Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, May 13, 2010

Complete DHS Daily Report for May 13, 2010

Daily Report

Top Stories

 The St. Joseph News-Press reports that firefighters evacuated residents near the Maysville, Missouri water plant on Tuesday after a vapor cloud erupted from a ruptured barrel containing hydrochloric acid as it was being moved by public works employees. (See item 22)

22. May 12, St. Joseph News-Press – (Missouri) Mo. FFs respond to hazmat incident. When a yellowish-white cloud of vapor erupted from a ruptured barrel May 11, firefighters evacuated everyone living near the Maysville, Missouri, water plant. That included about 50 people who live on the south side of town next to Missouri Highway 33, said the Central DeKalb County Fire Protection District chief. “This worked like it is supposed to,” said the Department of Natural Resources’ on-scene coordinator for hazardous chemical spills. Firemen and public works employees noticed the yellowish liquid was reacting with water on the ground from recent rains, he said. They chose evacuation and decided not to put water or any chemicals on the spill. The incident started when two public works employees were moving some old barrels from behind a building, located across the parking lot from the water plant, said Maysville’s public works director. An employee started to move one barrel and it ruptured when it was touched, he said. The employees did the right thing and called 911. This was about 1:30 p.m., and the stinky cloud started spreading. The sheriff closed Highway 33, and the call was made to notify authorities that there was a spill. Tests performed by two Region H employees determined that the spill was acidic and most likely hydrochloric acid. Residents of the DeKalb County community got the all-clear to return at about 4 p.m. Source:

 According to the Associated Press, a television communications satellite owned by Intelsat is drifting out of control thousands of miles above the Earth, threatening to wander into another satellite’s orbit and interfere with cable programming across the United States, the satellites’ owners said on Tuesday. The satellite’s systems were knocked out by a solar storm. (See item 44 below in the Communications Sector)


Banking and Finance Sector

10. May 12, KNSD 7 San Diego – (California) Geezer bandit has Facebook fans. The so-called Geezer Bandit struck again May 11 on the same block as his first bank heist. While investigators are trying to identify the elusive bandit, hundreds of Facebook fans are now following his every move. Investigators said a man believed to be in his 60s or 70s is responsible for at least nine bank robberies around the county since last August. He has two Facebook pages, and between them, he had almost 300 fans as of May 11. One post reads, “Go Geezer!” Another reads, “Catch the geezer already!” The FBI said they are looking into the Facebook pages. It’s unknown whether or not the suspect started the pages himself. Three different rewards offer $16,000 total for the arrest and conviction of the Geezer. Source:

11. May 11, WPBF 25 West Palm Beach – (Florida) Delray Beach police search for ATM skimmer. Police in Delray Beach, Florida are searching for a man they said stole at least $1,000 in cash from ATMs using “skimmed” card information. Police said they don’t know where the man was able to steal the information from. Police said the victim’s cards were used at various locations in Delray Beach and North Lauderdale. The thief is described as in his 20s with a close-cropped haircut. Police believe the man may have been driving a white four-door mid-’90s vehicle, possibly an Acura or a Nissan. Source:

12. May 11, Krebs on Security – (National) FBI promises action against money mules. The FBI’s top anti-cyber crime official said May 12 that the agency is planning a law enforcement action against so-called “money mules,” individuals willingly or unwittingly roped into helping organized computer crooks launder money stolen through online banking fraud. The acting chief of the FBI’s cyber criminal section said mules are an integral component of an international crime wave that is costing U.S. banks and companies hundreds of millions of dollars. He said the agency hopes the enforcement action will help spread awareness that money mules are helping to perpetrate crimes. “We want to make sure the public understands this is illegal activity and one of the best ways we can think of to give that message is to have some prosecutions,” the director said at a Federal Deposit Insurance Corporation (FDIC) symposium in Arlington, Virginia, May 11. The conference focused on combating commercial payments fraud. Money mules typically are first contacted by e-mail, usually with a greeting that claims the prospective employer found the recipient’s resume on,, or some other job-search site. The fraudsters usually represent themselves as international finance or tax companies that are looking to hire “financial agents” to help customers move their money abroad speedily. Candidates often are told the position is a work-at-home job, that no experience is necessary, and that they need only have access to a computer with an Internet connection. Source:

13. May 11, WTHI 10 Terre Haute – (Indiana) Another bank scam hits Wabash Valley. Since May 7, both members and non-members of a Normal, Illinois-based credit union, who have service through AT&T, have received text messages saying their ISU Credit Union accounts have been locked. Besides saying the account has been locked, the text message also provides a toll free number to call to fix the problem. “Please do not call the 800 number. They are requesting your debit card number, they want your PIN, they want that security code on the back so that they can run freely with your account information,” said the credit union’s marketing coordinator. ISU Credit Union said that if anyone receives this text message they should delete it. Also, they should call AT&T and let them know about the scam. Source:

Information Technology

41. May 12, The Register – (International) Server-based zombies power souped-up DDoS assault. Hackers have begun using compromised servers instead of client PCs to launch more powerful denial of service attacks. Hundreds of Web servers are infected with a DoS application that transforms them into zombie drones, according to database security firm Imperva. These zombie servers are controlled using a simple Web application, consisting of just 90 lines of PHP code. Servers are harder to compromise than desktop PCs, which can potentially be compromised as easily as tricking a user into opening a maliciously constructed e-mail or visiting a dodgy Web site. However once compromised, servers offer more horsepower and, typically, fatter pipes for throwing out spurious traffic. Attacks launched from Web servers may also be more difficult to detect. “Trace backs typically lead to a lone server at a random hosting company,” Imperva warns. Source:

42. May 12, SC Magazine – (International) Only two patches released by Microsoft for May, as main talking point surrounds SharePoint vulnerability. Microsoft released two bulletins for critical vulnerabilities on the May 11 patch Tuesday. Security bulletin MS10-030 is a Windows-based update resolving a vulnerability affecting Outlook Express, Windows Mail and Windows Live Mail. Microsoft claimed that to successfully take advantage of this vulnerability, an attacker would either have to host a malicious mail server or compromise a mail server, or they could perform a man-in-the-middle attack and attempt to alter responses to the client. The data and security team manager for Shavlik Technologies, claimed that this bulletin affects every supported Microsoft operating system, however the Microsoft e-mail clients - Windows Live Mail and Windows Mail - are not installed by default on some of the affected operating systems and will require a user to install the client. The other bulletin, MS10-031 addresses one vulnerability in Microsoft Visual Basic for Applications (VBA). The update addresses the vulnerability by modifying the way VBA searches for ActiveX controls embedded in documents. Source:

Communications Sector

43. May 11, IDG News Service – (National) Bill would require FCC report before reclassifying broadband. A Florida Congressman has introduced legislation to require the U.S. Federal Communications Commission (FCC) to deliver a detailed cost-benefit analysis to Congress before moving forward with a plan to reclassify broadband as a regulated common-carrier service. The bill would also require the FCC to conduct a market study to show “market failure” in the broadband industry before moving forward with the plan to reclassify broadband. The FCC Chairman’s plan to reclassify broadband as a regulated service is a mistake the Florida Representative said at a press conference May 11 organized by Americans for Prosperity, an antiregulation advocacy group. The effort will hurt the FCC’s goal of making broadband available to all U.S. residents, he said. “I think this is a partisan move by him to regulate the Internet,” the Representative said. “This curious step by [the] Chairman would reverse course and ... do an end run around Congress, where this issue should and must be debated first.” Source:

44. May 11, Associated Press – (International) Drifting satellite threatens US cable programming. A TV communications satellite is drifting out of control thousands of miles above the Earth, threatening to wander into another satellite’s orbit and interfere with cable programming across the United States, the satellites’ owners said May 11. The communications company Intelsat said it lost control of the Galaxy 15 satellite April 5, possibly because the satellite’s systems were knocked out by a solar storm. Intelsat cannot remotely steer the satellite to remain in its orbit, so Galaxy 15 is creeping toward the adjacent path of another TV communications satellite that serves U.S. cable companies. Galaxy 15 continues to receive and transmit satellite signals, and they will probably overlap and interfere with signals from the second satellite, known as AMC 11, if Galaxy 15 drifts into its orbit as expected around May 23, according to the two satellite companies. AMC 11 receives digital programming from cable television channels and transmits it to all U.S. cable systems from its orbit 22,000 miles (36,000 kilometers) above the equator, SES World Skies said. It operates on the same frequencies as Galaxy 15. Source:

45. May 11, U.S. Environmental Protection Agency – (Washington) Bothell wireless facility faces $57,000 fine for diesel spill. Under an order with the U.S. Environmental Protection Agency, New Cingular Wireless has agreed to pay a $57,255 penalty for spilling more than 12,000 gallons of diesel at its Bothell, Washington data center in 2008 in violation of the federal Clean Water Act. According to the order, on Aug. 1, 2008, New Cingular Wireless spilled approximately 12,432 gallons of diesel when an above-ground storage tank overflowed on its property. The spill traveled across an asphalt area and into a storm drain that empties into a wetland pond adjacent to Par Creek. The company cleaned up the spill in early September 2008. Source: