Monday, November 24, 2008

Complete DHS Daily Report for November 24, 2008

Daily Report


 Bloomberg reports that Delek U.S. Holdings Inc. temporarily halted production at its Tyler, Texas, refinery after an explosion and fire Thursday that killed one worker. (See item 1)

1. November 21, Bloomberg – (Texas) Delek halts production at Texas refinery, worker dies. Delek U.S. Holdings Inc. temporarily halted production at its Tyler, Texas, refinery after an explosion and fire Thursday that killed one worker, the company said in a statement on its Web site. The blast occurred at approximately 2 p.m. in the saturates gas plant at the Texas refinery, a separate statement from the unit of Israeli holding company Delek Group Ltd. showed. “There has been one fatality resulting from a fire,” the company said. “The cause of the incident and the extent of the damage to the refinery have not yet been established.” The man died overnight after being airlifted to a medical center with burn injuries, KLTV reported. At least six workers were provided medical treatment after the blast. Source:

 According to the Associated Press, Federal Bureau of Investigation officials said Friday they arrested a man who allegedly threatened to blow up the Paul Brown Stadium in Ohio and other area landmarks. (See item 36)

36. November 21, Associated Press – (Indiana; Ohio) Man arrested in Bengals’ stadium bomb threat. FBI officials said Friday they arrested a man who allegedly threatened to blow up the Cincinnati Bengals’ stadium and other area landmarks. The 42 year old man is accused of sending e-mails to two local media outlets and to the FBI threatening Paul Brown Stadium, four bridges over the Ohio River, the Cincinnati/Northern Kentucky International Airport, and an Indiana casino, a FBI spokesman said. The man was arrested Thursday at a hotel in Erlanger, Kentucky, and was being held on federal charges of making bomb threats and distributing a bomb hoax. The man’s father said his son has mental issues and is on medication and he said he doesn’t believe his son really planned to carry out any threats. Source:


Banking and Finance Sector

10. November 21, Philadelphia Inquirer – (Pennsylvania) Six charged with bilking settlement funds. Six people, including two from the Philadelphia region, were charged Thursday with fraud in an alleged scheme to use dummy corporations, fake brokerage accounts, and virtual offices to steal $41 million from settlement funds that were themselves set up to resolve earlier securities-fraud cases. An accountant with a firm that was paying out investor claims from those settlement funds was labeled the “eyes and ears” for the group, advising a coconspirator on when to submit fraudulent claims and on the availability of funds. The funds had about $4.5 billion in assets. The acting U.S. Attorney said that the ring went to great lengths to make the claims seem legitimate. One member of the group, she said, even traveled to Singapore to mail documents to help make a fake company. Source:

11. November 21, Vicksburg Sun Herald – (Mississippi) Telephone scam targets bank information. Authorities say Trustmark National Bank customers should beware of a telephone scam designed to obtain bank account information. The chief information security officer for the Jackson-based Trustmark said people should not give their information in response to an automated call. The scam consists of an automated message that tells customers their account has been compromised and their debit cards were deactivated as a safety precaution. Listeners are then given the option to reactivate their cards by entering their personal and account information. Source:

12. November 20, Washington Post – (International) Web fraud 2.0: faking your Internet address. One of the casualties from the unplugging of McColo Corp. is, a Web service that offered paying customers the ability to hide their identities online by routing their traffic through computers controlled by others. Fraudcrew, which has not been charged with any crime, offered subscribers a point-and-click way to mask the source of their Internet connections, so that Web sites could not tell the true location of visitors using the service. The site was advertised heavily on Russian online forums catering to computer hacking and identity theft. There are a number of services like those offered by Fraudcrew (Security Fix profiled another one earlier this year) that not only aid in hiding one’s identity online, but could also defeat security measures put in place by financial institutions. These masking services provide a software program that allows the user to pick from a drop down list of Internet addresses to proxy through. For example, if a user in Ukraine has stolen the user name and password that Joe from St. Louis uses to access his bank online, that user can simply select a node in the proxy list that is in St. Louis, and the bank site will be none the wiser that the person logging in is not actually in St. Louis. “Although this type of technology isn’t new, it’s the first time I’ve seen it used like this for obviously criminal reasons,” said the director of security research and communications at McAfee AVERT Labs. Source:

13. November 20, Southampton Press – (New York) Quogue mayor’s investment firm also indicted on fraud charges. Melhado, Flynn & Associates (MFA), the Manhattan-based investment firm headed by the Quogue Village mayor, has been indicted by the U.S. Attorney’s Office and charged with felony fraud and altering documents in an attempt to impede the subsequent investigation. The indictment comes several months after the mayor was indicted on the same charges. The indictment accuses the company and the mayor, who owns 9.3 percent of MFA and serves as its chief executive officer, of “cherry-picking” profitable accounts for the investment firm over a four-year period, and altering documents in an attempt to impede a subsequent investigation by the U.S. Securities and Exchange Commission. The mayor and MFA were each charged with one count of security fraud and one count of document alteration for illegally earning more than $1.4 million for the investment company from November 2000 until June 2005, according to a copy of the indictment. Source:

14. November 20, – (International) European police forces smash international bank card scam gang. Authorities in Belgium, Ireland, Romania have smashed a Romanian crime gang which specialized in copying bank cards and operated worldwide, the Belgian prosecutor’s office said Thursday. The gang acting “on a global level” from their Belgian base, according to the Belgian authorities, is suspected of defrauding card users of millions of Euros. In Europe there were victims of their hi-tech “skimming” operations in Britain, Cyprus, Germany, Ireland, Italy, the Netherlands, Spain, Turkey and Romania itself. There were more suspected victims in Australia, Canada, the Dominican Republic, Morocco and New Zealand, the public prosecutor’s office said in a statement. A total of 34 police raids involving 250 officers were made in six EU nations — Belgium, Britain, Germany, Ireland, Romania and Spain. In those operations a total of 15 people were arrested. Source:

Information Technology

32. November 21, ZDNet – (International) Mac OS X targeted by Trojan and backdoor tool. Two pieces of malicious software affecting Apple’s Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker’s choice, and a hacker tool for creating backdoors, according to security vendors. The Trojan — called ‘OSX.RSPlug.D’ by Intego, the Mac security specialist that discovered the threat — is a variant on an older piece of malicious code but with a new installer, Intego said. “It is a downloader, and it contacts a remote server to download the files it installs,” Intego said in an advisory. “This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs.” In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user’s internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements. Intego said OSX.RSPlug.D has been widely confused with a separate threat publicised this week by several security firms. That threat is called OSX.TrojanKit.Malez by Intego and OSX.Lamzev.A by other vendors, including Symantec and Trend Micro. Security vendors have long warned that the Mac platform is not as secure as some users might like to believe. Apple had not responded to a request for comment at the time of publication Source:,1000000189,39559174,00.htm

33. November 20, IDG News – (International) Researchers find vulnerability in Windows Vista. An Austrian security vendor has found a vulnerability in Windows Vista that it says could possibly allow an attacker to run unauthorized code on a PC. The problem is rooted in the Device IO Control, which handles internal device communication. Researchers at Phion have found two different ways to cause a buffer overflow that could corrupt the memory of the operating system’s kernel. In one of the scenarios, a person would already have to have administrative rights to the PC. In general, vulnerabilities that require that level of access somewhat undermine the risk since the attacker already has permission to use to the PC. But it may be possible to trigger the buffer overflow without administrative rights, said Phion’s director of endpoint security software. The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, the director said. Phion notified Microsoft about the problem on October 22. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009. Source:

34. November 19, Dark Reading – (International) Broadband explosion in China and India to fuel bots, spam. Botnet operators have begun to quietly expand their recruiting efforts to China and India, as broadband adoption begins to take off in these countries. China and India will reach a nearly 30 percent rate of broadband adoption to the home during the next one to two years, providing botnet operators access to more potential bot victims, chief security analyst for MessageLabs says. “That will have implications that the whole world will feel,” he says, like when the broadband wave hit the United States and Europe around 2003. “The Sobig virus [here] in January of 2003 was no coincidence. It was about exploiting broadband,” he says. Source:

Communications Sector

35. November 21, WSB 750 Atlanta – (Georgia) State outsources IT work. The State of Georgia has decided to contract out its Information Technology operations. The governor announced AT&T and IBM were the sole bidders on two separate contracts worth $346 million and $873 million respectively. “Providing technology services is not a core competency of state government…we’ve tried and its not one of the things that we do best,” he says. He cites crashing servers as well as leaky roofs and rodents in the office building that houses the state’s primary data system. “I was frightened because I could not guarantee Georgia citizens that their data was secure or that we were spending our IT dollars in the best way possible,” he says. Source:

Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 21, 2008

Complete DHS Daily Report for November 21, 2008

Daily Report


 According to Bloomberg, shippers controlling almost a quarter of the global fleet of crude-oil supertankers may avoid Egypt’s Suez Canal after an increase in piracy off east Africa, potentially raising the cost of delivering the commodity. (See item 1)

1. November 20, Bloomberg – (International) Oil supertankers may avoid Suez on Somalia piracy. Shippers controlling almost a quarter of the global fleet of crude-oil supertankers may avoid Egypt’s Suez Canal after an increase in piracy off east Africa, potentially raising the cost of delivering the commodity. A.P. Moeller Maersk A/S, Europe’s biggest shipping line, Thursday became the first company to say it will divert oil tankers to sail around South Africa, following the lead of Norwegian chemicals shipping line Odfjell SE. Euronav NV, TMT Co. Ltd., BW Shipping Managers Pte, and Frontline Ltd. say they are reviewing whether to reroute their oil tankers. Avoiding the Suez Canal will delay oil deliveries and reduce the supply of available vessels. There have been at least 88 attacks against ships in the area since January, and Somalian pirates are holding 250 crew hostage on board 14 merchant vessels. Source:

 Pasadena Star-News reports that five branches of the Department of Children and Family Services in California received letters Monday containing a white powdery substance. A statement from the Los Angeles County Board of Supervisors identified the substance found at the Lancaster office as arsenic. (See item 17)

17. November 18, Pasadena Star-News – (California) Mailed powder raises alarm at government buildings. Five branches of the Department of Children and Family Services received letters Monday containing a white powdery substance and what investigators called rambling political rhetoric, authorities said. Authorities said Tuesday no one at any of the offices targeted – in El Monte, West Covina, Lancaster, Baldwin Hills and Chatsworth - exhibited any symptoms of illness as a result of coming into contact with the powder. Police have no suspects. Hazardous materials crews who responded to the El Monte DCFS office about 2:30 p.m. Monday initially believed the powder was rat poison, an El Monte police Lt. said. However, FBI officials are conducting further tests. The Los Angeles County Board of Supervisors voted unanimously Tuesday to authorize a $20,000 reward for information leading to the arrest and conviction of whoever sent the substance to the Lancaster office. A statement from the Board identified the substance found at the Lancaster office as arsenic. The FBI’s Joint Terrorism Task Force is working with the postal inspection services on the case. Source:


Banking and Finance Sector

9. November 20, Newsday – (New York) Glen Head millionaire accused of stealing $50M. A Glen Head millionaire who was a key figure in a Congressional corruption scandal has been accused in a lawsuit by a mortgage company of involvement in a scheme to steal more than $50 million through a network of companies in the New York City and on Long Island. The 60-year-old, who is serving an 8-year federal prison sentence for laundering bribes paid to a former Representative from California, was sued last week by DLJ Mortgage Capital Inc. of Manhattan in federal court over what the firm claims was a massive scheme lasting several years. During recent sentencing proceedings in San Diego federal court involving the bribery case, a prosecutor told the Judge that there is evidence the defendant and some of his relatives were involved in mortgage fraud and that there was a pending investigation. The assistant U.S. attorney told the judge the probe was “very much an ongoing investigation” that would last until the end of the year. According to the lawsuit, the scam involved “at least 95 real estate sales and mortgage loan transactions sold to DLJ and other financial institutions.” The defendant’s wife and other relatives, as well as attorneys, title agents, and various companies were also sued. An attorney for DLJ Mortgage Capital said the firm was seeking to attach or freeze assets of the defendant and other defendants. Source:,0,7896600.story

10. November 20, McClatchy-Tribune Information Services – (International) PayPal users frozen out of accounts. PayPal users are being locked out of their accounts after changing their default currency setting, leaving them with no way to access or withdraw their money. “I’ve been getting this error since two weeks, I can’t login to my account, I can’t pay for my bills, I can’t withdraw money, nothing,” complains one user on the Ebay support forum. The complaints date back to the end of September, but many customers are yet to have their problems resolved by PayPal’s technical support team. Source:

11. November 20, Newsday – (New York) Feds accuse 16 in LI mortgage fraud schemes. Federal officials Wednesday arrested 16 people who they said were involved in two multimillion-dollar Long Island mortgage fraud schemes, including one suspected of being tied to a drug distribution ring. The schemes are believed by investigators to have bilked lenders of a total of $13.9 million through finance companies in both Nassau and Suffolk counties. Brooklyn federal prosecutors said one of those arrested controlled Property Cash Inc. of Greenlawn. According to an indictment unsealed yesterday, Property Cash was nominally in the name of his girlfriend who was also charged. Federal agents also arrested another suspect, who according to court papers controlled Home Cash Inc. of Huntington Station. According to the indictment, the defendants used straw buyers with good credit to fraudulently obtain mortgages to pay for homes in Huntington, Greenlawn, Bay Shore, and Uniondale at inflated prices. The defendants gained control of the properties through use of a “foreclosure rescue scheme” in which they promised homeowners in danger of defaulting on their mortgages that they could sign their properties over to Home Cash or Property Cash, a method that stole the equity, the indictment charged. The various straw buyers, who were paid up to $10,000 for their participation, had their credit inflated by the defendants, the indictment stated. Once the defendants acquired the properties, they flipped them at prices inflated with the help of licensed appraisers, prosecutors charged. The scheme lost lenders $8.8 million, prosecutors said. Source:,0,6861797.story

12. November 19, McClatchy-Tribune Information Services – (Texas) First National warns of phishing scheme. Some First National Bank of Bryan, Texas, customers have been receiving e-mails that appear to be from the bank asking account holders to update their information on the bank’s Web site. The e-mail directs users to a fake site that mirrors First National’s online banking site. The mirror site was designed to fool customers into revealing personal account information. The fake Web site has been shut down, but new impostor sites are likely to continue popping up, said the president and chief operating officer of Prosperity Bank, which acquired First National Bank of Bryan this month. Source:

Information Technology

33. November 20, Byte and Switch – (International) Online backup moves out of the data center. Traditionally, backup systems focused on making copies of information stored on central servers. With the growing acceptance of mobility (wireless connections, laptops, cell phones), information is no longer always stored centrally, and that change has made the challenge of properly securing information more difficult for IT managers. “Addressing mobility issues will be the online backup industry’s biggest challenge during the next few years,” said the vice president for channels at Asigra Inc. Users represent a large part of that challenge. “If a company gives users the responsibility of backing up data, chances are they won’t do it consistently or correctly,” said the vice president of marketing at Mozy, the online backup service that is part of Decho, a newly created unit of EMC Corp. Management tools to oversee a large number of employees are just evolving. “In many cases, it is difficult for IT departments to consolidate backup information for multiple machines,” said the principal research analyst at Gartner Inc. Currently, there is virtually little to no integration between the desktop backup systems and services used to protect corporate servers. The number of devices that end users rely on is changing, but most of these services primarily support Microsoft Windows machines. Some can restore files generated on a Macintosh or Linux computer, but few of the services work with new devices, such as smartphones. Source:

Communications Sector

34. November 20, TechNews World – (National) NASA tests new deep-space cyber-net. NASA’s Jet Propulsion Laboratory has tested a communications network that facilitates data communication over millions of miles. They are calling it the “Interplanetary Internet,” though it’s based on technology that differs from the Web’s standard TCP/IP method. Earthbound Net traffic presumes connections will remain constant, but in space, connection interruptions must be expected. The software protocol was a joint venture between NASA and a vice president at Google. To communicate across millions of miles, the Interplanetary Internet needs to be robust enough to withstand the delays, disruptions and disconnections that are inherent when relaying data through space. Unlike TCP/IP on Earth, the new DTN protocol used by the system does not assume a continuous end-to-end connection, according to NASA. In its design, if a destination path cannot be found, the data packets are kept rather than discarded. Each network node maintains custody of the data for as long as necessary until it can safely communicate with another node. This means data can be sent without worry that it will be lost if an immediate path to the destination does not exist at that time. Source:

35. November 19, Agence France-Presse – (International) Damaged Nigerian satellite can’t be recovered: officials. A Nigerian satellite launched last year has failed and cannot be recovered, officials said on Wednesday. The satellite — which was launched to provide phone, broadband Internet, and broadcasting services to rural Africa — was switched off last week due to a battery charging problem. “We don’t think we can recover it,” a spokeswoman of the satellite’s managing firm, Nigerian Communications Satellite Limited (NigComSat), told AFP. On Tuesday, the head of NigComSat told lawmakers in the administrative capital Abuja that efforts to recover power supply had failed. “The satellite has now been maneuvered to the parking orbit and cannot be recovered for use again,” he said, noting that to leave it in its previous orbit would have risked loss of control and possible damage to other satellites. The $257 million Chinese-built satellite was launched into space from China in May 2007. Source:

36. November 19, Information Week – (National) Verizon-Alltel merger nearly done, U.S. Cellular next? The Federal Communications Commission this week removed the last hurdle in the path of Verizon Wireless’ acquisition of Alltel, raising the possibility that U.S. Cellular may become the next acquisition target. The FCC has marked five more small markets for divestiture, with U.S. Cellular being one of the last standing major wireless providers in the country. In adding to its earlier approval of the Verizon-Alltel deal, the FCC told Verizon that it will have 120 days after the deal is closed to divest itself of a total of 105 markets. The divestiture list has gradually grown from the 85 markets Verizon originally suggested to the 105-market final figure, but still far short of the 218 markets that originally had been marked for divestiture consideration. That leaves U.S. Cellular, the sixth largest cell phone service provider, as the last major provider standing. It has 6.2 million subscribers and it uses the same CDMA infrastructure utilized by Verizon and Alltel, making an acquisition relatively easy. When Verizon and Alltel are merged, their combined assets will make the company the largest cell phone provider in the United States. Source: