Department of Homeland Security Daily Open Source Infrastructure Report

Monday, June 1, 2009

Complete DHS Daily Report for June 1, 2009

Daily Report

Top Stories

 The Associated Press reports that a coal explosion at the Weston Power Plant in Rothschild, Wisconsin left one person injured on May 28. Wisconsin Public Service Corporation says one of three coal mills in Unit 2 of the plant exploded after becoming over-pressurized. (See item 1)

1. May 29, Associated Press – (Wisconsin) Power plant blast injures one. A coal explosion at the Weston Power Plant in Rothschild has left one person injured. Wisconsin Public Service Corporation says one of three coal mills in Unit 2 of the plant exploded after becoming over-pressurized. The cause is under investigation. The mill crushes coal and burns it as part of the process of producing electricity. The utility says one person was treated for minor injuries and released from an area hospital. A spokesperson for the Marathon County Sheriff’s department says emergency personnel were called the morning of May 28 at 7:25 a.m. with a report of someone injured in a coal explosion. Three other units at the plant were not affected. Source:

 According to Defense News, more than 10,000 welded joints on at least eight U.S. submarines and a new aircraft carrier might need to be re-inspected after the discovery by Northrop Grumman Shipbuilding that one of its inspectors at the company’s Newport News, Virginia shipyard had falsified inspection reports. (See item 7)

7. May 28, Defense News – (Virginia) Northrop Grumman inspector’s lies raise alarms. More than 10,000 welded joints on at least eight U.S. submarines and a new aircraft carrier might need to be re-inspected after the discovery by Northrop Grumman Shipbuilding that one of its inspectors had falsified inspection reports. According to an internal report obtained by Defense News, the issue came to light May 14 when a welding inspector at the company’s Newport News, Virginia, shipyard told a supervisor that a fellow inspector was initialing welds as OK without actually performing the inspections. Confronted by the supervisor, the offending inspector admitted to falsifying three weld inspections, all that same day. Company officials rapidly began an internal investigation and notified the U.S. Navy’s supervisor of shipbuilding of the situation, according to the report. On May 20, the Naval Criminal Investigative Service (NCIS) began its own investigation. According to the report, a quick company review of the inspector’s work showed that 12 other joints inspected by the employee that evening were satisfactory. But the ramifications of the falsified inspections rapidly grew beyond a single night’s work. The employee had been certified to perform inspections in June 2005 and, according to the report, a review of the shipyard’s welding database showed that in the following four years he inspected and signed off on more than 10,000 structural welding joints on at least nine ships. Source:


Banking and Finance Sector

8. May 29, Poughkeepsie Journal – (New York) Ulster Consumer Fraud Bureau warns of phone scam. The Ulster County Consumer Fraud Bureau is warning of a phone scam in which local residents receive calls stating that there has been suspicious activity on their Mid-Hudson Valley Federal Credit Union account. The “phishers” ask for sensitive information including account and PIN numbers, according to the deputy director of consumer affairs for the bureau. The consumer affairs official said the credit union will never ask for confidential information over the phone. Source:

9. May 28, Newsday – (New York) Feds charge 13 with $10 million mortgage fraud. Federal agents raided Bridgewater Funding, an Islip mortgage broker Thursday, after the indictment of 13 Long Islanders accused of fraudulently obtaining more than $10 million in loans by inflating creditworthiness and purchase prices to boost profits. The office manager, three loan officers and a loan processor coordinated a scheme that targeted distressed homeowners willing to sell as a way to “save” their homes and also focused on properties they believed could be flipped quickly, according to a 15-count indictment detailing bank and wire fraud and conspiracy. The sales, all on Long Island and New York City, started in 2005, when the real estate market was hot, and went through 2007, just before the market collapsed that August. All but one defendant, who is still being sought, were arraigned in Brooklyn federal court Thursday after an investigation by the FBI, US Postal Inspection Service, the Secret Service, the state banking department and the Federal Deposit Insurance Corp. The 12 pleaded not guilty and were released. Source:,0,7968984.story

10. May 28, Tyler Morning Telegraph – (Texas) 2 bomb threats made at same Tyler bank. Two bomb threats in less than four hours sent firefighters, police and others to the same location Thursday to check the building. Investigators are following leads in hopes of catching the person making the terror threats. The Tyler Fire Department captain said a person, believed to be a male, made two calls to the Tyler Police Department’s police dispatchers Thursday and claimed a bomb had been placed at a Bank of America. The fire captain said again no devices were located. He said fire investigators and police are following leads and working with the phone company, because the Caller ID had been blocked. The fire captain added the caller faces state charges and could face federal charges since the bank is a federally insured institution. Source:

11. May 27, R News – (New York) Lyons police warn about phone scam. The Lyons Police Department is investigating a possible phone “phishing” in the area. It is a computer generated recorded telephone message telling customers their Lyons National Bank credit card may have been compromised. The recording asks consumers to give out their card number, expiration date and pin numbers. Police say the Lyons National Bank has not experienced a security breach. Police say the calls are from a 946 or a 331 phone exchange in the 315 area code. Source:

12. May 26, U.S. Securities and Exchange Commission – (Texas) SEC halts foreign exchange offering fraud by college professor and Houston-based lawyer. The Securities and Exchange Commission (SEC) has obtained an emergency court order to freeze the assets of a Texas A&M finance professor who resigned from that position last month, as well as Houston lawyer and certified public accountant and two firms. They are charged with defrauding U.S. investors by using forged bank records to make it appear they were earning spectacular returns in foreign exchange trading. The SEC’s complaint, filed in federal court in Houston, alleges that the two suspects raised more than $19 million from investors and claimed they would earn profits through “Alpha One,” a foreign-currency trading software program purportedly owned by their firm PrivateFX Global One Ltd. They claimed they would employ the services of 36 Holdings Ltd., a so-called “deal clearing company” owned and controlled by Watson. The SEC alleges that the two suspects misrepresented to investors that it had millions of dollars in bank accounts in the U.S. and Switzerland and that their foreign exchange trading business had achieved an annual return of more than 23 percent since its inception and has never had a losing month. Source:

Information Technology

24. May 29, Computerworld – (International) Hackers exploit unpatched Windows bug. For the third time in the last 90 days, Microsoft Corp. has warned that hackers are exploiting an unpatched critical vulnerability in its software. Recently, Microsoft issued a security advisory that said malicious hackers were already using attack code that leveraged a bug in DirectX, a Windows subsystem crucial to games and used when streaming video from Web sites. Hackers are using malicious QuickTime files — QuickTime is rival Apple Inc.’s default video format — to hijack PCs, Microsoft said. “The vulnerability could allow remote code execution if [the] user opened a specially crafted QuickTime media file,” the company said in the advisory. “Microsoft is aware of limited, active attacks that use this exploit code.” Source:

25. May 28, SC Magazine – (International) McAfee documents riskiest search terms. A McAfee study into 2,600 of the most popular keyword searches on the web has concluded that hunts for “screensavers” present the most risk. The report released the week of May 25 shows that users who search for “screensavers” have a 59.1 percent chance that they will be infected by malware on a given page of results. By category, the most dangerous searches involved keywords containing the word “lyrics” (26.3 percent risk) and “free” (21.3 percent). The safest category searches, meanwhile, related to “health” (four percent) and the “economic crisis” (3.5 percent). The report also warned of the risk generated by searching for information on “work from home.” Variations of this search term — considered more popular than ever, given the state of the economy — ranged from a 6.3 percent-risk to a 40 percent-risk of infection. Source:

26. May 27, DarkReading – (International) More than 80% of phishing attacks use hijacked, legitimate Websites. New research from the Anti-Phishing Working Group (APWG) has found that most phishers are setting up shop on legitimate Websites to be inconspicuous when they steal valuable information from victims. In the second half of 2008, roughly 57,000 phishing attacks worldwide targeted a specific brand or organization, up from around 47,300 in the first half of 2008, according to a newly released report from the APWG. The attacks were waged on 30,454 different domain names, only 5,591 of which were domains the phishers set up themselves. The rest were from legitimate Websites they had hijacked to carry out their exploits. The average amount of time a phishing site was up: 52 hours, according to the report. Phishers used their own malicious domains in 13 percent of attacks, according to the report, while 11 percent used subdomain registration services, some of which offer free hosting as well as DNS services that let a user redirect the user’s domain name at any time. These services are notorious for making the taking down of malicious sites difficult, according to the report. Around 6,340 subdomain accounts were used for phishing purposes in the second half of last year, up from 4,512 in the first half of the year. Phishers also are paying close attention to what users fall and do not fall for. Interestingly, phishers are using fewer unique IP address-based attacks — only 2,809 in the second half of the year versus 3,389 in the first half of the year. That has been a gradual downward trend since early 2007. Source:

Communications Sector

27. May 27, Associated Press – (Ohio) Copper thieves blamed for Cleveland telecom outage. AT&T says it has restored phone, cable, and alarm service to 2,000 Cleveland customers knocked out the week of May 18 when 750 feet of copper wire was stolen from beneath a bridge. The telecommunications company says it was the second major theft of copper cable since April from a bridge that carries state Route 10 traffic over the Cuyahoga River just south of downtown. The theft on May 21 disrupted AT&T service in Cleveland’s Tremont neighborhood until May 25. The company gave police a damage estimate of $25,000. The copper cables stolen from the same location on April 1 were valued at $100,000. Police are investigating both thefts. An AT&T spokesman speculates that the thieves are taking the copper to sell for scrap. Source: