Friday, December 11, 2009

Complete DHS Daily Report for December 11, 2009

Daily Report

Top Stories

 The Houston Chronicle reports that a large explosion occurred Wednesday at the American Acryl chemical facility in Seabrook, Texas. Area residents were asked to shelter in place after the blast, but that recommendation was lifted by 11 a.m. (See item 6)

6. December 9, Houston Chronicle – (Texas) No serious injuries reported in Seabrook explosion. A large chemical plant explosion near Seabrook early Wednesday morning sent a gigantic plume of smoke billowing into the air, but there were no serious injuries. The explosion occurred at an American Acryl facility about 8:50 a.m., according to the Seabrook Police Department. A short section of Texas 146 near the blast site was closed in both directions, as is Port Road. An hour later, firefighters appeared to have the fire out, and no smoke was visible from the charred wreckage at the plant. Two people went to Memorial Hermann Hospital Southeast complaining of discomfort, said a Seabrook police lieutenant. A Memorial Hermann spokeswoman said both were in good condition. Area residents were asked to shelter in place after the blast, but that recommendation was lifted by 11 a.m. Officials said the blast involved toluene, a toxic substance that can cause nausea and tiredness in low to moderate levels. However, in a recorded message the company said the explosion did not cause a release of the chemical. A Shoreacres police officer, who was in the La Porte area at the time, said he heard the blast and turned in time to see “a ball of fire going up into the air.” Reports indicate the blast was heard or felt as far away as Baytown and Pearland. Source:

 According to the Associated Press, hundreds of Chicago firefighters worked to put out a high-rise fire that left one person dead and 12 people injured on Thursday. More than 200 residents ran out of the condo building into the bitter cold. (See item 36)

36. December 10, Associated Press – (Illinois) 1 dead, 12 injured in Chicago high-rise fire. Hundreds of Chicago firefighters worked to put out a high-rise fire that left one person dead and 12 people injured. The fire broke out shortly after 1 a.m. Thursday, shooting flames out of the condo building. More than 200 residents ran out into the bitter cold. The 12 people injured included five firefighters, but authorities say none of the injuries appeared to be life-threatening. Authorities say the fire started on the 36th floor in the unit of the woman who died. Chicago Fire Commissioner said the victim was found near the front door of the apartment, apparently trying to get out. The cause of the blaze is under investigation. Source:


Banking and Finance Sector

13. December 9, Connecticut Department of Banking – (Connecticut) Banking commissioner warns of credit card scams. The Department of Banking has recently received several complaints from people who received phone calls claiming to be from their credit card company and requesting that they provide their credit card number. Take note that this is something a financial institution would never do. In one case the caller claimed to be from Bank of America and said they wanted to verify certain activity on the debit card. The caller said they needed the credit card number in order to pull up the account. In another case the caller identified himself as being with Visa Services and stated that he wanted to lower the interest rate to 6 percent. When the consumer stated that they did not have a Visa card, the caller asked if they had a Master card and requested the credit card number. In both cases, the recipient refused to give their credit card information. “We want to remind Connecticut consumers to NEVER give out your credit card number or personal bank information to an anonymous caller,” advised the Banking Commissioner. “If you are asked to do so it is likely a scam, even if they identify themselves as your bank or financial institution. The only time it is safe is if you initiate the call. The best thing to do in this case is hang up and call your institution directly, using the number provided on your card.” Source:

14. December 9, Dow Jones Newswires – (International) TMX staff back in Toronto office after threat; trading not disrupted. TMX Group Inc.’s downtown Toronto offices received a bomb threat on December 8, resulting in an evacuation of employees, but everyone has since returned to work after a police investigation. The evacuation came around 12:30 p.m. EST after a switchboard operator received a threat aimed at the Toronto Stock Exchange’s operations, said a TMX spokeswoman. Police were called in to investigate and the “all-clear” was given around 2:30 p.m. EST. At no time was trading affected, said the spokeswoman, noting that the exchange’s primary trading facility is at a separate location. Source:

15. December 8, Reuters – (Pennsylvania) Five accused of preying on distressed homeowners. A federal grand jury on December 8 accused five people of preying on homeowners faced with foreclosure by providing them with fraudulent new mortgages and pocketing the proceeds. The defendants advertised “Foreclosure Relief Services” for distressed homeowners and falsely promised to find an “investor” who would take out a new mortgage for them with affordable payments so they could remain in their homes. Instead, the defendants arranged for the home to be transferred to a straw purchaser, used false documents to obtain a mortgage in the name of the straw purchaser, and took equity from the sales for themselves, according to the indictment in the Eastern District of Pennsylvania. The defendants, two of whom are attorneys, also concealed from mortgage lenders that the distressed homeowners were going to remain in their homes. They are charged with conspiracy to commit wire and mail fraud, and money laundering, and face up to 385 years in prison and $4 million in fines. The scheme obtained at least 35 fraudulent mortgages worth about $14.6 million, the statement said. Source:

Information Technology

32. December 10, The Register – (International) Attackers hone Twitterific exploit-site concealer. Malware writers have revamped code that uses a popular Twitter command to generate hard-to-predict domain names, a technique that brings stealth to their drive-by exploits. Four weeks ago, when The Register reported Twitter application programming interfaces were being used to generate pseudorandom domain names, none of the addresses checked had actually been registered. The Russian researcher who discovered the technique, speculates the creators abandoned it because it was buggy and required too much effort. Now, the researcher has identified a new version of the algorithm that refines the process. What’s more, at least some of the names are now being registered and the sites are being used to push malware. “The new incarnation of this attack uses new algorithm and it is active right now,” he told The Register on December 9. The technique gives the exploit writers a limitless list of fly-by-night domain names to cycle through in an attempt to complicate the job of white hat hackers trying to thwart the attack. Rather than there being a single address to block or disconnect, the site hosting the malware changes every 12 hours. The domain names are generated by an algorithm that looks at the top topics being discussed on Twitter at particular times. Because the trending topics, as they’re known, can’t be predicted in advance, the method prevents white hats from being able to snap up the addresses weeks or months in advance, as researchers combating the Conficker worm have done. Source:

33. December 9, The Register – (International) German ISPs team up with gov agency to clean up malware. The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection. ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call center, staffed by around 40. The project, due to start in 2010, was announced on December 8 at the German IT summit in Stuttgart. No funding details were provided. A statement by eco (a German Internet Industry Association), explains that the project aims to take Germany out of the top 10 countries harboring the highest number of malware infected systems. Germany currently ranks third on this list. The overall scheme is similar to recently announced draft plans by Australian Internet Industry Association to purge systems of botnet infections. Meanwhile, over in the US, Comcast announced a browser-based virus infection notification service back in October. The service is linked to a security portal offering security software from McAfee and others at no extra charge to customers of Comcast’s broadband services. Source:

34. December 9, IDG News Services – (International) Hackers find a home in Amazon’s EC2 cloud. Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon’s EC2 cloud computing infrastructure. This marks the first time Amazon Web Services’ cloud infrastructure has been used for this type of illegal activity, according to the director of threat research with HCL Technologies, a contractor that does security research for CA. The hackers didn’t do this with Amazon’s permission, however. They got onto Amazon’s infrastructure by first hacking into a Web site that was hosted on Amazon’s servers and then secretly installing their command and control infrastructure. The director declined to say whose Web site was hacked to get onto Amazon’s cloud, but the Zeus software has now been removed, he said. Zeus is a password-stealing botnet. Variants of this malware have been linked to more than US$100 million in bank fraud in the past year. He thinks the hackers may have just stumbled on a Web site with a security vulnerability — they may have hacked the site’s software or simply stolen an administrative password from a desktop computer to get on the site. “I think it’s more a target of opportunity than a target of choice,” he said. Source:

Communications Sector

35. December 9, IDG News Services – (International) IBM adding data centers, cloud computing lab in Asia. IBM opened a new data center in South Korea on December 9 and said it is building another one in Auckland, New Zealand, to address a surge in demand for cloud computing and IT services in the Asia-Pacific region. The company also announced the opening of a cloud computing lab in Hong Kong. The total investment by IBM in these three facilities is about US$100 million, said a spokesman for IBM Global Services. The company, which already has over 400 data centers worldwide, will continue to invest in new data centers that offer cloud computing capabilities, while upgrading existing data centers to support cloud computing, the spokesman said. IBM is planning to announce by February next year a new data center in Raleigh, North Carolina, he added. The data center at Auckland will be in operation by 2010 with IBM investing about US$57 million in that center over the next ten years. IBM will locate the data center at Highbrook Business Park in East Tamaki. The 56,000 square-foot facility will include a 16,000 square-foot data center, IBM said. The company can add more stages to expand the data center as demand rises, it added. The center will support IBM’s clients in New Zealand and neighboring countries in the Asia-Pacific region, the spokesman said. Source: