Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, January 6, 2010

Complete DHS Daily Report for January 6, 2010

Daily Report

Top Stories

 According to the Reading Eagle, a fire at chemical distributor Brenntag North America Inc. in Ontelaunee Township, Pennsylvania brought out dozens of firefighters Monday evening. (See item 5)

5. January 5, Reading Eagle – (Pennsylvania) Fire strikes chemical distributor in Ontelaunee Township. A fire at an Ontelaunee Township chemical distributor brought out dozens of firefighters the evening of January 4, but the blaze was contained to a truck wash and maintenance building, fire officials said. The 8 p.m. fire was reported at Brenntag North America Inc., 5083 Pottsville Pike, also known as Route 61. One firefighter suffered a minor hand injury and was treated by medical personnel at the scene. The initial damage estimate was $10,000, said the Leesport Fire Marshal. He said the cause of the fire was unknown but that it was possibly electrical. According to the fire marshal, Brenntag workers noticed the fire around an electrical panel in the maintenance building. They tried to put it out and called 911. The chemical distribution company, with hazardous chemicals on the site, is considered a high-risk facility. The first units on the scene reported heavy smoke, which could be seen for miles. The fire was in a wall when firefighters arrived, and they removed part of the wall and roof to extinguish the blaze, he said. Operations at the facility were suspended while fire crews were on the scene. He said no hazardous materials were involved in the fire, which was reported under control at 9:40 p.m. Leesport was assisted by Temple, Goodwill, Blandon, Fleetwood, Central Berks and Walnuttown fire companies, along with Schuylkill Valley and Muhlenberg EMS. Source:

 The Mobile Press Register and Birmingham News report that political offices throughout Alabama shut down Monday morning after receiving nine envelopes containing white powder and threatening letters, claiming the powder was anthrax. Tests revealed the substance was not harmful. (See item 18)

18. January 5, Mobile Press Register & Birmingham News – (Alabama) Offices in 5 Alabama cities evacuated after receiving envelopes with white powder. Political offices throughout Alabama — including Foley and Mobile — shut down Monday morning after receiving nine envelopes containing white powder and threatening letters. The letters claimed the powder was anthrax, but tests revealed the substance was not harmful, said the special agent in charge of the Mobile office of the FBI. An FBI agent in Birmingham said it was, in fact, an artificial sweetener. The envelopes were found in five cities: All four targeted politicians are Republicans. The FBI Agent said he did not want to speculate about a possible motive. The FBI Agent said more letters may be coming. An FBI spokeswoman said investigators believe all the handwritten letters came from the same source.The US Postal Inspection Service is offering a $100,000 reward for information that leads to the arrest and conviction of the person or persons responsible for sending the letters. Source:


Banking and Finance Sector

12. January 5, Brazoria County Facts – (Texas) Pipe bomb suspected in LJ bank blast. Investigators suspect a homemade pipe bomb damaged a bank’s drive-through teller window early January 4, but told a bank official the explosion was in line with horseplay. Two residents reported hearing an explosion at around 12:50 a.m., but it was not until almost two hours later that police were able to find its source. That was when a 32-year-old Brazoria woman stopped to use the night deposit slot at First National Bank in the 100 block of West Way and saw a hole in the teller window. No one entered or took money from the bank, a police lieutenant said. “We’re still looking for motivation,” the lieutenant said. The FBI has ruled out the explosion being connected to any terroristic plans, but said it was more in line with horseplay, said the senior vice president of First National Bank of Lake Jackson. Pieces of the explosive found in the window indicate it might have been a homemade pipe bomb, the lieutenant said. “It was a substantial explosion,” he said. However, no alarms were received from the bank, he said. Source:

13. January 4, Reuters – (International) Credit Suisse sued over resorts, $24 billion sought. Credit Suisse Group AG has been sued by property owners in four luxury ski and golf resorts, saying the Swiss bank concocted a loan scheme to defraud them and ultimately take over the properties. The lawsuit filed on January 3 in federal court in Boise, Idaho, seeks $24 billion of damages against Credit Suisse and commercial real estate firm Cushman & Wakefield Inc, and class-action status for more than 3,000 investors who bought land or homes. The alleged losses relate to Yellowstone Club, a Montana ski resort whose members have included a Microsoft Corp Chairman, as well as to Lake Las Vegas resort in southern Nevada, the Tamarack resort in central Idaho and Ginn sur Mer on Grand Bahama Island in the Bahamas. Lake Las Vegas and Tamarack have also been the subject of bankruptcy proceedings, court records show. The four resorts are among many high-end properties that have struggled with falling real estate values and the credit crisis. According to the complaint, Credit Suisse violated federal racketeering laws by concocting a “loan to own” scheme that inflated the value of resorts and burdened the resorts and purchasers of homes there with too much debt. Using appraisal methods provided by Cushman & Wakefield, this scheme allowed Credit Suisse to win “enormous fees” and ultimately foreclose on or take control of the resorts at well below market value, the complaint said. Source:

Information Technology

39. January 5, IDG News Service – (International) Symantec product hits end-of-decade snafu. Symantec is warning that its Endpoint Protection Manager server product is erroneously marking signature updates issued this year as out of date. Symantec’s issue is one of few scattered reports of software problems related to the end of the decade, including one allegedly involving Microsoft’s Windows Mobile OS. The problem affects the Endpoint Protection v11.x and v12.x versions of the company’s small business edition of the product. Antivirus, antispyware, and intrusion protection updates with a date after December 31, 2009, at 11:59 p.m. are considered out of date by the software, the company wrote on its blog. Symantec has worked around the problem by issuing updates with new revision numbers but with the December 31 date while a permanent fix is developed. The company said the problem also affects customers using NAC (Network Access Control) with Host Integrity, which checks to see if the antivirus definitions are up to date for clients connecting to a network. Symantec said the Host Integrity check will fail but there is a work-around, which the company details in its blog post. The end of the decade may also be causing problems for Microsoft’s Windows Mobile OS. Various sources have reported that some users running Windows Mobile 6.1 or 6.5 noticed that text messages sent after the new year are dated 2016. Although a work-around has been posted to WMExperts, other users on that forum reported no problems. Microsoft said on January 4 it was aware of the issue but that “these reports have not yet resulted in widespread customer inquiries.” Source:

40. January 5, SC Magazine – (International) Cross-site scripting vulnerabilities see two political websites hacked. Political websites were hacked January 5, leaving leaders embarrassed. A report on BBC News said that visitors to Spain’s EU presidency website were greeted by an image of comedy character instead of the Spanish Prime Minister. The government said that the site - - had not been attacked and that a hacker had taken a screenshot of the homepage to make a photo montage using a cross-site scripting (XSS) vulnerability. A senior security advisor at Trend Micro, said that the compromise only lasted a few hours until the original content was restored and site administrators were reportedly working on a fix. He said: “In this instance there does not appear to have been any malicious intent, but the dangers of XSS vulnerabilities should not be underestimated. Cross-site scripting vulnerabilities allow attackers to inject code into innocent web pages in which it would not otherwise appear. The security expert also flagged a compromise on the official website of the president of Iran. Source:

41. January 4, The Register – (International) Kingston coughs to security flaw in ‘Secure’ flash drive. Kingston Technology is instructing customers to return certain models of its memory sticks, after the firm discovered a glitch in its DataTraveler Secure flash drives. The company said in a security notice that the models affected were “privacy” editions of the DataTraveler Secure, DataTraveler Elite and DataTraveler Blackbox. Kingston said the security flaw could allow a wrongdoer to hack into the memory sticks. “A skilled person with the proper tools and physical access to the drives may be able to gain unauthorised access to data,” warned the vendor. Kingston added that a number of its USB drives were not affected by the security flaw. Customers whose drives could be exploited by the security loophole should return the product, where Kingston said it would apply a factory update. Kingston had claimed that its Data Traveler Secure drive was the first of its kind to protect “100 percent of data on-the-fly via 256-bit hardware-based AES encrpytion.” Source:

42. January 4, Help Net Security – (International) 25 million new malware strains in one year. The outstanding trend of the last 12 months has been the prolific production of new malware: 25 million new strains were created in just one year, compared to a combined total of 15 million throughout the last 20 years. This is one of the findings of the latest malware report by PandaLabs which reviews the major incidents and events concerning IT security in 2009. This latest surge of activity included countless new examples of banker Trojans (some 66 percent) as well as a host of fake anti-virus programs (rogueware.) The report also draws attention to the resurgence of traditional viruses, previously on the verge of extinction, such as Conficker, Sality, or the veteran Virutas. As regards malware distribution channels, social networks (mainly Facebook, Twitter, YouTube, or Digg), and SEO attacks (directing users to malware-laden websites) have been favored by cyber-criminals, who have been consolidating underground business models to increase revenues. The report also examines how individual countries and regions have been affected throughout the year. Taiwan tops the rankings, followed by Russia, Poland, Turkey, Colombia, Argentina, and Spain. Countries suffering fewest infections include Portugal and Sweden. Source:

Communications Sector

43. January 4, IDG News Services – (National) DOJ recommends FCC quickly free up more spectrum. Supporting wireless broadband providers is key to encouraging broadband competition, the U.S. Department of Justice (DOJ) advised the U.S. Federal Communications Commission (FCC) on January 4. In a filing submitted in response to an FCC request for comments on its national broadband plan, the DOJ said that it is unrealistic to try to promote “textbook markets of perfect competition” since the provision of broadband services is so costly. “Rather, promoting competition is likely to take the form of enabling additional entry and expansion by wireless broadband providers,” among other activities, the DOJ wrote. That means the FCC must work hard to quickly make more spectrum available for wireless broadband services, the agency said. “We urge the Commission to give priority to making more spectrum available to wireless broadband providers so as to maximize their potential to compete against the established wireline ones,” the DOJ wrote. “There is no time to spare.” Once the FCC identifies and frees up new spectrum, it should devise a way to ensure that new, competitive providers win the spectrum, the DOJ said. That has been a thorny issue historically and the DOJ did not seem to have a great solution to the problem. The FCC could run an auction where incumbents’ bids are discounted — not in terms of what they pay but in order to determine who wins. But the FCC would have to be able to figure out by how much to discount the bids, the DOJ said. Source: