Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 24, 2009

Complete DHS Daily Report for November 24, 2009

Daily Report

Top Stories

 According to the Macon Sun, officials say eight railroad cars, one loaded with thousands of gallons of sulfuric acid, derailed in a sparsely populated rural area west of Columbia on November 22. (See item 4)


4. November 22, Macon Sun – (South Carolina) Rail car loaded with acid derails in central SC. Officials say eight railroad cars, one loaded with thousands of gallons of sulfuric acid, derailed in a sparsely populated rural area west of Columbia. Officials tell The State newspaper that no injuries have been reported and that residents of two nearby houses have gone to stay with relatives. The derailment Sunday morning was near Gilbert, about 30 miles from the capital city. Officials say no immediate danger exists because the tank car containing the acid had not leaked. Sulfuric acid gives off harmful fumes that can burn the skin and eyes. About 50 emergency workers on the scene had gas masks ready. A spokesman for Norfolk Southern, says the train had 10 cars in all, including two locomotives. The spokesman says the train was traveling from Linwood, North Carolina to Savannah, Georgia. Source: http://www.macon.com/220/story/927044.html


 The Agence France-Presse reported that a radiation leak on November 21 at Three Mile Island, the site of the worst nuclear accident in US history, sent home about 150 workers. (See item 9)


9. November 22, Agence France-Presse – (Pennsylvania) Radiation leak at Three Mile Island nuclear plant. A radiation leak Saturday at Three Mile Island, the site of the worst nuclear accident in US history, has sent home about 150 workers, the Nuclear Regulatory Commission reported Sunday. “They had an airborne radiological contamination alarm,” an NRC spokeswoman told AFP. “They evaluated all the workers, a handful of workers — I don’t have a precise number — had contamination. They since have been decontaminated,” she said. About 150 people work in the building where the leak occurred. “There was no impact on public health safety and it does not appear to have an impact on the workers,” she said adding that “this kind of incident occurs once in a while.” So far, “they don’t know the origin of the contamination,” the spokeswoman said. “There were a lot of activities going on at the time and when the alarm sounded. The engineers are working to determine what the cause was.” “It’s a minor incident,” she said stressing it was “under control.” Source: http://www.google.com/hostednews/afp/article/ALeqM5gTVMy0-BHwG4jKMvQ8deGgaWwA-w


Details

Banking and Finance Sector

14. November 23, BBC – (International) New iPhone worm can act like botnet say experts. A second worm to hit the iPhone has been unearthed by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank’s customers to a lookalike site with a log-in screen. The worm attacks “jail-broken” phones - a modification which enables the user to run non-Apple approved software on their handset. The handsets at risk also have SSH (secure shell) installed. SSH is a file-transfer program that enables users to remotely connect to their phones. It comes with a default password, “alpine” which should be changed. Users who have installed SSH and not changed the password are especially at risk. The new worm is more serious than the first because it can behave like a botnet, warns F-Secure. This enables the phone to be accessed or controlled remotely without the permission of its owner. “It’s the second iPhone worm ever and the first that’s clearly malicious - there’s a clear financial motive behind it,” a F-Secure research director told the BBC. “It’s fairly isolated and specific to Netherlands but it is capable of spreading.” He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot. Source: http://news.bbc.co.uk/2/hi/technology/8373739.stm


15. November 23, Bank Info Security – (Texas) Former Texas credit union employee convicted in insider fraud case. A former credit union employee pled guilty to embezzling more than $30,000 from his employer, First Service Credit Union in Houston, says a U.S. attorney. The 41 year old, of Houston, pled guilty last week in the U.S. Southern District Court, admitting to bank fraud and aggravated identity theft arising from a scheme he devised while working at the credit union as the Senior Vice President of Area Operations. He was responsible for managing and supervising credit union employees and the daily operations of the branches of the credit union. In that position, he transferred money from one customer’s account into another without their knowledge, the U.S. attorney said. The guilty party would then withdraw the funds using ATM cards he also obtained without the customer’s consent. From December 1, 2006, through January 31, 2008, he made more than 200 ATM illegal account transfers and illegal ATM withdrawals, totaling more than $30,000. The guilty party’s fraud came to light in 2008, when a first Service Credit Union member reported suspicious activity. Source: http://www.bankinfosecurity.com/articles.php?art_id=1960


16. November 21, Miami Herald – (Florida) Commerce Bank of Southwest Florida seized, promptly sold. Banking regulators seized Commerce Bank of Southwest Florida and sold the tiny Fort Myers bank to Central Bank, of Stillwater, Minnesota, marking the 124th U.S. bank to fail during 2009 and the 12th in Florida. The sole branch of Commerce Bank of Southwest Florida is set to reopen Monday as a branch of Central Bank. Central Bank, a small Minnesota-based institution, has recently been buying up failed institutions. It previously had no banking presence in Florida. The Federal Deposit Insurance Corp. was appointed receiver of the failed bank by the Florida Office of Financial Regulation. The FDIC agreed to share in losses related to $61 million of Commerce Bank’s assets as part of its deal with Central Bank, which is taking on all of the bank’s $79.7 million in assets. The FDIC estimates the bank failure will cost its insurance fund $23.6 million, which it said was the least costly resolution it could find. Source: http://www.miamiherald.com/business/story/1345074.html


17. November 21, Eugene Register-Guard – (Oregon) 13 indicted in loan fraud case. A federal grand jury in Eugene has indicted 13 people, including a Junction City man, on mortgage and loan fraud charges linked to the collapse of a Bend real estate development firm, federal officials announced on November 21. According to the indictments, various financial institutions lost more than $19 million after lending Desert Sun Development officials money for several commercial and residential projects, some of which were never built. As part of the scheme, Desert Sun Development officials are alleged to have told lenders that construction was under way on some buildings when in fact it was not. The company shut down last year. The affected banks include Eugene-based Liberty Bank, Portland-based Umpqua Bank, Minneapolis-based US Bank and Tennessee-based First Horizon Home Loan Corp. “These indictments represent a significant step in the government’s efforts to detect and prosecute mortgage fraud,” an acting U.S. attorney said. “The conduct alleged in these indictments is typical of what has caused so much havoc in the mortgage and financial sectors.” The Desert Sun case is believed to be the largest lending fraud investigation in Oregon to arise from a decade long national real estate boom that finally went bust in 2008. Source: http://www.registerguard.com/csp/cms/sites/web/updates/23422053-55/story.csp


Information Technology


37. November 23, DarkReading – (International) Microsoft: ‘TaterF’ worm top malware threat so far this month. Microsoft’s Malicious Software Removal Tool (MSRT) removed malware from more than 1.5 million machines just three days after it was updated on November’s Patch Tuesday, and the software giant has detected two new fake antivirus threats on more than 110,000 machines. The latest statistics come on the heels of Microsoft’s recently published Security Intelligence Report, which found worms jumped 98.4 percent to the number two threat, behind Trojans. Trojans include rogue antivirus software. One of the worm families Microsoft attributed that jump to was TaterF, which so far is also the most prevalent piece of malware MSRT has killed this month, according to Microsoft’s latest statistics: The TaterF worm was found on 239,870 machines. TaterF is a worm that steals online gaming credentials and spreads via Microsoft’s Autorun feature and has hit enterprises hard because users who play games at home infect their work machines via USB keys, for instance, according to Microsoft. According to the SIR report from earlier this month, the number of machines infected with TaterF has increased from 2 million machines in the second half of last year to 4.9 million in the first half of this year. This month, the top threats found by Microsoft’s MSRT are mainly password-stealers like TaterF that grab online gaming credentials, online banking credentials, and other online user accounts. Rogue AV products and Trojan downloaders for them were also high on the list, as well as Trojan downloaders that typically infect machines via drive-by attacks. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221900560


38. November 21, CNET News – (International) Firefox: Heat and the CPU usage problem. Firefox has a CPU usage issue and, consequently, can cause overheating problems in some laptops, particularly ultraportables. This is documented on a Mozilla support page entitled “Firefox consumes a lot of CPU resources.” The page states: “At times, Firefox may require significant CPU [central processing unit] resources in order to download, process, and display Web content.” And forum postings like this one about a Dell Netbook are not uncommon: “Mini9 would get way too hot.” The Mozilla support page goes on to say that “you can review and monitor CPU usage through specific tools” and describes ways to limit CPU usage, such as: “A Firefox add-on, called Flashblock, allows you to selectively enable and disable Flash content on Web sites.” CPU usage can become an issue in ultraportables—typically under an inch thick—which are more sensitive to heat because of the design constraints. Source: http://news.cnet.com/8301-13924_3-10396076-64.html


39. November 21, Journal Register News Service – (National) Hackers indicted for disrupting Comcast. Three men associated with the computer hacker group Kryogeniks were indicted in federal court Thursday for allegedly disrupting Comcast Internet service and redirecting online traffic to Web sites they had set up. The 2008 cyber attack prevented subscribers of www.comcast.net from accessing their e-mail, digital voicemail and other services on the Web site that an estimated 5 million people connect to on a daily basis. The three men were charged with conspiring to hack into the computer network in May of last year, according to the U.S. Attorney’s Office of the Southeastern District of Pennsylvania. Source: http://www.pottstownmercury.com/articles/2009/11/21/news/srv0000006880580.txt


40. November 20, The Register – (International) Wrecking CRU: hackers cause massive climate data breach. The University of East Anglia has confirmed that a data breach has put a large quantity of emails and other documents from staff at its Climate Research Unit online. CRU is one of the three leading climate research centres in the UK, and a globally acknowledged authority on temperature reconstructions. CRU declined to say whether it would attempt to halt the data breach. In a statement a spokesman told The Register: “We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all of this material is genuine.” A 61MB ZIP file was posted on a Russian FTP server on November 20. It contains over a thousand emails, and around three thousand other items including source code and data files. A spokesman confirmed there had been a hack, and that staff documents had been published, but declined to say whether the University would be seeking to halt further dissemination of the data. Source: http://www.theregister.co.uk/2009/11/20/cru_climate_hack/


Communications Sector

41. November 23, Trading Markets – (International) VOD ‘Vodafone back-up system failed during recent network outage. The widespread failure of Vodafone Netherlands’ GSM and UMTS network on 18 and 19 November was caused by a unique combination of factors. On 18 November, one out of the four network nodes in Amsterdam fell out. There is a back-up system for such events but the system did not go into action. As a result, almost 5 million Dutch customers were unable to call, be called or send or receive SMSs. When the system was restored in the evening, disturbances were still felt during the entire day on 19 November, before call and SMS traffic went back to normal. Source: http://www.tradingmarkets.com/.site/news/Stock News/2673345/