Thursday, January 15, 2009

Complete DHS Daily Report for January 15, 2009

Daily Report


 KDVR 31 Denver reports that an explosion at an oil well site in Weld County, Colorado, injured two people on Wednesday morning. (See item 1)

1. January 14, KDVR 31 Denver – (Colorado) Oil rig explosion injures 2. An explosion at an oil well site in Weld County, Colorado, injured two people on the morning of January 14. The fire marshal for the Union Colony Fire Rescue Authority said two workers suffered serious burns. They were taken to North Colorado Medical Center in ground ambulances. The explosion occurred at 7:30 a.m. off of U.S. Highway 34 near Greeley. Firefighters built a dirt mound around a storage tank that was burning in order to contain the fire, according to a Weld County undersheriff. Union Colony firefighters called the Windsor-Severence Fire Protection to the scene since it was in that jurisdiction. Those firefighters brought the foam. They then were able to quickly douse the flames at about 8:30 a.m. The cause of the fire was under investigation. Source:

 According to Air Force News Service, Air Force officials at Kirtland Air Force Base, New Mexico, are delaying the launch of Tactical Satellite-3 until repairs to a spacecraft avionics component, critical to the system’s operational capability, are complete. (See item 15)

15. January 13, Air Force News Service – (National) Malfunctioning component delays satellite launch. Air Force officials at Kirtland Air Force Base, New Mexico, are delaying the launch of Tactical Satellite-3 until repairs to a spacecraft avionics component, critical to the system’s operational capability, are complete. Although scheduled to launch in late January, the program team is working with the manufacturer to resolve the problem. When ready, the TacSat-3 launch will occur at NASA’s Wallops Island Flight Facility in Wallops Island, Virginia. “We’re very disappointed in the delay, but the fix is necessary to assure the on-orbit performance of the satellite,” said a TacSat-3 program manager. “Had we not discovered and corrected this problem, we would have had a potential catastrophic mission failure.” Source:


Banking and Finance Sector

17. January 14, New York Times – (National) Citigroup plans to split itself up, taking apart the financial supermarket. Staggered by losses despite two federal rescues, Citigroup is accelerating moves to dismantle parts of its troubled financial empire in an effort to placate regulators and its anxious investors. Under pressure from Washington and Wall Street, the financial giant plans to split itself in two, people with knowledge of the plan said on January 13, heralding the end of the landmark merger that created the bank a decade ago. Citigroup, which originally planned to sell in coming years the businesses it no longer deemed central, is speeding up the process to mitigate potentially billions of new losses as the economy worsens. The government, which has twice supplied it with taxpayer support during the financial crisis, wants to avoid a repeat, said another person with knowledge of the situation. But some Wall Street analysts and investors questioned whether the plan, which included the announcement on January 13 that it would split off its prized Smith Barney brokerage, goes far enough to address Citigroup’s immediate troubles. “They have moved the chips around, but it’s the same game,” said an Oppenheimer banking analyst who has been critical of the company. “They still have the same capital needs.” Source:

18. January 14, CNN – (Indiana) U.S. marshals: Pilot could face federal charges. Authorities may add more criminal charges against a financial manager accused of trying to fake his death in a plane crash, a U.S. Marshals Service spokesman said Wednesday. The defendant was captured Tuesday after a bizarre plot in which authorities said the businessman tried to fake his death after scamming clients. The defendant was charged in Hamilton County, Indiana, on Tuesday with unlawful acts by a compensated adviser and unlawful transaction by an investment adviser. The court issued an arrest warrant and set bail at $4 million cash.Authorities said they believe the defendant defrauded investors through three companies he owns before attempting a bizarre and potentially deadly vanishing act. On January 12, a judge in Indiana froze the defendant’s assets, said a spokesman for the Indiana secretary of state. The order also applies his three companies. Those companies — Heritage Wealth Management, Heritage Insurance Services, and Icon Wealth Management — are “the subjects of an active investigation by the Indiana Securities Division,” said the spokesman. Source:

19. January 14, Syracuse Post-Standard – (New York) Credit union target of ‘phishing’ scam. Central New Yorkers have been targeted by a text-message “phishing” scam that asks for the personal identification numbers associated with their bank cards. The fraudulent text messages purport to be from Empower Federal Credit Union, but they are not, said an individual speaking for the credit union. The messages say that the recipient’s ATM card has been deactivated and asks the recipient to call a toll-free number to reactivate the card. If people call the number, they are prompted to enter their card number, expiration date and PIN. Phishing scams, which are criminal attempts to gain private information, are common in e-mail, but relatively new on cell phones. Customers and non-customers alike have been targeted by the recent scam. Source:

20. January 13, – (National) Phishing attack uses pop-up message on bank sites. Researchers at security vendor Trusteer have discovered a new phishing method that forces pop-up login messages to appear on legitimate banking Web sites. The messages trick users into giving up passwords, account numbers and other sensitive information. Sometimes the messages appear after they have logged into an online banking or other financial website, Trusteer said. Trusteer issued an advisory on their find. The technique is called Session Phishing, and is used after attackers inject malicious code into major browsers. The Trusteer CTO said the method makes phishing attacks more likely to be successful because they try to trick people after they have logged into a legitimate Web site. The CTO said the major browser makers have been notified. Trusteer said the pop-up window sometimes requests the user to retype their username and password because the session has expired, or asks users to complete a customer satisfaction survey or participate in a promotion. Source:

Information Technology

38. January 14, IDG News Service – (International) Microsoft updates free tool to remove persistent worm. Microsoft has updated its free security tool to remove a persistent worm that is targeting a now-patched but severe vulnerability that affects several server products. The latest update to the Malicious Software Removal Tool (MSRT) can now remove infections of Conficker, a worm that infects a server and then tries to download other malicious software, according to a company blog. Conficker targets a flaw in Windows Server Service. Microsoft thought the flaw was so severe that it issued an out-of-cycle patch on October 23 for Windows 2000, XP, Vista, Server 2003 and Server 2008. Microsoft has observed a new variation of the worm, called Win32/Conficker.B, which has been infecting servers. Systems become infected when a hacker constructs a malicious Remote Procedure Call (RPC) to an unpatched server, which then allows arbitrary code to run on a machine. Conficker. B uses other methods to spread, including trying to copy itself to other shared network machines by guessing passwords. It can also spread via removable media. Source:

39. January 14, Minneapolis Star Tribune – (Minnesota) Blaine man pleads guilty to placing virus in computers. A Blaine man charged with sabotaging his former employer’s computer system pleaded guilty to the offense in federal court, the U.S. Attorney’s Office said. The 21-year-old admitted in court January 12 that in April 2008 he intentionally damaged a computer after he was terminated from his job as a help desk employee at Wand Corp. According to his plea agreement, the guilty party worked for the Eden Prairie, Minnesota, firm that provides computers used by retailers and restaurants to conduct cash register transactions. The computers are in individual establishments but can be remotely accessed by Wand using an Internet-based program. About three weeks after he was let go, he unleashed a malicious software attack on Wand computers in about 3,000 restaurants. The attack was designed to crash the client computers. He launched the attack from his home computer and was able to install the virus on about 1,000 computers, his plea agreement said. Source:

40. January 13, Computerworld – (International) Microsoft patches ‘super nasty’ Windows bugs. Microsoft Corp. patched three vulnerabilities in the company’s Server Message Block (SMB) file-sharing protocol, including two that could make “Swiss cheese” out of enterprise networks, according to one researcher. “This is super nasty,” said the chief technology officer at Shavlik Technologies LLC, who also called the January 13 update “super critical” as he sounded the alarm. “Expect to see a worm on this one in the very near future, [because] this is Blaster and Sasser all over again.” Those two worms, 2003’s Blaster and 2004’s Sasser, wreaked havoc worldwide as they spread to millions of Windows machines. Of the three bugs outlined in the MS09-001 security bulletin, two were rated “critical,” the most serious ranking in Microsoft’s four-step scoring system, while the third was pegged “moderate.” The pair identified as critical are extremely dangerous because attackers can exploit them simply by sending malformed data to unpatched machines, according to the chief technology officer. “These flaws enable an attacker to send evil packets to a Microsoft computer and take any action they desire on that computer [with] no credentials required,” he said. “The only prerequisite for this attack to be successful is a connection from the attacker to the victim over the NetBIOS ports, TCP 139 or TCP 445. By default, most computers have these ports turned on.” Much the same situation led to Blaster and Sasser, the chief technology officer noted. “More people have blocked those ports, and more personal firewalls block them by default, but they are typically left open in a corporate network.” Source:

Communications Sector

Nothing to report.