Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, February 9, 2010

Complete DHS Daily Report for February 9, 2010

Daily Report

Top Stories

 The Wall Street Journal reports that an explosion that rocked the Kleen Energy Systems LLC natural-gas power plant on Sunday in Middletown, Connecticut killed at least five people, injured at least 12, and sent earthquake-like shock waves miles away. (See item 1)

1. February 8, Wall Street Journal – (Connecticut) Connecticut blast kills 5. An explosion that rocked a natural-gas power plant on February 7 in Middletown, Connecticut, sent earthquake-like shock waves miles away. At 11:25 a.m., the explosion ripped through the Kleen Energy Systems LLC natural-gas power plant being built in a sparse industrial area along the bank of the Connecticut River. Four pipefitters who were inside the main generator building were killed immediately, according to the state official. Emergency rescue teams, some with rescue dogs, descended on the scene and were airlifting injured workers by helicopter to nearby hospitals. At least five people were killed, 12 were injured, and an undetermined number of people were missing, authorities said. A state official who said he was briefed by emergency personnel said the toll was unlikely to rise significantly. The official said the gas explosion was caused by a “flame device’’ that a victim’s son had been told was a propane heater. The Federal Bureau of Investigation is not investigating the explosion as a terrorist act, said a supervisory special agent in the FBI’s New Haven, Connecticut office, who said he felt the force of the blast while driving about 20 miles away from the plant site. The Kleen Energy plant was being built to produce energy primarily using natural gas. Middletown’s deputy fire marshal declined to comment on the cause of the explosion, but in a statement he said the mayor “assures the public that there is no public health threat.” The explosion was confined to one building in an area known as the “power block,” he said. The closest residences are a mile away. “We’re taking the building apart piece by piece,” the marshal said, adding that he lived about five miles from the site and felt the explosion’s impact. “We’re waiting to see if there are more fatalities.” He said potential survivors would be “buried in rubble.” Source:

 According to the Los Angeles Daily News and the Associated Press, some 540 residences were evacuated over the weekend in the foothill areas of La Crescenta, Acton, Altadena, and La Cañada Flintridge, California, denuded by last summer’s wildfires. Local officials blasted the U.S. Forest Service for allowing mud to flow from federal land into residential neighborhoods. (See item 52)

52. February 7, Los Angeles Daily News and Associated Press – (California) La Cañada mayor blames Forest Service for slides. Officials are scrambling to avoid a repeat of the weekend’s hillside mudslides that damaged 43 homes in La Cañada Flintridge and La Crescenta and left many scratching their heads over the apparent lack of emergency preparations. Workers hurried Sunday to empty debris basins once filled with mud in anticipation of mid-week rains feared to further endanger homes on hillsides denuded by last summer’s wildfires. Earlier Sunday, evacuation orders were lifted for residents in the mudslide area where at least nine of the mud-damaged homes were uninhabitable — possibly permanently. Some 540 residences had been evacuated in the foothill areas of La Crescenta, Acton, Altadena, and La Cañada Flintridge. Some local officials on Sunday demanded that the Federal Government pay for mud removal, blaming the mudslide damage on the U.S. Forest Service for scaling back firefighting efforts too early after the Station Fire broke out in late August. The mayor of La Cañada Flintridge blasted the U.S. Forest Service for allowing mud to flow from federal land into residential neighborhoods — a complaint similar to one made earlier by the Los Angeles County supervisor. “I call on the federal government to take the responsibility to help our residents pay for cleaning up the mud,” the mayor said at a news conference in her mud-ravaged community. “The federal government must take responsibility for their mud that is coming out of their hills.” In an interview, she said she personally spoke to a U.S. Representative Sunday morning asking the area’s congressman for help in getting the country’s Federal Emergency Management Agency to quickly provide assistance to residents. The cost for clearing homes and yards of mud can cost individual residents tens of thousands of dollars, the mayor said. Source:


Banking and Finance Sector

18. February 8, American Banker – (Minnesota) Minnesota bank fails in 16th failure of ‘10. Regulators in Minnesota closed 1st American State Bank on February 5 in the 16th bank seizure of the year. The $18 million-asset bank, based in Hancock, was the third institution to be closed in the state this year. The Federal Deposit Insurance Corp. said Community Development Bank FSB in Ogema would take over 1st American’s operations. The acquirer agreed to assume all of the $16 million in deposits, and virtually all of 1st American’s assets. The FDIC and Community Development will share losses on almost $12 million of those assets. The FDIC estimated the failure will cost $3 million. Source:

19. February 5, U.S. Government Accountability Office – (National) Troubled Asset Relief Program: Treasury needs to strengthen its decision-making process on the Term Asset-Backed Securities Loan Facility. The Term Asset-Backed Securities Loan Facility (TALF) was created by the Board of Governors of the Federal Reserve System (Federal Reserve) to help meet consumer and small business credit needs by supporting issuance of asset-backed securities (ABS) and commercial mortgage-backed securities (CMBS). This report assesses the risks TALF-eligible assets pose to the Troubled Asset Relief Program (TARP), the Department of the Treasury’s (Treasury) role in decision making for TALF, and the condition of securitization markets before and after TALF. TALF contains a number of risk management features that in turn likely reduce the risk of loss to TARP funds, but risks remain. TALF was designed to reopen the securitization markets in an effort to improve access to credit for consumers and businesses. To improve transparency of decision making on the use of TARP funds for TALF and to ensure adequate monitoring of risks related to TALF collateral, given the distressed conditions in the commercial real estate market, as part of its ongoing monitoring of TALF collateral, the Secretary of the Treasury should direct the Office of Financial Stability (OFS) to continue to give greater attention to reviewing risks posed by CMBSs. To improve transparency of decision making on the use of TARP funds for TALF and to ensure adequate monitoring of risks related to TALF collateral, the Secretary of the Treasury should direct the OFS to strengthen the process for making major program decisions for TALF and document how it arrives at final decisions with the Federal Reserve and FRBNY. To improve transparency of decision making on the use of TARP funds for TALF and to ensure adequate monitoring of risks related to TALF collateral, the Secretary of the Treasury should direct the OFS to conduct a review of what data to track and metrics to disclose to the public in the event that TALF LLC purchases surrendered assets from FRBNY. Source:

20. February 5, Houston Chronicle – (Texas) FBI: ‘Billy goat bandit’ strikes 12th bank. A man suspected of robbing 11 Houston-area banks made it an even dozen on February 5 when he struck a bank inside a grocery in Katy, authorities said. While he had been dubbed the “billy goat bandit” because of his prominent facial hair, the robber was clean-shaven when he hit a First Convenience Bank branch shortly after noon inside the Kroger, FBI officials said. The robber demanded cash from two tellers. Both gave him an undisclosed amount, FBI officials said. He was last seen leaving in a late 1990s maroon Ford Taurus driven by someone else. Source:

21. February 5, Los Angeles Times – (California) FBI seeks ‘sports bike bandit’ in heists at seven banks. The FBI has released photos of the helmeted “sports bike bandit” believed responsible for robbing seven banks, mostly in southern L.A. County, and making his getaway on a red motorcycle. The latest in the string of robberies that started in 2008 occurred January 26 at the Cal National Bank on Pacific Coast Highway in Long Beach, said a FBI spokeswoman. The robber has hit five other banks in Long Beach, Los Alamitos and Rancho Palos Verdes and made an attempt at a bank in Pasadena. “This is an unusual series because in most cases the majority of bank robbers are feeding a drug or gambling habit and will continue to rob banks until they’re caught ... and they generally do get caught,” the spokeswoman said. “This person started robbing in late 2008 and continued throughout early 2009, stopped in February, and we had not seen him in 10 months.” He appeared again in December at a Citibank in Long Beach. He has brandished a semiautomatic handgun or a revolver during holdups, telling victims to put their hands on the counter or to lie on the floor, the spokeswoman said. She said he cursed at victims and was violent. During one of his earlier robberies, he took an employee hostage when a teller took too long to comply with his demand for money. FBI agents believe a single man is responsible for all the crimes and said his distinctive gear may help identify him. Source:

Information Technology

43. February 8, The Register – (International) Leaky anti-virus defenses letting malware through. Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service. Nearly a third (25,000 out of 78,800) of computers with up-to-date anti-virus software were discovered to be infected with malicious code when users scanned their PC using SurfRight’s HitmanPro 3 behavioral scan. SurfRight’s analysis is based on 107,435 users who put their PC through its scanner between October 10 and December 4 2009. Around a quarter of these users (28,608) either had no scanner installed or were running security software that was out of date. Surfers are much more likely to turn to SurfRight’s software if they suspected their Windows PC was running slowly or might be infected with malware, so the figures from SurfRight’s audit are bound to come out worse than those from the general web population. Still, the exercise does illustrate the problem that running the latest version of antivirus software is no guarantee against malware infection, contrary to what the marketing department of many security software firms have historically said. Source:

44. February 8, DarkReading – (International) Hacker unleashes BlackBerry spyware source code. A researcher at the ShmooCon hacker conference on February 7 demonstrated how BlackBerry applications can be used to expose sensitive information without the use of exploits. The senior researcher for Veracode’s Research Lab also released proof-of-concept source code for a spyware app he created and demonstrated at the hacker confab in Washington, DC, that forces the victim’s BlackBerry to hand over its contacts and messages and can grab text messages, listen in on the victim, as well as track his physical location via the phone’s GPS. The spyware sits on the victim’s smartphone, and an attacker can remotely use the app to dump the users’ contact list, email inbox, and SMS message. It even keeps the attacker updated on new contacts the victim adds to his contact list. “This is a proof-of-concept to demonstrate how mobile spyware and applications for malicious behavior are trivial to write just by using the APIs of the mobile OS itself,” the researcher says. Smartphones are expected to become the next big target as users they get more functionality and applications, yet remain notoriously unprotected, with only 23 percent of smartphone users deploying security on these devices. And smartphone vendors for the most part have been lax in how they vet applications written for their products, security experts say. Source:

45. February 7, Associated Press – (International) Chinese police close hacker training. Police in central China have shut down a hacker training operation that openly recruited thousands of members online and provided them with cyberattack lessons and malicious software, state media said on February 8. The crackdown comes amid growing concern that China is a center for a global explosion of Internet crimes. Search giant Google said last month its e-mail accounts were hacked from China in an assault that also hit at least 20 other companies. Police in Hubei province arrested three people suspected of running the hacker site known as the Black Hawk Safety Net that disseminated Web site hacking techniques and Trojan software, the China Daily newspaper said. Trojans, which can allow outside access to a computer when implanted, are used by hackers to illegally control computers. Black Hawk Safety Net recruited more than 12,000 paying subscribers and collected more than 7 million yuan ($1 million) in membership fees, while another 170,000 people had signed up for free membership, the paper said. The report said police seized nine servers, five computers and a car, and shut down all Web sites involved in the case. Authorities also froze 1.7 million yuan ($250,000) in assets. The Hubei government refused to comment while officials at the provincial public security bureau were not immediately available. Source:,8599,1960755,00.html

46. February 6, Network World – (International) How Wi-Fi attackers poison browsers. Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to “poison” users’ browser caches in order to present fake Web pages or even steal data at a later time. That’s according to a security researcher, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. He said it is simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example. “Once you’ve left Starbucks, you’re owned. I own your cache-control header,” he said. “You’re still loading the cache JavaScript when you go back to work.” Open networks have no client protection,” said the researcher, who also uses the handle Dragorn. “Nothing stops us from spoofing the [wireless access point] and talking directly to the client,” the user’s Wi-Fi-enabled device. Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache. “Once the cache is poisoned, it’s going to stay there,” the researcher said. This means that an attacker can intercede to “poison the URL” of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a “shim” that could “ship your internal pages off to a remote server once you’re in a VPN.” Source:

Communications Sector

47. February 8, IDG News Service – (International) In Haiti, relief workers rush to set up communications links. Carriers and aid workers are scrambling to rebuild communications in Haiti following the catastrophic January 12 earthquake there. Haiti’s wired telecommunications system was devastated, and it is still nearly impossible for most people to make a land-line call, said a spokesman for CARE, a U.S.-based aid organization. “When you drive around and look at what the wires and poles look like, it’s just beyond imagination,” The spokesman said. He predicted that the country may abandon its wired network and go strictly wireless as it rebuilds. In the first few days after the quake, the only way CARE employees could reliably communicate with headquarters in Atlanta was via SMS texting, he said. But the situation is gradually improving as some cell phone service and BlackBerry e-mail service is restored. Plus, aid groups have rushed to install broadband satellite links. Source: