Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 30, 2009

Complete DHS Daily Report for July 30, 2009

Daily Report

Top Stories

 According to the Columbus Dispatch,authorities are continuing to dig into the cause of a blast that injured eight employees at the Austin Powder Co. explosives plant in Vinton County, Ohio on Tuesday. (See item 4)

4. July 29, Columbus Dispatch – (Ohio) At least 8 workers injured in blast at explosives plant. Authorities are continuing to dig into the cause of a blast that injured eight employees — one critically — at a Vinton County explosives plant on July 28. Medical helicopters were summoned to the Austin Powder Co. to fly three injured employees to Ohio State University Medical Center in Columbus, the sheriff’s office said. Other injured workers were treated at the scene, the Associated Press said. The state fire marshal’s office and the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives were investigating the blast at the rural plant, which sits along Rt. 677. Investigators were awaiting the all-clear by an ATF explosives specialist before examining the remains of the building that was flattened by the explosion, said the spokesman for the state fire marshal. The company’s transportation manager said the explosion occurred in a building where detonator cordage, a kind of explosive fuse material, is made. The plant, located about 60 miles south of Columbus on a sparsely populated back-country road east of McArthur, manufactures industrial blasting agents. Source:

 The Times Herald-Record reports that a man working for the company that services the Sullivan County, New York sheriff’s telephone network and other county lines disabled the system on July 10, putting “the public in danger,” according to the sheriff’s office. The man has since been fired from FrontRunner Network Systems. (See item 41)

Item 41 is located in the Communications Sector below


Banking and Finance Sector

9. July 29, Detroit News – (Michigan) Billionaire Boys Club execs accused in $53M Ponzi scheme. The promises made by the Billionaire Boys Club investment firm were annual returns of 8 percent to 12 percent and no management fees. Money could be withdrawn at any time. But the only people who benefited from the Southfield-based business were the two men running it and their families, according to the Securities and Exchange Commission. The two men are charged by the SEC with running a Ponzi scheme that defrauded 440 investors of $53.2 million since 2006. The men had told investors that their profits would result from real estate investments. Instead, the duo used $11.3 million from recent investors to pay the high returns of earlier investors, said the SEC in a release issued on July 28. Of the $53.2 million invested with them, the men spent $7.2 million on themselves and $14 million for soliciting new clients, said the SEC. That left the firm with $20.7 million to invest in real estate, but the firm owes $128 million on the highly leveraged properties, said the SEC. “In short, the fraud defendants have run BBC (Billionaire Boys Club) Equities into the ground,” the SEC said in a complaint. “Their malfeasance has rendered it financially insolvent.” Source:$53-million

10. July 29, Miami Herald – (Florida) Dozens charged in $40 million mortgage-fraud scheme. Forty-one people have been charged with taking part in a $40 million mortgage-fraud scheme, federal authorities said on July 28 in Miami. An acting U.S. attorney said the fraud involved a network of fake purchasers, crooked mortgage brokers and cooperative bank employees who arranged for inflated mortgages. In mortgage-fraud scams typical during the boom, a team of mortgage professionals, often including attorneys, mortgage brokers and appraisers, would pay stand-in buyers to use their identities to get mortgages for the purchase of inflated properties. They would often never make payments on the loans and the homes would soon enter foreclosure. At a news conference, acting U.S. attorney said the 41 people, all but one are from South Florida, were the most recent in an investigation of mortgage fraud that began in September 2007 with a multiagency task force, including the U.S. Secret Service, the Postal Inspection Service, FBI, Federal Deposit Insurance Corp., the U.S. Department of Housing and Urban Development, and state and local police agencies. Others involved in the scam included title agents and attorneys, the acting U.S. attorney said. Source:

11. July 29, Associated Press – (Ohio) Ohio Chase bank building evacuated in scare over device used to cut off long-winded speakers. Thousands of people in Ohio cleared out of JPMorgan Chase & Co.’s largest office complex because of a device normally meant to clear a podium. An evacuation was launched on July 28 at Chase’s McCoy Center in Columbus when an employee reported a suspicious item in a conference room. The Columbus Fire Captain says it was a black box with lights, wires and a timer. A Chase spokesman says investigators eventually learned it was a timing device for use in presentations. He says the lights warn a speaker when it is time to wrap up. Fire officials say during the evacuation, several people were overcome by summer heat in the parking lot and were treated by paramedics. Source:,0,496739.story

12. July 28, MarketWatch – (Arizona) SEC files charges in alleged $197 million mortgage fraud. The Securities and Exchange Commission said on July 28 it has charged four individuals and a Phoenix-based company with securities fraud for raising more than $197 million from investors for an alleged mortgage-lending scheme. The SEC said in a statement that its complaint, filed in federal court in Phoenix, charges Radical Bunny LLC and its four managing members with falsely telling investors that their funds would be used by Mortgages Ltd. for commercial real-estate development, when in fact the money was ultimately used for a small range of risky loans. “Even to friends and family, they repeatedly overstated the safety of the investment and their knowledge of the underlying business to which they lent investor funds,” said the director of the SEC’s Los Angeles office, in a statement. The SEC alleges that the four used semi-annual meetings at a luxury golf resort in Scottsdale, Arizona, to persuade attendees to invest in Radical Bunny, while ignoring the fact that the investors’ money was being shifted into riskier projects. Source:

Information Technology

38. July 28, IDG News Service – (International) Iphone SMS attack to be unleashed at Black Hat. Apple has just over a day left to patch a bug in its iPhone software that could let hackers take over the iPhone, just by sending out and SMS (Short Message Service) message. The bug was discovered by a noted iPhone hacker, who first talked about the issue at the SyScan conference in Singapore. At the time, he said he had discovered a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code. Since then he has been working hard, and he now says he has been able to take over the iPhone with a series of malicious SMS messages. In an interview on July 28, he said he will show how this can be done during a presentation at the Black Hat security conference in Las Vegas on July 30 with another security researcher. “SMS is an incredible attack vector for mobile phones,” said an analyst with Independent Security Evaluators. “All I need is your phone number. I don’t need you to click a link or anything.” The analyst reported the flaw to Apple about six weeks ago, but the iPhone maker has yet to release a patch for the issue. Apple representatives could not be reached for comment, but the company typically keeps quiet about software flaws until it releases a patch. Source:

39. July 28, SC Magazine – (International) Browser SSL warnings shown to be ineffective. New research shows that Secure Socket Layer (SSL) warnings, used in web browsers to indicate a problem with a web page’s certificate or the potential for a man-in-the-middle (MITM) attack, are ineffective. “The big takeaway is that computer security warnings are not an effective way of addressing computer security,” a study researcher and co-author, an associate professor of computer science, engineering and public policy at Carnegie Mellon University, told on July 28. “People don’t read warnings and don’t understand them when they do read them.” The study, conducted by Carnegie Mellon University researchers during 2008, tested 400 internet users’ behaviors when SSL warnings were displayed on Firefox 2, 3 and Internet Explorer 7. Researchers wrote a paper based on the study called, “Crying Wolf: An Empirical Study of SSL Warning Effectiveness” and will present their findings August 14 at the USENIX Security Symposium in Montreal. The study found that the different web browsers had different approaches to dealing with warnings, and that Firefox (3.0) made it more difficult for users to override the warnings and proceed to the page, the researcher said. But, still the warnings on all three browsers were largely ineffective, and one browser did not manage to communicate the risks any better than another. By not paying attention to SSL warnings, or being unable to understand them, a user is more susceptible to falling for phishing attacks, the researcher said. The worse-case scenario is when an attacker has launched an MITM attack, and the user connects to a bogus site. If a user gets a warning about an invalid certificate, ignores it, then tries to buy something on the site, the user could be handing their credit card information over to attackers. Source:

Communications Sector

40. July 29, The Register – (International) BIND crash bug prompts urgent update call. A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result. Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which develops the software. ISC urges sys admins to upgrade immediately, to defend against the “high risk” bug. Sys admins are urged to upgrade BIND servers to versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 of the software, which defend against the flaw. The vulnerability involves BIND servers that act as a master (slave systems are unaffected) and involves problems in dealing with malformed update messages, which can be used to cause a server to crash, as explained in a security alert by ISC. Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert. BIND is used on a great majority of DNS servers on the Internet. DNS maps between easy-to-remember domain names, understood by humans, and their corresponding numerical IP addresses, needed by computers. Simply put, the system can be compared to a phone book for the internet. Playing with this system creates a means to possibly derail surfing and email delivery, among many other undesirable effects. Source:

41. July 29, Times Herald-Record – (New York) Worker disables several Sullivan County offices’ phones, authorities say. A Hyde Park man working for the company that services the Sullivan County sheriff’s telephone network and other county lines knocked out the system July 10, putting “the public in danger,” according to the sheriff’s office. A 55-year-old is accused of logging in remotely that evening and disabling the system. He was an employee for Rochester-based FrontRunner Network Systems, which has the contract to maintain the system. He has since been fired, the Undersheriff said. A trace by Verizon telephone technicians came back to the suspect’s residence in Hyde Park. During the outage, callers to the sheriff’s offices in Monticello would get a continuously ringing signal, while the phone would not ring on the other end. The interruption knocked out phones in the jail and patrol divisions. County Court and the district attorney’s office were also affected. Because it was after hours, the outage did not cause many problems to the court and DA’s offices, but did create an emergency for deputies overnight. “This was a serious incident that put the public in danger,” the sheriff said. The network is located in the courthouse basement in Monticello. Deputies and county officials scrambled to restore partial service that evening. Full service was restored the next day. Source:

42. July 28, Computerworld – (International) Data centers go underground. With a renewed focus on data center outsourcing and space in high availability facilities in short supply, investors have snapped up and renovated abandoned mines and military bunkers in the hopes of cashing in. An increase in extreme weather events, heightened concerns about security since the September 11th attacks and the need to provide higher levels of security to comply with regulatory requirements have made these spaces more attractive to some organizations. Before deciding to go underground, IT executives need to identify potential limitations, experts say. Ceiling height can be a challenge to providing sufficient airflow. Another concern is that while computer systems may be protected in a bunker, critical infrastructure needed during a disaster, such as generators, fuel tanks, and air conditioning cooling towers, may be above ground. That could be a problem if the catastrophe is a tornado, warns the chief technology officer at Westec Intelligent Surveillance. Another consideration is that these underground facilities tend to be in rural, out-of-the-way locations. The facilities may be too far away from a company’s primary data center, and finding local lodging for staff in a disaster situation may be difficult. The vice president and general manager at HP Critical Facilities says that security is the primary benefit of using an underground facility to host a primary or secondary data center. But for most of his clients, the ability to get people to the backup data center in a hurry, connectivity options, and finding a facility that meets budget are priorities. Underground facilities usually do not beat out above-ground sites in his clients’ evaluations, he says. The primary benefit of such sites, says an analyst with Gartner Inc., is that they are designed to be highly resilient — often to military specifications. That is important for some government data centers. “But for most commercial enterprises, it probably will not be such a major requirement,” he says. Source:

43. July 27, Network World – (International) Cisco’s storage team looks to boost IBM mainframe performance, security. Cisco is trying to enhance storage performance on the IBM mainframe as well as on third-party SAN products with new features added to its MDS 9000 storage networking product line. The goal is to enhance security and accelerate data traffic over distances as great as 20,000 kilometers, halfway around the world, Cisco says. “By improving data security and accelerating data backup and disaster recovery, these new capabilities…help IT organizations build next generation data centers that take advantage of technologies like data replication and virtualization and respond quickly to changing business needs,” Cisco said in an announcement on July 27. Various upgrades to Cisco’s MDS NX-OS software will be available to partners at the end of July, and should be available to customers in the fall from resellers such as IBM, EMC, HP and NetApp, says Cisco’s storage networking software product line manager. A new feature called XRC Acceleration will improve replication speed, the manager says. XRC (also known as z/OS Global Mirror) is a mainframe application that replicates data across distances and is popular with financial institutions. By buffering data at remote sites, Cisco’s XRC Acceleration speeds up that replication process, he says. The feature was developed jointly by IBM and Cisco. “This solution accelerates data traffic traveling very long distances over the wide-area network reducing bandwidth consumption and shrinking update windows, while eliminating the need for costly, separate channel extension products,” Cisco says. Source: