Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, February 5, 2009

Complete DHS Daily Report for February 5, 2009

Daily Report


 According to the Associated Press, the Occupational Safety and Health Administration sent investigators to the We Energies power plant in Oak Creek, Wisconsin, where coal dust apparently ignited in a silo Tuesday morning, injuring six contractors. (See item 1)

1. February 4, Associated Press – (Wisconsin) OSHA agents investigate blast at Wisconsin power plant. Federal safety officials are combing the Milwaukee-area power plant where an explosion injured six people, including two with burns over half their bodies. The Occupational Safety and Health Administration (OSHA) has sent investigators to We Energies’ Oak Creek plant about 20 miles south of Milwaukee, where coal dust apparently ignited in a silo Tuesday morning, injuring six contractors. An OSHA spokesman says the investigators will try to determine what caused the explosion. He says any safety code violations could result in fines. Two of the injured were treated and released from a hospital Tuesday. The other four remain hospitalized, with one in critical condition Tuesday night. A We Energies spokesman said there was an explosion in the dust collection mechanism within the coal handling facility. We Energies contract workers were in the process of setting up scaffolding inside the silo when the apparent explosion occurred, according to the We Energies spokesman. The fire suppression equipment in the silo was not working, and workers were preparing the scaffolding so it could get fixed. He said it is unclear if the explosion would have been prevented if the equipment had been working properly. Source: See also:

 IDG News Service reports that employees at federal security agencies are being notified that their personal information may have been compromised after hackers planted a virus on computer networks of government contractor SRA International. (See item 7)

7. February 3, IDG News Service – (National) Federal workers notified after SRA virus breach. Employees at federal security agencies are being notified that their personal information may have been compromised after hackers planted a virus on computer networks of government contractor SRA International. SRA began notifying employees and all of its customers after discovering the breach recently, a company spokeswoman said on February 3. The malicious software may have allowed hackers to get access to data maintained by SRA, including “employee names, addresses, Social Security numbers, dates of birth, and health care provider information,” the company said in a notification posted at the Maryland attorney general’s Web site. SRA is a 6,600-employee technology consulting company that sells cybersecurity and privacy services to the Federal Government. The company would not say which federal agencies were affected by the breach, but in U.S. Securities and Exchange Commission filings it lists intelligence agencies and those such as the U.S. Department of Defense, the U.S. Department of Homeland Security, and the U.S. National Guard among its clients. Source:


Banking and Finance Sector

9. February 4, – (International) RBS WorldPay: ATM heist nets $9 million in 30 minutes. RBS WorldPay, the U.S. payments processing arm of Royal Bank of Scotland Group, allegedly lost $9 million in a 30-minute period during a global ATM heist that involved 100 cloned cards in 49 cities worldwide. RBS first reported a breach of its computer systems and the fraudulent use of 100 cards in a press release that was issued on December 23, 2008. The bank confirmed that its computer system had been improperly accessed in November 2008 by an unauthorized party and that the personal information of 1.5 million pre-paid cardholders had been compromised. But the true extent of the fraud has been revealed in a report on New York Fox 5. Law enforcement officials from the FBI told the channel that a network of cashiers was used to withdraw money from 130 different ATM machines in 49 cities worldwide shortly after midnight on November 8, 2008. Although only 100 cloned cards were used, the hackers behind the swindle managed to withdraw up to $9 million by lifting the daily withdrawal limits on each card, so that they could be used over and over again. So far, the FBI has no suspects and has made no arrests in this scam. An attorney in Atlanta has filed a class-action lawsuit against RBS WorldPay for allegedly failing to protect personal information. Source:

10. February 3, WHNT 19 Huntsville – (Alabama) Text message scam. The Better Business Bureau of North Alabama is alerting local residents to a phishing scam using text messaging to attempt to steal consumer’s identity by falsely claiming that their account has been suspended. The BBB has received dozens of calls from local consumers who received a text message stating “This is an automated message from Cullman Savings Bank. Your ATM card has been suspended. To reactivate call urgent at 1-888-873-9356.” The BBB has verified with Cullman Savings Bank that they did not send the message. Since then, the BBB has learned that similar messages were sent using the names of other banks or credit unions. The BBB contacted the number provided in the text message and reached a recorded message asking the caller to key in their 16 digit debit card number. The BBB has learned that some recipients who were customers of the bank or credit union named in the bogus text message did provide their account number and later found that money was withdrawn from their bank account. The BBB was also informed that some recipients who did not have an account with the named financial institution responded to the text message and provided the name of where they bank. The BBB urges consumers to protect their financial information, including the name of their bank or credit union. Scam artists will likely use this information to attempt to steal an individual’s identity in the near future. Source:

Information Technology

30. February 4, CNET News – (International) IBM software scans for security holes in Flash, Ajax. IBM announced new software on February 4 that scans Flash and Ajax-based apps for security problems. IBM Rational AppScan can automatically scan online applications every 15 minutes to check for security defects that could lead to compromised computers and Internet attacks. Administrators can receive security alerts on their mobile devices as they occur. The standard version of the product costs $17,550 for a one-year license. The software also supports service oriented architecture applications, IBM said. More than half of all vulnerabilities disclosed last year were Web applications, according to IBM’s X-Force Trend Report. And Flash seems to get its share of vulnerabilities. The number of Flash vulnerabilities detected in Web applications over the last two years has increased by 300 percent compared with 2005 and 2006, according to the IBM X-Force report. Adobe Flash Player is on more than 98 percent of Internet connected computers and is used to view 80 percent of the video on the Web, IBM said. Source:

31. February 3, CNET News – (International) Firefox 3.0.6 targets security issues. Mozilla on February 3 released an update to Firefox that its developers said addresses several security and stability issues in the Web browser. Version 3.0.6 fixes six bugs, the worst of which is a JavaScript issue affecting the browser’s layout engine that developers labeled as critical. The vulnerability, which also affects Mozilla’s Thunderbird e-mail client and SeaMonkey Internet Suite, could allow an attacker to run unauthorized code on exploited machines, Mozilla said. The update improves how scripted commands, such as those included with Adblock Plus, work with plug-ins. It also addresses display issues, Mozilla said. The update comes as Firefox continues to chip away at Internet Explorer’s market dominance. Internet Explorer now has 67.55 percent of global browser market share, a drop of more than 7 percentage points in a year, according to figures from Web metrics company Net Applications released on February 2. Mozilla’s Firefox browser, meanwhile, has gained market share in the same time frame, climbing more than 3 percentage points to 21.53 percent. Source:

32. February 3, DarkReading – (International) Report: Yanking admin rights alleviates threats in 92% of critical Microsoft vulnerabilities. Revoking administrative rights from machines can mitigate attacks against most critical Microsoft vulnerabilities and in more than half of all vulnerabilities in Microsoft software, a new report released on February 3 says. In 92 percent of the Microsoft vulnerabilities labeled “critical” in 2008 Microsoft security vulnerability bulletins, the software giant said users with administrative rights were more likely to be affected by these vulnerabilities than were those with lesser privileges, BeyondTrust states in its report. And reducing user rights was a mitigation recommendation by Microsoft in nearly 70 percent of all of its software vulnerabilities reported last year, according to BeyondTrust. The report also found that removing admin rights helps protect organizations from the full wrath of exploits in 94 percent of all Microsoft Office vulnerabilities, 89 percent of Internet Explorer vulnerabilities, and 53 percent of Windows vulnerabilities reported last year. “We knew the benefit of eliminating admin rights, but we were all shocked that 92 percent of the critical vulnerabilities could be mitigated by eliminating [these] rights,” said the CEO for BeyondTrust, which sells least-privilege user management software for Windows environments. This step can serve as a preventative or stopgap measure until patches are deployed, or while an organization is evaluating the impact of patching on its applications, for instance. Plus it buys the system administrator some time to evaluate the patch. “Most companies do not want to issue patches instantaneously [until] they test their compatibility with the systems they have,” the CEO said. Source:

Communications Sector

33. February 3, Wireless and Mobile News – (National) BlackBerry data outage yesterday, today and tomorrow? According to Boy Genius Report, there was a major data outage for BlackBerry Smartphones in the United States on February 3. There appeared to be problems in Houston and Baltimore/Washington D.C. areas. AT&T told Boy Genius that their BlackBerry Internet Server (BIS) was down. It is a RIM issue and RIM engineers are working on it. Boy Genius Report reports that they “know several areas of the Northeast are still without service, including many in the New York / New Jersey region, but AT&T claims only enterprise customers are still affected at this point.” A commenter posted “It seems people are getting ‘data connection refused’” or edge instead of EDGE. AT&T blames RIM, and RIM says it is AT&T. Another commenter noted, “The issue was with BIS (not BES) and I have heard from both RIM and the carrier that the problem was fixed on February 2, which seems consistent with what I heard from other people. And mine is working fine. If you are having a problem on February 3, you should call your carrier or your ISP because it is probably a local issue.” Source: