Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 29, 2010

Complete DHS Daily Report for June 29, 2010

Daily Report

Top Stories

• One hundred percent of passengers flying domestically and internationally on U.S. airlines are now being checked against government watch lists through the Transportation Security Administration’s (TSA) Secure Flight program, the DHS Secretary announced late last week, according to Homeland Security Today. (See item 27)

27. June 28, Homeland Security Today – (National) Secure flight hits 100 percent mark. One hundred percent of passengers flying domestically and internationally on U.S. airlines are now being checked against government watch lists through the Transportation Security Administration’s (TSA) Secure Flight program, the DHS Secretary announced late last week. The Secretary called the achievement the second major step in fulfilling a key 9/11 Commission recommendation achieved in the past month. “Secure Flight fulfills a key recommendation of the of the 9/11 Commission Report, enabling TSA to screen passengers directly against government watchlists using passenger name, date of birth, and gender before a boarding pass is issued,” she said. “This achievement significantly enhances one of our many layers of security — coordinated with our partners in the airline industry and governments around the world — that we leverage to protect the traveling public against threats of terrorism.” Source:

• In a rare rebuke, federal officials criticized New Jersey State Police for mistakes made last month during an emergency drill involving the Salem and Hope Creek nuclear plants on Artificial Island in Lower Alloways Creek, the Newark Star-Ledger reports. (See item 54)

54. June 26, Newark Star-Ledger – (New Jersey) FEMA: New Jersey State Police too slow. In a rare rebuke, federal officials criticized New Jersey State Police for mistakes they made last month during an emergency drill involving the Salem and Hope Creek nuclear plants on Artificial Island in Lower Alloways Creek. During a simulated nuclear disaster, it took the state police 62 minutes to inform the public within 60 miles of the reactors whether to evacuate or seek nearby shelter, about 17 minutes too long for the Federal Emergency Management Agency (FEMA), which said the response was seriously deficient. The state police were also cited for identifying the wrong town in a press release warning local officials about potentially contaminated fish. The test will be re-run July 15. “The deficiency was not in the message, the right decisions were made,” said the executive officer for Office of Emergency Management (OEM), the division of the state police department that handles emergency responses in Trenton. FEMA has since told OEM that 40 to 45 minutes would be a reasonable response time. FEMA found no deficiencies in the role of Salem County’s emergency management team in the drill. Source:


Banking and Finance Sector

19. June 28, Bloomberg – (International) Toronto’s financial sector returns to work after G-20 protests. Businesses in Toronto’s financial district were set to return to normalcy after a weekend of violent protests related to the Group of 20 summit left windows smashed, access restricted and office buildings vacated. Demonstrators spray-painted obscenities on walls, set fire to at least four police cars and threw rocks and golf balls at windows of stores and office buildings, including the headquarters of Bank of Montreal and Canadian Imperial Bank of Commerce. Police arrested more than 600 people across the city on a week when world leaders met in a protected zone around the Metro Toronto Convention Centre. Protests have been a feature of high-profile meetings of world leaders since riots broke out in Seattle at the World Trade Organization talks in 1999. Police clashed with demonstrators in Pittsburgh at the G-20 summit in September and arrested 83, according to The Associated Press. Confrontations led to 111 arrests during the 2009 G-20 summit in London. Toronto’s downtown is home to Canada’s five largest banks and two of its biggest insurers. There are 223,000 financial-services employees in the district, according to Toronto Financial Services Alliance. Source:

20. June 28, Associated Press – (Massachusetts) Peabody bank teller sentenced in fraud case. A former bank teller from Peabody, Massachusetts has been sentenced to nearly three and a half years in prison for stealing customer account information that led to the theft of more than $330,000. Federal prosecutors said the 26-year-old suspect pleaded guilty to multiple counts of bank and identity fraud. Authorities said while working as a teller at a Bank of America branch, the suspect used his access to bank customer data to steal customer names and account information from November 2004 to February 2006. He then sold the information to someone who did not work for the bank, usually for $2,000 per account. The suspect was also sentenced to three years of probation and ordered to pay more than $270,000 in restitution. Source:

21. June 28, – (Minnesota) Proposed Treasury rules take hard line against prepaid card fraud. The government’s efforts to crack down on criminal financing could make it tougher for consumers to buy gift cards, some experts warn. Published in the June 28 Federal Register, the newly proposed rules from the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) require prepaid card providers and sellers to fill out Suspicious Activity Reports on customers for suspicious transactions, such as those totaling more than $2,000. Amid concerns that so-called stored value cards and devices offer a way for criminals and terrorists to quietly move funds internationally, the government is looking to step up efforts to combat the misuse of these products. As a result, the proposed FinCEN rules look to better identify prepaid card users by placing requirements on nonbank providers and sellers. Mandated by the Credit CARD Act of 2009, the proposed rules require more data collection and reporting from businesses. Interested parties have 30 days to submit comments on the proposed rules. Source:

22. June 27, IDG News Service – (International) FTC says scammers stole millions, using virtual companies. The Federal Trade Commission (FTC) has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers — often by taking just pennies at a time. The scam, which had been run for about four years, according to the FTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud. The FTC has not identified those responsible for the fraud, but in March, it quietly filed a civil lawsuit in U.S. District Court in Illinois. This has frozen the gang’s U.S. assets and also allowed the FTC to shut down merchant accounts and 14 “money mules” — U.S. residents recruited by the criminals to move money offshore to countries such as Bulgaria, Cyprus, and Estonia. The scammers found loopholes in the credit-card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit-card transactions through legitimate credit-card processing companies. The scammers stayed under the radar from investigators for so long by charging very small amounts — typically between 25 cents and $9 per card — and by setting up more than 100 bogus companies to process the transactions. Source:

23. June 26, Bank Info Security – (National) Three banks closed on June 25. Federal and state regulators closed three banks and placed one credit union into conservatorship June 25 raising the number of failed institutions to 96 so far in 2010. High Desert State Bank, Albuquerque, New Mexico, was closed by the New Mexico Financial Institutions Division, which appointed the Federal Deposit Insurance Corp. (FDIC) as receiver. The FDIC estimates that the cost to the Deposit Insurance Fund (DIF) will be $20.9 million. The National Credit Union Administration (NCUA) placed Arrowhead Central Credit Union (ACCU) of San Bernardino, California, into conservatorship. By assuming control, NCUA will continue credit-union service to the members and ensure safe and sound credit-union operations. ACCU is a full-service credit union, with assets of $876 million, that provides financial service to 152,000 members residing in the counties of San Bernardino and Riverside, California. First National Bank, Savannah, Goergia, was closed by the Office of the Comptroller of the Currency, which appointed the FDIC as receiver. The FDIC estimates that the cost to the DIF will be $68.9 million. Peninsula Bank, Englewood, Florida, was closed by the Florida Division of Financial Institutions, which appointed the FDIC as receiver. The FDIC estimates that the cost to the DIF will be $194.8 million. Source:

24. June 26, Associated Press – (Florida) SEC halts alleged $34 million Ponzi scheme. The government said June 25 it obtained a court order to halt an alleged $34-million Ponzi scheme targeting federal employees and law enforcement agents nationwide with promises of safe investments in a nonexistent bond fund. The Securities and Exchange Commission (SEC) said the order issued Thursday by a federal judge in Miami also froze the assets of the estate of the late suspect, his consulting firm Federal Employee Benefits Group of Jacksonville, Florida, and an affiliated investment firm. The SEC alleged that the suspect and the firms defrauded an estimated 260 investors starting in 1988. Source:

25. June 26, Indianapolis Star – (Indiana) Cloned cards used in local ATM thefts. A trio of high-tech thieves used cloned bank cards to rip off $212,000 from Indianapolis-area automated teller machines (ATMs) over the past seven months, police said. The fraudulent withdrawals came at ATMs in 13 different ampm convenience marts in Indiana since November 2009, according to an Indianapolis Metropolitan Police Department (IMPD) report. A cyber-security expert said such crimes have been going on for years, and called for changes in the ways banks and their customers use bank cards. Officials with Cardtronics in Houston told IMPD detectives that three men captured on security cameras used cloned cards to make hundreds of maximum withdrawals of $400. The money was withdrawn from stores in Indianapolis, Carmel, Avon, Plainfield and Brownsburg, police said. Armored car money collectors noticed the robberies when their hauls continually turned up $400 short at several machines. Source:

26. June 25, Austin Business Journal – (National) Driskill Hotel guests’ credit-card data stolen. More than three dozen guests at the Driskill Hotel were among roughly 700 people nationwide whose credit card data was stolen when the computer system of Driskill’s parent company’s was hacked, according to news reports. Guests at up to 21 of Colorado-based Destination Hotels & Resorts’ U.S. properties “may have been victims,” the company said, adding that it is contacting recent guests who may have been affected. ABC News reports that the data theft enabled hackers to steal hundreds of thousands of dollars. The security breach has been fixed, but the thieves remain unknown. The FBI and local police are investigating, and the breach appears to be “isolated to locations where credit cards were physically swiped,” leaving Internet, phone and other transactions apparently uncompromised, the company said. Source:

Information Technology

57. June 28, The Register – (International) Google can kill or install apps on citizen Androids. Google has the power to not only remove applications from users’ Android phones, but remotely install them as well. Last week, Google told the world it had exercised its Android “Remote Application Removal Feature,” reaching out over the airwaves and lifting two applications from citizen handsets, and as pointed out by a security reseracher who built this pair of vanished applications, the company can use the same persistent handset connection to install applications as well. The researcher had delivered a talk on this proof-of-concept bootstrap at the SummerCon security conference in New York. The talk was written up by Forbes, and this alerted Google. Forbes quotes a Google researcher, who pointed out that unless they exploit a bug in the OS, Android apps are limited to the permissions set by users. Unlike some, the researcher is not angered by Google’s kill switch. But he does take issue with its INSTALL_APP mechanism. Source:

58. June 28, – (International) Hackers target instant-messaging applications. Security experts in Germany are warning of a new threat to MSN Messenger and Windows Live Messenger. G Data SecurityLabs research has found a recent surge in spam and phishing sites that link to the services, as well as a wave of seemingly “endless” fake-friend requests. Adding to these woes is a rogue application that promises to tell users who is blocking them, but in fact is a lure to a scam. Any links included in messages will take users to a Russian software site which offers products at unrealistically low prices, the firm warned, with the goal of the scammers to obtain personal information and credit card details from their victims. Other IM-borne threats include a sort of look-up service that lets IM users see who is blocking them as a contact. Source:

59. June 28, eWeek – (National) U.S. outlines security strategy for online identity. The White House has published a draft of a strategy designed to make the concept of trusted identities and authentication a reality in the digital world. In a 39-page document entitled the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), the White House promotes the “Identity Ecosystem”, an interoperable environment where individuals, organizations and devices can “trust each other because authoritative sources establish and authenticate their digital identities.” The ecosystem will consist of three main layers – a governance layer that establishes the rules of the environment; a management layer that applies and enforces the rules; and the execution layer that conducts transactions in accordance with the rules. “The federal government, in collaboration with individuals, businesses, non-profits, advocacy groups, associations, and other governments, must lead the way to improve how identities are trusted and used in cyberspace,” the document reads. “Ongoing collaboration ... has already resulted in significant gains towards establishing Identity Ecosystem components. However, much more remains to be done.” Source:

60. June 25, The New New Internet – (International) Cyber attacks via Excel? In order to conduct cyber espionage, miscreants need to find a way to access victims’ computers remotely. This often takes the form of sending an infected document, generally a PD, to the victim. A new targeted attack has been discovered by researchers at F-Secure who look to take advantage of people’s greater trust in Excel files. Rather than send infected PDF documents, this cyber attack uses infected Excel files that runs a backdoor when accessed. The attack files contain such seemingly innocuous information like personnel files, a list of terrorist organizations, a budget document, a World Cup schedule, and a conference agenda. Source:

Communications Sector

61. June 28, Associated Press – (National) Obama to nearly double amount of wireless spectrum available. The President of the United States June 28 is expected to sign a memorandum to almost double the amount of federal and commercial spectrum available for smartphones and wireless Internet devices, according to an administration official. The move is aimed at fostering investment and economic growth and creating jobs as information flowing over wireless networks continues to grow at a rapid pace. The director of the White House National Economic Council is expected to detail the presidential memorandum in a speech June 28. The memorandum would make available 500MHz of federal and commercial spectrum over the next 10 years. Source:

62. June 28, Arizona Daily Star – (Arizona) Park Place phone outage easing up. Things started to return to normal June 27 for businesses at Park Place mall in Tucson, Arizona after phone service was knocked out the previous week, and debit and credit card transactions were halted. ATMs in the mall also were affected and were temporarily out of service. Qwest was informed June 24 that a third-party construction crew cut one of the phone company’s underground conduit lines, which has several lines running through it, at Craycroft Road and East Broadway, a Qwest spokesman said. In addition to Park Place, other prominent businesses in the area, including the Target in the 5200 block of East Broadway, also were affected. Residential lines were affected too, but there was no impact on 911 services. Source:

63. June 25, – (Connecticut) WICC, Bridgeport finally back on the air after tornado. A storm that spawned an F-1 tornado in Connecticut took news/talk WICC-AM (600) off the air June 24. It was reported back on by the Connecticut Board of Radio-Info by early June 26. The tornado, which hit downtown Bridgeport, caused extensive damage to buildings and trees, and forced the mayor to declare a state of emergency and a curfew. A spokesperson from WICC-AM/WEBE-FM (107.9) said, “the tornado decimated the station (WICC) transmitter links and knocked down power lines. Fifteen-ton (commercial) air conditioning units were flying through the air.” Damage to WICC’s operation is estimated at about $100,000. Source: