Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, October 16, 2008

Complete DHS Daily Report for October 16, 2008

Daily Report


 According to Newsday, a propane leak caused a blast at a drinking water pump station at the Brookhaven National Laboratory in New York on Monday night. Officials said a heavy ion particle accelerator at the lab, a quarter-mile from the water pump station, was never threatened by the blast. (See item 25)

25. October 15, Newsday – (New York) Brookhaven lab officials: Explosion no danger to public. Brookhaven National Lab officials stressed yesterday that there was “no risk to the general public” from a nighttime explosion at the facility. A propane leak caused a blast at a drinking water pump station at the Upton lab on Monday night. No one was hurt. Officials said the explosion was so loud it was reported by residents near the 5,000-acre government lab. The water pump station is a quarter-mile from a world-renowned heavy ion particle accelerator at the lab. Officials said the Relativistic Heavy Ion Collider, which is used to study the state of matter formed in the first microseconds of the universe, was never threatened by the blast that leveled the 680-square-foot concrete block pump building. In a prepared statement, officials also said local, county, and U.S. Department of Energy officials were all notified about the emergency. It is believed a leak caused propane gas to build up adding that a spark from other pumping equipment may have caused that gas to explode. The Suffolk County fire marshal was on site investigating the accident yesterday. A Brookhaven Lab spokeswoman said there was no evidence the explosion was linked to a malicious act. Source:,0,4964717.story

 reports that the Federal Trade Commission has shut down what it claims was the world’s largest network of spammers. The network had sent out billions of messages, according to the FTC which has received over three million complaints about the activities. (See item 33)

See the Information Technology section for details


Banking and Finance Sector

5. October 14, Baltic Course – (International) Young Estonian IT experts turn criminal. Bank and credit card fraud has apparently become the new trend crime among Estonians, as police reports suggest Estonia’s IT literate younger generations are adapting their expertise to criminal ends. Estonian police say that this new illegal enterprise has now become the most common criminal activity by Estonians abroad, a status previously held by drug smuggling. The focus on foreigners has not gone unnoticed internationally with the U.S. Department of State offering travel warnings highlighting the frequency of bank fraud, and particularly credit card fraud, in Estonia. Earlier this year the U.S. and the U.K. witnessed the biggest credit card fraud operations in their respective histories; both were IT based attacks and both involved Estonians. An Estonian man was involved in an 11 strong internet-based operation which breached over 40 million U.S. credit cards in August, while a fellow countryman was jailed in the U.K. in April after his gang of five was found to have stolen 17 million pounds (243.2 million Kroons or 21.9 million Euros) via internet infiltration. Source:

6. October 14, Bloomberg – (National) FDIC lifts coverage as customers flee Sovereign, WaMu. The Federal Deposit Insurance Corp. (FDIC) expanded deposit coverage as Sovereign Bancorp Inc. became at least the fourth major lender since July to suffer sudden withdrawals amid waning confidence in the banking system. The FDIC said today it will fully protect through 2009 non-interest bearing accounts that process payments for payrolls and are used by businesses. The new FDIC measures are aimed primarily at reassuring small-business owners. The FDIC said today it will also temporarily guarantee new senior unsecured debt such as commercial paper and transfers between banks. The agency in August said 117 banks were classified as “problem” in the second quarter, a 30 percent jump from the first quarter. The agency does not name the “problem” lenders. Source:

7. October 14, KGW 8 Portland – (Oregon) State warns consumers of banking scam. The Oregon Department of Consumer & Business Services (ODCBS) is warning Oregonians about a scam targeted at people looking for loans. According to ODCBS, scam artists working under the name Oregon Bankers Lending Network are offering loans that require an advance payment. However, victims who have wired money to the company found no loans existed. Ten arrests were made and ten arrest warrants issued following a raid by police officers at an apartment complex outside Toronto, Canada. Documentation of 21 fraudulent businesses was found related to the scams in Oregon. Source:

8. October 14, Contra Costa Times – (California) Scam targets customers of Butte Community Bank. Customers of Butte Community Bank are among those being targeted by scammers looking for credit card information. Customers are reporting to the bank that they have received night-time automated calls, saying that their credit card has been compromised and asking for their account numbers. The president of Butte said, “We find these things are coming from foreign countries.” One customer noticed the call emanating from a San Jose area code, but the phone number listed is for a legitimate Internet provider, which has been having problems with the scammers too. A technician, who declined to be identified, said his company filed complaints with the Federal Communication Commission and FBI over the use of its phone number by scammers. Source:

Information Technology

31. October 15, Webroot Software, Inc. – (International) Webroot(R) threat advisory: Hackers infecting computers with phony Verizon multimedia messages. Webroot has detected a new malicious download disguised as a legitimate multimedia message service (MMS). “We are now seeing hackers use the Verizon Wireless name to send spam e-mails to PC users who unknowingly open a fake MMS which launches a Trojan to drop infected files onto their computers,” said the director of Threat Research, Webroot. “Hackers typically use downloads like this to harvest users’ personal information -- not to mention soak up significant bandwidth from users’ computers.” PC users targeted with this fraudulent spam receive a MMS that, when opened, activates the download of a file called “VerizonMMS.4837192. “ Once downloaded, the file instantly infects the PC with malware and also establishes connections to external Web sites that infect the computer with additional malware. “While it’s no surprise hackers continue to evolve how they attack PC users, the sheer volume of Verizon Wireless customers who may be deceived by this new threat means its effect may be significant,” said Webroot’s senior vice president and general manager of Consumer Business. Source:{006A2E51-190D-4B06-A93F-B79070311461}&dist=hppr

32. October 14, Computing SA – (International) Malicious security update spammed out, coincides with Patch Tuesday. IT security and control firm, Sophos, is warning computer users to be on their guard following the discovery of a malicious Trojan horse spam campaign disguised as Microsoft’s monthly security bulletin. The messages were first discovered Monday and continued to cause problems October 14, coinciding with Microsoft’s monthly ‘Patch Tuesday’ cycle - when the software giant issues an update of genuine critical patches. Samples intercepted at SophosLabs have the subject line ‘Security Update for OS Microsoft Windows’ and claim to come from Steve Lipnser at Running the attached file infects Windows computer users with the Mal/EncPk-CZ Trojan horse, and could give hackers control over your PC. ”Computer users need to learn that Microsoft never sends out security updates as e-mail attachments, and that they should always visit the genuine Microsoft Web site, or use automatic updating processes, to keep their systems current,” says the CEO of regional Sophos distributor, Sophos SA. ”By timing their attack to coincide with Microsoft’s genuine monthly patch cycle, the spammers are hoping to trick more unwary computer users who might be awaiting the update, keen to defend themselves against future cyber attacks,” he says. Sophos recommends that all computer users exercise caution when opening unsolicited e-mails, and ensure they are fully defending against attacks, including spam, phishing and malware. Source:

33. October 14, – (International) FTC shuts down major spam network. The Federal Trade Commission (FTC) has shut down what it claims was the world’s largest network of spammers. The network had sent out billions of messages, according to the FTC which has received over three million complaints about the activities. With spammers in Australia, New Zealand, China, India, Russia, Canada, and the U.S., the group is estimated to have been responsible for up to a third of all junk email. “The defendants used spam email to sell prescription drugs. They claimed that the medications came from a bona fide US-licensed pharmacy that dispenses FDA-approved generic versions of drugs such as Levitra, Avodart, Cialis, Propecia, Viagra, Lipitor, Celebrex and Zoloft,” said the FTC. “In fact, the defendants do not operate a US-licensed pharmacy. They sell drugs that are shipped from India.” The FTC named two individuals as responsible for the spam network - a New Zealand citizen living in Australia, and a resident of Texas - and four companies they control: Inet Ventures Pty, Tango Pay, Click Fusion and TwoBucks Trading. The FTC already has a $2.2 million judgment outstanding against Atkinson from a case in 2005 over a similar spamming incident. Source:

Communications Sector

34. October 15, Associated Press – (National) Researchers expect hackers to prey on cell phones. Security researchers say cell phones, and not just PCs, are the next likely conscripts into the automated armies. The mobile phone as zombie computer is one possibility envisioned by security researchers from Georgia Tech in a new report coming out Wednesday. The report identifies the growing power of cell phones to open a new avenue of attack for hackers. Of particular concern is that as cell phones get more computing power and better Internet connections, hackers can capitalize on vulnerabilities in mobile-phone operating systems or Web applications. Botnets, or networks of infected or robot PCs, are the weapons of choice when it comes to spam and so-called “denial of service attacks,” in which computer servers are overwhelmed with Internet traffic to shut them down. For example, botnets were used against Estonia’s government and financial Web sites in a devastating wave of attacks last year. Source:

No comments: