Department of Homeland Security Daily Open Source Infrastructure Reprot

Friday, October 30, 2009

Complete DHS Daily Report for October 30, 2009

Daily Report

Top Stories

 According to the Associated Press, an oil tanker ran aground off southeastern Puerto Rico after being rerouted because of a massive fuel depot explosion, but did not spill any of its cargo, officials said on October 28. (See Item 1)

1. October 28, Associated Press – (Puerto Rico) Tanker rerouted from fuel depot runs aground in PR. An oil tanker ran aground off southeastern Puerto Rico after being rerouted because of a massive fuel depot explosion, but did not spill any of its cargo, officials said on October 28. The Port Stewart, a Marshall Islands-flagged vessel, got stuck in sand and mud about 3 miles from Yabucoa on Tuesday, the Port Authority director said. Crews secured the tanker and unloaded 136,000 barrels of fuel. The U.S. Coast Guard reported finding no leaks during an inspection of the ship. Arriving from the French Caribbean island of Martinique, the Port Stewart was originally scheduled to unload at the Caribbean Petroleum Corp. in Bayamon, just west of San Juan, where 21 fuel tanks caught fire early Friday and burned for three days, spewing thick toxic smoke across the region. Officials diverted the 570-foot tanker to Shell facilities in Yabucoa. Source:

 The Washington Post reported that as increasing numbers of children are coming down with swine flu, more parents are facing a shortage of liquid Tamiflu for children. Spot shortages of the liquid form of the antiviral medicine are forcing mothers and fathers to drive from pharmacy to pharmacy, often late into the evening after getting a diagnosis and prescription from a pediatrician, in search of the syrup recommended for the youngest victims of the H1N1 pandemic. (See Item 28)

28. October 29, Washington Post – (National) Tamiflu shortages have parents on wild dose chase. As increasing numbers of children are coming down with swine flu, more parents are facing a shortage of liquid Tamiflu for children. Spot shortages of the liquid form of the antiviral medicine are forcing mothers and fathers to drive from pharmacy to pharmacy, often late into the evening after getting a diagnosis and prescription from a pediatrician, in search of the syrup recommended for the youngest victims of the H1N1 pandemic. The drug can make the flu milder, go away more quickly and may cut the risk of potentially life-threatening complications. The shortages are being caused by a surge in demand because of the second wave of swine flu sweeping the country, combined with a decision by Roche, the Swiss company that makes the medication, to focus on producing it in capsule form. In response, the government has shipped to states hundreds of thousands of five-day courses from the Strategic National Stockpile, which is on standby in case there are disease outbreaks or bioterrorism attacks. Officials have also instructed doctors to suggest that pharmacists mix the powder from capsules with syrup to make a liquid for children if the company’s version is unavailable. Source:


Banking and Finance Sector

13. October 29, Washington Post – (National) Credit-rating bill clears committee. A House panel on October 28 voted to tighten controls on credit-rating firms in response to complaints that the firms misjudged the risks of many of the mortgage-related securities that sank financial markets last year. The House Financial Services Committee threw bipartisan support behind a bill that would try to reduce the conflicts of interests at rating firms and make it easier to sue them when they make flawed findings. The three big credit-rating firms — Moody’s, Standard & Poor’s and Fitch Ratings — have faced stinging criticism in the past two years for giving high marks to mortgage-related securities that were backed by subprime or otherwise risky loans, helping instill a false sense of confidence among investors in the investments being sold by banks. Source:

14. October 29, Nashville Tennessean – (Tennessee) Nashville banks report skimming thefts at ATMs. Metro Police believe Nashville bank ATMs have been targeted by an organized skimming operation. So far, 39 people have reported that their ATM cards have been compromised, but investigators said Wednesday that they believe there may be hundreds of victims across the city and most of them may not even realize their information has been stolen. Police say the suspects, described as three white men with European accents, may have left town. They are believed to be traveling from city to city in groups, staying for two or three days before moving on. Metro Police have contacted agencies in Florida, Georgia and North Carolina that reported similar fraud operations. In Nashville, the suspects were able to steal nearly $30,000 by installing skimmer devices on bank ATM machines. When a customer places his or her card into the machine, the skimmer records the card number and the personal identification number. Source:

15. October 28, American Banking News – (National) Consumer Alert: Fake credit unions ripping-off customers with advanced-fee loan scams. It’s been reported that a new wave of fake credit unions are promising to loan people at under-market interest rates. These fake credit unions are offering consumers unusually good loans then charging them with a “processing fee” for the loan application. Once they receive the processing-fee from the customer, they take the application fee and “deny the loan”, but it turns out the supposed “credit union” probably doesn’t actually exist and there was never a possibility that the consumer would get a loan to begin with. One allegedly fraudulent operation was running ads in national newspapers around the country promising that it had money to lend. The Los Angeles Times was one of many newspapers that ended up running the ads. The fake credit union even listed a real address that turned out to be the street address of a shopping mall! Two state agencies from Michigan and Pennsylvania exposed that particular operation, but there is still the possibility that similarly minded con artists will use the same scam to get more money out of victims. Source:

16. October 28, Dow Jones Newswires – (National) FDIC warns consumers about fraudulent bank closure emails. The FDIC this week issued a consumer alert warning people not to click on links provided in emails alerting customers to bank closures, fraudulently said to be from the FDIC. The links lead to downloadable files containing password-stealing software. “If their bank should happen to fail, there’s absolutely nothing the consumer has to do,” an FDIC spokesman said. The FDIC so far has shut down 106 banks this year—the highest number in any single year since 1992. Source:

Information Technology

35. October 29, Computer World – (National) Amazon downplays reports of vulnerabilities in its EC2 cloud service. Amazon says it has taken steps to mitigate a security issue in its cloud computing infrastructure that was identified recently by researchers from MIT and the University of California at San Diego. The report described how attackers could search for, locate, and attack specific targets in Amazon’s Elastic Computer Cloud (EC2) because of certain underlying vulnerabilities in the infrastructure. Though the attack described in the report was conducted against Amazons infrastructure, the researchers concluded that similar targeted attacks could be carried out in other cloud services as well because the vulnerabilities were generic. In response, an Amazon spokeswoman said on October 28 that the report describes cloud cartography methods that could increase at attacker’s probability of launching a rogue virtual machine (VM) on the same physical server as another specific target VM. What remains unclear, however, is how exactly attackers would be able to use that presence on the same physical server to then attack the target VM, she told Computerworld via e-mail. The research paper itself described how potential attackers could use so-called “side-channel” attacks to try and steal information from a target VM. The researchers had argued that a VM sitting on the same physical server as a target VM, could monitor shared resources on the server to make highly educated inferences about the target VM. Source:

36. October 28, IDG News Services – (National) Twitter warns of new phishing attack. Twitter warned users Tuesday of a new phishing scam on the social networking site. It is the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords. The message reads, “hi. this you on here?” and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99. Neither of these pages appears to include any type of attack code, but both should be considered untrustworthy, according to a Sophos Technology consultant. Hacked Twitter accounts are a great launching pad for more attacks, he said. “We don’t know precisely what they’re going to do in this case, but often they will send spam messages to advertise a particular site.” Source:

37. October 28, CNET – (International) Survey: Few companies addressing cyberterrorism. Cyberterrorism is on the rise around the world. But only one-third of companies are tackling it in their disaster recovery plans, says a survey released October 27 by data center association AFCOM. Although the majority (60.9 percent) of companies questioned see cyberterrorism as a threat to be addressed, “AFCOM’s 2009/2010 Data Center Trends” survey found that only 24.8 percent have adopted it in their policies and procedures manuals. Further, only 19.7 percent provide cyberterrorism training to their employees. Around 82 percent do run background checks on new hires. But that still leaves almost 20 percent of all data centers that don’t perform security checks on new employees, even those working directly with personal, financial, and even military records, noted AFCOM. AFCOM noted that over the past five years, 63 percent of all its data center members have seen a dramatic rise in the amount of information they need to store and protect. The report urges data center managers to include cyberterrorism in their disaster recovery and security plans. Source:

For another story, see item 12 below:

12. October 28, Nextgov – (National) Federal, industry reps call for national standards to report data breaches. The Homeland Security Department should establish a national standard to encourage companies and individuals to report data breaches to federal authorities, helping them gauge the intensity of cyberattacks and investigate cybercrime, security professionals said on October 28. Federal agencies are required to report data breaches to the U.S. Computer Emergency Readiness Team, which is part of DHS. Reporting requirements for companies, however, vary by state. California was the first state to pass a law requiring companies to disclose when unencrypted personal information in their databases have been accessed by someone not authorized to view it. Most states have since passed variations of the disclosure law. A national breach notification system is needed because companies and individuals are the main targets for cyber criminals, whose goal typically is to steal credit card information and bank credentials. According to Symantec’s 2008 Internet Security Threat Report, 90 percent of all threats target confidential information that, once stolen, is sold. Consumers are particularly vulnerable to cyberattacks because one in five individuals fail to protect personal information on their computers and 40 percent do not update or patch their operating systems. Symantec also said rogue security software, which relies on scare tactics to fool users into downloading malicious code by posing as legitimate antivirus programs, is on the rise. The company identified 250 such programs and received 43 million reports from customers of installation attempts. Because most cyberattacks focus on individuals and companies, a national standard for breach notification would provide a more accurate picture for security vendors and federal law enforcement agents. Companies are reluctant to report incidents of cyberattacks, in fear that they will be held accountable for the data loss and possibly lose business or be fined. Source:

Communications Sector

See item 32 below:

32. October 29, New Jersey Star Ledger – (New Jersey) N.J. 911 dispatcher couldn’t pinpoint slain Chatham priest’s call due to glitch in outdated system. Minutes before he was killed, a Chatam, New Jersey man dialed 911 from his cell phone, but help never arrived. The State Police received the call, but the dispatcher was unable to determine the location of the emergency. An investigation into last week’s murder has highlighted a glaring flaw in the state emergency response system. It is not a fault of the police, but of the technology. State officials said dispatchers are sometimes unable to locate a distressed caller using a cell phone. While the state has spent at least $60 million on upgrades in the past five years, outdated phone technology and lagging police equipment — and the occasional glitch — can hamper emergency efforts. Industry experts said cell phones, which are quickly replacing landlines in U.S. homes, are a double-edged sword for emergency management. On one hand, the public can contact police from virtually anywhere on a moment’s notice. On the other hand, cell phones are not tethered to an address like landlines, making it more difficult for police to quickly locate the caller. This failure is critical in a state like New Jersey, where more than half of the 7.5 million 911 calls made last year came from cell phones, a state spokeswoman said. Source: