Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, March 17, 2010

Complete DHS Daily Report for March 17, 2010

Daily Report

Top Stories

 According to the Associated Press, 23 cars derailed Tuesday in the Burlington Northern Santa Fe Corp. rail yard near Lincoln, Nebraska. A tanker car of chlorine tipped over, but hazmat crews determined that the tanker was not leaking. (See item 2)

2. March 16, Associated Press – (Nebraska) 23 cars derail west of downtown Lincoln, Neb. Officials have begun righting tankers and freight cars and repairing tracks after a derailment west of downtown Lincoln. Fire officials say 23 cars left the tracks in the Burlington Northern Santa Fe Corp. rail yard early Tuesday morning west of downtown Lincoln. A tanker car of chlorine tipped over when it derailed, prompting the temporary closure of nearby U.S. Highway 77 and West O Street. But the Fire Battalion Chief says hazardous-materials crews soon determined that the tanker was not leaking. What caused the derailment has not been determined. There were no reports of injuries. Source:

 The Associated Press reports that officials are keeping a wary eye on rising waters at the crumbling Forge Pond Dam in Freetown, Massachusetts. WCVB 5 Boston reports that rains caused one side of the Bolivar Pond Dam in Canton to wash away, and the Moody Street Dam in Waltham was in danger of breaking until workers came in to release some of the pressure. (See items 59 and 62)

59. March 16, Associated Press – (Massachusetts) Assonet dam holds as rain keeps falling. The governor of Massachusetts declared a state of emergency Monday, and Freetown officials kept a wary eye on the rising waters at Assonet’s crumbling Forge Pond Dam as three days of relentless rain closed roads and spilled rivers and streams over their banks throughout the state. The governors of Connecticut and Rhode Island — where a West Warwick dam was being watched closely — also declared states of emergency. Although the situation at the Freetown dam had stabilized by 7 p.m. Monday and the water was still several inches below the dangerous levels reached last month, the Freetown selectmen chairwoman said officials decided to contact people at the nine properties considered at greatest risk if the dam gave away. They were not advised to evacuate. “We are erring on the side of caution,” she said, adding local officials are working closely with state officials on the ongoing situation. As the rain continued to fall Monday, sometimes in torrents, dam experts monitored the site throughout the day and will remain there until the storm departs. She said the town will take new bids Tuesday on a new breach dam construction project. Source:

62. March 16, WCVB 5 Boston – (Massachusetts) Severe flooding brings concerns about unsafe dams. The severe flooding over the past few days caused two dams in Canton and Waltham to overflow. Team 5 Investigates reported two years ago on the number of unsafe dams in Massachusetts and the list has grown since then. The Bolivar Pond Dam in Canton is on the state’s list of unsafe dams. Monday’s fierce rains pushed the dam over the edge, and washed one side away. In Waltham, the Moody Street Dam was in danger of breaking until workers came in to release some of the pressure. Late last month, the state stepped in in Freetown when the privately owned Forge Pond Dam became a public safety concern. By the end of the month, the dam will be destroyed. According to the state, the owner, now deceased, had neglected the dam for years. Team 5 Investigates asked the commissioner of the Department of Conservation and Recreation, who oversees dam safety, if the flooding might lead to the breach of more dams. “We will breach more dams if we have to,” said the commissioner. “We’re doing that at Forge Pond,” he said. Most of the unsafe dams are privately owned, including East Bridgewater’s Cotton Gin Mill Pond Dam and the Belair Dam in Pittsfield, whose owner can not be found. As for Freetown, the state plans to breach the Forge Pond Dam beginning next week. In the meantime, they are watching the weather very closely. Source:


Banking and Finance Sector

9. March 16, DarkReading – (International) Live data in test environments is alive and well — and dangerous. Those charged with the care and feeding of database information stores, beware: A new statistic tucked into a comprehensive study of financial services firms’ data protection policies shows that even at the most security-aware organizations, application developers still use live data in their development and test environments. The study, released earlier this month by the Ponemon Institute and commissioned by Compuware, showed that among 80 very large financial organizations, 83 percent use live data while developing and testing applications. That’s a big risk to sensitive information, data security experts warn, and is a testament to the fact that DBAs and database security experts need to step up their efforts to work in tandem with their development colleagues to protect the data that these coders get their applications to tap into. Source:

10. March 16, New London Day – (Connecticut) Mishap at Mystic bank. Four employees at the Liberty Bank in Olde Mistick Village were evaluated by medics on March 15 after a dye pack exploded inside the bank’s vault, releasing a tear gas-like substance into the building. The Old Mystic fire lieutenant said employees were preparing the bank for opening at 9 a.m. when a dye pack inside the vault burst, releasing the gas. The fire lieutenant said one employee in particular was affected, but four were being evaluated by Mystic River Ambulance medics. None of the employees were transported to the hospital. Old Mystic firefighters wearing air masks were inside the bank, ventilating it. The bank was closed on March 15 while a crew worked to clean the bank. The branch was expected to reopen on March 16, bank officials said. Source:

11. March 16, WSVN 7 Miami – (Florida) FBI looking into bomb threat at bank. Police evacuated a bank after calls about a suspicious package. Miami-Dade Police and Fire Rescue units responded to a bomb threat at the Chase Bank in the area of Northeast 163rd Street and 12th Avenue, at around 4:00 p.m. on March 15. The bank was shut down for the remainder of the day. Police were forced to close traffic to the area as the Bomb Squad searched the scene. It was unknown if the Bomb Squad found anything inside the bank, but authorities reopened the roads near the scene a few hours after the search. The FBI is currently investigating the incident. Source:

12. March 16, Wall Street Journal – (National) Bank chief accused of TARP fraud. A lifelong banking-industry executive was arrested on March 15 on numerous charges, including allegations of defrauding regulators in connection with what prosecutors said was his desperate effort to save his New York bank from failing. The suspect, the former president and chief executive of the Park Avenue Bank of New York, made false statements to regulators in an effort to obtain about $11 million from the U.S. government’s Troubled Asset Relief Program, prosecutors said. He is the first person to be charged criminally with attempting to defraud TARP, the bank bailout program passed as the nation teetered on the verge of an economic meltdown in 2008, prosecutors said. Source:

13. March 16, Wilkes-Barre Citizens Voice – (Pennsylvania) Banking scam hits area phones, e-mail. First Keystone National Bank is warning customers about a series of fraudulent telephone calls and messages, cell phone text messages and e-mails. Scam artists have been calling and sending messages to customers and non-customers, attempting to trick them into giving out their personal and confidential account information, said a bank spokeswoman. The scam began a few weeks ago, she said. It has since spread to the local area. Some local residents reported receiving telephone calls late on March 14 and early March 15. According to an alert from First Keystone National Bank, fraudulent e-mails and text messages have been designed to look as if they came from the bank and often contain the bank’s logos. The bank cautioned the messages are not legitimate and recipients should not click on any links in e-mails, call any toll-free phone numbers provided or respond with any confidential financial or personal information. The scam is the latest form of identify theft and is one of a number of scams popping up throughout the state, said the spokesman for the state attorney general’s office. Source:

14. March 15, IDG News Service – (International) Trusteer rolls out malware forensic tool for banks. Security vendor Trusteer’s latest product will allow banks to remotely investigate their customers’ computers if it is suspected the PC has been hacked. The service, called Flashlight, is designed to enable banks’ security experts to quickly identify what types of malicious software programs customers are encountering in order to build better defenses, said Trusteer’s CEO. Now if a bank wants to see if a customer’s computer is infected, the computer usually has to be either physically taken to a lab or the hard disk has to be copied, he said. Flashlight detects malicious software programs on the computer and can send a report along with a copy of the suspicious program, the CEO said. The scenario under which Flashlight would be used is if a customer calls a bank to check on a possible fraud. The fraud investigation team would ask the person to install Flashlight, which can detect if the browser has been previously tampered with. The customer would be asked to send a log report, which can then be analyzed while the customer is on the phone, the CEO said. Source:

15. March 15, The Register – (National) Crooks plant fake payment card terminals at multiple stores. Crooks planted bogus payment card processing terminals at multiple locations operated by the Hancock Fabrics chain store that allowed for the theft of sensitive financial data from customers, the company warned. The personal identification number pads were stolen in August and September and “replaced with visually identical, but fraudulent PIN pad units,” Hancock Fabrics warned in a letter to customers. “As a result, certain account information and PIN numbers used at these locations may have been unlawfully acquired by third parties.” Intercepted information may have included the name printed on the payment card, the card number, the expiration date, and the PIN if it was entered into one of the fraudulent terminals. The company recommended that customers review their account statements and credit reports. Source:

16. March 15, Help Net Security – (International) European banks lack document security. Financial services companies across Europe are unintentionally putting their confidential information at risk, according to research from Ricoh. At the heart of the issue is the lack of a centralized document governance strategy. The research also includes business leaders from the professional services, public services, telecommunications, utilities and media sectors. The findings show that the financial industry is the least likely to have a policy in place to restrict the printing of customer information with just 46 percent confirming that they have implemented a formal policy. Just 33 percent of public sector organizations have a fully implemented document security strategy. The number rises to 43 percent in Professional Services and 48 percent in Telecommunications/Utilities/Media. Overall, the results show that even the most regulated industries can be doing more to protect confidential information and govern their documents more effectively. Source:

17. March 9, NACS Online – (National) ‘Skimming’ scheme larger than police believed. Police believe that the Northern California skimming scam, where two men were arrested on suspicion of installing skimming devices at gasoline pumps, extends beyond the two men in question, the Sacramento Bee reports. Authorities said that the two were stealing $20,000 a day from Northern California cardholders, and police have recommended to prosecutors that they file 32 counts of identity fraud, conspiracy and enhanced charges related to gang activity. Eleven skimming devices were found in the suspect’s car. The scam was uncovered when a 7-Eleven employee was changing receipt tape at a pump and spotted a device inside. He called detectives who replaced it with a decoy device, which led to the arrest of the suspects. Since their arrest, six additional skimming devices have been uncovered, and authorities in Washington, Oklahoma and Texas have reported similar cases. However, to date, no links have been established with the Martinez, California case. Security experts said that there’s no sure-fire way to prevent highly sophisticated skimming. Source:

Information Technology

45. March 16, The Register – (International) Anti-virus suites still can’t block Google China attack. The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests. NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see which blocked variants of the Operation Aurora attack. The security testing firm reckoned that most, if not all, of the products would block the exploit and malicious code payloads associated with an ultra-high profile attack that has been a mainstay of talk in the information security biz for the last six weeks. However, only security software from McAfee out of all the seven tested products “correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection”, NSS discovered to its surprise. Other tested security suites - AVG Internet Security, ESET Smart Security 4, Kaspersky Internet Security, Norton Internet Security 2010, Sophos Endpoint Protection for Enterprise and Trend Micro Internet Security 2010 - all failed. Source:

46. March 16, SC Magazine – (International) Koobface worm continues its wrecking path with a new surge in command and control servers over the weekend. Following evidence detected recently by Kaspersky Lab that the Koobface botnet is able to refresh itself and double its number of command and control (C&C) servers in a 48-hour period, new research saw an increase since March 12. The senior security research engineer at Zscaler said that on March 14, it detected a large number of Koobface worm transactions over the internet and an increase in network traffic of the worm to 122 unique C&C servers. A chart showing the number of unique domains used per day for last week went from one to zero between the 8th and 9th, up to 75 on March 10, back down to zero on March 11, 12, and 13 and a surge to 122 on March 14. Zscaler also showed that the USA hosts 57 percent of servers, 13 percent are in Germany and 8 percent are in the UK. Source:

47. March 16, SC Magazine – (International) Microsoft releases workaround to patch Internet Explorer 6 and 7 remote code execution vulnerability. Microsoft has released a workaround for a zero-day vulnerability in older versions of Internet Explorer. The senior security communications manager at Microsoft said that a workaround on security advisory 981374 has been released to cover the remote code execution vulnerability. Microsoft has confirmed that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, but that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable. The manager also confirmed that exploit code has been made public for this issue. Source:

48. March 16, – (International) Tighten up virtual server security, cautions Gartner. It seems that those IT managers who said that virtualised servers were more insecure than physical ones may have had a point after all. According to a new report from Gartner, 60 percent of virtualized servers will be less secure than the physical ones they’ve replaced, thanks to bad practices by IT departments. The report, Addressing the Most Common Security Risks in Data Center Virtualization Projects, points out some of the pitfalls involved in moving to a virtualized environment. It’s not that virtualized servers are inherently less secure, said the vice president and Gartner fellow, but “most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.” In 40 percent of the cases, virtualization projects were rolled out without any reference to an organization’s security team, said Gartner. The company said that while the underlying physical structure hadn’t changed, there was an additional risk through the use of hypervisor software. According to Gartner, enterprises are failing to acknowledge that additional risk and should look to extend their security processes. Source:

49. March 16, – (International) Security experts warn firms of the higher risks of lower-risk flaws. Security experts have warned businesses that hackers are moving their focus from flaws designated as high risk by software vendors to flaws normally seen as lower risks. Lloyd’s of London chief information security officer said, “ [Hackers] are not going for the normal high risk flaws, they’re going for the medium risk ones. In the patch management cycle, the medium risk flaws are being patched later.” That delay in patching is also being exacerbated by hackers combining the lower-risk flaws to create so-called blended threats, explained BT’s global head of business continuity, security and governance practice. By combining two lower-risk flaws, hackers can cause high-risk threats to an organization. Source:

Communications Sector

50. March 15, IDG News Service – (International) 750,000-sq.-ft. data center opens in Wales. One of the world’s largest data centers has opened for business in the U.K., protected by bomb-proof glass and powered by enough electricity to run a small city. The NGD Europe data center, just outside Newport in south Wales, has 750,000 square feet (70,000 square meters) of floor space, or enough to house about 19,000 server racks. It officially opened on March 15, and its operator hopes to sign up big customers that need to run busy Web sites and other computing services. The owner, Next Generation Data, invested about £200 million ($301 million) to convert a former chip manufacturing plant on the site that never opened for business. The first two tenants, BT and Logica, started moving equipment in last month and have signed long-term contracts worth a combined £20 million, Next Generation Data said. The site has its own substation providing 90 megavolt-amperes of electrical power, or enough to supply a city of 400,000 people, the company said. To guard against terrorism and other attacks it has “triple-skinned walls, bomb-proof glass, prison-grade perimeter fencing, infra-red detection, biometric recognition and ex-special forces security guards.” Source:

51. March 15, IDG News Service – (National) FCC wants 120MHz of spectrum from TV stations. The U.S. Federal Communications Commission (FCC) will seek to take back 120MHz of spectrum from U.S. television stations in the next five years and reallocate it to wireless broadband providers in a voluntary program that would allow the stations to share or keep spectrum auction revenues, under a national broadband plan that will be officially released on March 16. The FCC would seek approval from Congress to conduct “incentive auctions” of unused spectrum, including TV spectrum, and the agency could either act as a third-party auctioneer of the spectrum or share the auction proceeds with the sellers, according to the broadband plan, which the FCC released to reporters on March 15. The TV spectrum auctions are part of a goal to free up 500MHz of spectrum for wireless broadband over the next decade, one of the major goals of the 400-page broadband plan. If, however, the FCC doesn’t get enough volunteers to free up spectrum, it will look for other ways to take back the spectrum, but FCC officials said on March 15 they expect to get enough TV stations to give up their extra spectrum in exchange for auction proceeds. Source:

52. March 15, Congress Daily – (National) FCC unveils 360-page national broadband plan. The FCC released it long-awaited national broadband plan Monday — a 360-page document that agency officials dubbed a “call to action” for extending low-cost, high-speed Internet service to all Americans by 2020, CongressDaily reported. The technology blueprint, required by last year’s economic stimulus package, outlines six long-term goals, including superfast connectivity to 100 million households and transforming the U.S. into a world leader in mobile broadband use and innovation. “The National Broadband Plan is a 21st century roadmap to spur economic growth and investment, create jobs, educate our children, protect our citizens, and engage in our democracy,” the FCC Chairman said in a statement. The plan also recommends the development of standardized cable set-top boxes that would enable Internet surfing on televisions, and suggests the idea of a free, advertiser-funded wireless broadband service available regionally or nationwide. Source: