Department of Homeland Security Daily Open Source Infrastructure Report

Monday, January 4, 2010

Complete DHS Daily Report for January 4, 2010

Daily Report

Top Stories

 According to the Associated Press, 7 miles of westbound Interstate 80 were closed December 30 in Venango County, Pennsylvania after a tanker overturned, spilling a toxic chemical across the highway. Nearby residents were asked to remain inside their homes as a precaution. (See item 6)

6. December 30, Associated Press – (Pennsylvania) Part of I-80W in W.Pa. closed after chemical spill. Seven miles of westbound Interstate 80 are closed in western Pennsylvania after a tanker overturned, spilling a toxic chemical across the highway. A Pennsylvania Department of Transportation spokeswoman says the road is closed from exit 35 to exit 42. The exits are near Clintonville, about 75 miles northeast of Pittsburgh. A Venango County 911 supervisor says drivers have been advised to keep their windows up when driving through the area to avoid inhaling the sodium hydrosulfide solution. She says the chemical is toxic and emergency workers have evacuated a 150-foot area around the spill. The supervisor says residents have not been evacuated from their homes but have been asked to remain inside as a precaution. Source:

 WFAA 8 Dallas-Fort Worth reports that the FBI is investigating a burglary at the John Kubala Water Treatment plant in Arlington, Texas on December 28. None of the secure treatment facilities were breached. Water officials took inventory of their chemicals, but no tampering was found. (See item 23)

23. December 30, WFAA 8 Dallas-Fort Worth (Texas) FBI investigating burglary at Arlington water treatment plant. The FBI is among those investigating a burglary at an Arlington water treatment plant. The John Kubala Water Treatment plant was broken into December 28, which was when someone cut through a chain link fence, police said. Copper tubing was stolen from a storage building at the plant, but city officials said none of the secure treatment facilities were breached. “Our water supply is secure; our water supply is safe” said an Arlington city council member. The FBI has been called in to check for any possible terrorism links. On December 29, water officials took inventory of their chemicals at the plant and police checked water towers across the city, but no tampering was found. Police are investigating to see if the crime is connected to another copper theft at a nearby recreation center in early December. Source:


Banking and Finance Sector

14. December 30, Wall Street Journal – (National) New CEO of Bank of America seeks credit card fix. When Bank of America Corp.’s new chief executive takes over next week, one of the first problems he will face is one he has already been grappling with —the bank’s credit-card business. Cards were already the responsibility of incoming CEO in his previous job as president of consumer and small-business banking. But the 50-year-old executive had only taken that job in August so had little time to get his hands around the problem. He did have enough time to realize that mistakes were made and the business had to change. “We gave a lot of cards out to our customers,” he said in a November 5 speech. “We were giving them to too many people.” He discussed a “repositioning” of the business that would rely less on borrowing and more on card transactions, while acknowledging that the business would not be as big or as profitable as it used to be. Source:

15. December 30, South Florida Business Journal – (Florida) Judge issues injunction in Haitian Ponzi scheme. A Miami federal judge has issued a permanent injunction against a Miami man charged in connection with a Ponzi scheme that targeted the Haitian-American community. The suspect and two others were charged in October with securities fraud, conspiracy to commit securities fraud, wire fraud and money laundering. According to the court order signed last week by the judge, the suspect failed to appear in court to answer to charges that he and his co-conspirators sold unsecured notes and promised to double investors’ money every 90 days. The order bars the suspect and his Delray Beach-based companies — HomePals Investment Club LLC and HomePals LLC — from continuing to sell securities. They allegedly sold the notes through HomePals. It was alleged that between April and December 2008 the three raised at least $14.3 million and used no more than $1.2 million to trade, generating losses of 19 percent. The rest of the money allegedly was used to repay earlier investors in “typical Ponzi scheme fashion,” according to a news release from the U.S. Securities and Exchange Commission. Two pleaded guilty to their roles in the scheme. Source:

16. December 28, Associated Press – (National) AP: Ponzi collapses more than tripled in ‘09. In 2009, the recession unraveled nearly four times as many of the investment scams as fell apart in 2008, with “Ponzi” becoming a buzzword again thanks to the collapse of an infamous financier’s $50 billion plot. Tens of thousands of investors, some of them losing their life’s savings, watched more than $16.5 billion disappear like smoke in 2009, according to an Associated Press analysis of scams in all 50 states. In all, more than 150 Ponzi schemes collapsed in 2009, compared to about 40 in 2008, according to the AP’s examination of criminal cases at all U.S. attorneys’ offices and the FBI, as well as criminal and civil actions taken by state prosecutors and regulators at both the federal and state levels. Source:

Information Technology

34. December 30, WIRED – (International) Facebook app maker hit with data-breach class action. RockYou, the popular provider of third-party apps for Facebook, MySpace, and other social-networking services, is being hit with a proposed class-action accusing the company of having such poor data security that at least one hacker got away with 32 million e-mails and their passwords. The suit accuses the maker of apps like “Slideshow” for MySpace and “Superwall” for Facebook of making its unencrypted customer data “available to even the least capable hacker.” “RockYou failed to use hashing, salting or any other common and reasonable method of data protection and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of web security,” according to the Monday complaint in San Francisco federal court. Redwood City, California-based RockYou admits the data was “breached.” The lawsuit claims a hacker known by the moniker “igigi” exploited an SQL injection flaw and “and removed the e-mails and passwords of approximately 32 million registered RockYou users.” The suit also accuses the company of failing to promptly notify consumers of the December 4 breach. A company spokeswoman said in an e-mail that RockYou “plans to defend itself vigorously. The company takes its users’ privacy seriously.” The company’s privacy policy said it “makes commercially reasonable efforts to ensure the security of our system,” yet its user database was stored in plain text, according to the lawsuit. Source:

For more stories, see items 25 below and 35 in the Communications Sector

25. December 30, Associated Press – (National) CDC warns of fake swine flu e-mails. Health officials are warning the public about fake e-mails inviting people to sign up for swine flu vaccine registrations. U.S. Centers for Disease Control and Prevention officials this week put out an advisory about the e-mails, which call for adults to create a personal H1N1 (swine flu) vaccination profile on the Web site. CDC officials say the e-mails appear to be spam messages designed by hackers to spread a computer virus. The CDC does not have such a vaccination program. Source:

Communications Sector

35. December 29, H Security – (International) 26C3: Network design weaknesses. At the 26th Chaos Communication Congress (26C3) in Berlin, a security researcher demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Attackers exploit many minor design flaws which allow “dangerous attacks” when combined, explained the Berlin-based security expert who last year investigated vulnerabilities in the basic TCP internet protocol. Overall, the “bugs” can reportedly be exploited to hijack a proxy server such as Squid and control all of the network traffic that flows through it. To demonstrate, he chose the Pidgin instant messaging software, where emoticons in MSN Chat are apparently known to be particularly vulnerable to attacks. The protocol’s flawed encoding of a text in binary enabled him to download an executable program and eventually gave the researcher a first foothold in the network. Next, the expert reportedly took a step back onto the access layer to target a driver for an ethernet network card in order to gain access to the network layer. He said that, in this case, he found a flaw in the way an e1000 Linux driver for Intel devices establishes the maximum packet or frame size, which is also called the Maximum Transmission Unit (MTU). This flaw reportedly involves the inability to securely differentiate in any circumstance between “jumbo frames” for gigabit ethernet and their counterparts in networks with lower transmission rates. Furthermore, all the pertinent security advisories released by Intel and Red Hat apparently misinterpreted the flaw, allowing the firewall to be overcome as well. The hacker’s last step for gaining control of the network’s web traffic was apparently made easier because the Squid server in question also stores the Domain Name System (DNS) traffic in a 24-hour cache. The expert said that the authentication used in the process has been frequently criticized because attackers only need to find 32 matching bits to hack it. Using targeted requests, the researcher reportedly managed to trigger a cache confusion and find an exploitable open port. Finally, a flawed TCP implementation allowed the hardware filter to be bypassed by transmitting a sequence of useless patches. He concludes: “Isolated vulnerabilities don’t exist.” The expert said that the security of network components depends on that of their respective environments. Source: