Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, January 8, 2009

Complete DHS Daily Report for January 8, 2009

Daily Report

Headlines

 According to Coast Guard News, the Coast Guard command center in Juneau, Alaska, received an anonymous phone call Wednesday morning in which the caller threatened to detonate fuel tanks at the Petro Marine fuel facility in Ketchikan. (See item 1)

1. January 7, Coast Guard News – (Alaska) Coast Guard responds to threat against Ketchikan fuel facility. The Seventeenth Coast Guard District Command Center located in Juneau, Alaska, received an anonymous phone call Wednesday morning in which the caller threatened to detonate fuel tanks at the Petro Marine fuel facility in Ketchikan. In response, Coast Guard Sector Juneau has raised the Maritime Security (MARSEC) Level in the Port of Ketchikan from Level 1 to Level 2. The MARSEC level in all other Southeast Alaskan ports remains at Level 1. MARSEC Level 2 is set in response to a specific threat and mandates a heightened security posture for the Coast Guard and marine industry personnel. Additionally, Coast Guard Sector Juneau has established a safety zone to redirect vessel traffic away from the potential blast zone. Mariners must stay at least 500 yards from the Petro Marine facility. Coast Guard

Station Ketchikan is enforcing the safety zone. Coast Guard Sector Juneau is working closely with Ketchikan Port Authority partners including the Alaska State Troopers, the Ketchikan Police Department, and the Transportation Security Agency to mount a coordinated joint response to the threat. Source: http://coastguardnews.com/coast-guard-responds-to-threat-against-ketchikan-fuel-facility/2009/01/07/

 KING 5 Seattle reports that an alarming letter was sent to nearly a dozen Seattle bars threatening to kill people with ricin. (See item 32)

32. January 6, KING 5 Seattle – (Washington) Letter threatens Capitol Hill bar patrons. An alarming letter was sent to nearly a dozen Seattle bars threatening to kill people with ricin. Seattle Police says it is taking the threat seriously and is working with the Federal Bureau of Investigation (FBI) to investigate. Officers have collected all 11 letters sent to the bars. “It had a typed label on the front of it, it was taped to the front, no return address on it or anything,” said a bartender. He got the letter Tuesday, in which the author writes: “I have in my possession approximately 67 grams of ricin.” The letter goes on to say people will die in “11 locations in the Capitol Hill vicinity. Each location will have at least five targets.” The content of the letter, which appears to target gay-friendly bars, is spreading quickly on Capitol Hill. KING 5 News has learned that the joint terrorism task force has not been called in at this point to investigate the ricin threats because at this point authorities consider this simply a threat and there is no indication actual ricin is involved. Source: http://www.nwcn.com/statenews/washington/stories/NW_010609WAB_ricin_letter_KC.470ebef9.html

Details

Banking and Finance Sector


9. January 7, MarketWatch – (National) PennyMac funds buys mortgage portfolio from FDIC. Private National Mortgage Acceptance Co. (PennyMac), a company formed to buy troubled mortgages, said Wednesday that funds managed by its affiliates bought $558 million of home loans from the FDIC. The loans were formerly assets of First National Bank of Nevada, which the FDIC closed earlier this year when it became the firm’s receiver. PennyMac said it bought the loans on behalf of private investors and plans to work out the loans with borrowers. “PennyMac’s objective is to maximize value by working with borrowers to maintain ownership of their homes and reduce foreclosures,” the firm said in a press release. Source: http://www.marketwatch.com/news/story/PennyMac-funds-buys-mortgage-portfolio/story.aspx?guid={31EFCB88-8D03-4A4B-A4DB-3E1485824BBF}


10. January 6, Reuters – (National) Fed and other agencies to join U.S. fraud task force. The U.S. government is beefing up a task force to fight mortgage crimes and safeguard federal financial bailouts, the U.S. Justice Department said on January 6. The Federal Reserve, the internal watchdog of the new federal financial rescue program, and four other agencies will join the presidential Corporate Fraud Task Force, which was established in 2002. The move comes amid calls by some lawmakers and other critics for a more aggressive federal crackdown on allegations of financial wrongdoing that have sent Wall Street reeling. Critics have called for a special task force to handle many cases now being handled by regional offices. They have also urged stricter supervision of the Troubled Asset Relief Program (TARP) which is in charge of handing out $700 billion to shore up financial and other institutions. “The new member agencies represent a continuing focus by the task force to crack down on mortgage fraud, particularly with regard to ongoing investigations into securitization fraud,” the Justice Department said. In addition to the Fed, other new agencies on the task force include the Federal Housing Finance Agency, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Department of Housing and Urban Development, and the TARP’s special inspector general. They will join senior officials from the FBI, U.S. Attorneys offices, the Securities and Exchange Commission, and several other agencies. Source: http://uk.reuters.com/article/gc06/idUKTRE5057D220090106


11. January 6, NonProfit Times – (National) States push to encrypt donor/client info. The CEO and founder of the Foundation for Positively Kids (FPK) in Las Vegas deals with confidential information in his program, including donor credit card information. A good portion of that information arrives via email. That system now must be overhauled to accommodate a new Nevada law that requires personal information transmissions to be encrypted. The Nevada law states that personal information cannot be transferred through electronic transmission outside a secure system unless it is encrypted. The founder of FPK, who is also the Nevada Association of Nonprofit Organization’s (NANO) board chair, said even though the law went into effect October 1, nonprofits leaders have not been talking about it and the topic did not even make NANO’s last newsletter. With the Nevada law in force and with Massachusetts ready to go, other states are expected to soon follow. A bill in the Michigan state senate introduced this past January would require personal information to be encrypted and, in the event of a security breach, credit card companies affected would be able to bring a civil suit against an organization, including any refunds or cost for replacement cards. A state senate bill in Washington State would require organizations using personal information to comply fully with Payment Card Industry regulations. “Nonprofits should be getting ready now,” said the IT director at Earthjustice in Oakland, California. “If your donor management system is a Word document or an Excel spreadsheet – you have a longer way to go.” Source: http://www.nptimes.com/instantfund/09Jan/IF-090106-1.html


12. January 6, Washington Post – (National) Data breaches up almost 50 percent, affecting records of 35.7 million people. Businesses, governments, and educational institutions reported nearly 50 percent more data breaches last year than in 2007, exposing the personal records of at least 35.7 million Americans, according to a nonprofit group that works to prevent identity fraud. Identity Theft Resource Center of San Diego is set to announce January 6 that some 656 breaches were reported in 2008, up from 446 in the previous year. Nearly 37 percent of the breaches occurred at businesses, while schools accounted for roughly 20 percent of the reported incidents. The center also found that the percentage of breaches attributed to data theft from current and former employees more than doubled from 7 percent in 2007 to nearly 16 percent in 2008. “This may be reflective of the economy, or the fact that there are more organized crime rings going after company information using insiders,” said the center’s co-founder. “As companies become more stringent with protecting against hackers, insider theft is becoming more prevalent.” Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/01/05/AR2009010503046.html


Information Technology


30. January 7, IT PRO – (International) Teenage Twitter systems hacker admits guilt. An 18-year old hacker, who managed to breach Twitter’s administration systems and take over multiple high-profile accounts, has admitted his guilt. The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter’s administrative control panel by using an automated password-guesser program on the account of a popular user. It turned out that this user was a Twitter support staff member called “Crystal,” who had chosen the easy-to-guess password “happiness.” He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses. Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal’s account. He was then able to access any other Twitter account by resetting an account holder’s password. He did not use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. A co-founder did say in a follow-up email that Twitter was doing a “full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also restricting access to the support tools for added security.” Source: http://www.itpro.co.uk/609451/teenage-twitter-systems-hacker-admits-guilt

Communications Sector

31. January 7, KSBY 6 Santa Maria – (International) AT&T plans for trans-oceanic cable at Montana de Oro. AT&T is making plans for a fifth trans-oceanic cable at Montana de Oro, California. The goal of the project is to improve communications between the West Coast of the United States, Hawaii, and Asia. The project manager for the AT&T Asia-America Gateway Fiber Optic Cable Project explained, ”Put it down under the sea floor wherever they can. If they hit bedrock, sometimes it’ll lay above, but there’s not that much area that’s like that. And then it gets out past 1,000 fathoms and just lays across the ocean out to Hawaii.” Earlier Tuesday, the California State Lands Commission held two public workshops to talk about the project’s environmental impact. If approved, construction would begin in the next six months and last for about six weeks. Source: http://www.ksby.com/Global/story.asp?S=9629028

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, January 8, 2009

Complete DHS Daily Report for January 8, 2009

Daily Report

Headlines

 According to Coast Guard News, the Coast Guard command center in Juneau, Alaska, received an anonymous phone call Wednesday morning in which the caller threatened to detonate fuel tanks at the Petro Marine fuel facility in Ketchikan. (See item 1)

1. January 7, Coast Guard News – (Alaska) Coast Guard responds to threat against Ketchikan fuel facility. The Seventeenth Coast Guard District Command Center located in Juneau, Alaska, received an anonymous phone call Wednesday morning in which the caller threatened to detonate fuel tanks at the Petro Marine fuel facility in Ketchikan. In response, Coast Guard Sector Juneau has raised the Maritime Security (MARSEC) Level in the Port of Ketchikan from Level 1 to Level 2. The MARSEC level in all other Southeast Alaskan ports remains at Level 1. MARSEC Level 2 is set in response to a specific threat and mandates a heightened security posture for the Coast Guard and marine industry personnel. Additionally, Coast Guard Sector Juneau has established a safety zone to redirect vessel traffic away from the potential blast zone. Mariners must stay at least 500 yards from the Petro Marine facility. Coast Guard

Station Ketchikan is enforcing the safety zone. Coast Guard Sector Juneau is working closely with Ketchikan Port Authority partners including the Alaska State Troopers, the Ketchikan Police Department, and the Transportation Security Agency to mount a coordinated joint response to the threat. Source: http://coastguardnews.com/coast-guard-responds-to-threat-against-ketchikan-fuel-facility/2009/01/07/

 KING 5 Seattle reports that an alarming letter was sent to nearly a dozen Seattle bars threatening to kill people with ricin. (See item 32)

32. January 6, KING 5 Seattle – (Washington) Letter threatens Capitol Hill bar patrons. An alarming letter was sent to nearly a dozen Seattle bars threatening to kill people with ricin. Seattle Police says it is taking the threat seriously and is working with the Federal Bureau of Investigation (FBI) to investigate. Officers have collected all 11 letters sent to the bars. “It had a typed label on the front of it, it was taped to the front, no return address on it or anything,” said a bartender. He got the letter Tuesday, in which the author writes: “I have in my possession approximately 67 grams of ricin.” The letter goes on to say people will die in “11 locations in the Capitol Hill vicinity. Each location will have at least five targets.” The content of the letter, which appears to target gay-friendly bars, is spreading quickly on Capitol Hill. KING 5 News has learned that the joint terrorism task force has not been called in at this point to investigate the ricin threats because at this point authorities consider this simply a threat and there is no indication actual ricin is involved. Source: http://www.nwcn.com/statenews/washington/stories/NW_010609WAB_ricin_letter_KC.470ebef9.html

Details

Banking and Finance Sector


9. January 7, MarketWatch – (National) PennyMac funds buys mortgage portfolio from FDIC. Private National Mortgage Acceptance Co. (PennyMac), a company formed to buy troubled mortgages, said Wednesday that funds managed by its affiliates bought $558 million of home loans from the FDIC. The loans were formerly assets of First National Bank of Nevada, which the FDIC closed earlier this year when it became the firm’s receiver. PennyMac said it bought the loans on behalf of private investors and plans to work out the loans with borrowers. “PennyMac’s objective is to maximize value by working with borrowers to maintain ownership of their homes and reduce foreclosures,” the firm said in a press release. Source: http://www.marketwatch.com/news/story/PennyMac-funds-buys-mortgage-portfolio/story.aspx?guid={31EFCB88-8D03-4A4B-A4DB-3E1485824BBF}


10. January 6, Reuters – (National) Fed and other agencies to join U.S. fraud task force. The U.S. government is beefing up a task force to fight mortgage crimes and safeguard federal financial bailouts, the U.S. Justice Department said on January 6. The Federal Reserve, the internal watchdog of the new federal financial rescue program, and four other agencies will join the presidential Corporate Fraud Task Force, which was established in 2002. The move comes amid calls by some lawmakers and other critics for a more aggressive federal crackdown on allegations of financial wrongdoing that have sent Wall Street reeling. Critics have called for a special task force to handle many cases now being handled by regional offices. They have also urged stricter supervision of the Troubled Asset Relief Program (TARP) which is in charge of handing out $700 billion to shore up financial and other institutions. “The new member agencies represent a continuing focus by the task force to crack down on mortgage fraud, particularly with regard to ongoing investigations into securitization fraud,” the Justice Department said. In addition to the Fed, other new agencies on the task force include the Federal Housing Finance Agency, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Department of Housing and Urban Development, and the TARP’s special inspector general. They will join senior officials from the FBI, U.S. Attorneys offices, the Securities and Exchange Commission, and several other agencies. Source: http://uk.reuters.com/article/gc06/idUKTRE5057D220090106


11. January 6, NonProfit Times – (National) States push to encrypt donor/client info. The CEO and founder of the Foundation for Positively Kids (FPK) in Las Vegas deals with confidential information in his program, including donor credit card information. A good portion of that information arrives via email. That system now must be overhauled to accommodate a new Nevada law that requires personal information transmissions to be encrypted. The Nevada law states that personal information cannot be transferred through electronic transmission outside a secure system unless it is encrypted. The founder of FPK, who is also the Nevada Association of Nonprofit Organization’s (NANO) board chair, said even though the law went into effect October 1, nonprofits leaders have not been talking about it and the topic did not even make NANO’s last newsletter. With the Nevada law in force and with Massachusetts ready to go, other states are expected to soon follow. A bill in the Michigan state senate introduced this past January would require personal information to be encrypted and, in the event of a security breach, credit card companies affected would be able to bring a civil suit against an organization, including any refunds or cost for replacement cards. A state senate bill in Washington State would require organizations using personal information to comply fully with Payment Card Industry regulations. “Nonprofits should be getting ready now,” said the IT director at Earthjustice in Oakland, California. “If your donor management system is a Word document or an Excel spreadsheet – you have a longer way to go.” Source: http://www.nptimes.com/instantfund/09Jan/IF-090106-1.html


12. January 6, Washington Post – (National) Data breaches up almost 50 percent, affecting records of 35.7 million people. Businesses, governments, and educational institutions reported nearly 50 percent more data breaches last year than in 2007, exposing the personal records of at least 35.7 million Americans, according to a nonprofit group that works to prevent identity fraud. Identity Theft Resource Center of San Diego is set to announce January 6 that some 656 breaches were reported in 2008, up from 446 in the previous year. Nearly 37 percent of the breaches occurred at businesses, while schools accounted for roughly 20 percent of the reported incidents. The center also found that the percentage of breaches attributed to data theft from current and former employees more than doubled from 7 percent in 2007 to nearly 16 percent in 2008. “This may be reflective of the economy, or the fact that there are more organized crime rings going after company information using insiders,” said the center’s co-founder. “As companies become more stringent with protecting against hackers, insider theft is becoming more prevalent.” Source: http://www.washingtonpost.com/wp-dyn/content/article/2009/01/05/AR2009010503046.html


Information Technology


30. January 7, IT PRO – (International) Teenage Twitter systems hacker admits guilt. An 18-year old hacker, who managed to breach Twitter’s administration systems and take over multiple high-profile accounts, has admitted his guilt. The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter’s administrative control panel by using an automated password-guesser program on the account of a popular user. It turned out that this user was a Twitter support staff member called “Crystal,” who had chosen the easy-to-guess password “happiness.” He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses. Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal’s account. He was then able to access any other Twitter account by resetting an account holder’s password. He did not use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. A co-founder did say in a follow-up email that Twitter was doing a “full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also restricting access to the support tools for added security.” Source: http://www.itpro.co.uk/609451/teenage-twitter-systems-hacker-admits-guilt

Communications Sector

31. January 7, KSBY 6 Santa Maria – (International) AT&T plans for trans-oceanic cable at Montana de Oro. AT&T is making plans for a fifth trans-oceanic cable at Montana de Oro, California. The goal of the project is to improve communications between the West Coast of the United States, Hawaii, and Asia. The project manager for the AT&T Asia-America Gateway Fiber Optic Cable Project explained, ”Put it down under the sea floor wherever they can. If they hit bedrock, sometimes it’ll lay above, but there’s not that much area that’s like that. And then it gets out past 1,000 fathoms and just lays across the ocean out to Hawaii.” Earlier Tuesday, the California State Lands Commission held two public workshops to talk about the project’s environmental impact. If approved, construction would begin in the next six months and last for about six weeks. Source: http://www.ksby.com/Global/story.asp?S=9629028