Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 8, 2009

Complete DHS Daily Report for December 8, 2009

Daily Report

Top Stories

 The Minneapolis Star Tribune reports that cleanup crews worked on December 4 to contain at least 210,000 gallons of crude oil that spilled from a pipeline that connects a pumping station with the Flint Hills refinery in Rosemount, Minnesota. (See item 5)

5. December 4, Minneapolis Star Tribune – (Minnesota) Oil pipeline spills 210,000 gallons near Staples. Cleanup crews worked on December 4 to contain at least 210,000 gallons of crude oil that spilled from a pipeline in central Minnesota. The spill occurred about a half-mile north of the Long Prairie River, but there is no indication that it jeopardized nearby waterways, said a spokeswoman for the Minnesota Office of Pipeline Safety. “It appears there is no danger of river contamination,” she said. The spill came from a 16-inch pipeline that connects a pumping station with the Flint Hills refinery in Rosemount. The leak occurred in a wooded rural area about 3 miles southeast of Staples. It was discovered about 6:30 a.m., and the pipeline was immediately shut down, she said. Workers had been repairing the pipeline, but it was not immediately clear if that was connected to the spill, she said. Overseeing the cleanup with the state office was the pipeline safety arm of the U.S. Department of Transportation. Source:

 According to eWeek, two Kansas men are being accused of selling counterfeit networking gear they claimed was from Cisco Systems. Federal investigators say the scheme stretched from China to the United States. (See item 45 below in the Information Technology Sector)


Banking and Finance Sector

17. December 7, Bank Info Security – (National) ATM fraud: new skimming scheme spreads. Three ATM skimming operations in Maryland, Illinois and Georgia have netted thieves more than $120,000, according to law enforcement agencies investigating the crimes. These discoveries follow several recent incidents of ATM skimming in other states. Maryland State Police report that an ATM skimmer was placed on a Bank of America ATM in Eldersburg, Maryland, and that possibly $30,000 was taken last week. Police have removed the skimmer, but say there could be more. State police have reported other incidents at various other banks in Northern Virginia and Maryland. Two men reportedly were photographed installing the skimming device, which collected card information from customers. The men then come back, removed the device, made counterfeit ATM cards with their stolen information and withdrew money. In Illinois, thieves used a Bank of America ATM to steal $20,000. Police report the criminals installed a skimming device on a drive-up ATM in Mt. Prospect. The skimmer reportedly was used on October 11, 12, 24, and 25, as well as November 26-29 to steal $20,192 from 316 debit card accounts. The criminals removed the skimmer before employees could find it. Several bank customers complained Monday, November 30, about unauthorized withdrawals. That report came a week after a similar ploy in Buffalo Grove, where more than $70,000 was taken from an ATM at a Chase Bank branch. Chase Bank officials told police that security video recorded two suspects placing a camera and recording device on the ATM inside the lobby of the bank on November 14. The two then returned on November 16 and used account information that was recorded to withdraw funds from multiple accounts. Source:

18. December 6, WOOD 8 Grand Rapids – (Michigan) Possible security breach at Flagstar. There is the possibility of a security breach at Flagstar Bank, according to a letter it sent out to some customers November 25. A laptop owned by a bank vendor was stolen, and inside the computer were some customers’ social security numbers. “We have no reason to believe that the files with this information will be accessed or used inappropriately,” the letter states. “However, in the interest of caution, we felt it was important to inform you of this incident. We also have taken steps to place an alert on your home equity checking account and other deposit accounts in our system.” Letters were sent to customers who were possibly affected, but not every customer. The vendor is a company that helps Flagstar with services the bank provides, a representative said Sunday. Source:

19. December 4, IDG News Service – (National) HSBC exposed sensitive bankruptcy data. HSBC Bank says a bug in its imaging software inadvertently exposed sensitive data about some of its customers going through bankruptcy proceedings. In notification letters made public on December 3, the bank said it had redacted sensitive information in Chapter 13 bankruptcy proof-of-claim forms that were filed electronically, but that the information turned out to be viewable “as a result of the deficiency in the software used to save imaged documents.” An HSBC spokeswoman declined to elaborate on the cause of the problem, but said “a limited number of customers” were affected. HSBC has “no reason to believe customers’ personal information may have been compromised,” she added via e-mail. The company sent letters to affected customers in October and is offering them one year of free credit monitoring. Some customers of the following HSBC companies are affected: HSBC Taxpayer Financial Services, Beneficial New Hampshire and Household Finance Corporation. According to documents filed Thursday with the New Hampshire Attorney General’s office, HSBC failed to completely redact information on forms that were filed between May 1, 2007, and October 17, 2008. HSBC said it learned of the problem on July 9, 2009. The data disclosed may have covered HSBC credit card, line-of-credit or mortgage information, the company said. Source:

20. December 4, CNN – (National) Bank failure tally reaches 130. The nation’s tally of 2009 bank casualties hit 130 on December 4 when regulators shuttered a large Ohio bank, an Illinois bank, a Virginia bank and three small Georgia banks. The largest bank to fail was AmTrust Bank in Cleveland, Ohio. Regulators also closed Benchmark Bank in Aurora, Illinois, and Greater Atlantic Bank in Reston, Virginia. The Buckhead Community Bank in Atlanta, First Security National Bank in Norcross, The Tattnall Bank in Reidsville, all of Georgia, were also closed. Customers of all the six failed banks are protected, however. The Federal Deposit Insurance Corp., which has insured bank deposits since the Great Depression, currently covers customer accounts up to $250,000. Source:

Information Technology

43. December 5, The Register – (International) Germans devise attacks on Windows BitLocker. German researchers have devised five methods that determined attackers can use to bypass hard-drive encryption in recent versions of Microsoft operating systems. The methods, laid out by a research team from the Frauenhofer Institute for Security Information Technology, can be used to access files protected by BitLocker drive encryption contained in Windows Server 2008 and pricier versions of Windows Vista and Windows 7. BitLocker prevents files or entire volumes from being accessed without a user password being entered first. The researchers stress that the strategies are useful only for targeted attacks, such as those used in industrial espionage, where an attacker is willing to devote considerable effort to breaching a single individual’s security. They are not of much use in opportunistic attacks, such as those when an attacker happens upon a lost laptop. Still, they said their findings are useful because they demonstrate the limits of the protection. Source:

44. December 4, The Register – (International) Attack exploits just-patched Mac security bug. A security researcher has released a proof-of-concept attack that exploits critical vulnerabilities that Apple patched on December 3. The vulns stem from bugs in the Java runtime environment that allow attackers to remotely execute malicious code. Sun Microsystems patched the flaws early last month. “I know that having a POC in hand bumps Apple’s priority, so I sent them the POC and made them aware of the issue,” said the researcher, a co-founder of security firm Netragard. “I honestly wanted my browser fixed.” The researcher said he read through the patch details and researched where in OS X he thought the bug would be located. He sent the exploit to Apple employees on November 6, three days after Sun released a Java patch for Windows, Linux, and Solaris. Now that Apple has finally fixed the bug, he has gone ahead and made the code public. The exploit is fairly rudimentary, but the researcher said he plans to weaponize it soon. For the moment, browsers on unpatched systems that hit the exploit will crash. Behind the scenes, though, users will find their extended instruction pointers have been set to 0x41424344, a value that indicates a machine has been compromised. The code will also exploit unpatched Windows machines, the researcher said. Source:

45. December 4, eWeek – (National) Kansas men charged with dealing in counterfeit Cisco products. Two Kansas men are being accused of selling counterfeit networking gear they claimed was from Cisco Systems. According to a December 3 news release from the Department of Justice, a pair of the Kansas City, Kansas, area, are facing “one count of conspiracy, 30 counts of trafficking in counterfeit goods and one count of trafficking in counterfeit labels” in connection with a scheme that federal investigators say stretched from China to the United States. According to documents from the U.S. Attorney General’s Office in Kansas, one of the suspects in 2003 created a business called Deals Express. Two years later, the other suspect established a company called Deals Direct. Through their businesses, the two would allegedly buy counterfeit Cisco-branded computer hardware built in mainland China and Hong Kong, put counterfeit Cisco labels on it, package it in counterfeit Cisco boxes and sell it with counterfeit Cisco manuals. The hardware components, including network cards and connectors, were sent from China to addresses in Kansas as well as UPS stores in Seattle and Portland, Oregon, according to federal investigators. In 2005, the owner of Deals Direct created a website for the company called Direct2technology and reportedly began selling the counterfeit Cisco products on eBay. Authorities began seizing shipments of the counterfeit products in 2005 in Los Angeles, Louisville, Kentucky, and Wilmington, Ohio. Source:

Communications Sector

46. December 7, UK Telegraph – (International) Mobile phone networks face ‘crisis’ as data traffic surges. Network operators need to upgrade the 3G wireless network urgently, according to a report from Unwired Insight, which predicts that mobile web traffic will increase by more than 20 times over the next four years. Smartphones, such as the Apple iPhone, rely on the 3G technology to surf the internet on the go, show TV, download music and share photos on social-networking sites. But the growing popularity of these data-hungry devices is helping to push the phone network to its limits, say analysts. Watching an hour of YouTube clips is equivalent to sending a million text messages, while downloading a film over the 3G network equates to around 400,000 emails. And laptops that use a mobile broadband “dongle”, which enable users to surf the web over the mobile phone network, are also putting a huge strain on network capacity. The report, entitled “Will 3G networks cope?”, warns that some operators face the prospect of 3G capacity shortfalls, where there will be more users than available bandwidth. “We could face big problems in the next one to two years if the demand for mobile broadband keeps growing,” said a wireless technology consultant who contributed to the report. “It doesn’t mean that mobile phone networks will crash, but what it does mean is that the network will be very congested. We will see a slowing down of the network’s overall performance, and it will take longer to load web pages and download songs. “We’re going to see a lot of frustrated, dissatisfied customers who have paid for a service, and who don’t feel that it delivers.” The report from Unwired Insight warns that operators need to look at new technology to meet growing consumer demand for mobile data services. He said that upgrades to existing infrastructure, and the opening up of more capacity when the U.K. government auctions off the 3G spectrum next year, will not provide a long-term solution. He said that devices such as femtocells, which boost mobile phone signal strength in the home, and the roll-out of so-called ‘4G’ networks, known as LTE, would provide some additional capacity, but that network operators still faced a “bumpy road” over the next few years. Source:

47. December 7, Sandusky Register – (Ohio) Erie Co. 911 caller gets recording. A possible glitch in a phone company’s cellular tower gave a Sandusky woman the runaround when she called 911 on Tuesday, county officials said. “I’m very confident that this has to do with the programming that was done to an AT&T cell tower,” said the director at Erie County Emergency Management Agency. “This has to do with the phone carrier themselves.” An AT&T spokesman, however, said Thursday he is not aware of any issues with the company’s cellular towers. Source:

48. December 5, Palm Springs Desert Sun – (National) Verizon customers will see interruption in text-alert service. Hundreds of businesses, including the NCAA and Gannett Co., Inc., are unable to send text alerts to Verizon customers because of a dispute over advertising embedded in the alerts. Verizon, the international Internet broadband and wireless communications company, is blocking text alerts to mobile devices such as cell phones, BlackBerrys and the Droid sent through 4INFO, a California-based company that provides text alert capabilities for businesses across the country. People who have Verizon Wireless service stopped receiving text alerts Friday from the Desert Sun, the Packers and any other company that uses 4INFO’s 44636 short code service, which allows companies to embed a short line of advertising within each message. Short codes determine the content of the message, such as sports scores, weather or breaking news updates. “We have a dispute with Verizon, and as a result they have shut off access,” the 4INFO marketing director said Saturday. “Their issue is with the advertising.” Source: