Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, April 15, 2010

Complete DHS Daily Report for April 15, 2010

Daily Report

Top Stories

 According to the Associated Press, San Diego authorities say a package explosion at a FedEx warehouse appears to have been sparked by batteries and was not intentional. The building was evacuated until a police bomb squad determined the cause of the blast. (See item 20)

20. April 14, Associated Press – (California) Batteries blamed for blast at San Diego FedEx. San Diego authorities say a package explosion at a FedEx warehouse appears to have been sparked by batteries and was not intentional. The city fire spokesman says two lithium batteries in a box made contact and exploded shortly after 6 a.m. Wednesday at the building in the Miramar neighborhood. However, a FedEx Corp. spokesman says the batteries were nickel-cadmium. A police lieutenant says employees who were sorting packages were about 6 feet away from the cardboard box when it exploded. They reported a flash and a smell like gunpowder, but nobody was hurt. The building was evacuated until a police bomb squad determined the cause of the blast. The FedEx spokesman says the only damage was to the package, and FedEx is working to identify the shipper. Source:

 The Associated Press reports that a 19-year-old man was arrested Sunday on allegations that he was plotting to kill sheriff’s deputies in Snohomish County, Washington. (See item 48)

48. April 13, Associated Press – (Washington) Authorities: Man plotted to kill Wash. deputies. A 19-year-old man has been arrested on allegations that he was plotting to kill sheriff’s deputies in Washington state’s Snohomish County. Investigators said the man was planning an attack similar to the Thanksgiving-weekend assassination of four Lakewood police officers. The Herald newspaper of Everett reports that he had guns, ammunition, and bulletproof vests to carry out an assault when he was arrested Sunday at a local motel. Everett police said a burglary suspect who went to the man’s motel room told them that he claimed to be looking for a driver who would help him kill deputies. Source:


Banking and Finance Sector

14. April 14, Nevada Appeal – (California; Nevada) Bank of the West ups bounty for serial robber. A $2,500 reward is being offered for information leading to the arrest of a serial bank robber, dubbed the “Fedora Bandit,” who has hit five Bank of the West branches, the last one on April 12 in Carson City, Nevada. The suspect is described as a white male 40 to 50 years old, with short gray or salt-and-pepper hair. He stands about 5-foot-9 to 6-feet tall, with a slim build. In each of the robberies, surveillance cameras have captured the man wearing a fedora and what appears to be a fake beard and mustache. He has been linked to December and March robberies of the same Bank of the West branch in Grass Valley, California, and Nevada robberies February 18 in South Lake Tahoe and March 8 in Kings Beach. The man struck for the fifth time on April 12 when he entered the Carson City Bank of the West about 4 p.m. According to police, he flashed a gun at the clerk, grabbed a customer and held him at arm’s length, then made off with an undisclosed amount of cash. Fritsch Elementary School’s latchkey program locked down the building for a short time. Source:

15. April 14, Washington Post – (National) Smaller banks given federal extension to help preserve key accounts. Federal banking regulators voted April 13 to extend a guarantee program aimed at helping smaller banks overcome the fallout from the financial crisis while also moving to explore a proposal that could result in higher fees on large, risky banks. The five-member board of the Federal Deposit Insurance Corp. unanimously approved a six-month extension of the Transaction Account Guarantee Program, which offers unlimited deposit insurance for certain, business bank accounts. Instituted in October 2008, the program was scheduled to expire at the end of June. Board members and FDIC staff members said the extension was necessary to ensure that smaller banks could retain critical accounts — such as payroll accounts from municipalities and small businesses — rather than risk losing those to larger banks that might be perceived as more stable. They said allowing the program to expire could put additional pressure on community banks, which could subsequently place more strain on the FDIC’s deposit insurance fund. Source:

16. April 14, NBC 4 New York – (New York) Scammers charge 50 cents now, big bucks later. There is a new scam out there that is part identity theft, part credit scam, and, so far, still a big mystery to law enforcement. Someone is using the name of the Long Island, New York business JHD Productions and charging people’s credit and debit cards. Most of the charges start extremely low, between 50 and 60 cents. One woman from Arizona stated that she ignored the initial charge, and three days later a charge of $5,000 appeared on her bill. The scam appears to be affecting people from across the country with JHD Productions always making the withdrawals. Suffolk county police said they are investigating the matter. Source:

17. April 14, Help Net Security – (International) ‘Secure’ message from bank leads to phishing page. TrendLabs warns that Standard Chartered Bank clients are the targets of the latest batch of phishing e-mails that have been hitting e-mail inboxes. The scammers rely on one key word to make users click on the malicious link — SECURE. They simulate a legitimate e-mail address in the “from” field, which is it something that many people do not think to check. If the user follows the link, she will be faced with a phishing log-in page. When accessing online banking account, users should never follow links from an e-mail. Instead, users should type the bank’s Web address directly into the browser address bar. Source:

18. April 13, Springfield News-Leader – (Missouri) Suspicious backpack destroyed outside insurance office in Springfield. The Springfield (Missouri) Bomb squad destroyed a suspicious backpack early this morning found outside PJC Insurance on Norton Road. The assistant fire chief said the backpack was found in the middle of the parking lot before 7 a.m. It was leaking some type of acid that was eating through the asphalt of the lot. After evacuating personnel at the insurance firm and closing the south side of nearby Lowe’s, the bomb team dug a hole and destroyed the bag. “It was just a lot safer to get rid of it,” the assistant fire chief said. He said they do not know what was inside the bag, but it’s placement in the lot, away from the building and cars, seemed to indicate that it wasn’t meant to be explosive. Source:

Information Technology

50. April 14, PC World – (International) Microsoft tries to avoid windows blue screen repeat. Microsoft took steps on April 13 to avoid repeating the debacle two months ago that left Windows XP users staring at the notorious “Blue Screen of Death” error message after they applied a patch. In February, a security update that fixed two flaws in the Windows kernel — the operating system’s most important component — wreaked havoc when it was applied by users, who almost immediately flooded Microsoft’s support forum with reports of crippled computers . As the number of reports grew, Microsoft first stopped automatically serving the MS10-015 update, then confirmed that a rootkit caused the crashes. Only PCs that had been previously infected with the Alureon rootkit were incapacitated, Microsoft’s investigation found. MS10-021, one of the 11 updates issued on April 13 as part of Microsoft’s monthly Patch Tuesday cycle, also fixed flaws in the Windows kernel. But Microsoft is hoping that this month’s update will not trigger a repeat Blue Screen of Death episode. Source:

51. April 14, IDG News Service – (International) Facebook beefs up site against hackers. Facebook is employing aggressive legal means in combination with technical measures in order to stop hackers from abusing its social-networking site, according to the chief security officer. The company is constantly under fire from hackers trying to spam its 400 million registered users, harvest their data, or run other scams. Facebook’s security team started off with just a few people, said the security officer, who began working at Facebook in 2005 after a stint as a computer forensic analyst for the U.S. Federal Bureau of Investigation. He gave a keynote presentation at the Black Hat security conference on April 13. Now, as many as 10 percent of Facebook’s 1,200 employees are involved in security-related functions for the site, he said. Its core security team consists of 20 people, a site-integrity team of around 15 people, and 200 others who are part of a user-operations team that monitors illegal activity. Source:

52. April 14, CNET News – (International) Nearly 90 percent of firms show Zeus botnet activity. Most major U.S. corporations — up to 88 percent of the Fortune 500 companies — may be affected by botnet activity from computers compromised by the Zeus, data-stealing, Trojan virus, according to an RSA study released on April 14. RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers in August and traced evidence back to IP addresses and e-mail addresses belonging to the corporations, said the manager of the Identity Protection and Verification Group at RSA, which is the security division of EMC. Among the stolen data found on the sites where infected computers drop the stolen data was compromised e-mail addresses from about 60 percent of the firms. Companies with fewer than 75,000 employees appeared to have the highest ratio of botnet activity and compromised e-mail addresses to employee counts, according to the report. Source:

53. April 13, The Register – (International) Microsoft, Adobe, Oracle unite with massive patch batch. It was an extreme version of Patch Tuesday as Microsoft, Adobe Systems, and Oracle released updates that fixed dozens of critical vulnerabilities in their wares. As part of Microsoft’s monthly patch regimen, the software giant issued 11 updates that patched a total of 25 bugs. At least eight of the vulnerabilities are likely to be targeted by reliable exploits in the wild, Microsoft officials said. Adobe, meanwhile, fixed 15 security flaws in its Reader and Acrobat software for viewing PDF files. The software maker rated the update “critical,” meaning attackers can exploit the bugs to take control of end-users’ computers. Oracle released 47 updates of its own to patch security bugs in a variety of applications, including Database Server, Fusion Middleware, Collaboration Suite, E-Business Suite, and PeopleSoft Enterprise. Source:

54. April 13, DarkReading – (International) Next-Generation clickjacking attacks revealed. A researcher at Black Hat Europe will demonstrate a new, powerful breed of clickjacking attacks he devised that can bypass newly constructed defenses in browsers and Websites. The security consultant with Context Information Security in the U.K., also will release a browser-based point-and-shoot tool for clickjacking that simplifies these attacks on Web applications and provides researchers visual views of the links, buttons, fields, and data to be targeted by the clickjacking attack. Clickjacking occurs an attacker slips a malicious link invisibly on a Web page or under a button on the site. When the user clicks on the link or moves his mouse over it, he becomes infected. Facebook and Twitter both have suffered from clickjacking. To date, clickjacking alone has been considered a fairly, limited attack except when it is paired with cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Source:

55. April 12, Congress Daily – (National) FBI warns about online census scams. The Internet Crime Complaint Center on April 12 warned Americans to be careful about potential Web and other scams related to the 2010 census. The center, a joint venture between the FBI and the National White Collar Crime Center, warned that census takers will not contact U.S. residents seeking census information via e-mail or seek donations. It also notes that census takers will not ask for personally identifiable information such as Social Security Number and bank account number. It advised computer users to not respond to e-mail or other solicitations. “Criminals often capitalize on legitimate campaigns to spread computer viruses through e-mails, text messages, ‘pop-ups,’ fraudulent Web sites, or infected legitimate Web sites,” according to an alert from the center. It added that viruses can be embedded in e-mail attachments, links, or even pictures and that anti-virus software may not detect all viruses especially those that are newly created. The center said U.S. residents should be wary of similar tactics being used on social networking sites as well. The alert also warned users to watch out for e-mail and other scams offering potential jobs with the Census Bureau. “The Census Bureau has a hiring process, which includes taking a test in person, not online,” the center added. Source:

Communications Sector

56. April 13, Associated Press – (Maine) FairPoint blames fire for Maine Internet outages. Thousands of FairPoint Communications customers lost their Internet service for several hours, Tuesday, after Central Maine Power equipment overheated and damaged FairPoint’s high-speed data lines, officials said. FairPoint customer-service representatives received more than 100 calls indicating scattered Internet outages — but no phone service interruptions — across much of Maine, said a spokesman. The problem was caused by a fire on a utility pole directly outside the FairPoint’s state headquarters in Portland. Service was restored by early afternoon. The outage happened after a CMP piece of equipment overheated and melted before falling off a utility pole and onto FairPoint’s fiber-optic cables, the CMP spokesman said. FairPoint did not have a precise number of how many customers were left without Internet service during the outage. The company has tens of thousands of Internet access lines in Maine but does not release exact figures on a state-by-state basis, he said. Source:

57. April 13, IntoMobile – (Washington) ATT network outage reported in Seattle. AT&T users in Seattle, Washington, experienced network outages on April 13. Some users were required to reboot their phone while others lost service entirely. The disruption was reportedly affecting voice calls. An AT&T spokesman confirmed that there were 3G voice issues in the morning, but that the issues were resolved by the afternoon. “We apologize for any inconvenience to our customers,” said AT&T. Source:

58. April 13, IDG News Services – (International) European Union, France to consult on net neutrality. The European Commission will launch a public consultation on the issue of network neutrality this quarter, the commissioner for the digital agenda said on April 13. She intends to report back to the European Parliament before the end of the year on whether regulatory action on net neutrality is necessary. However, she set the bar for introducing new regulation high, stating it must be justified by the need to tackle specific problems. The debate over net neutrality is already under way, and not just in the U.S., where the question of whether the U.S. Federal Communications Commission can mandate it has already reached the courts. The recently created Body of European Regulators for Electronic Communications (BEREC), which brings together the national regulatory authorities of E.U. member states, has already set up a project team to work on net neutrality issues, the commissioner said. One of the most important factors for all concerned parties is what they mean by net neutrality. Source: