Friday, September 28, 2012 


Daily Report

Top Stories

 • Chevron issued an industry alert to other Bay Area, California refineries after it found that routine safety inspections failed to uncover corrosion that contributed to a fiery accident at its Richmond refinery. – KGO 7 San Francisco

1. September 26, KGO 7 San Francisco – (California) Chevron issues warning to Bay Area refineries. Chevron issued a big word of warning to other Bay Area, California refineries after the company found that routine safety inspections failed to uncover the corrosion that contributed to last month’s fiery accident at its Richmond, California refinery. September 26 Chevron sent an industry alert. It said, ―We know a section of the pipe failed. We are pretty sure we know why it failed. While we inspected several sections of the 200-foot long pipe, we did not inspect all sections. This is what we are doing now, and this is what we think other refineries should do too.‖ A Chevron spokesman added, ―What we have done is enhanced our inspection program to try and prevent something like this from happening again. And today we are sharing what we’ve learned, even though our investigation is ongoing, with other companies so that they can take any effective action they might need to try and prevent something similar from happening.‖ The section of the pipe that failed, contributing to the August fire, had a thinning pipe issue called sulfidation corrosion. Several things have to happen for this problem to occur — the temperature inside a pipe with sulfur compounds must exceed 450 degrees Fahrenheit and the pipe must be made of carbon steel with low silicon. The section of the pipe in question has been taken away to be analyzed and tested. According to Chevron, the complete results may not be known for some time. Source: http://abclocal.go.com/kgo/story?section=news/local/east_bay&id=8826440

 • The U.S. Air Force is implementing a new oxygen concentration schedule for Lockheed Martin F-22 Raptor’s on-board oxygen generation system to address breathing issues that have afflicted F-22 pilots for years. – Flightglobal.com

8. September 25, Flightglobal.com – (National) USAF working on ‘non-minor fix’ for F-22 oxygen problem. The U.S. Air Force (USAF) is working to modify the Lockheed Martin F-22 Raptor’s on-board oxygen generation system (OBOGS) with a new oxygen concentration schedule, Flightglobal.com reported September 25. ―The program office is in the process of implementing a change to the OBOGS concentration control schedule,‖ the USAF said. The modified schedule is designed to reduce the concentration of oxygen reaching the pilot’s lungs at lower cockpit altitudes. The high concentration of oxygen was identified (along with high g-forces) as the cause of acceleration atelectasis, a condition where air sacs in the pilot’s lungs collapse. It is the formal medical term for the so-called ―Raptor cough‖ that has afflicted F-22 pilots. Acceleration atelectasis was identified as a contributing factor to a series of physiological incidents that have plagued the USAF’s F-22 fleet from as far back as 2008. The main culprit, however, according to the the USAF, was a faulty valve in the Combat Edge upper-pressure garment. At present, the USAF is trying to figure out the best way to implement the modification to the digital OBOGS found on most of its F-22s. ―The change is not minor,‖ the USAF said. ―In addition to the concentration schedule change, the warning band needs to be modified to accommodate the new schedule. In order to change the warning band, other features need to be incorporated, such as an automatic back-up oxygen system.‖ The USAF is implementing the change now, after it rejected a similar modification proposed in 2005 due to cost reasons. Source: http://www.flightglobal.com/news/articles/usaf-working-on-non-minor-fix-for-f-22-oxygen-problem-376903/

 • U.S. Bank’s Web site was disrupted September 26 in a distributed denial of service attack, launched by a group of hacktivists who have claimed responsibility for similar cyberattacks against four other U.S. banks. – CSO Online

11. September 27, CSO Online – (International) Hacktivists strike U.S. Bank with volunteer-powered DDoS. U.S. Bank’s Web site was disrupted September 26 in a people-powered distributed denial of service (DDoS) attack, launched by a group of hacktivists who have claimed responsibility for similar cyberattacks against four other banks in the United States, CSO Online reported September 27. The attack involved hundreds of thousands of computers sending an overwhelming number of requests that downed the site for roughly an hour, according to a security researcher at FireEye. The disruption of U.S. Bank’s Web site came 1 day after a similar attack against Wells Fargo & Co. The group has taken credit for other attacks that occurred the week of September 17, against Bank of America, JPMorgan Chase, and Citigroup. A representative of U.S. Bancorp, which operates as U.S. Bank, confirmed it was under attack and experiencing disruptions. Rather than launch the attack from a network of compromised machines, called a botnet, the attackers are apparently using volunteers, the FireEye researcher said. Participants go to either one of two file-sharing sites and download a program written in a scripting language. Once the program is running, a person only has to click on a ―start attack‖ button to send continuous requests to the target’s Web site. This method makes it more difficult for authorities to stop the attack, because there are no control servers. The group had said on a Pastebin post that it would attack Wells Fargo September 25, U.S. Bank September 26, and PNC Financial Services Group September 27. Source: http://www.pcadvisor.co.uk/news/security/3400907/hacktivists-strike-us-bank-with-volunteer-powered-ddos/

 • A man was arrested for acting as an agent for chiropractic clinics and an injury hotline and paying a Florida hospital employee to illegally access patient data, according to federal authorities. – Orlando Sentinel

25. September 26, Orlando Sentinel – (Florida) FBI: Man paid hospital employee for patient data. The Orlando Sentinel reported September 26 that federal authorities said a central Florida man who acted as an agent for chiropractic clinics and a injury hotline paid a Florida hospital employee to illegally access patient data; he was recently arrested on a federal count of disclosure of prohibited information. Agents earlier arrested a suspected co-defendant in the case who used to work in the emergency department at Florida Hospital’s Celebration branch. The co-defendant was fired in July 2011 after officials learned he accessed the medical records of a Florida Hospital doctor fatally shot in a hospital parking garage in 2011. Officials then discovered he inappropriately reviewed 12,000 patient records in detail. After the co-defendant reviewed a patient’s data, he called the central Florida agent for chiropractic clinics, who would then call someone else who eventually called patients. Some patients began receiving phone calls within a week of their hospital visit from someone who offered them a lawyer or chiropractor referral. Investigators linked the two through telephone records and money payments. Source: http://articles.orlandosentinel.com/2012-09-26/news/os-florida-hospital-records-arrest-20120926_1_patient-records-hospital-employee-medical-records

 • A Phoenix filmmaker was arrested for allegedly videotaping his nephew dressed in a sheet while pointing a fake grenade launcher at passing cars to test police-response time. – ABC News

33. September 26, ABC News – (Arizona) Phoenix filmmaker arrested after allegedly staging terrorist hoax to test police response time. A Phoenix filmmaker was arrested for allegedly videotaping his nephew dressed in a sheet while pointing a fake grenade launcher at passing cars in an apparent terrorist hoax to test police-response time after the Aurora, Colorado, movie theater massacre, authorities said September 26. Police arrested the man September 24 after a nearly 2-month investigation. The filmmaker faces charges of knowingly giving a false impression of a terrorist act, endangerment, and contributing to the delinquency of his minor nephew, 16. Police said they responded 1 minute after they first received calls, but the video, which the man allegedly filmed July 28 and then posted on YouTube, apparently shows the fake terrorist roaming around a busy intersection for 15 minutes. ―They told us they were just making a movie,‖ said a Phoenix Police Department spokesman, adding that there was no arrest that day. The man apparently posted the video on YouTube 2 days after filming. He called it ―Dark Knight Shooting Response, Rocket Launcher Police Test.‖ The police spokesman said authorities became aware of the video a few weeks after they were called to the scene. Source: http://abcnews.go.com/US/phoenix-filmmaker-arrested-allegedly-staging-terrorist-hoax-test/story?id=17328758#.UGRiIJg81CY

Details

Banking and Finance Sector

10. September 27, Tampa Bay Times – (Florida) Identity thieves redirecting Social Security checks. A Social Security Administration (SSA) Inspector General (IG) told members of Congress in September of a ―recent rash‖ of fraudulent activity which he described as a ―serious issue facing SSA.‖ Fifty times a day, Social Security’s Office of the Inspector General got a report of an unauthorized change or attempted change to a direct deposit routing number, often resulting in a missed payment. The agency began tracking potential fraud reports in October 2011 and has logged 19,000, the IG said in a written statement to a House subcommittee on Social Security. Most victims had given out, or lost personal data to identity scammers. The payments then had their routing numbers altered. The IG’s statement described a need for better identity verification procedures in field offices, call centers, and at financial institutions. He focused on institutions that issue prepaid debit cards. People who receive Social Security benefits sometimes choose to have the money deposited on reloadable cards, purchased at retailers or online. The IG called the cards ―particularly tempting tools for benefit thieves.‖ Using reloadable cards was a lesson already learned by the Internal Revenue Service. Thieves often use prepaid debit cards to collect fraudulent tax refunds. The special agent in charge of the Secret Service’s Tampa office said Social Security check diversion could be the next wave of government fraud. Source: http://www.tampabay.com/news/publicsafety/crime/identity-thieves-redirecting-social-security-checks/1253598

11. September 27, CSO Online – (International) Hacktivists strike U.S. Bank with volunteer-powered DDoS. U.S. Bank’s Web site was disrupted September 26 in a people-powered distributed denial of service (DDoS) attack, launched by a group of hacktivists who have claimed responsibility for similar cyberattacks against four other banks in the United States, CSO Online reported September 27. The attack involved hundreds of thousands of computers sending an overwhelming number of requests that downed the site for roughly an hour, according to a security researcher at FireEye. The disruption of U.S. Bank’s Web site came 1 day after a similar attack against Wells Fargo & Co. The group has taken credit for other attacks that occurred the week of September 17, against Bank of America, JPMorgan Chase, and Citigroup. A representative of U.S. Bancorp, which operates as U.S. Bank, confirmed it was under attack and experiencing disruptions. Rather than launch the attack from a network of compromised machines, called a botnet, the attackers are apparently using volunteers, the FireEye researcher said. Participants go to either one of two file-sharing sites and download a program written in a scripting language. Once the program is running, a person only has to click on a ―start attack‖ button to send continuous requests to the target’s Web site. This method makes it more difficult for authorities to stop the attack, because there are no control servers. The group had said on a Pastebin post that it would attack Wells Fargo September 25, U.S. Bank September 26, and PNC Financial Services Group September 27. Source: http://www.pcadvisor.co.uk/news/security/3400907/hacktivists-strike-us-bank-with-volunteer-powered-ddos/

12. September 26, Federal Bureau of Investigation – (Ohio) Former Fifth Third Bank employee indicted in $12 million fraud scheme. A 44-count indictment was filed September 26 against a loan officer/vice president related to a scheme that resulted in the loss of $12 million while she was employed at a Fifth Third Bank in Toledo, Ohio. The loan officer and vice president falsified documents and submitted them to bank officials to obtain credit approval for large commercial loans that would have otherwise been declined, according to the indictment. In conjunction with these loans, she solicited and accepted a gratuity payment from the borrowers. She then attempted to conceal these funds by creating a fake consulting business under which she invoiced borrowers for services not performed and accepted the gratuities, according to the indictment. As a result of defaults upon these loans, the Fifth Third Bank of Toledo, Ohio, suffered a loss of approximately $12 million. Source: http://www.loansafe.org/former-fifth-third-bank-employee-indicted-in-12-million-fraud-scheme

13. September 26, Colorado Springs Gazette – (Colorado) Springs businessman indicted on fraud, racketeering charges. A Colorado Springs man was indicted by a Denver grand jury on 20 counts of securities fraud, conspiracy to commit securities fraud, and racketeering for allegedly using $8.5 million raised from 19 investors for his personal expenses and other businesses, the Colorado Springs Gazette reported September 26. An arrest warrant was issued for the man, who remains at large. The indictment alleges the man promoted vacation home investments between 2006 and 2011 through his company, called Continental Resort Homes, but instead of buying vacation homes he spent the money. He also allegedly overstated the assets, capital contributions, and number of investors in Continental Resort Homes and understated the company’s debts on its balance sheet, and allegedly lied to investors about the company owning two properties in which it had no ownership stake. The 19 investors are unlikely to recover their money since the company had no assets as of September 26, the date the indictment was handed down. Source: http://www.gazette.com/articles/wellens-145132-securities-fraud.html

Information Technology Sector

34. September 25, IDG News Service – (International) Symantec: Leaked Norton Utilities 2006 source code already published months ago. Hackers associated with the Anonymous hacktivist collective published the source code files for Symantec’s Norton Utilities 2006 product on The Pirate Bay BitTorrent Web site September 24, but according to the security vendor the same files were released in January. The Pirate Bay torrent was accompanied by a message in which the hackers referred to Symantec as ―the worst security vendor on planet Earth‖ and hinted that the release is not the result of a new security breach. Source: http://www.pcworld.com/article/2010584/symantec-leaked-norton-utilities-2006-source-code-already-published-months-ago.html

For another story see item 11 above in the Banking and Finance Sector
Communications Sector

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.