Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 10, 2009

Complete DHS Daily Report for November 10, 2009

Daily Report

Top Stories

 Bloomberg reports that oil companies in the Gulf of Mexico are evacuating workers and halting some output on November 9 as Hurricane Ida blows through the region, which accounts for more than a quarter of U.S. crude production. (See item 3)

3. November 9, Bloomberg – (National) Oil producers move staff, halt output on hurricane. Oil companies in the Gulf of Mexico are evacuating workers and halting some output as Hurricane Ida blows through the region, which accounts for more than a quarter of U.S. crude production. BP Plc evacuated non-essential staff and shut some of its Gulf output. “Some precautionary curtailment of production has taken place,” BP said in a recorded statement on its hotline. Ida is the first storm to disrupt output in the Gulf this hurricane season, which runs from June to November. Chevron Corp., the second-largest U.S. oil company, has also halted “some production” at its Gulf of Mexico platforms, according to its Web site. The company moved some non-essential workers out of the area, a spokesman said on November 8. Anadarko Petroleum Corp., the second-largest producer of natural gas in the U.S., evacuated workers and secured some facilities in the Eastern Gulf of Mexico, the company said on its Web site. No production has been shut, the company said in a statement on November 8. Ida’s maximum sustained winds slowed to about 80 miles (130 kilometers) per hour, from 105 mph earlier today, the U.S. National Hurricane Center said in its latest advisory. Ida’s center was located about 235 miles south-southeast of the mouth of the Mississippi River at 6 a.m. U.S. Central time, it said. The Category 1 storm was moving north-northwest at 16 mph and may still be at hurricane strength when it approaches the U.S. Gulf Coast near Alabama and the Florida Panhandle in the early hours of tomorrow morning. Exxon Mobil Corp., the world’s biggest oil company, said its operations in the Gulf of Mexico are normal and it’s monitoring the weather, according to an e-mail from a spokesman. Royal Dutch Shell Plc said it’s “securing” offshore facilities though drilling is not affected. A hurricane warning, meaning hurricane conditions are expected within 24 hours, is in effect from Pascagoula, Mississippi, to Indian Pass, Florida, the agency said. It does not include the city of New Orleans. Source:

 According to PR Newswire, the House of Representatives approved on November 6 the “Chemical Facility Anti-Terrorism Act of 2009,” which is the first time either house of Congress has approved permanent and comprehensive chemical security legislation. (See item 9)

9. November 6, PR Newswire – (National) Historic chemical security compromise approved by House. The House of Representatives approved on November 6 the “Chemical Facility Anti-Terrorism Act of 2009.” This is the first time either house of Congress has approved permanent and comprehensive chemical security legislation. Earlier this week, Clorox announced plans to convert all of their U.S. facilities from ultra-hazardous chlorine gas to liquid bleach to “strengthen our operations and add another layer of security,” according to their CEO. Clorox also indicated that these changes “won’t affect the size of the company’s workforce.” Since 9/11 more than 200 chemical facilities have converted to safer chemical processes, eliminating poison gas risks to more than 30 million Americans. Yet 300 other chemical plants together put 110 million Americans at risk. The bill will conditionally require the highest risk plants to use safer chemical processes where feasible and cost-effective and requires the remaining high risk plants to “assess” safer chemical processes; eliminate the current law’s exemption of thousands of chemical facilities, such as waste water and drinking water plants and port facilities; involve plant employees in the development of security plans and provide protections for whistleblowers and limit background check abuses; preserve state’s authority to establish stronger security standards; provide funding for conversion of plants, including drinking water facilities and wastewater facilities, and allow citizen suits to enforce government implementation of the law. Source:


Banking and Finance Sector

19. November 9, Business Insider – (International) WaMu blamed in $200M millenium bank Ponzi scheme. Washington Mutual allegedly enabled a nearly $200 million Ponzi scheme, and now JPMorgan Chase has to deal with the victims’ lawsuit. According to the class action, filed in San Francisco federal court, WaMu “actively and knowingly participated in the fraudelent activities” of Millennium Bank, a Carribean financial institution that sold high-yield CDs on the internet but was really a “massive Ponzi scheme.” Millennium used WaMu accounts in Napa and was kept as a bank client despite two audits, according to the suit: “WaMu’s involvment was critical to the successful execution and obfuscation of this fraudulent scheme.” In March, the SEC filed an action against Millennium, alleging that they operated an over $150 million Ponzi scheme. Source:

20. November 9, WSMV 4 Nashville – (National) 600 Potentially Scammed By ATM Skimmers. At least 600 individuals are potential victims of a ATM card skimming scheme in the Nashville area. 60 people had fraudulent withdraws from their accounts for anywhere between 100 and 5,000 dollars. Police said the card skimmer goes over the normal card reader. A transaction can still be made and cash received, but the thieves then have everything they need to tap into an individual’s account. Investigators said five Bank of America ATMs have been hit, as well as an unknown number of US Bank ATMs. Police said the problem is not isolated to Nashville. “This sale that came through Nashville was in St. Louis and Kansas City prior to coming to Nashville,” said a police lieutenant. “They left here, and we had some of our victims’ stuff compromised in Bowling Green, so we think they went north, and now the last location is that they’re using our victims’ information in Las Vegas.” Police said customers who still choose to use an ATM should get cash and try to frequent the same machine, paying close attention to any changes to the card reader. Source:

21. November 7, Bloomberg – (California) UCBH holdings’ bank is seized, 120th U.S. lender shut this year. UCBH Holdings Inc.’s United Commercial Bank, a San Francisco-based lender with $11.2 billion in assets, was seized by regulators, becoming the 120th U.S. bank to fail this year. United Commercial was bought by East West Bancorp of Pasadena, California, the Federal Deposit Insurance Corp. said. United Commercial was the fifth U.S. lender to be seized by regulators on November 6 as banks fail at the fastest rate since 1992. East West paid a premium of 1.1 percent to acquire United Commercial’s $7.5 billion in deposits, and picks up 63 U.S. branches as well as banking operations in China. East West said it is now the second-largest independent bank based in California, and the largest in the U.S. specializing in serving Asian-Americans. East West and the FDIC will share losses on $7.7 billion of assets. The agency agreed to share losses on other deals, including Ameris Bancorp’s acquisition of United Security Bank of Sparta, Georgia. Based in Moultrie, Georgia, Ameris paid a premium of 0.36 percent to purchase $150 million in deposits. The loss-sharing agreement covers $123 million of assets. Four other banks failed on November 6 including Prosperan Bank Alerus Financial in Minessota, United Security Bank Ameris Bank in Georgia, Gateway Bank of Central bank in Kansas, and Home Federal Savings Bank/Liberty Bank and Trust of Illinois and Louisiana. Source:

22. November 6, Graphic Arts Online – (National) Printing broker charged in Ponzi scheme. The owner of printing brokerage Minnesota Print Services, Andover, Minnesota, was charged with 36 counts of securities fraud for a Ponzi scheme where investors backed phony printing contracts. The defendant owes investors $53 million and admitted in a criminal complaint filed November 5 in Hennepin County district court that from between 2005 and September 2009 he engaged in fraudulent conduct here he solicited investments for fictitious printing contracts. During this period, he obtained investors from Minnesota, California, Georgia and Illinois, promising returns of 10% to 12% within 60 to 90 days. Those investors that did earn the promised return were paid from funds received by new investors. According to the complaint, the scheme started shortly after the defendant began seeking investors for “additional capital for the continuation of his business.” Later, he began to supplement his business by selling interests in fictitious contracts. Source:

Information Technology

40. November 8, The Register – (International) World’s first iPhone worm Rickrolls angry fanbois. iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of a famous performer that is not easily removed. The attacks, which researchers say are the world’s first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple’s default root password of “alpine.” In addition to showing a picture of the performer, the new wallpaper displays the message “ikee is never going to give you up,” a play on the performer’s 1987 hit “Never Gonna Give You Up.” Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling. A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the default password and SSH, a Unix application also known as secure shell. People posting to this thread on Australian discussion forum Whirlpool first reported being hit on November 6. The attack is a wakeup call for anyone who takes the time to jailbreak an iPhone. While the hack greatly expands the capabilities of the Apple smartphone, it can also make it more vulnerable. Source:

41. November 7, ComputerWorld – (International) Mozilla fixes Firefox crash bug. Just a week after it last updated Firefox, Mozilla has rushed out a new version of its browser to fix a crash bug that programmers inadvertently introduced. Firefox 3.5.5, which Mozilla posted for download on November 5, fixes a small number of what the company called “stability issues” in the release notes that accompanied the update. Unlike almost all interim updates that Mozilla issues about once every six weeks, version 3.5.5 did not patch any security vulnerabilities. The main bug quashed on November 5 was one that was causing a high number of crashes in the Windows version of Firefox 3.5.4, the update that Mozilla launched October 27 to patch 16 flaws. Firefox 3.5.5 also fixes a stability bug in the Mac version, and another crash problem in the Windows and Mac editions. Mozilla’s older browser, Firefox 3.0, was not affected by the bugs. The most up-to-date version of that edition is Firefox 3.0.15, which was also released October 27. Source:

42. November 6, Softpedia – (International) Attack Hits Swedish Signals Intelligence Agency’s Website - Possibly a protest to recent Internet traffic monitoring activities. The website of the Swedish National Defence Radio Establishment (Forsvarets Radioanstalt) has been the target of a prolonged denial of service (DoS) attack this week. There is some speculation that the incident was caused to protest to the agency’s new role of intercepting and monitoring Internet traffic passing through Sweden. Forsvarets Radioanstalt (FRA) is an intelligence agency of the Swedish government, subordinated to the country’s Ministry of Defence. The DoS attack on FRA’s website began on November 2 and according to a report from the Pingdom uptime monitoring service, extended well into November 3 and 4. This type of attack involves overloading a server with bogus requests until it is unable to process legit ones. The total downtime suffered was of almost 29 hours, but according to an official announcement (in Swedish), it did not affect the agency’s work. Source:

Communications Sector

See Item 38 below:

38. November 7, Chicago Sun-Times – (Illinois) Fire at police HQ shuts phone, internet. A small fire that broke out in a Chicago Police Headquarters phone room Saturday morning may be responsible for the phone and computer outages the department continues to deal with Saturday afternoon. About 11:50 a.m., crews responded to a “small fire” in one of the telephone rooms at police headquarters, 3510 S. Michigan Ave., the Fire Media Affairs Director said. Three trucks reportedly responded to the scene, according to a police source. The fire, which was likely electrical in nature, was put out quickly, the fire media affairs director said. The building was not fully evacuated. The small fire did, however, cause “some kind of outage,” he said. A Police News Affairs Officer said officers were reaching out to the 911 dispatch center through cell phones while their office phones and computer systems were down. Source: