Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, April 1, 2009

Complete DHS Daily Report for April 1, 2009

Daily Report


 ABC News reports that a man accused of killing eight people Sunday in a Carthage, North Carolina nursing home shooting spree is in police custody, facing first degree murder charges. (See item 23)

23. March 30, ABC News – (North Carolina) Carnage in Carthage: Gunman kills 8 in nursing home. North Carolina police are investigating whether the man accused of killing eight people in a Carthage, North Carolina nursing home shooting spree may have targeted the home because his estranged wife worked there, according to the Associated Press. The man is in police custody facing first degree murder charges. At 10 a.m. on March 29 the man entered the nursing home armed with multiple guns. Stalking from room to room, he shot several residents, even those bound to wheelchairs. By the time the only on-duty officer for the Carthage Police Department arrived at the Pine Lake Health and Rehab Center and put a stop to the massacre, seven nursing home patients and one nursing home employee had died. Source:

 According to the East Valley Tribune, eight students were treated for chemical burns after a 15-year-old boy blew up a plastic bottle filled with a cleaning chemical at a middle school in Queen Creek, Arizona. (See item 27)

27. March 30, East Valley Tribune – (Arizona) Q.C. schoolyard explosion injures 8 students. Eight students were treated for chemical burns — and four of them were hospitalized — after a 15-year-old boy blew up a plastic bottle filled with a cleaning chemical at J.O. Combs Middle School in the Queen Creek area, sheriff’s deputies said. Three of the four students who were transported to a nearby hospital were walking to class when the device exploded at 8:01 a.m. on the basketball court at the school. Authorities said the boy used either hydrogen chloride or hydrogen sulfide in a plastic bottle with aluminum foil, which exploded and burned the students’ arms and legs, said the deputy chief for the Pinal County Sheriff’s Office. The boy, who is a ninth-grader, was arrested on suspicion of eight counts of aggravated assault, one count each of disorderly conduct, disposal of an explosive, and disruption of an educational institution, according to a spokeswoman for the Pinal County Sheriff’s Office. The boy, who was booked into the Pinal County Juvenile Detention Center for the offenses, told authorities he had been experimenting with manufacturing explosives, and previous burn marks on his arms indicated that he had. Source:


Banking and Finance Sector

6. March 30, IDG News Service – (National) U.S. convicts first foreigner of phishing. A 23-year-old Romanian man has become the first foreigner to be convicted by a U.S. court for phishing. The man, of Craiova, Romania, was sentenced to four years and two months in prison on March 30 for his role in an international phishing operation. Prosecutors had charged him with setting up fake banking sites and then sending out tens of thousands of fraudulent spam messages in hopes of tricking victims into giving up their account information. The sentence was handed down by a Judge of the U.S. District Court in Connecticut. In this case, prosecutors said they found 2,600 credit and debit card numbers in e-mail accounts linked to the defendant, and that he had probably harvested more information. He set up a fake phishing site to snare customers of People’s Bank in October 2005, but also had tools that would have allowed him to phish customers of Wells Fargo, Suntrust,, PayPal, and eBay, according to court documents. Source:

7. March 30, KFDM 6 Beaumont (Texas) Mobiloil Federal Credit Union warns of scam. Phishers have once again targeted thousands of Southeast Texans claiming to be from Mobiloil Federal Credit Union and asking for account information. Three times this past weekend an automated message reached the home of one resident. “Calling and saying they are with Mobiloil security and something about my card. I do not have a card,” the resident said. Hundreds of people across the Golden Triangle received the same call. The resident says she did not fall for it. The CEO of Mobiloil Federal Credit Union says customers have been calling and coming in to let them know what happened. He says the credit union will never solicit personal information over the phone. Source:

8. March 30, Berkshire Eagle (Maine) Phone scam phishes for bank account info. A telephone scam asking members and nonmembers of Greylock Federal Credit Union for their account and debit card pin numbers resulted in between 75 to 100 calls to the police department this weekend. A police sergeant said local residents reported getting phone calls with a recorded message of a person claiming to be from Greylock Federal Credit Union. The message tells listeners that fraudulent activity has been detected on their Greylock Federal credit card, and it has temporarily been suspended, he said. He said the message continues to say that in order for people to reactivate their cards, they have to plug in their account and pin number using the phone key pad. “I just wish it would stop because our phones keep ringing,” the sergeant said. He said the recorded message has targeted people with accounts through Greylock Federal as well as those who have no connection to the credit union, and police are advising people about what to do if they gave out their personal information. The senior vice president of marketing and administration for the Greylock Federal Credit Union said this weekend’s scam is similar to one reported in the Berkshire Eagle on March 16, and it has hit other financial institutions in Berkshire County as well as across the country. Source:

9. March 30, Wall Street Journal (National) FDIC starts to cut financing cord for banks. If banks want to depend on the government to guarantee their debt, it will soon become a lot more expensive. Financial companies have flocked to the markets to sell bonds backed by the Federal Deposit Insurance Corp.’s Temporary Liquidity Guarantee Program. Big issuers have included General Electric’s GE Capital, Goldman Sachs, Bank of America, and others. What is driving the rush to market? Partly, it is a little penny-pinching. The FDIC has imposed a new fee that would make such sales more expensive. Banks hurried to raise their money in March before the fee kicked in. The FDIC gets paid an underwriters’ fee every time a bank or financial company issues debt through the TLGP. The underwriters’ fee the FDIC has claimed has been larger than most investment banks would charge. Until now, the FDIC has been paid a fee of 0.5 percent of the amount issued on each issuance maturing within six months, 0.75 percent on debt coming due within six months to a year, and 1 percent on bonds coming due within a year or more. One thing that had worried issuers was the number of bonds that were to come due when the FDIC guarantee was to run out in June 2012. The agency extended the program, to December 2012, but the extension comes at a price. The new FDIC fee will increase according to the maturity of the bonds. So, if a bank issues TLGP bonds now and the bonds mature after June 2012, the banks will pay an extra 0.25 percent on top of their existing fee payments to the FDIC. Source:

10. March 29, WWLP 22 Chicopee (Massachusetts) Credit card scam alert. Residents of Chicopee got a mysterious phone call from an automated machine saying that their credit card would be at risk. One woman was prompted to input her credit card number. She said she tried fake numbers, and the machine knew they were fake. The automated service said it was part of the Polish National Credit Union. She says she is concerned because her mother almost fell for the scam. Experts say to always remember never to give out personal information on the phone or computer because a financial institution will never ask for it. Source:

Information Technology

29. March 30, U.S. Department of Homeland Security – (National) DHS releases Conficker/Downadup computer worm detection tool. The U.S. Department of Homeland Security announced on March 30 the release of a DHS-developed detection tool that can be used by the Federal Government, commercial vendors, state and local governments, and critical infrastructure owners and operators to scan their networks for the Conficker/Downadup computer worm. The Department’s United States Computer Emergency Readiness Team (US-CERT) developed the tool that assists mission-critical partners in detecting if their networks are infected. The tool has been made available to federal and state partners via the Government Forum of Incident Response and Security Teams (GFIRST) Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers (ISACs). Additional outreach to partners will continue in the coming days. Department cyber experts briefed federal chief information officers and chief information security officers on March 30, as well as their equivalents in the private sector and state/local government via the ISACs and the National Infrastructure Protection Plan framework. ”While tools have existed for individual users, this is the only free tool — and the most comprehensive one — available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm,” said the US-CERT director. ”Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation’s critical networks and systems, both from this threat and all others.” Source:

30. March 29, CNET News – (International) Conficker worm might originate in China. Microsoft is putting up a $250,000 reward for any information leading to an arrest related to the Conficker worm case. Folks at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced on March 30 that they found clues that the virus may have originated in China. Previously, there were rumors that it might have been from Russia or Europe. The firm’s conclusion is based on its analysis of the virus’ coding. It found that Conficker’s code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, based on the firm’s own data. It is important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, that is in no way hard evidence. Even if this finding by BKIS is credible, it does little to help the authorities lay their hands on whoever is responsible for creating the virus. What it does is narrow in on where to block the return of the virus. Source:

Communications Sector

31. March 31, Sat News Daily – (National) Global satellite launches small but intelligent Iridium. Global Satellite USA launched its MCG-101, an intelligent Iridium PBX, which is a powerful and versatile Iridium communications system for offices, remote locations, military, aircraft, oil and gas, mining, and marine applications. The system has an intelligent solution for Iridium satellite phones to operate as a telephone, Internet gateway, GPS device, send/receive SMS, and attach to other devices through RS232 or CAN bus. The MCG-101 is daisy chainable so that it can connect with multiple simultaneous communications. Installing the unit only requires power, a SIM card, and an external antenna. The MCG-101 is portable, weighing just only 4lbs and measures 2 inches high by 8 inches wide by 8 inches deep. Source:

32. March 31, WSBT 2 South Bend – (Indiana) Significant outage affects Comcast cable, phone customers. Comcast communications customers in the Elkhart area of northern Indiana reported outages on March 31 that were affecting telephone, Internet, and cable TV service. There were no immediate reports on how many customers were affected. A Comcast service representative says the outage is “significant” and covers a large geographic area but had no other details. Comcast staff also had no information on when service might be restored to the area, citing computer systems that were down for maintenance as the reason no other details were available. Source: