Department of Homeland Security Daily Open Source Infrastructure Report

Friday, April 3, 2009

Complete DHS Daily Report for April 3, 2009

Daily Report


 The San Angelo Standard-Times reports that the Texas Railroad Commission is investigating the cause of a propane explosion and fire at a fertilizer plant in Ballinger, Texas on Tuesday. (See item 4)

4. April 2, San Angelo Standard-Times – (Texas) Fire damages Ballinger plant. The Texas Railroad Commission is investigating the cause of a propane explosion and fire at a Ballinger fertilizer plant, a plant official said. The explosion occurred March 31 about 3:30 p.m. at Buddy’s Plant Plus, starting a fire that burned until 8 p.m., said the plant general manager. A plant employee and a West Texas Gas Inc. employee were filling small propane tanks from a bulk tank in a small storage shed more than 50 yards behind the plant. The small tank exploded, rupturing the larger tank and catching the tank shed on fire. Nothing of this nature has happened before at the plant. The Ballinger volunteer fire department, the Runnels County Sheriff’s Department, Ballinger police, and the Texas Railroad Commission responded to the fire. The building and a forklift were destroyed in the fire. The plant manager estimated the damage at less than $20,000. Source:

 According to the Sebring News-Sun, Florida Hospital Heartland Division was in lockdown mode and investigators were flooding the Sun ‘N Lake area after a large number of envelopes containing a white powder were discovered Thursday morning in Highlands County, Florida. (See item 27)

27. April 2, Sebring News-Sun – (Florida) Anthrax scare up to 17 locations. Florida Hospital Heartland Division was in lockdown mode and investigators were flooding the Sun ‘N Lake area after a large number of envelopes containing a white powder were discovered Thursday morning. The reports of envelopes continued to come in at 3 p.m. on Thursday. The public information officer for Highlands County said that there are 17 confirmed locations where envelopes have been found. She also said investigators have two suspects, but “nothing definite.” In addition to the hospital, which had around 30 envelopes placed on cars in the staff parking lot, envelopes have been found at the Sun ‘N Lake town hall, and in mailboxes on numerous houses throughout the subdivision. At least three people opened the envelopes and were exposed to the powder, according to one report. Officials from the FBI, the FDLE, and several other agencies were on site, in addition to local law enforcement. According to an 11 a.m. briefing, an individual was seen leaving the hospital early Thursday morning and investigators are trying to track that person down. “We believe this is an elaborate hoax, but we are treating this as a serious anthrax case until we get the results from the State Health Department,” said the Highlands County sheriff. Source:


Banking and Finance Sector

10. April 2, Wall Street Journal – (National) FDIC imprimatur now costs more. It just got more expensive for banks raising money through the Federal Deposit Insurance Corp.’s debt-guarantee program. On April 1, the FDIC began applying higher fees to bank debt that it guarantees through its Temporary Liquidity Guarantee Program, trying to wean financial institutions off its support. Qualifying financial institutions have sold $124.5 billion of government-backed bonds so far this year, according to the latest figures from data provider Dealogic. Issuance dropped off in February to $24.8 billion, but surged to $52.4 billion in March as banks rushed to sell debt before the new fees kicked in. Sales peaked in December, when issuance reached $86.9 billion, according to Dealogic. Even with the higher fees, banks are likely to keep tapping the program since the financing terms remain far cheaper than selling nonguaranteed debt. “Until banks can issue unsecured debt on a regular basis without the FDIC guarantee, the program will remain an important part of their overall funding plans,” said the principal at Smith Breeden Associates in Boulder, Colorado. The FDIC announced last month that it would extend its three-year guarantee program six more months to December 2012 as it became clear financial institutions would still have difficulty selling debt on their own. Since the program was put in place, few firms have sold debt on their own. Source:

11. April 1, Dow Jones Newswire – (New York) SEC charges investment adviser Stein in $55M Ponzi scheme. A Long Island investment adviser was charged by the U.S. Securities and Exchange Commission on April 1 with operating a Ponzi scheme that took in more than $55 million. The SEC, in a lawsuit filed in U.S. District Court in Manhattan, alleges that a Roslyn, New York investment adviser solicited funds from more than 83 investors and more than $55 million moved through accounts of entities he ran. Separately, the U.S. Attorney’s office in Brooklyn also charged the investment adviser, who lives in Manhattan, with wire fraud for allegedly defrauding one of his clients out of more than $6.5 million. If convicted of wire fraud, the 59 years old faces up to 30 years in prison. He is expected to appear before a federal magistrate judge in Brooklyn later on April 1. The SEC alleges that the investment adviser used investor money to pay off older investors in a classic Ponzi scheme and used their funds for some of his personal expenses. Source:

12. April 1, Akron Beacon Journal – (Ohio) Police warn of phone scam. Akron-area police departments are warning citizens of an automated phone scam that several Akron and Wadsworth residents received on April 1. The automated message says that the person’s credit card or debit card may be jeopardized. The message asks the victim to leave his or her account numbers and expiration dates for verification. The message says GenFed Credit Union is responsible for the message. Akron police remind residents not to give out personal information over the phone. Banks and other financial institutions do not ask for such information by phone. Source:

13. April 1, Bloomberg – (National) Bair says FDIC may create a division to shut non-bank companies. The Federal Deposit Insurance Corp. would create a division to take over and shut non-bank financial companies as part of the overhaul of U.S. regulations, the chairman said. The Treasury Secretary suggested the FDIC get power to close failing non-bank institutions when he testified at a House Financial Services Committee hearing on March 26. The chairman said the agency is ready to take on the added authority. “If Congress did give it to us, we should consider perhaps a separate unit under the FDIC board or a separately branded name to deal with the non-bank institutions,” the chairman said at an American Bankers Association meeting in Washington. “Legally separate and separately branded might be the way to go.” The U.S. Treasury and the FDIC would be the main agencies to handle the closing of systemically important financial companies that are not banks. The plan follows procedures used by the FDIC on bank failures, without tapping the agency’s insurance fund. A new funding mechanism would be used, the Treasury has said. Source:

14. April 1, Computerworld – (National) PCI security standard gets ripped at House hearing. The PCI standard, long touted as one of the private sector’s best attempts to regulate itself on data security, is increasingly showing signs of coming apart at the seams. At a U.S. House of Representatives hearing on March 31, federal lawmakers and representatives of the retail industry challenged the effectiveness of the PCI rules, which are formally known as the Payment Card Industry Data Security Standard (PCI DSS). They claimed that the standard, which was created by the major credit card companies for use by all organizations that accept credit and debit card transactions, is overly complex and has done little to stop payment card data thefts and fraud. The hearing, held by a subcommittee of the House Committee on Homeland Security, also highlighted the longstanding bitter divide between retailers on one side and banks and credit card companies on the other over the role that the latter organizations should play in protecting card data. In one of the bluntest denouncements of PCI DSS to date, a Representative of New York, chairwoman of the subcommittee that held the hearing, said the standard by itself is simply not enough to protect cardholder data. The PCI rules are not “worthless,” she said. But, she added, “I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure. It is not, and the credit card companies acknowledge that. Much of PCI’s limitations have to do with the static nature of the standard’s requirements, according to the Representative, who said the rules are ineffective at dealing with the highly dynamic security threats that retailers and other merchants now face. Source:

15. April 1, Myrtle Beach Sun News – (South Carolina) Bank scam telephone calls target area residents. A phishing scam involving Conway National Bank is circulating in the Myrtle Beach area, according to bank officials. A recorded call is being made to area residents telling them their bank account or bank card has been compromised, but it is all a scam, said the Conway National Bank president. Conway National Bank account holders and non-customers are being targeted with the recorded call, similar to a text message scam that circulated a month ago. “It is totally random,” the president said. “They are phishing for information from the customers and they are getting non-customers too. It is a scam and [residents] should not respond to it.” Police had not received any reports about the scam, but bank officials said they had received numerous calls on April 1. The calls and text messages are part of a phishing scam, where information seems to come from a legitimate organization, but a person is asked for personal financial information that the institutions should already have, officials said. Source:

16. March 31, CNET News – (International) Symantec investigating customer credit-card data theft. Symantec is investigating allegations that a call center in India leaked credit card numbers of its customers to someone who then sold them to BBC News reporters posing as criminals. The security company has informed U.K. privacy authorities and attorneys general and officials in eight U.S. states and Puerto Rico of the allegations that three U.K. customers had credit card information leaked and that about 200 U.S. customers may have been affected because of interactions with the call center, a Symantec spokesman said March 31. “We nailed it down to one agent at the call center” who handled the Symantec customers, he said. That agent was put on administrative leave pending the outcome of the investigation. In addition to Puerto Rico, the states contacted were New Hampshire, Maryland, New Jersey, Maine, Massachusetts, New York, Virginia, and North Carolina. It was unclear exactly how the data of the three U.K. customers got from the call center into the hands of the man who the BBC News said sold the credit card numbers. Nor was it clear whether any data from the U.S. customers was leaked. There is no evidence that any U.S. data was exposed. When the reporters contacted some of the card owners, three of them said that they had bought Norton software from Symantec over the phone using their credit cards. Source:

Information Technology

35. April 2, Tulsa World – (International) Computer worm does little damage. The much hyped Conficker malware did not do catastrophic damage to the world’s computers on April 1 as some had feared. However, local computer professionals such as the president of Geek Rescue said the worm has indeed caused some problems in local computers. “It is easy to remove by itself, but it is usually accompanied by other infections,” he said. “It opens up a security hole for more malware to enter.” The worm previously checked 500 semi-randomly generated Web sites seeking new instructions. On April 1, some versions of Conficker expanded that check to 50,000 sites. The president and CEO of Avansic Digital Forensics Professionals in Tulsa said many in the computer industry paid close attention to Conficker due to its complexity and its unknown ultimate function. Still, he and others had doubted it would cause destruction. “It used to be people created worms for notoriety,” he said. “Nowadays, worms are being built to make money. They are not going to destroy your computer unless there is money in it somehow.” Source:

36. April 1, PC Magazine – (International) New malware specifically targets Firefox. Webroot has uncovered adware that targets the Firefox platform. The malware resembles DNSChanger, a common DNS hijacking threat, but operates differently. Instead of hacking the registry to change DNS, the new variant throws a DLL into the C:\Program Files\Mozilla Firefox\components directory and therefore runs inside the browser. This is not a vulnerability in Firefox in any sense; in order for this to happen the user has to run a malicious program as Administrator or some other privileged account. But it does show that some malware authors see enough potential in Firefox to write special malware for it. The use of a DLL does make the malware specific to Windows, although it may be possible to write versions for other platforms as well. Like DNSChanger it intercepts certain operations, like search requests, and redirects them through a Ukrainian host previously used by DNSChanger. A second piece of Firefox adware came bundled with the installer for a 3rd party Firefox plugin called PlayMP3z. The terms of service agreement that everyone just clicks through explicitly permits the software. It is called Foxicle and it generates popup and popunder ads. Success for the early entries in the Firefox malware market could set a signal for other IE-only players that it is time to go cross-platform. Source:,2817,2344286,00.asp

37. April 1, IDG News Service – (International) Legislation would create new cybersecurity regulations. Two U.S. senators have introduced legislation that would overhaul the nation’s cybersecurity efforts, and would reportedly allow the government to regulate some private company cybersecurity efforts for the first time. A Senator from West Virginia and a Senator from Maine introduced the legislation on April 1, but some details were not immediately available. Earlier on April 1, the Washington Post reported that the legislation will include new mandates on government networks and on private networks that control electrical grids, water distribution, and other essential services. A spokeswoman for the Senate Commerce, Science and Transportation Committee said on April 1 she had few details about the bill. The bill would establish a new national cybersecurity advisor in the executive office of the U.S. President, and it would “remake the relationship between the government and the private sector on cybersecurity,” a committee news release said. “We must protect our critical infrastructure at all costs, from our water to our electricity, to banking, traffic lights and electronic health records, the list goes on,” the Senator from West Virginia said in a statement. “It is an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now.” Source:

Communications Sector

38. April 1, KITV 4 Honolulu – (Hawaii) Oceanic cable hit by outages statewide. Customers of Oceanic Time Warner Cable, phone, and Roadrunner Internet service lost services in parts of Hawaii on April 1. The company lost power at its Mililani facility at 8:26 a.m., which caused the outage, Oceanic officials said. Workers restored power at 8:50 a.m. The company began slowly brining services back online, Oceanic officials said. Digital cable TV was restored statewide; Internet and digital phone have been restored in some areas. Oceanic estimated that about 50 percent of Oahu lost Internet and phone services, with some video channels lost across the state, officials said. Source: