Department of Homeland Security Daily Open Source Infrastructure Report

OUR APOLOGIES – For the first time in nearly 2.5 years we have failed to publish our abbreviated version of the report on a timely basis. Simply stated, my entire staff was offsite with client business before the report came out. I am now dealing with after returning to the office.

Wednesday, January 21, 2009

Complete DHS Daily Report for January 21, 2009

Daily Report


 The Associated Press reports that researchers say they found an “alarming” increase in children’s ear, nose, and throat infections nationwide caused by dangerous drug-resistant staph germs. (See item 21)

21. January 19, Associated Press – (National) Doctors report ‘alarming’ rise of MRSA in kids. Researchers say they found an “alarming” increase in children’s ear, nose, and throat infections nationwide caused by dangerous drug-resistant staph germs. Other studies have shown rising numbers of skin infections in adults and children caused by these germs, nicknamed MRSA, but this is the first nationwide report on how common they are in deeper tissue infections in the head and neck, the study authors said. These include certain ear and sinus infections, and abscesses that can form in the tonsils and throat. The study found a total of 21,009 pediatric head and neck infections caused by staph germs from 2001 through 2006. The percentage caused by hard-to-treat MRSA bacteria more than doubled during that time from almost 12 percent to 28 percent. The study appears in January’s Archives of Otolaryngology, released Monday. It is based on nationally representative information from an electronic database that collects lab results from more than 300 hospitals nationwide. Almost 60 percent of the MRSA infections found in the study were thought to have been contracted outside a hospital setting. The study’s authors said a worrisome 46 percent of MRSA infections studied were resistant to the antibiotic clindamycin, one of the non-penicillin drugs doctors often rely on to treat community-acquired MRSA. However, other doctors said it is more likely that at least some of the infections thought to be community-acquired had actually originated in a hospital or other health-care setting, where MRSA resistance to clindamycin is common. Source:

 According to the Associated Press, a computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the United States, Europe, and Asia, already infecting close to 9 million machines, a private online security firm says. (See item 31)

See item 31 in the Information Technology Sector in the Details below.


Banking and Finance Sector

10. January 19, WKYT 27 Lexington – (Kentucky) Hackers pose threat to thousands of Forcht Bank customers. Thousands of Forcht Bank customers had their debit cards disabled, after hackers posed a threat to their accounts. Officials at the bank say they deactivate-activated 8,500 of their customers’ cards as a precaution after officials say a retail merchant’s computer system was hacked into. Forcht bank officials say none of their customers reported having any fraudulent transactions with their accounts, but say they deactivate-activated their debit cards as a precautionary measure. Customers will receive new debit cards between 7 to 10 days. The debit card processor, a company called STAR, says they are not quite sure which retail company it was that hackers hit. Source:

11. January 17, Seattle Times – (National) FTC takes aim at foreclosure-rescue scams. The Federal Trade Commission (FTC) has sent a blunt warning to the fast-growing foreclosure fix-it industry. If a company takes funds from a customer up front, they must follow through on their obligation to save the individual’s home. Otherwise, they may be charged with running a scam operation that violates federal law. An example of this occurred when the FTC filed suit against Clearwater, Florida-based Mortgage Foreclosure Solutions, charging the company with operating a “scheme to sell purported mortgage foreclosure services to consumers” nationwide through six Web sites, but virtually never actually preventing foreclosures by lenders. The FTC said the company lured homeowners with claims that “no matter how far you are behind in your payments, the size of your mortgage debt or your credit history, we have mortgage foreclosure solutions.” According to the complaint, the company’s marketing pitches said that “we are so confident of our abilities to provide mortgage foreclosure solutions that we guarantee our services.” Many clients “ultimately (lost) their homes to foreclosure,” said the FTC, despite the guarantees and fees. The ones who avoided foreclosure did so on their own, with no help from the firm. Source:

12. January 17, WSAW 7 Wausau – (Michigan) Bank warns customers of texting scam. The senior vice president of an area bank is warning customers of suspicious text messages. He says it is a phishing scam that asks for bank account, personal account, and pin numbers. While the bank does not want anyone to panic, they do want customers to be aware. The Marshfield Savings Bank and Forward Financial Bank, which is a branch of Marshfield Savings Bank, say they have received several hundred calls from people who received the text message, some who are not even customers. He says the phishing scam, which is happening at other banks in the area, most likely came from a European country. Source:

13. January 17, Bloomberg – (Illinois; Washington) Illinois, Washington State banks seized; first failures of 2009. Banks in Illinois and Washington State with $769 million in deposits were closed by regulators, the first failures this year as a deepening recession and record foreclosures extend the housing slump into a third year. National Bank of Commerce in Berkeley, Illinois, with $430.9 million in assets and $402.1 million in deposits, was shut January 16 by the Office of the Comptroller of the Currency; and Bank of Clark County in Vancouver, Washington, with $446.5 million in assets and $366.5 million in deposits, was closed by state regulators. The Federal Deposit Insurance Corporation (FDIC) was named receiver for both. Republic Bank of Chicago in Oak Brook, Illinois, will take over National Commerce’s two offices near Chicago and reopen January 17, the FDIC said. Umpqua Bank of Roseburg, Oregon, is assuming Clark County’s insured deposits and will open January 20. “Deposits will continue to be insured by the FDIC, so there is no need for customers to change their banking relationship,” the FDIC said in a statement. Source:

14. January 16, CNNMoney – (National) FDIC encourages banks to lend more. Federal banking regulators are considering a plan to dramatically expand a lesser-known bailout program that provides government guarantees to hundreds of billions of dollars of corporate debt. The Federal Deposit Insurance Corporation (FDIC) will likely change its so-called Temporary Liquidity Guarantee Program later this month, by extending the maximum maturity of its payment guarantee on new “covered” bonds issued by banks to 10 years from three years. Covered bonds are issued by banks, backed by collateral, like a mortgage or a consumer loan, which exists on the bank’s balance sheet. It is different than an asset-backed security, which does not require banks to actually own the asset they use to back the debt issuance. The bonds are popular in Europe, but have only been offered on a limited basis in the United States. Under the new extension, the program would cover secured debt issued from January 2009 until June 30, 2010. The government’s move is aimed at encouraging new lending, and, at the same time, protecting its own credit risk, said an FDIC official. Source:

Information Technology

30. January 20, – (International) Scam emails claim that Barack Obama is refusing U.S. presidency. A wave of malicious emails claims the U.S. President-elect has refused the country’s top job and does not want the responsibility of saving a “sinking ship.” The emails direct users to malicious Web sites that look almost identical to the President-elect’s official campaign site and which include downloadable files that will infect the user’s computer, security experts said January 20. ”Clearly, there is a significant public interest in an event as historic and anticipated as this and the spammers are exploiting it,” said an individual of the security firm Marshal8e6. Symantec analysts said the emails used titles including “Breaking news,” “You must look at this!” and “What is going on with our country?” “Symantec’s Threat Intelligence team analysed a new wave of malicious spam messages with a ‘Presidential theme’ that found their way into one of our vast number of global sensors,” said a post on the company’s blog. The malicious files contained on the imitation campaign sites had the potential to allow access to the user’s computer or harvest information from it, the company said. It is believed the inauguration scam is the work of the creators of the Storm worm, one of the most famous malicious programs of recent years. Source:,28348,24937957-5014108,00.html

31. January 17, Associated Press – (International) Virus spreads quickly, but may be a dud. A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the United States, Europe, and Asia, already infecting close to 9 million machines, according to a private online security firm. Fortunately, however, it may be a dud. Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they have seen in years. But the virus does not appear to be working as its designers intended. F-Secure’s chief security adviser said the virus’s coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software. Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers. Microsoft issued a security update January 13 to deal with the so-called “Downadup” or “Conficker” virus, which appears to be a new version of a bug that popped up in October 2008. Source:

See also:

Communications Sector

32. January 19, Associated Press – (National) Technology to stop phone use in cars isn’t perfect. A product to hit the market, $10-a-month software by Dallas-based WQN Inc., can disable a cell phone while its owner is driving. It uses GPS technology, which can tell how fast a person is traveling. But it cannot know whether the person is driving — and therefore it can needlessly lock a phone. WQN, which sells cell phone and Internet security software under the name WebSafety, says it signed up about 50 customers for its first month of service. Aegis Mobility, a Canadian software company, plans to release a similar Global Positioning System-based product this fall, known as DriveAssistT. Aegis is in talks with big U.S. wireless phone carriers, which would have to support the software and charge families a fee of probably $10 to $20 a month, said the company’s vice president. The DriveAssistT system will disable a phone at driving speeds and send a message to callers or texters saying the person they are trying to reach is too busy driving. But because that person could be a non-driving passenger, the approach is a blunt tool. Source: