Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, March 3, 2009

Complete DHS Daily Report for March 3, 2009

Daily Report


 According to Tulsa World, it took more than 60 firefighters about two hours to control a fire Saturday at a fertilizer blending and bagging business at Oklahoma’s Port of Catoosa. The buildings contained several tons of ammonium nitrate and nitrogen in bulk. (See item 5)

5. February 28, Tulsa World – (Oklahoma) Fire controlled at Port of Catoosa fertilizer business. It took more than 60 firefighters about two hours to control a Saturday afternoon fire at a fertilizer blending and bagging business at the Port of Catoosa. A captain of the Tulsa Fire Department (TFD) said at 5:40 p.m. Saturday that the situation had been controlled at Agri-Nutrients. The fire evidently started sometime after 3 p.m. and was first reported to TFD at 3:23 p.m. by Port of Catoosa security. Crews found heavy fire and smoke coming from a structure on the south side of the facility. The fire rapidly spread to other buildings on the property and eventually consumed the entire complex. The captain said representatives from Tulsa, Catoosa, and Rogers County were among those on hand. The buildings contained several tons of ammonium nitrate and nitrogen in bulk. The risk of dealing with these hazardous materials caused firefighters to take a defensive approach to the “fire attack,” the captain said. TFD HazMat personnel advised that the best course of action was to allow the facility to burn and thus not risk personnel safety. Fire crews also faced a collapse hazard on the property, TFD said. Two mixing towers were weakened by fire and were at risk for collapse. Fortunately, strong northerly winds carried the smoke away from the fire and firefighters and assisted in keeping the fire from creating a hazard to downwind residents. The cause of the fire and the dollar amount of the damage were not known as of Saturday evening. HazMat teams were being assisted late Saturday by the Coast Guard to monitor the runoff from the fire and determine if there will be any environmental impact to the Port waterway or nearby wildlife. The facility also contained close to 400 gallons of herbicide stored in drums, according to TFD. Source:

 WPXI 11 Pittsburgh reports that a Pennsylvania company that monitors peer-to-peer file-sharing networks found engineering and communications information about the U.S. President’s helicopter, Marine One, at an IP address in Tehran, Iran. (See item 26)

26. February 28, WPXI 11 Pittsburgh – (National) Marine 1 blueprints found on file-sharing network. A Cranberry, Pennsylvania company that monitors peer-to-peer file-sharing networks discovered what it said to be a potentially serious security breach involving the U.S. President’s helicopter. Tiversa employees found engineering and communications information about Marine One at an IP address in Tehran, Iran. “We found a file containing entire blueprints and avionics package for Marine One, which is the president’s helicopter,” said the CEO of Tiversa. The company was able to trace the file back to its original source. “What appears to be a defense contractor in Bethesda, Md., had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” the CEO said. Tiversa also found sensitive financial information about the cost of the helicopter on that same computer. The CEO said someone from the company most likely downloaded a file-sharing program, typically used to exchange music, not realizing the potential problems. “When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive,” said the Tiversa CEO. The CEO has notified the government immediately and said appropriate steps are being taken. “They are working through a process to maintain the security of the president,” the CEO said. Iran is not the only country that appears to be accessing this type of information through file-sharing programs. “We’ve noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence,” added the Tiversa CEO. Source:


Banking and Finance Sector

9. March 2, Orlando Business Journal – (National) FDIC to levy special assessment on banks. The Federal Deposit Insurance Corp. (FDIC) on February 27 added a one-time special assessment of 20 cents on every $100 of insured deposits so it can quickly restore reserves to its deposit insurance fund. It will be paid by all institutions holding insured deposits, and that usually means the increase will be passed through to depositors in the form of decreased interest yield on deposits. The special charge is expected to bolster the deposit fund by $15 billion this year. The interim rule also allows FDIC to add an additional 10 basis points special premium if the insurance fund’s reserves continue to decline. The increase of the 20 basis points will be assessed in the second quarter and collected in the third quarter. Source:

10. March 1, Bloomberg – (National) AIG may get $30 billion in additional U.S. capital. American International Group Inc., the insurer deemed too important to fail, may get a commitment for as much as $30 billion in new government capital after a record quarterly loss, said two people familiar with the matter. The insurer may also be allowed to make lower payments on government loans, said the people, who declined to be identified because there was no public announcement. New York-based AIG may forfeit part of stakes in its two largest non-U.S. life insurance divisions to lower the firm’s debt, the people said. AIG, first saved from collapse in September with a package that grew to $150 billion, had to restructure its bailout after failing to sell enough units to repay the United States. Firms including banks relied on AIG to back more than $300 billion of assets through derivative contracts as of September 30, making the insurer a “systematically significant failing institution” that has to be propped up, according to the Treasury. Source:

11. February 27, – (National) U.S. bank regulator expands debt guarantee program. A top U.S. bank regulator voted on February 27 to expand its federal guarantee program to include banks’ mandatory convertible debt. The Federal Deposit Insurance Corp. (FDIC) voted to make a “very narrow targeted improvement” to its Temporary Liquidity Guarantee Program (TLGP). The FDIC established the voluntary guarantee program in October 2008. It provides a government guarantee on certain senior unsecured debt and on banks’ transaction deposit accounts. The program was created to boost confidence in the banking industry and reduce the risk of bank runs. FDIC officials said banks have been able to improve their access to funding through the program. At the end of 2008, 64 financial firms had $224 billion in outstanding debt covered by the FDIC facility. The TLGP originally precluded any “convertible debt.” The FDIC said on February 27 that it wants to give eligible banks more flexibility to obtain funding from investors with longer-term investment horizons. The agency also said it hopes the expansion will reduce the concentration of FDIC guaranteed debt maturing in mid-2012. Source:

Information Technology

33. March 2, The Register – (International) Phishers automate attacks using ‘Google hacking.’ Three in four phishing sites are hosted on compromised servers, according to a new survey. A study of 2,486 fraudulent Web sites found that 76 percent were housed on hacked Web servers, typically taken over after hackers identified well-known vulnerabilities using search engine queries. Free Web hosting for fraudulent Web sites was used in just 17.4 percent of cases. The paper, called Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing, also found that a sizeable minority of compromised systems were serial victims of attack. One in five (19 percent) were hit again less than six months after a phishing-related hack attack. That is because legitimate owners might turf out fraudsters from their systems but they often fail to fix underlying vulnerabilities that let them in. Source:

34. March 2, CNET News – (International) New antivirus software looks at behaviors, not signatures. It could be argued that security vendors are losing the battle with online scammers whose programs sneak onto computers and drop malicious programs, opening the computers up to remote attacks and turning them into zombies in botnet armies. The problem is that most computers today rely on antivirus software that blocks malware by checking the code in a file against a database of signatures of known viruses. With thousands of new viruses arriving each day, many of them encrypted in part or otherwise disguised with modification, the signature lists require frequent updates and many new viruses slip through undetected. As a result, security providers are turning their attention to behavior-based approaches for identifying new viruses, with software that focuses on watching for suspicious behavior, such as a program trying to write data to an executable program. Two security companies are set to make announcements on March 2 that follow this trend. Antivirus provider AVG is introducing AVG Identity Protection, software that analyzes the behavior and characteristics of programs running on a computer and shuts down activity that looks suspicious. The software is based on technology the firm acquired when it bought identity theft specialist Sana Security in January. “The antivirus companies are flooded with malware to add to signature databases,” with 20,000 to 30,000 new unique samples coming out every day, said the chief research officer at AVG. “It’s time to do something different.” Meanwhile, Damballa is releasing its Failsafe 3.0 appliance that is designed to discover botnet malware on computers by listening for communications between compromised systems and command-and-control nodes controlled by attackers on the Internet. Source:

Communications Sector

35. March 1, Cellular-News – (District of Columbia) Mobile phone improvements for Washington D.C. underground railway. Mobile phone coverage on the Washington metro railway is to be improved following a decision recently by the Metro’s Board. Four major cell phone companies — Verizon Wireless, Sprint Nextel, AT&T, and T-Mobile — will build a new wireless infrastructure in the underground rail system during the next four years. “We are looking forward to offering Metro riders the first elements of Metro’s expanded cell phone carrier service this year. Metro will get two new comprehensive wireless networks for free, and we will receive millions of dollars in new revenue,” said the Metro’s assistant general manager for information technology. The companies will design, build, operate, maintain and own a wireless network. The firms will also build a second wireless network, which Metro will own, operate and maintain for Metro’s own operational and public safety communications. Twenty of the busiest underground rail stations will have expanded cell phone service by the end of this year and the entire rail system will be equipped by 2012. Riders can now receive cell phone service from multiple providers at above ground stations, but the current underground wireless network only supports Verizon customers and Sprint phones that roam onto the Verizon network. Source: