Department of Homeland Security Daily Open Source Infrastructure Report

Friday, February 6, 2009

Complete DHS Daily Report for February 6, 2009

Daily Report


 According to Gannett News Service, a preliminary investigation indicates that pressurized tubing that broke during a shut down procedure is the cause of a natural gas well accident that killed a worker on Wednesday in DeSoto, Louisiana. (See item 1)

1. February 5, Gannett News Service – (Louisiana) Broken pressurized tubing hit man who died at well site. A preliminary investigation by DeSoto, Louisiana sheriff’s investigators indicates that pressurized tubing that broke during a shut down procedure is the cause of the fatal natural gas well accident that claimed the life Wednesday night of a Bossier Parish man. A sergeant with the DeSoto sheriff just completed 15 interviews of subcontractors who were working at the well site in Stonewall and has determined that the man died of an injury sustained in the work-related accident. Crew members were performing a shut down procedure around 5 p.m. and had already shut the well head off. They were doing work to the separator unit that was hooked to the well head “and it had a large amount of pressure on it,” said a lieutenant. The man was employed by L&C Testing, Inc. of Shreveport, which is a subcontractor for Chesapeake Energy, which owns the well site. Work began on the Burford 31-H well on October 14. “We were nearing completion of work that would have allowed the well to go on line as a producing well,” said Chesapeake’s director of corporate development in Louisiana. The Occupational Safety and Health Administration also will do its own investigation. The well site, which is located past a residential area, poses no threat to public safety or the environment, he said. Source:

 The Associated Press reports that Boeing Co. alerted airlines Thursday that Rolls Royce Trent engines in more than 200 777s could experience icing problems. The notice suggests in-flight precautions to avoid ice buildups in fuel lines that can cut power in unusually cold weather. (See item 14)

14. February 4, Associated Press – (International) Boeing warns of ice problem in some 777 engines. The Boeing Co. has alerted airlines that Rolls Royce Trent engines in more than 200 777s could experience icing problems. The Seattle Post-Intelligencer reports that the notice was sent Thursday. The notice suggests in-flight precautions to avoid ice buildups in fuel lines that can cut power in unusually cold weather. The notice covers about 30 percent of the more than 700 777s in use. Two episodes were cited. In January 2008, seven passengers were injured when a British Airways 777 made a hard landing at Heathrow Airport outside London. Both engines failed to respond to a command for thrust. In November, a Delta Airlines 777 on a flight from Shanghai to Atlanta lost power in one engine. Power was regained after the pilot descended. Source:


Banking and Finance Sector

10. February 5, Reuters – (International) U.S. law firm files Madoff class action in New York. A U.S. law firm has filed a class action in New York on behalf of investors in Optimal, an investment fund of Spain’s Santander affected by the alleged $50 billion fraud by a U.S. financier. Coughlin Stoia Geller Rudman & Robbins LLP, which recovered $7 billion for Enron victims, filed the lawsuit in the Southern District of New York alleging wrongful conduct in connection with the Ponzi scheme run by the financier, court documents showed on February 5. Optimal Strategic U.S. Equity is an investment fund of the eurozone’s largest bank Santander, which in December 2008 announced client exposure of 2.33 billion Euros ($3 billion) to the financier. Unlike other cases related to this financier, the suit does not contain a securities claim, meaning plaintiffs can receive relevant information about the case before any trial which could bring to light previously unknown details on the case. Source:

11. February 4, Tuscan Citizen – (Arizona) New phishing scam seeks cell users’ credit union data. A phishing cell phone scam, where people are getting text messages telling them there is a problem with their credit union account, has hit Tucson. The text messenger asks for personal information to be e-mailed or called in. The scammer says there are problems with accounts at “Piramid Credit Union,” which is different from the legitimate Pyramid Credit Union in Tucson, said the acting president of the Tucson Better Business Bureau. Another phony text message says it is from the legitimate Vantage West Credit Union. The telephone number has been traced to Michigan and the e-mail address has been traced to Germany, she said. The scammers are texting numerous people in the hope of getting some who are Vantage or Pyramid customers, she said. Source:

12. February 4, Associated Press – (California) Ex-Predators co-owner pleads guilty in fraud case. A Silicon Valley financier who federal authorities say bilked investors and scammed banks to furnish a lifestyle that included buying a stake in a professional hockey team pleaded guilty on February 4 to securities fraud. The former Nashville Predators co-owner entered the plea exactly two months after federal prosecutors brought a single criminal charge against him for allegedly using brokerage accounts that were not his as collateral for nearly $100 million in loans. The charge carries a maximum penalty of 25 years in prison, but the guilty party likely will be sentenced to much less time behind bars. The February 4 hearing capped a spectacularly rapid fall from grace for the guilty party who was member of a prominent San Jose banking family who founded Sand Hill Venture Capital and co-founded Heritage Bank of Commerce with his father. Source:

Information Technology

29. February 5, – (North Dakota) ‘Parking ticket’ scam brings malware infection. An enterprising group of criminals has been using a real-world scam in an effort to spread malware. The attacks reportedly began with a series of phony parking tickets issued in Grand Rapids, North Dakota. Individuals had the tickets placed under their windshields along with instructions to visit a Web site. A Sans Institute security researcher said that the Web site contained a number of photos of vehicles from Grand Rapids, and advertised a searchable archive of “bad parking”. The photos had been edited to remove license plate information. Users visiting the site were instructed to download an executable ‘toolbar’ in order to search for their own cars. The executable contains a Trojan application, however, which attempts to download a number of other malicious applications onto the victim’s PC. “Attackers continue to come up with creative ways of tricking potential victims into installing malicious software,” the researcher said. “Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we will be seeing such approaches more often.” The method of attack impressed a number of other security researchers. Social engineering as a means of infection is not a new tactic for criminals, but using a real-world method such as a fake parking ticket is certainly new. “This is a great example of real-world social engineering, placing fliers on cars informing you of a parking violation as a way to drive users to the web to download and install malware,” said the director of security research and communications at McAfee. Source:

30. February 4, DarkReading – (International) Unauthorized Web use on the rise, sneaking by IT. Schools long have struggled with savvy students who run anonymous Web proxy tools to bypass Web filters and secretly access banned Web sites and content. But the use of these potentially dangerous tools within the enterprise appears to be more widespread than was once thought. A new study released on January 4 indicates that businesses may be clueless about the breadth of the problem: While 15 percent of IT managers report that Web filter bypass tools are in use in their organizations, it turns out that these tools are actually in use in three out of four organizations, according to FaceTime Communications, which polled both IT managers and its own customers on the topic. Anonymous Web proxies, also known as proxy servers, anonymizers, and shadow-surfing tools, basically pass user Web traffic via other servers to get around an organization’s Web filters. These tools come in various forms, but the most popular are Web proxy sites, such as, which let users reach banned sites from work, whether it is gambling, social networks, or adult content. They also come in desktop applications, such as Circumventor, that let users browse silently and anonymously over nontraditional browsing ports, hiding their IP addresses and other identifiable information. Other bypass tools include online communities, such as TOR and Hopster, where users make their PCs available for use as proxies in support of freedom of communication over the Net, notes the vice president of marketing and product management for FaceTime. Source:

31. February 3, DarkReading – (International) Twitter clickjacking hack released. A Web developer has released a proof-of-concept clickjacking attack targeting Twitter that demonstrates how an attacker could take over a member’s “update” function on the microblogging site. Simply put, all it takes is for the victim to click on a seemingly innocent link on a Web page while logged into Twitter, and then his or her “What are you doing?” status is under the attacker’s control. “It means anyone can update an individuals Twitter status without you knowing,” says the independent Web developer who wrote the PoC and published it on his Website. Clickjacking is an attack where a bad guy slips a malicious link invisibly onto a Web page or under a commonly used button on a Web site. When the user clicks on the link or rolls his mouse over the link, he becomes infected. Microsoft has included a new clickjacking protection feature in Internet Explorer 8 that lets Websites safeguard their sites and visitors without browser add-ons. Source:;jsessionid=DFIGW5M525YK0QSNDLRSKH0CJUNN2JVN?articleID=213000919

Communications Sector

Nothing to report