Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, January 14, 2009

Complete DHS Daily Report for January 14, 2009

Daily Report


 Reuters reports that four workers were injured in an explosion and fire at Silver Eagle Refining Inc.’s oil refinery in Woods Cross, Utah, on Monday afternoon. (See item 1)

1. January 13, Reuters – (Utah) Fire extinguished at Utah refinery; 4 hospitalized. A blaze was extinguished early on January 13 after a blast at Silver Eagle Refining Inc.’s 10,500 barrel-per-day refinery in Woods Cross, Utah, and four workers remained hospitalized, a spokesman said. The four were injured in the explosion and fire on the afternoon of January 12 in a light naphtha tank at the oil refinery north of Salt Lake City, said a spokesman for the company. The injured, who are two employees and two contractors, remain hospitalized, he said. The Desert News reported that the South Davis Metro Fire Agency said that the blaze at the Silver Eagle refinery was extinguished very early Tuesday morning after nearly 100 firefighters worked through the night to put it out. Residents within a half-mile of the refinery were evacuated following the explosion at about 5:30 p.m., according to reports late on January 12 by Salt Lake City television and newspaper Web sites. Source:

 According to the Associated Press, one person was killed and four others injured when an Army Black Hawk helicopter on a field training exercise crashed Monday into a field on the campus of Texas A&M University. (See item 20)

20. January 13, Associated Press (Texas) 1 dead, 4 hurt in Black Hawk crash at college. One person was killed and four others injured when an Army Black Hawk helicopter on a field training exercise crashed January 12 into a field on the campus of Texas A&M University. The Army UH-60 helicopter crashed at about 3:30 p.m. near the Corps of Cadets field on the school’s College Station campus, about 100 miles northwest of Houston. No one on the ground and no students were hurt. A crew of four from the Army National Guard and an Army lieutenant assigned to the school’s ROTC unit were the only ones aboard the Black Hawk, a Texas A&M spokesman said. An individual with the College Station Medical Center said two of the crash victims were in critical condition and a third was in stable condition. Another crash victim was at St. Joseph Regional Health Center in Bryan, a spokesman said, but did not immediately know any details. Source:


Banking and Finance Sector

7. January 13, Bloomberg – (International) India’s Enron puts auditors back under scrutiny. The accounting scandal that imperils Satyam Computer Services Ltd., embroiled in India’s biggest corporate fraud investigation, is raising concerns about oversight of international companies that trade in the United States. Seven years after the implosion of Enron Corp. led to the dissolution of accounting firm Arthur Andersen, the Satyam case has put PricewaterhouseCoopers LLP and the U.S. regulator that oversees auditors in the spotlight. Hyderabad-based Satyam’s former chairman was arrested last week after saying that he falsified accounts that went undetected for years. Satyam, India’s fourth-largest software exporter, is one of 14 Indian companies with a combined value of $63 billion that trade on U.S. exchanges, according to Bloomberg data. The Public Company Accounting Oversight Board (PCAOB), which oversees auditors of U.S.-traded companies, last year examined the Indian arm of PricewaterhouseCoopers, Satyam’s auditor since 2000. “There are gaping holes in the inspection process,” said an accounting professor at Ohio State University in Columbus and a former member of a PCAOB advisory group. “As an investor, I cannot rely on the inspections.” Price Waterhouse in India says it complied with the country’s accounting standards and will cooperate with regulators investigating Satyam. Source:

8. January 13, – (National) Bernanke: More bank bailouts needed. The Federal Reserve chairman said on January 12 that the U.S. President-elect’s proposed fiscal stimulus package could help the economy, but he added that additional bailouts of financial institutions may also be needed to bring about a sustained economic recovery. The chairman said in his prepared remarks that the nearly $800 billion plan being discussed by the incoming Administration and the newly elected Congress “could provide a significant boost to economic activity.” He did not comment on or endorse any specifics of the nearly $800 billion plan. But the chairman cautioned that it is “unlikely to promote a lasting recovery unless they are accompanied by strong measures to further stabilize and strengthen the financial system.” The Federal Reserve chairman also said that “removing troubled assets from institutions’ balance sheets, as was initially proposed for the U.S. financial rescue plan,” might also be needed to supplement any further investments in banks. Source:

9. January 13, Baltimore Business Journal – (National) FDIC: Banks must disclose how TARP funds are used. The Federal Deposit Insurance Corporation (FDIC) says banks receiving money from the Troubled Assets Relief Program (TARP) or taking other capital injections must show how the funds are being used. Under TARP, the Treasury is buying up to $250 billion in preferred stock issued by U.S. banks. The program was designed to stabilize the ailing financial system and to encourage banks to increase lending. As of late December, the government had invested $187 billion in U.S. banks. All of the nation’s largest banks took TARP money, and many regional and local banks have accepted or applied for the funding. Source:

10. January 13, Cape Cod Times – (Maine) Banks warn of fraudulent robocalls. Across the region January 12, fraudulent automated phone calls asked recipients for credit card numbers and other account information, claiming to be from Cape Cod Cooperative Bank and Cape Cod Five Cents Savings Bank. The calls went out to customers and non-customers alike; one was received at the main switchboard of Cape Cod Cooperative, the bank president and chief executive said. Bank officials warn that they do not call customers to ask for credit card numbers, account numbers, and other information of that type. “We are just reinforcing that the bank would never call a customer and request that kind of information,” said an executive vice president for Cape Cod Five. Source:

Information Technology

24. January 12, Global IP Telecommunications – (International) Disk encryption driver hole exposes encryption key. Global IP Telecommunications announced Monday that they have published research describing a new attack on disk encryption software that reveals the entire key when an encrypted volume is being mounted. The attack was named “Mount IOCTL Attack” by the author. In the paper, “Attack on mount control code of commercial on-the-fly disk encryption software and efficient countermeasure,” the companies used the publically available source code of a popular disk encryption software for their peer review. A hypothetically tampered version of the DeviceIOControl() function could easily wait for a specific IO Control Code (e.g. 466944d = 00072000h) and each time this IOCTL is passed to the function, log the entire set of parameters that is passed along with the function call. These parameters include the entire key required to access the encrypted volume to be mounted IN PLAINTEXT. The companies further disclosed that an SSL-like Diffie-Hellman key exchange between encryption driver and user interface application of a disk encryption software enable for henceforth encrypted communication with the encryption driver, resulting in complete immunity from Mount IOCTL Attack. This countermeasure is already built into the new version of the disk encryption software “TurboCrypt.” Existing users of earlier “TurboCrypt” or “Global Safe Disk” versions are advised to migrate to the new “TurboCrypt” as soon as possible. Source:

Communications Sector

25. January 13, CNET – (International) BlackBerry issues interim security patch. Research in Motion (RIM) issued an interim security patch on Monday, designed to address critical security flaws that could affect some users when opening a malicious PDF attachment. RIM is asking corporate customers to install its interim patch for the BlackBerry Enterprise Server, and the interim patch for BlackBerry Professional Software. RIM also advises BlackBerry users to only open PDF attachments from “trusted sources.” The smartphone maker notes in its security advisory: Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a Blackberry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment service. Source: