Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, April 7, 2010

Complete DHS Daily Report for April 7, 2010

Daily Report

Top Stories

 The Beckley Register-Herald reports that officials confirmed early Tuesday that 25 miners died Monday in a mine explosion at Massey Energy’s Performance Coal Co. in Montcoal, West Virginia.

2. April 5, Beckley Register-Herald – (West Virginia) 25 confirmed dead in Montcoal mine explosion. Officials at the site of a Monday afternoon explosion at Massey Energy’s Performance Coal Co. in Montcoal in western Raleigh County, West Virginia, confirmed early Tuesday that 25 miners died in the blast. At a 2 a.m. press briefing, a Mine Safety and Health Administration (MSHA) administrator said rescue teams were pulled from the mine due to conditions inside. At that time four miners remained unaccounted for and two were receiving treatment at area hospitals. Concentrations of methane and carbon monoxide that rescue crews detected in the mine “were to the point that they were risking their own lives,” he said. Rescue efforts will resume as soon as conditions permit. Officials also plan to drill bore holes from the surface into the mine to help ventilate it and to collect samples. That process will take some time because a road will have to be dozed to the site where the hole will be drilled, he said. The incident at Massey Energy’s Performance Upper Big Branch Mine occurred shortly after 3 p.m. Monday. A nine-man crew was exiting the mine when there was an apparent explosion. Out of the nine miners on the man trip, seven were killed instantly. Officials said they believed the missing miners may be as far back as 8,000 feet from mine portal. Authorities are hoping the trapped miners made it to one of the mine’s refuge chambers, which can provide 90 hours of oxygen. Those chambers will hold up to 36 people and have food and water available. Source:

 According to the New York Times, a report issued Monday by Canadian and U.S. researchers provides a detailed account of how a spy operation it called the Shadow Network systematically hacked into personal computers in government offices on several continents. The researchers stressed that while the new spy ring focused primarily on India, there were clear international ramifications.

38. April 5, New York Times – (International) Researchers trace data theft to intruders in China. Turning the tables on a China-based computer espionage gang, Canadian and U.S. computer security researchers have monitored a spying operation for the past eight months, observing while the intruders pilfered classified and restricted documents from the highest levels of the Indian Defense Ministry. In a report issued Monday night, the researchers, based at the Munk School of Global Affairs at the University of Toronto, provide a detailed account of how a spy operation it called the Shadow Network systematically hacked into personal computers in government offices on several continents. The Canadian researchers stressed that while the new spy ring focused primarily on India, there were clear international ramifications. One researcher noted that civilians working for NATO and the reconstruction mission in Afghanistan usually traveled through India and that Indian government computers that issued visas had been compromised in both Kandahar and Kabul in Afghanistan. “That is an operations security issue for both NATO and the International Security Assistance Force,” said the researcher, who is also chief executive of the SecDev Group, a Canadian computer security consulting and research firm. Source:


Banking and Finance Sector

16. April 6, Bank Info Security – (Kansas) Ex-FDIC employee guilty of data leak. A former employee of the Federal Deposit Insurance Corporation (FDIC) pled guilty on April 2 to leaking confidential customer information while she was working at an Overland Park, Kansas bank that had been taken over by the banking regulator. The 63 year old suspect of Lenexa, Kansas, pled guilty to disclosing confidential information while she was an employee of the FDIC. She worked as a loan officer for Columbian Bank and Trust when the bank failed and was placed into FDIC receivership on August 22, 2008. She was then hired as an employee by the FDIC’s Division of Resolutions and Receiverships to assist with the bank’s closing. The suspect had access to confidential financial records of the FDIC and personal information, including borrowers’ tax returns. While working in that job, she admitted she disclosed confidential information from the FDIC, including the identity and income amount of a person with outstanding loans at Columbian Bank and Trust, said a U.S. Attorney. The suspect also disclosed the borrower’s tax return. Source:

17. April 5, KGWN 5 Cheyenne – (Wyoming) Local restaurants hit with credit card scam. Four local restaurants were targets over the weekend of a credit card scam. Cheyenne Police say the Pie Lady, Olive Garden, Golden House and Cloud Nine received calls from a man requesting receipt information, like credit card numbers. The man used an alias and claimed to be a detective with the Cheyenne Police Department. None of the restaurants gave any information to the caller. But, without a suspect in custody, Cheyenne Police are worried other restaurants may be targeted. Source:

18. April 5, Atascocita Tribune – (Texas) Atascocita Chase Bank receives bomb threat. An irate man threatened to blow up the Atascocita Chase Bank last week. According to a Harris County Sheriff’s officer, Chase Bank, located at 19240 West Lake Houston Parkway, received a bomb threat in the late afternoon of March 31. The officer said a man, apparently upset with the bank, made a threat that resulted in dozens of hours of manpower and inconvenience to the area. The bank is located in the Kroger Shopping Center at the northeast corner of FM 1960 and West Lake Houston Parkway. The entire shopping center was cordoned off with police tape for at least two hours, with a minimum of 10 deputies on site, according to witnesses. Driveways were blocked by police cars with lights flashing. According to the officer, a K-9 officer was brought in, a full and thorough search commenced, and nothing was found. Source:

Information Technology

42. April 6, Help Net Security – (International) Under protected corporate secrets. Enterprises are investing heavily in compliance and protection against accidental leaks of custodial data (such as customer information), but under-investing in protection against theft of far more valuable corporate secrets, according to a global survey by Forrester Consulting. Nearly 90 percent of surveyed enterprises agreed that compliance with PCI-DSS, data privacy laws, data breach regulations, and existing data security policies is the primary driver of their data security programs. Significant percentages of enterprise budgets (39 percent) are devoted to compliance-related data security programs. But secrets comprise 62 percent of the overall information portfolio’s total value while compliance-related custodial data comprises just 38 percent, a much smaller proportion. This strongly suggests that investments are over weighed toward compliance. The survey found that while organizations focus on data security incidents related to accidental loss, information theft by employees or trusted outsiders is more costly. For example, based on responses received in the survey, employee theft of sensitive information is 10 times costlier than accidental loss on a per-incident basis: hundreds of thousands of dollars versus tens of thousands. Source:

43. April 5, eWeek – (International) Symantec warns cloud computing security approaches need to catch up to adoption. A survey of IT professionals has painted a troubling picture of enterprise approaches to cloud computing security. According to the survey, which was done by Symantec and the Ponemon Institute, many organizations are not doing their due diligence when it comes to adopting cloud technology—a situation that may partly be due to ad hoc delegation of responsibilities. Among the findings: Few companies are taking proactive steps to protect sensitive business and customer data when they use cloud services. Less than 10 percent of those surveyed said their organizations performed any kind of product vetting or employee training to make sure cloud computing resources met security requirements before cloud applications were deployed. In addition, just 30 percent of the 637 respondents said they evaluate cloud vendors prior to deploying their products, and most (65 percent) rely on word-of-mouth to do so. Fifty-three percent rely on assurances from the vendor. However, only 23 percent require proof of security compliance such as with regulation SAS 70. Source:

Communications Sector

44. April 6, Dow Jones Newswires – (California; International) Calif gov declares state of emergency after earthquake. The governor of California declared a state of emergency Monday after a powerful earthquake centered in Mexico left severe damage in southern California. A 7.2 magnitude earthquake centered in Baja California on Mexico’s west coast Sunday killed two people and knocked out power and telephone services and damaged buildings there. The temblor also disrupted telephone communications, buckled roads, broke water mains, and damaged critical water storage facilities across the border in Imperial County, California, the governor said. The Mexican government-owned power company Comision Federal de Electricidad said it was restoring power to customers after the quake, although the utility did not say how many were without electricity. Two transmission lines between Mexicali and Tijuana on the northern border suffered outages and there were problems at 27 substations, 11 of which have since been brought back online, according to the company. Mexico’s biggest fixed-line telephone company, Telefonos de Mexico, sent crews out to repair damaged fiber optic lines, although the company did not say how many people were without phone service. State oil monopoly Petroleos Mexicanos, or Pemex, said gasoline supplies were flowing into Baja California after a temporary power outage at a distribution center, and that fuel supplies there were sufficient to meet demand. Sempra Energy, which owns power and natural gas facilities on both sides of the border, said none of its facilities in Mexico or southern California were seriously damaged. Source:

45. April 4, Radio & Television Business Report – (National) Congress pressing FCC on FM in cell phones. The FCC chairman has been busy lately signing letters to Members of Congress who have written to him and the Homeland Security Secretary urging them to require inclusion of FM tuners in cell phones so that they are capable of receiving Emergency Alert System notifications. On April 2, the FCC released 61 letters that the chairman had sent in reply to those Members of Congress. The chairman carefully avoided taking any position on the issue, but noted that the FCC in December initiated a 28-month period during which the mobile phone companies must develop a commercial Mobile Service Alert System (CMAS). He noted that the FCC’s standards for CMAS do “not require or prohibit the use of Alert-FM” or similar FM radio-based technologies for the cell companies’ emergency alerting system. Source: