Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, August 13, 2009

Complete DHS Daily Report for August 13, 2009

Daily Report

Top Stories

 KMBC 9 Kansas City reports that firefighters and hazmat teams responded to an anhydrous hydrochloric acid leak at the Bayer Crop Science plant in Kansas City, Missouri on Tuesday. About 300 employees of the plant were quarantined for a time in a safe room. (See item 5)

5. August 11, KMBC 9 Kansas City – (Missouri) Firefighters called to Bayer Chemical for leak. Firefighters were called to the Bayer Crop Science plant in Kansas City, Missouri on August 11 on a chemical leak. An anhydrous hydrochloric acid leak was detected at about 8:30 a.m., according to a company spokesman. Air monitors were put in place. Fire crews stayed at the scene until the leak was stopped at 2:15 p.m. KMBC reported that about 300 employees, who were in the plant at the time of the leak, were quarantined for a time in a safe room. No injuries were reported. Bayer CropScience released the following statement: “The leak of anhydrous hydrochloric acid gas from a cylinder transported by a vendor to the Bayer CropScience site was stopped at 2:15 p.m. through the combined efforts of the Bayer CropScience emergency response team, Kansas City’s HazMat 71 and the Northland HazMat Team comprised of units from North Kansas City and South Platte Fire Departments.” The site fence line was being monitored to make sure none of the anhydrous hydrochloric acid gas had traveled beyond the immediate site of the leak. This monitoring was being conducted by Bayer industrial hygienists, Northland HazMat and Kansas City’s HazMat 71. Source:

 WPRI 12 Providence reports that the Raytheon plant in Portsmouth, Rhode Island reopened on Tuesday following a hazmat situation that sent four people, including two firefighters, to the hospital on Monday. Eight people were decontaminated as a precaution. (See item 11)

11. August 11, WPRI 12 Providence – (Rhode Island) Raytheon reopens after chemical spill. The Raytheon plant on West Main Rd. in Portsmouth reopened on August 11 following a hazmat situation that sent four people, including two firefighters, to the hospital on August 10. The Portsmouth fire chief confirmed some kind of powdery cleaning product spilled, sparking concern. Eight people were decontaminated as a precaution. The building was allowed to reopen after the substance was deemed non-hazardous. Crews from Newport, East Providence, and the Naval Station were called in to provide mutual aid. They were on scene until about 12:30 a.m. Source:


Banking and Finance Sector

12. August 11, Associated Press – (New York) Ex-lawmaker among 17 in Hamptons fraud case. Prosecutors on eastern Long Island say a former county lawmaker is among 17 people charged in an $82 million mortgage fraud investigation. The man was released on $500,000 bond after pleading not guilty on August 11 to grand larceny, forgery, conspiracy, and fraud charges. Prosecutors say the frauds involved so-called “straw buyers” — people who received a fee for agreeing to use their name and credit information to fraudulently obtain mortgages on dozens of properties. Similar scams have proliferated around the country, although rarely in such a high-profile location as Long Island’s Hamptons region. Source:

13. August 11, WXYZ 7 Detroit – (Michigan) Suspicious package found, building evacuated. A suspicious package forced the evacuation of a building in Warren near Van Dyke and 13 Mile Road. Police investigated the scene and determined the package was not a threat. The package was under a tree in front of the People’s Credit Union, a building that is also home to other businesses. Action News spoke with the woman who noticed the package. She described it as a tin with cellophane around it. She said there was a note stuck to it with a hand-written message that included the words “Death Threat.” She went back into the building and told someone to call the police. A few dozen people were evacuated from the building. Source:

14. August 11, Digital Transactions News – (National) Big merchants push RBS Worldpay into end-to-end encryption. The end-to-end encryption train picked up steam on August 11 when big merchant acquirer RBS WorldPay Inc. said it would use point-of-sale terminal developer VeriFone Holdings Inc.’s VeriShield Protect technology. The announcement is significant because RBS WorldPay is the first acquirer to publicly disclose it is using the system VeriFone unveiled in the spring. Further, RBS WorldPay’s strategy contrasts sharply with the in-house encryption approach taken by rival acquirer Heartland Payment Systems Inc. The senior vice president of market development at Atlanta-based RBS WorldPay tells Digital Transactions News that the processor was getting “tremendous demand” from Level 1 and Level 2 merchants—the largest and second-largest merchant groups by transaction volume in payment card industry lingo—for enhanced data security. Source:

15. August 11, KOMO 4 Seattle – (National) Forget e-mail — ‘phishers’ now using cell text messages. Texting is quickly becoming the method of choice for scammers looking to scare victims into giving out their passwords, account numbers and other personal information. The old scam has already conned millions of consumers out of their personal information. Consumer fraud trackers rank phishing as the 4th most common form of fraud on the Internet, after lottery scams, Internet auctions, and Nigerian money scams. Diverting the focus to cell phones increases the chance of finding new victims who will take the bait. The average consumer who falls for the scam loses $1,200 when their bank account is taken over by the scammers. Because of the unemployment situation, phishing scammers are increasingly posing as popular job search and social networking sites. They will claim to be following up information from a user’s profile or job application. It is a numbers game. Even if fewer than 1 percent of the targets take the bait, the scammers can drain consumer accounts of millions of dollars through identity theft. Source:

16. August 10, Buffalo News – (National) Nationwide alert issued on ‘payday’ loan scams. The Better Business Bureau, during the week of August 2, issued a nationwide alert to consumers to warn them about phony debt collectors that are calling consumers, claiming that they defaulted on a “payday” loan, and threatening to arrest them immediately if they do not pay. The nonprofit agency said the scammers claim to be lawyers with the “Financial Accountability Association” or the “Federal Legislation of Unsecured Loans,” and possess a “disconcerting amount of personal information about their potential victims.” No such organization or law exists, but the agency is concerned not only that consumers may fall victim to such tactics and pay up, but also that it may indicate a massive data breach has already taken place. The scammers already often have the victims’ Social Security numbers, old bank account numbers, or driver’s license numbers, as well as home addresses, employer information and even the names of personal friends and professional references. Source:

Information Technology

33. August 12, ZDNet – (International) Apple plugs code execution, phishing holes in Safari browser. Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks. The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks. The new browser version is available via the Apple Software Update application or Apple’s Safari download site. Source:

34. August 12, iTWire – (International) Remote code vulnerability in programs built with Visual Studio. This week, Microsoft pushed out a regular assortment of Windows updates. One in particular was an important security update for Visual Studio, which is Microsoft’s primary software development environment. It is used to write computer programs in languages like C++, C#, Visual Basic.NET and others. While it is not uncommon to learn of exploitable vulnerabilities in mail and web servers or other products that are generally exposed to the Internet – like web browsers – it is definitely not common to be told users are putting their systems at risk by running a development environment. The update addresses Microsoft security bulletin MS09-035 with a threat risk of moderate. It turns out the offending portion is not actually Visual Studio itself – merely firing up Visual Studio has not become a risky proposition. The real problem is worse. The vulnerability is within the Active Template Library (ATL) which is a redistributable package accompanying Visual Studio versions from 2003 through 2005 and 2008. Programs built within Visual Studio that make use of ATL functionality are all infected with the flaw. Like a river, these programs have been distributed out to computers worldwide. Consequently, while the update is labelled as being for Visual Studio, the vulnerability exists in legions of “CorporateApp1” style programs on desktops. Fortunately, the update may be applied to any Windows-based computer irrespective of whether Visual Studio is installed or not. Enterprise administrators or home users may wish to install this update manually or via using the Microsoft Update service. Source:

35. August 12, Tech Herald – (International) Twitter knocked offline once again. Already hit by an untimely service outage after a sudden Denial-of-Service (DoS) attack pulled it offline, hugely popular micro-blogging site Twitter has once again fallen off the grid after being targeted by another attack. The source of the new attack, which resulted in a service outage of around 30 minutes, is presently unknown but Twitter has said in a blog post that it is “analyzing the traffic data to determine the nature of this attack.” Speaking with AFP earlier this week, a Twitter co-founder said the site was in the process of recovering from the initial DoS attack that crippled the service for around two hours and similarly affected other networking services such as Facebook, Blogger and LiveJournal. The original attack is believed to have been targeted against social networking accounts held by Georgian blogger ‘Cyxymu’ who is known for penning contentious opinions regarding the violent struggle between Russia and breakaway state Georgia. Source:

36. August 11, IDG News Service – (Washington) Seattle man used Limewire for identity theft. A Seattle man was sentenced to more than three years in prison Tuesday for using the Limewire file-sharing service to lift personal information from computers across the U.S. The case highlights a type of identity theft that is probably more common than most people realize, said the assistant U.S. attorney in the Computer Hacking and Internet Crimes Unit of the U.S. Attorney’s Office. The man typed words like “tax return” and “account” into the Limewire search box, the assistant U.S. attorney said. That allowed him to find and access computers on the Limewire network with shared folders that contained tax returns and bank account information. He also searched specifically for forms that parents fill out to apply for college financial aid for their children, which include “exhaustive personal and financial information about the family,” she said. He used the information to open accounts, create identification cards and make purchases. He was sentenced Tuesday to 39 months in prison and three years of supervised release for wire fraud, accessing a protected computer without authorization to commit fraud, and aggravated identity theft. He was tried in the U.S. District Court for the Western District of Washington. Source:

37. August 11, PC World – (International) ActiveX overhaul in Microsoft patch batch. Microsoft’s nine security bulletins released Tuesday close a range of security holes involving ActiveX controls, Windows Media files and other software that affect the full array of Windows versions. A fix for a serious flaw in the Microsoft Office Web components, disclosed in July, patches an ActiveX problem that allows for a drive-by-download attack against Internet Explorer users. As per usual, a user will get all these fixes by running Automatic Updates or manually running Microsoft Update. Doing so will also nab this month’s collection of less serious fixes. Attacks against these important-rated holes could result in denial-of-service, privilege escalation and/or login credential theft – nothing a user would want to deal with, but less dangerous than the critical risks that could by themselves allow for malware installation and the like. Source:

Communications Sector

38. August 12, Computerworld – (International) Asian undersea cable disruption slows Internet access. A segment of the Asia-Pacific Cable Network 2 (APCN2) undersea cable network between China and Taiwan suffered a serious cable fault on Wednesday, causing Internet traffic to be rerouted onto other undersea cables and slowing Internet access for some users in Southeast Asia. At about 10:50 a.m. on Wednesday, an alarm signaled a cable fault on Segment 7 of APCN2, which connects Hong Kong and Shantou, China. The disruption caused a temporary loss of service on the undersea link but all customers that use the cable were soon shifted to capacity on other cables, according to a source familiar with the situation. The APCN2 cable is owned by a consortium of 26 telecom operators from 14 different countries. The cable links Singapore, Malaysia, the Philippines, Hong Kong, Taiwan, China, South Korea and Japan.The exact cause of the APCN2 fault was not immediately known. Source: