Department of Homeland Security Daily Open Source Infrastructure Report

Friday, March 13, 2009

Complete DHS Daily Report for March 13, 2009

Daily Report


 According to the Associated Press, a vapor release occurred Wednesday at the Sunoco refinery in Philadelphia, and 10 contractors were taken to hospitals for possible exposure, officials said. (See item 2)

2. March 12, Associated Press – (Pennsylvania) 10 evaluated after Sunoco vapor release. A vapor release was reported March 11 at the Sunoco refinery in Philadelphia, and 10 contractors were taken to hospitals for possible exposure, officials said. The release occurred at about 10:30 a.m. at the refinery, and Sunoco officials said the company’s emergency-personnel responded immediately to the situation. The area was secured, and the vapor release was stopped. The Sunoco contractors who were possibly exposed were taken to a refinery clinic and then area hospitals out of an abundance of caution, officials said. Sunoco officials said they do not expect any off-site impact, and no evacuations occurred. The nature of the vapor release and its cause are under investigation. Source:

 CNN reports that National Transportation Safety Board officials on Wednesday issued an “urgent” recommendation calling for a redesign of a component on some Boeing 777 aircraft engines, a component blamed for two major mishaps in the past year. (See item 18)

18. March 12, CNN – (National) ‘Urgent’ repair recommended for some Boeing 777 engines. On March 11, federal transportation safety officials issued an “urgent” recommendation calling for a redesign of a component on some Boeing 777 aircraft engines, a component blamed for two major mishaps in the past year. National Transportation Safety Board investigators said the Rolls-Royce engine component played a role in the January 17, 2008 crash of a British Airways jet near London’s Heathrow Airport. Both the plane’s engines lost power as the plane approached the runway, and 13 people were injured in the resulting crash. Ten months later, on November 26, 2008, a Delta Air Lines Boeing 777 was in cruise flight over Montana when an engine lost power. That plane landed safely in Atlanta after pilots performed a procedure developed in response to the Heathrow crash. In both cases, the NTSB said, a build-up of ice on a fuel/oil heat exchanger restricted the flow of fuel to the Rolls-Royce engines, reducing power. “With two of these rollback events occurring within a year, we believe that there is a high probability of something similar happening again,” the NTSB acting chairman said in a news release. The Federal Aviation Administration recently ordered operators of Boeing 777s that use the Rolls Royce engines to revise flight manuals to give pilots procedures to follow in certain cold weather conditions, outlining steps they should take if their jets experience a reduction of power. But on March 11, the NTSB said the FAA action does not go far enough. “The procedure has worked and it has been effective in significantly reducing the likelihood [of an incident],” said NTSB -8-

spokesman. “But that’s not enough. We need a permanent fix.” Source:


Banking and Finance Sector

15. March 12, Bloomberg – (New York) Madoff is guilty in Ponzi scheme; judge weighs jail. A defendant admitted he was the mastermind behind the largest Ponzi scheme ever, an historic fraud that swindled investors out of as much as $65 billion and made him the symbol of investor distrust in a global recession. The defendant entered his guilty plea in Manhattan federal court three months after confessing to relatives that his firm, Bernard L. Madoff Investment Securities LLC, was “one big lie.” A U.S. District judge will now hear arguments on whether the defendant, who has been free on $10 million bond, should be immediately jailed while awaiting sentencing, scheduled for June 16. He faces as much as 150 years in prison. The defendant’s guilty plea marks the downfall of a once-acclaimed money manager who told the world his fortune came through an eponymous firm that specialized in making markets, trading securities and advising wealthy clients. Source:

16. March 12, Detroit Free Press – (Michigan) Fake credit union called real scam. Consumers looking for a break on a loan are being warned to watch out for scam artists promoting a fake credit union on the Internet. The Michigan Office of Financial and Insurance Regulation has issued a cease and desist order for a so-called Dearborn-based Communal Credit Union. “No one is at the physical address that they list,” said a public information officer for Michigan’s regulatory office. State regulators had heard about Communal after consumers called their hotline. The commissioner of OFIR said the firm is not a credit union and not authorized to do business in Michigan. Regulators found an empty storefront when they visited the site. Regulators said they do not know who is behind the scam. Source:

17. March 12, – (Pennsylvania) Bank of America reports ATM scam in Lehigh Valley. Bethlehem police said Bank of America believes someone is using area ATMs to steal money from customers’ accounts. Bank of America reported on March 10 that an ATM scam bilked Lehigh Valley customers out of at least $21,000. The bank said local and federal authorities are investigating. Bethlehem police said the bank branch claimed on March 10 that the accounts of seven customers, from Allentown to Plainfield, New Jersey, were violated by someone with false ATM cards and stolen account information. The perpetrator made several large withdrawals at ATMs from the accounts, police said. Police are unsure how account information was leaked, but some evidence suggests the possible use of a skimmer, an electronic device that can be placed over a card slot on an ATM, or any other card-reader device, to record account information. Source:

Information Technology

37. March 11, Enterprise Security – (International) Microsoft puts the kibosh on Facebook worm Koobface. Microsoft Corp. is trying to stamp out the Koobface worm, which has spread aggressively on social networking sites such as Facebook and MySpace, the company said on March 10. In a post to the company’s Malware Protection Center blog, a researcher said that definitions for Koobface have been added to the Malicious Software Removal Tool (MSRT), the free anti-malware utility that Microsoft automatically delivers to users every month on Patch Tuesday. Koobface, which first appeared in May 2008, struck Facebook again recently, with researchers at Trend Micro Inc. tracking its romp through the service. According to a Trend Micro researcher, the new variant tries to trick users into downloading a bogus update to Adobe System Inc.’s Flash and spreads by hijacking browser cookies to 10 different social networking sites, and then using the cookies to log into accounts and spew out more fake messages to friends. According to the researcher, the MSRT update targets a wide range of components that fall under the Koobface category. “This family is not just a worm, but a collection of different components that can each perform a different task,” he said. “These include downloading, Web hosting, password stealing, displaying pop-ups and sending messages to contacts on various social network Web sites.” Source:

38. March 11, DarkReading – (International) Victims argue findings of Romanian white hat hacker group. The Romanian white hat hackers who have been exposing vulnerabilities in major Web sites and databases during the past month are not always “playing fair” in the penetration testing game, some “victims” say. The white hat group, which is led by a researcher known only as “unu” and posts its findings on its own Web site, has exposed SQL injection flaws and other vulnerabilities in several high-profile sites since February, including sites belonging to security vendors Kaspersky, BitDefender, F-Secure, and Symantec, as well as the International Herald Tribune newspaper. During the past few days, HackersBlog has reported new vulnerabilities in the Web sites of U.K. newspaper the Telegraph, as well as on a Website belonging to telecommunications giant BT. In both cases, and as in its previous vulnerability reports, HackersBlog said the group had demonstrated the ability to penetrate back-end databases containing sensitive data. But two of the most recent “victims” of HackersBlog’s attacks said the white hat group is overstating its achievements. In a statement released on March 11, BT said that HackersBlog had succeeded in only penetrating a testing database that contained no live data. “BT has carried out a thorough investigation of this alleged breach. We have found that access was gained to a test database and therefore no customer details were revealed at any time,” the statement said. “When sites are under test, they do not contain live data and are often not included within our secure network until they become operational…Our operational systems have not been affected in any way by this attempt to break through our security.” Source:;jsessionid=HXHSIICZTKJ54QSNDLRSKH0CJUNN2JVN?articleID=215801967

Communications Sector

Nothing to report