Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, April 6, 2010

Complete DHS Daily Report for April 6, 2010

Daily Report

Top Stories

 According to the Los Angeles Times, South Korea sent a warship to the Indian Ocean on Monday to pursue Somali pirates who hijacked a U.S.-bound, 300,000-ton oil tanker Sunday about 950 miles off the Somali coast.

1. April 5, Los Angeles Times – (International) South Korea warship pursuing oil tanker hijacked by pirates off Somali coast. South Korea sent a warship to the Indian Ocean on Monday to pursue Somali pirates who hijacked a U.S.-bound oil tanker in another brazen assault in shipping lanes hundreds of miles off the Horn of Africa. Korean officials said the hijacked ship, the Samho Dream, is a 300,000-ton tanker, but they gave no indication how much oil was on board when pirates seized the vessel Sunday about 950 miles off the Somali coast. The crew of five Koreans and 19 Filipinos was sailing from Iraq to Louisiana. “The government has dispatched our Cheong-hae naval unit to the waters of the Indian Ocean, where the ship hijacked by Somali pirates is assumed to be,” the Foreign Ministry said in a statement, referring to a destroyer that is part of the nation’s anti-piracy fleet. Source:,0,5809806.story

 The Associated Press reports that Islamist militants unleashed a car bomb and grenade attack against a U.S. consulate in northwestern Pakistan on Monday, killing four people. According to the Press Association, suicide attackers detonated three car bombs Sunday near embassies in Baghdad, killing at least 42 people and wounding more than 200 in back-to-back attacks.

48. April 5, Associated Press – (International) US consulate attacked in northwest Pakistan. Islamist militants unleashed a car bomb and grenade attack against a U.S. consulate in northwestern Pakistan on Monday, killing four people. The multi-pronged strike against the consulate in Peshawar city was the first direct assault on a U.S. mission in the country since 2006. Officials said the four attackers in two vehicles hoped to breach the heavily fortified compound and kill people inside, but they failed to do that and caused only minor damage. They detonated their first suicide vehicle at a checkpoint some 20 meters from the entrance to the consulate, said the Peshawar police chief. The second vehicle, which was carrying a larger amount of explosives, was stopped at another security barrier some 15 meters from the entrance. “The driver had no option, but to detonate the vehicle right there,” he said. The second blast killed two militants wearing suicide vests who were walking ahead of the pickup truck. Some officials and witnesses reported a third or possible fourth explosion. The attackers who fired at the consulate were wearing security uniforms. The four people killed in the attack included three security personnel and one civilian, said the police chief. Two of the security personnel were employed by the consulate, said the embassy. The third was a Pakistani paramilitary soldier, said a police official. The Pakistani interior minister said the Pakistani Taliban claimed responsibility for the attack. Source:

49. April 4, Press Association – (International) Blasts target Baghdad embassies. Suicide attackers have detonated three car bombs near embassies in Baghdad, killing at least 42 people and wounding more than 200 in back-to-back attacks. Authorities say they foiled two other attacks aimed at diplomatic targets. A spokesman for the city’s operations command center said the blasts went off within minutes of each other — one near the Iranian Embassy and two others in an area that houses several embassies, including the Egyptian Consulate, German, and Spanish embassies. The rise in bloodshed after a relative lull deepened fears that insurgents are seizing on the political uncertainty after last month’s close parliamentary elections to sow further instability. TV footage showed civilians outside the Iranian Embassy loading casualties into police vehicles and ambulances. Source:


Banking and Finance Sector

20. April 4, NBC Washington – (Maryland) Illegal skimming device discovered at Rockville ATM. Rockville Police found a skimming device at Wachovia Bank’s automated teller machine on the 1600 block of Rockville Pike in Rockville on April 3. These devices are attached to ATMs to capture bank customers’ card numbers, often working in tandem with a small hidden camera that records the user’s PIN. An alert citizen had reported seeing some sort of skimming device, said police. Police have removed the device and are investigating. The bank has been notified. Police said if anyone used the ATM, check for strange activity on their account and report it to the bank as soon as possible. Source:

21. April 4, Marketwatch – (National) Treasury confirms TARP payments from GM, Hartford. The U.S. Treasury Department on April 2 confirmed $4.4 billion in payments from two companies that received funds from the Troubled Asset Relief Program. Hartford Financial Services Group, Inc. repaid $3.4 billion to repurchase preferred shares, while General Motors Co. repaid $1 billion, a regularly scheduled payment. The Hartford payment was previously reported by the Wall Street Journal. The U.S. Treasury continues to hold warrants to purchase about 52 million shares of Hartford’s stock at an initial exercise price of $9.79 a share. Hartford confirmed on March 31 it does not plan to repurchase the warrants. TARP repayments, including those announced on April 2, total $181 billion, according to Treasury. “Total bank investments of $245 billion in fiscal year 2009 that were initially projected to cost $76 billion are now projected to bring a profit,” Treasury said in a statement. Source:

22. April 3, York Daily Record – (Pennsylvania) AG warns of credit card/debit card scam. The Pennsylvania attorney general is urging state residents to be wary of telephone calls, texts or e-mails that ask for debit or credit card information. The “security alert” messages are supposedly from banks or credit card companies, according to a news release from the attorney general’s office. “The sole purpose of these calls and messages is to convince unwary victims to reveal their account numbers and passwords so that thieves can steal money from their bank accounts or make large purchases with their credit cards,” he said. Anyone who thinks they may have divulged personal information in response to a scam should immediately contact their bank or credit card company to stop any unauthorized withdrawals or charges to their accounts, the attorney general said. Source:

23. April 3, Associated Press – (North Carolina) Bank worker accused of ATM fraud plot. A Bank of America Corp. employee plotted to deploy malicious computer code within the company’s systems so that ATM machines would dispense cash without any record of a transaction, federal prosecutors allege in court documents. The suspect was tasked with maintaining and designing computer systems at the bank, including computers that conducted ATM transactions. Prosecutors in the western district of North Carolina said he sought to use computer code within the company’s protected computers so that the ATMs would make fraudulent disbursements. The suspect was able to obtain more than $5,000 during a seven-month period in 2009, prosecutors allege. The details of the suspect’s case were filed on April 1 in a “bill of information” document, which typically signals that a plea deal is forthcoming. “The fraud here was against the bank,” a spokeswoman with Bank of America said. “The customer accounts were never at risk.” Source:

24. April 2, WESH 2 Orlando – (Florida) Skimming device found on Ocoee ATM. Authorities from across Central Florida are finding signs of identity theft at automated teller machines across Central Florida. The thieves use skimming devices to steal information from debit and credit cards in order to drain money from accounts. The latest device was found attached to an ATM at a Publix Supermarket in Ocoee. Authorities said store employees found the device on April 1. It was attached to the ATM at the store on South Maguire Road. Another device was found on an ATM at a Bank of America in Daytona Beach. Surveillance video showed a person installing the skimming device. Authorities said the world of skimming is expanding. Some phones can now be adapted to read debit and credit cards. Source:

25. April 1, SCMagazine – (International) Guide released to mitigate damage of cyberattacks. Two industry groups on March 31 released a free guide that the authors hope will encourage financial executives within an organization to take the lead role in mitigating cyber-risks. The framework, developed by the Internet Security Alliance (ISA) and the American National Standards Institute (ANSI), comes in response to the White House’s release in May 2009 of the 60-day Cyberspace Policy Review. That report stated that between 2008 and 2009, American business losses due to cyberattacks grew to more than $1 trillion in intellectual property. The new publication, The Financial Management of Cyber Risk: An Implementation Framework for CFOs, helps organizations meet one of the review’s recommendations that monetary value be assigned to cyber-risks and their consequences. One of the main challenges is to make senior executives aware of the impact data theft and other consequences of cyberattacks can have on a company’s bottom line, the president of the ISA told on April 1. Source:

26. April 1, North Lake Tahoe Bonanza – (California) Fake-bearded Fedora bandit bank robber strikes again. The man suspected of robbing three branches of Bank of the West in the region struck again on March 31. The alleged serial bank robber hit the Taylorville Road branch just after 4 p.m., said a Grass Valley police captain. The same man, described as wearing a brown fedora and with a reddish-brown goatee, has been linked to a December robbery of the same branch and at two other Bank of the West branches, in South Lake Tahoe and Kings Beach.


Information Technology

57. April 5, The H Security – (International) New version of Foxit closes executable security hole. Responding to the exploit developed by a PDF security specialist, Foxit has closed the pertinent security hole with the new version of Foxit Reader. The code, which is only available as a demo(direct download) version, exploits the ability of PDF readers to trigger the execution of non-PDF code, as described in the PDF specification. In previous versions of Foxit Reader, this process was started without giving users any warning. Adobe has so far not responded to the exploit. However, Acrobat Reader at least issues a warning. As a workaround, users can disable the option “ Allow Opening Of Non-PDF File Attachments With External Applications”. Source:

58. April 5, Reuters – (International) China journalist club shuts website after attack. The Foreign Correspondents Club of China said on April 2 it had shut its website after a burst of hacker attacks, days after attacks on the Yahoo email accounts of some foreign journalists covering China were discovered. “We do not know who is behind the attacks or what their motivation is,” the club’s board said in an emailed statement explaining it had decided to shut down temporarily the site after two days of “persistent” attacks. The club has traced the online assault to IP addresses in both China and the U.S., but added that these machines could have been taken over by hackers in other locations. The hacking was the latest of several recent incidents that have brought to light the Internet vulnerabilities of people or groups whose work may raise hackles in China. Source:

59. April 4, PC Magazine – (International) First iPad jailbreak demoed. A iPhone Dev Team member has released a video showing a rough demo of a jailbreak that’s given him access to the iPad’s software inner workings. While it’s more of a developmental hack than a full-functioning, consumer-grade jailbreak at this point, it’s only matter of time before iPad amateurs will be able to unleash the tweak on their own devices. And, of course, that means third-party application installers like Cydia are but a touch or two away. How does the jailbreak work? The details are unclear. However, since the jailbreak is allegedly based off of a jailbreak for the iPhone called, “Spirit,” written by a developer called Comex, it’s safe to say that the methods used will be similar when the consumer-grade jailbreak is unleashed. Source:,2817,2362241,00.asp

60. April 2, ComputerWorld – (International) Mozilla beats Apple, Microsoft to Pwn2Own patch punch. Mozilla late on April 1 patched a critical Firefox vulnerability used by a German researcher to win $10,000 for hacking the open-source browser at last week’s Pwn2Own contest. In a repeat of 2009, Mozilla was the first browser maker to patch a bug exploited at Pwn2Own. In fact, the company improved on its performance by fixing the newest flaw only eight days after a researcher who works for U.K.-based MWR InfoSecurity hacked Firefox. Last year, Mozilla took 10 days to come up with its Pwn2Own fix. Nils also successfully exploited Firefox at 2009’s contest. This time, the researcher used a memory corruption flaw to hack the browser, Mozilla said in the security advisory that accompanied the update to Firefox 3.6.3. It rated the bug as “critical,” the highest threat ranking in its four-step scoring system. Source:

Communications Sector

61. April 5, Data Center Knowledge – (National) Earthquakes and data centers. The April 4 magnitude 7.2 earthquake in Baja California was felt in large portions of Southern California. It rattled nerves and shook up some equipment as well. “Our data center had servers rolling back and forth on earthquake gliders,” reported the manager at ProtectRite of Encinitas, California (a San Diego suburb) on his Twitter stream. “It was intense รข_¦ All employees working today ran to parking lot. Pictures toppled on desks and server safety systems engaged.” Earthquake gliders? Many data centers use seismic isolation technology to protect racks and servers in the event of a major earthquake. Last year a representative of WorkSafe provided a demonstration of his company’s ISO-Base platforms, which sit under the data center racks and allow them to shift independently of the building during an earthquake, reducing damage. WorkSafe has provided seismic isolation systems at data centers operated by Boeing and local governments in the Pacific Northwest, as well as many facilities in Japan. Source:

62. April 2, IDG News Service – (International) US, Europe, Japan agree on data center efficiency metric. Industry groups and government agencies from the U.S., Europe and Japan have reached a basic agreement on how to measure the energy efficiency of data centers, they are expected to say on April 5. The agreement is seen as significant because it establishes a common metric that different types of data centers, in different parts of the world, can use to report their level of energy efficiency. That could provide a yardstick for companies to assess the efficiency of their own data centers, and also to gauge the effectiveness of energy-saving techniques employed by other facilities. The agreement is unusual for its level of international cooperation. Orchestrated by the Green Grid, an industry consortium in the U.S., the agreement is backed by the U.S. Department of Energy, the U.S. Environmental Protection Agency, the European Union Code of Conduct and the Japan Ministry of Economy, according to a statement from the Green Grid. Source:

63. April 1, Charleston Daily Mail – (West Virginia) Copper theft cuts off telephone service. Nearly 1,400 residents in Mingo and Logan counties were left without telephone service after thieves allegedly cut down service lines in their quest for copper. A Verizon spokesman said the thefts were reported early April 1, with reports from Delbarton in Mingo County coming in at 6 a.m. and reports from Man in Logan County coming in two hours later. He said thieves took copper wiring from both locations but also cut a fiber optic line in Delbarton. The destroyed fiber optic line did not contain copper, but glass. It was repaired April 1. Law enforcement agencies were informed of the incidents and they were working to apprehend the thieves. No arrests have been made. He said repair crews were in the affected areas all day April 1 working to restore telephone service. He said service in Delbarton was to be restored by midnight and that service in Man would be restored sometime April 1. Source: