Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, February 3, 2010

Complete DHS Daily Report for February 3, 2010

Daily Report

Top Stories

 According to the Orlando Sentinel, the discovery of an electronic device welded to a drum of alcohol prompted Orange County, Florida firefighters to summon the sheriff’s bomb squad Monday afternoon to the Brenntag chemical plant. (See item 8)

8. January 1, Orlando Sentinel – (Florida) Bomb squad finds no threat from device at chemical plant. The discovery of an electronic device welded to a drum of alcohol prompted Orange County firefighters to summon the sheriff’s bomb squad Monday afternoon to a chemical plant, county Fire Rescue said. But after an investigation the authorities “determined it to be non-hazardous,” said a Fire Rescue spokesman. The 55-gallon drum of isopropyl alcohol was found about 4:30 p.m. at Brenntag Chemical on Central Florida Parkway, he said. The property was later turned back over to the chemical plant, he said, but he was not sure what the device was late Monday after the joint operation. Source:,0,7930990.story

 KIRO 7 Seattle reports that workers are repairing continuing damage to the Green River flood wall in Auburn, Washington damaged by vandals. Large gashes were found in the huge sand bags and the plastic covering them that comprise the multimillion-dollar flood wall, which was installed because of the weakened Howard Hanson Dam upstream. (See item 71)

71. February 2, KIRO 7 Seattle – (Washington) Vandals in Auburn slash Green River flood wall. Workers are repairing continuing damage to the Green River flood wall in Auburn damaged by vandals. Large gashes were found in the huge sand bags and the plastic covering them that comprise the flood wall. The damage appears to have been caused by vandals using knives and lighters. Though much of the damage has been patched, the wall continues to be weakened by ongoing tampering. The multimillion-dollar flood wall was installed because of the weakened Howard Hanson Dam upstream. Officials said if the flood wall fails, water would flood nearby neighborhoods and apartments. The sandbags are supposed to last five to seven years and are designed to be biodegradable and disintegrate over time in the sunlight. They have been covered with black plastic to extend their life. Both that plastic and the sandbags underneath are being slashed. “We want people to stay away from it. The danger is to [the vandals] because they could fall off, but also to the neighborhood. Until the dam is fixed, these are what protect the neighborhoods from high-water events,” said a spokeswoman with Auburn Emergency Preparedness. Residents are on the lookout for anyone tampering with the flood wall. The King County prosecutor said anyone caught tampering with the wall could be charged with a felony. Source:


Banking and Finance Sector

13. February 2, Associated Press – (Colorado) Colo. banks urged to report suspicious people. With a nearly 30 percent jump in bank robberies last year when compared with 2008, banks in Colorado are being encouraged to report suspicious people entering their banks as a way to discourage would-be bank robbers. “It could be something as simple as asking people to take off their sunglasses and hats,” said Denver’s district attorney on February 1. “Someone greeting people at the door. And guards. Guards help.” Last year, the FBI’s Denver field office investigated 202 bank robberies in Colorado, up from 150 in 2008. Of those cases, 155 happened in Denver, compared with 113 in 2008. The district attorney, and FBI special agent In charge, the Denver police chief and other uniformed law enforcement officials with agencies throughout the Denver metro area met with bank officials to discuss how to respond to the increase in bank robberies. Ironically, a bank robbery was reported at a bank less than a mile away from where the meeting was happening. Last year, two bank workers were injured, and one person was taken hostage during bank robberies. Two suspected bank robbers, a man and woman, were killed in a shootout with police in Arvada on November 19. Source:

14. February 2, Washington Post – (National) White House proposes increase in FDIC deposit insurance fund. The U.S. President’s administration wants to increase the size of the insurance fund that repays depositors in failed banks, a step that would require all banks to pay larger fees to the Federal Deposit Insurance Corp. The change, which would require legislation, is part of a broader effort by the administration to raise taxes and fees on banks to discourage risk-taking and to create better shock absorbers for future crises. The FDIC fund is designed to gather money in good times and spend it in bad times. But the fund drained quickly as banks failed over the past two years, forcing the FDIC to increase fees and impose special assessments at the very moment that banks could ill afford the additional expense. The insurance fund also ran out of money during the last banking crisis, in the late 1980s and early 1990s. The administration’s budget proposal, released on February 1, suggests that the FDIC needs a larger insurance fund. Source:

15. February 2, Oregon Statesman Journal – (Oregon) Thermos leads to highway closure, evacuations. A suspicious package reported Friday at a bank in Mt. Angel, Oregon, led to the three-hour closure of Highway 214 and the evacuation of a city block. A police chief said the employee found a suspicious-looking sack holding a cylinder-shaped object in the lobby underneath a counter. Bank employees were evacuated to the Mt. Angel Fire Station where they were interviewed by police. The evacuation caused the closure of several Mt. Angel businesses, including a restaurant, deli, bar ,and gas station. The Oregon Department of Transportation closed Highway 214/Main Street in Mt. Angel, and detours were established. The object in the bag turned out to be a food and beverage thermos. Source:

16. February 1, The Register – (International) Security bugs reinfect financial giant’s website. Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant’s website is vulnerable again. The flaw looks almost identical to one The Register reported in August 2009. It allows attackers to inject malicious code that steals user cookies into official Ameriprise webpages. Websites often use such files to authenticate users before giving them access to restricted content or services. The vulnerability was discovered by the same researcher who spent five months trying to get Ameriprise to fix the previous bug. He found that it was possible to inject the malicious code into a section of the Ameriprise site that investors use to find financial advisers. It can be exploited by tricking a user into visiting a booby-trapped web link. An Ameriprise spokesman said he was looking in to the report. Source:

17. February 1, KDAF 33 Dallas – (Texas) FBI searching for two takeover-style bank robbers. The FBI is looking for two men it says may be responsible for several takeover-style bank robberies. The most recent robbery took place on January 28 at a Bank of America in Cedar Hill. The perpetrators assaulted a customer, the FBI said. Authorities believe the team also struck a Resource One credit union in Cedar Hill on January 6 and might have committed two other recent bank robberies. One robber is described as black, and the other is described as black or Hispanic. Both are described as 16 to 25 years old, between 5 feet, 6 inches and 5 feet, 9 inches tall and between 140 and 160 pounds. Both were wearing baggy blue jeans, dark, hooded sweatshirts, masks, and black, padded coats with faux fur trim. Source:,0,2200988.story

18. February 1, Orlando Sentinel – (Florida) Lake investigating scam targeting debit card customers. Fraud investigators in Lake County are looking into reports that debit card users are being targeted by scam artists. Some bank customers reported receiving text messages or recorded messages on their phones informing them that their debit cards were cancelled or somehow compromised, the Lake County Sheriff’s Office said. A message to customers includes part of the cardholder’s account number, lending a bit of legitimacy to the claim, the Sheriff’s Office said. Customers at several banks have been contacted. The messengers leave a contact number, and of one the numbers being left is the main county government number. Source:,0,1395789.story

19. February 1, Examiner – (Texas) Houston banks handing out counterfeit cash, leaving consumers in trouble. A surprising number of Houston people are finding out the hard way that banks are handing out lots of phony cash. It is getting no news coverage, so people have no idea how often Houston banks have been sticking consumers with phony money in the past few months. One individual attempted to use a $100 bill but was told by the store manager that it was fraudulent. She had received the $100 bills from a Bank of America in Atascocita. In all of the cases, Houston victims are immediately returning to the banks to say they were given phony money in their most recent transactions. The banks always deny any responsibility whatsoever and say there is no way for the consumer to prove that the bank gave out worthless cash. As with most consumers, she knew the cash came directly from her bank transaction. This customer, and other consumers who have reported this in recent weeks, suddenly found herself being accused of wrongdoing. The woman, who had just cashed a bonus check, tried to do the right thing, but the bank manager said there is nothing she could do. The bank manager even accused her of lying and trying to scam the bank. The Secret Service website advises consumers on all sorts of warning signs that indicate a phony bill, no matter whether it is a $1 or a $100. Source:

Information Technology

55. February 2, – (International) CA security report highlights insider threat. The latest State of Internet Security report from CA has warned that employees will represent the biggest threat to enterprise security in the coming year. The report said that businesses face an increasingly large and complex array of security issues, the worst of which may be irresponsible or malicious behaviour by workers. Cyber criminals will begin targeting employees in earnest during 2009, getting at them through social networking sites with a view to recruiting them as “moles”. “Rather than write variants of malware, they will hire ‘moles’ to pinpoint weaknesses within businesses, and use employees (or former employees) willing to siphon data for a profit,” the report said, adding that this is easier than rewriting malware code as security systems become more sophisticated. “Businesses are at threat from all angles. Not only are they susceptible to external and internal scams, data losses and theft, they are at risk every time their employees use search engines, email and social networking sites at work,” said the vice president for California Internet Security Business unit. CA highlighted two types of attack that will be the most popular. The first is the “internal threat” related to staff. CA said that, while the misuse and loss of data is a constant threat, it has been heightened by the poor economic conditions. The second is referred to as a “quiet attack” that is not initially obvious. CA explained that hackers were previously driven by gaining kudos for the most successful attacks, but that the trend now is to become “invisible” and to stay under the radar. Source:

56. February 2, CNN – (International) Reports: Phishing attack hits Twitter. Twitter appears to have been hit by a phishing attack that could be used to steal a user’s sensitive log-in information, according to reports on news sites and blogs. Twitter has not commented on this incident; but, in a January blog post, the site co-founder noted that some Web sites may be trying to masquerade as in an attempt to steal users’ password information. He encouraged Twitter fans to change their passwords on, and noted that they should be careful to check the site’s URL to be sure they hadn’t been led to a fake Web site that simply looks like it’s Twitter: If a user is directed to a fake site instead of, the co-founder says not to enter a password. Look at the address bar in the Web browser to tell for sure. The scope of the most recent phishing attack was unclear on February 2. Bloggers, some of whom have posted photos of their correspondence with Twitter about the scheme, report that fake e-mails and direct messages on Twitter are being passed around to point people to phishing sites. Source:

57. February 2, Bloomberg – (International) Iran ‘Cyber Army’ hits radio in latest crackdown. An Iranian-run radio station based in Amsterdam was targeted by hackers, signaling that Iran’s government may be stepping up a cyber-war on protesters who have defied a seven-month crackdown by security forces. The Web site of Farsi-language Radio Zamaneh was hacked last week and its server reset by attackers who left messages identifying themselves as “Iran’s Cyber Army,” said the editor-in-chief of the news station, which receives financial support from the Dutch government. The station’s satellite broadcast was not disrupted, he said. “We managed to reclaim ownership of the domains and the servers” on January 31, the editor-in-chief said in an interview on February 1. “The hackers were in control for about a day and a half. They accessed all the content of our Web site. They cracked and hijacked the whole server, the domain, destroyed everything.” Iranian authorities have already filtered numerous Web sites that are perceived as threatening to the government, and may now be using more aggressive online tactics. The editor-in-chief said the “general belief” is that the Cyber Army is an offshoot of the Iranian Revolutionary Guards, a branch of the armed forces that has played a key role in suppressing protests since the vote. Source:

58. February 1, PC Advisor – (International) Network attacks on Facebook, Twitter tripled in 2009. As more organizations allow employees to use social media like Facebook and Twitter at work, cybercrime attacks on these networks have exploded, according to a report released on February 1 by IT security firm Sophos. Reports of malware and spam rose 70 percent on social networks in the last 12 months, the security survey reveals Sophos’ investigation, titled “Social Security,” finds 57 percent of users report they have been spammed via social networking sites, and 36 percent reveal they have been sent malware via social networking sites. The “Social Security” survey is part of Sophos’ 2010 Security Threat Report, which looks at current and emerging computer security trends. While most of the 500 firms Sophos polled, 72 percent, were worried workers behavior on social networks is putting their business at risk, almost half of them, 49 percent, allow all of their staff unfettered access to Facebook and other social networking sites. Survey respondents were also asked which social network they believed posed the biggest security risk and 60 percent said Facebook. Source:

59. February 1, New York Times – (International) Hacking for fun and profit in China’s underworld. A soft-spoken college graduate in his early 20s is a cyberthief. He operates secretly and illegally, as part of a community of hackers who exploit flaws in computer software to break into Web sites, steal valuable data and sell it for a profit. Internet security experts say China has legions of hackers just like him, and that they are behind an escalating number of global attacks to steal credit card numbers, commit corporate espionage and even wage online warfare on other nations, which in some cases have been traced back to China. Three weeks ago, Google blamed hackers that it connected to China for a series of sophisticated attacks that led to the theft of the company’s valuable source code. Google also said hackers had infiltrated the private Gmail accounts of human rights activists, suggesting the effort might have been more than just mischief. In addition to independent criminals like the college graduate, computer security specialists say there are so-called patriotic hackers who focus their attacks on political targets. Then there are the intelligence-oriented hackers inside the People’s Liberation Army, as well as more shadowy groups that are believed to work with the state government. Indeed, in China — as in parts of Eastern Europe and Russia — computer hacking has become something of a national sport, and a lucrative one. There are hacker conferences, hacker training academies and magazines with names like Hacker X Files and Hacker Defense, which offer tips on how to break into computers or build a Trojan horse, step by step. Source:

Communications Sector

60. February 1, Associated Press – (Kentucky) Deputies: Copper thieves pose as workers repairing phone lines. Two men were arrested in Floyd County after deputies said they were cutting down telephone lines to steal copper. The sheriff says deputies saw two men with bolt cutters on top of a van cutting down lines in the middle of the night. The sheriff said the 44-year-old and 28-year-old suspects were pretending to be workers repairing the lines. The sheriff said the theft endangered residents who might need help after the winter storm. Investigators think the suspects might also be responsible for other cases where telephone lines were cut down. The two suspects face several theft and drug charges. They are being held on a $10,000 bond at the Floyd County Detention Center. Source:

61. February 1, eWeek – (International) Researchers uncover security vulnerabilities in Femtocell technology. Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user’s knowledge. Two security consultants with Trustwave’s SpiderLabs will present their findings at ShmooCon, held February 5 to 7 in Washington. “Our original [area of] curiosity was whether these devices could be utilized to supplement cellular deployment in third-world countries (such as the OpenBTS+Asterisk project) in a much cheaper package ($250 compared to over $1,200 for a USRP hardware device plus server costs),” one of the researchers explained. “After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications.” Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network. Source:

62. January 30, Mat-Su Valley Frontiersman – (Alaska) $100,000 gets man charged in MTA theft out of jail. A 40 year old suspect was one of three men arrested for allegedly stealing copper wire from a secured lot at the Matanuska Telephone Association two weeks ago. Also arrested were an associate of the suspect, and a 44 year old who was a 25-year employee of MTA who had access to the lot. Last week, a Palmer superior court judge kept the suspects bail amount where it was set, but dropped a requirement he find a third party to watch over him before he can be released. The copper allegedly stolen from MTA amounted to $114,500 worth of material — 30,000 feet of wire. It came on huge spools that required a flatbed trailer to move. One of them was allegedly paid $5,000 for the wire, which was recovered in Anchorage before it could be shipped to a scrap yard in the Lower 48. Source: