Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 16, 2008

Complete DHS Daily Report for December 16, 2008

Daily Report


 According to the Associated Press, the number of governors’ offices receiving letters containing suspicious powder has topped 30. (See item 20)

20. December 13, Associated Press – (National) More governors get suspicious letters. The number of governors’ offices receiving letters containing suspicious powder has topped 30. The letters, all postmarked in Texas, began arriving at governors’ offices across the country on Monday, December 8. So far field tests have indicated the powders to be harmless, though further testing is under way, the FBI said Friday. “It’s likely there will be more” letters, an FBI special agent said in a statement. The Postal Inspection Service, which is working with the FBI, noted that sending hoax letters can result in up to five years in prison. States where the letters have been received, according to information provided by the FBI, are: Alabama, Alaska, Arizona, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Maine, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, North Dakota, Oklahoma, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, West Virginia, and Wyoming, plus Puerto Rico and the Virgin Islands. Source:

 Agence France-Presse reports that a suspect has been arrested in connection with a bomb attack on a bank Friday in Woodburn, Oregon, that left two police officers dead and two injured. (See item 32)

32. December 15, Agence France-Presse – (Oregon) Arrest in deadly Oregon bank bombing: police. A suspect has been arrested in connection with a bomb attack on a bank in Oregon that left two police officers dead and two injured, a statement said Monday. The Marion County Sheriff’s Department declined to give further information about the arrested suspect, citing the need to protect the ongoing investigation and officers involved in it. Two people — a bomb disposal expert and a police chief — were killed after a suspicious device exploded at a branch of the West Coast Bank in Woodburn, 30 miles south of Portland, on Friday. The bomb also seriously injured a police chief and a female bank employee, Oregon State Police said in a statement. No individual or group claimed responsibility for the bombing, and authorities on Saturday issued a $35,000 reward for information leading to the capture of those responsible. The bomb was discovered after a branch of the Wells Fargo bank in Woodburn received a threatening phone call early Friday. The bank was evacuated, but a suspicious object found at the site was not determined to be dangerous, police said. However, a further search of the area led police to the nearby West Coast Bank where another suspect device was discovered. The bomb exploded as officers examined it. Source:


Banking and Finance Sector

6. December 15, Insurance Daily – (National) Zurich pays $25m fraud settlement. Zurich Financial Services Group has agreed to pay a $25 million settlement to the US Securities and Exchange Commission (SEC) in connection with charges of civil securities fraud. A related charge was also settled against Converium Holding AG, which operated under the name Zurich Re until it was spun off in 2001. In paying out the settlement, the companies neither admitted nor denied any wrongdoing. The SEC accused the two companies of designing reinsurance transactions to make it appear that risk had been transferred to a third party, when, in truth, the risk remained with Zurich controlled businesses. This enabled Zurich Re and Converium to artificially inflate performance figures, allowing them to receive a significant windfall when Zurich Re was spun off as Converium in December 2001. Source:

7. December 14, Atlanta Business Chronicle – (National) Bankers: FDIC rules will ban new banks The Federal Deposit Insurance Corp. (FDIC) may be implementing what is effectively a ban on new banks in metro Atlanta and other distressed areas nationwide, as the financial industry’s and broader economy’s deterioration accelerates. The FDIC has increased scrutiny of new banks applying for deposit insurance in select areas of the Southeast and other regions, including Western states, industry insiders said. The new reviews, insiders said, make approval difficult in practice, if not impossible. “It is a de facto ban,” said the CEO of Alpharetta-based consultant T. Stephen Johnson & Associates Inc. Spurring the new rules are worsening industry performance and an increasing skepticism that new banks can succeed in the same places where others have failed this year, those familiar with the process said. However the FDIC’s Atlanta regional director, adamantly denied that a ban, either formal or informal, is in place. He said the FDIC is continuing to review new bank applications, and expects some to receive approval. The FDIC regional director did acknowledge deposit insurance approval is harder to get, and the FDIC is becoming more discriminating in whom it approves nationwide, including in metro Atlanta. Source:

8. December 13, News and Observer – (North Carolina) Credit-card data leak in online buys. A Greensboro company, Innisbrook, has notified thousands of parents across the country that their credit card information may have been compromised. Some parents in the Triangle have found fraudulent charges on their accounts. Innisbrook works with thousands of schools nationwide and sells things like school supplies and wrapping paper to raise money for the schools. The security breach happened in August, when many customers were placing orders for bundles of back-to-school supplies. Twenty-four schools in North Carolina were affected, and only information from customers who placed orders online and paid with a credit card was at risk. A customer service manager declined to provide a list of the affected schools but said that there were seven in Wake County and one in Durham County. The customer service manager stressed that the breach occurred on the company’s school supplies site, which is separate from the company’s main Web site and operates on different servers. Federal authorities have been notified of the incident, and the company sent a letter to all customers who had placed a school supplies order online at the end of October. Source:

9. December 12, Bucks County Courier Times – (National) Wachovia to reimburse victims of $150M fraud. Wachovia Bank has begun mailing checks totaling more than $150 million to customers, whose bank accounts were improperly accessed on behalf of telemarketers and their payment processors, including a defunct Newtown Township, Pennsylvania, company. The North Carolina-based bank will mail 742,870 checks worth $150,143,361 as part of an agreement with the Office of the Comptroller of the Currency, a Treasury Department agency that supervises and regulates the nation’s banks. The case began with an investigation by the U.S. Attorney’s Office in Eastern Pennsylvania and other agencies into Payment Processing Center, a Newtown Township company that took $50 million from customers in 2005 and 2006. In that case, telemarketers from India and the West Indies duped unknowing consumers into giving up bank account information. The telemarketers then contracted with Payment Processing Center to withdraw money from the victims’ accounts. Payment Processing Center sent unsigned electronic bank drafts to Wachovia to process the payments. Last year, the company agreed to a permanent injunction and was shut down. Authorities allege Wachovia should have known the transactions from the Payment Processing Center and other processing companies which had accounts with the bank were not legitimate. A large number of transactions were returned to Wachovia by individuals or their financial institutions as unauthorized, according to the comptroller of the currency office. Source:

10. December 12, WIRED – (New York) Cyber crook pleads guilty to looting Citibank accounts with hacked ATM codes. A 28-year-old man caught in the act of using hacked ATM codes to loot Citibank accounts last May pleaded guilty this week to a single count of access device fraud, bringing to five the number of defendants who have entered guilty pleas in connection with an intrusion into an ATM processing server that led to at least $2 million in fraudulent withdrawals this year. The defendant was arrested May 8, after Citibank officials monitoring their network noticed suspicious ATM transactions coming through the five cash machines in the vestibule of a Citibank branch in New York’s Upper East Side. In late 2007, an unknown hacker penetrated a server that processes transactions from Citibank-branded ATMs at 7-Eleven convenience stores, and stole customer account numbers and PINs. According to court records, a Russian mastermind farmed out the stolen data to a small army of U.S. confederates, who made at least $2 million in fraudulent withdrawals, sending 70 percent of the profits back to Russia. Source:

Information Technology

31. December 14, Computerworld – (International) New threats thrive on a changing Web. The Web and the growing popularity of Web 2.0 applications will continue to pose a huge threat to both consumers and enterprises, according to security firm Sophos Plc. “We’re finding over 15,000 new Web pages being infected every day and 90 percent of Web threats reside on legitimate hacked sites while, about 1 percent of all Web searches deliver an infected Web page. So what you’ve got are these legitimate Web sites, how then do people protect themselves against this?” said the director of sales for Asia at Sophos. According to the official, the security threat landscape is changing, making it all the more difficult for IT managers to secure the network and end users. “We used to protect the endpoint at the gateway but what’s changed is now you’ve got Internet access, cloud computing, mobile workers and remote access, USB key and third-party devices being plugged in, a lot more outsourcing so you have contract workers, etc. So, all of a sudden, the whole security game has changed and IT managers now need to look at a lot of different factors in securing their endpoints,” he said. Social networking sites, for one, are proving to be a growing challenge for most IT managers or information security officers because, while some companies use these for their business, some employees use these for purely social reasons, which becomes both a productivity and a security issue. Source:

Communications Sector

Nothing to report