Department of Homeland Security Daily Open Source Infrastructure Report

Monday, March 30, 2009

Complete DHS Daily Report for March 30, 2009

Daily Report


 The Associated Press reports that pirates armed with machine guns pursued and captured a Norwegian chemical tanker off the coast of Somalia on Thursday, less than 24 hours after a smaller Greek-owned chemical tanker was seized in the same area. (See item 5)

5. March 26, Associated Press – (International) Somali pirates hijack two tankers in 24 hours. Pirates armed with machine guns pursued and captured a Norwegian chemical tanker off the coast of Somalia on March 26, the owners said, less than 24 hours after a smaller Greek-owned vessel was seized in the same area. The U.S. 5th Fleet, which patrols the pirate-infested Gulf of Aden, confirmed both hijackings and said they happened in the same area but separate from the gulf, one of the world’s busiest — and now most treacherous — sea lanes. The 23,000-ton Norwegian-owned Bow Asir was seized 250 miles off the Somali coast on the morning of March 26, and the 9,000-ton Greek-owned Nipayia, with 19 crew members, was attacked about 450 miles off Somalia on March 25, the European Union’s military spokesman said. Both vessels are chemical tankers but their cargoes were not immediately made public. Source:

 According to the Associated Press, officials in North Dakota ordered Thursday a mandatory evacuation of one Fargo neighborhood and a nursing home after authorities found cracks in an earthen levee built around the area. (See item 41)

41. March 26, Associated Press – (North Dakota) Cracks in levee forces evacuations in Fargo, ND. Officials in North Dakota have ordered a mandatory evacuation of one Fargo neighborhood and a nursing home after authorities found cracks in an earthen levee built around the area. Authorities say the evacuation on March 26 is a precaution and that the 40 homes in the River Vili neighborhood are not in immediate danger. They say no water has breached the levee. They also say Riverview Estates nursing home is being evacuated. The number of residents affected is not immediately clear. Fargo is on high alert after forecasters said the Red River could crest higher than predicted — at a record 43 feet. A CNN journalist and seven other people have been arrested for standing on top of sandbag levees in the Fargo area. A Fargo Police sergeant did not have many details of the journalist’s arrest, but said the man appeared to be taking pictures at the time. He says officers made the arrests Wednesday and Thursday after seeing people climb on the dikes. He says police will arrest anyone they see on top of a dike out of concern for people’s safety and the integrity of the levees. He says it is likely all those arrested have been released. A CNN spokesman says the cameraman had been shooting video and was unaware of any restrictions on climbing the dikes. Source:

See also:


Banking and Finance Sector

12. March 26, Bloomberg – (International) Millennium Bank in Caribbean is Ponzi scam, SEC says. U.S. regulators said they halted a $68 million Ponzi scheme at Caribbean-based Millennium Bank, the second case this year accusing a bank in the islands of fraudulently selling certificates of deposit. Millennium, describing itself as the subsidiary of a Swiss bank, made “blatant misrepresentations and glaring omissions” while marketing the instruments to wealthy U.S. clients since 2004, the Securities and Exchange Commission (SEC) said in a statement on March 26. A federal judge in Texas agreed to freeze assets after the SEC sued both companies and five people, including residents of North Carolina and California. “The defendants disguised their Ponzi scheme as a legitimate offshore investment and made promises about exuberant returns that were just too good to be true,” said the director of the SEC’s office in Fort Worth, Texas in a statement. Attorneys for the defendants could not be located. Source:

13. March 26, Reuters – (National) U.S. bank group opposes plan to expand FDIC powers. A top U.S. bank industry group said on March 26 it opposes a Treasury Department proposal to give the Federal Deposit Insurance Corp the power the wind down troubled non-bank financial firms. The American Bankers Association also raised concerns about an expansion of Federal Reserve powers, saying nothing should be done to detract from the Fed’s monetary policy responsibilities. “With regard to the resolution mechanism, ABA has serious concerns with formally giving the FDIC this power. It is dangerous to risk confusing the mission of the FDIC and detracting from the power of its image in the minds of depositors,” the ABA president said in a statement. He said the FDIC’s experience with resolving failed banks should be tapped, but the actual resolution power should be located elsewhere. The FDIC currently has the power to seize depository banks, but does not have similar authority for non-banks, including bank holding companies such as Citigroup Inc. or insurers such as American International Group Inc. Legislation was proposed recently that would give the government the power to seize a troubled non-bank financial firm whose outright failure could do broad damage to the economy. The legislation gives the FDIC the power to make loans to a troubled firm while keeping it open, buy a stake in the firm, assume obligations, take a lien on the firm’s assets, sell off the firm’s assets, or seize the whole firm. Source:

14. March 26, Spamfighter – (Colorado) Phishing mails attacked members of Pikes Peak Credit Union. The Pikes Peak of Credit Unions in Colorado is cautioning users to be careful about phishing mails being sent by hackers. The Pikes Peak of Credit Unions claims that the ID thieves and hackers did not breach credit union security systems to access phone numbers and e-mail addresses; instead, they are distributing unsolicited mails in the hope that someone will be deceived. According to the investigation done till now, mails carry authentic looking logos and other similar details copied directly from credit union sites, making the e-mails appear legitimate and anyone can be deceived. Like other phishing mails, this too asks for personal details such as passwords, account numbers, and social security numbers to gain access to consumers’ money. Further, credit unions and banks will not ask for private details of customers through mails. In addition, as the phishing mails were sent to members in the wild, the official Web site of Credit Union asks its members to contact with the fraud departments of all three important credit union bureaus, TransUnion, Equifax, and Experian, at their helpdesk numbers. Apart from this, it suggests Credit Union members to shut down any accounts that have been exploited or accessed by hackers as credit account includes all accounts with banks, credit unions, credit card companies and other lenders, phone companies, utilities, Internet Service Providers, and other service providers. Source:

Information Technology

Nothing to report

Communications Sector

34. March 27, Spamfighter – (International) Hackers using router to infect computers with malware. Security researchers at DroneBL have found that malware authors are employing routers to spread malware. They have also revealed that a sophisticated malware piece has been found that converts users’ DSL modems and routers into a dangerous botnet called ‘Psybot.’ The security company further said that Psybot was specifically designed to attack home network routers that include embedded Linux for Microprocessor without Interlocked Pipeline Stages (MIPS) CPUs. The botnet also employs deep-packet inspection technique to siege user names and passwords. This technology facilitates in the installation of advanced security functions on the system. DoneBL researchers also state that the new technique used by hackers is extremely sophisticated and advanced as end-users would not be able to know that their network has been hacked, as reported by The Register on March 24, 2009. They added that hackers would use it as an effective attack vector to steal personally identifiable information in future. Moreover, after taking control over the system, hackers use it to plant a malware ridden file on the target system which later on executed, explained security researchers. Once the malware is installed on the system, it does not allow legitimate users to connect with the devise by blocking Web access, SSHD (Solid State Hard Disk), and telnet (Telecommunication network). It then connects the hacked devise with the botnet. As “Netcomm NBS” (modem router) has several security vulnerabilities that could be easily exploited, it is another main target for hackers, said security experts. Source:

35. March 27, The Register – (International) Cisco patch bundle lances multiple DoS flaws. Cisco has released a bundle of security updates, designed to fix a variety of flaws in its core IOS networking software. The eight advisories cover security patches that address multiple vulnerabilities in the networking giant’s implementation of networking protocols. Left unchecked, the flaws create a possible mechanism for hackers to crash network hardware kit such as VoIP systems, remote access kit, and routers running IOS. The eight updates relate to a number of TCP, UDP, Mobile, and VPN-related vulnerabilities. Seven of the eight flaws create a possible means to crash or force a reload of affected systems. In most of these cases there is nothing, in theory at least, to stop malicious hackers from doing this repeatedly to run a denial of service attack. One flaw (an IOS secure copy privilege escalation bug) creates a means for an ordinary user to gain admin privileges, thus posing a hacking risk. None of the vulnerabilities create a means for hackers to inject hostile code into vulnerable systems, the most serious class of risk. Cisco’s summary, which contains links to individual advisories, can be found here. The networking giant said it was “not aware of any public announcements or malicious use” of the vulnerabilities it details. Put another way, this means that none of the flaws have been used in denial of service attacks to date, but patching insecure networking kit is still a good idea. Source: