Department of Homeland Security Daily Open Source Infrastructure Report

Friday, December 12, 2008

Complete DHS Daily Report for December 12, 2008

Daily Report


 The Treasure Coast Palm reports that Molotov cocktails were thrown at or near law enforcement vehicles parked at investigators’ homes in Port St. Lucie, Florida, on Saturday. (See item 20)

20. December 11, Treasure Coast Palm – (Florida) Molotov cocktails thrown at 2 law enforcement vehicles parked at homes. In Port St. Lucie, Florida, Molotov cocktails reportedly were thrown at or near law enforcement vehicles parked at investigators’ homes Saturday night, and federal authorities are offering a $5,000 reward for information that leads to the arrest and conviction of those responsible, according to a police spokesman Wednesday. The incidents happened Saturday between 10:25 p.m. and 10:55 p.m. at residences about 3 miles apart in the city’s southwest section. The first involved a Molotov cocktail discovered about 100 feet from a marked Martin County Sheriff’s Office patrol car. The second involved a Molotov cocktail thrown at an unmarked Port St. Lucie police vehicle. The cocktail appears to have landed a couple of feet away from the white vehicle before bursting into flames. “It’s obviously a concern of ours that someone could be possibly targeting law enforcement,” said a police spokesman. The vehicles were unoccupied at the time, and no one was injured. Police are investigating several leads. The spokesman said the same type of bottles was used in the incidents. The bottle did not break in the first incident. Two witnesses gave similar descriptions of a suspect vehicle, a light colored sport utility vehicle, possibly a Jeep Cherokee. Source:

 According to the San Francisco Chronicle, a city-funded study says that without a seismic retrofit, 80 percent of San Francisco’s weakest wood-frame buildings are expected to collapse or to suffer damage beyond repair in the large earthquake scientists say will hit the city within decades. (See item 28)

28. December 11, San Francisco Chronicle – (California) SF ‘soft-story’ buildings at risk in quake. Without a seismic retrofit, 80 percent of San Francisco’s weakest wood-frame buildings are expected to collapse or to suffer damage beyond repair in the large earthquake scientists say will hit the city within decades. Results from an ongoing seismic safety study show that 2,800 wood-frame buildings that house nearly 60,000 residents and 7,000 employees would sustain $4 billion in damage. Retrofits, the study estimates, would dramatically reduce the damage but could cost more than $130,000 per property. So far, the city-funded study has focused on less than 10 percent of the city’s residential units that are believed to be seismically unsafe. The initial study results announced Wednesday are part of the city’s first endeavor to fully understand the health, safety, and economic risk posed by the city’s buildings during a major earthquake. The work factored in a temblor of magnitude 6.9 (Loma Prieta) to 7.9 (1906 quake). A Chronicle report in June highlighted the fact that the city had no strategy for fixing the vulnerable structures despite the fact that the danger had been known for decades. Earthquake experts said the study demonstrated that the soft-story structures represent a tremendous risk to the city. The study will continue for at least another year and a half and will examine other building types. Source:


Banking and Finance Sector

7. December 11, Amarillo Globe-News – (Texas) Text scam targets Sprint users, asks for ANB card information. Amarillo police and the FBI are investigating a scam to cheat Amarillo National Bank customers. Sprint mobile phone customers whose numbers have 517 and 206 prefixes have received text messages from someone claiming to be the bank using the number 806-553-5778, said a fraud investigator. The messages say customers’ cards have been deactivated and they must call a number to reactivate it, the fraud investigator said. When they call, a recording picks up, and they are told to input their 16-digit card number, the CV number and then their pin, he said. The fraud investigator said as of Wednesday, the scam has cost ANB about $3,000. Source:

8. December 10, Baltimore Business Journal – (National) Federal government unveils credit union initiatives. The National Credit Union Administration (NCUA) unveiled a plan Tuesday to bring liquidity to the credit union system. Under the plan, called the Credit Union System Investment Program, retail credit unions will get money from the NCUA that they must invest in corporate credit unions. Corporate credit unions lend money to retail credit unions, but have run into liquidity problems of late and are unable to lend as much money as retail credit unions need. The investment from retail credit unions will allow corporate credit unions to pay off other debts and free up collateral, allowing them to turn around and lend more money into retail credit unions. The NCUA took the roundabout approach because it is not allowed lend money directly into corporate credit unions. It is not clear how much money the NCUA would lend to through the program, which will be funded on a monthly basis from January through June 2009 through the agency’s Central Liquidity Facility. The NCUA also gave details Tuesday on a separate $2 billion plan to help credit unions modify mortgages for delinquent borrowers. The plan, called the Credit Union Homeowners Affordability Relief Program, was first announced in November and aims to provide relief to 10,000 households. Source:

9. December 10, WKZO 590 Kalamazoo – (Michigan; National) Spicy Pickle secures transactions. The Spicy Pickle restaurant in Portage, Michigan, was recently the target of computer hackers who stole credit and debit card numbers of customers and used the numbers fraudulently. The restaurant has a secure system in place. The co-owner says the FBI has been investigating fraud cases across the country for seven months and they were just the latest victims. “There is a similar thread to all of it and it keeps leading to one particular software manufacturer,” says the co-owner, adding that he is not at liberty to say which manufacturer that is. “It is a popular software that is used by thousands of restaurants throughout the country.” Another co-owner says the FBI told them it was likely the work of an international group, possibly in Romania. “They were able to get the numbers and then they were able to reproduce the cards and then sell off the cards online,” says the other co-owner. Source:

Information Technology

23. December 11, – (National) U.S. authorities crack down on scareware scam. The Federal Trade Commission has succeeded in getting a court to freeze the activities of two companies that have been behind a massive scareware scam. Innovative Marketing, Inc. and ByteHosting Internet Services, LLC were named in the legal case as being behind a scam where computer users were told that their computers were infected with viruses when they visited a Web page. The virus warning includes a link to a Web page where the viewer could buy antivirus software such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus for $39.95 or more. Up to one million Americans may have fallen for the scam. The U.S. District Court for the District of Maryland heard that the two companies duped advertising networks into believing that they were running legitimate advertising. However, code was inserted into adverts that redirected viewers to Web pages that claimed to have detected the viruses. The court has now frozen the activities of the two companies and is trying to get financial compensation for those people fooled by the scam. However, this may be difficult as Innovative Marketing is a company incorporated in Belize that maintains offices in Kiev, Ukraine. ByteHosting Internet Services is based in Cincinnati, Ohio, and the court is taking action against that company. Source:

24. December 11, – (International) Data leak risks due to improper tape destruction. Patient health records, social security numbers, bank account numbers and internal auditing procedures are examples of the kinds of information that is unknowingly leaking out of data centers. This trend is the result of companies improperly disposing of used data storage products at end-of-life, including a growing practice of selling used computer tape cartridges to recertifiers. “All used data storage products, whether optical discs, flash, hard drives, or tape media, must be properly retired and disposed of in order to protect against possible data leaks. Despite the data storage industry’s warnings, companies continue to put themselves at risks. Imation wants to remind data centers that the only way to securely dispose of used tape media is through a reputable tape destruction service that provides a ‘certificate of destruction.’” said a vice president at Global Commercial Business, R&D and Manufacturing, Imation. “Tests in our lab of more than 100 commercially obtained tape cartridges confirmed that significant data “leakage” is occurring as a result of the practice of recertifying instead of properly destroying used tape. We take this issue seriously, because Imation’s business is centered on security in data storage and our products are being resold and reused in ways that can compromise a company’s information.” With today’s high-capacity cartridges, significant amounts of data may be left intact and exposed to unwanted breaches. According to the Privacy Rights Clearinghouse, as of early October 2008, more than 245 million personal records have been exposed as the result of data breaches in the last three years alone, and that number is on the rise. In addition, the Ponemon Institute study found that more than 90 percent of data breaches occur in digital form and the costs associated with data loss are rising into the billions of dollars each year. Source:

25. December 10, DarkReading – (International) Koobface Worm targets MySpace, other sites. The Koobface worm which has plagued the Facebook social networking site during the past week, is now targeting MySpace, Bebo, and other sites as well, security researchers warn. Researchers at security vendor F-Secure said December 9 in a blog about the Koobface worm that the new infection is designed to spread to other popular social networking sites, including,, and But with the ever-increasing effort to find zombies to work in botnets, such large-scale attacks are making a comeback, experts say. Social networks are an obvious target for such attacks because users are more likely to click on links or be duped by messages if they come from individuals they believe to be “friends,” they say. Facebook says it is deleting content generated by the worm, and officials say the social networking site has “again contained” the worm. The company also is posting updates to the Facebook security page and is publishing best practices to help users avoid phishing attacks. Source:;jsessionid=2QZLCBQLE3IAQQSNDLRSKH0CJUNN2JVN?articleID=212400218

26. December 9, SC Magazine – (International) Hackers will move to use rich content files next year. PDF and Flash files will be used by cybercriminals much more in 2009. Finjan’s Malicious Code Research Center has predicted that rich content files will be used to distribute malicious code. In its web security trends report, MCRC claimed that cybercriminals are taking advantage of the specific functionality available in Flash ActionScript that enables the Flash file to interact with its hosted web page (DOM). They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser-vulnerability and to install a Trojan. Although Flash supports the functionality to prevent such interactions, many site owners are not using it. The report further reveals that large advert networks that serve Flash-based banner ads do not prevent their ads from interacting with the hosting webpage. The lack of configuration by advertising networks to prevent this interaction, between the served Flash-based ad’s ActionScript and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected. Source:

Communications Sector

27. December 11, Las Vegas Review Journal Press – (Nevada) Construction mishap disrupts phones. Phone service to as many as 60,000 Embarq Corp. customers, including all state offices in Southern Nevada, will be disrupted for as long as two days because of a construction mishap, the phone company said Wednesday. Embarq, the dominant local telephone exchange serving Southern Nevada, lost service Wednesday morning when a construction equipment operator accidentally cut through underground phone lines. Full restoration of phone service may take two days, a spokeswoman said. She called it the biggest telephone outage she could recall in 11 years at the telephone company in Southern Nevada. The break interrupted mobile phone service, long-distance land-line service, and Internet service for the eastern area of Las Vegas to Boulder City and Laughlin, said Embarq’s director of network operations. Source: