Department of Homeland Security Daily Open Source Infrastructure Report

Monday, March 16, 2009

Complete DHS Daily Report for March 16, 2009

Daily Report


 According to the San Antonio Business Journal, the U.S. Consumer Product Safety Commission announced Thursday that Valero Marketing & Supply Co. has voluntarily agreed to recall tanks of propane gas sold in five states. The propane might not have the recommended level of odorant that helps alert consumers to a gas leak. (See item 1)

1. March 12, San Antonio Business Journal – (National) Valero agrees to recall propane gas. The U.S. Consumer Product Safety Commission announced on March 12 that Valero Marketing & Supply Co. has voluntarily agreed to recall tanks of propane gas sold in five states. The recall affects retailers in Alabama, Arkansas, California, Mississippi, and Tennessee. Valero manufactured 919,000 barrels of propane gas from January to October 2008 that contains an odorant that helps alert consumers to a gas leak. However, the propane Valero manufactured and sold might not have the recommended level of odorant. Failure to detect leaking gas can present a fire, explosion, or thermal burn hazard to consumers, according to the Consumer Product Safety Commission. Source:

 The Canton Daily Ledger reports that a levee situated near Duncan Mills in Fulton County, Illinois has been breached due to flood conditions, the Fulton County Emergency Services Disaster Agency director said Thursday morning. (See item 34)

34. March 12, Canton Daily Ledger – (Illinois) Fulton County levee is breached. The levee near Routes 24 and 136, situated near Duncan Mills in Fulton County, has been breached due to flood conditions, according to the Fulton County Emergency Services Disaster Agency director. He reported to the Daily Ledger from the site the morning of March 12, explaining his hope is that the breach will now alleviate pressure on other levee areas. He says the breach is about 60 feet long. If water tops the levee it could be washed away, he reports. “There are no homes in danger, right now,” stresses the director. He advises residents along Spoon River, the Illinois River, and other small streams to remain vigilant and listen to reports on NOAA weather radios and from area media. He said he is concerned about roads leading into Seville being flooded. No information on those roads was available as of press time. Source:


Banking and Finance Sector

5. March 13, Bloomberg – (National) Banks rush bond sales as FDIC says it may raise guarantee fees. Federal Deposit Insurance Corp. officials advised the largest U.S. banks on March 9 that they may be charged more for the agency’s debt guarantees, according to people familiar with the matter. Bank of America Corp., Goldman Sachs Group Inc. and the financing arm of General Electric Co. led $29.8 billion of FDIC- backed bond sales since the meeting, making this the second- busiest week since companies began using the FDIC’s Temporary Liquidity Guarantee Program on November 25, according to data compiled by Bloomberg. FDIC officials said they plan to add a fee of 25 basis points on banks and 50 basis points on bank holding companies. Right now, it charges 1 percentage point of the amount sold on debt maturing in one year under the TLGP. The fees would be applied as of April 1 and are meant to restock the Washington- based FDIC’s deposit insurance fund, the people said. The amount of FDIC-backed bond sales was “pretty significant,” said an individual who helps oversee $6.2 billion in fixed-income assets as a money manager at Transamerica Investment Management in Los Angeles. On March 11, the FDIC said its directors would meet on March 17 to discuss amending the TLGP. A FDIC spokesman said on March 12 the agency has “continuing discussions with the industry on TLGP, however we do not comment on any specifics of our discussions.” Source:

6. March 12, Maine Sun Journal – (Maine) Police respond to bomb threat. An investigation into a bomb threat at TD Banknorth in Oxford briefly closed the bank on March 11. No bomb was found. Employees had already evacuated the building when police were called at 9:10 a.m. No other businesses in the plaza were shut down or evacuated. “They just called, made the threat, and hung up,” said a sergeant of the Oxford Police Department. The chief of the Oxford Police Department said Maine State Police brought in a bomb-sniffing dog to look for an explosive device, but found nothing. The Oxford County Sheriff’s Office provided additional coverage, and the Norway and Paris Police Departments were also initially called. The chief said police were on the scene for nearly two hours before the bank was reopened. He said it was unusual for a bomb threat to be made on a bank. Source:

7. March 12, SPAMfighter – (Utah) Phishers increasingly targeting Utah credit unions. Some credit unions in Utah state that their consumers have been recently hit by a phishing scam following the use of several Utah-based accounts in the end week of February 2009 to carry out spurious transactions. The fraudsters pretending to represent a Utah Credit Union distributed fake warnings through e-mail to innocent consumers. The messages say that the accounts of the customers have been deactivated and to resume their functioning, users must provide their account details for verification. However, the Credit Union explained that the messages are not genuine and it does not send e-mail to its customers requesting for any type of personal information. Hence, as precautionary measure, the Utah Credit Union has posted certain security rules on its Web site that would assist a consumer to know more about phishing as well as everything he/she needs to do if ensnared in one such incident. As per the directed security rules, if a consumer gets an e-mail in which the Credit Union requests the user for his/her personal information, then he/she should not reply to it. Instead, the recipient needs to get in touch with the Union instantly so that the appropriate officials are notified and an investigation is initiated. Source:

Information Technology

25. March 12, DarkReading – (International) Conficker/Downadup evolves to defend itself. The enigmatic Conficker worm has evolved, adopting new capabilities that make it more difficult than ever to find and eradicate, security researchers say. In a blog published late last week, researchers at Symantec said they found a completely new variantof Conficker, sometimes called Downadup, which is being pushed out to machines previously infected with earlier versions of the worm. The new variant, which Symantec calls W32.Downadup.C, appears to have defensive capabilities that were not present in earlier versions. While it spreads in the same manner, Conficker.Ccan disable some of the tools used to detect and eradicate it, including antivirus and other antimalware detection tools. W32.Downadup C also can switch domains at a much greater rate, Symantec said. The Downadup authors have now moved from a 250-a-day domain-generation algorithm to a new 50,000-a-day domain generation algorithm,the researchers reported. The new domain generation algorithm also uses one of a possible 116 domain suffixes.A report from CA about Conficker.C confirms Symantec’s findings, although the CA researchers said the jump from 500 to 50,000 domains will not occur until April 1. The ability to quickly switch domains will make it difficult for Internet security organizations, such as ICANN and OpenDNS, to block the domains used by the worm, industry experts note. Source:

26. March 12, IDG News Service – (International) Researchers sniff PC keyboard strokes from thin air. The PC keyboard an individual may be using could give away passwords. Researchers say they have discovered new ways to read what someone is typing by aiming special wireless or laser equipment at the keyboard or by simply plugging into a nearby electrical socket. Two separate research teams, from the Ecole Polytechnique Federale de Lausanne and security consultancy Inverse Path, have taken a close look at the electromagnetic radiation that is generated every time a computer keyboard is tapped. It turns out that this keystroke radiation is actually pretty easy to capture and decode, if someone is a computer hacker, that is. The Ecole Polytechnique team did its work over the air. Using an oscilloscope and an inexpensive wireless antenna, the team was able to pick up keystrokes from virtually any keyboard, including laptops. “We discovered four different ways to recover the keystroke of a keyboard,” said a Ph.D. student at the university. With the keyboard’s cabling and nearby power wires acting as antennas for these electromagnetic signals, the researchers were able to read keystrokes with 95 percent accuracy over a distance of up to 20 meters (22 yards), in ideal conditions. Laptops were the hardest to read, because the cable between the keyboard and the PC is so short, making for a tiny antenna. The researchers found a way to sniff USB keyboards, but older PS/2 keyboards, which have ground wires that connect right into the electric grid, were the best. Source:

27. March 12, IDG News Service – (International) Political cyberattacks to militarize the Web. Governments looking to silence critics and stymie opposition have added distributed denial-of-service (DDoS) attacks to their censoring methods, according to a security expert speaking at the Source Boston Security Showcase. As the use of DDoS for political gains increases, expect the Internet to become more militarized, a senior security researcher at Arbor Networks Inc. said in an address on March 11. “I do not think anyone is going to die because of these attacks, or a phone will not work, but it is early,” he said, noting that other weapons have evolved from less-harmful initial forms. In DDoS attacks, botnets, or a group of compromised computers used for malicious purposes, attempt to connect en masse to a victim’s Web site. The server hosting the site is unable to respond to the abundance of communication requests and shuts down or returns pages so slowly that site is essentially inaccessible. “The premise is to aggregate bandwidth and knock an adversary offline,” said the researcher. The researcher discussed how major international political situations spawned DDoS attacks. Source:

Communications Sector

28. March 11, TMC Net – (Pennsylvania) DCANet upgrading to Ethernet over Copper from XO Communications. Increasingly, Internet service providers (ISPs) are discovering that Ethernet over twisted pair, or Ethernet over Copper, is a cost effective and reliable method for increasing bandwidth. DCANet, an ISP serving the greater Philadelphia area, is a good example of how smaller service providers are affordably upgrading their networks with Ethernet over Copper. It was recently announced that the company is upgrading its T-1 transport service to Ethernet over Copper byXO Communications. Specifically, DCANet is migrating from the T-1 service XO currently provides with XO’s Ethernet over Copper service delivering access speeds starting at 5 Mbps (with the capability to increase to 20 Mbps). Currently, DCANet’s customers have downstream speeds of about 1.54 Mbps, due to the limitations of the T-1 service. “The majority of our customers aren’t tied into fiber networks, so leveraging existing copper lines to deliver high-speed Internet access was a natural choice,” said the president and CEO of DCANet. “XO had already proven its commitment to high-level service and offered the perfect option for Ethernet access, so our choice of where to turn was simple.” Not only will DCANet’s residential customers benefit from the upgraded service, businesses in the greater Philadelphia area will be able to more quickly and effectively download and share data-intensive, latency-sensitive files. DCANet’s fully-redundant, private, fiber-based regional network has upstream connectivity to multiple Tier-1 networks. The company maintains a 10GB DWDM SONET ring between its Philadelphia and Wilmington datacenters, providing the highest levels of network reliability. DCANet also provides high density and high availability colocation facilities at its Wilmington datacenter. Source: