Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, May 6, 2009

Complete DHS Daily Report for May 6, 2009

Daily Report

Top Stories

 The Dayton Daily News reports that the explosion that triggered a raging fire at the Veolia Environmental Services plant on Monday has been ruled accidental, according to a release from the State of Ohio Fire Marshal’s office and the city of West Carrollton. (See item 3)

3. May 5, Dayton Daily News – (Ohio) Explosion ruled accidental, result of ignitable liquid. The explosion that triggered a raging fire at the Veolia Environmental Services plant on May 4 has been ruled accidental, according to a release from the State Fire Marshal’s office and the city of West Carrollton. The release said investigators for the city, the fire marshal’s office and other state and federal authorities “found no evidence of criminal intent during their investigation.” The release said a leak of ignitable liquid, possibly acetone or tetrahydrofuran, came in contact with gas-fired boilers in or around a laboratory building on the site in West Carrollton. According to the West Carrollton Fire Chief, six employees were transferring solvents from one tank to another when they noticed a leak. Somehow, the leaking fumes ignited and exploded about midnight in an area of storage tanks behind a laboratory building at the plant. An environmental specialist on hazardous materials for the Ohio EPA’s Dayton office said Monday that he will investigate the cause of the explosion, the “full nature and extent” of any chemical releases, and whether there were any violations or negligence involved. Source:

 reports that the Army has issued a recall of more than 30,000 helmets because it found that four screws that attach the chinstrap and related parts did not meet Army specifications. The Army said helmet-maker Gentex Corp. is alleging the subcontractor falsified certificates of compliance for the steel screws it furnished for the helmets. (See item 7)

7. May 5, – (National) Army recalls some combat helmets. The Army has issued a recall of more than 30,000 helmets — not because the helmet shells are flawed, but because it found that four screws that attach the chinstrap and related parts did not meet Army specs. The screws were supplied by a subcontractor to helmet-maker Gentex Corp., according to the Army. In a press release issued May 4, the Army said Gentex is alleging the subcontractor falsified certificates of compliance for the steel screws it furnished for the helmets. In all, 34,218 Advanced Combat Helmets are being recalled for failing ballistic tests. The number includes 15,380 Army helmets, 12,000 Air Force helmets and another 6,838 helmets which were never issued by Defense Logistics Agency. Gentex is one of four companies that makes the helmets, and has delivered 297,000 of the 1.2 million that the Army has received, officials said. Source:


Banking and Finance Sector

9. May 5, Wall Street Journal – (National) More banks will need capital. The U.S. is expected to direct about 10 of the 19 banks undergoing government stress tests to boost their capital, according to several people familiar with the matter, a move that officials hope will quell fears about the solvency of the financial sector. The exact number of banks affected remains under discussion. It could include Wells Fargo & Co., Bank of America, Citigroup Inc. and several regional banks. At one point, officials believed as many as 14 banks would need to raise more funds to create a stronger buffer against future losses, these people said, but that number has fallen in recent days. Representatives from Wells, Bank of America and Citi declined to comment. The U.S. Presidential Administration announced the stress tests, a process of examining banks’ ability to withstand future losses, back in February. At the time, the news sparked concern among investors and depositors that the results would be used to shut down or nationalize some of the country’s weaker institutions. But the Federal Reserve Chairman and the Treasury Secretary assured investors that none of the banks undergoing stress tests would be allowed to fail and that all would have access to government funds if needed. Source:

10. May 5, Dow Jones Newswire – (National) U.S. government watchdogs strained by rising bank failures. The rising number of failed U.S. banks is putting a strain on government watchdogs, forcing them to drop investigations into issues such as money laundering and preventing effective oversight over the trillions of dollars in new government programs put in place in recent months. Inspectors general (IGs) from the Treasury Department, Federal Reserve and Federal Deposit Insurance Corp. will tell a U.S. House subcommittee on May 5 that laws requiring mandatory reviews of bank failures of a certain size are eating away at scarce resources for auditors. Currently, IGs are required to investigate any bank failure where the estimated loss is considered material, exceeding the greater of $25 million or 2 percent of the bank’s assets. Regulators have shut down 31 banks already this year, and the Federal Inspector General said the low threshold leads to mandatory investigations that prevent broader oversight. “We are concerned that an increase in the number of (reviews) would not only require us to shift resources from the important ongoing work related to the financial crisis, but would also significantly reduce our ability to initiate work in other emerging areas,” she said in prepared remarks for the May 5 hearing. Source:

11. May 4, KPIX 5 San Francisco – (California) Former bank mailroom supervisor accused in id theft scam. A former San Francisco bank mailroom supervisor accused in an identity theft scam faces up to seven years in prison if convicted, prosecutors said on May 4. The defendant has been charged with six felonies including identity theft and embezzlement for his alleged role in what the District Attorney called one of the fastest-growing and “insidious” crimes. San Francisco prosecutors say that over a six-month period beginning in April 2007, the defendant allegedly opened customer mail at a First Republic Bank branch containing both commercial and personal identifying information. He then allegedly made copies of checks, and sold those copies as part of a larger identity theft scheme. The checks were later used by someone else to replicate the bank account and issue checks from that account. Prosecutors have charged the case based on three alleged victims, but said there could be more, and an investigation continues. They did not reveal how much money was lost. Source:

For more stories, see items 35 and 39 below

Information Technology

34. May 5, Associated Press – (National) Pentagon cyber command to create force for future. The U.S. military must reorganize its offensive and defensive cyber operations and will use a new command at a Maryland Army facility to create a digital warfare force for the future, the director of the National Security Agency says. The Pentagon’s leading cyber warfare commander said the U.S. is determined to lead the global effort to use computer technology to deter or defeat enemies, while still protecting the public’s constitutional rights. In testimony prepared for delivery on May 5 to a House Armed Services subcommittee, the Lieutenant General and other military leaders in cyber matters outlined the challenges to keeping up with rapidly changing technologies and the need for more resources and training. In blunt comments, the Lieutenant General acknowledged that cyber training for the Pentagon’s work force is inadequate and must be improved. The testimony comes as the U. S. Presidential Administration prepares to release its review of the nation’s cybersecurity, and on the heels of a critical report by the National Research Council. The independent group’s report concluded that the government’s policies on how and when to wage cyber warfare are ill-formed, lack adequate oversight and require a broad public debate. Source:

35. May 4, DarkReading – (International) Researchers take over dangerous botnet. A group of researchers at the University of California-Santa Barbara boldly hijacked a notorious botnet known for stealing financial information and discovered that the botnet is even more dangerous than had been thought. Researchers at the University of California at Santa Barbara have published a report that exposes details about how the infamous Torpig/Sinowal/Anserin botnet operates, its makeup, who it typically victimizes, and just what type of financial data it is stealing. The researchers seized control of the botnet for 10 days in late January, after which Torpig’s operators reclaimed it. “Torpig provided a unique opportunity to understand a live botnet. Most of the time, researchers only gain access to offline data, [such as] through a dropzone server that may be years old, while the data that we received was in real-time,” says one of the UCSB researchers. While big-name botnets, like the former Storm, are best-known for their widespread spam runs and often dismissed as more of annoyance, it is the smaller, more stealthy botnets like Torpig that can pose real dangers. Torpig is a specialized mini-botnet, a smaller and less conspicuous army that targets organizations and users to steal bank account information or other valuable personal information. Torpig has been a hot subject for researchers for some time: RSA revealed in October 2008 that the so-called Sinowal Trojan, a.k.a. Torpig and Mebroot, had been stealing data for about three years, and had successfully swiped 300,000 online bank accounts, credit and debit card accounts, and an unknown number of email and FTP accounts. The botnet’s malware “may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters,” researchers say. Source:

36. May 4, SC Magazine – (International) Adobe PDF vulnerability fix slated for May 12. Adobe said it plans to release an update by May 12 for the recently disclosed Reader and Acrobat vulnerability. In doing so, Adobe will push out Windows updates for Reader and Acrobat versions 7, 8 and 9 and Macintosh and Unix updates for versions 8 and 9, Adobe’s security program manager said on May 1 in a blog post. The company also has confirmed a second vulnerability in its Reader for Unix software, which also is slated to be fixed in next week’s update. That bug does not affect Windows or Mac versions, but Adobe is investigating whether it can “reproduce an exploitable scenario.” Proof-of-concept code for both vulnerabilities has been published on the web; however, Adobe is not aware of any live attacks. Source:

37. May 4, CSO Online – (International) USA (and IE) number 1 for botnet mayhem. Research from security vendor Finjan Inc. suggests enterprise IT shops are losing the war against those who would hijack company computers for botnets. Almost half the victims appear to be in the U.S., most using Microsoft’s Internet Explorer (IE) browser. Finjan’s Malicious Code Research Center (MCRC) uncovered a network of 1.9 million Trojan horses running on corporate, government and consumer computers around the world during an investigation of command-and-control servers run by botnet herders from the Ukraine and elsewhere. One server, launched in February but later shut down, was hosted in the Ukraine and controlled by an online gang of six people who managed to establish a vast Trojan distribution network. “Hackers keep looking for improved ways to distribute malware and Trojans are winning the race. The sophistication of the crimeware and the staggering amount of infected computers proves these people are raising the bar,” the Finjan CTO said. “Corporate and governmental data remain prime targets, especially computers in the U.S. and the U.K. which are under attack, and need to protect themselves.” Based on posts found on various hacking forums, researchers believe 1,000 hijacked computers are being rented out for $100-$200 a day. The bad guys can make $190,000 a day for renting a botnet of 1.9 million infected computers. Computers in 77 government-owned domains (.gov) from the U.S., U.K., Brazil, Turkey and India have been compromised and are running the Trojan horse. The malware is remotely controlled by hackers who use them to deliver almost any command on the end-user computer as they see fit, including reading e-mails, copying files, recording keystrokes, sending spam, and making screenshots. Source:

38. May 4, Computerworld – (International) Leaked copies of Windows 7 RC contain Trojan. Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade. Windows 7 RC, which Microsoft Corp. will officially launch on May 5, leaked two weeks ago, with copies first appearing on BitTorrent tracking sites on April 24. Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as “Just a warning for anyone downloading the new RC builds of windows 7. Quiet [sic] a lot of the downloads have a trojan inbedded [sic] in the setup EXE,” said a user on a discussion thread. “The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe.”“Suspicious codec.exe!” reported a user on Mininova, commenting on one of the 32-bit builds. Another Mininova commenter identified the malware as the “Falder” Trojan, which downloads fake security software, dubbed “scareware,” to PCs and installs a rootkit to hide from legitimate antivirus products. Microsoft, which has cited potential infection as a reason to steer clear of unauthorized downloads, jumped on the news. “This unfortunately shows that there are those out there who see the significant interest in something such as Windows 7 as an opportunity to try to take advantage of others,” said the director of Microsoft’s Genuine Windows anti-piracy technology group, in a post to a company blog on May 1. Source:

Communications Sector

39. May 5, Network World – (International) NYSE to implement 100Gbps network. NYSE Euronext, the company that operates the New York Stock Exchange, will soon implement a 100Gbps data network with help from network equipment vendor Ciena. Ciena says the 100G network will serve as the cornerstone of NYSE Euronext’s new data centers in the New York and London metropolitan areas, which are due to come online in 2010. According to Ciena, the data centers will need the bandwidth capacity to support “more than one billion daily transactions comprising petabytes of data.” The network will utilize Ciena’s CN 4200 RS FlexSelect Advanced Services Platform, a wavelength-division multiplexing transport platform that the company says is “designed for telco and cable service providers, large enterprises, research and education institutions, and government organizations to deploy in locations that require massive service aggregation and wavelength routing.” The company says that its own technology is able to generate 100Gbps over a single wavelength, unlike other 100G tests in the past that have combined two 40Gbps wavelengths or have inversely multiplexed ten 10Gbps wavelengths. Source:

40. May 4, Fierce Telecom – (Colorado) Colorado town fights Qwest for fiber. Silverton is the only county seat in Colorado that is not connected to the rest of the state by fiber optics. Qwest has a $37 million contract with the state of Colorado to link every county seat with reliable high-speed Internet access, but the carrier admits it has no plans to run fiber 16 miles to the town by the time the contract runs out next year. Residents have been protesting for more than five years that they do not have fiber, but Qwest has installed a microwave system that it says is fast, has plenty of capacity, and can be upgraded. State officials apparently decided that microwave was good enough, but businesses in Silverton run into capacity problems during the summer when tourists come into town; too many credit card purchases jam up the system. It also does not help that an avalanche took out a relay tower back in 2005, interrupting all phone and Internet service for about 24 hours. Source:

41. May 4, Fierce Telecom – (New Hampshire) In NH, FairPoint transition blame spread to PUC, contractors. Local citizens and newspapers in New Hampshire are starting to look beyond FairPoint’s transition problems to state regulators and contractors that supervised its purchase of Verizon’s landline business in northern New England. FairPoint has run a gauntlet of criticism for its problems after taking over from Verizon, including e-mail and Internet outages, poor customer service, billing issues and other transition-related problems. Among the parties now getting more scrutiny are Capgemini, the company that designed FairPoint’s computer system; Liberty Consulting Group, the company hired by New Hampshire Public Utilities Commission (PUC) to monitor FairPoint’s progress in taking over Verizon’s network and operations; and, the PUC itself. In January 2009, Liberty Consulting had assured public utilities officials that FairPoint was ready to switch over from Verizon’s computer systems onto the Capgemini systems, but tens of thousands of customers have encountered problems with billing systems, service requests, and an e-mail glitch/oversight that left thousands of customers with no access for days to weeks. Source: