Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 28, 2009

Complete DHS Daily Report for July 28, 2009

Daily Report

Top Stories

 KGW 8 Portland reports that a storage tank holding flammable material caught fire on July 24 at Energy & Materials Recovery Inc., a company that processes a variety of used fuels, near the Expo Center in Portland, Oregon. The fire scorched the exterior insulation of several 25,000 gallon tanks. (See item 5)

5. July 24, KGW 8 Portland – (Oregon) Smoke visible for miles after explosion-fire near Expo Center. A storage tank holding flammable material caught fire at a business near the Portland Expo Center. Portland Fire Bureau crews were dispatched to the business just after noon Friday on reports of an explosion. A tank holding flammables caught fire at the Energy & Materials Recovery Inc. The company processes a variety of used fuels. The president told KGW that vapors being vented from a tank being filled with used oil drifted over a wall that separates that tank from a burner. The burner drew the vapors in, which created the ignition. A Fire Bureau spokesman said the fire scorched the exterior insulation of several 25,000 gallon tanks of flammable material. Steps were taken to possibly evacuate a half-mile area around the fire, but those plans were dropped after crews arrived and assessed the scene. Thick black smoke could be seen from I-5 for about 15 minutes but had dissipated by 12:20. Dispatchers reported around 12:25 that the fire was under control. No injuries were reported during the two-alarm fire. Source:

 WLBT 3 Jackson reports that an explosion in Rankin County, Mississippi injured three people when an Air Gas 18 wheeler that was filled up with carbon dioxide collided with a Canadian National train on July 26. (See item 8)

8. July 27, WLBT 3 Jackson – (Mississippi) Train-tanker collision injures three, one critically. An explosion in Rankin County injured three people, one critically, when an 18 wheeler collided with a train. According to the Mississippi Emergency Management Agency, it happened around 11:30 on July 26 in Star at Andrew Jackson Circle. A spokesperson says an Air Gas tanker had just filled up with carbon dioxide when it collided with a Canadian National train. The unidentified truck driver was air lifted in critical condition to University Medical Center. He suffered a broken pelvis, broken legs, and broken spine, as well as a head injury. Entergy reports 1,240 customers lost power following the explosion. Source:


Banking and Finance Sector

16. July 26, Reuters – (International) Kuwait financier facing U.S. fraud suit found dead. A Kuwaiti financier facing a fraud suit by U.S. authorities was found dead on Sunday in an apparent suicide. He was the CEO of Al Raya Investment, which is 10 percent owned by Citigroup Inc, and had been at the center of a financial scandal that erupted last week. The U.S. Securities and Exchange Commission filed a lawsuit against him and two other finance firms last week, saying they had improperly earned millions of dollars from trades in two U.S. firms, Harman International Industries Inc. and Textron Inc. In papers filed in Manhattan federal court last week, the SEC said the financier and entities linked to him earned more than $5 million from well-timed trades in the two U.S. firms. Other defendants include United Gulf Bank and KIPCO Asset Management Co. Both are part of the Kuwait Projects Co group. All the firms have denied the allegations. The SEC said it obtained an emergency court order freezing the trading profits in U.S. accounts held by the financier and the other firms. A SEC official said an investigation began soon after learning about a takeover hoax last Monday, at the same time as the markets and media outlets. Harman shares briefly soared after several media outlets reported that a private investment firm called Arabian Peninsula Group planned to buy it at almost double its market price. Source:

17. July 25, Bloomberg – (Georgia; New York) Lender failures reach 64 as Georgia shuts security bank’s units. Security Bank Corp.’s six Georgia subsidiaries and Waterford Village Bank in New York were seized by regulators, pushing this year’s toll of failed U.S. lenders to 64, the most since 1992. The six units of Macon-based Security Bank, with total assets of $2.8 billion and deposits of $2.4 billion, were closed by the Georgia Department of Banking and Finance, and the Federal Deposit Insurance Corp. was named receiver, the FDIC said on July 24 in a statement. State Bank and Trust Co. of Pinehurst, Georgia, assumed the deposits and agreed to share losses with the FDIC on most of the assets. “The loss-sharing arrangement is projected to maximize returns on the assets covered by keeping them in the private sector,” the FDIC said. “The agreement also is expected to minimize disruptions for loan customers.” Bank failures this year have cost the U.S. deposit insurance fund more than $13.5 billion, including $812.6 million from the July 24 seizures, straining the FDIC reserves amid the steepest recession since the Great Depression. The FDIC has imposed an emergency fee aimed at raising $5.6 billion to replenish the fund, which fell to $13 billion, the lowest since 1993, at the end of the first quarter. Security Bank, which lost more than $200 million in the past five quarters, mostly on loans to Atlanta builders and developers, said in November that it was seeking to tap the Treasury’s bailout fund. In April, with most of its units operating under a cease-and-desist order, the company withdrew the application. Source:

18. July 24, – (New York) U.S. investors Greenwood, Walsh indicted for fraud. Two United States money managers arrested in February on charges of running a more than decade-long fraud at their WG Trading firm have been indicted by a federal grand jury, according to court documents. The two were charged with conspiracy, securities fraud, commodities fraud, two counts of wire fraud, and money laundering in an indictment unsealed on July 24 in U.S. District Court in Manhattan. U.S. prosecutors are seeking at least $131 million in forfeiture connected to the conspiracy and securities and wire fraud charges, according to the court papers. The U.S. Securities and Exchange Commission and Commodity Futures Trading Commission also brought civil charges against the two men in February. WG Trading, a broker-dealer, had offices in Greenwich, Connecticut; Jersey City, New Jersey; and North Hills, New York. The money managers oversaw assets of institutional investors including Carnegie Mellon University in Pennsylvania. Source:

Information Technology

45. July 27, Softpedia – (International) Critical out-of-band patch for Internet Explorer 8. Microsoft is cooking a security refresh for Internet Explorer 8, and earlier supported versions of the browser, that will be released on July 28. According to the Redmond company, the IE update will be accompanied by a security bulletin for Visual Studio. The software giant underlined that, although two separate security bulletins were scheduled for release come July 28, both updates were designed to resolve a single, overall security problem. The move comes as a necessity to ensure that customers benefit from the broadest protections possible explained the director of MSRC. “While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported,” the director noted. The patches coming July 28 are what Microsoft refers to as out-of-band security updates. Source:

46. July 27, USA Today – (International) Hackers may slip through hole found in Adobe tools. Cybercriminals may have a clear path to spread mayhem on computers this week by taking advantage of a newly discovered vulnerability in Adobe’s ubiquitous Flash video player and Acrobat Reader, the widely used tool for opening PDF documents. Since early July, troublemakers have been e-mailing PDF files with corrupted Flash video clips and hacking into websites to implant them. These clips, when activated, enable attackers to quickly install malicious programs on the user’s computer. Criminals typically take control of PCs, turning them into obedient “bots.” The number of attacks could soar this week as Adobe scrambles to develop an emergency patch by July 31. The company recently began issuing security patches once a quarter, with the next update scheduled on Sept. 8. “The volume of cybercrime has been increasing, so we’ve stepped up our efforts to supply best-in-class security,” says Adobe’s senior vice president and general manager of business productivity. But even that might not solve the problem. Adobe alerts computer users every seven days about software updates that can include security patches, but users often defer installing such updates. The security firm has already found a booby-trapped e-mail sent to a corporate executive. Source:

47. July 25, ZDNet – (International) HP researchers develop browser-based darknet. Two researchers for Hewlett-Packard have created a browser-based darknet, an idea that c

ould make it easier for businesses to keep eavesdroppers from uncovering confidential formation. Darknets are encrypted peer-to-peer networks normally used to ommunicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, two HP researchers plan during the week of August 3 to demonstrate a browser-based darknet called “Veiled,” which they claim requires little proficiency to set up and run. “This will really lower the barriers to participation,” one of the researchers told ZDNet UK. “If you want to create a darknet, you can send an encrypted e-mail saying, ‘Here’s the URL.’ When (the recipient visits) the Web site, the browser can just get (the darknet application) going.” The researchers are scheduled to demonstrate the technology next week at the Black Hat security conference in Las Vegas. Source:

Communications Sector

Nothing to report.