Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 21, 2009

Complete DHS Daily Report for August 21, 2009

Daily Report

Top Stories

 A Greenpeace press release announces that a new survey of data on 18 “high risk” chemical facilities in 16 states shows that they put more than 27 million people at risk of sudden death or injury in the event of a terrorist attack or accident. The analysis combined reports filed with the Environmental Protection Agency with data from the Environmental Systems Research Institute, the U.S. Geological Survey, and reports by the Congressional Research Service and the Center for American Progress. (See item 5)

5. August 20, Greenpeace – (National) Millions living in chemical disaster zones in 16 states. A new survey of data on 18 “high risk” chemical facilities in 16 states shows that they put more than 27 million people at risk of sudden death or injury in the event of a terrorist attack or accident. Contained within the first five miles of the risk zones surrounding these plants are 1,702 schools and 94 hospitals in the sampled states, including Michigan, Pennsylvania, Texas, Utah and Louisiana. Chemical plant risk zones frequently extend more than 10 miles downwind into densely populated urban areas due to the bulk storage or use of poison gases such as chlorine. Twelve of the 18 plants examined each put one million or more people at risk. More than 1,700 plants in these 16 states each put 10,000 or more people at risk. The good news, however, is that these risks are preventable. Since 1999, at least 287 chemical facilities nationwide have eliminated these risks to 38.5 million Americans by converting to safer chemicals. In these 16 states there are 162 plants using safer chemical processes that eliminated these risks for 21.6 million people. The analysis combined chemical facility reports filed with the Environmental Protection Agency with data from the Environmental Systems Research Institute, the US Geological Survey and reports by the Congressional Research Service and the Center for American Progress. The Department of Homeland Security has identified 6,300 “high risk” chemical facilities in the U.S. The Congress is now considering legislation that could reduce or eliminate these risks in the event of a terrorist attack or accident by requiring the use of safer chemical processes. More than 100 million Americans live in “vulnerability zones,” surrounding just 300 chemical plants. Source:

 The Beaumont Enterprise reports that a tornado hit Beaumont, Texas’ retail corridor Tuesday afternoon, collapsing store roofs, overturning vehicles, and causing minor injuries. Hardest hit were a Kohl’s department store and a Wal-Mart. (See item 50)

50. August 18, Beaumont Enterprise – (Texas) Beaumont tornado causes fear and panic, no fatalities. A tornado sliced through the heart of Beaumont, Texas’, retail corridor Tuesday afternoon, collapsing store roofs, overturning vehicles, and causing minor injuries but no deaths. The twister, which was preliminarily rated an EF-1 with winds of 86 to 110 mph, closed several area big-box retailers. Hardest hit were a Kohl’s department store that lost a third of its roof and saw several shoppers briefly trapped in dressing rooms, and a Wal-Mart where winds rippled the roof, flipped over several vehicles in the parking lot and hurled shopping carts through the sky. Wal-Mart employees were readying the store to reopen as soon as possible, a company spokesman said late Tuesday from Arkansas. Source:


Banking and Finance Sector

16. August 20, Bloomberg – (National) AIG customers sue insurer for not covering Madoff fraud losses. American International Group Inc. customers with homeowners’ insurance policies accused the company in a lawsuit of denying coverage for losses suffered in the largest Ponzi scheme in history. The suit was filed on August 19 in Manhattan federal court by two individuals of Los Angeles, who had homeowners’ policies through AIG subsidiaries and who lost money in the scandal. They say AIG will not pay for their losses “even though the fraud is covered by the policies.” Other insurers have also fielded related claims to the Ponzi scheme. XL Capital Ltd. has received 36 claims tied to scheme, the head of insurance operations for XL Capital Ltd said July 29. XL has adequate reserves, he said. Source:

17. August 20, Denver Post – (National) Admitted swindler Merriman charged in Denver. When federal marshals clasped the handcuffs on a accused Ponzi schemer in federal court on August 19, more than 20 of his alleged victims stood up and applauded. The moment came minutes after he was formally charged by the U.S. attorney’s office with mail fraud for his method of delivering bogus financial statements that declared huge profits for his investors. The schemer pleaded not guilty to criminal mail fraud and a count of asset forfeiture. But he is expected to change those pleas in a settlement with the U.S. attorney’s office, according to letters federal prosecutors sent to his victims. During the hearing the schemer’s attorney acknowledged that his client had confessed his crimes and would not be contesting prosecutors’ move to keep him jailed until the charges are resolved. Prosecutors say schemer ran a Ponzi scheme for 15 years, cheating dozens of people of up to $20 million. Instead of investing their money in securities, he squirreled away their cash to fund his own world travel, safari hunting and art collection. In recent months, he confessed to authorities and his friends, phoning them or showing up at their doors to apologize. Source:

18. August 20, Bloomberg – (National) FDIC may add to special fees as mounting failures drain reserve. Colonial BancGroup Inc.’s collapse and the prospect of mounting failures among regional lenders may prompt the Federal Deposit Insurance Corp. to impose a special fee as soon as next month to boost reserves by $5.6 billion. The FDIC board might act sooner than expected after the August 14 failure of Alabama-based Colonial cost the agency’s insurance fund $2.8 billion, and as banks such as Chicago-based Corus Bankshares Inc. report dwindling capital and Guaranty Financial Group Inc. of Austin, Texas, says it may fail. The fund fell to the lowest level since 1992 in the first quarter. “With the failure of Colonial Bank and the possible near-term failures of one or two more large banks, the FDIC may be forced to levy a special assessment on the industry sooner than it had planned,” said the president of the Independent Community Bankers of America, an industry group. The failure of 77 banks this year is draining the fund, prompting the agency in May to set an emergency fee of 5 cents for every $100 of assets, excluding Tier 1 capital, to raise $5.6 billion in the second quarter. The agency has authority to set fees in the third and fourth quarters, if needed, to prevent a decline in the fund from undermining public confidence. Source:

19. August 19, Datamonitor – (International) Emerging alternatives to chip and PIN to tackle card fraud in the U.S. Card fraud is expected to increase in the United States with the country still no nearer to introducing the chip and PIN technology which has proved successful in Europe. With fiscal pressures particularly evident in the current economic climate, technology vendors are rushing to pilot alternative solutions to the costly chip and PIN option. With the recent adoption of chip and PIN technology in Canada and Mexico, following its successful adoption in Europe, fraudsters are expected to increasingly target the U.S. market. A recent survey by Actimize found that around 66 percent of bankers, card issuers or payment processors anticipate U.S. card fraud levels to increase, with 11 percent expecting a significant level of fraud growth in the near future due to progressing technology upgrades in Canada. U.S. institutions appear to be aware of this apparent threat, yet the U.S. card industry remains reluctant to embrace chip and PIN. Although the introduction of the technology has proven successful in reducing card-present fraud, it remains a costly solution. While chip cards cost $1.25 to $1.50 each, compared with 20 cents for magnetic stripe cards, the technology also requires upgrades to ATM fleets and point-of-sale devices. In the United States, because the current infrastructure is considered to be reasonably secure, fraud losses are written off as a manageable cost of doing business. Moreover, given the impact of the current economic climate on the banking industry, the focus is not on expensive initiatives but on survival. Source:

Information Technology

41. August 19, Internet Evolution – (International) Nasty malware attack targets web developers. There is a nasty bug going around the Web that targets developers. When a developer visits an infected site, the page installs a virus on their machine that silently copies the passwords stored in FileZilla, CuteFTP, and possibly other File Transfer Protocol (FTP) client software, and sends them to a central server. The server then runs a bot to access all sites for which credentials have been stolen and installs an iframe injection attack on many pages, further spreading the infection. Infected sites occasionally break if they use the Web scripting language PHP, but frequently they continue to operate, and thus infect more users with the virus. When a search engine such as Google detects the infection in a site, they may remove the site from their index, resulting in a financial loss to the site owner. Some browsers may flag the site as infected and show a warning that scares away users. This attack is interesting because of the way it spreads, and the risk to developers. No one would want to be the freelance Web professional who has to explain to a few dozen clients why their sites all got hacked. Presumably, this attack vector will eventually be used to install a payload, such as software for sending spam or executing denial-of-service attacks. After all, today’s best malware is all about making money. Source:

42. August 19, The Register – (National) Obama site smackdown spam only offers malware. Spam messages offering links to a tool designed to knock out the website of the U.S. President lead only to malware. Junk mail ostensibly promoting software that allows anti-Obama-ists to become cyberactivists says: “If You don’t like Obama come here, you can help to ddos his site with your installs.” The terse spam message links to a website where prospective marks are offered money for installing the “packet flinging” tool. Visitors to the site advertised by the spam are told to come back regularly for updates and warned that security scanner software may come to identify the software on offer as malign, and consign it to quarantine. That is certainly true, though not for the reasons suggested. The spam was one theme of a larger spam run, reports email security firm Proofpoint. Other spam messages in the series offered more typical lures, such as pornography, while again pointing to the same malware download. As Proofpoint helpfully explains, users would be foolhardy to take the description offered by hackers at face value. Leaving aside ethical concerns and potential for prosecution, it is always more likely that any supposed U.S. President website attack tool would turn compromised machines into spam-relaying zombies than anything else. “Regardless of your political leanings — installing such software is a really bad idea,” Proofpoint concludes. Source:

43. August 18, San Francisco Chronicle – (International) Apple looking into reports of exploding iPhone/iPod Touches. Apple’s iPhones and iPod Touches are being examined by the European Commission after a few incidents in which the devices exploded. There are reportedly two incidents in France involving an iPhone and one in Britain with an iPod Touch. A spokesperson for the commission said that Apple was cooperating and labeled the incidents “isolated.” An Apple spokesperson told Reuters that the company was aware of the reports but would not comment until receiving more information. In one case, a teenager in France was hurt when an iPhone overheated, hissed and shattered, sending glass into the boy’s eyes. A similar incident in Britain reportedly occurred with an iPod Touch that exploded and flew into the air. KIRO TV in Seattle obtained 800 pages of documents from the Consumer Product Safety Commission that found there have been 15 reports of burn and fire-related incidents involving iPods. Last year, after the Japanese government warned of fire risks from iPod Nanos, Apple offered to replace batteries in some of the devices. Source:

Communications Sector

44. August 20, Data Center Knowledge – (National) State Dept. to consolidate data centers. The U.S. State Department has posted a notice indicating it will consolidate its data center, according to Federal Computer Week. The consolidation plans are described in a presolicitation notice on the Federal Business Opportunities Web site. The project “includes a broad range of services not limited to hardware and software evaluation and recommendations, configuration management system design and implementation, physical server virtualization and transition, and LAN administration support for server transition and consolidation,” the document states. The U.S. President’s stimulus plan includes $290 million for a “Capital Investment Fund” for the Department of State to beef up its IT security and mission-critical operations, with $38 million of that earmarked for the Agency for International Development. Source:

45. August 19, Localtechwire – (North Carolina) ‘Cloud computing’ likely to be focus of Apple’s $1B NC data center. Apple’s new $1 billion data center that is to be built in western North Carolina reportedly will be a mammoth, 500,000-square-foot structure with a focus on ‘cloud computing.” So says the editor of Data Center Knowledge, a magazine focused on the data hosting market. In June, North Carolina’s General Assembly passed legislation awarding generous tax incentives if Apple chose to build its East Coast data center in North Carolina. However, Apple has been very tight lipped about some details of the project. “Apple is planning about 500,000 square feet of data center space in a single building,” the editor told the web site Cult of Mac. “That would place it among the largest data centers in the world â_¦ This would qualify as a big-aâ_¦data center.” The editor said the size of the facility implies that it would be for much more than supporting “apps,” or applications, for Apple devices. He therefore believes the data center would be built to host servers to provide cloud computing capacity. Apple’s existing data center in California covers 109,000 square feet. The new center will be built in Maiden, North Carolina on a 255-acre site. Source: