Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, March 31, 2010

Complete DHS Daily Report for March 31, 2010

Daily Report

Top Stories


 The Associated Press reports that an anhydrous ammonia leak possibly caused by methamphetamine makers led authorities to evacuate at least three Taylorsville, Indiana neighborhoods early Tuesday, delay schools, and close a major highway. (See item 6)

6. March 30, Associated Press – (Indiana) Ammonia leak causes evacuation. An anhydrous ammonia leak possibly caused by methamphetamine makers led authorities to evacuate at least three Taylorsville neighborhoods in the middle of the night, delay schools and close a major highway. One motorist who drove through the ammonia cloud early on March 29 sought medical attention, and medics were dispatched to some locations, said a lieutenant of the Bartholomew County Sheriff’s Department. The pre-dawn darkness and fog in the area made it difficult to determine whether the cloud was dissipating as it drifted southward toward Columbus, he said. Some schools delayed opening for two hours as a precaution. A passer-by reported a suspicious vehicle and a noticeable cloud and odor about 2:30 a.m. at a business south of Taylorsville, he said. A deputy in the area immediately arrested one woman, and investigators were searching for two other people possibly involved in making methamphetamine, he said. Authorities went door to door to immediately evacuate one neighborhood of about 75 homes and asked residents of at least two other subdivisions to evacuate. Some chose to remain in their homes but took precautions to reduce their exposure to the ammonia. About 60 evacuees went to the Edinburgh Separate Baptist Church, located north of the ammonia leak, a deacon at the church told the Columbus Republic. Source:

 CNN reports that a major rainstorm hit the Northeast Tuesday, threatening more flooding in the saturated region and prompting state authorities to close some roads and ready sandbags, trying to prevent rivers, lakes, reservoirs and dams from overflowing. According to the Associated Press, the Rhode Island Emergency Management Agency said officials feared Interstate 95 could end up under water in some sections. (See items 26 and 65)

26. March 30, Associated Press – (Northeast) Rhode Island expecting worst flooding in over century. The second major rainstorm of the month pounded the Northeast on Tuesday, pushing rivers over their banks, closing roads and schools, prompting evacuations, and shattering at least one rainfall record. The Rhode Island governor asked residents Tuesday afternoon to get home by dinnertime to avoid traveling in what officials expect to be the worst flooding to hit the state in more than 100 years. Standing water pooled on or rushed across roads in the region, making driving treacherous and forcing closures. A spokesman for the Rhode Island Emergency Management Agency said officials feared Interstate 95, a major East Coast thoroughfare, could end up under water in some sections. In Maine, a dam in Porter let loose Tuesday morning, sending a torrent of water down country roads. One road ended up covered with 2 feet of water, but no evacuations or injuries were reported. On Long Island, rain coupled with tides inundated a 20-mile stretch of oceanfront road in Southampton. Weather-related delays averaged three hours at Newark Liberty International Airport, and two hours at New York’s La Guardia Airport, according to the Port Authority of New York and New Jersey. In New York City, a mudslide caused some interruptions on a commuter rail line in the Bronx. Source:

65. March 30, CNN – (Northeast) Northeast braces for new round of floods. A major rainstorm walloped the Northeast Tuesday, threatening more flooding in the saturated region and prompting state authorities to close some roads, ready sandbags, and prepare residents. For the past three days, 700 members of the Massachusetts National Guard have been filling sandbags around the clock, trying to prevent rivers, lakes, and reservoirs from overflowing, said the public information officer from the Massachusetts Emergency Management Agency. “We’re trying to get the pumps going and distribute the tens of thousands of sandbags we filled,” the officer said. “We haven’t fully recovered from the storm two weeks ago, and now this. It’s a challenge.” Clinton, in east-central Massachusetts, is hit particularly hard when there is severe rain, said the town administrator. The town is situated beside the Wachusett Reservoir, which serves as one of Boston’s major water suppliers. “The reservoir is overflowing,” he said. “And there’s just nowhere to put the water.” The state’s senior U.S. senator visited a nearby neighborhood on Sunday because a number of homes near the reservoir suffered major damages from previous storms. In Connecticut, the weather service placed the entire state under a flood watch through Tuesday, and an evacuation was under way in one part of Stonington. A Stonington First Selectman said water was close to overtopping a dam in Pawcatuck, one of the villages in Stonington, in southeastern Connecticut. City officials have opened a shelter, blocked off a number of roads and were also monitoring two dams, he said. Connecticut already has a stockpile of 180,000 sandbags, but the governor has directed the state Department of Emergency Management and Homeland Security to secure an additional 300,000 sandbags. Source:

Banking and Finance Sector

17. March 30, IDG News Service – (National) JC Penney tried to block publication of data breach. Retailer JC Penney fought to keep its name secret during court proceedings related to the largest breach of credit card data on record, according to documents unsealed on March 29. JC Penney was among the retailers targeted by a ring of hackers, which managed to steal more than 130 million credit card numbers from payment processor Heartland Payment Systems and others. The mastermind was sentenced to 20 years in prison on Friday in U.S. District Court for the District of Massachusetts. In December, JC Penney — referred to as “Company A” in court documents — argued in a filing that the attacks occurred more than two years ago, and that disclosure would cause “confusion and alarm.” However, it was already suspected JC Penney was one of the retailers after the Web site StorefrontBacktalk was the first outlet to accurately report in August 2009 that JC Penney was among the retailers targeted by the mastermind’s group. Source:

18. March 30, Bank Info Security – (Virginia) VA bank merger creates security breach. A bad file that went awry during a bank merger caused a security breach at a community bank in Virginia. Some Union First Market Bank customers found that their bank account information was accessible to other customers after two banks, Union Bank and Trust Company and First Market Bank, merged on March 22 to become Union First Market Bank. The newly-merged bank is part of Union First Market Bankshares Corp., ($2.94 billion in assets) based in Richmond, Virginia. Bank officials say that when online bill-pay accounts were transferred from First Market Bank to Union First Market Bank over the weekend of the merger, a bad file containing information of around 1000 customers was sent. That data then was accessible to some other customers. The bank worked last week to fix the problem, and representatives say the institution will offer credit checks and identity theft protection to customers impacted by the glitch. According to the bank, its online banking portal — which was taken offline when the breach was discovered — is now restored and available to use for all “but a limited number” of customers still affected by the bad file. Source:

19. March 29, U.S. Department of Justice – (New Jersey) Pamrapo Savings Bank of New Jersey pleads guilty to conspiracy to commit Bank Secrecy Act violations and forfeits $5 million. Pamrapo Savings Bank S.L.A., a wholly-owned subsidiary of Pamrapo Bancorp Inc., based in Bayonne, New Jersey, pleaded guilty in U.S. District Court for the District of New Jersey to conspiracy to violate the Bank Secrecy Act and has agreed to forfeit $5 million to the United States. According to the criminal information filed on March 29 in U.S. District Court in Trenton, New Jersey, Pamrapo Savings Bank conspired with others to conceal its customers’ illegal or suspicious activities by failing to file currency transaction reports (CTRs) and suspicious activity reports (SARs) and by willfully failing to maintain adequate anti-money laundering programs. Pamrapo Savings Bank admitted that it willfully violated the Bank Secrecy Act to avoid the expenses associated with compliance, despite federal and state banking regulators telling Pamrapo Savings Bank as early as 2004 that its Bank Secrecy Act and anti-money laundering programs contained serious and systemic deficiencies in critical areas required under the law. Specifically, Pamrapo Savings Bank admitted during its guilty plea that it unlawfully failed to file CTRs and SARs related to approximately $35 million in illegal and suspicious financial transactions, including more than $5 million in structured currency transactions. The bank acknowledged that its willful failure to maintain adequate Bank Secrecy Act and anti-money laundering programs resulted in numerous and repeated violations of the law. Source:

20. March 29, KTVB 7 Boise – (Idaho; Oregon) Phishing scam hits the Treasure Valley. A new phishing scam is hitting the Treasure Valley and now the Better Business Bureau is warning people before they fall victim. The scam comes in the form of a text message saying, “BOTC Alert: Your card starting with 4266 has been deactivated. Please contact us at (208) 473-2643 to reactivate your card.” “Technology makes it so easy for the scam artist to set up what looks like a local number,” said the president of Idaho Better Business Bureau, serving Southeast Idaho and Eastern Oregon. “It’s important for folks to realize the Bank of the Cascades, or any bank, is not going to send a text message saying ‘your account has been closed or deactivated and that you need to call in to reactivate it’.” Delete the message if received. A similar scam happened in January 2009 when a bogus text message was sent around the area that read, “unusual activity has happened on your Bank of the Cascades account.” Source:

21. March 29, Reuters – (International) Four charged in $60 million Ponzi scheme in Canada. Canadian police laid fraud and money laundering charges on Monday against four people accused of bilking 1,000 investors across North America in a $60 million Ponzi scheme. The Royal Canadian Mounted Police charged three men and a woman in connection with the business of a company called HMS Financial Inc, which allegedly promised investors returns of 8 percent to 12 percent between 2001 and 2004. The four are from Alberta, where RCMP commercial crime investigators arrested two men last year in connection with a separate scheme that allegedly fleeced investors out of as much as C$400 million ($392 million). The four suspects were charged with laundering the proceeds of crime. Source:

22. March 29, Reuters – (Ohio) West Point grad charged in $30 mln US Ponzi scheme. A West Point graduate who claimed his knowledge of physics allowed him to predict “with an uncanny degree of certainty” trends in the futures market was accused on Monday in Ohio of perpetrating a $30 million Ponzi scheme. Federal prosecutors charged the 47 year old suspect with one count of wire fraud for allegedly scamming 26 investors out of $29.7 million through the sale and purchase of futures contracts. The suspect is accused of promising investors returns of 8 to 12 percent by using a “Money Market Plus” methodology and by combining his knowledge of physics with a unique “momentum filter,” prosecutors said. The complaint also charged that the suspect did not put promised “stop” orders in place to prevent excessive losses and that he diverted millions of dollars in investor money to fund Rico Latte coffee shops in Ohio, to purchase real estate and to make payments to some investors. Source:

23. March 29, WESH 2 Orlando – (Florida) Skimmer found on Daytona Beach ATM. It may not have looked different to bank customers, but an automated teller machine at a Daytona Beach bank was rigged to steal debit card information from customers. A Bank of America employee realized criminals were at work. The employee works at a branch in Flagler County but contacted authorities on Sunday when the device was found attached to the ATM. For nearly seven hours, authorities said any customer using the walk-up ATM at 1550 S. Clyde Morris Blvd. may have been vulnerable to the skimming device. Police said they have surveillance images of a crook attaching the device to the ATM. Another man put an out-of-order sign on the drive-through ATM, so customers would use the other one. Source:

Information Technology

50. March 29, Computerworld – (International) Apple delivers record monster security update. Apple today patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008. The update dwarfed any released last year, when Apple’s largest patched 67 vulnerabilities. The March 29 security roll-up fixed flaws in 42 different applications or operating system components in Mac OS X, from AppKit and Application Firewall to unzip and X11, the Mac’s version of the X Window System. Eighteen of the vulnerabilities were specific to the older Leopard operating system, while 29 were specific to Snow Leopard. The remaining 45 affected both, which are the only editions that Apple currently supports. Users running Leopard will patch 63 vulnerabilities, while Snow Leopard users face a total of 74 flaws. Source:

51. March 29, Help Net Security – (International) Office photocopiers brimming with corporate secrets. Most people fail to realize that modern, multi-purpose photocopiers contain hard drives that - if not erased when decommissioned - could prove to be a treasure trove of confidential information for a person who knows how to extract it. Hard copies of important documents are shred and computer disks are securely wiped, but it is rare when the same is done with the drive of the copy machine, because most people don’t think of it as of a computer - which it in fact is. “The whole system is controlled by a computer, it has a hard disk. It scans images and they are stored on the disc,” says a computer science professor with the University of Toronto. That also means that a hacker that knows the password can hack into the photocopier and collect all the data stored on the drive by simply connecting a laptop to the machine and downloading it. Copy machines that are part of an insecure network can be accessed online even by people who don’t know how to hack. But machines that are leased to companies and that are taken back after a few years can do some serious damage to their former “owners.” Source:

52. March 29, eWeek – (International) Microsoft to release IE security patch. Microsoft is planning to patch a zero-day bug in Internet Explorer in March 30 with an out-of-band emergency fix. The patch plugs a security hole Microsoft first warned about March 9 after attackers began targeting the vulnerability in IE 6 and 7. IE 8 is unaffected. The driving force behind the release is the zero-day, which is caused by an invalid pointer reference. Under certain conditions, the invalid pointer can be accessed after an object is deleted, and in attempting to access a freed object IE can open itself to remote code execution, Microsoft reported. According to the company’s advisory, attackers can exploit the situation by tricking a user into clicking on a malicious or compromised Web page. There are however some workarounds to mitigate the vulnerability, including changing Internet security zone settings to High. In addition, users can modify the access control list on iepeers.dll. Source:

53. March 29, DarkReading – (International) Windows 7 less vulnerable without admin rights. Taking away the administrative rights from Microsoft Windows 7 users will lessen the risk posed by 90 percent of the critical Windows 7 vulnerabilities reported to date and 100 percent of the Microsoft Office vulnerabilities reported last year. It will also mitigate the risk of 94 percent of vulnerabilities reported in all versions of Internet Explorer in 2009 and 100 percent of the vulnerabilities reported in Internet Explorer 8 during the same time period. Finally, it will reduce the danger posed by 64 percent of all Microsoft vulnerabilities reported last year. These findings come from a study conducted by BeyondTrust, which perhaps unsurprisingly sells software that restricts administrative privileges. The company argues that companies need its software to protect themselves, particularly during the time between Microsoft’s publication of vulnerability information and the application of Microsoft’s fixes. Source:

54. March 29, PRESCIENT-Project – (International) European Commission launches new privacy project. Emerging technologies offer significant benefits but also risks to our privacy. How to deal with these risks is the subject of a new three-year project funded by the European Commission. Called PRESCIENT, the project will be considering the privacy implications of emerging technologies such as new identification and surveillance technologies, biometrics, on-the-spot DNA sequencing and technologies for human enhancement. The project will identify and analyze ethical issues posed by new technologies and discuss them with interested stakeholders and, in due course, provide scientifically based recommendations to policy makers on how to address privacy issues of emerging technologies. The PRESCIENT project is being undertaken by a consortium of four partners. In addition to Fraunhofer ISI in Germany, the other partners are Trilateral Research & Consulting (UK), the Centre for Science, Society and Citizenship (Italy) and the research centre Law, Science, Technology & Society at the Vrije Universiteit Brussel (Belgium). Source:

55. March 29, eSecurity Planet – (International) Facebook mulls privacy implications for location-based data. As it looks ahead to a new crop of products and features, Facebook has revised its privacy policy and governing document once again, and is now inviting its users to review and comment on the changes. Facebook’s deputy general counsel said the revisions clear the path for new features to the site, many of which are still in the concept or development stages, but will include more location-based data. Instead of simply including a piece of geographical information with a post, as the original privacy policy had envisioned, the deputy general counsel said the location-aware rules are being broadened to apply to include interactions with other Facebook pages, such as those of a local restaurant or business. He said that more details and explicit privacy controls for the location-based features and other updates will be announced as the products roll out. Many of the updates seek to expand or clarify language in the previous version of the privacy policy without altering its substance. Other changes contain stipulations revising the way data is shared and collected through activities on the third-party applications and Web sites tied to the Facebook Platform. For instance, the rules now assert Facebook’s right to automatically share general information, such as a user’s name and profile picture, to “pre-approved” third-party Web sites, but offer users mechanisms to opt out or block certain sites. Source:

56. March 26, DarkReading – (International) SaaS apps may leak data even when encrypted, study says. Applications delivered via the software-as-a-service (SaaS) model could be leaking data, according to a research paper published recently. The paper, which was prepared by researchers at Microsoft Research and Indiana University, offers a detailed look at the behavior of SaaS-delivered applications and how their use of networks can cause “side-channel” leaks that might enable attackers to glean even the most sensitive data — even when the SaaS offerings are encrypted. “Specifically, we found that surprisingly detailed sensitive information is being leaked out from a number of high-profile, top-of-the-line Web applications in healthcare, taxation, investment, and Web search,” the paper says. The leaks don’t happen in every SaaS application, the researchers say, and some are worse than others. But the network-oriented behavior of SaaS applications means that the side-channel flaw could be present even in environments that use strong encryption. Source:

57. March 26, The H Security – (International) US-CERT: Broadcom NetXtreme network cards vulnerable. The US-CERT warns of a security hole in the firmware of certain Broadcom NetXtreme network cards. According to the relevant advisory, a buffer overflow can be triggered during the processing of Alert Standard Format (ASF) messages, which are exchanged when systems are managed remotely. The flaw allows attackers to take full control of the network interface and, for instance, disrupt or redirect network traffic. The security hole can only be exploited if remote management using the Remote Management and Control Protocol (RMCP) over the RMCP Security Extensions Protocol (RSP) has been enabled. Broadcom say that the vulnerability affects models BCM5751, BCM5752, BCM5753, BCM5754, BCM5755, BCM5756, BCM5764 and BCM5787 with firmware up to and including v8.04, BCM57760 with firmware up to and including v8.07, and BCM5761 with firmware up to and including v1.24.0.9. As a workaround, the vendor recommends that users disable ASF or restrict the access to the 623/udp and 664/udp management ports to trusted IPs. Updating to the Broadcom NetXtreme 14.0 software release upgrades the firmware to a corrected version. Source:

Communications Sector

58. March 30, Salisbury Daily Times – (Maryland) Ospreys disrupt Public Radio signal. Public Radio Delmarva is experiencing signal disruption as ospreys re-emerge to their prior perching place. The osprey, also known as the sea hawk, has taken flight back to Salisbury University’s campus for spring. The birds and their young are beginning to practice flight from the antenna that connects to Public Radio Delmarva’s signal, creating frequent interruptions for the station and its listeners. Residing on this particular antenna for several years, the birds have augmented the issue more this spring than ever before. Source:

59. March 29, Associated Press – (Florida) Miami-Dade inmates involved in collect call scheme. Inmates at Miami-Dade jails have been charging tens of thousands of dollars in collect calls to unsuspecting victims by forwarding calls from fax lines to friends. Corrections officials say the inmates forward the calls through AT&T from a victim’s fax line to friends and relatives who can accept the call and do not have to pay the bill. Victims include a South Florida federal judge and a Miami Herald columnist. The Alabama-based Global Tel Link has reimbursed customers nearly $200,000 over the last two years. Officials say there is little they can do, since the forwarding is done through AT&T. An AT&T spokeswoman says the company is investigating. Source: