Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 22, 2009

Complete DHS Daily Report for July 22, 2009

Daily Report

Top Stories

 The Stockton Record reports that about 250 bank employees were evacuated for three hours on Monday from the second floor of the Chase Bank Plaza in Stockton, California so firefighters could remove a suspicious granular material from the building. Stockton Police are calling the incident a terrorist threat. (See item 12)


12. July 21, Stockton Record – (California) Hazmat call prompts Chase evacuation. About 250 bank employees were evacuated for three hours on July 20 from the second floor of the downtown Chase Bank Plaza so Stockton firefighters could remove a suspicious granular material from the building. Stockton police have opened a criminal investigation into the incident, which they are calling a terrorist threat, since the bank reported receiving several envelopes by mail, one containing threats and the others containing the granular material. Several agencies responded to the incident at 400 E. Main St. (previously known as Washington Mutual Plaza) that was first reported to police at 11:09 a.m. on July 20, including the Stockton Fire Department’s Hazardous Materials Response Team, the FBI and San Joaquin County Public Health Services. Stockton police also notified the U.S. Postal Inspection Service and the U.S. Department of Justice Joint Terrorism Task Force. Police did not provide specifics on the nature of the threats the bank received nor more details on the granular material or how many envelopes were involved. Firefighters with the hazmat team wearing chemical protective suits entered the building more than an hour after the initial call to police. About 1:30 p.m., three firefighters in T-shirts left the building, two of them carrying plastic bags that contained the suspect material.

Source: http://www.recordnet.com/apps/pbcs.dll/article?AID=/20090721/A_NEWS/907210319/-1/A_NEWS02


13. July 21, Charleston Post and Courier – (South Carolina) Beware debit card scam. Watchdog is passing on a warning from the South Carolina Department of Consumer Affairs alerting state residents about a debit card scam. Midlands residents are being targeted, but consumer affairs warns that the scam is expected to spread across the state. Consumer affairs says people are receiving calls claiming their debit cards have been blocked and are told to respond to automated instructions to “unblock” or “re-activate” their cards. Reports from consumers indicate the scam is targeting both cell phones and landlines. The scam is designed to obtain sensitive bank account numbers, and consumer officials urge people to avoid answering the phone or hang up immediately if they receive a call from the following number: 520-882-7767. The number belongs to an Arizona heating and cooling company and is fraudulently being used without the company’s permission to perpetrate the scam, officials said. Source: http://www.postandcourier.com/news/2009/jul/21/warning_watch_out_new_debit_card_scam89825/


 According to Environment News Service, the U.S. Army has acknowledged that the nerve gas leak monitors at the Blue Grass chemical weapons storage depot in Richmond, Kentucky were not working from 2003 to 2005. The admission is contained in a U.S. Army Inspector General report dated February 2006 but released Monday. (See item 25)


25. July 20, Environment News Service – (Kentucky) Kentucky chemical weapons leaks detectors dysfunctional for years. The U.S. Army has acknowledged that the nerve gas leak monitors at a Kentucky chemical weapons storage depot were not working for nearly two years, 2003-2005. The admission is contained in a U.S. Army Inspector General report dated February 2006 but released Monday. Managers of chemical weapons storage at the Blue Grass Army Depot, located outside of Richmond, 30 miles south of Lexington, had rendered the detectors inoperative and the problem was remedied only after a whistleblower was forced to file a complaint, according to the Inspector General investigation posted Monday by Public Employees for Environmental Responsibility, or PEER. The Army Inspector General report, dated February 10, 2006, finds that “Minicams sampling configuration change and poor air monitoring equipment maintenance caused incorrect air monitoring data results for agent VX.” Source: http://www.ens-newswire.com/ens/jul2009/2009-07-20-095.asp


Details

Banking and Finance Sector

12. July 21, Stockton Record – (California) Hazmat call prompts Chase evacuation. About 250 bank employees were evacuated for three hours on July 20 from the second floor of the downtown Chase Bank Plaza so Stockton firefighters could remove a suspicious granular material from the building. Stockton police have opened a criminal investigation into the incident, which they are calling a terrorist threat, since the bank reported receiving several envelopes by mail, one containing threats and the others containing the granular material. Several agencies responded to the incident at 400 E. Main St. (previously known as Washington Mutual Plaza) that was first reported to police at 11:09 a.m. on July 20, including the Stockton Fire Department’s Hazardous Materials Response Team, the FBI and San Joaquin County Public Health Services. Stockton police also notified the U.S. Postal Inspection Service and the U.S. Department of Justice Joint Terrorism Task Force. Police did not provide specifics on the nature of the threats the bank received nor more details on the granular material or how many envelopes were involved. Firefighters with the hazmat team wearing chemical protective suits entered the building more than an hour after the initial call to police. About 1:30 p.m., three firefighters in T-shirts left the building, two of them carrying plastic bags that contained the suspect material. Source: http://www.recordnet.com/apps/pbcs.dll/article?AID=/20090721/A_NEWS/907210319/-1/A_NEWS02


13. July 21, Charleston Post and Courier – (South Carolina) Beware debit card scam. Watchdog is passing on a warning from the South Carolina Department of Consumer Affairs alerting state residents about a debit card scam. Midlands residents are being targeted, but consumer affairs warns that the scam is expected to spread across the state. Consumer affairs says people are receiving calls claiming their debit cards have been blocked and are told to respond to automated instructions to “unblock” or “re-activate” their cards. Reports from consumers indicate the scam is targeting both cell phones and landlines. The scam is designed to obtain sensitive bank account numbers, and consumer officials urge people to avoid answering the phone or hang up immediately if they receive a call from the following number: 520-882-7767. The number belongs to an Arizona heating and cooling company and is fraudulently being used without the company’s permission to perpetrate the scam, officials said. Source: http://www.postandcourier.com/news/2009/jul/21/warning_watch_out_new_debit_card_scam89825/


Information Technology


30. July 21, Abu Dhabi National – (International) Blackberry maker questions Etisalat software upgrade. Research in Motion (RIM), the Canadian company that produces the BlackBerry mobile e-mail device, has distanced itself from a recent software patch sent to its UAE customers by Etisalat, and called into question statements made by the operator. In a statement mailed to the media, RIM said the Etisalat software, labeled as “spyware” by a prominent mobile security company, is “not a patch and it is not a RIM authorized upgrade.” “RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application,” it said. “Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry hand-held, but rather to send received messages back to a central server.” Like Etisalat, RIM has said little on the software patch since reports of its negative effects on handsets and intended function as an e-mail monitoring and tool emerged last week. The company cancelled scheduled interviews with the local media and has not replied to requests for comment. But in the eight-page statement, the company took issue with Etisalat’s response, which described the patch as “required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.” According to the RIM document, “in general terms, a third-party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low-level radio communications protocols that would be involved in making such improvements.” “In this case, Etisalat appears to have distributed a telecommunications surveillance application,” it added, saying that it “does not endorse the development of this type of software for any platform.” Source: http://www.thenational.ae/apps/pbcs.dll/article?AID=/20090721/BUSINESS/707219986/-1/SPORT


31. July 20, TV Guide – (International) Naked video of ESPN reporter used to spread virus. If a user happens to come across a Web site that claims to feature video footage of an ESPN sportscaster naked, do not click on it. Clever hackers are using the demand for the video to spread a computer virus, according to anti-virus and security company Sophos. Source: http://www.seattlepi.com/tvguide/408278_tvgif20.html


32. July 20, Spamfighter News – (International) F-secure – detection radar fails to identify sophisticated phishing attacks. According to security company F-Secure, samples of well-designed targeted attacks evidently suggest that while maintaining a suspicious approach does a lot to keep up security, some particularly risky attacks might just pass users’ notice. Targeted attacks, also called spear phishing attacks, generally send a carefully crafted electronic message to specially selected individuals. The e-mails are well written without the usual errors and typos that normally accompany malicious e-mail campaigns. They are much fewer in number but comparatively more harmful than ordinary attacks. For its analysis, F-Secure cited seven samples that used lures for infecting targeted persons in various organizations so that their computers could be accessed. The security vendor says that all attack codes would plant malware on the victims’ computers, but these attacks’ targets remain unknown. Among the five samples, one message uses German language and another Russian. If anybody viewed the .doc or .pdf files, they perhaps will not find anything missing. These messages have the chances of getting blocked if users’ security software is up-to-date. Further, targeted attacks that exploit software flaws could also be prevented if users already have security patches installed, provided the attacks chase un-patched zero-day vulnerabilities. The company says that till May 2009, the file format that was abused to the maximum was the PDF format. However, during 2008, F-Secure detected nearly 1,968 files in targeted attacks among which DOC, i.e. Microsoft Word file, was the most widely used file type representing 34.55 percent. The changes seen in the popularity of file types was chiefly due to more security flaws in Adobe Reader/Acrobat compared to in Microsoft Office software, security analysts stated. They further added that these targeted assaults had been increasing very fast everywhere. Moreover, in similar news, CPP the life support organization indicated that in the United Kingdom, over 77 percent of people got phishing e-mails spoofing banks during June 2008-May 2009. Source: http://www.spamfighter.com/News-12754-F-Secure-Detection-Radar-Fails-to-Identify-Sophisticated-Phishing-Attacks.htm


33. July 20, IDG News Service – (International) Adobe doles out bug-filled PDF Reader to users. Adobe delivers an out-of-date version of Reader to users who download the popular application from its Web site, a security company warned on July 20. The edition Adobe currently offers includes at least 14 security vulnerabilities that have been patched by the company in the last two months. Danish vulnerability tracking vendor Secunia first noticed that Adobe was offering an outdated Reader when users of its Personal Software Inspector (PSI) utility, which scans Windows PCs for unpatched applications, started complaining when the tool said they were running a vulnerable version, even though they had just downloaded the PDF viewer. “There was some confusion about Adobe Reader,” said the manager of the PSI partner program. “Users had downloaded the latest Reader, but still PSI was telling them that it was vulnerable.” At first, Secunia suspected that PSI was throwing off a “false positive,” but that was not the case. “Adobe.com ships software with known vulnerabilities,” the manager said. The version now hosted on Adobe’s Web site is Reader 9.1, an edition that was released March 10 to plug several holes, including one that had been actively exploited by hackers since at least January 9, 2009. Adobe has issued two security updates since then. The first, released May 12, patched another “zero-day” bug in Reader, while the second, issued June 9, fixed at least 13 critical flaws reported by outside researchers and secretly patched an unspecified number of bugs found by Adobe’s own security team. Computerworld confirmed that Adobe’s Web site offers Reader 9.1 to users who download the application. Adobe did not reply to a request for comment on why it posts an out-of-date edition on its site. Source: http://news.idg.no/cw/art.cfm?id=9993F159-1A64-6A71-CE634C98EC3363A7

Communications Sector

34. July 15, Meadville Tribune – (Pennsylvania) Area gets first-of-its-kind in state communication tower. It is designed to provide communications for emergency responders whenever and wherever they need it in a seven-county area of northwestern Pennsylvania. The first of its kind in Pennsylvania, a state-of-the-art mobile communications unit complete with 65-foot tower is now available for use in Crawford, Clarion, Erie, Forest, Mercer, Venango and Warren counties. It may be used in the event of a disaster or power outage or set up to provide communications in a major planned event. The unit has a communications tower, control boxes, video cameras and computer software, all housed on a trailer so it may be moved and set up wherever needed. The unit’s radio equipment is climate-controlled and has its own diesel-powered electrical generator that can run for up to 24 hours before refueling. The controller boxes contain radio systems that enable communications between different radio systems used by police, fire and medical personnel. The communications equipment was acquired from Mobilcom of Meadville while the specialized trailer was constructed by Pepro Corp. of Oil City. “This enhances our communication capability,” said the director of Crawford County Emergency Management Agency. “With this unit, it brings all our (radio) frequencies together and we’re able to talk to one another even though we may be on different frequencies.” Through state-of-the-art electronics, the radio system equipment contained in the MCU can be programmed, via a computer, to mirror specific county radio dispatching channels. It also can be programmed to communicate outside the established area. The system can be set-up in about 30 to 45 minutes, according to officials. Source: http://www.meadvilletribune.com/local/local_story_196010142.html