drivers required to carry a Hazardous Material Endorsement on a commercial driver’s license. (See item 9)

9. December 29, Transportation Security Administration – (National) TSA completes background checks on over 1 million truckers. The Transportation Security Administration (TSA) announced today the completion of over 1 million fingerprint-based background checks on truck drivers required to carry a Hazardous Material Endorsement (HME) on a commercial driver’s license. Since starting operations almost four years ago, the HME Threat Assessment Program has completed a review of 1,015,660 applications and approved more than 1 million. Applicants who initially may not meet the eligibility requirements can take advantage of a robust redress program without losing their HME in the process. Drivers must renew the TSA background assessment at least every five years, although a state may require renewals that are more frequent. Source:

 According to the Associated Press, two state office buildings in Springfield, Illinois, were locked down Monday after a letter addressed to the U.S. President-elect was found to contain a suspicious powder. (See item 15)

15. December 29, Associated Press – (Illinois) Letter to Obama had suspicious powder. Two Springfield office buildings were locked down today after a letter addressed to the U.S. President-elect was found to contain a suspicious powder. The Springfield Fire Department division chief said the powder turned out to be harmless. He said the letter was opened about 3 p.m. at the Willard Ice Building, home to the state Department of Revenue, and then transferred to the Department of Aging. He did not know why the letter was moved. Staff at the Department of Aging called 911, and hazmat teams locked down both buildings for several hours. He said the letter’s return address was in Chicago, where a man suspected of sending it was taken into custody. Chicago police could not confirm Monday evening that a suspect was in custody. Source:


Banking and Finance Sector

5. December 30, Bank Technology News – (International) Banks beef up the locks. It has been more than a year since Bank of America introduced SafePass, the out-of-band authentication process that sends a one-time password via SMS to online banking customers to secure high-risk transactions. Recently following suit was PayPal, which announced its use of VeriSign’s SMS feature late last year. But analysts, vendors, and CIOs alike say that many U.S. banks are now taking another look at their online authentication technology, and increasingly adding layers that involve out-of-band techniques and stronger fraud-detection engines. “There’s definitely a feeling that more is needed,” says an Internet security specialist at BearingPoint on assignment at Lloyds TSB in the United Kingdom. VeriSign, Entrust, and Vasco report a marked increase in banks looking at adding new layers to their authentication front door. Vasco says its customers are looking to move away from second-factor authentication that relies on static information “because they are still experiencing fraud,” says a company business development manager. Given that online fraud is occurring, there is clearly a practical need to install robust security measures, but there is also a psychological need. Consumers continue to cite security as the main reason they do not bank online, and consumer adoption is holding steady at about 35 percent, according to Javelin Strategy & Research. Source:

6. December 30, Digital Transactions News – (International) Fraudsters run one-stop shop online to sell data-stealing code. Online fraudsters are running an online trading post for highly sophisticated code that allows criminals to more easily steal consumers’ log-on credentials, Social Security Numbers, PINs, and other confidential information, according to the latest report from RSA Security Inc.’s Anti-Fraud Command Center. The fraudster Web site, which RSA analysts call a “Web Injection Shop,” sells so-called HTML injections, or bits of code that can allow phishing perpetrators to mimic the look of a financial institution’s Web pages, including pages that ask for log-on credentials. The code also allows fraudsters to add fields to the pages to ask for information the legitimate pages do not ask for. The injections usually accompany Trojans, code that fraudsters install on the computers of unwary users when they visit certain sites or click on unknown e-mail links. While these HTML injections are nothing new, the creation of what RSA calls a “production-scale central repository” for them is. Indeed, the sophistication of the code and of its merchandising online has led the Bedford, Massachusetts-based security firm, part of EMC Corp., to call the trend “fraud as a service,” or FaaS, after the more familiar and legitimate trend toward software as a service (SaaS), in which companies sell solutions for specific online functions. Source:

7. December 29, Jackson Hole Star Tribune – (Wyoming) Regulators cite Wyo bank. Thermopolis-based Bank of Wyoming was issued a cease-and-desist order on Ocotber 17 by the Federal Deposit Insurance Corp. and the Wyoming Division of Banking. The two agencies cooperate in regulating 26 state-chartered banks in Wyoming. The order was issued after the agencies “determined that they had reason to believe that the bank had engaged in unsafe or unsound banking practices.” The bank consented to the order without admitting or denying the allegations, which include that it had been operating with inadequate management supervision; inadequate capital and loan valuation reserve; a large volume of poor-quality loans; unsatisfactory lending and collection policies, and inadequate provisions for liquidity. The order also alleges that the bank did not comply with federal regulations regarding real estate lending and property appraisals. It mandates a number of corrective actions, including retaining qualified management, reviewing officer and employee compensation, and forming a management committee to address each of the concerns outlined in the order. Source:

8. December 29, Sacramento Business Journal – (California) FDIC issues tough order against Community Bank of San Joaquin. The Federal Deposit Insurance Corp. on Monday issued a cease-and-desist order on Community Bank of San Joaquin, one of the strongest sanctions against a financial institution. The Stockton-based bank has consented to the charges of unsafe banking leveled by federal regulators and the California Department of Financial Institutions, according to the release by the FDIC. The bank has agreed to retain qualified management at senior levels in the bank. The bank has suffered losses and subsequently is operating with less than satisfactory capital. It was also found to have inadequate loan reserves and operate with a large volume of poor quality loans, according to the FDIC. The bank’s board of directors has been ordered to take a more active role in the management of the bank. The bank will have to provide a management plan in the next month. The bank is further ordered to charge off from its books loans that have been classified as losses and half of the loans classified as “doubtful.” Source:

Information Technology

29. December 30, Register – (International) Google Calendar phishing scam surfaces. Fraudsters are using Google’s Calendar service as a means to develop a new strain of phishing scam. The ruse appears in the guise of a Google Calendar email notification. Would-be marks are told their accounts will be deleted unless they submit their Google username, password, and date of birth. But rather than coming from Google’s “Customer Varifaction” (sic) department, the bogus emails come from fraudsters looking to extract login information. Phishing fraudsters set up a Gmail accounts in order to set up the scam, which is slightly more credible than many because unwary punters are invited to submit information to Google’s Web site. In addition, Google inserts the real name of the recipient in email invitations, further boosting their credibility of the fraudulent approach. On the other hand, the fact that scam emails appear to come from an address in the form (where XXXX is a four digit number) exposes the dodgy provenance of the emails. Source:

Communications Sector

30. December 30, Reliable Plant News Wires – (Wisconsin) Standard provides guide for RFID item management. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have revised a standard that addresses RFID for item management. The standard, which revises the 2004 version of

the document, also provides examples of conceptual architectures that often use these air interfaces. Parameter definitions for communications protocols within a common framework for internationally useable frequencies for RFID are included, as well as reference information regarding relevant patents. The standard also lists reference addresses in respect of regulations under which ISO/IEC 18000 operates. Source: