Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, May 13, 2009

Complete DHS Daily Report for May 13, 2009

Daily Report

Top Stories

 According to the Associated Press, a fire at Columbus Chemical Industries’ warehouse in Columbus, Wisconsin erupted Monday night, causing about 140 homes around the plant to be evacuated. (See item 5)

5. May 12, Associated Press – (Wisconsin) Wis. chemical plant fire chases people from homes. A fire at a chemical plant’s warehouse in Columbus was being allowed to burn itself out Tuesday by authorities, who began allowing some evacuated residents to return home and said the air appeared to be safe. The fire at the Columbus Chemical Industries plant erupted Monday night; firefighters decided to withdraw and let it burn after explosions shook the building. About 140 homes around the plant were evacuated and others were told to stay inside and to keep their windows closed because of the smoke. Several dozen people were allowed to return home Tuesday as emergency officials shrank the half-mile perimeter. The Dodge County Sheriff said air tests have not turned up any harmful levels of contaminants. Smoke continued to rise from the warehouse Tuesday afternoon and firefighters were not sure whether the fire was out. By Tuesday morning, more than a dozen firefighters and emergency workers had been taken to a hospital for decontamination. Columbus Chemical Industries provides chemicals to high-tech and pharmaceutical companies, among others, according to its Web site. No workers were at the plant at the time and it is not clear yet how the fire started, said the company’s executive vice president. Source:

 The Homer Horizon reports that a “chemical improvised device” exploded at a campus of Lockport Township High School in Lockport, Illinois on Monday, injuring as many as 14 students and staff members, although none of the injuries were life threatening. (See item 30)

30. May 12, Homer Horizon – (Illinois) Bomb threat closes LTHS campuses again today. For the third time in a week, Lockport Township High School in Lockport is on alert after a bomb threat. On May 12, a “specific threat” was anonymously phoned into the voicemail system at the high school, forcing officials to dismiss classes at both the East and Central campuses at 9:15 a.m. The superintendent said the voicemail featured a “computer generated voice” that included a threat directed to the East campus. In a press release, LTHS District 205 officials said they are taking “preventative measures,” including a canine search of both campuses, in response to the threat. On May 11, what officials called a “chemical improvised device” exploded inside LTHS’s Central campus, injuring as many as 14 students and staff members, although none of the injuries were life threatening. School and police officials did not believe that incident had any connection with a threatening message found on a bathroom wall at LTHS’s East campus on May 6. The small, pencil-written message read “Schools bombed Weds,” according to the high school’s director of development and public relations. An investigation from the Lockport Police Department is ongoing. Source:


Banking and Finance Sector

13. May 11, New York Times – (New York) Lawyer pleads guilty in $400 million fraud. A prominent New York lawyer whom prosecutors have called a “Houdini of impersonation and false documents” pleaded guilty on May 11 to leading what the authorities have called a fraud scheme that bilked hedge funds and other investors out of at least $400 million. The lawyer, a graduate of Yale University and Harvard Law School, sold $700 million worth of bogus promissory notes to investors, a federal indictment charged. He then used the proceeds to maintain a lavish lifestyle, according to the authorities. The defendant’s decision to admit guilt was not a surprise, as his lawyer had been suggesting for months that his client intended to plead guilty. The lawyer has said that the defendant felt “profound remorse,” accepted full responsibility for his crimes and had been cooperating in the attempt to untangle his scheme and track down assets that might be returned to victims. Source:

14. May 11, Syracuse Post Standard – (New York) Romanian men charged in ATM scam in Cicero. Four men who were living in Florida allegedly made trips to Cicero, Rochester and New York City to install “skimming” devices on ATM machines and illegally retrieve account and password information. The men targeted the drive-up ATM of the Chase bank branch on East Circle Drive. Chase employees discovered the skimming device, which records the information from the magnetic strip of any card that passes through, said the resident agent in charge of the Syracuse office of the Secret Service. Since the investigation began, police determined that the suspects were at the Cicero bank on at least five occasions in November 2008, stealing about $40,000 from customers. The total amount they scammed was $1.8 million and most of it was wired to Eastern Europe. Although the agent would not comment on specific investigative techniques used to determine their identity, he said the police agencies in several municipalities were working on similar cases with identical skimming devices and descriptions of vehicles. The 4 suspects were charged with conspiracy to commit credit card fraud, possession of 15 or more stolen debit card account numbers, use of one or more unauthorized access devices and aggravated identity theft. Source:

15. May 11, New York Daily News – (New York) ATMs on Staten Island rigged for identity theft; bandits steal $500G. A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers. They used the pilfered information to swipe half a million dollars from their victims’ bank accounts, the latest twist in increasingly aggressive identity-theft scams, police said. “This crew is sophisticated,” said a Deputy Inspector who is the head of the NYPD’s special investigations division. “And they are coming up with new ways to steal your identity every day.” The NYPD is hunting the rigged-ATM crew after the havoc they created stealing from Sovereign Bank customers. They sauntered into Staten Island branches on Henderson Avenue and Amboy Road and installed devices on the bank’s ATM machines, police said. The first, a skimmer, went over the slot where customers insert their ATM cards. The skimmer reads and stores the personal information kept in the magnetic strip on the back of the bank card. The second device was a tiny camera hidden in the lighted signs over the ATM. The pinhole camera lens pointed directly onto the ATM keypad and filmed victims typing in their supposedly secret PIN codes. The crew stole more than $500,000 from more than 250 victims — money the bank is now reimbursing. Source:

16. May 10, Alibaba – (Florida) U.S. FDIC to open new office to handle bank closings. The Federal Deposit Insurance Corp said on May 8 it will open up an additional East Coast office to deal with failed banks. The FDIC, which insures the deposits of U.S. banks and handles the receiverships of failed institutions, said it will open a temporary satellite office in Jacksonville, Florida that will provide space for up to 500 staff members. The new office reflects the expanded demands on the FDIC as bank failures continue at a strong pace following the dramatic drop in house prices and mounting credit losses in the banking sector. So far this year, 32 banks have failed, compared with 25 bank failures in 2008 and only three in 2007. The agency said the new office will manage receivership and liquidate assets from failed institutions primarily located in the Eastern states. Source:

Information Technology

36. May 12, SC Magazine – (International) Twitter users reveal personal information in latest ‘trend’ for ‘porn names.’ Many users of micro-blogging website Twitter have inadvertently shared personal information via a new trending topic. The topic, named ‘Twitterpornnames,’ based on a popular drinking game, encourages users to reveal the name of their first pet and the street they grew up to create their ‘porn name,’ that they are then sharing on Twitter. However, industry experts have warned users not to give out their personal details and claimed that the trend, which has been running through most of May 12, is a scam engineered to steal people’s details. A senior technology consultant at Sophos claimed that by revealing such personal details, ‘thousands of people are potentially making life easy for identity thieves eager to mine information from the micro-blogging website.’ The consultant said, “The problem is that many sites (such as web email providers) may ask you what the name of your first pet was if you ever forget your password and wish to reset it. So, a hacker could grab details like your pet’s name to try and crack into your email account.” Meanwhile, the senior security advisor at Trend Micro claimed that he was not sure if it was ‘conceived as a phishing scheme at the outset or as a reinvention of the playground/pub conversation,’ but believed that any disclosure of personal information is unwise. Source:

37. May 11, Channel Web – (International) Adobe to patch critical Adobe Reader, Acrobat vulnerabilities. Adobe is issuing patches on May 12 for critical Adobe Reader vulnerabilities that could allow remote attackers to launch malicious code on users’ computers through infected PDF files. The impending update will repair critical Adobe Reader and Acrobat Reader errors in versions 9.1 and prior for Windows, Mac and Unix systems. The patch also will cover Adobe Reader 9.1 and 8.1.4 for Linux. If exploited, the flaw could allow attackers to launch denial of service attacks, crash a system or distribute malware that could take control of a user’s computer and steal information. Reports indicate that the vulnerability stems from an error in the “getAnnots” JavaScript function, according to the U.S. Computer Emergency Readiness Team. In an effort to mitigate the risk, the federal agency recommended that users disable JavaScript in Adobe Reader. To disable JavaScript, users are advised to select the JavaScript category under the “Edit:Preferences” tab and uncheck the “Enable Acrobat JavaScript” option. The San Jose, California-based company issued a security advisory in April warning users that the critical flaw affected Adobe Reader 9.1 and all previous versions of Adobe Reader and Acrobat Reader. So far, security experts say that there are no known “in the wild” attacks exploiting the vulnerability, but that likely will change as hackers get a hold of the exploit code and take advantage of users who have failed to update their systems. Source:;jsessionid=A4R5D114Y0TKIQSNDLPSKHSCJUNN2JVN

Communications Sector

38. May 10, Woodward News – (Oklahoma) Woodward now has redundancy system. Woodward, Oklahoma will no longer be cut off from the rest of the country. This was the message sent during a luncheon held at the Northwestern Oklahoma State University-Woodward campus celebrating the completion of a redundancy telephone system by AT&T and Pioneer Telephone. The redundancy line will ensure that if AT&T’s primary fiber-optic cable between Enid and Woodward goes out of service, calls can still be made outside of the city. The calls will be transferred on Pioneer Telephone’s line, which runs south through Seiling. If the Pioneer line has a problem, then their phone calls will be routed through AT&T’s line. Source:

39. May 10, KPHO 5 Phoenix – (Arizona) Parents of burned boy seek answers. The father of a 17-year-old New River boy badly burned in an explosion May 8 in Anthem returned to the scene May 11 with his attorney searching for clues to the blast. The young boy is suffering from severe burns on his face and arms after a service entrance section exploded while he walked by at Anthem Community Park. The device is an input for power to a Sprint Wireless cell phone antenna at the park. Arizona Public Service Company said the device is the property of Sprint, which is still investigating the incident. Despite being out in the open and clearly marked as dangerous, some people said they feel the power boxes are well protected and not a safety threat. But others expressed concern. Officials from Sprint said they are still collecting information, but say the box is secure. Warning tape has been put up around the area around the charred box. Source: