Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, April 14, 2009

Complete DHS Daily Report for April 14, 2009

Daily Report

Top Stories

 The St. Louis Post-Dispatch reports that one worker is in serious condition after a series of explosions Sunday inside the SantoLubes chemical plant in St. Charles, Missouri. (See item 4)

4. April 13, St. Louis Post-Dispatch – (Missouri) St. Charles firefighters battle blaze at chemical plant. One worker is in serious condition after a series of explosions inside the St. Charles business where he was working on April 12. Fire officials say the worker suffered burns over 30 percent of his body. He is being treated at an area hospital. Firefighters spent several hours battling a blaze that followed a series of explosions at a plant in St. Charles. The explosions happened at the an industrial site at 8 Governor Place just south of Highway 370 at the intersection of Elm Point Road and Governor Drive, authorities said. The worker, who has not been identified by fire officials, worked for SantoLubes, which manufactures lubricants used in the aerospace, electronics, automotive, power, and industrial sectors. A paramedic from the St. Charles County Ambulance District had to be treated for minor injuries. There is no word on his condition. The fire burned inside the building that housed several chemicals used in the production of insecticides, a spokesman for the St. Charles Fire Department said in a press release on April 13. Another fire official said that the blast was believed to involve the chemical ferric chloride. A St. Charles County Haz-Mat team went out to the explosion after the first emergency call. Firefighters rescued the worker and then, after talking to the employee and discovering that no other victims were inside the building, retreated to a safe area until the burning materials could be identified. The explosion is under investigation. Source:

 According to the Associated Press, a massive fire destroyed or damaged about 40 summer cottages at the Christian Conference Center in Alton Bay, New Hampshire on Sunday. (See item 42)

42. April 13, Associated Press – (New Hampshire) Dozens of cottages burn at NH Christian center. Authorities investigating a massive fire on Sunday that destroyed or damaged about 40 summer cottages at a Christian center said April 13 they do not believe the fire was arson. “There are no red flags to indicate it was suspicious, at this time,” the fire marshal said. Flames fanned by wind off Lake Winnipesaukee swept through the summer cottages at the 146-year-old Alton Bay Christian Conference Center. The cottages were reported as unoccupied. Witnesses watched as buildings burned to the ground in minutes. One firefighter was injured when a propane tank exploded; he was hospitalized in stable condition. Others were treated for smoke inhalation or exhaustion. The center’s approximately 140 cottages are close together in a network of narrow roads. The center, founded in 1863, is on the southeastern corner of the lake about 30 miles northeast of Concord. It also features a 70-room motel and a park for recreational vehicles. Source:


Banking and Finance Sector

11. April 12, KHON 2 Honolulu – (Hawaii) Bank of Hawaii phishing scam. The Bank of Hawaii has issued a warning to its customers about a scam. Scam artists are sending text messages stating that a person’s accounts have been locked and tells them to call a phone number. When people call the number, they are asked to enter their account number and pin. Officials for the Bank of Hawaii said do not call the number. The bank does not call or e-mail customers requesting personal information. Source:

12. April 11, Wichita Eagle – (Kansas) Wichita police warn merchants about credit card scam. Wichita law enforcement officials on April 10 urged merchants and their employees to watch out for scammers trying to use altered prepaid credit cards for transactions. Scammers are printing stolen credit card numbers on long, narrow strips of paper and pasting them onto the back of the cardboard credit-card holders, police said. “It has no value,” a lieutenant who heads the financial crimes section of the Wichita Police Department said of the Green Dot cardholder. The doctored numbers will not scan properly in a card reader, so the scammers ask the clerk or cashier to manually enter the numbers into the system. Several clerks and businesses in Wichita, Valley Center and Park City have done just that. The scam has become so widespread that Visa, Mastercard, and American Express will no longer cover losses linked to transactions that have been keyed in manually, said a detective of the Sedgwick County Sheriff’s Office. Source:

13. April 11, Associated Press – (Colorado; North Carolina) FDIC seizes banks in Colorado and North Carolina. Regulators seized two more banks on April 10, raising the number of bank failures this year to 23. The Federal Deposit Insurance Corp. took over Cape Fear Bank in Wilmington, North Carolina and New Frontier Bank in Greeley, Colorado after state regulators closed them down. The FDIC sold Cape Fear Bank to First Federal Savings & Loan Assn. of Charleston, South Carolina. The agency failed to sell New Frontier, and will keep it open for 30 days so customers can open accounts elsewhere. The failures will cost the deposit insurance fund a total of $800 million, the FDIC estimated. The tally of bank failures this year is just two shy of the total of 25 for all of 2008. Source:,0,5700560.story

14. April 10, Kennebec Morning Sentinel – (Maine) Virus hits bank. Franklin Savings Bank in Farmington is investigating an apparent computer virus on April 8 that forced the bank to temporarily shut down its online banking services and Web sites. Bank officials on April 9 declined to comment on the virus or any potential data risk to customers but said they would issue a statement April 10. Customers trying to access the bank’s Web sites —,, and — will see an alert that states the sites are unavailable due to system maintenance. It also states that bank officials are investigating the possibility that a virus may have been delivered to computers that accessed the bank Web sites between 1:30 a.m. and 9 p.m. on April 8. Source:

Information Technology

37. April 13, ZDNet – (International) New Skype vulnerability discovered. A new phishing attack demonstrated by researchers at Secure Science allows hackers to gain access to a user’s Skype client and then pose as a financial institution or proxy outbond calls. The technique is called “SkypeSkrayping” and is similar to a phishing attack only a bit more interactive. According to the report, sing either an inline frame (“iframe”) or image (“img”) tag, attackers could add a Specific Call Forwarding Number, grant attacker ability to receive the victim’s incoming call, obtain a Skype-To-Go Number, and/or grant an attacker the ability to access victim’s voicemail, speed dial, and outbound calling via Spoofed Caller-ID. The company’s IT department is working on resolving the problem. Source:

38. April 12, CNET News – (International) Teen takes responsibility for Twitter worms. As a second Twitter exploit began circulating on the micro-blogging site on April 12, a teenager from Brooklyn told CNET News he created both worms because he was bored and wanted to draw attention to the Twitter flaw. Much like the April 11 StalkDaily worm, the “Mikeyy” worm posts unwanted messages to users’ pages. The “Mikeyy” worm began spreading on the micro-blogging site on April 12, posting messages such as “Mikeyy I am done...,” “MikeyyMikeyy is done.,” and “Twitter please fix this, regards Mikeyy.” A 17-year-old Brooklyn resident told CNET News in an interview that he created the worm “out of boredom.” “I thought about it later and basically did it because I was bored,” he said. “And I did not think Twitter would fix (the flaw) very soon. But I did not think it would spread as far or as fast as it did.” Twitter said it has closed the hole that allowed the worm to spread. “We have taken steps to remove the offending updates, and to close the holes that allowed this ‘worm’ to spread,” Twitter said in a statement on April 11. “No passwords, phone numbers, or other sensitive information were compromised as part of this attack.” However, the creator of the worm said he released the second worm exploiting the original flaw on April 12, after Twitter claimed to have closed the holes. He also said that he had not yet been contacted by Twitter representatives. Source:

39. April 10, CNET News – (International) Conficker also installs fake antivirus software. Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators, the worm installs malware that masquerades as antivirus software, Trend Micro said on April 10. The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend Micro blog. The latest feature of the widespread worm is that it installs fake antivirus software on infected machines. The infection alerts repeatedly appear and experts are worried that people may be clicking on them and paying for the software just to be rid of the annoying messages, thereby handing thieves their credit card information. The fake antivirus program also attempts to install a Trojan downloader that is programmed to download new versions of Spyware Protect 2009, according to Kasperky Lab’s blog. However, the domain the Trojan downloader was being accessed from has been shut down, the blog said. Source:

Communications Sector

40. April 12, TMC News – (Indiana) Smithville Digital bringing fiber optics to thousands of homes. Smithville Digital is in the midst of a $90 million build-out that will put a fiber optic line directly into each customer’s home. Smithville Digital, a local telecommunications firm created in 2003, was spun off from Ellettsville’s Smithville Telephone. The infrastructure upgrade, according to company officials, will give residential customers much higher Internet connection speeds and enable the future arrival of some very high-tech services. The build-out will cover about 30,000 customers. The upgrade will also mean that basic telephone service will no longer travel through copper wires, but through the fiber optic cable. “Bandwidth needs have increased exponentially, especially looking at what’s coming up with online streaming video,” said the director of marketing. “It became very apparent that the only way to accommodate that was fiber.” With a 100 megabit connection, Internet users can download large amounts of data in a flash. The company says it will be the first company in Indiana to offer that connection speed to residential customers. Base service starts at 20 megabits. They hope to have about half of its 30,000 residential customers outfitted with direct fiber optic connections within two years. The rest of them should be wired within about five years. Source:

41. April 10, Fierce Telecom – (California) AT&T tweets California fiber cut info. AT&T used Twitter as one of a number of ways the company put out information about its Silicon Valley service interruptions April 9 due to several fiber cables being cut. The telco joins cable company Comcast in leveraging the social networking tool during a service interruption. The fiber cuts interrupted AT&T’s broadband, phone, and wireless service to thousands of people around the San Francisco Bay area and Silicon Valley. AT&T provided real time updates to 2,400 direct followers of its Twitter feed starting around 7 a.m. on April 9 and sent around nine “tweets” in total keeping customers informed. The last tweet let Twitter followers know that AT&T is offering a $100,000 reward for information leading to the arrest and conviction of those responsible for vandalizing the fiber cables. Recently, Comcast tweeted about an email outage. Source: See also:;title