Department of Homeland Security Daily Open Source Infrastructure Report

Friday, April 10, 2009

Complete DHS Daily Report for April 10, 2009

Daily Report

Top Stories

 According to the Honolulu Advertiser, the Hawaii Department of Transportation is warning nearly 1,900 holders of Hawaii commercial driver’s licenses to take measures to prevent identity theft after a state computer containing personal information was stolen three weeks ago. (See item 13)

13. April 8, Honolulu Advertiser – (Hawaii) License holders alerted to theft. Nearly 1,900 holders of Hawaii commercial driver’s licenses are being warned to take measures to prevent identity theft after a state computer containing personal information was stolen three weeks ago. The state Department of Transportation sent a letter April 6 to the affected commercial driver’s license holders to notify them of the security breach. The laptop computer contained the names, addresses, Social Security numbers, and other personal information of 1,892 commercial vehicle license drivers. Statewide, there are about 30,000 people with commercial driver’s licenses, said the department spokeswoman. The laptop was assigned to a Transportation Department motor vehicle safety officer in charge of inspecting vehicles on O’ahu and was taken March 18 from a fifth-floor state office in the Kakuhihewa Building in Kapolei. The inspector said he left the computer unattended about 9:30 a.m. and that when he went to get it half an hour later it was gone, the Transportation Department said. The incident was reported to police. No arrest had been made as of Tuesday. Although the theft occurred on March 18, the state did not notify the affected drivers until April 6. The spokeswoman said the department needed to follow protocol before sending the letters. The information in laptop computers allowed state motor vehicle carrier officers to conduct inspections in the field, the Department of Transportation said. That information no longer is stored in the laptops, the department said. Source:

 WHIO 7 Dayton reports that the Montgomery County, Ohio sheriff called for action Tuesday after a Miamisburg fire revealed serious issues with Cricket Wireless cell phone service. The sheriff has filed a complaint with the Federal Communications Commission against Cricket, which is not 911 compliant. (See item 25)

25. April 9, WHIO 7 Dayton – (Ohio; National) Cricket: 911 issues will be resolved. The Montgomery County, Ohio sheriff called for action Tuesday after a Miamisburg fire revealed serious issues with Cricket Wireless cell phone service. Authorities said the fire victim, who is a Cricket customer, tried to call 911 several times when his house and business caught fire. But officials said Cricket, which is not 911 compliant, sent the man’s 911 dials to the local police department, which was closed and answered with a recording that said, “If this is an emergency, please hang up and dial 911.” The man finally managed to use a different cell phone provider to reach 911 operators and report the fire. By the time firefighters arrived, the home was fully engulfed and a near total loss. The sheriff has filed a complaint with the Federal Communications Commission against Cricket. He said, “The public safety is at risk, it’s a huge issue for us.” Authorities said sheriff’s deputies have tested Cricket phones all over Montgomery County, and said the 911 issue exists nearly everywhere. A Cricket spokesperson said their team was out testing and changing every necessary routing number in Montgomery County. The Cricket spokesperson said everything will be resolved by Thursday morning. In the meantime, the Sheriff’s Office is recommending Cricket customers to program the county emergency seven-digit phone number into their phones and put it on speed dial. Source:


Banking and Finance Sector

7. April 9, Detroit Free Press – (Michigan) Farmington Hills bank told to sell or merge. The Federal Reserve System’s Board of Governors has ordered Michigan Heritage Bank in Farmington Hills to find a buyer or merge with another bank by on April 9 because it is “critically undercapitalized.” The move follows two recent “cease and desist” orders issued by the Federal Deposit Insurance Corp. to University Bank in Ann Arbor and West Michigan Community Bank in Hudsonville. The cease and desist orders are issued by the FDIC to stop banks from committing unsafe or unsound banking practices and violations of laws and regulations. And in March, the Office of Thrift Supervision ordered Home Federal Savings Bank in Detroit to find a buyer or merger partner by on April 8. The government orders reflect the struggles that many Michigan small banks are facing as they cope with the prolonged economic downturn in the state. Though only one Michigan bank, Main Street Bank in Northville, has failed in the past year, the number of problem banks continues to rise and more banks are operating under cease and desist orders. Michigan Heritage, established in March 1997, has $180 million in assets and branches in Novi and Wixom. It lost $3.4 million in the fourth quarter of last year. Source:

8. April 8, Reuters – (National) SEC favors short-selling curbs. The U.S. Securities and Exchange Commission voted unanimously on April 8 to issue proposed curbs on short selling, including a return of the “uptick rule,” for a 60-day public comment period. The five proposed measures would restrict a type of investing blamed by some lawmakers and executives for worsening the financial crisis and driving down share prices. The uptick rule allowed short sales, a bet that a stock’s price will fall, only when the last sale price was higher than the previous price. Another proposal would only allow shorting if the best available bid was higher than the last bid. Three other possible measures would use a circuit breaker approach to trigger a temporary suspension of short selling in a particular stock, or temporary application of the uptick or bid rule in a security. Under one proposal, if a stock fell by 10 percent or some other amount, a circuit breaker would kick in and trigger the application of the “bid test.” This approach has the support of the largest U.S. exchanges, the New York Stock Exchange, the Nasdaq Stock Market, and BATS exchange. Another circuit breaker proposal would ban short selling in a particular stock for the rest of the day once triggered. A third circuit breaker proposal would trigger the application of the uptick rule for the rest of the day. Source:

9. April 8, MarketWatch – (National) Worsening economy forced FOMC’s hand: minutes. A significantly worsening economic outlook forced the Federal Reserve’s hand in mid-March, leading the Federal Open Market Committee (FOMC) to commit to buy up to $1.25 trillion in long-term assets to goose the economy and prevent a slide into deflation, according to minutes of the March 17-18 meeting released on April 8. The summary of the meeting indicates little debate among the FOMC members on the question of buying longer-term Treasurys, with the major disagreement coming over how much to buy. All members of the committee agreed that “substantial additional purchases of longer-term assets…would be appropriate,” the minutes said. “Members agree that the monetary base was likely to grow significantly.” Some members said that the worsening economic outlook and the specter of deflation argued for “very substantial purchases of longer-term assets,” while others said some of the heavy lifting could be accomplished by other Fed programs, particularly the new Term Asset-Backed Securities Loan Facility. Ahead of the meeting, most market participants believed the FOMC would not announce a plan to include Treasurys in its purchases. Almost all members of the policy-setting committee of the U.S. central bank said risks were rising that the economy would worsen more than forecast, and they all agreed that inflationary pressures would remain subdued for some time, according to the heavily edited minutes. Source:{D3063D99-1682-4A84-98B5-3D44C66C1BD5}

10. April 8, Bloomberg – (Colorado) Denver Ponzi-scam manager bought Rembrandts, SEC says. U.S. regulators sued a Denver-area investment manager and his firm, claiming he ran a 15-year Ponzi scheme and spent proceeds on classic cars, motor homes, and artworks by Rembrandt van Rijn. The 46-year-old fraudulently raised as much as $20 million for a series of four investment funds at his Market Street Advisors, the Securities and Exchange Commission said in a lawsuit at federal court in Denver. After his first fund suffered unreported losses around 1995, he opened new funds to raise money, continue paying clients, and support a “lavish lifestyle,” the SEC said. “The defendant repeatedly deceived investors, many of whom considered him a personal friend, by sending them fictitious account statements showing annual rates of return of 7 to 20 percent,” said the director of the SEC’s Denver office in a statement announcing the case on April 8. The SEC said it is seeking an emergency court order to freeze assets. It also wants the defendant and his Aurora, Colorado-based firm to forfeit “illegal gains” and pay unspecified fines. Source:

Information Technology

27. April 8, CNET News – (International) Conficker wakes up, updates via P2P, drops payload. The Conficker worm is finally doing something, updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on April 8. Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said the global director of security education at Trend Micro. The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said. The worm also tries to connect to,,,, and as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog. Because infected computers are receiving the new component in a staggered manner rather than all at once, there should be no disruption to the Web sites the computers visit, said the advanced threats researcher for Trend Micro. “After May 3, it shuts down and will not do any replication,” the threats researcher said. However, infected computers could still be remotely controlled to do something else, he added. Source:

Communications Sector

28. April 8, Miami County Republic – (Kansas) Verizon tower approved by planners. Verizon Wireless will retain operation and maintenance of a communications tower in Spring Hill. The permit, approved last week by the Spring Hill Planning Commission, allows Verizon Wireless to operate a telecommunications facility at the city water tower. Verizon submitted the application February 27 for renewal. A conditional-use permit was approved July 22, 2004. The permit expired November 20, 2008. According to city documents, there were communication issues between staff and management at Verizon, which resulted in delay of the permit. The applicant currently operates six antennas on the water tower and an emergency generator and equipment shelter at the tower. The Spring Hill Public Works director identified two concerns regarding homeland security. The director’s concerns involved Verizon having unrestricted access. “Verizon accesses their backup generator through the water tower compound gate,” said the director in the February city document. “I would prefer the access point be changed so they do not


have access through the compound gate.” Verizon agreed to build a fence around the leased area. The second issue involved notification of city staff when access is required for the antennas. “Unless an emergency dictates the necessity to allow access to the compound tower, we need to make sure it’s understood that Verizon will only be allowed access to the tower during normal hours of operation with 24-hour advance notification,” the director said. Verizon agreed to provide 24-hour advanced notice of access, except during emergency situations. Source: