Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, April 16, 2009

Complete DHS Daily Report for April 16, 2009

Daily Report

Top Stories

 According to Bloomberg, General Motors Corp. is recalling 1.5 million vehicles in the United States to fix a glitch in an engine component that may cause oil to leak and lead to a fire. (See item 9)


9. April 14, Bloomberg – (National) GM recalls 1.5 million cars for fire danger. General Motors Corp. is recalling 1.5 million vehicles in the United States to fix a glitch in an engine component that may cause oil to leak and lead to a fire. The move includes certain Buick, Chevrolet, Oldsmobile and Pontiac cars from model years 1997 to 2003, the National Highway Traffic Safety Administration said on its Web site. Oil could drop on the exhaust manifold, posing a risk of engine fire. The recall for Detroit-based GM will begin in May, the agency said. The recall affects Buick Regals from model years 1997 to 2003; Chevrolet vehicles including 1998 and 1999 Luminas, 1998- to-2003 Monte Carlos and Impalas from model years 2000 to 2003; the 1998 and 1999 Oldsmobile Intrigue; and some Pontiac Grand Prix cars from model years 1997 to 2003. Source: http://www.chron.com/disp/story.mpl/headline/biz/6372737.html


 Radio Netherlands Worldwide reports that pirates off the coast of Somalia attacked another U.S.-flagged ship, the Liberty Sun, on Tuesday. Pirates also seized two more cargo vessels, the Greek-owned MV Irene E.M. and the Togo-registered MV. (See item 17)


17. April 15, Radio Netherlands Worldwide – (International) Pirates step up attacks off Horn of Africa. Pirates off the coast of Somalia have attacked yet another U.S.-flagged ship, the Liberty Sun. The attack took place late on April 14 and comes just days after one of the pirate leaders vowed revenge for the April 12 rescue operation to free the U.S. captain of the Maersk Alabama. Three pirates were killed in that operation. The Liberty Sun was travelling to Mombasa, Kenya, laden with food aid for a number of African nations. The pirates approached the ship and fired on it with automatic weapons and rockets. The crew immediately called for assistance from the U.S. Navy. The USS Bainbridge later arrived on the scene and helped to repel the attack. The Liberty Sun sustained minor damage and a fire broke out, which the crew was able to extinguish. Pirates operating off the Horn of Africa seem to be stepping up their attacks, and seized two more cargo vessels on April 14, the Greek-owned MV Irene E.M. and the Togo-registered MV Sea Horse. The pirates are currently holding at least 260 people hostage on 19 vessels. Source: http://www.radionetherlands.nl/currentaffairs/region/africa/090415-somalia-pirates-us


Details

Banking and Finance Sector

13. April 15, WAPT 16 Jackson – (Mississippi) ‘Phishy’ text messages seek bank info. Scam artists are sending text messages to call Regions Bank about their account, a scam unlike any other the Attorney General’s Office has ever seen in Mississippi. The text messages are hitting phones around Jackson, saying consumers have a new voicemail from Regions Bank. The text gives recipients a number to call. A Regions Bank representative said anyone who gets a similar message should immediately contact the bank. “You would never see a financial institution contact a customer asking for personal or confidential information,” he said. This latest scam has put the consumer protection division of the Attorney General Office in uncharted territory. This is the first scam they have seen directed to cell phones. Source: http://www.wapt.com/news/19178963/detail.html


14. April 14, Bangor Daily News – (Maine) Phone scam tries to tap bank data. Bangor Savings Bank on April 13 warned customers about an automated phone scam seeking bank account and check card information after the bank started receiving calls from customers. Bank customers reported they had received automated phone messages asking them to provide card and account numbers, personal identification numbers or security codes to reactivate cards or address other fictitious problems with their accounts. The scam using voice mail is known as “vishing.” The Bangor Savings Bank senior vice president said “dozens and dozens” of customers were calling the bank to report the automated messages. He estimated less than 5 percent of the callers were worried they had revealed private information. The bank has found no instances of fraud, the vice president added. The calls seemed to have started on April 12, the vice president said, and many were reported on April 13 when the bank’s offices opened. Noncustomers are receiving the same messages, according to a statement from the bank, indicating it is likely a mass dialing program designed to randomly hit Bangor Savings customers in local telephone exchanges. The bank reminded customers to protect themselves by never giving out account numbers or PINs over the phone to a caller claiming to be from the bank. The bank is investigating the scope and source of the scam. Source: http://www.bangordailynews.com/detail/103724.html


15. April 14, Evansville Courier and Press – (National) Banks taking steps to insure deposits beyond FDIC limits. As concerns over the economy remain unabated, local banks are taking additional steps to protect customers’ money. First Security Bank, based in Owensboro, Kentucky, recently began offering the Certificate of Deposit Account Registry Service, which allows deposits of up to $50 million to be insured by the Federal Deposit Insurance Corp. That amount far exceeds the basic $250,000 the FDIC will cover for individual depositors. “You would be surprised by the number of customers who have a concern about their money and have more than the FDIC limit,” said the First Security president and chief executive officer. In many cases, those who want to avoid exceeding the coverage limits will break their deposits into smaller amounts and spread them among several financial institutions. First Security’s new service, often called CDARS, makes such a division no longer necessary, she said. Besides First Security Bank, Evansville Commerce Bank in Indiana is the only local financial institution using the Certificate of Deposit Account Registry Service, according to the service’s Web site. Fifth Third Bancorp, German American Bancorp, Integra Bancorp, Old National Bancorp and the Ohio Valley Financial Group said they have other means of insuring deposits greater than $250,000. Perhaps one reason for the reluctance to use CDARS is the fees those taking part must pay. Source: http://www.courierpress.com/news/2009/apr/14/14web-FDIC/


16. April 14, WIRED – (National) PIN crackers nab Holy Grail of bank card security. Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches. The attacks, says the director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States. “We are seeing entirely new attacks that a year ago were thought to be only academically possible,” says the director. Verizon Business released a report on April 15 that examines trends in security breaches. “What we see now is people going right to the source…and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks.” The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side. But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process. Source: http://blog.wired.com/27bstroke6/2009/04/pins.html


Information Technology


13. April 15, WAPT 16 Jackson – (Mississippi) ‘Phishy’ text messages seek bank info. Scam artists are sending text messages to call Regions Bank about their account, a scam unlike any other the Attorney General’s Office has ever seen in Mississippi. The text messages are hitting phones around Jackson, saying consumers have a new voicemail from Regions Bank. The text gives recipients a number to call. A Regions Bank representative said anyone who gets a similar message should immediately contact the bank. “You would never see a financial institution contact a customer asking for personal or confidential information,” he said. This latest scam has put the consumer protection division of the Attorney General Office in uncharted territory. This is the first scam they have seen directed to cell phones. Source: http://www.wapt.com/news/19178963/detail.html


14. April 14, Bangor Daily News – (Maine) Phone scam tries to tap bank data. Bangor Savings Bank on April 13 warned customers about an automated phone scam seeking bank account and check card information after the bank started receiving calls from customers. Bank customers reported they had received automated phone messages asking them to provide card and account numbers, personal identification numbers or security codes to reactivate cards or address other fictitious problems with their accounts. The scam using voice mail is known as “vishing.” The Bangor Savings Bank senior vice president said “dozens and dozens” of customers were calling the bank to report the automated messages. He estimated less than 5 percent of the callers were worried they had revealed private information. The bank has found no instances of fraud, the vice president added. The calls seemed to have started on April 12, the vice president said, and many were reported on April 13 when the bank’s offices opened. Noncustomers are receiving the same messages, according to a statement from the bank, indicating it is likely a mass dialing program designed to randomly hit Bangor Savings customers in local telephone exchanges. The bank reminded customers to protect themselves by never giving out account numbers or PINs over the phone to a caller claiming to be from the bank. The bank is investigating the scope and source of the scam. Source: http://www.bangordailynews.com/detail/103724.html


15. April 14, Evansville Courier and Press – (National) Banks taking steps to insure deposits beyond FDIC limits. As concerns over the economy remain unabated, local banks are taking additional steps to protect customers’ money. First Security Bank, based in Owensboro, Kentucky, recently began offering the Certificate of Deposit Account Registry Service, which allows deposits of up to $50 million to be insured by the Federal Deposit Insurance Corp. That amount far exceeds the basic $250,000 the FDIC will cover for individual depositors. “You would be surprised by the number of customers who have a concern about their money and have more than the FDIC limit,” said the First Security president and chief executive officer. In many cases, those who want to avoid exceeding the coverage limits will break their deposits into smaller amounts and spread them among several financial institutions. First Security’s new service, often called CDARS, makes such a division no longer necessary, she said. Besides First Security Bank, Evansville Commerce Bank in Indiana is the only local financial institution using the Certificate of Deposit Account Registry Service, according to the service’s Web site. Fifth Third Bancorp, German American Bancorp, Integra Bancorp, Old National Bancorp and the Ohio Valley Financial Group said they have other means of insuring deposits greater than $250,000. Perhaps one reason for the reluctance to use CDARS is the fees those taking part must pay. Source: http://www.courierpress.com/news/2009/apr/14/14web-FDIC/


16. April 14, WIRED – (National) PIN crackers nab Holy Grail of bank card security. Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches. The attacks, says the director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States. “We are seeing entirely new attacks that a year ago were thought to be only academically possible,” says the director. Verizon Business released a report on April 15 that examines trends in security breaches. “What we see now is people going right to the source…and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks.” The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side. But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process. Source: http://blog.wired.com/27bstroke6/2009/04/pins.html

Communications Sector

43. April 15, KNBC 4 Los Angeles – (California) NBC4 transmission tower hit by power failure. A power failure at the NBC4 transmitter on Mt. Wilson the night of April 14 caused a 3-hour blackout for people using new digital antennas. People using cable, satellite or analog antennas to watch NBC4 programming were not affected. The outage started about halfway through NBC Nightly News. KNBC was back on the digital airwaves shortly before 10 p.m. Source: http://www.nbclosangeles.com/news/local/NBC4-Transmission-Tower-Hit-by-Power-Failure.html