Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, February 24, 2010

Complete DHS Daily Report for February 24, 2010

Daily Report

Top Stories

 WAFB 9 Baton Rouge reports that a tanker carrying more than 8,000 gallons of gasoline caught fire Monday near a school in Plaquemine, Louisiana, forcing the evacuation of 400 students. (See item 2)

2. February 23, WAFB 9 Baton Rouge – (Louisiana) 18-wheeler catches fire near school. Detectives are trying to figure out exactly what caused an 18-wheeler to catch fire on LA 1 in Plaquemine. The blaze caused traffic jams and a nearby school was forced to evacuate the afternoon of February 22. More than 400 students from the Math Science and Arts Academy were forced off campus around 2:30 p.m. Crews arrived on the scene to find the driver of the tanker standing yards away from the fire, watching as the cab of his truck went up in flames. “He said he could smell something burning in the truck so he got out,” said a major with the Iberville Parish Sheriff’s Office. “He could see the fire and it was in the compartment where his fire extinguisher was so he couldn’t get to his fire extinguisher.” Students at the Math Science and Arts Academy, which is located right across the street from where the fire started, said they are grateful the flames failed to pierce the tanker. It was filled with more than 8,000 gallons of gasoline. The students had to move as far away as possible from the burning 18-wheeler. With more than 400 lives in his hands, the school principal admitted it was a scary situation. According to sheriff’s officials, the driver claimed the truck caught fire after some type of malfunction. LA 1 and LA 992-3 were both blocked off for hours as deputies, police, firefighters and hazardous materials crews hustled to get a handle on things. There were no reported injuries. Source:

 USA Today reports that about 300 out of 1,800 passengers on the Celebrity Mercury cruise ship sailing in the Caribbean are suffering from a norovirus-like illness. A spokeswoman said the ship’s medical facilities have been overwhelmed. (See item 31)

31. February 23, USA Today – (National) Celebrity Cruises ship in Caribbean hit by major outbreak of stomach illness. A Celebrity Cruises ship sailing in the Caribbean is experiencing an unusually large breakout of a norovirus-like illness, with more than 15 percent of passengers having fallen ill. A spokeswoman tells USA TODAY about 300 out of 1,800 passengers on the Celebrity Mercury are suffering from stomach upset, vomiting and diarrhea. The ship set sail out of Charleston on February 15 on an 11-night voyage to the Caribbean that is scheduled to end in the city on Friday. The spokeswoman told the Associated Press the ship’s medical facilities have been overwhelmed, and the vessel brought on an extra doctor and nurse during its latest port call. Source:


Banking and Finance Sector

12. February 23, Intelligencer – (Pennsylvania) Man admits robbery, bomb threat. A Warminster man who used bomb threats to rob a bank and terrorize supermarket shoppers, pleaded guilty Monday in Bucks County court in Doylestown. Age 52, the man will be sentenced in about 60 days, following a mental health evaluation. He pleaded guilty to robbery and related charges. The bank robbery occurred November 18 at the Citizen’s Bank branch on East Street Road in Warminster. Witnesses said he walked into the bank carrying two duffel bags. He told a teller there was a bomb in one of the bags, and ordered her to turn over all the cash in her drawer. The teller gave him an undetermined amount of cash and inserted a dye pack into the bag of loot. A police officer saw him running through a parking lot a short time later, carrying a bag that appeared to be smoking. He was arrested, while members of the Philadelphia bomb squad checked out the duffel bag he had left in the bank. No bomb was found. A day before the bank robbery, managers at the Giant Food Store in Warminster learned that a caller had said that there were two bombs planted in the store. The building was evacuated for more than an hour while the store was searched. No explosives were detected, but the store lost approximately $20,000 in revenue, prosecutors said. The man later admitted to police that he called in the bomb threat. He said his plan was for all the people in the store to rush out, giving him an opportunity to steal money from the cash registers. He will remain in the county prison until he is sentenced, and could face more than five years behind bars. Source:

13. February 22, WKYW 1060 Philadelphia – (Pennsylvania) Area law enforcement on alert after 2 bank robberies in 3 days by same man. Area authorities believe the same man is behind two bank robberies in three days — one in Bucks County and one in Philadelphia. The FBI says a Wachovia branch on the 200 block of East Street Road in Feasterville was held up on Monday morning. Surveillance photos from the crime scene show the same man caught on camera during the robbery last Saturday of another Wachovia branch, in the 6400 block of Frankford Avenue in Philadelphia. Officials say that in both holdups the man passed a threatening note to the bank teller and fled on foot after he was given cash. Source:

14. February 22, DarkReading – (International) Criminals hide payment-card skimmers inside gas station pumps. Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah. Card skimming has been on the rise during the past year, with most attackers rigging or replacing merchant card readers with their own sniffer devices or ATM machines. The devices typically include a scanner, transmitter, camera, and, most recently, Bluetooth- or wireless-enabled links that shoot the stolen data back to the bad guys. The CTO for BT Counterpane and author of the Schneier on Security blog, says attackers in Europe are also moving skimming devices inside gas pumps as a way to avoid detection. He says the perpetrators could be insiders, but it’s unclear. “The moral is that they are getting better and better at this,” he said. Organized criminal gangs might be behind some of these attacks, he adds “Obviously, they are well-funded,” he said. Source:

15. February 22, Tampa Tribune – (Florida) 1 arrested, 3 sought in ATM ‘skimmer’ scheme. Four Bulgarian men put “skimmers” on ATM machines at SunTrust banks in Hillsborough and Pinellas counties last summer and obtained identifying information on hundreds of bank accounts, according to a federal complaint. The information was used to withdraw nearly $200,000 from the compromised accounts. Federal authorities have arrested one of the suspects and are searching for the other three. All four men were arrested by Pinellas County sheriff’s deputies in December but were later released when state charges were dropped. The scheme was discovered September 20 when a bank customer using an ATM at the SunTrust at 3705 East Bay Drive in Largo found the skimmer, a device used to covertly capture account data contained on bank card magnetic strips. The device is placed over the ATM slot, mimicking the appearance of the real ATM card reader. The skimmer compromised 192 accounts, resulting in a loss of $24,608, the complaint states. SunTrust later informed authorities that an ATM at 701 Martin Luther King Blvd. in Seffner had also been compromised with a skimmer on August 28. There, 104 accounts were skimmed, with a loss of $90,810. Source:

Information Technology

44. February 23, The Register – (International) iPad and smartphone rootkits demo’d by boffins. Computing boffins say they have demonstrated rootkits which can be used to turn your smartphone or “upcoming tablet computer” into a remotely-activated bugging or tracking system. “Smart phones are essentially becoming regular computers,” said a computing professor at Rutgers University in New Jersey. “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malware.” He and his colleagues developed various rootkits for demonstration purposes, choosing that class of malware because - they say - virtual machine monitors necessary to detect rootkits can’t yet be run on portable devices. The researchers demonstrated means whereby a badhat could send an invisible text message to an undetectably-rootkitted phone, causing it to place a call out - for instance during a meeting - and so allow the malware operator to listen in to conversations around it. Likewise it was possible to query the phone’s GPS so as to locate or track its owner. It was also possible to remotely switch on multiple power-hog capabilities of the phone - for instance WiFi, GPS and Bluetooth all at once - and so drain its battery without the owner noticing. Source:

45. February 22, Agence France-Presse – (National) FTC warns firms, organizations of widespread data breach. The US Federal Trade Commission (FTC) said Monday it has notified nearly 100 companies and organizations of data breaches involving personal information about customers or employees. The FTC declined to identify the companies or organizations involved, but said they were both “private and public entities, including schools and local governments.” The companies and organizations ranged in size from “businesses with as few as eight employees to publicly held corporations employing tens of thousands,” the FTC said in a statement. It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks. The information was accessible to “any users of those networks, who could use it to commit identity theft or fraud,” the FTC said. Source:

46. February 22, Minneapolis and St. Paul News – (Minnesota) Star Tribune infecting web readers with a computer virus. Reports of the the website of the Minneapolis Star Tribune infecting users with a computer virus surfaced Monday morning. An e-mail circulating among government employees stated: We have received a number of tickets this morning reporting a screen that pops up reporting that the PC has a virus and wants the user to purchase software to repair the problem. The PCs have been infected by malware and the screen is a fake. Users have reported going to the Star Tribune website and picking it up. The Star Trib has been working on repairing their site. We have also had the malware picked up from other media websites - reportedly any owned by Gannet. Please refrain from visiting these media websites until they have fixed them. The Star Tribune acknowledged the problem in a note posted on its website at 2:11 p.m. Source:

47. February 22, Computerworld – (International) Attackers going after end-users rather than servers. Rather than targeting Web and email servers, attackers these days are prone to going after enterprises from the inside out, compromising end-user systems and then using them to access confidential data, according to a Web traffic analysis report by security-as-a-service provider Zscaler. Based on a recent study of traffic passing through its global network, Zscaler’s “State of the Web — Q4 2009” report also notes trends, including issues with botnets, corporate Internet access policies, and the use of the Internet Explorer 6 browser. Officially released on Tuesday, the study analyzes Web traffic volumes covering several thousand Web transactions per second and hundreds of billions of Web transactions. Zscaler found attackers were prone to embedding JavaScript or malicious iframes to pull content from an attacker’s server, whereupon the content is rendered in a user’s browser, said the senior security researcher at Zscaler, in an interview on Monday. Source:

Communications Sector

48. February 23, News-In-Tech – (International) Network malfunction sends millions of blogs offline. has reported that a malfunction in one of their core router’s was the reason behind a network shortage which left millions of blogs offline for up to two hours. Estimating that approximately 5.5 million page hits would have been lost due to the outage, a spokesperson for the company explained that the glitch at one of its central data providers “broke the site.” One of the most popular and widely used blog platforms, is used by companies and individuals alike as a tool to reach the internet masses. Expressing that it was the “worst downtime in four years,” the founder of the firm added “I know this sucked for you guys as much as it did for us — the entire team was on pins and needles trying to get your blogs back as soon as possible. I hope it will be much longer than four years before we face a problem like this again.” He added that personal information safe, denying that the company had been subject to a cyber attack and adding “All of your data was safe and secure, we just couldn’t serve it.” Whilst there could have been an adverse reaction to the hit, most individuals seemed unusually forgiving of the outage, expressing on the site that they welcomed the founder’s transparency at the time of the problem. However, expressed that though users were forgiving this time, “people won’t be so friendly if it happens again.” Source:

49. February 22, KITV 4 Honolulu – (Hawaii) AT&T phone service restored. A number of Hawaii customers on February 22 reported problems with cellular and land line phone service. Some of the service providers include AT&T and T-Mobile. AT&T said a damaged fiber could be causing issues with “wireline and wireless voice service.” The company said its technicians repaired the damage and restore service by early evening. Hawaiian Telecom on the afternoon of February 22 said some customers may be having issues making long distance calls. Source: