DHS Daily Open Source Infrastructure Report

Monday, February 28, 2011

Complete DHS Daily Report for February 28, 2011

Daily Report

Top Stories

• Oil industry documents filed with the federal government reveal that an accidental release of a lethal chemical used in 50 aging refineries across the country could prove devastating, with 16 million Americans living within range of toxic plumes that could spread for miles, ABC News and Center for Public Integrity reported February 24. (See item 2)

2. February 24, ABC News and Center for Public Integrity – (National) Hydrofluoric acid risk at oil refineries. Oil industry documents filed with the federal government reveal that an accidental release of a lethal chemical used in 50 aging refineries across the country could prove devastating, with 16 million Americans living within range of toxic plumes that could spread for miles. Los Angeles, Philadelphia, Minneapolis, New Orleans, and the stretch of Texas coastline known as “Refinery Row” are among the at-risk areas cited in the documents. Citing homeland security concerns, the government keeps the industry filings under close guard in Washington, D.C. They were reviewed as part of a joint investigation by ABC News and the Center for Public Integrity. According to the industry’s worst-case scenario documents, a release of the chemical could endanger entire communities. Even though one-third of the oil refineries in the United States are using the chemical, a spokesman told ABC News that the industry has long avoided demands from safety advocates and from the union that represents refinery workers that it explore safer options. Officials at the U.S. Chemical Safety Board have warned that while the refinery industry has been painting a rosy picture of the conditions at their facilities, it has compiled a disconcerting track record. As the nation’s 150 refineries have aged, there have been an increasing number of fatal, or near-fatal, incidents. Source: http://abcnews.go.com/Blotter/hydrofluoric-acid-risk-oil-refineries/story?id=12985686

• According to Killeen Daily Herald, the city of Killeen, Texas, advised its residents to avoid Nolan Creek until February 28 because a mechanical failure at a lift station February 22 sent about 298,000 gallons of wastewater pouring into the creek. (See item 32)

32. February 24, Killeen Daily Herald – (Texas) Residents told to avoid part of contaminated Nolan Creek. A mechanical failure at lift station 1 sent about 298,000 gallons of wastewater pouring into the Nolan Creek, in Killeen, Texas, February 22. Two days later, the city advised its residents to avoid the creek until February 28. The Drainage Utility Project engineer said a large buildup of grease was found in the lift station and has been a problem in the past, but did not confirm the cause of the spill. Four manholes also discharged sewage, affecting one business at the intersection of 38th and Water streets. Source: http://www.kdhnews.com/news/story.aspx?s=51549

Details

Banking and Finance Sector

16. February 24, Softpedia – (National) FTC files complaint against SMS spammer. The Federal Trade Commission filed a complaint against a man from Huntington Beach, California, alleging that he is responsible for sending millions of SMS spam messages. According to the complaint, during a 40-day period alone, defendant sent over 5.5 million unsolicited commercial text messages at a rate of 85 per minute. The FTC claims the messages deceptively advertised loan modification assistance, debt relief and other services. In one instance, recipients were directed to loanmod-gov.net, a site claiming to provide “Official Home Loan Modification and Audit Assistance Information.” This type of activity can cost people money because some wireless carriers charge fees for receiving text messages. In addition, the suspect is accused of selling the contact information of consumers to marketers claiming they are debt settlement leads. The alleged spammer is also said to have sent unsolicited email messages that promoted his SMS spamming services. The FTC charges the suspect with violations under the FTC Act and the CAN-SPAM Act, the law that governs the sending of commercial emails. He also failed to include an “opt-out” option. Source: http://news.softpedia.com/news/FTC-Files-Complaint-Against-SMS-Spammer-186219.shtml

17. February 23, Contra Costa Times – (California) Orinda robbery suspect arrested in San Francisco. A man suspected in a February 4 armed robbery of an Orinda, California, bank has been arrested in San Francisco, police said February 22. San Francisco police arrested the 51-year-old February 8 on a drug charge. He is one of two men suspected of robbing the First Republic Bank on Brookwood Road. The men left the bank with an undisclosed amount of cash, a police official said, and their getaway car was later found abandoned. Orinda police officers interviewed Smith in San Francisco, and the FBI has taken over the case because of his possible involvement in other robberies. Source: http://www.mercurynews.com/breaking-news/ci_17455166

18. February 22, Federal Bureau of Investigation – (New York) Business owner pleads guilty to securities fraud. A 46-year-old New York man pleaded guilty February 22 to one count of securities fraud. The guilty plea was entered in United States District Court in Syracuse, New York. Sentencing is set for July 7, 2011 in Albany, New York. The man faces a maximum term of up to 20 years in prison. As part of his guilty plea the man admitted that, from 2002 through 2010 he was the founder, owner, and sole managing member of Prime Rate and Return, LLC and American Integrity Financial Co. Neither Prime Rate nor American Integrity was registered in any capacity with the Securities and Exchange Commission (SEC). He also admitted that he solicited and received money from investors as a representative of American Integrity. He offered and sold investors contracts with American Integrity, which American Integrity promised to pay a “guaranteed” fixed rate of interest on the initial investment. These contracts were for a fixed term, usually three years, after which the investor could either withdraw his or her investment or roll the investment over into another fixed term with a fixed rate of return. He offered rates of return that varied from investor to investor and ranged from 3.85 percent to 9.35 percent annually. Source: http://www.fbi.gov/albany/press-releases/2011/business-owner-pleads-guilty-to-securities-fraud

Information Technology

45. February 25, Softpedia – (International) Removal of NIC-hijacking malware leads to network connection problems. Researchers from security vendor Bkis warn that removal of a trojan which intercepts network traffic can leave the computer isolated from the network and Internet. The reason for this lies in the trojan’s routine, which involves creating virtual network adapters using the names of existent ones and adding the “-” character at the end. Bkis detects this threat W32.Ndisvan.Trojan and says its purpose is to filter data passing through network controllers, download additional malware and evade antivirus detection. The rogue network adapters created by the trojans use a driver called “ndisvvan.sys,” which tries to pose as the Windows NDISWAN Miniport Driver, ndiswan.sys. A Bkis senior malware researcher notes that by removing the rogue ndisvvan.sys, the network filter driver chain is broken and data can no longer reach the real network adapter. Because of this the computer will appear to have no network connection and attempting a normal local area connection repair will not resolve the problem. Source: http://news.softpedia.com/news/NIC-Hijacking-Malware-Removal-Leads-to-Broken-Network-Connection-186287.shtml

46. February 25, Help Net Security – (International) Failure to invest in secure software a major risk. Failure to take software security seriously is putting organizations, brands and people at risk, according to a report by Creative Intellect Consulting. Key highlights from the report included: key software security and quality processes are not being followed; managers are jeopardizing secure software delivery, but they are not alone; there is a clear mandate for better education and training that cannot be ignored; a mentality exists to invest in what people already know; and compliance and regulation is a key driver. Source: http://www.net-security.org/secworld.php?id=10663

47. February 24, The Register – (International) Thunderbolt: A new way to hack Macs. The 10Gbit/s interconnect Apple introduced February 24 in a new line of Macbook Pros may contain the same security weakness that for years has accompanied another Mac innovation: the Firewire port. Like Firewire, the Intel-designed Thunderbolt is based on a peer-to-peer design that assigns blind trust to any device that connects through the bi-directional, dual channel interface. According to CEO of security consultancy Errata Security, that gives attackers yet another weakness to exploit when targeting machines that offer the interconnect. “Imagine that you are at a conference,” the security expert writes. “You innocently attach your DisplayPort to a projector to show your presentation on the big screen. Unknown to you, while giving your presentation, the projector is downloading the entire contents of your hard disk.” Such attacks rarely work on USB ports because they are based on a “master-slave” design. That means the computer has full access to the attached device but the attached device has limited access to the computer. Firewire and now Thunderbolt, by contrast, have full access to a Mac’s entire memory. Source: http://www.theregister.co.uk/2011/02/24/thunderbolt_mac_threat/

48. February 22, The Register – (International) Site to highlight social networks’ security soft spots. Security researchers have set up a site designed to prod social networking Web sites into practicing what they preach about web security. Socialnetworksecurity.org, which aims to publish details of security vulnerabilities on Web 2.0 sites such as Xing or Facebook, was set up the weekend of February 19 by security researchers frustrated with a lack of response from sites about the problems they discovered. Many of the vulnerabilities unearthed fall into the category of cross-site scripting vulnerabilities, some of which (in the case of bugs on Xing and Jappy.de, for example) have already been fixed. Separately, an insecure script on Facebook creates a mechanism to make more convincing phishing attacks. This bug remains live, Socialnetworksecurity.org warns. The German-based team behind the website, who wish to remain anonymous, want to push vendors into becoming more responsible about security bugs. At a first step they want Web 2.0 to establish a security-related contact form, and to allow submission of confidential security-related problems via encrypted e-mail. Source: http://www.theregister.co.uk/2011/02/22/social_network_insecurity/

Communications Sector

Nothing to report