Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, September 10, 2008

Complete DHS Daily Report for September 10, 2008

Daily Report


 According to the Associated Press, one person was hospitalized with chemical burns and about 29 others were taken to hospitals for evaluation after a chemical explosion on Monday at a company that makes gold and silver alloys in Attleboro, Massachusetts. (See item 7)

7. September 9, Associated Press – (Massachusetts) 1 severely hurt as chemical explosion rocks Attleboro plant. On Monday, one person was hospitalized with chemical burns and about 29 others were taken to hospitals for evaluation after a chemical explosion in Attleboro, Massachusetts. Workers at Stern-Leach Co., which makes gold and silver alloys, caused the minor explosion when they tried to mix sodium cyanide and hydrogen peroxide solutions totaling about 2.5 gallons under a fume hood, said a spokesman for the state Department of Environmental Protection. A fire captain said 19 people were taken to Sturdy Memorial Hospital in Attleboro and 10 others to Pawtucket Memorial of Rhode Island as a precaution. Company employees routinely mix the chemicals, and there was no immediate explanation for the explosion, said the DEP official. About 200 people evacuated the building shortly after the blast, a fire captain said. He said 29 people were decontaminated at the scene by hazardous materials crews. Source:

 The Wall Street Journal reports that the Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism has advised that the next U.S. president should put more emphasis on countering biological threats as part of a rethinking of national security strategy. (See item 34)

34. September 9, Wall Street Journal – (National) WMD panel urges focus on biological threats. The next U.S. president should put more emphasis on countering biological threats as part of a rethinking of national security strategy, according to early assessments from the leaders of a commission investigating the threat from weapons of mass destruction. Both biological and nuclear threats are significant in their ability to kill hundreds of thousands, but a biological attack is easier to launch and harder to combat because many biological weapon components are widely available and have benign uses, said the chairman of the Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism. The first hearing examining the nature of the threat is to be held September 10 in New York. The commission’s final recommendations are due in mid-November. Multiple assessments of government progress against security threats are planned for release this week, timed to the seventh anniversary of the 2001 terrorist attacks. A report from the Project on National Security Reform, a separate government-funded initiative analyzing the government’s national security apparatus, is due out next month. Source:


Banking and Finance Sector

15. September 8, Reuters – (National) Big payments are expected in credit default swaps. The government’s takeover of Fannie Mae and Freddie Mac may lead to one of the largest ever payments in the credit default swap market, analysts said on Monday. Losses to protection sellers, however, are expected to be minimal because of the high trading levels of the $1.6 trillion of outstanding Fannie Mae and Freddie Mac debt. Credit default swaps are used to hedge against the risk of borrowers defaulting on their debt, or to speculate on a company’s credit quality. They trade in the private market, so the actual amount of protection written on Fannie Mae’s and Freddie Mac’s debt is hard to estimate. When a credit event occurs, sellers of protection pay buyer the full amount insured, and the buyer gives the seller debt underlying the contracts or a cash sum based on the debt’s value. The high trading levels of agency debt, which in most cases is trading at or near par value, will make settling the contracts different from contracts initiated by defaults, which typically recover little. “If bonds rally and trade close to par, recovery could be close to 100 percent, with sellers of protection having little to pay out despite a technical default,” CreditSights analysts said on Monday. Source:

Information Technology

37. September 9, Homeland Security Today – (National) Nonprofit introduces information security metrics. The nonprofit Center for Internet Security Tuesday introduced initial metrics for the benchmarking of information security, providing government agencies and private companies with the means to objectively measure the security of their computer systems. The Center for Internet Security, formed in 2000, had previously dedicated itself to the development and distribution of free security configuration benchmarks, which have been embraced by the likes of the U.S. National Institute of Standards and Technology and other government agencies as a means of regulatory compliance. While the nonprofit organization will continue to distribute those benchmarks, it also will distribute the information security metrics free of charge in hopes of their widespread adoption as a basis for establishing external benchmarks for measuring security progress. While the center will release the information security metrics free, it also will roll out a service to measure those metrics for its member companies sometime in November. Source:

38. September 8, CNET News – (National) Twitter page used to pass malware. In yet another new way to infect people, criminal hackers are using a Twitter page, according to one security researcher. In a blog, the director of malware research for Facetime explained how a Twitter page is being used to lure victims. To lend credibility to his discovery, the Twitter page lists 17 followers; however, each appeared to be fraudulent. The messages, written in Portuguese, attempt to get visitors to download a photo album. In order to view the album, you will need to download a Flash update, which is really the infection files themselves. The director and his team have identified the infection as Orkon. Once installed, the infected files do various things to the compromised desktop, such as attempt to gain your Orkut account log-in information, or displaying a browser image of a man identifying himself as the “Trickster.” Source:

39. September 8, ComputerWorld – (National) Flawed Trend Micro antivirus update cripples PCs. Antivirus updates issued by Trend Micro Inc. on Friday crippled Windows XP and Vista PCs when they mistook several critical system files for malware, and blocked access to those files. Some users have yet to regain control of their PCs, according to an e-mail sent to Computerworld. Two signature updates that Trend Micro released Friday for its most popular consumer security software incorrectly identified up to eight different Windows files as Trojans, then quarantined those files, thinking they were dangerous. The updates were issued to users running Trend Micro’s AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008. In some cases, quarantining the files prevented the PC from booting. When it realized that the updates were flagging innocent files, Trend Micro issued a replacement signature update. Source:

Communications Sector

40. September 9, USA Today – (North Carolina) Pioneer Wilmington, N.C., flips switch to all-digital TV. On Monday, Wilmington, North Carolina, became the United States’ first all-digital TV market. Early next year, the rest of the country will follow. The Federal Communications Commission (FCC), overseeing the nationwide conversion, says it will take a few days, at least, to gauge success. But early signs are good, says the chairman of the FCC. Source:

41. September 8, CNET News – (National) Maverick Mobile secures lost or stolen phone data. Maverick Mobile announced a new application at DemoFall on Monday that helps people locate their lost or stolen phone, as well as track the phone, retrieve the phone book, and disable the device remotely. If the SIM card is replaced, the application sends information about the new account, as well as call logs and messaging history, to a remotely controlled reporting device that helps the owner track down the phone. All the contacts can be remotely transmitted from the phone to its owner via SMS using the data plan of the thief. The owner also has the ability to render the phone unusable by remotely setting off a loud alarm to play on the device or disabling the phone. Source: