Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, March 19, 2009

Complete DHS Daily Report for March 19, 2009

Daily Report


 The Sioux Falls Argus Leader reports that landowners in Montana, South Dakota, and Nebraska have asked their respective governors for help in blocking a Canadian company from using thinner steel in a proposed oil pipeline that will bisect each state. (See item 1)

1. March 18, Sioux Falls Argus Leader – (Montana; Nebraska; South Dakota) Governors asked to regulate pipeline — South Dakotans join protest of TransCanada’s plan to use thinner steel. Landowners in Montana, South Dakota, and Nebraska have asked their respective governors for help in blocking a Canadian company from using thinner steel in a proposed oil pipeline that will bisect each state. Alberta-based TransCanada applied for a special permit to build and operate its proposed Keystone XL pipeline with thinner, cheaper steel in areas not considered high-consequence areas, opponents charged March 17. High-consequence areas include railroad crossings, water crossings, and high-population areas. “We are asking for (the Governor’s) help in protecting the citizens of South Dakota from the unfair risk of oil spills,” a buffalo rancher said. “High pressure spells disaster.” The 1,980-mile pipeline will be safe, a TransCanada spokesman said. TransCanada is asking the U.S. Department of Transportation, which regulates pipeline safety, to use updated standards for liquid fuel pipelines. Source:

 According to USA Today, a new report by the Government Accountability Office says that the Transportation Security Administration may not have enough inspectors nor adequate equipment to guarantee all cargo is checked for explosives before it is loaded onto passenger airplanes. (See item 12)

12. March 17, USA Today – (National) Study: TSA may come up short on cargo checks. A plan to check every package of business cargo for explosives before it is loaded onto passenger airplanes faces major obstacles, according to a government report scheduled for release March 18. The report by Congress’ Government Accountability Office says the Transportation Security Administration (TSA) may not have enough inspectors nor adequate equipment to guarantee all cargo is checked for bombs. Passenger planes carry about 7.6 billion pounds of cargo a year, including electronics, auto parts, clothes, fresh produce and medical supplies. The cargo is placed alongside luggage in an airplane’s belly. While all suitcases have been screened since 2002, cargo has been subject to much looser inspection requirements, raising concerns that terrorists could slip a bomb into a package. A TSA spokesman said inspectors are being hired rapidly and a study is underway to determine how many inspectors are needed. The Homeland Security Department, which includes the TSA, “is committed to staffing the most effective inspector workforce possible.” The screening program also faces problems because there are no machines that can screen crates up to 10 feet long carrying dozens of cargo pieces, the report says. Source:


Banking and Finance Sector

8. March 18, North Andover Eagle Tribune – (Massachusetts) Phone scam widens beyond Haverhill. The phone scam that targeted Haverhill this week also reached Groveland, and it has police in other Merrimack Valley communities warning their residents to beware. Local police said they have reported the scam to the FBI because the calls are coming from area codes as far away as California. Since March 16, hundreds of residents have called police and Haverhill Bank to report they had received phone calls asking them to provide their debit card information so that a problem with their accounts could be resolved. The calls included some from people who wanted to provide police with the caller’s phone number, said the Haverhill police captain. “We have a variety of numbers we are keeping track of,” he said, “and we have notified the FBI of what is going on.” Police in Haverhill were told the scammers used two phone numbers from California. One is from the San Diego area code, and the other is from San Francisco. There also was a call from Texas and one from a Virginia area code, said the Groveland police sergeant. He said his department received more than six complaints about the scam between March 16 and March 17. Some of the calls people received originated in Virginia, and the names of Haverhill Bank and Pentucket Bank were used. Both banks are in Haverhill. Source:

9. March 17, Reuters – (New Jersey) NJ sues Lehman execs for fraud to recoup state funds. The State of New Jersey on March 17 sued Lehman Brothers executives and directors for “fraud and misrepresentation,” the New Jersey governor said, seeking to recover the $118 million lost by state pension funds. New Jersey’s Division of Investment bought $182 million of Lehman securities in April and June 2008. The move attracted widespread attention since it was unusual for a U.S. state pension fund to use the same strategy as sovereign wealth funds, hedge funds, and private equity groups. Lehman filed for bankruptcy on September 15, 2008, after failing to win a federal bailout. This left “shareholders with virtually worthless stock,” said the governor. The bankruptcy means the state cannot now sue the company, but New Jersey said it sued nine top executives, including the former chairman, and nine board members. Source:

10. March 17, WKOW 27 Madison – (Wisconsin) Credit unions report phishing scams. The Wisconsin Credit Union League is warning of criminals using automated phone calls with recordings asking consumers to reveal personal financial account information; a process called “phishing.” Phishing is a type of scam used with the intent of capturing personal information through mass messages like phone calls, emails, text messages or advertisements. That means consumers need to be wary when receiving unsolicited contacts that ask them to update, validate or confirm account information. The automated phone messages reported on March 17 claimed the member’s credit and/or debit card had been locked and asked the member to input the card number to unlock it. But no legitimate business — including Wisconsin credit unions or other financial institutions — would ever seek account information this way. The Credit Union National Association, whose website at also notes variations on scam tactics, says recent unsolicited requests for personal information have circulated under the subjects, “Account De-activation,” “Account Status Alert,” Changes to Terms and Conditions,” and “Irregular Activity.” Source:

11. March 16, Canadian Press – (International) Threats against Olympic sponsors worry security officials. Possible threats against sponsors of next year’s Vancouver Olympics have federal security agents wringing their hands over “extremist elements,” a newly released intelligence report reveals. The report by the Canadian government’s threat assessment center cites vandalism of a corporate backer’s premises, theft of the Games flag, and skirmishes between protesters and police during unveiling of the Olympic countdown clock. The Royal Bank of Canada, a key Games sponsor, “has been named specifically in anarchist and anti-Olympic Internet postings,” notes the analysis, “2010 Vancouver Winter Olympics: Terrorist Threat to Vancouver Area Facilities.” Between September 2007 and last May, anarchists claimed responsibility for four attacks in which large rocks were thrown through the windows of Vancouver Royal Bank branches, says the assessment under a section titled Domestic Non-Islamist Extremist Groups. Organizers are depending on corporate sponsors including the Royal Bank to support and promote the Games, but their participation appears to have heightened fears they will become targets for those who claim the Olympics have come to symbolize money more than sport. Source:

Information Technology

30. March 17, Computerworld – (International) Waledac bot pitches nearby terrorist bombing to dupe users. Hackers trying to trick users into downloading the Waledac Trojan horse are customizing their bait to the recipient’s location, upping the social engineering ante yet again, a security researcher said on March 17. The latest round of spam messages from Waledac’s makers’ trumpets news of a supposed bomb blast, said the principal researcher at Web security company Purewire Inc. The link included in the spam — which comes armed with subject headings such as “Bomb was blasted in your town” and “At least 18 killed in your city” — leads to a fake Reuters news service site, and a story that claims local fatalities from a bombing attack. “Authorities suggested that the explosion was caused by a ‘dirty’ bomb,” one version of the bogus site read. The site then uses the now-standard ruse of asking the user to download and install an update to Adobe System Inc.’s Flash Player to view video. The file is nothing of the sort but is actually the Waledac Trojan horse. “Within the last 24 to 48 hours, Waledac has switched to a fake Reuters news story,” said the principal researcher. In itself, that is nothing new: Attackers have leveraged current events to get users to download malware for years. “What’s somewhat novel here is that the Waledac operators have added the notion of locality,” he said. When the principal researcher used an IP address in Chile, for example, he was served up with a link to a story that claimed the bombing had taken place in Santiago, that country’s largest city and capital. “The content becomes more compelling,” he said, when it poses as local news. Source:

31. March 17, Washington Post – (International) Pentagon official warns of risk of cyber attacks. The head of the Pentagon’s Strategic Command warned Congress on March 17 that the United States is vulnerable to cyberattacks “across the spectrum” and that more needs to be done to defend against the potential of online strikes, which could “potentially threaten not only our military networks, but also our critical national networks.” But the Air Force General made clear to a House Armed Services subcommittee that he has not been asked to defend most government Web sites nor the commercial and public infrastructure networks whose destruction could cripple the nation. The General’s command, instead, has the responsibility “to operate and defend the military networks only and be prepared to attack in cyberspace when directed,” he said, adding, “I think the broader question is, who should best do this for the other parts of America, where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them.” The responsibility of protecting civilian networks currently rests with the Department of Homeland Security, but the General’s testimony comes at a time when a Presidential-chartered 60-day study of cybersecurity is underway. A report from that study is expected next month. Source:

Communications Sector

32. March 18, Seattle Times – (Pennsylvania) Investigators rule arson in blast that destroyed 3 eastern Pa. strip mall businesses in Nov. Authorities in eastern Pennsylvania say an explosion that destroyed three businesses in a strip mall was arson. A state police deputy fire marshal says investigators have determined the blaze was intentionally set in Chocolateers Inc., a candy and novelty shop. Chocolateers, a pizzeria, and a Chinese restaurant were destroyed November 27, 2008 when the building they shared in Chestnuthill Township, in Monroe County, burned to the ground. The businesses were closed at the time, but about a half-dozen firefighters were inside when the explosion blew out some of the walls and caused much of the building to collapse. The firefighters managed to escape through a side door. No arrests have been made. Source:

33. March 17, Connecticut Post – (Connecticut) Officials coordinate propane removal plan. Stratford town and fire officials, spurred by a second act of arson on Long Beach West that reduced four vacant cottages to ashes, said March 17 that they are formulating a plan to remove gas from as many as 40 propane tanks left behind when the cottage owners were forced off the peninsula in 2007. The town has determined that leaving propane in the tanks poses a “serious fire and explosive hazard” to both firefighters and the public. Officials, however, could not explain why no one knew gas was still in the tanks until nearly two years after a state Supreme Court ruling forced the last of 45 cottage owners off the 35-acre site that had been leased to them by the town for decades. Officials said they have no idea how much the project will cost, but that they hope it can be completed over the next two or three months. The 38 remaining derelict cottages on Long Beach West are a particularly explosive threat, officials said, because many of the vacant structures with propane tanks attached still have plenty of fuel left in them. Officials, however, said the best they can do is remove the propane, but not the tanks. Fire and police officials said they are still investigating what was officially classified an arson on March 17, with investigators from the state Fire Marshal’s office joining local police and fire investigators in the probe. Source: See also

34. March 16, Kingsport Times News – (Tennessee) Bomb explodes while being disabled at Bluff City man’s home; no one injured. A bomb went off inside a Bluff City man’s home early March 16 as bomb technicians were attempting to disable it. At about 1 a.m., Bristol Tennessee Police Department bomb technicians were working to dismantle a bomb allegedly assembled by a 25-year-old man when it exploded, according to a Sullivan County Sheriff’s Office spokesman. The man’s mobile home had a “considerable amount” of damage, he said. There were no injuries to police or residents and little to no damage to neighboring homes, he added. Sullivan County sheriff’s deputies went to the man’s home about 2:30 p.m. March 15 to check his welfare. Upon arrival, deputies saw him through the window on a couch with the bomb. Within two hours police evacuated about 50 homes located within a quarter-mile radius of his trailer. Approximately 100 residents were sheltered at Sullivan East High School. SWAT members tackled the man about 9 p.m. after he allegedly ventured outside to get a lighter from a van after he could not get one he had inside the home to work. The suspect was initially taken to Bristol Regional Medical Center to be evaluated. He was then transferred to a mental health facility. Federal and local charges are pending. The investigation is continuing. Source: