Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 28, 2009

Complete DHS Daily Report for August 28, 2009

Daily Report

Top Stories

 According to the Associated Press, a fire broke out Thursday at Sterling Services, a bulk petroleum facility, in Hamtramck, Michigan, sending flames and black smoke hundreds of feet into the air, interrupting Amtrak passenger rail service, and forcing hundreds of people to evacuate the area. (See item 3)

3. August 27, Associated Press – (Michigan) Fire rages at chemical plant near Detroit. A fire broke out Thursday at a chemical plant in Hamtramck, near Detroit, sending flames and black smoke hundreds of feet into the air, interrupting Amtrak passenger rail service, and forcing hundreds of people to evacuate the area. The fire broke out about 11:30 a.m., and Hamtramck officials quickly called in the Detroit and Highland Park fire departments for assistance. The fire is at Sterling Services, a company involved in the biofuel business. There were no reports of injuries. Amtrak passenger rail service was suspended between Pontiac and Detroit, about 20 miles apart. An Amtrak spokesman said passengers will be shuttled between the cities by charter bus. Residents were evacuated for about a half-mile around the fire, said the executive director of the Hamtramck Housing Commission. That included a nearby complex of 36 buildings containing 300 apartments and some 700 to 800 residents, though he said not all were home at the time of the blaze. An evacuation center was set up at a nearby senior center with water available for evacuees. About 15 or 20 people had arrived by about 1 p.m. The plant is in an industrial area with several small factories. Sterling Services Ltd. is registered as a bulk petroleum facility that stores large quantities of gasoline or other fuels, said a spokesman for the Michigan Department of Environmental Quality. State or federal environmental officials will monitor air quality at the scene. Sterling Services is a subsidiary of Southfield-based Sterling Oil & Chemical Co. Inc., according to a company Web site. The Hamtramck facility is on more than five acres and has a storage capacity of about 5 million gallons. Source:

 The Asbury Park Press reports that the Oyster Creek nuclear power plant in Lacey, New Jersey was operating at half its generating capacity Wednesday following a new tritium leak discovered Monday. This is the second leak since the plant was relicensed on April 8. (See item 7)

7. August 26, Asbury Park Press – (New Jersey) Oyster Creek reduces power generation to fix leak. The Oyster Creek nuclear power plant in Lacey was operating at half its generating capacity Wednesday following a new tritium leak discovered Monday. A plant spokesman said the reduction in power generation “allows us to gain safe access to the turbine building and into the 6-inch aluminum line which was found to be leaking.” A Nuclear Regulatory Commission spokesman said that the leak appears to be from an aluminum, non-safety-related condensate transfer line. “The leak is about 48 hours old, and we have a rigorous monitoring system,” the plant spokesman said Wednesday. “We contacted the state nine minutes within getting a positive hit on tritium within a water sample taken.” The plant spokesman said the plant will repair or replace the line. “There is no half-stepping on this,” he said. “They (plant engineers) will work 24 hours a day to get this done quickly and get it done right.” Environmentalists who oppose the power plant’s operation were quick to respond. The director of the New Jersey Sierra Club said, “This is the second leak since the plant was relicensed. This shows the plant is unsafe and should be closed pending an independent evaluation.” The NRC renewed Oyster Creek’s operating license on April 8. Source:


Banking and Finance Sector

14. August 27, Bloomberg – (International) Swiss negotiator for UBS says IRS may seek more data. Switzerland’s chief negotiator in the UBS AG tax case said the U.S. Internal Revenue Service may request names of American clients from other banks after the Swiss government agreed to hand over UBS account details. “It is possible that the IRS will ask for more data on U.S. customers at other Swiss banks,” the individual who led discussions for the Swiss foreign ministry said on August 26 in written comments to Bloomberg News. The individual is the country’s most senior diplomat and a mathematician by training. A disclosure similar in scope to the August 19 agreement is “questionable” because UBS is the only Swiss bank to admit unlawful behavior in its efforts to win rich U.S. clients, he said. The IRS plans to target more banks, law firms and entities that help Americans hide assets, the IRS commissioner said when the settlement was announced. While Swiss banks manage about 27 percent of the world’s offshore wealth, tax evasion through offshore accounts robs the U.S. of $100 billion annually, according to U.S. officials. Under the deal, UBS agreed to provide Swiss authorities with details of 4,450 accounts where “tax fraud or the like” is suspected. While Switzerland has a year to decide which data to pass on to the IRS, legal appeals may delay the transfer beyond that time period, according to a Swiss justice ministry spokesman. Source:

15. August 27, WKYC 3 Cleveland – (Ohio) Cleveland: Largest mortgage scam in U.S. history uncovered here. Just as Cleveland became the foreclosure capital of the country, prosecutors say a savvy man with an eye for real estate found a way to scam and profit. The defendant, of Beachwood, was charged August 25 for masterminding the largest mortgage scam in U.S. history. For over thirty minutes, representatives from the FBI, the Ohio Attorney General’s Office and Cuyahoga County prosecutors explained in detail how the defendant capitalized on the crisis. Prosecutors allege he would enlist “straw buyers” to purchase foreclosed homes. A second set of buyers would then use false documents to acquire bank loans that allowed them to buy the home at twice the original purchase price. The defedant and his team would then pocket the difference, leaving the lenders holding the bag. In all, 453 homes were purchased with $44 million in fraudulent loans. Source:

16. August 27, Reuters – (National) Wilbur Ross says FDIC bank rules better. A billionaire investor said on August 27 that while he plans to invest further in banks, the capital requirements for private equity investment in the sector set by regulators yesterday are limiting. The investor, in an interview with Reuters Television, said the Federal Deposit Insurance Corp decision on Wednesday to set a Tier 1 common equity ratio at 10 percent rather than the 15 percent previously proposed did not go far enough. “We will now be able to be a bidder, whereas at the 15 percent capital level it would have been ridiculous ... We’ll be in the game, but not as aggressively as we had been,” he said. He said an equity ratio of 7.5 percent would still be 50 percent more than a typical bank must have to be well capitalized, and would reduce the capital required to buy a bank while also improving returns. He said he is particularly interested in the Sun Belt states, including Florida, Arizona, Texas and potentially Nevada, where retail deposits are strong. Source:

17. August 26, Virginia Gazette – (Virgina) C&F Bank warns of phishing scam. C&F Bank is warning customers about a scam targeting cell phone customers of Verizon and Sprint. According to a statement issued by the bank on August 2, the scam involves an attempt to use e-mail or text messages to extract account or personal information from people who may or may not be C&F customers.The message will ask the recipient to respond to a “problem” and ask for account numbers, passwords, etc. No bank will ask customers for sensitive account information. In this case, it appears a large amount of Sprint and Verizon cellular numbers were acquired by criminals. The same message was sent to all recipients, inserting a bank name, in some cases C&F, in the subject line. Anyone receiving the suspicious e-mails or messages is asked to call the bank and report the incident. Source:

Information Technology

43. August 26, Nextgov – (National) DHS to test Obama’s national cyber response plan with third large-scale exercise. The Homeland Security Department’s third large-scale cybersecurity drill in September 2010 will test the national cyber response plan currently being developed by the U.S. Presidential Administration, said industry and government participants in the simulation exercise during a conference on August 25. Cyber Storm III will build upon the lessons learned in the two previous exercises that took place in February 2006 and March 2008, and provide the first opportunity to assess the White House strategy for responding to a cyberattack with nationwide impact. “The national cyber response plan will be an offshoot of a lot of the findings that came out of Cyber Storm I and II that will formalize the roles and responsibilities,” said the director of the cyber exercises program in DHS’ national cybersecurity division. He participated on an afternoon panel at the GFirst conference in Atlanta hosted by the department’s U.S. Computer Emergency Readiness Team. “It’s not a direct cause-and-effect relationship, but a lot of questions bubbled up [from the exercises],” followed by the announcement along with the U.S. President’s 60-day cyber review that a response plan should be developed. Details of the national cyber response plan are still being finalized through weekly meetings with stakeholders from federal government and industry. An initial report is scheduled to be released in November, less than a year before Cyber Storm III kicks off, said the vice president of government affairs and critical infrastructure protection at Juniper Networks, who is among the industry representatives involved in both the plan’s development and the Cyber Storm exercises. Source:

44. August 26, New York Times – (International) Defying experts, rogue computer code still lurks. The rogue software program known as Conficker that glided onto the Internet last November has confounded the efforts of top security experts to eradicate the program and trace its origins and purpose, exposing serious weaknesses in the world’s digital infrastructure. Conficker uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. With more than five million of these zombies now under its control — government, business and home computers in more than 200 countries — this shadowy computer has power that dwarfs that of the world’s largest data centers. Computer security experts decoded the program and developed antivirus software that erased it from millions of the computers. Researchers speculate that the computer could be employed to generate vast amounts of spam; it could steal information like passwords and logins by capturing keystrokes on infected computers; it could deliver fake antivirus warnings to trick naive users into believing their computers are infected and persuading them to pay by credit card to have the infection removed. There is also a different possibility that concerns the researchers: That the program was not designed by a criminal gang, but instead by an intelligence agency or the military of some country to monitor or disable an enemy’s computers. The experts have only tiny clues about the location of the program’s authors. The first version included software that stopped the program if it infected a machine with a Ukrainian language keyboard. There may have been two initial infections — in Buenos Aires and in Kiev. The program is protected by internal defense mechanisms that make it hard to erase, and even kills or hides from programs designed to look for botnets. A member of the security team said that the FBI had suspects, but was moving slowly because it needed to build a relationship with “noncorrupt” law enforcement agencies in the countries

45. August 26, Fileforum – (International) Microsoft Windows Server Update Service (WSUS). WSUS is the new name for the next version of Windows Server Update Service (WSUS). WSUS (previously SUS 2.0) is a feature of Windows Server. It is a patch and update tool that offers an effective and quick way to help a user get secure and stay secure. It represents the first step toward delivering core software distributionand update management infrastructure in Windows. It has both a server and client component. WUS will support updating Windows operating systems as well as all Microsoft corporate software over time. When initially released, it will support updating Windows XP Professional, Windows 2000, Windows Server 2003, MicrosofOffice XP, Office 2003, SQL Server 2000, MSDE 2000, and Exchange Server 2003. Source:

46. August 26, SCMagazine – (International) Twitter XSS vulnerability not yet fixed. A major cross-site-scripting vulnerability in Twitter that could result in a user’s account being taken over has yet to be fixed despite Twitter’s claim that it has, according to thsoftware developer who discovered the bug. The developer first described the vulnerability, which allows malicious JavaScript code to be inserted into tweets, on August 25 on the blog of a search marketing executive. Twitter’s application programming interface (API), used by developers to create applications to post tweets,such as TweetDeck, TwitterFox or HootSuite, does not properly filter the URL of thesprograms. As a result, users could actually insert malicious JavaScript code along witha URL. “With a few minutes work, someone with a bit of technical expertise could make a Twitter ‘application’ and start sending tweets with it,” the developer explainedin a blog post on August 26. “It can be arranged so that if another Twitter user so mucas sees one of these tweets, and they are logged in to Twitter, their account could be taken over.” Because of the bug, attackers could capture account credentials, redirect auser to a site of their choosing, alter a user’s tweets or “followers,” or send messages from a compromised account. “The main impact is that it could be abused by anyone really, to steal your [login] details or impersonate your Twitter,” the developer, who works for search engine optimization company, Bronco Internet, told Source:

Communications Sector

Nothing to report.