Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, August 5, 2009

Complete DHS Daily Report for August 5, 2009

Daily Report

Top Stories

 WPRI 12 Providence reports that the noxious gas that made over 100 people sick on Monday at a New Bedford, Massachusetts waste disposal company came from trash from a construction site. (See item 4)

4. August 4, WPRI 12 Providence – (Massachusetts) Source of noxious gas narrowed to trash. The noxious gas that made over 100 people sick at a New Bedford waste disposal company came from trash from a construction site, authorities said on August 3. Investigators do not know yet what in the pile of trash caused the fumes. Crews are in the process of trying to figure out where the truck came from. A total of 119 people were treated and evaluated on August 3 following the hazmat situation at ABC Disposal Service, Inc. on Shawmut Avenue. According to the company’s website, it transports and disposes of non-hazardous waste. Sixty-six people were taken to St. Luke’s Hospital, including employees and emergency personnel. Two of the victims are reported in critical condition with life-threatening injuries. Another 53 people were transported to Charlton Memorial Hospital in Fall River for treatment. All those treated are reportedly in good condition and have since been released. Five area businesses were also evacuated as a result. The situation was upgraded from a tier one, in which only the fire department responds, to a tier 3, which means about 45 hazmat members respond to a scene. Source:

 WLS 7 Chicago reports that a man was charged with endangering people’s safety by interfering with Chicago Transit Authority radio transmissions. The CTA says the radio hacker posed a threat to trains, buses, and riders. (See item 15)

15. August 3, WLS 7 Chicago – (Illinois) Man accused of hacking CTA radio. A 20-year-old man was charged with endangering people’s safety by interfering with Chicago Transit Authority (CTA) radio transmissions. The CTA says the radio hacker posed a threat to trains, buses, and riders. The Federal Bureau of Investigation (FBI) says the man bought a commercially available radio a year ago and programmed it to transmit and receive CTA frequencies. Initially, investigators say he began with prank calls. “It escalated to the point where he began issuing orders to train operators and bus operators,” said an FBI spokesman. It is alleged that at one point he gave orders that allowed a Blue Line train operator to bypass a red light. Another time, the FBI says he reversed previously given orders to a Green Line operator and told him he did not have to stand at the station. The CTA says early on its control center employees began to recognize his voice and eventually recorded his calls and blocked most of them from reaching train and bus operators. The CTA says he made more than 300 radio calls on CTA frequencies, most during the past month and half. Technology experts say his ‘playing around’ was not easy to do. While buying a radio and listening to frequencies is not against the law, hacking into a radio system takes some time and luck. “Even most secure systems could eventually be broken into,” said a professor from the Illinois Institute of Technology. Source:


Banking and Finance Sector

13. August 3, Orange County Register – (California) Suspicious powder at credit union determined to be drywall dust. A suspicious white powder found at a credit union on August 3, prompting hazmat crews to respond, has been determined to be drywall, authorities said. Authorities were called to Schools First Federal Credit Union when an employee found the powder inside an envelope, said the captain of the Orange County fire authority. The powder was found inside a deposit envelope and discovered by an employee who opened it, said a sergeant of the Tustin Police Department. Two people were isolated and checked by paramedics as a precaution, although they were not experiencing any symptoms. At 11:35 a.m., hazmat crews determined that the substance was not hazardous and appeared to be dust from drywall, the sergeant said. Source:

14. August 3, Reuters – (Florida) U.S. raids Colonial Bank office in Florida. The agency that investigates misuse of U.S. banking bailout money raided two Florida financial institutions on August 3 and Colonial Bank said one of them was its Orlando office. A local source who asked not to be identified said the search involved Colonial’s mortgage division but did not elaborate. A central Florida newspaper, the Ocala Star-Banner, identified the target of the second warrant as the offices of the Taylor, Bean and Whitaker Mortgage Corp in Ocala. Its website showed police and federal agents entering the building, including one whose jacket bore the initials “SIGTARP.” SIGTARP is the Special Inspector General for the Troubled Asset Relief Program and investigates waste and fraud in the TARP program that buys assets from troubled financial institutions in order to stabilize the banking industry. A SIGTARP spokeswoman in Washington would say only that its agents executed two search warrants in Florida on August 3. Source:

Information Technology

38. August 4, ComputerWeekly – (International) Apple sneaks out data leakage patch. Apple has released an upgrade for its GarageBand audio editing application that includes a security patch not mentioned in the update announcement. According to Apple’s support web site, GarageBand 5.1 “addresses general compatibility issues, improves overall stability, and fixes a number of other minor issues”. But a security advisory reveals that the update includes a fix for a security flaw in GarageBand that allows Safari browser users’ web activity to be tracked by third parties and advertisers. The advisory says that when GarageBand is opened, Safari’s preferences are changed to always accept cookies. The default preference is to accept cookies only for the sites being visited. Apple warns that the altered setting may allow third parties and advertisers to track a user’s web activity. Source:

39. August 3, The Register – (International) AES encryption not as tough as you think. Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought. In a soon-to-be-published paper, five researchers show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to guess a key. One technique against the 11-round version of the cipher can be completed in 270 operations; an improvement that a cryptographer says was strong enough to be “almost practical.” Another attack uses only two related keys to crack the complete key of a nine-round version in 239 time, a vast improvement over the 2120 time of the best previous attack. A third attack breaks a 10-round version in 245 time. Like previous attacks on AES, the latest techniques are still wildly impractical, cryptographers say. But because most of the world depends on the encryption standard to keep sensitive records and communications secure from outsiders, the findings are nonetheless significant. AES is also the foundation of several candidates for a new cryptographic hashing algorithm called SHA-3 that will be adopted by the U.S. National Institute of Standards and Technology. “When you’re trying to build a system with a long life span, you want to have ciphers that are very conservative, so if there is a new attack that comes along, you have a long safety margin,” says the president and chief scientist at Cryptography Research, a San Francisco-based consultancy. “If you’re trying to design a system that will be in the field for 30 years, you start worrying about stuff like this.” Source:

40. August 3, Associated Press – (New Jersey) Man is first to be charged with Web name theft. A northern New Jersey man is charged with stealing a prime piece of Internet real estate and reselling it to a basketball player in one of the nation’s first prosecutions of a suspected domain name thief. The 25-year-old, of Union, hacked into an online account belonging to one of the owners of the domain name, New Jersey State Police said on August 3. He allegedly shifted ownership to himself and resold the Web site address on eBay to a Los Angeles Clippers forward who did not know the name was stolen. The suspect, who works for an online research firm, was arrested on July 30 on felony charges of theft by unlawful taking or deception, identity theft and computer theft. A state police spokesman said each of the three counts carries a maximum sentence of 10 years. Source:

41. August 3, The Register – (International) Twitter starts filtering links to malware sites. Micro-blogging site Twitter has begun filtering links to known malware sites. The tactic, noticed by security researchers on August 3 but yet to be officially announced by Twitter, is designed to prevent surfers straying onto sites packed with dangerous exploits. Adoption of the approach follows the increased targeting of Twitter by worms, spam and account hijacking attacks over recent weeks. The widespread use of URL shortening in Twitter messages (which can be no longer than 140 characters) makes it easy to hide the true destination of links. A blog posting by an individual of F-Secure explains how surfers are served up a warning message when they attempt to follow a link from Twitter towards a known bad site. A security researcher at Kaspersky Lab adds that Twitter appears to be using Google’s Safe Browsing API. “It won’t catch everything but is definitively a step forward,” he adds. Source:

Communications Sector

Nothing to report.