Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, May 4, 2010

Complete DHS Daily Report for May 4, 2010

Daily Report

Top Stories

 The Associated Press reports that the Homeland Security Secretary said Monday that investigators have not ruled out any suspects, including foreign terrorist organizations, in the case of the unexploded car bomb that was parked in New York City’s Times Square on Saturday night. CNN reports that TSA is ramping up security screening at airports along the East Coast to counter “vehicle-born improvised explosive devices” as well as taking measures to prevent other kinds of terrorist acts that might occur in crowded public spaces. (See items 31, 34, and 66)

31. May 2, CNN – (National) Official: TSA ramping up East Coast security measures. The Transportation Security Administration on Sunday ramped up security screening at airports along the East Coast after an attempted car bombing a day earlier in New York’s Times Square, a Department of Homeland Security official said. The official told CNN the TSA has begun operations to counter potential car bombs, or “vehicle-born improvised explosive devices,” as well as taking measures to prevent other kinds of terrorist acts that might occur in crowded public spaces. The TSA also is coordinating with Customs and Border Protection to facilitate additional secondary passenger screening on both domestic and international flights, the official said. Officials in Washington participated in a call with top TSA officials at airports in New York, Boston and Philadelphia to talk about partnering with Customs to identify flights that might need more random screening, the official said. Source:

34. May 2, Associated Press – (New York) ‘Amateurish’ car bomb found in Times Square. Police found an “amateurish” but potentially powerful bomb that apparently began to detonate but did not explode in a smoking sport utility vehicle in Times Square, authorities said Sunday. Thousands of tourists were cleared from the streets for 10 hours while the bomb was dismantled. “We avoided what we could have been a very deadly event,” the New York City mayor said. “It certainly could have exploded and had a pretty big fire and a decent amount of explosive impact.” Investigators removed three propane tanks, fireworks, two filled 5-gallon (19-liter) gasoline containers, and two clocks with batteries, electrical wire and other components from the back of the Nissan Pathfinder, the New York City Police Commissioner said. A black metal box resembling a gun locker was also recovered and will be detonated off site, he said. The mayor called the explosive device “amateurish” and the police commissioner said the explosives were consumer-grade fireworks but could have caused huge damage on a block of Broadway theaters and restaurants teeming with tourists. Firefighters who arrived shortly after first call heard a popping sound, said the New York City Fire Commissioner. The bomb appeared to be starting to detonate but malfunctioned, a top police spokesman told The New York Times and the Wall Street Journal. Source:

66. May 3, Associated Press – (New York) Napolitano: No suspects ruled out in NY bomb scare. The head of homeland security said Monday that investigators haven’t ruled out any suspects, including foreign terrorist organizations, in the case of the unexploded car bomb that was parked in New York City’s Times Square on Saturday night. “Right now, every lead has to be pursued,” the Department of Homeland Security (DHS) Secretary told NBC’s “Today” show. “I caution against premature decisions one way or another.” The Pakistani Taliban appeared to claim responsibility for the car bomb in three videos that surfaced over the weekend, but the New York police commissioner said police have no evidence to support those claims. New York’s mayor said Monday that “there is no evidence tied to international terrorism.” But the DHS Secretary called it “premature to rule in or rule out” any suspects. She praised New York street vendors who alerted police to the suspicious vehicle, telling CBS’ “Early Show” that the incident is a reminder that “everybody needs to be and is a part of the process of being watchful, of being vigilant.” There has been speculation that because the SUV was parked near the headquarters of Viacom, the attack might have been related to a controversial “South Park” episode that portrayed the Prophet Muhammad dressed in a bear costume. Viacom owns Comedy Central. “I’m not going to speculate on speculation. It is out there as one theory. There may be others,” the DHS Secretary told CNN. Source:

 The Associated Press reports that authorities evacuated portions of Nashville, Tennessee where a leaky levee threatened residents and businesses, including 1,500 guests at the Gaylord Opryland Resort and Convention Center. The mayor also called on residents Monday to use water only for cooking and drinking because one of the city’s two water treatment plants was flooded. (See item 69)

69. May 3, Associated Press – (Tennessee) Tenn. officials brace for more flooding, more deaths in weather that’s killed at least 19. About 1,500 guests at the Gaylord Opryland Resort and Convention Center in Nashville spent the night in a high school to escape the flooding Cumberland River, which was expected to crest Monday following weekend thunderstorms that killed at least 19 people in Tennessee, Mississippi, and Kentucky. Officials in Tennessee were preparing for more deaths and for the Cumberland River to crest more than 11 feet Monday afternoon, putting portions of Nashville in danger of the kind of damage experienced by thousands of residents whose homes were swamped by flash floods. The Cumberland River had already reached record levels since an early 1960s flood control project was put in place. Authorities evacuated the downtown area and north Nashville where a leaky levee threatened residents and businesses. The Nashville mayor called on Nashville residents Monday to use water only for cooking and drinking because one of the city’s two water treatment plants was flooded. Water flooded parking lots around the nearby Grand Ole Opry House and the Opry Mills shopping mall, but it was not immediately clear if water had made it inside the buildings. Source:


Banking and Finance Sector

23. May 3, CNN – (California) Geezer Bandit strikes for 8th time. The bank robber dubbed the “geezer bandit” has struck again. The elderly suspect held up a San Diego bank on April 30 bringing the total number of heists he has been accused of committing in the area to 8. While the moniker may be amusing, authorities told CNN the “geezer bandit” has carried a weapon in at least one robbery and should be considered dangerous. One of his most recent heists occurred on April 20, the FBI said. On 9:10 that morning, the “geezer bandit” entered a branch of the California Bank and Trust in Vista, California, and handed a demand note to the teller, authorities said. According to an FBI release, the note “stated it was a robbery and threatened having a weapon.” The suspect then “opened a black day planner to show the teller that he had a black short barreled revolver pointed at her. After the teller produced the money he put the cash into his day planner and walked out of the bank and out of sight,” the release said. The suspect has been described as between 60-70 years old, but there has been some suggestion that he may be wearing a mask to conceal his real age and make him appear much older than what he actually is. A $16,000 reward has been offered for information leading to his arrest and conviction. Source:

24. May 3, Better Business Bureau – (National) BBB warns that insurance scams are flourishing in current economy. In the midst of a tight economy and in the wake of the new national healthcare reform bill, State and Federal regulators are warning about a surge in healthcare-related scams. According to an October 2009 survey conducted by the Coalition Against Insurance Fraud, 57 percent of state fraud bureaus reported a higher incidence of health insurance fraud in 2009 compared to the previous year. The increase was largely attributed to “unauthorized entities selling fake coverage” and “the rise of medical discount plans.” Companies such as HealthcareOne/Elite Healthcare, Consolidated Workers Association, and Smart Data Solutions/American Trade Association, have all recently come under fire from state regulators for peddling worthless coverage or discount medical plans — instead of actual insurance — to thousands of consumers. Additionally, shortly after the healthcare reform bill was signed into law, the U.S. Department of Health and Human Services issued a warning to consumers to beware of health insurance offers claiming to be part of new federal regulations. For example in Missouri, the State Insurance director warned that a door-to-door salesman was claiming to be a federal agent selling insurance under the new law. Source:

25. May 2, Reuters – (International) Explosion damages HSBC branch in Athens, no injuries. A bomb exploded at a branch of HSBC bank in Athens on Sunday, damaging the entrance but causing no injuries, police said. “It appears a home-made bomb comprised of gas canisters and fuel caused small damage to the bank’s facade,” a police official said. Gas canister bomb attacks are common in Athens and are usually staged by leftist and anarchist groups against business and political targets. Sunday’s bombing against the U.K.-based banking group was the first since the Socialist government announced tough new austerity measures in exchange for international aid to cope with a debt crisis. Source:

26. May 1, Bank Info Security – (National) 7 banks fail on April 30. State and federal banking regulators closed seven banks on April 30, including three banks in Puerto Rico — the first banks to fail in the U.S. commonwealth, as well as three of the largest institutions to close in 2010. Westernbank had $11.94 billion in assets; R-G Premier Bank, $5.92 billion; and Eurobank, $2.56 billion. These latest closings raise to 71 the number of failed banks and credit unions so far in 2010. The three Puerto Rican banks closed on April 30 included Eurobank, San Juan, Puerto Rico, R-G Premier Bank, and Westernbank. The three were closed by the Office of the Commissioner of Financial Institutions of the Commonwealth of Puerto Rico, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver for all three. The FDIC and Oriental Bank and Trust entered into a loss-share transaction on $1.58 billion of Eurobank’s assets. The estimated cost to the Deposit Insurance Fund (DIF) will be $743.9 million. Source:

27. April 30, Kansas City Star – (Missouri) BC National Banks fails. BC National Banks failed April 30 and will reopen Saturday as part of Community First Bank in Butler, Missouri, where BC National had its headquarters. The failure came after BC National unsuccessfully had sought additional capital to restore capital that had been eroded by loan losses. Owners had recently sold some branches but the bank was unable to overcome its problems. Customers can continue to use their checks and access their accounts normally, according to the Federal Deposit Insurance Corp.’s announcement. The FDIC said it transferred $54.9 million in deposits from BC National to Community First. Community First also acquired essentially all of the failed bank’s $67.2 million in assets. The FDIC agreed to share in losses the assets may suffer. BC National’s failure is expected to cost the FDIC’s deposit insurance fund $11.4 million. Source:

Information Technology

61. April 29, The Register – (International) Google ‘personal’ search bug exposed user Web history. Google has restored its “personalized” search suggestions after purging the tool of a critical vulnerability that allowed attackers to steal a user’s Web history. Personalized search suggestions were disabled on March 1after a trio of security researchers — one at the University of California, Irvine and two at the French National Institute for Research in Computer Science and Control (INRIA) — sent Google a preliminary version of a paper showing how they were able to infer large portions of a user’s Web history by hijacking the user’s session ID (SID) cookie and nabbing the company’s personalized-suggestion data. Then, on March 15, the company sent a statement to the researchers saying it had added SSL decryption to Google Web History and that it had started encrypting the back-end Web History server requests used to personalize suggestions on its Maps site. Google also said it would “soon” do the same for search, and this happened more than a month later. Google tells The Register that personalized search suggestions took longer to restore because the fix was “more complex to deploy and involved a larger code change.” In a statement Google said, “We highly value our relationship with the security-research community, and we are grateful to the researchers from INRIA and University of California, Irvine who have been in contact with us since the end of February about their findings related to open, unsecured network connections and personalized suggestion technology.” Source:

62. April 29, Infoworld – (International) The security-hole baton passes from Microsoft to Adobe. Microsoft has gained new-found respect for its security efforts while other popular software vendors are accused of making the same mistakes. In recent years, Microsoft has tightened up its security issues — while Adobe Systems has increasingly become the sloppy vendor whose products such as Acrobat and Flash increasingly pose the security holes that bedevil information technology experts. And many researchers think Apple could be next. In an interview, the co-founder and CTO of eEye Digital Security says: “A lot of security practitioners compare the Adobe of today to the Microsoft of yesterday.” Source:

63. April 28, – (International) Infosec 2010: Large firms overwhelmed by security breaches. A staggering 92 percent of large organizations have suffered a security incident or data breach in the past year, as they struggle to cope with the changing threat landscape, according to the latest biennial Information Security Breaches Survey from PricewaterhouseCoopers (PwC). PwC branded the findings, released April 28 at Infosec 2010, as “surprisingly bad,” and said that companies are struggling to mitigate the increased external threat levels and the large numbers of accidental breaches from insiders. “We were not expecting the results to be as significant as that. Right now it looks quite serious in terms of the costs,” said a spokesman. “People are maintaining expenditure on security, but serious threats are rising and people are having to adapt and change to the new threat landscape.” The report found that the median number of data breaches rose from five, two years ago to 45 today, and that the average costs had risen roughly threefold. Breaches totaled around £10bn in costs, with a big increase in the cost of reputation damage. Source:

Communications Sector

64. May 3, Washington Post – (National) FCC chairman expected to leave broadband services deregulated. The chairman of the Federal Communications Commission (FCC) has indicated he wants to keep broadband services deregulated, even as a federal court decision has exposed weaknesses in the agency’s ability to be a strong watchdog over the companies that provide access to the Web. The FCC currently has “ancillary” authority over broadband providers such as Comcast, AT&T, and Verizon and must adequately justify actions against those providers. Last month, the U.S. Court of Appeals for the District of Columbia Circuit said the agency had exceeded its authority in 2008 when it applied sanctions against Comcast. The ruling cast doubt over the FCC’s ability to create a “net neutrality” rule that would force Internet service providers to treat all services and applications on the web equally. The FCC Chairman is expected to respond soon to the court ruling. Three sources at the agency said that while the chairman has not made a final decision, he has indicated in recent discussions that he is leaning toward keeping in place the current regulatory framework for broadband services, while making small changes that would bolster the FCC’s chances of overseeing some broadband policies. Source:

No comments: